Re: Error -1635
Hi, we are using MSCHAPv2 and CHAP. We want to use EAP/PEAP too. Before upgrading to suse 64 bit this worked fine. After installing the 64 bit version we get the -1635 error. We didn't change anything on edir/nmas/netware. Regards Boert On 6 Feb 2006 at 23:32, Sayantan Bhowmick wrote: > Hi , > Which authentication protocol are you using? If you are using PAP > and want to authenticate against eDirectory there is no need to use > Universal Password. However if you plan to use authentication methods > like CHAP, EAP-MD5, PEAP-MSCHApv2 you will have to use Universal > Password. > The error code is documented here: > http://www.novell.com/documentation/nwec/index.html?page=/documentation/nwec/nwec/data/al29t28.html > > Regards, > -Sayantan > > >>> On Tue, Feb 7, 2006 at 11:22 am, in message > <[EMAIL PROTECTED]>, > [EMAIL PROTECTED] wrote: > > Hello, > > > > we have freeradius 1.0.4- 4 installed on a suse 10.0 64bit box. We > want to > > authenticate with LDAP against Novell edirectory. On suse 10.0 32bit > > > everything > > worked fine. With the 64bit version we get the following error: > "Error > > reading > > Universal Password. Errorcode = - 1635". Universal Password is > already set for > > our > > users. > > What can be wrong? > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error -1635
Hi , Which authentication protocol are you using? If you are using PAP and want to authenticate against eDirectory there is no need to use Universal Password. However if you plan to use authentication methods like CHAP, EAP-MD5, PEAP-MSCHApv2 you will have to use Universal Password. The error code is documented here: http://www.novell.com/documentation/nwec/index.html?page=/documentation/nwec/nwec/data/al29t28.html Regards, -Sayantan >>> On Tue, Feb 7, 2006 at 11:22 am, in message <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote: > Hello, > > we have freeradius 1.0.4- 4 installed on a suse 10.0 64bit box. We want to > authenticate with LDAP against Novell edirectory. On suse 10.0 32bit > everything > worked fine. With the 64bit version we get the following error: "Error > reading > Universal Password. Errorcode = - 1635". Universal Password is already set for > our > users. > What can be wrong? > > Best regards > Hubert > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Error -1635
Hello, we have freeradius 1.0.4-4 installed on a suse 10.0 64bit box. We want to authenticate with LDAP against Novell edirectory. On suse 10.0 32bit everything worked fine. With the 64bit version we get the following error: "Error reading Universal Password. Errorcode = -1635". Universal Password is already set for our users. What can be wrong? Best regards Hubert - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with PPTP and LDAP authentication.
[EMAIL PROTECTED] wrote:
> I've taken out the LDAP section in users - so it's exactly the same as the
> default users file.
>
> ldap is now listed after mschap in authorize {}. Trying again, I get the
> following:
Run the server in debugging mode, as suggested in the README, FAQ,
and INSTALL.
Then, read the output. All of it.
The answer will be in the debug output.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with PPTP and LDAP authentication.
Hi Alan,
I've taken out the LDAP section in users - so it's exactly the same as the default users file.
ldap is now listed after mschap in authorize {}. Trying again, I get the following:
rlm_ldap: user joey authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
Login incorrect: [joey/] (from client vpn-external port 0 cli 165.236.229.162)
Sending Access-Reject of id 113 to x.x.x.x:32792
MS-CHAP-Error = "pE=691 R=1"
Any other sugggestions? Thanks!
On 2/6/06, Alan DeKok <[EMAIL PROTECTED]> wrote:
Joey McDonald <[EMAIL PROTECTED]> wrote:> I'm now storing my password(s) in the ldap directory in plain text. Using> radtest from another machine on the network authenticates from the LDAP
> server just fine. Don't set Auth-Type.> In users I added:>> DEFAULT Auth-Type := LDAP> Fall-Through = 1 Delete that. You don't need it. List "ldap" in "authorize", AFTER "mschap".
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with PPTP and LDAP authentication.
