pam_radius_auth on AIX 5L
Has anyone ever successfully compiled pam_radius_auth on AIX 5L using the default Makefile and options? I have both GCC and CC compilers, and cant seem to get the compile side options correct for this platform. Does anyone have a Makefile they can share for this platform that might help - or instructions on modifying the source files to get it to compile on this platform? Thanks, D __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Questions
Hi, in the users file you can specify an IP address for an user. In the main config file of freeradius you can specify an "IPPOOL" of addresses that freeradius can assign to the users. Regards, Edvin Seferovic -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shark Sent: Donnerstag, 26. Mai 2005 20:30 To: freeradius-users@lists.freeradius.org Subject: Questions hi, how can i add an IP range class to the "users" files pls? thx shark - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Questions
hi, how can i add an IP range class to the "users" files pls? thx shark - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Questions about working with LDAP
Hi, 1. you can define radiusSimultaneousUse value for your users. Please read the faq on www.freeradius.org how to enable SimultaneousUse ( depends on your NAS too .. tipp - radutmp :) ). 2. time counting is done from your accounting database. In your LDAP directory you will have to define a value like monthly_time and map it as an checkItem ( ldap.attrmap ) and use rlm_sqlcounter module. Regards, Edvin Seferovic -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carlos Martínez-Troncoso Cera Sent: Donnerstag, 26. Mai 2005 18:22 To: freeradius-users@lists.freeradius.org Subject: Questions about working with LDAP Hello people. I am a newbie trying to active freeradius 1.0.2 with users in Sun One Directory Server 5.1 (autentication and authorization) and accounting in MySQL. Well I read the docs and my freeradius is talking with LDAP and MySQL and AAA is operating. This works well now. I have 2 questions (there is a lot and old info and I am confussed): 1-How can I control simultaneous logon using LDAP attributes? 2-How can I restrict the time limit in a month (I have my users in LDAP not in MySQL, rlm_sqlcounter doesn´t work for me)? Thanks a lot for your time. Reggards. Carlos. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: users file and User-Password..
Anthony Hinsinger <[EMAIL PROTECTED]> wrote: > Can you explain me what is the problem if you use := operator and for > example a CHAP authentication ? because i imagine the CHAP module use > the password found in the config items list ... ??? no ?? If it works, use it. But the "users" file will be deprecated in later releases, as it's just too confusing. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Questions about working with LDAP
Hello people. I am a newbie trying to active freeradius 1.0.2 with users in Sun One Directory Server 5.1 (autentication and authorization) and accounting in MySQL. Well I read the docs and my freeradius is talking with LDAP and MySQL and AAA is operating. This works well now. I have 2 questions (there is a lot and old info and I am confussed): 1-How can I control simultaneous logon using LDAP attributes? 2-How can I restrict the time limit in a month (I have my users in LDAP not in MySQL, rlm_sqlcounter doesn´t work for me)? Thanks a lot for your time. Reggards. Carlos. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: users file and User-Password..
Can you explain me what is the problem if you use := operator and for example a CHAP authentication ? because i imagine the CHAP module use the password found in the config items list ... ??? no ?? Thanks Anthony Le jeudi 26 mai 2005 à 11:49 -0400, Alan DeKok a écrit : > Anthony Hinsinger <[EMAIL PROTECTED]> wrote: > > userUser-Password == "pass" > > A-Reply-Attribut = value > > Another-Reply-Attribut = another_value > > > > my question is, why == operator ?? > > Because the "users" file is trying to do two different things with > that line. > > > For me the goal of the authorise phase is to put the user password into > > config items list to compare it (using Local auth in authenticate phase > > in this case) with the one provided by the request, so, the := operator > > is enough... > > Until you do CHAP, MS-CHAP, or EAP. > > Alan DeKok. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Anthony Hinsinger <[EMAIL PROTECTED]> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: users file and User-Password..
