AW: AW: Obtain IP Address from AD/LDAP
well, i got this: freeradius -X Sending Access-Accept of id 252 to 10.72.33.93:32768 Framed-IP-Address = -1407490193 and the radtest gets an Framed-IP-Address = 255.255.255.255 i recorded with tcpdump that the freeradius sends this: Access Accept (2), id: 0xff, Authenticator: 17a1e40da579e4dbbde5cf54d0987873 Framed IP Address Attribute (8), length: 6, Value: User Selected 0x: everytime there is a negativ value it is send as . so i guess that this is os specific :-( i use freeradius1.1.0-pre0 on intel/debian sarge I think the best way is to open a featurerequest that freeradius converts signed integers to unsigned integers. > -Ursprüngliche Nachricht- > Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Im > Auftrag von Dustin Doris > Gesendet: Dienstag, 11. Januar 2005 18:19 > An: freeradius-users@lists.freeradius.org > Betreff: Re: AW: Obtain IP Address from AD/LDAP > > > I think it should be OK. I just did a basic test with > radclient. Here is what radiusd -X showed me. > > Sending Access-Accept of id 52 to 127.0.0.1:2673 > Framed-IP-Address = -1407490193 > > Here is what radclient showed me. > > Received response ID 52, code 2, length = 26 > Framed-IP-Address = 172.27.103.111 > > What does radiusd -X show you? > > > > On Tue, 11 Jan 2005 [EMAIL PROTECTED] wrote: > > > Next Problem, > > > > MS AD saves the IP Address as signed INT32 so i didnt get an IP > > Address back, some ideas how i can convert such a thing? As > Example: > > 172.27.103.111 is saved as -1407490193 > > > > Markus > > > -Ursprüngliche Nachricht- > > > Von: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] Im > Auftrag von > > > Dustin Doris > > > Gesendet: Montag, 10. Januar 2005 15:08 > > > An: freeradius-users@lists.freeradius.org > > > Betreff: Re: Obtain IP Address from AD/LDAP > > > > > > > > > > > > > Hello and Happy new Year, > > > > > > > > here is my prob, hope someone can help me. > > > > I use freeradius to authenticate users against MS Active > > > > directory. Most of my users obtain their Ips from ippool within > > > radius, but some > > > > should obtain their Address from AD. Who do i get the > > > Address out of > > > > the AD and can assign it to my user? > > > > > > > > Regards > > > > > > > > Markus > > > > > > > > > > Find the ldap attribute in AD with their IP address and netmask. > > > Lets say its msipaddr and msipmask. Edit ldap.attrmap > and point the > > > correct radius attributes to the correct ad ldap attributes. > > > > > > eg > > > > > > replyItem Framed-IP-Address msipaddr > > > replyItem Framed-IP-Netmask msipmask > > > > > > In your ippool configuration, make sure you have the following > > > > > > override = no > > > > > > Restart radius. > > > > > > Now when the user is authorized it will search for reply > items. It > > > will look for msipaddr and msipmask and make those values the > > > framed-ip-address and framed-ip-netmask. The override = no, will > > > tell rlm_ippool not to override those values. So, if those are > > > already set, then rlm_ippool won't give that user an IP. > > > > > > -Dusty Doris > > > > > > - > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: Telnet access via Radius
GC> Hello, GC> Costas Christonis wrote: >> Hi to all, >> i'm trying to set the telnet access to my users through radius and ldap >> server. >> What i did untill now is that everyone tha has the attribute >> "Service-type" with the value "exec-user" can telnet to my cisco >> switches and routers in privilege level 5. >> I insert the attribute "Ciscoavpair" with the value >> "exec:priv-lvl=0" or with the value "exec:privilege-level=0" but >> nothing happens, everyone can telnet to my switches and logon >> privilege level 5. GC> It's called Cisco-AVPair not CiscoAVPair. >> Can anyone help me? >> >> >> >> >> >> >> >> Best regards GC> Best Regards, Yes that's correct but in LDAP the attribut is radiusciscovapair anyway is that right? so i don't think tha the problem is that... Costas A. Christonis Networking & Communications Centre Gallos Campus - University of Crete email: [EMAIL PROTECTED] http://www.ucnet.uoc.gr/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Telnet access via Radius
Hello, Costas Christonis wrote: Hi to all, i'm trying to set the telnet access to my users through radius and ldap server. What i did untill now is that everyone tha has the attribute "Service-type" with the value "exec-user" can telnet to my cisco switches and routers in privilege level 5. I insert the attribute "Ciscoavpair" with the value "exec:priv-lvl=0" or with the value "exec:privilege-level=0" but nothing happens, everyone can telnet to my switches and logon privilege level 5. It's called Cisco-AVPair not CiscoAVPair. Can anyone help me? Best regards Best Regards, -- George Chelidze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Auth and session-timeout based on day of the week and time
Andrew D wrote: Hi there, Sorry, with all the reading I've been doing lately, I been skimming bits and pieces. I just found the bit where its all defined :) Sorry for wasting your time :| Using FR 1.0.1 on linux. I am using the Perl module and everything works fine(including chap), except I can't work out how to restrict based on day and time. Can freeradius restrict login based on day and time, and set the session-timeout so that it ends at the end of the allowed time period, or will I have to get perl to work that out. ie only allow dialin access mon-fri 9-5 Cheers cya Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
post-auth section of radiusd.conf
Hi people. Can anyone give an additional information about how post-auth section of radiusd.conf works, especially about Post-Auth-Type REJECT {} part.
Configuring EAP User attributes
Hi I have configured freeradius to allow EAP-TLS authentication, and would like now to configure EAP User with IPpool, and differents possibles attributes. The only howto I've found has users file very simple (for example jacques): # On no match, the user is denied access."jacques" Auth-Type := EAP Should this attribute be enough ? If yes, how will user have his IP address ? Thanks for answer Jacques.
Telnet access via Radius
Hi to all, i'm trying to set the telnet access to my users through radius and ldap server. What i did untill now is that everyone tha has the attribute "Service-type" with the value "exec-user" can telnet to my cisco switches and routers in privilege level 5. I insert the attribute "Ciscoavpair" with the value "exec:priv-lvl=0" or with the value "exec:privilege-level=0" but nothing happens, everyone can telnet to my switches and logon privilege level 5. Can anyone help me? Best regards Costas A. Christonis Networking & Communications Centre Gallos Campus - University of Crete email: [EMAIL PROTECTED] http://www.ucnet.uoc.gr/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: (no subject)
Try Multi-tech Radius server From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Zhao Yu,SCNB R&D NNA(BJ) Sent: Tuesday, January 11, 2005 5:27 AM To: freeradius-users@lists.freeradius.org Subject: (no subject) Is there any opensource radius server than runs well on Windows 2000.