Joey McDonald <[EMAIL PROTECTED]> wrote: > I'm now storing my password(s) in the ldap directory in plain text. Using > radtest from another machine on the network authenticates from the LDAP > server just fine. Don't set Auth-Type. > In users I added: > > DEFAULT Auth-Type := LDAP > Fall-Through = 1 Delete that. You don't need it. List "ldap" in "authorize", AFTER "mschap". Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to kick a logged user
Guy Fraser wrote: > there. I looked into it briefly for Cisco 5248 and determined > that by setting the interface administratively down would boot > the user, then setting it back to up would allow it to accept > access again. The tricky part was matching the user to the > interface so you would kick the right user. We have Ciscos here. You don't need to set the int to down. Just clear the tty. You can use bash and expect to write a script. You will need to find which tty to clear first (also doable via bash/expect/grep/awk). If you use tacacs, you can give a special user rights to only do very specific commands which should limit the liability of having the password in the script. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup-admin problem
Hi, > OK - I think I figured out my problem, although not sure exactly which > correction I did fixed it. However, I am still getting the MySQL Debug > output and was wondering how to get rid of it: > > DEBUG(SQL,MYSQL DRIVER): Query: SELECT groupname FROM usergroup WHERE > username = 'srmiller'; > DEBUG(SQL,MYSQL DRIVER): Query Result: um, debugging is enabled by default. it helps fix things for the new installers. to 'shut it up' you simply edit the admin.conf in the conf/ directorylook for the obvious line: sql_debug: true and comment it out alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with PPTP and LDAP authentication.
Hey gang,
I'm still struggling getting freeradius and LDAP working to
authenticate my PPTP users. I'd really appreciate if one of the guru's
could have a look.
I've wiped my old install and installed a fresh copy of freeradius and all the config files.
Reading the list postings it's clearly best to make as few changes as
posible to the config files. So, the bit's I've changed in radiusd.conf
are as follows:
modules {
ldap {
server = "ldap.mycompany.net"
# identity = "cn=admin,o=My Org,c=UA"
# password = mypass
basedn = "ou=people,dc=mycompany,dc=net"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
password_attribute = userPassword
I uncommented the ldap section under authenticate:
authenticate {
...
Auth-Type LDAP {
ldap
}
Then, I added my client in clients.conf.
In users I added:
DEFAULT Auth-Type := LDAP
Fall-Through = 1
Those are all the changes I've made to the default configurations.
I'm now storing my password(s) in the ldap directory in plain text.
Using radtest from another machine on the network authenticates from
the LDAP server just fine.
Authentication from my PPTP server always gives me the following:
rad_recv: Access-Request packet from host x.x.x.x:32792, id=112, length=149
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "joey"
MS-CHAP-Challenge = 0x0a5f7e5035f0d2306105161cdf7060c4
MS-CHAP2-Response =
0xb600a2aa1bab3836758fcf6e48643de987c93e30dd6e4b9c0b1d9bebde2c68fbab2aa625a5246217a002
Calling-Station-Id = "165.236.229.162"
NAS-Identifier = "pptp"
NAS-Port = 0
rlm_ldap: - authenticate
rlm_ldap: Attribute "User-Password" is required for authentication.
Login incorrect: [joey/] (from client vpn-external port 0 cli 165.236.229.162)
Sending Access-Reject of id 112 to x.x.x.x:32792
What am I doing wrong? Thanks so much!