Anthony Hinsinger <[EMAIL PROTECTED]> wrote: > user User-Password == "pass" > A-Reply-Attribut = value > Another-Reply-Attribut = another_value > > my question is, why == operator ?? Because the "users" file is trying to do two different things with that line. > For me the goal of the authorise phase is to put the user password into > config items list to compare it (using Local auth in authenticate phase > in this case) with the one provided by the request, so, the := operator > is enough... Until you do CHAP, MS-CHAP, or EAP. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
users file and User-Password..
Hello, i've a technical question about the users file and how it deals with User-Password. In a lot of examples (including freeradius provided) we can see this kind of things : userUser-Password == "pass" A-Reply-Attribut = value Another-Reply-Attribut = another_value my question is, why == operator ?? For me the goal of the authorise phase is to put the user password into config items list to compare it (using Local auth in authenticate phase in this case) with the one provided by the request, so, the := operator is enough... With the == (ok, it add the attribut to the config items list too for the authenticate phase...) you've a kind of "double check" .. and the authorise phase takes the look of the authenticate phase. The only reason i can see is this one : if you use :=, you add reply attributs to the reply list even if the request password is bad. thanks for informations, and let me know if i'm wrong :D Anthony. -- Anthony Hinsinger <[EMAIL PROTECTED]> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius with peap/mschapv2 and mysql
"Pico Geyer" <[EMAIL PROTECTED]> wrote: > Is my configuration for dialup-admin wrong? I can't authenticate with > these settings. You should be able to configure dialup_admin to store passwords in clear-text. > Is it possible to store encrypted passwords for mschapv2. It won't work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sequence
Edgars <[EMAIL PROTECTED]> wrote: > in the authentication module, what is happening if i have two sequential > entries - 'sql' and after'file'. What is more prioritized? Only one is chosen. > I'm asking because of i want to have non-plaintext passwords while > keeping in the file or DB. Does this make sense? I'm not sure what you mean by that. > If there is no way then there is a plan to use Kerberos for > authentication and FreeRADIUS for authorization. See rlm_krb5, it's included with the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap attribute, checkItem, and the users file
Alexei Chetroi <[EMAIL PROTECTED]> wrote: > Although I wouldn't mind to have a list of "check items" in addition > to request items, config items and reply items. So authorization modules > puts items to be checked into "check items" list and after proccessing > all modules, radius compares "check items" with "request items". What do > you think about this? No. Each module implements it's own version of "check items". The reason that it doesn't work for the "users" file is that the "users" file gets it wrong. The policy module doesn't. The "check items" you're asking for are the policy scripts you write, to update config/request/reply items. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius with peap/mschapv2 and mysql
Hi all. I'm new to radius configuration so please be patient if I'm missing some basic concept. I using freeradius for authentication with a Linksys wrt54g wireless router. I'm using EAP-PEAP for an outer layer authentication mechanism and mschapv2 for the inner layer authentication. I am able to authenticate if I add a record to the database manually. I add the following to radcheck: |id | Username | Attribute | op | Value | +---+---+---+-+---+ | 1 | Pico | User-Password | == | password | But when I use dialup admin to add a user it looks like this: | 1 | Pico | User-Password | := | $1$GPnOu7n6$iKJBzyJJAD.HUzixId.et0 | Is my configuration for dialup-admin wrong? I can't authenticate with these settings. Is it possible to store encrypted passwords for mschapv2. I've tried the following encrypted password in radcheck, but authentication still fails: | 2 | Pico | User-Password | == | $1$ZYhNe17F$5jVge2L.y23jbdSpjmD0L1 | Thanks in advance. Pico - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sequence
in the authentication module, what is happening if i have two sequential entries - 'sql' and after'file'. What is more prioritized? I'm asking because of i want to have non-plaintext passwords while keeping in the file or DB. Does this make sense? If there is no way then there is a plan to use Kerberos for authentication and FreeRADIUS for authorization. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap attribute, checkItem, and the users file
On Tue, May 24, 2005 at 02:00:28PM -0400, Chris Carver wrote:
> Date: Tue, 24 May 2005 14:00:28 -0400
> From: Chris Carver <[EMAIL PROTECTED]>
> Subject: Re: ldap attribute, checkItem, and the users file
>
> Kostas Kalevras wrote:
[snip]
> >The users file will only check attributes in the request, not in the
> >check item list. So the above won't work. You can try using the policy
> >module:
> >
> >if ("%{check:redirectPort80}" == "true") {
> >reply .= {
> >Framed-Route = "0.0.0.0/0 205.247.236.1/32 1"
> >}
> >}
>
>
> Thank you for the reply! The logic I see there should definitely work,
> but I'm still a bit confused. I did some research and I'm having any
> trouble finding mention of the policy module you mention. Although
> doc/variables.txt was very helpful, it doesn't show any use of an if
> statement and I'm not sure in what configuration file(s) such a piece of
> code would be acceptable. Where would I put the lines you mentioned
> above? Sorry if I'm making a silly mistake or overlooking something.
