Re: Rejecting auth requests
Hi, But wouldn't that require using the users file instead of MySQL? Can the radcheck table be used in the same way? What I mean is, can a user have multiple entries within the table? At the moment we just have a single entry for each user: ++---+---++---+ | id | UserName | Attribute | op | Value | ++---+---++---+ | 1 | [EMAIL PROTECTED] | Password | == | test | ++---+---++---+ But would this accomplish the same as using the users file: ++---+---++---+ | id | UserName | Attribute | op | Value | ++---+---++---+ | 1 | [EMAIL PROTECTED] | Password | == | test | | 2 | [EMAIL PROTECTED] | Auth-Type | := | Reject| ++---+---++---+ I'm not going to be able to actually try this for myself until Monday, but any advice in advance would be greatly appreciated. Kind regards, Tim O'Donovan Joe Maimon wrote: Tim O'Donovan wrote: Hi, Does anyone know of a simple way to invoke an Access-Reject for a user at the authenticate stage? Without changing the stored password. I have tried altering the 'op' to != and all manner of other combinations from within the rad_check table without success. We would just like to be able to ban/unban a user with a single SQL update statement. in the users file, setting a check item like this userAuth-Type := Reject Seems to do the job. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius/PEAP
Alan DeKok wrote: Phil Mayers [EMAIL PROTECTED] wrote: PEAP can have several inner types. One of these is GTC (generic token card) which sends a prompt and asks for a response. I believe the prompt can be password and the response the actual password. How well windows' GTC support works I couldn't tell you, though I know it's there. Windows doesn't support it, so far as I can tell. My mistake - I was convinced I'd seen it. (I suppose it's possible that I had the Cisco wireless card software installed, along with it's supplicant-fiddling extensions.) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Login incorrect
I install FC4 with FreeRadius-1.0.4 and I have Colubris Network CN3000. My Colubris dasn't login (the messages, clients.conf and users configurations are below) In the Colubris I put andreabencini password. MESSAGES . . . Sat Oct 15 17:10:10 2005 : Debug: Waking up in 31 seconds... Sat Oct 15 17:10:10 2005 : Debug: Thread 4 got semaphore Sat Oct 15 17:10:10 2005 : Debug: Thread 4 handling request 3, (1 handled so far) Acct-Session-Id = 67de5136 NAS-Port = 0 NAS-Port-Type = Wireless-802.11 User-Name = L005-00076 Calling-Station-Id = 00-02-2D-A6-01-E9 Called-Station-Id = 00-03-52-00-0D-E8 Framed-IP-Address = 10.100.0.37 EAP-Message = 0x02c1002004109013bf17eda858f4a4bcb624e2b5f09e4c3030352d3030303736 State = 0x3fc4e80ba3884fe8c338f3da57f4b36f NAS-Identifier = L005-00076 NAS-IP-Address = 10.100.0.37 Framed-MTU = 1496 Connect-Info = HTTPS Service-Type = Administrative-User Message-Authenticator = 0x92496a7f16273b8a17e589ca0527f580 Sat Oct 15 17:10:10 2005 : Debug: Processing the authorize section of radiusd.conf Sat Oct 15 17:10:10 2005 : Debug: modcall: entering group authorize for request 3 . . . Sat Oct 15 17:10:10 2005 : Debug: rad_check_password: Found Auth-Type EAP Sat Oct 15 17:10:10 2005 : Debug: auth: type EAP Sat Oct 15 17:10:10 2005 : Debug: Processing the authenticate section of radiusd.conf Sat Oct 15 17:10:10 2005 : Debug: modcall: entering group authenticate for request 3 Sat Oct 15 17:10:10 2005 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 3 Sat Oct 15 17:10:10 2005 : Debug: rlm_eap: Request found, released from the list Sat Oct 15 17:10:10 2005 : Debug: rlm_eap: EAP/md5 Sat Oct 15 17:10:10 2005 : Debug: rlm_eap: processing type md5 Sat Oct 15 17:10:10 2005 : Info: rlm_eap_md5: User-Password is required for EAP-MD5 authentication Sat Oct 15 17:10:10 2005 : Debug: rlm_eap: Handler failed in EAP/md5 Sat Oct 15 17:10:10 2005 : Debug: rlm_eap: Failed in EAP select Sat Oct 15 17:10:10 2005 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 3 Sat Oct 15 17:10:10 2005 : Debug: modcall[authenticate]: module eap returns invalid for request 3 Sat Oct 15 17:10:10 