--joey
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup-admin problem
OK - I think I figured out my problem, although not sure exactly which correction I did fixed it. However, I am still getting the MySQL Debug output and was wondering how to get rid of it: DEBUG(SQL,MYSQL DRIVER): Query: SELECT groupname FROM usergroup WHERE username = 'srmiller'; DEBUG(SQL,MYSQL DRIVER): Query Result: Thanks, Scott Miller - Original Message - From: "Scott Miller" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: Monday, February 06, 2006 10:45 AM Subject: Re: dialup-admin problem Thanks for all the help. I verified that "error_reporting" is set to E_ALL, and have changed "display_errors" to On. Now, when I go to dialup-admin I get the first page fine, but when I click a link, here's the errors it displays: (above link window) Notice: Undefined variable: HTTP_SERVER_VARS in /usr/local/dialup-admin/html/buttons/default/buttons.html.php3 on line 22 - (inside link window - above links) Notice: import_request_variables() [function.import-request-variables]: No prefix specified - possible security hazard in /usr/local/dialup-admin/conf/config.php3 on line 8 Notice: Use of undefined constant general_use_session - assumed 'general_use_session' in /usr/local/dialup-admin/conf/config.php3 on line 61 Notice: Undefined variable: login in /usr/local/dialup-admin/conf/config.php3 on line 66 Notice: Undefined variable: login in /usr/local/dialup-admin/conf/config.php3 on line 69 Notice: Use of undefined constant general_username_mappings_file - assumed 'general_username_mappings_file' in /usr/local/dialup-admin/conf/config.php3 on line 76 Notice: Undefined index: general_username_mappings_file in /usr/local/dialup-admin/conf/config.php3 on line 76 Notice: Use of undefined constant general_use_session - assumed 'general_use_session' in /usr/local/dialup-admin/html/buttons/default/buttons.html.php3 on line 91 - (Right side when I click on "Find User" (all others have alot more "notice" statements:) Notice: import_request_variables() [function.import-request-variables]: No prefix specified - possible security hazard in /usr/local/dialup-admin/conf/config.php3 on line 8 Notice: Use of undefined constant general_use_session - assumed 'general_use_session' in /usr/local/dialup-admin/conf/config.php3 on line 61 Notice: Undefined variable: login in /usr/local/dialup-admin/conf/config.php3 on line 66 Notice: Undefined variable: login in /usr/local/dialup-admin/conf/config.php3 on line 69 Notice: Use of undefined constant general_username_mappings_file - assumed 'general_username_mappings_file' in /usr/local/dialup-admin/conf/config.php3 on line 76 Notice: Undefined index: general_username_mappings_file in /usr/local/dialup-admin/conf/config.php3 on line 76 Notice: Undefined variable: search_IN in /usr/local/dialup-admin/htdocs/find.php3 on line 3 Notice: Undefined variable: radius_attr in /usr/local/dialup-admin/htdocs/find.php3 on line 4 Notice: Undefined variable: max_results in /usr/local/dialup-admin/htdocs/find.php3 on line 5 I was getting permissions errors, but then changed group ownership to "apache" and set the entire directory to "755" Any help with these errors would be appriciated. Thanks, Scott Miller - Original Message - From: "Rich Marriner" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: Tuesday, January 24, 2006 10:05 AM Subject: Re: dialup-admin problem FreeBSD 6.0 Apache 2.2.0 PHP 5.1.1 FreeRadius 1.0.5 Dialup_admin works fine for me. It does appear to be a PHP problem. Look at your apache logs and see what errors you are getting if any. You might want to check the "error_reporting" setting in your php.ini, make sure it is set to E_ALL so you can see what errors are occuring. If this is not a production box you might even want to change "display_errors" to On. This should give you a couple more "hints" on where to go next. Rich Scott Miller wrote: I've found that my problem might be with Apache 2 and PHP 5 - does anyone else have dialup-admin running properly on Apache 2 and PHP 5? I'd hate to think I'd have to downgrade. Thanks, Scott - Original Message - From: "Scott Miller" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: Monday, January 23, 2006 1:03 PM Subject: dialup-admin problem I've installed freeradius 1.1.0, went through all the tests and everything (the tests) seems to be working fine there. My platform is: Fedora Core 4 Sendmail 8.13.4 Apache 2.0.54 MySQL 4.1.16 PHP 5.0.5-2.1 Freeradius 1.1.0 I've also followed the instructions for the dialup-admin, and have run into a problem. When I view servername.com/dialup-admin, I can see the first page just fine, but when I click on any link on the left, the right side just turns white - nothing displays. The "home" link brings me back to the "A web based administration interface for the freeradius radius server " page, but no other links seem
Re: dialup-admin problem