Auth and session-timeout based on day of the week and time
Hi there, Using FR 1.0.1 on linux. I am using the Perl module and everything works fine(including chap), except I can't work out how to restrict based on day and time. Can freeradius restrict login based on day and time, and set the session-timeout so that it ends at the end of the allowed time period, or will I have to get perl to work that out. ie only allow dialin access mon-fri 9-5 Cheers cya Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Orinoco AP-2500 authentication rejects
> First run in debug (radiusd -X), that should tell you whats wrong. If you > can't figure it out then, post your debug info and relevant config to the > list. > This is what freeradius returns in debug mode rad_recv: Access-Request packet from host 192.168.1.175:1025, id=4, length=141 User-Name = "user2" User-Password = "pass2" NAS-Port = 0 Service-Type = Login-User Acct-Session-Id = "0803" Called-Station-Id = "00-20-A6-49-EB-C2" Calling-Station-Id = "08-00-46-E9-63-60" Nomadix-Logoff-URL = "http://1.1.1.1"; NAS-Identifier = "AP2500" Framed-IP-Address = 10.0.0.14 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "user2", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 0 radius_xlat: 'user2' rlm_sql (sql): sql_set_user escaped user --> 'user2' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'user2' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'user2' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'user2' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'user2' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 modcall[authenticate]: module "unix" returns notfound for request 0 modcall: group authenticate returns notfound for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request Sending Access-Reject of id 4 to 192.168.1.175:1025 Thanks B.Guthrie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP segmentation fault resolved
After digging deeper, I found that if you remove all lidsasl.* libs, and recompile freeradius, I no longer recieve the fault! But no I am seeing rlm_ldap x failed protocol error and knowing next to nothing about ldap, I am lost. Is this something that I am screwing up? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius-1.0.1 die randomly
Mensaje citado por Lewis Bergman <[EMAIL PROTECTED]>: > Roger Peña Escobio wrote: > > the enviroment is: > > OS: WhiteBox3 (RHEL3 clone) with all the updates > > freeradius rebuilded from the last SRPM provided by RH (1.0.1-1) (we need > experimental > > modules: sqlcounter) > > > Make sure you are using their rpms for mysql as well. I had problems using > binaries from mysql and the rpms for freeradius. Works great after > recompiling freeradisu from source against the mysql libaries. i'm using their mysql rpms ( from WBEL) but, as i say, i rebuild the freradius srpm because i need to include support for the experimentals module roger -- Nodo central de la red Infomed (http://www.sld.cu) Usuario linux: 97152 (http://counter.li.org) Miembro del grupo de coordinacion de LinuxCuba (http://www.linux.cu) "Whatever you do will be insignificant, but it is very important that you do it." Gandhi -- - Este mensaje fue enviado usando el servicio de correo en web de Infomed http://webmail.sld.cu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius-1.0.1 die randomly
Roger Peña Escobio wrote: the enviroment is: OS: WhiteBox3 (RHEL3 clone) with all the updates freeradius rebuilded from the last SRPM provided by RH (1.0.1-1) (we need experimental modules: sqlcounter) Make sure you are using their rpms for mysql as well. I had problems using binaries from mysql and the rpms for freeradius. Works great after recompiling freeradisu from source against the mysql libaries. -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 325-691-3301 800-299-6962 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius-1.0.1 die randomly
hello folks we are using freeradius since 0.8.x and since 0.9.x we start to use the rml_sql (mysql) module to store the accounting, now we also use the mysql db to store the user so the auth and autz also use the rml_sql module we had problems since the begining with that module, micelaneus problems, but when we switch to version 1.0.0 everything start to work better, good improving and nice work so, what is the problems that we are having ?, well we are trying to identify it, is not easy because it only had been happen 4 times since september (when we start using 1.0.1) very random, yesterday night was the last time. the radius server just stop responding and die, without any anormal log, the process end, if you start it it start and logs as usual but our users can't connect, it doesn't matter how may time you try to restart the services, it never give services, but if you start it in debug mode ( -X ) --to see if anything goes wrong-- and then restart it as usual (without debug because you didn't see anything anormal in debug mode) everything start to function as it supose and our users start to connect. my guest is that it is something related with the rml_sql but it is just a guest. the radius server is a littel busy, we have 3 Cisco AS ( 2 AS5400 a 1 AS5300) that make 720 lines from which between 500 and 600 are use it all the time as i say before, yesterday night our two server die aroung the same time, very extrange the enviroment is: OS: WhiteBox3 (RHEL3 clone) with all the updates freeradius rebuilded from the last SRPM provided by RH (1.0.1-1) (we need experimental modules: sqlcounter) does anybody had this experience ? thanks very much roger PD: i'm apologies because of my bad english -- Nodo central de la red Infomed (http://www.sld.cu) Usuario linux: 97152 (http://counter.li.org) Miembro del grupo de coordinacion de LinuxCuba (http://www.linux.cu) "Whatever you do will be insignificant, but it is very important that you do it." Gandhi -- - Este mensaje fue enviado usando el servicio de correo en web de Infomed http://webmail.sld.cu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: compiling freeradius 1.0.1 in HP-UX 11.11i
"Roberto S. G." <[EMAIL PROTECTED]> wrote: > I've made the ./configure, and while doing "make", it stopped when > processing "freeradius-1.0.1/src/modules/rlm_ldap"... > it seems to have problems compiling ldap libraries (which are *very* > important for my installation)... Can you post the actual error messages? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 8e6 technologies and radius
Terry J Fike Jr <[EMAIL PROTECTED]> wrote: > They use the Class attribute to tell their box what users are being > filtered and how (which filtering ruleset). Huh? That makes zero sense. Anyways, you can configure FreeRADIUS to send any value you want for the Class attribute. See the examples in the "users" file, where it sends reply attributes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Apache2 with mod_auth_radius
I have reviewed the documentation for Apache2 and mod_auth_radius and have couple of questions 1. I am wondering why the mod_auth_radius wants to have AddModule mod_auth_radius.c ? I thought Apache2 no longer uses the AddModule. Would I change the IfModule to mod_auth_radius.so? 2. I am getting an Internal Error 500 when going to a secure directory using .htaccess. Error logs report "configuration error: couldn't check user. No user file ?: /customer". I attempted to remove the .htaccess file and include the .htaccess info in the section under the , but tht did not enforce authentication. Any sugestions? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP and SQL
Is it possible to check passwords against an SQL database and an LDAP database with the same server? If so, how does it work? Does the server wait for one method to fail and then try another? Chris Price Information Facilities Technician Olivet Nazarene University [EMAIL PROTECTED] (815)928-5523 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP segmentation faults
I have allready tried the previous suggestions that I could find on this list, but I still get a segmentation fault when freeradius tries to bind to my ldap server. I see where rlm_ldap and libldap are linked to different locations, and I have installed the src.rpm for fedore core 2 as someone had instucted on a previous post. Any other suggestion? I have also tried to copy libsasl.la to libsasl2.la, that didnt work either. Please help? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup_admin - blank right frames
Hi Kostas, i have install php-mysql! But PhpMyAdmin works... But i check this out! Can you tell me how to check this if enabled? I have webmin (simple web interface) I have install now php-ldap and mod_auth_mysql but same blank page. Thanks, Michel - Original Message - From: "Kostas Kalevras" <[EMAIL PROTECTED]> To: Sent: Tuesday, January 11, 2005 6:46 PM Subject: Re: dialup_admin - blank right frames On Tue, 11 Jan 2005, Michel van Dop wrote: Hi, Thank you for the fast response but i add this in my httpd.conf: AddType application/x-tar .tgz AddType application/x-httpd-php .php AddType application/x-httpd-php .php3 And restart httpd : same blank right sreen! Check that the mysql support in php is actually enabled. That's the most common reason for this kind of behaviour. Michel - Original Message - From: [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Sent: Tuesday, January 11, 2005 5:54 PM Subject: Re: dialup_admin - blank right frames Hi Add to your httpd.conf in the modules after the word in italics? (AddType) the? following: # AddType allows you to add to or override the MIME configuration # file mime.types for specific file types. # AddType? application/x-tar .tgz AddType? application/x-httpd-php .php AddType? application/x-httpd-php .php3 and restart your apache then it will display correctly. I hope this help. Quoting Michel van Dop <[EMAIL PROTECTED]>: > Hi Lewis, > > I have the same problem (blank right screen). > Phpmyadmin works good on this server (httpd)?! > If you start httpd services get you also this error? > > [EMAIL PROTECTED] root]# service httpd restart > Stopping httpd: [ OK ] > Starting httpd: httpd: Could not determine the server's fully qualified > domain name, using 127.0.0.1 for ServerName > [ OK ] > > I dont now about this is a problem. I have two radius server on fedora, one > server work good i see the right page. > But the one server i got the same problems. I try copies config to the > problem httpd server but same problems. > I think i somting forget a rpm? > > Any ideas? > > Michel > > > > > - Original Message - > From: "Lewis Bergman" <[EMAIL PROTECTED]> > To: > Sent: Monday, January 10, 2005 10:01 PM > Subject: dialup_admin - blank right frames > > >> Freeradius 1.0.1 >> Mysql-max-4.1.8 >> Apache 2.0.46 >> PHP 4.2.3 (from rpm) >> register globals On >> Magic Qoutes Off >> >> Most of the right frames come back empty. Technically, they come >> back with some html but no information. No php errors are reported. >> >> To try and find out what is going on I inserted some print >> statements into the user_stats.php3 file. All the statements print >> until I get to the line that has "$start = >> da_sql_escape_string($start);". After that nothing prints. Normally >> I would expect some kind of php error if execution stopped but I >> don't get anything. >> >> I compiled freeradius against 4.1.8-max libs, and headers with the >> standard ./configure && make && make install stuff. >> >> I saw a post from March 2003 about blank right frames likely being a >> directory problem. I have followed the directions and linked the >> dialup_admin/htdocs dir to another dir in my web server's space so I >> don't think that is it. >> >> Any ideas on where to look from here? >> -- Lewis Bergman >> Texas Communications >> 4309 Maple St. >> Abilene, TX 79602-8044 >> 325-691-3301 >> 800-299-6962 >> >> - List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html ARUNA MUHYIDDIN, MONARCH COMMUNICATIONS LIMITED, 2, AGORO ODIYAN STREET, OFF SAKA TINUBU, VICTORIA ISLAND, LAGOS, NIGERIA. 234-8023717175 http://www.monarchng.com/ -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: zero username length using SQL