2005 : Debug: modcall: group authenticate returns invalid for request 3 Sat Oct 15 17:10:10 2005 : Debug: auth: Failed to validate the user. Sat Oct 15 17:10:10 2005 : Auth: Login incorrect: [L005-00076/no User-Password attribute] (from client miarete-privata port 0 cli 00-02-2D-A6-01-E9) Sat Oct 15 17:10:10 2005 : Debug: Delaying request 3 for 1 seconds Sat Oct 15 17:10:10 2005 : Debug: Finished request 3 Sat Oct 15 17:10:10 2005 : Debug: Going to the next request CLIENTS.CONF client 10.100.0.37 { secret = andreabencini shortname = miarete-privata } USERS L005-0076 User-Password == andreabencini Can you help me thank Andrea - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
auditing / biling users
Hello, Would anyone have an idea on how to record the time the user logs in and more importantly the time the user logs off/disconnects from the system. I would prefer the information to be logged in the radius log file specified in the radiusd.conf. I am using the password/nis file for authentication. Thanks michael _ This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. application/ms-tnef- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Login incorrect
Andrea Bencini [EMAIL PROTECTED] wrote: In the Colubris I put andreabencini password. Did you tell the server that was the correct password? Sat Oct 15 17:10:10 2005 : Info: rlm_eap_md5: User-Password is required for EAP-MD5 authentication Sat Oct 15 17:10:10 2005 : Debug: rlm_eap: Handler failed in EAP/md5 Nope. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Rejecting auth requests
Tim O'Donovan [EMAIL PROTECTED] wrote: But wouldn't that require using the users file instead of MySQL? Can the radcheck table be used in the same way? What I mean is, can a user have multiple entries within the table? Yes. But would this accomplish the same as using the users file: ++---+---++---+ | id | UserName | Attribute | op | Value | ++---+---++---+ | 1 | [EMAIL PROTECTED] | Password | == | test | | 2 | [EMAIL PROTECTED] | Auth-Type | := | Reject | ++---+---++---+ Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Newbie question. Where does Freeradius fit in?
I have done some reading re: radius in general and Freeradius in particular. When should one use radius? I have read that radius is useful when one needs a centralized user/password database. I guess that would be good when one has lots of remote access servers. I have read that radius is good when one needs accounting. We just need a dial in solution for 6 or so users. No accounting is necessary. What are the disadvantages of using a simple ppp solution that authenticates against the /etc/passwd file on a Linux box? We were thinking of using a pci card with 8 modems. Is Freeradius overkill for us or is it a more secure solution? Any advice/links to documentation would be useful. The Freeradius FAQ's don't address this issue. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: clients.conf problem
Try a fresh CVS checkout or tonight's CVS snapshot and see if this corrects your problems. Looks like there was a byte ordering problem when sanitizing the client entry based on the netmask. This would only have affected people with little-endian machines. --Mike Alan DeKok wrote: dev_null [EMAIL PROTECTED] wrote: Strange, I don't know why it won't work to me. Ok. Never mind. Try from a fresh CVS checkout, and don't change anything other than the clients. If it's still a problem, it might be the inet_pton() functions on your system. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How freeradius compile with g++
Hello,Does anyone know how I could compile freeradius in C++ using g++ instead of gcc ?I am not very familiar with the underlying configure mechanism , all i know is to type 'configure' an then 'make' ... I would make chane in Make.inc file where CC= g++ insted of CC= gcc then i got so many error like in radiusd.h file , there r operator is declare as variable , but it is key word in g++? so how can i make freeradius with g++? thanks manoj + 91 - 9881403519 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html