OK - I've figured out my own problem (I think) but not sure exactly what I did - BUT it seems to be working fine. However, how do I get rid of the MySQL Debug output such as: - Original Message - From: "Scott Miller" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: Monday, February 06, 2006 10:45 AM Subject: Re: dialup-admin problem Thanks for all the help. I verified that "error_reporting" is set to E_ALL, and have changed "display_errors" to On. Now, when I go to dialup-admin I get the first page fine, but when I click a link, here's the errors it displays: (above link window) Notice: Undefined variable: HTTP_SERVER_VARS in /usr/local/dialup-admin/html/buttons/default/buttons.html.php3 on line 22 - (inside link window - above links) Notice: import_request_variables() [function.import-request-variables]: No prefix specified - possible security hazard in /usr/local/dialup-admin/conf/config.php3 on line 8 Notice: Use of undefined constant general_use_session - assumed 'general_use_session' in /usr/local/dialup-admin/conf/config.php3 on line 61 Notice: Undefined variable: login in /usr/local/dialup-admin/conf/config.php3 on line 66 Notice: Undefined variable: login in /usr/local/dialup-admin/conf/config.php3 on line 69 Notice: Use of undefined constant general_username_mappings_file - assumed 'general_username_mappings_file' in /usr/local/dialup-admin/conf/config.php3 on line 76 Notice: Undefined index: general_username_mappings_file in /usr/local/dialup-admin/conf/config.php3 on line 76 Notice: Use of undefined constant general_use_session - assumed 'general_use_session' in /usr/local/dialup-admin/html/buttons/default/buttons.html.php3 on line 91 - (Right side when I click on "Find User" (all others have alot more "notice" statements:) Notice: import_request_variables() [function.import-request-variables]: No prefix specified - possible security hazard in /usr/local/dialup-admin/conf/config.php3 on line 8 Notice: Use of undefined constant general_use_session - assumed 'general_use_session' in /usr/local/dialup-admin/conf/config.php3 on line 61 Notice: Undefined variable: login in /usr/local/dialup-admin/conf/config.php3 on line 66 Notice: Undefined variable: login in /usr/local/dialup-admin/conf/config.php3 on line 69 Notice: Use of undefined constant general_username_mappings_file - assumed 'general_username_mappings_file' in /usr/local/dialup-admin/conf/config.php3 on line 76 Notice: Undefined index: general_username_mappings_file in /usr/local/dialup-admin/conf/config.php3 on line 76 Notice: Undefined variable: search_IN in /usr/local/dialup-admin/htdocs/find.php3 on line 3 Notice: Undefined variable: radius_attr in /usr/local/dialup-admin/htdocs/find.php3 on line 4 Notice: Undefined variable: max_results in /usr/local/dialup-admin/htdocs/find.php3 on line 5 I was getting permissions errors, but then changed group ownership to "apache" and set the entire directory to "755" Any help with these errors would be appriciated. Thanks, Scott Miller - Original Message - From: "Rich Marriner" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: Tuesday, January 24, 2006 10:05 AM Subject: Re: dialup-admin problem FreeBSD 6.0 Apache 2.2.0 PHP 5.1.1 FreeRadius 1.0.5 Dialup_admin works fine for me. It does appear to be a PHP problem. Look at your apache logs and see what errors you are getting if any. You might want to check the "error_reporting" setting in your php.ini, make sure it is set to E_ALL so you can see what errors are occuring. If this is not a production box you might even want to change "display_errors" to On. This should give you a couple more "hints" on where to go next. Rich Scott Miller wrote: I've found that my problem might be with Apache 2 and PHP 5 - does anyone else have dialup-admin running properly on Apache 2 and PHP 5? I'd hate to think I'd have to downgrade. Thanks, Scott - Original Message - From: "Scott Miller" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: Monday, January 23, 2006 1:03 PM Subject: dialup-admin problem I've installed freeradius 1.1.0, went through all the tests and everything (the tests) seems to be working fine there. My platform is: Fedora Core 4 Sendmail 8.13.4 Apache 2.0.54 MySQL 4.1.16 PHP 5.0.5-2.1 Freeradius 1.1.0 I've also followed the instructions for the dialup-admin, and have run into a problem. When I view servername.com/dialup-admin, I can see the first page just fine, but when I click on any link on the left, the right side just turns white - nothing displays. The "home" link brings me back to the "A web based administration interface for the freeradius radius server " page, but no other links seem to bring anyting up. Here's what I did: 1. Copied the directory dialup-admin to the /user/local/ directory 2. In /var/www/html I created a simlink /user/local/dialup-
Re: How to kick a logged user
On Mon, 2006-06-02 at 11:47 -0500, Eduardo Bejar wrote: > Hi, > > I´ve been searching a while about how to kick a logged user or force > terminate it´s session. It seems that this has been asked before on the > list, but I didn´t find an answer different from "radius can´t do that". The > only answer that I´ve found is that it´s required an external script for > this. > > Section 4.3 of the Freeradius FAQ mentions a radkill program, but the link > included is dead. And also says "try using SNMP". I haven´t also been able > to find information on how to use SNMP for this, so I ask the list: > > Can anyone post a link to download radkill? > > Or > > Can anyone explain me how to do this with SNMP? > > Or perhaps, > > Can anyone post a procedure to kick a logged user? > > Thanks for your replies, > > Edo It depends entirely on your NAS. Radius is not designed to kick off users. Check the documentation for your NAS. The radkill script was designed to work with Livingston Portmasters and does not work with many other products, but may be a good place to start to build your own. We rarely needed to kick users off, and when we did we just logged into the NAS and booted them from there. I looked into it briefly for Cisco 5248 and determined that by setting the interface administratively down would boot the user, then setting it back to up would allow it to accept access again. The tricky part was matching the user to the interface so you would kick the right user. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FR - Writing Own Queries in sql.conf - Help
Hi Everyone,
I am sending this message at very first time, and I hope that I'll get
response.
