RPM for Mandrake 10.1 - error
Hello, I'm trying to compile a Mandrake 10.1 RPM for Freeradius-1.1.1 using the redhat .specfile, and it gets all the way to the end and then spits out: ln: creating symbolic link `/tmp/freeradius-root/usr/lib/libradius-1.1.1.la' to `libradius.la': No such file or directory It is correct; the /tmp/freeradius-root/usr/lib directory is simply not there. When I look at /tmp/freeradius-root/usr, I see the following: drwxr-xr-x 2 root root 4096 Apr 27 00:12 bin/ -rwxr-xr-x 1 root root 94141 Apr 27 00:12 libradius-1.1.1.so* -rw-r--r-- 1 root root 103052 Apr 27 00:12 libradius.a -rwxr-xr-x 1 root root814 Apr 27 00:12 libradius.la* lrwxrwxrwx 1 root root 18 Apr 27 00:12 libradius.so -> libradius-1.1.1.so* drwxr-xr-x 2 root root 4096 Apr 27 00:12 sbin/ drwxr-xr-x 4 root root 4096 Apr 27 00:12 share/ No ./lib/ directory. Anybody have any ideas that runs Freeradius under Mandrake or might've done this already? Paul - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: prepaid cards
On 4/27/06, Mordor Networks <[EMAIL PROTECTED]> wrote: Hii want to make prepaid system for my dialup users ex: username : 15789546 password 123456How i can make freeradius change the pin code to a valid username in my database ? i use mysql as a backend for my radius ppp/pppoeand dialup adminthank u -List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Well there is something out there called phpmyprepaid which is made for that purpose. I have no experience with it, but maybe you can give it a try.Yves - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
prepaid cards
Hii want to make prepaid system for my dialup users ex: username : 15789546 password 123456How i can make freeradius change the pin code to a valid username in my database ? i use mysql as a backend for my radius ppp/pppoeand dialup adminthank u - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Changes to get tls working at debian
Hi, i downloaded the source of freeradius 1.1.1 and compiled it with default setting which does not include eap-tls support. What do I have to change to get tls-support fpr freeradius on my debian system? Greetings Armin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and SIP-AVP
Helge Waastad <[EMAIL PROTECTED]> wrote: > I was just wondering if it is possible to return an attribute more than > once in a RADIUS reply? Read "man users", which documents exactly how to do that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP TLS authentification
[EMAIL PROTECTED] (Philippe Chataigner) wrote: > After an authentification with a certificate, the user-name who is > return is the common name of the certificate. > How can i do to use another field (subject, email, serial number...) > because some person can have a same common name ? Edit the source code. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Execute scripts
=?Windows-1250?Q?Andrzej_=AFmijewski?= <[EMAIL PROTECTED]> wrote: > I'm new in FreeRadius. I want to make my own log on script which will execute > same bash functions. Is it possible?? read radiusd.conf. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Messenger
sami aa <[EMAIL PROTECTED]> wrote: > I am using freeradius 1.1.1 to authenticate SIP users. Using Windows > Messenger as SIP phone is very important for me. I tested my > servers(Sip proxy and freeradius) with free SIP phones and > everything is OK. But with windows messenger I face some problems. I > think the Function that Windows uses for Digest encription has some > differences with FreeRadius functions (perhaps, I guess). Run the server in debugging mode and post the output to the list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: assign a value to an attribute via a script
"Philippe Bacquaert" <[EMAIL PROTECTED]> wrote: > I'm searching how to use a script to modify the value of an > attribute. See scripts/exec-program-wait for an example. > In my test I try to use a script to assign an IP address to > the Attribute Framed-IP-Address : > Framed-IP-Address = `%{dhcp:/etc/raddb/test %{User-Name} > %{NAS-IP-Address}}` Is that an entry in the "users" file? > I get an error message when I try to start : > ERROR: Cannot find a configuration entry for module > "Framed-IP-Address". Ah. You put the attribute in radiusd.conf. Why? The documentation didn't say to do that, and all of the other examples of setting attributes put them in other files, like the "users" file. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy failure
Axel Seguin <[EMAIL PROTECTED]> wrote: > My Radius sends the request 5 times to the other Radius server and > then gives up marking the server dead (but it is not). Then why isn't it responding? Are there firewall rules that filter out the response or request? > Why is there a "Module-Failure-Message = "rlm_ldap: User not found""? > Of course the user won't be found in the local ldap database since > this realm is supposed to be proxied. Then why did you configure the server to look the user up in LDAP? It doesn't come configured to do that by default, so you must have added that to your local config. > The radius server is obviously looking in the local ldap database > with the unstriped username before proxying this request. Is there > not a way, in case the realm of the username has to be proxied not to > look for it locally in the ldap database fisrt? Yes. See doc/configurable_failover && doc/Autz-Type > If anyone has an idea why i don't get any answer, i would be gratefull. Use 'tcpdump' to see where the packets are going. See if you can run 'radclient" on the same machine as the RADIUS server, and get a response from the other server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS and SIP-AVP