Thanks Dustin, Yes, the '==' was a typo mistake.. I am sorry for that Well.. when using the users file only.. that works just fine.. and it only gets an accept, when the dialing station is correct.. But when doing sql authentication, I get the error: "Error: rlm_sql (sql): zero length username not permitted" It doesn't even check if the user will be permitted or not when the username field is zero Thanks :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dustin Doris Sent: Tuesday, January 11, 2005 6:41 PM To: freeradius-users Subject: Re: zero username length using SQL > Hi All, > > i am running freeradius 1.0.1 on RHEL 3 runnng well authenticaring > from MySQL > > i want to add a section to let users dialling a certain B number in > without authentication.. so i added the following to the users file: > > DEFAULT Auth-Type := Accept, Called-Station-Id = '555' You need to use == as a check item. DEFAULT Called-Station-Id == "555", Auth-Type := Accept Put that at the top of your users file. Also, is 555 the actual called-station-id or is it 555something? If so, use regex in your match. DEFAULT Called-Station-Id =~ "^555*", Auth-Type := Accept If that doesn't work, run radius in debug mode (radiusd -X) and check that called-station-id is actually being sent correctly. If so, paste the debug info if it doesn't tell you why its failing. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius or NAS not disconnecting user
read doc/rlm_sqlcounter specifically check the sql queries that is uses, that will give you an idea of what it is doing. Then try setting it up and run in debug mode so you can see the queries it is sending and the replies its giving back. > > Hi > I am having the same problem but I think the most important thing is > to understand properly how radius accounting works > My problem is that I do not know what the rlm_sqlcounter should exactly do, > after understanding this, making a daemon for my NAS is quite easy > > > >Hi all, > > > >Can someone overthere help out. > > > >I want my either radius or NAS to disconnect user automatically immediately > >after their Daily-Limit is reached. > > > >I used freeradius-0.9.3 + mysql + suse linux 90 with patton 2996 RAS. > > > >I will be glad with any help. > > > >Thank you. > > > >Quoting Egoitz Aguirre <[EMAIL PROTECTED]>: > > > > I have made some tests: > > > > I manage the mysql database using phpmyadmin. > > I have created a new user called test with Max-All-Time of 60 seconds in > > radcheck. > > > > 37 testUser-Password == test > > 45 testAuth-Type := > Local > > 46 testSimultaneous-Use:= 1 > > 51 testService-Type:= > Framed-User > > 52 testMax-All-Session := 60 > > > > I have made the login in with this user and the logout getting the > following > > information in radaact table: > > > > 108 test 24bba53161ef5973 test 127.0.0.10 Ethernet 2005-01-11 > 11:46:04 > > -00-00 00:00:00 0 RADIUS 00 > > Login- > User 0 0 > > 109 test 24bba53161ef5973 test 127.0.0.10 Ethernet 2005-01-11 > 11:46:04 > > 2005-01-11 11:46:33 56 RADIUS 1500 40 > > User-RequestLogin-User 0 0 > > > > I have only spent 29 seconds but radius doesn't let me reconnect with this > > user. > > > > NAS should disconnect users after max time, and radius should avoid o > permit > > the access when time is over or not, is it right ?? > > > > > > > > > >> Hi all, > >> > >> I am expriencing similar problem i.e. my radius does not disconnect users > >> after their daily-limit is exprired. > >> > >> Kindly help on what to doto rectify this. > >> > >> Thank you. > >> RADIUS sends a Session-Timeout (how many seconds the user can stay > online) > >> along with the Access-Accept. Then NAS disconnects the user after this > > time. > >> > >> rlm_sqlcounter will 'calculate' the Session-Timeout to send to the NAS. > >> > >> > >> --- Egoitz Aguirre <[EMAIL PROTECTED]> wrote: > >> > >>> > >>> Ahhh, Thanks I did not understood that very well, in some way this is > >>> logical but what is the part that generates the disconnect signal, the > >>> radius > >>> or the NAT? > >>> Does rlm_sqlcounter module generates timing signals so that NAS > > disconnects > >>> clients or may be is the NAS the one whitch will ask periodically for > >>> accounting > >>> information? > >>> > >>> Egoitz Aguirre > >>> > >>> > >>> >> I'm trying to build a captive portal using m0n0wall freeradius 1.0.1 > > and > >>> >> mysql. It is working properly as users authentication and some > > accounting > >>> >> information is writen in the database, but It does not disconnect > the > >>> users > >>> >> when the time is over (has expired). > >>> > > >>> > FreeRADIUS doesn't disconnect users. The NAS disconnects users. > >>> > > >>> > If the users aren't being disconnected, then fix the NAS. > >>> > > >>> > Alan DeKok. > >>> > > >>> >- > >>> > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > ARUNA MUHYIDDIN, > MONARCH COMMUNICATIONS LIMITED, > 2, AGORO ODIYAN STREET, > OFF SAKA TINUBU, > VICTORIA ISLAND, > LAGOS, > NIGERIA. > 234-8023717175 > http://www.monarchng.com/ > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup_admin - blank right frames
On Tue, 11 Jan 2005, Michel van Dop wrote: Hi, Thank you for the fast response but i add this in my httpd.conf: AddType application/x-tar .tgz AddType application/x-httpd-php .php AddType application/x-httpd-php .php3 And restart httpd : same blank right sreen! Check that the mysql support in php is actually enabled. That's the most common reason for this kind of behaviour. Michel - Original Message - From: [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Sent: Tuesday, January 11, 2005 5:54 PM Subject: Re: dialup_admin - blank right frames Hi Add to your httpd.conf in the modules after the word in italics? (AddType) the? following: # AddType allows you to add to or override the MIME configuration # file mime.types for specific file types. # AddType? application/x-tar .tgz AddType? application/x-httpd-php .php AddType? application/x-httpd-php .php3 and restart your apache then it will display correctly. I hope this help. Quoting Michel van Dop <[EMAIL PROTECTED]>: > Hi Lewis, > > I have the same problem (blank right screen). > Phpmyadmin works good on this server (httpd)?! > If you start httpd services get you also this error? > > [EMAIL PROTECTED] root]# service httpd restart > Stopping httpd: [ OK ] > Starting httpd: httpd: Could not determine the server's fully qualified > domain name, using 127.0.0.1 for ServerName > [ OK ] > > I dont now about this is a problem. I have two radius server on fedora, one > server work good i see the right page. > But the one server i got the same problems. I try copies config to the > problem httpd server but same problems. > I think i somting forget a rpm? > > Any ideas? > > Michel > > > > > - Original Message - > From: "Lewis Bergman" <[EMAIL PROTECTED]> > To: > Sent: Monday, January 10, 2005 10:01 PM > Subject: dialup_admin - blank right frames > > >> Freeradius 1.0.1 >> Mysql-max-4.1.8 >> Apache 2.0.46 >> PHP 4.2.3 (from rpm) >> register globals On >> Magic Qoutes Off >> >> Most of the right frames come back empty. Technically, they come >> back with some html but no information. No php errors are reported. >> >> To try and find out what is going on I inserted some print >> statements into the user_stats.php3 file. All the statements print >> until I get to the line that has "$start = >> da_sql_escape_string($start);". After that nothing prints. Normally >> I would expect some kind of php error if execution stopped but I >> don't get anything. >> >> I compiled freeradius against 4.1.8-max libs, and headers with the >> standard ./configure && make && make install stuff. >> >> I saw a post from March 2003 about blank right frames likely being a >> directory problem. I have followed the directions and linked the >> dialup_admin/htdocs dir to another dir in my web server's space so I >> don't think that is it. >> >> Any ideas on where to look from here? >> -- Lewis Bergman >> Texas Communications >> 4309 Maple St. >> Abilene, TX 79602-8044 >> 325-691-3301 >> 800-299-6962 >> >> - List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html ARUNA MUHYIDDIN, MONARCH COMMUNICATIONS LIMITED, 2, AGORO ODIYAN STREET, OFF SAKA TINUBU, VICTORIA ISLAND, LAGOS, NIGERIA. 234-8023717175 http://www.monarchng.com/ -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Is this possible?
You will need to either use TTLS with PAP or proxy the radius Request to microsoft IAS. Ron Wahler -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, January 11, 2005 10:30 AM To: freeradius-users@lists.freeradius.org Subject: Is this possible? I have a project to enable 802.1x on our HP ProCurve switches. The backend DB will be Active Directory (read disease). The clients will be Windows XP. My project requires: EAP - This comes from the ProCurve as I can use CHAP or EAP, and CHAP will not work. Windows XP workstations - we don't want to have to install certs on each machine. Active Directory integration. I am sure this can be done if I use certificates on the client, but we want to avoid this. Is this possible? If so, can anyone share a working config? Thanks, Mark Capelle - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius or NAS not disconnecting user
Hi I am having the same problem but I think the most important thing is to understand properly how radius accounting works My problem is that I do not know what the rlm_sqlcounter should exactly do, after understanding this, making a daemon for my NAS is quite easy >Hi all, > >Can someone overthere help out. > >I want my either radius or NAS to disconnect user automatically immediately >after their Daily-Limit is reached. > >I used freeradius-0.9.3 + mysql + suse linux 90 with patton 2996 RAS. > >I will be glad with any help. > >Thank you. > >Quoting Egoitz Aguirre <[EMAIL PROTECTED]>: > > I have made some tests: > > I manage the mysql database using phpmyadmin. > I have created a new user called test with Max-All-Time of 60 seconds in > radcheck. > > 37 testUser-Password == test > 45 testAuth-Type := Local > 46 testSimultaneous-Use:= 1 > 51 testService-Type:= Framed-User > 52 testMax-All-Session := 60 > > I have made the login in with this user and the logout getting the following > information in radaact table: > > 108 test 24bba53161ef5973 test 127.0.0.1 0 Ethernet 2005-01-11 11:46:04 > -00-00 00:00:00 0 RADIUS 00Login- User0 0 > 109 test 24bba53161ef5973 test 127.0.0.1 0 Ethernet 2005-01-11 11:46:04 > 2005-01-11 11:46:33 56 RADIUS 1500 40 > User-Request Login-User 0 0 > > I have only spent 29 seconds but radius doesn't let me reconnect with this > user. > > NAS should disconnect users after max time, and radius should avoid o permit > the access when time is over or not, is it right ?? > > > > >> Hi all, >> >> I am expriencing similar problem i.e. my radius does not disconnect users >> after their daily-limit is exprired. >> >> Kindly help on what to doto rectify this. >> >> Thank you. >> RADIUS sends a Session-Timeout (how many seconds the user can stay online) >> along with the Access-Accept. Then NAS disconnects the user after this > time. >> >> rlm_sqlcounter will 'calculate' the Session-Timeout to send to the NAS. >> >> >> --- Egoitz Aguirre <[EMAIL PROTECTED]> wrote: >> >>> >>> Ahhh, Thanks I did not understood that very well, in some way this is >>> logical but what is the part that generates the disconnect signal, the >>> radius >>> or the NAT? >>> Does rlm_sqlcounter module generates timing signals so that NAS > disconnects >>> clients or may be is the NAS the one whitch will ask periodically for >>> accounting >>> information? >>> >>> Egoitz Aguirre >>> >>> >>> >> I'm trying to build a captive portal using m0n0wall freeradius 1.0.1 > and >>> >> mysql. It is working properly as users authentication and some > accounting >>> >> information is writen in the database, but It does not disconnect the >>> users >>> >> when the time is over (has expired). >>> > >>> > FreeRADIUS doesn't disconnect users. The NAS disconnects users. >>> > >>> > If the users aren't being disconnected, then fix the NAS. >>> > >>> > Alan DeKok. >>> > >>> >- >>> > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html ARUNA MUHYIDDIN, MONARCH COMMUNICATIONS LIMITED, 2, AGORO ODIYAN STREET, OFF SAKA TINUBU, VICTORIA ISLAND, LAGOS, NIGERIA. 234-8023717175 http://www.monarchng.com/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Is this possible?