My Question is that:
In sql.conf's Authorization section, can I write my own queries and can I
use the result of my own query. For detailed elaboration I will give you
following example:
I want something like that:
authorize_check_query = "SELECT id, UserName, Attribute, Value, op, uid \
FROM ${authcheck_table} \
WHERE Username = '%{SQL-User-Name}' \
ORDER BY id"
in query above I created another field `uid` in my radcheck table and
suppose here I am getting some kind of user-id.
Then I want to use this value in next authorize_reply_query
something like that:
authorize_reply_query = "SELECT id, UserName, Attribute, Value, op \
FROM ${authreply_table} \
WHERE Username = '%{SQL-User-Name}' AND uid=
'%{authorize_check_query[5]}' \
ORDER BY id"
Instead of authorize_check_query I can also use my own query if possible
example
my_own_query = "SELECT uid from mytable where Username='%{SQL-User-Name}'
and then I should be able to use the result of my_own_query. Like
my_own_query[0]; etc etc
I am using:
freeradius-1.0.5
with MySql 5.0
Hope I will get help soon.
Thanks in advance for your time.
Regards
Saeed Ahmed
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and IKEV.2
Priscilla B <[EMAIL PROTECTED]> wrote: > Is Freeradius support the implementation of IKEv.2? Huh? Maybe you mean FreeSWAN? Alan DEKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: client certificate in PEAP or TTLS
"Norbert Grochal" <[EMAIL PROTECTED]> wrote: > Is it possible to force peap to require client's certificates? $ grep -i cert share/dictionary* ATTRIBUTE EAP-TLS-Require-Client-Cert 1019integer DEFAULT EAP-TLS-Require-Client-Cert = yes ... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup-admin problem
Thanks for all the help. I verified that "error_reporting" is set to E_ALL, and have changed "display_errors" to On. Now, when I go to dialup-admin I get the first page fine, but when I click a link, here's the errors it displays: (above link window) Notice: Undefined variable: HTTP_SERVER_VARS in /usr/local/dialup-admin/html/buttons/default/buttons.html.php3 on line 22 - (inside link window - above links) Notice: import_request_variables() [function.import-request-variables]: No prefix specified - possible security hazard in /usr/local/dialup-admin/conf/config.php3 on line 8 Notice: Use of undefined constant general_use_session - assumed 'general_use_session' in /usr/local/dialup-admin/conf/config.php3 on line 61 Notice: Undefined variable: login in /usr/local/dialup-admin/conf/config.php3 on line 66 Notice: Undefined variable: login in /usr/local/dialup-admin/conf/config.php3 on line 69 Notice: Use of undefined constant general_username_mappings_file - assumed 'general_username_mappings_file' in /usr/local/dialup-admin/conf/config.php3 on line 76 Notice: Undefined index: general_username_mappings_file in /usr/local/dialup-admin/conf/config.php3 on line 76 Notice: Use of undefined constant general_use_session - assumed 'general_use_session' in /usr/local/dialup-admin/html/buttons/default/buttons.html.php3 on line 91 - (Right side when I click on "Find User" (all others have alot more "notice" statements:) Notice: import_request_variables() [function.import-request-variables]: No prefix specified - possible security hazard in /usr/local/dialup-admin/conf/config.php3 on line 8 Notice: Use of undefined constant general_use_session - assumed 'general_use_session' in /usr/local/dialup-admin/conf/config.php3 on line 61 Notice: Undefined variable: login in /usr/local/dialup-admin/conf/config.php3 on line 66 Notice: Undefined variable: login in /usr/local/dialup-admin/conf/config.php3 on line 69 Notice: Use of undefined constant general_username_mappings_file - assumed 'general_username_mappings_file' in /usr/local/dialup-admin/conf/config.php3 on line 76 Notice: Undefined index: general_username_mappings_file in /usr/local/dialup-admin/conf/config.php3 on line 76 Notice: Undefined variable: search_IN in /usr/local/dialup-admin/htdocs/find.php3 on line 3 Notice: Undefined variable: radius_attr in /usr/local/dialup-admin/htdocs/find.php3 on line 4 Notice: Undefined variable: max_results in /usr/local/dialup-admin/htdocs/find.php3 on line 5 I was getting permissions errors, but then changed group ownership to "apache" and set the entire directory to "755" Any help with these errors would be appriciated. Thanks, Scott Miller - Original Message - From: "Rich Marriner" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: Tuesday, January 24, 2006 10:05 AM Subject: Re: dialup-admin problem FreeBSD 6.0 Apache 2.2.0 PHP 5.1.1 FreeRadius 1.0.5 Dialup_admin works fine for me. It does appear to be a PHP problem. Look at your apache logs and see what errors you are getting if any. You might want to check the "error_reporting" setting in your php.ini, make sure it is set to E_ALL so you can see what errors are occuring. If this is not a production box you might even want to change "display_errors" to On. This should give you a couple more "hints" on where to go next. Rich Scott Miller wrote: I've found that my problem might be with Apache 2 and PHP 5 - does anyone else have dialup-admin running properly on Apache 2 and PHP 5? I'd hate to think I'd have to downgrade. Thanks, Scott - Original Message - From: "Scott Miller" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: Monday, January 23, 2006 1:03 PM Subject: dialup-admin problem I've installed freeradius 1.1.0, went through all the tests and everything (the tests) seems to be working fine there. My platform is: Fedora Core 4 Sendmail 8.13.4 Apache 2.0.54 MySQL 4.1.16 PHP 5.0.5-2.1 Freeradius 1.1.0 I've also followed the instructions for the dialup-admin, and have run into a problem. When I view servername.com/dialup-admin, I can see the first page just fine, but when I click on any link on the left, the right side just turns white - nothing displays. The "home" link brings me back to the "A web based administration interface for the freeradius radius server " page, but no other links seem to bring anyting up. Here's what I did: 1. Copied the directory dialup-admin to the /user/local/ directory 2. In /var/www/html I created a simlink /user/local/dialup-admin/htdocs named dialup-admin ln -s /usr/local/dialup-admin/htdocs /var/www/html/dialup-admin 3. Edited httpd.conf to the following # Scott Added for freeradius dialup-admin #LoadModule php4_module libexec/libphp4.so #AddModule mod_php4.c AddType application/x-httpd-php .php AddType application/x-httpd-php .php3 I had to c
FR - Writing own queries in sql.conf - help
Hi Everyone,
I am sending this message at very first time, and I hope that I’ll
get response.
My Question is that:
In sql.conf’s Authorization section, can I write my own queries and
can I use the result of my own query. For detailed elaboration I will
give you following example:
I want something like that:
authorize_check_query = "SELECT id, UserName, Attribute, Value, op,
uid \
FROM ${authcheck_table} \
WHERE Username = '%{SQL-User-Name}' \
ORDER BY id"
in query above I created another field `uid` in my radcheck table and
suppose here I am getting some kind of user-id.
Then I want to
use this value in next authorize_reply_query
something like that:
authorize_reply_query = "SELECT id, UserName, Attribute, Value, op \
FROM ${authreply_table} \
WHERE Username = '%{SQL-User-Name}' AND uid=
'%{authorize_check_query[5]}' \
ORDER BY id"
Instead of
authorize_check_query I can also use my own query if possible
example
my_own_query = “SELECT uid from mytable where Username='%{SQL-User-Name}'
and then I should be able to use the result of my_own_query. Like my_own_query[0];
etc etc
I am using:
freeradius-1.0.5
with MySql 5.0
Hope I will get help soon.