I see there no policy module in freeradius version 1.0.2, but there's
one in CVS HEAD.
Although I wouldn't mind to have a list of "check items" in addition
to request items, config items and reply items. So authorization modules
puts items to be checked into "check items" list and after proccessing
all modules, radius compares "check items" with "request items". What do
you think about this?
Best wishes
--
Alexei Chetroi
Smile... Tomorrow will be worse. (c) Murphy's Law
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Authorization problem
Thank you for the reply, it was for a debug purpose. I think I found an explanation to the behaviour: When the AVP Framed-Protocol is present, Freeradius implicitly put the AVP Service-Type to the Framed value, even if the client doesn't send it (verified with Ethereal) > -Message d'origine- > De : [EMAIL PROTECTED] [mailto:freeradius-users- > [EMAIL PROTECTED] De la part de Alan DeKok > Envoyé : mercredi 25 mai 2005 19:52 > À : freeradius-users@lists.freeradius.org > Objet : Re: Authorization problem > > "Miguel Sennoun" <[EMAIL PROTECTED]> wrote: > > DEFAULT Auth-Type := Reject, Service-Type !* 2 > > The !* operator ignores any value you give it. > > > You can understand I would like to accept only users who have the > attributes > > : > > > > Service-Type present and equal to 2 > > Why not just use 'Service-Type == 2"? > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius compile problem
dear all, please hep me, how to fix it... my configure : ./configure --prefix=/usr/local/freeradius --disable-ltdl-install --with-ltdl-lib=/usr/lib --with-ltdl-include=/usr/include --with-large-files --with-experimental-modules --with-udpfromto then #make bla-bla-bla. bla-bla-bla *** Warning: Linking the shared library rlm_perl.la against the *** static library /usr/lib/perl/5.8/auto/DynaLoader/DynaLoader.a is not portable! rm -fr .libs/rlm_perl.la .libs/rlm_perl.* .libs/rlm_perl-1.0.2.* gcc -shared rlm_perl.lo -L/usr/local/lib /usr/lib/perl/5.8/auto/DynaLoader/DynaLoader.a -L/usr/lib/perl/5.8/CORE -lperl -ldl -lm -lpthread -lc -lcrypt -lnsl -lresolv -lpthread -Wl,-E -Wl,-soname -Wl,rlm_perl-1.0.2.so -o .libs/rlm_perl-1.0.2.so /usr/bin/ld: cannot find -lperl collect2: ld returned 1 exit status make[6]: *** [rlm_perl.la] Error 1 make[6]: Leaving directory `/usr/local/src/freeradius-1.0.2/src/modules/rlm_perl' make[5]: *** [common] Error 1 make[5]: Leaving directory `/usr/local/src/freeradius-1.0.2/src/modules' make[4]: *** [all] Error 2 make[4]: Leaving directory `/usr/local/src/freeradius-1.0.2/src/modules' make[3]: *** [common] Error 1 make[3]: Leaving directory `/usr/local/src/freeradius-1.0.2/src' make[2]: *** [all] Error 2 make[2]: Leaving directory `/usr/local/src/freeradius-1.0.2/src' make[1]: *** [common] Error 1 make[1]: Leaving directory `/usr/local/src/freeradius-1.0.2' make: *** [all] Error 2 thanks for your help. regards, iwan __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