I have a project to enable 802.1x on our HP ProCurve switches. The backend DB will be Active Directory (read disease). The clients will be Windows XP. My project requires: EAP - This comes from the ProCurve as I can use CHAP or EAP, and CHAP will not work. Windows XP workstations - we don't want to have to install certs on each machine. Active Directory integration. I am sure this can be done if I use certificates on the client, but we want to avoid this. Is this possible? If so, can anyone share a working config? Thanks, Mark Capelle - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: AW: Obtain IP Address from AD/LDAP
I think it should be OK. I just did a basic test with radclient. Here is what radiusd -X showed me. Sending Access-Accept of id 52 to 127.0.0.1:2673 Framed-IP-Address = -1407490193 Here is what radclient showed me. Received response ID 52, code 2, length = 26 Framed-IP-Address = 172.27.103.111 What does radiusd -X show you? On Tue, 11 Jan 2005 [EMAIL PROTECTED] wrote: > Next Problem, > > MS AD saves the IP Address as signed INT32 so i didnt get an IP Address back, > some ideas how i can convert such a thing? > As Example: 172.27.103.111 is saved as -1407490193 > > Markus > > -Ursprüngliche Nachricht- > > Von: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Im > > Auftrag von Dustin Doris > > Gesendet: Montag, 10. Januar 2005 15:08 > > An: freeradius-users@lists.freeradius.org > > Betreff: Re: Obtain IP Address from AD/LDAP > > > > > > > > > Hello and Happy new Year, > > > > > > here is my prob, hope someone can help me. > > > I use freeradius to authenticate users against MS Active directory. > > > Most of my users obtain their Ips from ippool within > > radius, but some > > > should obtain their Address from AD. Who do i get the > > Address out of > > > the AD and can assign it to my user? > > > > > > Regards > > > > > > Markus > > > > > > > Find the ldap attribute in AD with their IP address and > > netmask. Lets say its msipaddr and msipmask. Edit > > ldap.attrmap and point the correct radius attributes to the > > correct ad ldap attributes. > > > > eg > > > > replyItem Framed-IP-Address msipaddr > > replyItem Framed-IP-Netmask msipmask > > > > In your ippool configuration, make sure you have the following > > > > override = no > > > > Restart radius. > > > > Now when the user is authorized it will search for reply > > items. It will look for msipaddr and msipmask and make those > > values the framed-ip-address and framed-ip-netmask. The > > override = no, will tell rlm_ippool not to override those > > values. So, if those are already set, then rlm_ippool won't > > give that user an IP. > > > > -Dusty Doris > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius or NAS not disconnecting user
Hi all, Can someone overthere help out. I want my either radius or NAS to disconnect user automatically immediately after their Daily-Limit is reached. I used freeradius-0.9.3 + mysql + suse linux 90 with patton 2996 RAS. I will be glad with any help. Thank you. Quoting Egoitz Aguirre <[EMAIL PROTECTED]>: I have made some tests: I manage the mysql database using phpmyadmin. I have created a new user called test with Max-All-Time of 60 seconds in radcheck. 37 test User-Password == test 45 test Auth-Type := Local 46 test Simultaneous-Use := 1 51 test Service-Type := Framed-User 52 testMax-All-Session := 60 I have made the login in with this user and the logout getting the following information in radaact table: 108 test 24bba53161ef5973 test 127.0.0.1 0 Ethernet 2005-01-11 11:46:04 -00-00 00:00:00 0 RADIUS 00 Login- User 0 0 109 test 24bba53161ef5973 test 127.0.0.1 0 Ethernet 2005-01-11 11:46:04 2005-01-11 11:46:33 56 RADIUS 1500 40 User-RequestLogin-User 0 0 I have only spent 29 seconds but radius doesn't let me reconnect with this user. NAS should disconnect users after max time, and radius should avoid o permit the access when time is over or not, is it right ?? Hi all, I am expriencing similar problem i.e. my radius does not disconnect users after their daily-limit is exprired. Kindly help on what to doto rectify this. Thank you. RADIUS sends a Session-Timeout (how many seconds the user can stay online) along with the Access-Accept. Then NAS disconnects the user after this time. rlm_sqlcounter will 'calculate' the Session-Timeout to send to the NAS. --- Egoitz Aguirre <[EMAIL PROTECTED]> wrote: Ahhh, Thanks I did not understood that very well, in some way this is logical but what is the part that generates the disconnect signal, the radius or the NAT? Does rlm_sqlcounter module generates timing signals so that NAS disconnects clients or may be is the NAS the one whitch will ask periodically for accounting information? Egoitz Aguirre >> I'm trying to build a captive portal using m0n0wall freeradius 1.0.1 and >> mysql. It is working properly as users authentication and some accounting >> information is writen in the database, but It does not disconnect the users >> when the time is over (has expired). > > FreeRADIUS doesn't disconnect users. The NAS disconnects users. > > If the users aren't being disconnected, then fix the NAS. > > Alan DeKok. > >- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ARUNA MUHYIDDIN, MONARCH COMMUNICATIONS LIMITED, 2, AGORO ODIYAN STREET, OFF SAKA TINUBU, VICTORIA ISLAND, LAGOS, NIGERIA. 234-8023717175 http://www.monarchng.com/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup_admin - blank right frames
Hi, Thank you for the fast response but i add this in my httpd.conf: AddType application/x-tar .tgzAddType application/x-httpd-php .phpAddType application/x-httpd-php .php3 And restart httpd : same blank right sreen! Michel - Original Message - From: [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Sent: Tuesday, January 11, 2005 5:54 PM Subject: Re: dialup_admin - blank right frames Hi Add to your httpd.conf in the modules after the word in italics (AddType) the following:# AddType allows you to add to or override the MIME configuration# file mime.types for specific file types.#AddType application/x-tar .tgzAddType application/x-httpd-php .phpAddType application/x-httpd-php .php3and restart your apache then it will display correctly.I hope this help.Quoting Michel van Dop <[EMAIL PROTECTED]>:> Hi Lewis,>> I have the same problem (blank right screen).> Phpmyadmin works good on this server (httpd)?!> If you start httpd services get you also this error?>> [EMAIL PROTECTED] root]# service httpd restart> Stopping httpd: [ OK ]> Starting httpd: httpd: Could not determine the server's fully qualified> domain name, using 127.0.0.1 for ServerName> [ OK ]>> I dont now about this is a problem. I have two radius server on fedora, one> server work good i see the right page.> But the one server i got the same problems. I try copies config to the> problem httpd server but same problems.> I think i somting forget a rpm?>> Any ideas?>> Michel> - Original Message -> From: "Lewis Bergman" <[EMAIL PROTECTED]>> To: > Sent: Monday, January 10, 2005 10:01 PM> Subject: dialup_admin - blank right frames Freeradius 1.0.1>> Mysql-max-4.1.8>> Apache 2.0.46>> PHP 4.2.3 (from rpm)>> register globals On>> Magic Qoutes Off Most of the right frames come back empty. Technically, they come >> back with some html but no information. No php errors are reported. To try and find out what is going on I inserted some print >> statements into the user_stats.php3 file. All the statements print >> until I get to the line that has "$start = >> da_sql_escape_string($start);". After that nothing prints. Normally >> I would expect some kind of php error if execution stopped but I >> don't get anything. I compiled freeradius against 4.1.8-max libs, and headers with the >> standard ./configure && make && make install stuff. I saw a post from March 2003 about blank right frames likely being a >> directory problem. I have followed the directions and linked the >> dialup_admin/htdocs dir to another dir in my web server's space so I >> don't think that is it. Any ideas on where to look from here?>> -- Lewis Bergman>> Texas Communications>> 4309 Maple St.>> Abilene, TX 79602-8044>> 325-691-3301>> 800-299-6962 - List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html>>> -> List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.htmlARUNA MUHYIDDIN,MONARCH COMMUNICATIONS LIMITED,2, AGORO ODIYAN STREET,OFF SAKA TINUBU,VICTORIA ISLAND,LAGOS,NIGERIA.234-8023717175http://www.monarchng.com/
Re: dialup_admin - blank right frames