Thanks in advance for your time.
Regards
Saeed Ahmed
FR – User; currently Helpless;
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to kick a logged user
On Mon, Feb 06, 2006 at 11:47:38AM -0500, Eduardo Bejar wrote: > > Hi, > > I?ve been searching a while about how to kick a logged user or force > terminate it?s session. It seems that this has been asked before on the > list, but I didn?t find an answer different from "radius can?t do that". The > only answer that I?ve found is that it?s required an external script for > this. > > Section 4.3 of the Freeradius FAQ mentions a radkill program, but the link > included is dead. And also says "try using SNMP". I haven?t also been able > to find information on how to use SNMP for this, so I ask the list: > > Can anyone post a link to download radkill? Here is a link I found on google. This site posts a copy of radkill dated from 2000/04/26: http://slava.parma.ru:8100/Linux-Soft/Billing/radkill/ --johnk > > Or > > Can anyone explain me how to do this with SNMP? > > Or perhaps, > > Can anyone post a procedure to kick a logged user? > > Thanks for your replies, > > Edo > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to kick a logged user
Hi, I´ve been searching a while about how to kick a logged user or force terminate it´s session. It seems that this has been asked before on the list, but I didn´t find an answer different from "radius can´t do that". The only answer that I´ve found is that it´s required an external script for this. Section 4.3 of the Freeradius FAQ mentions a radkill program, but the link included is dead. And also says "try using SNMP". I haven´t also been able to find information on how to use SNMP for this, so I ask the list: Can anyone post a link to download radkill? Or Can anyone explain me how to do this with SNMP? Or perhaps, Can anyone post a procedure to kick a logged user? Thanks for your replies, Edo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Multiple ippools with a singe group problem
Hello list,
I'm using freeradius 1.1.0 with dialup_admin and mysql 5.0.x
I need different ip pools to be accessible only by one name, e.g. :
ippool 1 {
...
}
ippool 2 {
...
}
ippool 3 {
...
}
post-auth {
1
2
3
}
accounting {
1
2
3
...
}
That way it's working if i add a user to one of 1, 2 or 3 pools.
But i need him added to all of the pools. Putting "DEFAULT" won't even
asign ip address.
post-auth {
group all {
1
2
3
}
}
and putting user in pool "all" doesn't work, freeradius says invalid
module "group".
So i generally need all the pools to be accessible like one pool name ;-)
Thanks in advance
--
regards,
Georgi Alexandrov
Key Server = http://pgp.mit.edu/ :: KeyID = 37B4B3EE
Key Fingerprint = E429 BF93 FA67 44E9 B7D4 F89E F990 01C1 37B4 B3EE
signature.asc
Description: OpenPGP digital signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius and IKEV.2
Can someone help me with this? Is Freeradius support the implementation of IKEv.2? If so, where can I find documentation of it? Many thanks Priscilla __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius-1.1.0 - compile error
Using freeradius-1.1.0 version. compile with nothing special other than defining log dir when 'make' receive error like following: gcc -shared rlm_unix.lo cache.lo compat.lo -Wl,--whole-archive /usr/lib/libshadow.a -Wl,--no-whole-archive -lcrypt /usr/lib/libshadow.a -lssl -lcrypto -lnsl -lresolv -lpthread -Wl,-soname -Wl,rlm_unix-1.1.0.so -o .libs/rlm_unix-1.1.0.so /usr/lib/libshadow.a: member /usr/lib/libshadow.a(libmisc.a) in archive is not an object collect2: ld returned 1 exit status gmake[6]: *** [rlm_unix.la] Error 1 Any ideas that can help me to solve this, sorry if my English is bad... i found nothing on the website, Wiki, or Google (only Russian forum post about it). Thanks in advance guys, Jon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: client certificate in PEAP or TTLS
Norbert Grochal wrote: Is it possible to force peap to require client's certificates? I can use PEAP, I can use TLS, but I want to join them together. I know that in PEAP certificates are optional not obligatory, how to make it obligatory? No it is not. Use EAP-TLS. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
client certificate in PEAP or TTLS
Is it possible to force peap to require client's certificates? I can use PEAP, I can use TLS, but I want to join them together. I know that in PEAP certificates are optional not obligatory, how to make it obligatory? Norbert - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