Hi, I was just wondering if it is possible to return an attribute more than once in a RADIUS reply? I.e, for OpenSER I for instance would like to return: SIP-AVP="rpid:1234567" SIP-AVP="voicemail:888" I've tried to use rlm_perl and script to add SIP-AVP more than once, but FreeRADIUS only uses one. br hw -- Helge Waastad Senior Konsulent Smartnet - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius, deb (sid)
Gabor Szelei wrote: > > You might download FreeRADIUS 1.1.1 and build a Debian package > > from sources. > > I've tried, but faild to collect all the needed modules. > Which version of libcrypt is need? Which version of openlls is needed? > Can I find ldap headers from deb ? Is there some page about dependency > requirments? Thanks. You don't need to worry about that, dpkg-buildpackage checks everything for you. Just run the commands written in the FAQ, and it'll be fine. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-TLS Computercertfikate First Request failes second successfull??? DHCP renew after User-Authorisation wount work??
Hi, im still trying to get to work EAP-TLS on my LAN with Computer AND Client Certifikates. OK the certificates work fine now. Here a little scenario of what I did. Freeradius Version out from Debian Stable with TLS Patch (version must be 0.7 or something like that) Kofigured EAP-TLS(working) OpenLDAP as Userbackend to set the VLAN-ID TinyCA generated CA and Certifikates My final state should be that te machine boots up,authenticate with machine zertifikate against freeradius and openldap, getting vlan id from ldap, getting thrown into an default vlan where a dc an dhcp server is present, getting a ip from the subnet of this vlan. Then the User logs onto the domain Reautheticate with User Certifikate, getting new an final VLAN-ID from LDAP for this User, getting thrown into this vlan, requesting for an new IP from DHCP for this VLAN. OK the whole scenario is working with 2 issuses: First time the machine authenticates to freeradius the authentication fails, then it takes nearly 30 seconds till a second reauthentication is invoked and the the machine authentication is successful ???(How can this be??) I read about this should be an issue from XP-Client. How can I solve this??? The second thing is that I have to set this (HKEY_LOCAL_MACHINE\Software\Microsoft\EAPOL\Parameters\General\Global\SupplicantMode) Key to the value of 3 causing XP to reauthentifikate with the User Certifikate again after logon. Otherwise the machine does no reauthentifikation with the usercertificate. My Problem ist that after the Usercertifikate is accepted and the user is thrown into his final vlan no new dhcp request ist invoked??? If I manually reauthentifikate the port over the Switch Administration the Machine requests an new IP from DHCP and all seems to be fine. But I have to do this manually and that issn really practical. Would be nice if anyone has got an idea for my problem? Maybe an newer Freeradius fixes this problems??? Any experiences about that?? Thanks Armin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + ldap
no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (reply_log) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:32825, id=234, length=59 User-Name = "VoisinC" User-Password = "password" NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 radius_xlat: '/var/log/radius/radacct/127.0.0.1/auth-detail-20060426' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/auth-detail-20060426 modcall[authorize]: module "auth_log" returns ok for request 0 modcall[authorize]: module "attr_filter" returns noop for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "VoisinC", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for VoisinC radius_xlat: '(&(objectclass=posixAccount)(uid=VoisinC))' radius_xlat: 'o=crt' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to 10.49.0.101:389, authentication 0 rlm_ldap: bind as cn=adminlp,o=crt/azerty to 10.49.0.101:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in o=crt, with filter (&(objectclass=posixAccount)(uid=VoisinC)) rlm_ldap: Added password password in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding radiusVSA as Symbol-SSID, value CRTguest & op=21 rlm_ldap: Adding userPassword as NT-Password, value password & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: user VoisinC authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 modcall[authenticate]: module "unix" returns notfound for request 0 modcall: group authenticate returns notfound for request 0 auth: Failed to validate the user. Login incorrect: [VoisinC/password] (from client localhost port 1812) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 234 to 127.0.0.1:32825 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 234 with timestamp 444f82d2 Nothing to do. Sleeping until we see a request. *Faites de Yahoo! votre page d'accueil sur le web* pour retrouver directement vos services préférés : vérifiez vos nouveaux mails, lancez vos recherches et suivez l'actualité en temps réel. Cliquez ici <http://us.rd.yahoo.com/mail/mail_taglines/yahoofr/*http://fr.yahoo.com/set>. *Faites de Yahoo! votre page d'accueil sur le web* pour retrouver directement vos services préférés : vérifiez vos nouveaux mails, lancez vos recherches et suivez l'actualité en temps réel. Cliquez ici <http://us.rd.yahoo.com/mail/mail_taglines/yahoofr/*http://fr.yahoo.com/set>. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius, deb (sid)
Hi, >You might download FreeRADIUS 1.1.1 and build a Debian package >from sources. I've tried, but faild to collect all the needed modules. Which version of libcrypt is need? Which version of openlls is needed? Can I find ldap headers from deb ? Is there some page about dependency requirments? Thanks. br, Gabor Szelei - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Re: Use of Service type attribute
=?iso-8859-1?B?Q2FybG9zIFBl8WFmaWVs?= <[EMAIL PROTECTED]> wrote: > I am trying to do something like "amount of quality of service" that a user > have. What does that mean? Im sorry for my English. I want to have a variable (attribute) saying that for each user who has authorization using the network, I want to offer a QoS going outside (to the internet) for him/her. > I have the control over the radius client because I am using a HostAP, but > looking at the documentation and on Google, I cant find a way to solve this. > can you help me a little but more? Edit the source code to the client to look for, and interpret, the new attribute. Re-use an attribute of a similar name, or invent a new one. If the attribure is used only in your local deployment, it doesn't really matter what number you pick. It just has to be a number that goes into a RADIUS packet. Alan DeKok. Ok. Thank you for your time. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxy failure
Hello, I set up FreeRadius in order to proxy certain realm to another Radius server (which is not under my control at all). The shared secret is the same. I put the address of the other Radius server in the proxy.conf file. My Radius sends the request 5 times to the other Radius server and then gives up marking the server dead (but it is not). This is what comes out : Cleaning up request 104 ID 0 with timestamp 444f845d Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.3.1.60:2050, id=0, length=147 User-Name = "[EMAIL PROTECTED]" NAS-IP-Address = 10.3.1.60 Called-Station-Id = "0014bfef3609" Calling-Station-Id = "001124a87bc6" NAS-Identifier = "0014bfef3609" NAS-Port = 21 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x021601746573746963666f4063657363612e6573 Message-Authenticator = 0xb82a0c651648b9bab3d9860388e081db Processing the authorize section of radiusd.conf modcall: entering group authorize for request 105 modcall[authorize]: module "preprocess" returns ok for request 105 radius_xlat: '/usr/local/var/log/radius/radacct/10.3.1.60/auth- detail-20060426' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/ auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/ 10.3.1.60/auth-detail-20060426 modcall[authorize]: module "auth_log" returns ok for request 105 rlm_realm: Looking up realm ".es" for User-Name = "[EMAIL PROTECTED]" rlm_realm: Found realm "DEFAULT" rlm_realm: Proxying request from user test to realm DEFAULT rlm_realm: Adding Realm = "DEFAULT" rlm_realm: Preparing to proxy authentication request to realm "DEFAULT" modcall[authorize]: module "suffix" returns updated for request 105 rlm_eap: Request is supposed to be proxied to Realm DEFAULT. Not doing EAP. modcall[authorize]: module "eap" returns noop for request 105 users: Matched entry DEFAULT at line 161 modcall[authorize]: module "files" returns ok for request 105 rlm_ldap: - authorize rlm_ldap: performing user authorization for [EMAIL PROTECTED] radius_xlat: '([EMAIL PROTECTED])' radius_xlat: 'ou=People, dc=, dc=es' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=People, dc=, dc=es, with filter ([EMAIL PROTECTED]) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 105 modcall: leaving group authorize (returns updated) for request 105 Processing the pre-proxy section of radiusd.conf modcall: entering group pre-proxy for request 105 radius_xlat: '/usr/local/var/log/radius/radacct/10.3.1.60/pre-proxy- detail-20060426' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/ pre-proxy-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/ 10.3.1.60/pre-proxy-detail-20060426 modcall[pre-proxy]: module "pre_proxy_log" returns ok for request 105 modcall: leaving group pre-proxy (returns ok) for request 105 Sending Access-Request of id 12 to aa.bb.cc.dd port 1812 User-Name = "[EMAIL PROTECTED]" NAS-IP-Address = 10.3.1.60 Called-Station-Id = "0014bfef3609" Calling-Station-Id = "001124a87bc6" NAS-Identifier = "0014bfef3609" NAS-Port = 21 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x021601746573746963666f4063657363612e6573 Message-Authenticator = 0x Proxy-State = 0x30 --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.3.1.60:2050, id=0, length=147 Dropping conflicting packet from client APtest:2050 - ID: 0 due to unfinished request 105 --- Walking the entire request list --- Waking up in 2 seconds... --- Walking the entire request list --- Re-sending Access-Request of id 12 to aa.bb.cc.dd port 1812 User-Name = "[EMAIL PROTECTED]" NAS-IP-Address = 10.3.1.60 Called-Station-Id = "0014bfef3609" Calling-Station-Id = "001124a87bc6" NAS-Identifier = "0014bfef3609" NAS-Port = 21 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x021601746573746963666f4063657363612e6573 Message-Authenticator = 0x Client-IP-Address = 10.3.1.60 Realm = "DEFAULT" EAP-Type = Identity Module-Failure-Message = "rlm_ldap: User not found&q
Re: Create and Send attributes
=?iso-8859-1?B?Q2FybG9zIFBl8WFmaWVs?= <[EMAIL PROTECTED]> wrote: > I am trying to do something like "amount of quality of service" that a user > have. What does that mean? > I have the control over the radius client because I am using a HostAP, but > looking at the documentation and on Google, I cant find a way to solve this. > can you help me a little but more? Edit the source code to the client to look for, and interpret, the new attribute. Re-use an attribute of a similar name, or invent a new one. If the attribure is used only in your local deployment, it doesn't really matter what number you pick. It just has to be a number that goes into a RADIUS packet. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Réf. : Freeradius-Users Digest, Vol 12 , Issue 98
"JVUVANT Yahoo" <[EMAIL PROTECTED]> wrote: > But whe I run radiusd -X -A, freeradius doesn't start correctly, ie. log > stop reading at clients file. And what does debugging mode say? What has to be put in the documentation in order to convince people to run the server in debugging mode, and to post the output to the list? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius, deb (sid)
Gabor Szelei <[EMAIL PROTECTED]> wrote: > rlm_eap_tls.so seems to be missing. Does anyone know some debian source > to get it with it? There is no debian package. But you can use the files in debian/ that come with FreeRADIUS to build your own. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Use of Service type attribute
Chandra mohan <[EMAIL PROTECTED]> wrote: > Is it possible to use "Service-Type" attribute for > this purpose, with "Login" value for normal_user and > "Administrative" for admin_user. Please clarify. Yes. To a large extent, your client can interpret the attributes however it wishes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Re: Create and Send attributes
Carlos Peñafiel wrote: > Hello!!! > > I want to send from my radius server several attributes to the client, > but I've been looking at the documenation. I can do that if my > attribute-ID is between 1 and 100 (I guess, maybe is it 256), but also > the documentation says that a new attribute has to have an ID greater > than 3000. > > So, are not "the attributes between 100 (256) and 3000" sent to the > client radius? (I guess, they could be used for local management) If it > is not, how can I create an attribute with id grater that 3000 and send > to the radius client? If you are creating your own attributes, get an IANA enterprise number (either apply for one or re-use one if AND ONLY IF you're certainly it will only be used internally) and use a vendor-specific attribute space. See the dictionary.$vendor files for examples. Alternatively, have a dig in the dictionary files and/or RFCs for an existing attribute that closely matches the purpose. What are you trying to do? Obviously you'll have to have control over the radius client to make it actually use the new attribute. Most will only use attributes they already know about. Hello and thank you to answer so soon. I am trying to do something like "amount of quality of service" that a user have. I have the control over the radius client because I am using a HostAP, but looking at the documentation and on Google, I cant find a way to solve this. can you help me a little but more? Thank you in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius request to DHCP
Hello. There's also another solution. You can execute a shell script that contacts your DHCP server sending the Macaddress. That way, you can give whatever IP address you want. Check a shell called OMAPI in order to interact with the ISC DHCPd. Alan DeKok wrote: "Philippe Bacquaert" <[EMAIL PROTECTED]> wrote: I'm searching how to make freeradius (when receiving a request from a radius client) request itself a dynamic IP address to a dhcp server and write it in the attribute Framed-IP-Address. You write a scipt around dhclient, which might work. Or, use the ISC libdhcp, and integrate that into a FreeRADIUS module. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Atentamente, |Paulo Cabrita, Msc| |Director do Centro de Informática | |da Universidade Autónoma de Lisboa| |Tel: +351-213177635 | |Fax: +351-213533702 | |E-mail: [EMAIL PROTECTED]| - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Réf. : Freeradius-Users Digest, Vol 12, Issue 98