there is no A after AddType i.e AddType instead of AddtypeA Quoting [EMAIL PROTECTED]: Hi Add to your httpd.conf in the modules after the word in italics (AddType) the following: # AddType allows you to add to or override the MIME configuration # file mime.types for specific file types. # AddType application/x-tar .tgz AddType application/x-httpd-php .php AddType application/x-httpd-php .php3 and restart your apache then it will display correctly. I hope this help. Quoting Michel van Dop : Hi Lewis, I have the same problem (blank right screen). Phpmyadmin works good on this server (httpd)?! If you start httpd services get you also this error? [EMAIL PROTECTED] root]# service httpd restart Stopping httpd: [ OK ] Starting httpd: httpd: Could not determine the server's fully qualified domain name, using 127.0.0.1 for ServerName [ OK ] I dont now about this is a problem. I have two radius server on fedora, one server work good i see the right page. But the one server i got the same problems. I try copies config to the problem httpd server but same problems. I think i somting forget a rpm? Any ideas? Michel - Original Message - From: "Lewis Bergman" To: Sent: Monday, January 10, 2005 10:01 PM Subject: dialup_admin - blank right frames Freeradius 1.0.1 Mysql-max-4.1.8 Apache 2.0.46 PHP 4.2.3 (from rpm) register globals On Magic Qoutes Off Most of the right frames come back empty. Technically, they come back with some html but no information. No php errors are reported. To try and find out what is going on I inserted some print statements into the user_stats.php3 file. All the statements print until I get to the line that has "$start = da_sql_escape_string($start);". After that nothing prints. Normally I would expect some kind of php error if execution stopped but I don't get anything. I compiled freeradius against 4.1.8-max libs, and headers with the standard ./configure && make && make install stuff. I saw a post from March 2003 about blank right frames likely being a directory problem. I have followed the directions and linked the dialup_admin/htdocs dir to another dir in my web server's space so I don't think that is it. Any ideas on where to look from here? -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 325-691-3301 800-299-6962 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ARUNA MUHYIDDIN, MONARCH COMMUNICATIONS LIMITED, 2, AGORO ODIYAN STREET, OFF SAKA TINUBU, VICTORIA ISLAND, LAGOS, NIGERIA. 234-8023717175 http://www.monarchng.com/ ARUNA MUHYIDDIN, MONARCH COMMUNICATIONS LIMITED, 2, AGORO ODIYAN STREET, OFF SAKA TINUBU, VICTORIA ISLAND, LAGOS, NIGERIA. 234-8023717175 http://www.monarchng.com/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius and Hotspot servlet
Hi all, I am trying to get radius, hotspot, and snmp to all work together to allow a user to authenticate to radius through a Mikrotik hotspot, then have radius use snmp to figure out where the request is coming from. I have managed switches so, the snmp walk should not be hard. Here are my questions: Is there a way to have an authentication request trigger a script, passing the user-name as a parameter? And then have the script return a value to radius, then have radius return this value to the hotspot in the form of a value-pair? Part 2. I know this is more of a Mikrotik forums question, but I will post it here just cuz. Is there a general purpose attribute that I can use for a mikrotik, that I can also refer to in the alogin.html page which is served from the hotspot servlet? AtDhVaAnNkCsE. Robert Ulbrich Dynamic Information Systems 1700 George Bush East Ste. 200 College Station, TX 77840 (979) 695-6463
XP SP1 PEAP MSCHAPv2 configuration
Hi folks, I am attempting to configure an Windows XP SP1 client to authenticate with freeRadius, but am not progressing beyond a point where the freeRadius server periodically sends an "Access-Challenge". The other components are a Cisco 1100 access point, and Solaris 8 for the freeRadius server. I have tried numerous combinations of XP client settings and freeRadius "users" file entries. The latest combination is represented with the "radiusd -X" output, and slices of the "users" and eap.conf files. I understand that with PEAP-MSCHAPv2, only a server side certificate is needed. With that in mind, what is required of the client configuration for the options of selecting "Validate Server Certificate" and selecting "Trusted Root Authorities" ? Thank you for any help. John Gauntt XP Client Configuration "enable IEEE 802.1x authentication"-checked EAP type: Protected EAP (PEAP) "Validate server certificate"-checked "Connect to these servers"-checked and identified "Trusted Root Certification Authorities"-none selected Authentication Method: EAP_MSCHAPV2 "When connecting: Automatically use my Windows logon name and password (and domain if any)"-checked "Enable Fast Reconnect"-checked users EI2F-ENDL1\\Tech_Support User-Password == "freeradius" Reply-Message = "Hello, %u", Fall-Through = Yes eap.conf eap { default_eap_type = peap timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no # Supported EAP-types md5 { } # Cisco LEAP # leap { } gtc { #challenge = "Password: " auth_type = PAP } tls { private_key_password = whatever private_key_file = ${raddbdir}/certs/cert-srv.pem certificate_file = ${raddbdir}/certs/cert-srv.pem # Trusted Root CA list CA_file = ${raddbdir}/certs/demoCA/cacert.pem dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random fragment_size = 1024 # include_length = yes # check_crl = yes # check_cert_cn = %{User-Name} } peap { default_eap_type = mschapv2 } mschapv2 { } } radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec:
Re: dialup_admin - blank right frames
HiAdd to your httpd.conf in the modules after the word in italics (AddType) the following:# AddType allows you to add to or override the MIME configuration# file mime.types for specific file types.#AddType application/x-tar .tgzAddType application/x-httpd-php .phpAddType application/x-httpd-php .php3and restart your apache then it will display correctly.I hope this help.Quoting Michel van Dop <[EMAIL PROTECTED]>:> Hi Lewis,>> I have the same problem (blank right screen).> Phpmyadmin works good on this server (httpd)?!> If you start httpd services get you also this error?>> [EMAIL PROTECTED] root]# service httpd restart> Stopping httpd: [ OK ]> Starting httpd: httpd: Could not determine the server's fully qualified> domain name, using 127.0.0.1 for ServerName> [ OK ]>> I dont now about this is a problem. I have two radius server on fedora, one> server work good i see the right page.> But the one server i got the same problems. I try copies config to the> problem httpd server but same problems.> I think i somting forget a rpm?>> Any ideas?>> Michel> - Original Message -> From: "Lewis Bergman" <[EMAIL PROTECTED]>> To: > Sent: Monday, January 10, 2005 10:01 PM> Subject: dialup_admin - blank right frames Freeradius 1.0.1>> Mysql-max-4.1.8>> Apache 2.0.46>> PHP 4.2.3 (from rpm)>> register globals On>> Magic Qoutes Off Most of the right frames come back empty. Technically, they come >> back with some html but no information. No php errors are reported. To try and find out what is going on I inserted some print >> statements into the user_stats.php3 file. All the statements print >> until I get to the line that has "$start = >> da_sql_escape_string($start);". After that nothing prints. Normally >> I would expect some kind of php error if execution stopped but I >> don't get anything. I compiled freeradius against 4.1.8-max libs, and headers with the >> standard ./configure && make && make install stuff. I saw a post from March 2003 about blank right frames likely being a >> directory problem. I have followed the directions and linked the >> dialup_admin/htdocs dir to another dir in my web server's space so I >> don't think that is it. Any ideas on where to look from here?>> -- Lewis Bergman>> Texas Communications>> 4309 Maple St.>> Abilene, TX 79602-8044>> 325-691-3301>> 800-299-6962 - List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html>>> -> List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.htmlARUNA MUHYIDDIN,MONARCH COMMUNICATIONS LIMITED,2, AGORO ODIYAN STREET,OFF SAKA TINUBU,VICTORIA ISLAND,LAGOS,NIGERIA.234-8023717175http://www.monarchng.com/
Re: zero username length using SQL
> Hi All, > > i am running freeradius 1.0.1 on RHEL 3 runnng well authenticaring > from MySQL > > i want to add a section to let users dialling a certain B number in > without authentication.. so i added the following to the users file: > > DEFAULT Auth-Type := Accept, Called-Station-Id = '555' You need to use == as a check item. DEFAULT Called-Station-Id == "555", Auth-Type := Accept Put that at the top of your users file. Also, is 555 the actual called-station-id or is it 555something? If so, use regex in your match. DEFAULT Called-Station-Id =~ "^555*", Auth-Type := Accept If that doesn't work, run radius in debug mode (radiusd -X) and check that called-station-id is actually being sent correctly. If so, paste the debug info if it doesn't tell you why its failing. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup_admin - blank right frames
Hi Lewis, I have the same problem (blank right screen). Phpmyadmin works good on this server (httpd)?! If you start httpd services get you also this error? [EMAIL PROTECTED] root]# service httpd restart Stopping httpd:[ OK ] Starting httpd: httpd: Could not determine the server's fully qualified domain name, using 127.0.0.1 for ServerName [ OK ] I dont now about this is a problem. I have two radius server on fedora, one server work good i see the right page. But the one server i got the same problems. I try copies config to the problem httpd server but same problems. I think i somting forget a rpm? Any ideas? Michel - Original Message - From: "Lewis Bergman" <[EMAIL PROTECTED]> To: Sent: Monday, January 10, 2005 10:01 PM Subject: dialup_admin - blank right frames Freeradius 1.0.1 Mysql-max-4.1.8 Apache 2.0.46 PHP 4.2.3 (from rpm) register globals On Magic Qoutes Off Most of the right frames come back empty. Technically, they come back with some html but no information. No php errors are reported. To try and find out what is going on I inserted some print statements into the user_stats.php3 file. All the statements print until I get to the line that has "$start = da_sql_escape_string($start);". After that nothing prints. Normally I would expect some kind of php error if execution stopped but I don't get anything. I compiled freeradius against 4.1.8-max libs, and headers with the standard ./configure && make && make install stuff. I saw a post from March 2003 about blank right frames likely being a directory problem. I have followed the directions and linked the dialup_admin/htdocs dir to another dir in my web server's space so I don't think that is it. Any ideas on where to look from here? -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 325-691-3301 800-299-6962 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: secondary freeradius server if the first fallback is it possible ?
> hello, > > i'm french and i don't talk very well english. exuse for my mistakes. > > I had installed a FreeRadius Server with realms. > > But, now i would like to install a secondary freeradius if my primary > freeradius fallback. > > For example: if testuser want to auth, and my primary freeradius > didn't respond, i would like to redirect automatically the request to > over freeradius. > > > i have stop my primary freeradius server service (daemons ??) > > I have tested : radtest testuser password localhost auth secret > and the request is not redirect.How and where i have to specify (if the > primary is down , so use the secondary at this adress). Also, i have no > Access point or something like that. My NAS is the same pc. > > Thank you very much for all > I hope you will understand my mail. > You can setup a proxy radius server to sit in front of your two radius servers. You then setup your NAS to contact the proxy server instead of the main radius server or its backup. in proxy.conf, you setup your realms, say your realm is domain.com and then add two entries for it. One is your primary radius server and the other is your secondary. realm domain.com { type= radius authhost= radius1.domain.com:1812 accthost= radius2.domain.com:1813 secret = secret } realm domain.com { type= radius authhost= radius2.domain.com:1812 accthost= radius2.domain.com:1813 secret = secret } In both your main and failover, you need to add the IP of the proxy and its secret to clients.conf. Now, when you NAS sends the radius request to the proxy, it will try to proxy the request to your first server. If it fails, it will mark it dead for a specified time and then send all requests to the failover server. Hope that helps - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radzap in FreeBSD
Maybe you are correct. But when we use radwho -r, we can use the port number we see. I copied the radutmp file to a linux/freeradius test server, and i can zap the user. The problem is in the real server, the server that runs FreeBSD. It seems that radzap does not find the radiusd server, but they are on the same machine. It is not that problem of "port already in use", the release i am using is 0.9.1. thanks, Luiz Gustavo > I don't know if this has anything to do with it but the UTMP > on FreeBSD is slightly different than many other platforms. I > came across these differences a number of years ago, when I was > having problems. The main consequence I came across was that > FreeBSD truncates the nas/port information. > > If radutmp on FreeBSD is using a standard structure on all > platforms rather than the platform standard, this may be a > mute point. > > On Tue, 2005-11-01 at 13:53 +0100, [EMAIL PROTECTED] wrote: >> Luiz Gustavo Anflor Pereira schrieb: >> >> > There is some problem about radzap 0.9.1 in a FreeBSD >> > system? >> > Why it does not zap the users from radutmp? >> >> Because there's a bug in the source code which prevents >> it from working when you're trying to run it on the same server >> on which the server is running - no matter what OS that >> box is using? >> Didn't we have some detailled description of the problem in >> the past weeks? >> >> Regards, >> Stefan >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > -- > Guy Fraser > Network Administrator > The Internet Centre > 1-888-450-6787 > (780)450-6787 > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 8e6 technologies and radius
Interesting, 3COM uses Filter-Id. Is there someplace/anyplace to find a standard? On Mon, 2005-01-10 at 19:53, Terry J Fike Jr wrote: > They use the Class attribute to tell their box what users are being > filtered and how (which filtering ruleset). but it means that either > the nas device has to send the data to it, or i can radrelay it to the > 8e6 box (which is what i'm using for testing at the moment). it also > has the ability (i think) to recieve data like an accounting server and > then forward it to the actual accounting server. > > how do i modify the Access-Accept to send it to the NAS so it can add > this attribute in the accounting packet? I don't remember seeing > anything like that in the readmes or comments in the conf files? (not > to say i couldn't be blind and have totally missed it though) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radzap in FreeBSD
I don't know if this has anything to do with it but the UTMP on FreeBSD is slightly different than many other platforms. I came across these differences a number of years ago, when I was having problems. The main consequence I came across was that FreeBSD truncates the nas/port information. If radutmp on FreeBSD is using a standard structure on all platforms rather than the platform standard, this may be a mute point. On Tue, 2005-11-01 at 13:53 +0100, [EMAIL PROTECTED] wrote: > Luiz Gustavo Anflor Pereira schrieb: > > > There is some problem about radzap 0.9.1 in a FreeBSD > > system? > > Why it does not zap the users from radutmp? > > Because there's a bug in the source code which prevents > it from working when you're trying to run it on the same server > on which the server is running - no matter what OS that > box is using? > Didn't we have some detailled description of the problem in > the past weeks? > > Regards, > Stefan > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Guy Fraser Network Administrator The Internet Centre 1-888-450-6787 (780)450-6787 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radzap in FreeBSD
[EMAIL PROTECTED] wrote: Because there's a bug in the source code which prevents it from working when you're trying to run it on the same server on which the server is running - no matter what OS that box is using? You mentioned "on the same server". I also tried to radzap from a remote server, where no radiusd runs, but wasn't successfull. I made entries of the remote server in the clients.conf and and naslist as usual on the radius and used the command similar to this: remoteserver:~# radzap -r Tue Jan 11 16:19:17 2005 : Info: Starting - reading configuration files ... radzap: zapping termserver x.x.x.x, port xx Entry not found The radutmp-session was not zapped, checked with radwho -ir. Is anybody able to use radzap remotely? Thx Oliver - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
icradius to freeradius with mysql - do I need all the tables...
I'm in need of some advice - I'm playing with a quite old icradius setup and also looking to move to freeradius... In my current MySql structure - I have a master user table (useracct) - containing fields like... | userid | usertype | username | fullname | password | contact | uid | gid | phone | fax | cell | idnum | vat | email | dateadded | datemod | substype | subsperiod | subsrate | billaddr1 | billaddr2 | billaddr3 | billaddr4 | paytype | status | ostatus | agent | maildrop | ip | arpa | company | comments | flag | quota | acctno | | 8248 | T | wduser | Mr A N User | mypass | | 99 | 12 | myyphone | myfax | mymobile | 1234 | 4321 | [EMAIL PROTECTED] | 1998-01-01 00:00:00 | 2001-02-26 13:23:21 | 3 | 12 | 895.00 | Address1 | Address2 | Address3 | Address4 | 1 | 7 | 0 | MyAgent | /var/spool/mail/wduser | 255.255.255.254 | | | | | 0 | MYACCTNO | I then populated tables with appropriate fields from this 'master' data - such as... mysql> select * from radcheck where username='wduser'; | id | UserName | Attribute | Value | | 1 | wduser | Password | mypass | As freeradius has the SQL Query as part of the config file (sql.conf) - rather than rebuilding the seperate tables - would it not be more efficient to alter the 'authorize_check_query' SQL to something like... authorize_check_query = "SELECT id, UserName, 'Password' as Attribute, password as Value, '==' as op FROM useracct WHERE Username = '%{SQL-User-Name}' AND status>2 ORDER BY id" (status>2 would imply the user is paid up - so can get dialup access) ... and do similar things for other SQL lines ie - authorize_group_reply_query is used to provide a static IP (Framed-IP-Address) - if one was allocated - otherwise does nothing... The authorize_group_check_query looks like it will return multiple lines and looks more challenging ... otherwise something similar. ... or is is more efficient to stick bits of my master user table into various tables and have freeradius select from there. Obviously accounting info will be in its own table... -- I also want to be able to host multiple realms in a single database - by authenticating on 'email addresses' (which happen to look like a realm) - so wouldn't do any stripping - anything wrong with this? --- I'm already using the table for e-mail/pop and user administration - be nice to simplify and make the logic of adding/suspending/deleting users more simple... -- . . ___. .__ Posix Systems - Sth Africa. e.164 VOIP ready /| /| / /__ [EMAIL PROTECTED] - Mark J Elkins, Cisco CCIE / |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: secondary freeradius server if the first fallback is itpossible ?
The NAS should have a setting to specify Radius 1 and 2 or similar - if the 1st isn't contactable then it will look to the second. >>> [EMAIL PROTECTED] 11/01/2005 09:47:42 >>> hello, i'm french and i don't talk very well english. exuse for my mistakes. I had installed a FreeRadius Server with realms. But, now i would like to install a secondary freeradius if my primary freeradius fallback. For example: if testuser want to auth, and my primary freeradius didn't respond, i would like to redirect automatically the request to over freeradius. i have stop my primary freeradius server service (daemons ??) I have tested : radtest testuser password localhost auth secret and the request is not redirect.How and where i have to specify (if the primary is down , so use the secondary at this adress). Also, i have no Access point or something like that. My NAS is the same pc. Thank you very much for all I hope you will understand my mail. ___[ Pub ] Envie de discuter gratuitement avec vos amis ? Téléchargez Yahoo! Messenger http://yahoo.ifrance.com _ Envie de discuter gratuitement avec vos amis ? Téléchargez Yahoo! Messenger http://yahoo.ifrance.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
zero username length using SQL
Hi All, i am running freeradius 1.0.1 on RHEL 3 runnng well authenticaring from MySQL i want to add a section to let users dialling a certain B number in without authentication.. so i added the following to the users file: DEFAULT Auth-Type := Accept, Called-Station-Id = '555' so any users calling this number get authenticated without providing a username and password but when using sql authentication, i get the following error message from the log files: Error: rlm_sql (sql): zero length username not permitted any help how to overcome this problem and run both sql and zero length usernames, depending on a certain dialled number? i also added a DEFAULT user to mysql.. which didn't resolve the problem also Thank you Best Regards Ossama -- Ossama Suleiman Systems Engineer TE Data S.A.E Email: [EMAIL PROTECTED] Web: www.tedata.net Phone: +(202)-416-6600, EXT: 1105 "Any Dream worth having, is a dream worth fighting for." - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: What is X-Ascend-Data-Rate Attributes represent?
Xmit is the Upload, and Data-Rate is the Download rates. Just remember, those are given from the Ascend Equipments point of view. > -Original Message- > From: [EMAIL PROTECTED] [mailto:freeradius- > [EMAIL PROTECTED] On Behalf Of Marendra Nutriaji > Sent: Monday, January 10, 2005 8:28 PM > To: Freeradius User > Subject: What is X-Ascend-Data-Rate Attributes represent? > > hi all, > What is X-Ascend-Data-Rate Attributes represents? does it represent > the connection speed of the dial in connection? What's the difference > between attribute Ascend-Xmit-Rate ? > i hope somebody could help me > > Thank you > > Marendra > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
compiling freeradius 1.0.1 in HP-UX 11.11i
hi, I'm trying to compile freeradius 1.0.1 in HP-UX 11.11i. I've previously compile freeradius on a linux, and it all was perfect, but HP-UX seems to be a "little" more tough. I've seen in the web that for hp-ux freeradius "has support, but has not been fully tested", so I assume that I should be able to compile it at least ... I've made the ./configure, and while doing "make", it stopped when processing "freeradius-1.0.1/src/modules/rlm_ldap"... it seems to have problems compiling ldap libraries (which are *very* important for my installation)... I've tried to use "netscape directory server" (which I have installed in this machine) sources, and openldap sources (with CFLAGS="-I..."), but all stopped abruptly while processing ldap.h or lber.h or similar ldap sources/includes. I'll probably try to use a linux machine instead of this hp-ux... anyway, has anybody found problems like these while compiling freeradius ? thanks for your time. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_sqlcounter
I have made some tests: I manage the mysql database using phpmyadmin. I have created a new user called test with Max-All-Time of 60 seconds in radcheck. 37 testUser-Password == test 45 testAuth-Type := Local 46 testSimultaneous-Use:= 1 51 testService-Type:= Framed-User 52 testMax-All-Session := 60 I have made the login in with this user and the logout getting the following information in radaact table: 108 test 24bba53161ef5973 test 127.0.0.10 Ethernet 2005-01-11 11:46:04 -00-00 00:00:00 0 RADIUS 00 Login-User 0 0 109 test 24bba53161ef5973 test 127.0.0.10 Ethernet 2005-01-11 11:46:04 2005-01-11 11:46:33 56 RADIUS 1500 40 User-RequestLogin-User 0 0 I have only spent 29 seconds but radius doesn't let me reconnect with this user. NAS should disconnect users after max time, and radius should avoid o permit the access when time is over or not, is it right ?? >Hi all, > >I am expriencing similar problem i.e. my radius does not disconnect users >after their daily-limit is exprired. > >Kindly help on what to doto rectify this. > >Thank you. > RADIUS sends a Session-Timeout (how many seconds the user can stay online) > along with the Access-Accept. Then NAS disconnects the user after this time. > > rlm_sqlcounter will 'calculate' the Session-Timeout to send to the NAS. > > > --- Egoitz Aguirre <[EMAIL PROTECTED]> wrote: > >> >> Ahhh, Thanks I did not understood that very well, in some way this is >> logical but what is the part that generates the disconnect signal, the >> radius >> or the NAT? >> Does rlm_sqlcounter module generates timing signals so that NAS disconnects >> clients or may be is the NAS the one whitch will ask periodically for >> accounting >> information? >> >> Egoitz Aguirre >> >> >> >> I'm trying to build a captive portal using m0n0wall freeradius 1.0.1 and >> >> mysql. It is working properly as users authentication and some accounting >> >> information is writen in the database, but It does not disconnect the >> users >> >> when the time is over (has expired). >> > >> > FreeRADIUS doesn't disconnect users. The NAS disconnects users. >> > >> > If the users aren't being disconnected, then fix the NAS. >> > >> > Alan DeKok. >> > >> >- >> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radzap in FreeBSD
Luiz Gustavo Anflor Pereira schrieb: > There is some problem about radzap 0.9.1 in a FreeBSD > system? > Why it does not zap the users from radutmp? Because there's a bug in the source code which prevents it from working when you're trying to run it on the same server on which the server is running - no matter what OS that box is using? Didn't we have some detailled description of the problem in the past weeks? Regards, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_sqlcounter
Hi all, I am expriencing similar problem i.e. my radius does not disconnect users after their daily-limit is exprired. Kindly help on what to doto rectify this. Thank you. Quoting Julius Igugu <[EMAIL PROTECTED]>: RADIUS sends a Session-Timeout (how many seconds the user can stay online) along with the Access-Accept. Then NAS disconnects the user after this time. rlm_sqlcounter will 'calculate' the Session-Timeout to send to the NAS. --- Egoitz Aguirre <[EMAIL PROTECTED]> wrote: Ahhh, Thanks I did not understood that very well, in some way this is logical but what is the part that generates the disconnect signal, the radius or the NAT? Does rlm_sqlcounter module generates timing signals so that NAS disconnects clients or may be is the NAS the one whitch will ask periodically for accounting information? Egoitz Aguirre >> I'm trying to build a captive portal using m0n0wall freeradius 1.0.1 and >> mysql. It is working properly as users authentication and some accounting >> information is writen in the database, but It does not disconnect the users >> when the time is over (has expired). > > FreeRADIUS doesn't disconnect users. The NAS disconnects users. > > If the users aren't being disconnected, then fix the NAS. > > Alan DeKok. > >- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html = Julius Igugu SouthWork Co. Ltd. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ARUNA MUHYIDDIN, MONARCH COMMUNICATIONS LIMITED, 2, AGORO ODIYAN STREET, OFF SAKA TINUBU, VICTORIA ISLAND, LAGOS, NIGERIA. 234-8023717175 http://www.monarchng.com/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Primary Radius + Secondary and NAS
I use Radtest ? Ares there anything else to test under linux ? thanks ___[ Pub ] Envie de discuter gratuitement avec vos amis ? Téléchargez Yahoo! Messenger http://yahoo.ifrance.com _ Envie de discuter gratuitement avec vos amis ? Téléchargez Yahoo! Messenger http://yahoo.ifrance.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Feature request: facility to specify alternative name to table nas should be provided
> Facility to specify alternative name to table nas should be provided. it already exists: "nas_table = [INSERT NAME HERE]" - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Primary Radius + Seconadary and NAS
What software are you running on your PC to give the NAS functionality? >>> [EMAIL PROTECTED] 11/01/2005 11:19:21 >>> hello and thank you a lot for your quick reply. i have undersatnd your reply but : is my real NAS can be a PC ? if yes,how to configure a NAS which is a pc ? ( if a nomade machine connect to the network, how it knows where to contact the freeradius, i don't understtand that ..??) can i find some *.conf in order to help me ? how to configure a real nas ? ps: i don't know how to reply to my post. thank you for all ___[ Pub ] Envie de discuter gratuitement avec vos amis ? Téléchargez Yahoo! Messenger http://yahoo.ifrance.com _ Envie de discuter gratuitement avec vos amis ? Téléchargez Yahoo! Messenger http://yahoo.ifrance.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Feature request: facility to specify alternative name to table nas should be provided
Hi Freeradius developers, A request feature in coming version of Freeradius Facility to specify alternative name to table nas should be provided. Amit Gupta
RE: rlm_sqlcounter
RADIUS sends a Session-Timeout (how many seconds the user can stay online) along with the Access-Accept. Then NAS disconnects the user after this time. rlm_sqlcounter will 'calculate' the Session-Timeout to send to the NAS. --- Egoitz Aguirre <[EMAIL PROTECTED]> wrote: > > Ahhh, Thanks I did not understood that very well, in some way this is > logical but what is the part that generates the disconnect signal, the > radius > or the NAT? > Does rlm_sqlcounter module generates timing signals so that NAS disconnects > clients or may be is the NAS the one whitch will ask periodically for > accounting > information? > > Egoitz Aguirre > > > >> I'm trying to build a captive portal using m0n0wall freeradius 1.0.1 and > >> mysql. It is working properly as users authentication and some accounting > >> information is writen in the database, but It does not disconnect the > users > >> when the time is over (has expired). > > > > FreeRADIUS doesn't disconnect users. The NAS disconnects users. > > > > If the users aren't being disconnected, then fix the NAS. > > > > Alan DeKok. > > > >- > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > = Julius Igugu SouthWork Co. Ltd. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Primary Radius + Seconadary and NAS
hello and thank you a lot for your quick reply. i have undersatnd your reply but : is my real NAS can be a PC ? if yes,how to configure a NAS which is a pc ? ( if a nomade machine connect to the network, how it knows where to contact the freeradius, i don't understtand that ..??) can i find some *.conf in order to help me ? how to configure a real nas ? ps: i don't know how to reply to my post. thank you for all ___[ Pub ] Envie de discuter gratuitement avec vos amis ? Téléchargez Yahoo! Messenger http://yahoo.ifrance.com _ Envie de discuter gratuitement avec vos amis ? Téléchargez Yahoo! Messenger http://yahoo.ifrance.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: What is X-Ascend-Data-Rate Attributes represent?
Thank you for the help. What can i do if i want to put those attributes in mysql table? i am little bit confuse with sql.conf format. Thank you Marendra On Tue, 11 Jan 2005 10:40:29 +0100, Oliver Graf <[EMAIL PROTECTED]> wrote: > On Mon, Jan 10, 2005 at 09:27:53PM -0500, Marendra Nutriaji wrote: > > hi all, > > What is X-Ascend-Data-Rate Attributes represents? does it represent > > the connection speed of the dial in connection? What's the difference > > between attribute Ascend-Xmit-Rate ? > > i hope somebody could help me > > My Ascend RADIUS Configuration Guide says: > > Ascend-Data-Rate: > The Ascend-Data-Rate Attribute specifies the receive baud rate of the > connection in bits per second. > > Ascend-Xmit-Rate: > Specifies the transmit baud rate for the connection. > > You can download the manuals from support.lucent.com. > > For example: > https://support.lucent.com/portal/getContentItem.do/Live/Product/max6000/8.0/Manuals_and_Guides/0900940380005f1f.pdf > > Oliver. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius 1.0 and unix style auth.
To make sure I did not break anything I reinstalled it and am using ALL defaults. I am running it on Core 3 and using the normal useradd and passwd to create useres!? arg :\ -Original Message- From: [EMAIL PROTECTED] on behalf of Alan DeKok Sent: Mon 1/10/2005 5:34 PM To: freeradius-users@lists.freeradius.org Cc: Subject: Re: freeradius 1.0 and unix style auth. <>
Re: (no subject)
Zhao Yu,SCNB R&D NNA(BJ) wrote: > Is there any opensource radius server than runs well on Windows 2000. > 你是谁啊? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(no subject)
Is there any opensource radius server than runs well on Windows 2000.
Re: secondary freeradius server if the first fallback is it possible ?
Nans Delrieu wrote: i have stop my primary freeradius server service (daemons ??) I have tested : radtest testuser password localhost auth secret and the request is not redirect.How and where i have to specify (if the primary is down , so use the secondary at this adress). Also, i have no Access point or something like that. My NAS is the same pc. If you use radtest, then radtest plays the NAS. It's up to the NAS to decide to switch over to the fallback server. So if do radtest to your primary and that's down, then do radtest again to your fallback. Actually, you should check your real NAS to configure a second radius server as fallback. If the primary goes down, the NAS will then query the fallback. -- Regards, Thor Spruyt E: [EMAIL PROTECTED] W: www.thor-spruyt.com M: +32 (0)475 67 22 65 Bestel nu uw exemplaar van Operationele verkoop (Walter Spruyt - Liesbeth Huysmans) via www.salesguide.be Ontdek de Telenet Hotspot service op www.telenet.be/hotspots - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
secondary freeradius server if the first fallback is it possible ?
hello, i'm french and i don't talk very well english. exuse for my mistakes. I had installed a FreeRadius Server with realms. But, now i would like to install a secondary freeradius if my primary freeradius fallback. For example: if testuser want to auth, and my primary freeradius didn't respond, i would like to redirect automatically the request to over freeradius. i have stop my primary freeradius server service (daemons ??) I have tested : radtest testuser password localhost auth secret and the request is not redirect.How and where i have to specify (if the primary is down , so use the secondary at this adress). Also, i have no Access point or something like that. My NAS is the same pc. Thank you very much for all I hope you will understand my mail. ___[ Pub ] Envie de discuter gratuitement avec vos amis ? Téléchargez Yahoo! Messenger http://yahoo.ifrance.com _ Envie de discuter gratuitement avec vos amis ? Téléchargez Yahoo! Messenger http://yahoo.ifrance.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: What is X-Ascend-Data-Rate Attributes represent?
On Mon, Jan 10, 2005 at 09:27:53PM -0500, Marendra Nutriaji wrote: > hi all, > What is X-Ascend-Data-Rate Attributes represents? does it represent > the connection speed of the dial in connection? What's the difference > between attribute Ascend-Xmit-Rate ? > i hope somebody could help me My Ascend RADIUS Configuration Guide says: Ascend-Data-Rate: The Ascend-Data-Rate Attribute specifies the receive baud rate of the connection in bits per second. Ascend-Xmit-Rate: Specifies the transmit baud rate for the connection. You can download the manuals from support.lucent.com. For example: https://support.lucent.com/portal/getContentItem.do/Live/Product/max6000/8.0/Manuals_and_Guides/0900940380005f1f.pdf Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS with Active Directory using Certificates
Hi, I am trying to setup FreeRADIUS with Active Directory as the backend using certificates for authentication. I am new to Active Directory and unable to find much information for this scenario. Has anyone tried this out already? Thanks in advance. Anil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_sqlcounter
Ahhh, Thanks I did not understood that very well, in some way this is logical but what is the part that generates the disconnect signal, the radius or the NAT? Does rlm_sqlcounter module generates timing signals so that NAS disconnects clients or may be is the NAS the one whitch will ask periodically for accounting information? Egoitz Aguirre >> I'm trying to build a captive portal using m0n0wall freeradius 1.0.1 and >> mysql. It is working properly as users authentication and some accounting >> information is writen in the database, but It does not disconnect the users >> when the time is over (has expired). > > FreeRADIUS doesn't disconnect users. The NAS disconnects users. > > If the users aren't being disconnected, then fix the NAS. > > Alan DeKok. > >- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: Obtain IP Address from AD/LDAP
Next Problem, MS AD saves the IP Address as signed INT32 so i didnt get an IP Address back, some ideas how i can convert such a thing? As Example: 172.27.103.111 is saved as -1407490193 Markus > -Ursprüngliche Nachricht- > Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Im > Auftrag von Dustin Doris > Gesendet: Montag, 10. Januar 2005 15:08 > An: freeradius-users@lists.freeradius.org > Betreff: Re: Obtain IP Address from AD/LDAP > > > > > Hello and Happy new Year, > > > > here is my prob, hope someone can help me. > > I use freeradius to authenticate users against MS Active directory. > > Most of my users obtain their Ips from ippool within > radius, but some > > should obtain their Address from AD. Who do i get the > Address out of > > the AD and can assign it to my user? > > > > Regards > > > > Markus > > > > Find the ldap attribute in AD with their IP address and > netmask. Lets say its msipaddr and msipmask. Edit > ldap.attrmap and point the correct radius attributes to the > correct ad ldap attributes. > > eg > > replyItem Framed-IP-Address msipaddr > replyItem Framed-IP-Netmask msipmask > > In your ippool configuration, make sure you have the following > > override = no > > Restart radius. > > Now when the user is authorized it will search for reply > items. It will look for msipaddr and msipmask and make those > values the framed-ip-address and framed-ip-netmask. The > override = no, will tell rlm_ippool not to override those > values. So, if those are already set, then rlm_ippool won't > give that user an IP. > > -Dusty Doris > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html