Hi I am using actually freeradius wich work fine for linux box with one if (eth0). I've added another if (eth1) for some applications else. But whe I run radiusd -X -A, freeradius doesn't start correctly, ie. log stop reading at clients file. so My question is how to start freeradius en specific interface (for example eth0). Thanks for any answer. Jacques - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius, deb (sid)
Gabor Szelei wrote: > I'd like to use freeradius with PEAP. > > [...] > > rlm_eap_tls.so seems to be missing. Does anyone know some debian source > to get it with it? Debian doesn't distribute a binary version of the rlm_eap_tls module because the OpenSSL license is incompatible with the GPL. http://www.gnu.org/licenses/license-list.html#GPLIncompatibleLicenses http://marc.theaimsgroup.com/?l=openssl-users&m=114460613316150&w=2 > Is there some guide about how to build it and what dependencied are > needed for that? You might download FreeRADIUS 1.1.1 and build a Debian package from sources. http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP TLS authentification
Hello, After an authentification with a certificate, the user-name who is return is the common name of the certificate. How can i do to use another field (subject, email, serial number...) because some person can have a same common name ? Thanks in advance - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Messenger
Dear all, I am using freeradius 1.1.1 to authenticate SIP users. Using Windows Messenger as SIP phone is very important for me. I tested my servers(Sip proxy and freeradius) with free SIP phones and everything is OK. But with windows messenger I face some problems. I think the Function that Windows uses for Digest encription has some differences with FreeRadius functions (perhaps, I guess). Let me Know if anyone has tested the FreeRadius with windows messenger. "Is it possible or not?" I appericiate any help. Best wishes Saman Celebrate Earth Day everyday! Discover 10 things you can do to help slow climate change. Yahoo! Earth Day- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Execute scripts
I'm new in FreeRadius. I want to make my own log on script which will execute same bash functions. Is it possible?? Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Use of Service type attribute
Chandra mohan wrote: Hi, I am developing a RADIUS client for our embedded product. I would like the Radius client implementation to support the association of privilege level with individual accounts, e.g. the account "normal_user" has a privilege that allows read-only access while account "admin_user" has a privilege that allows read-write access(can changes our system configuration). Is it possible to use "Service-Type" attribute for this purpose, with "Login" value for normal_user and "Administrative" for admin_user. Please clarify. Yes it is possible, but it is wrong. RFC2865 states: 5.6. Service-Type 1 Login 2 Framed 3 Callback Login 4 Callback Framed 5 Outbound 6 Administrative 7 NAS Prompt 8 Authenticate Only 9 Callback NAS Prompt 10 Call Check 11 Callback Administrative Login The user should be connected to a host. Administrative The user should be granted access to the administrative interface to the NAS from which privileged commands can be executed. NAS Prompt The user should be provided a command prompt on the NAS from which non-privileged commands can be executed. So you should actually use "NAS Prompt" for read-only and "Administrative" for read-write. "Login" is something else entirely. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Create and Send attributes
Carlos Peñafiel wrote: Hello!!! I want to send from my radius server several attributes to the client, but I've been looking at the documenation. I can do that if my attribute-ID is between 1 and 100 (I guess, maybe is it 256), but also the documentation says that a new attribute has to have an ID greater than 3000. So, are not "the attributes between 100 (256) and 3000" sent to the client radius? (I guess, they could be used for local management) If it is not, how can I create an attribute with id grater that 3000 and send to the radius client? If you are creating your own attributes, get an IANA enterprise number (either apply for one or re-use one if AND ONLY IF you're certainly it will only be used internally) and use a vendor-specific attribute space. See the dictionary.$vendor files for examples. Alternatively, have a dig in the dictionary files and/or RFCs for an existing attribute that closely matches the purpose. What are you trying to do? Obviously you'll have to have control over the radius client to make it actually use the new attribute. Most will only use attributes they already know about. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
assign a value to an attribute via a script
Hello, I'm searching how to use a script to modify the value of an attribute. When I try the example of radiusd.conf : Attribute-Name = `%{echo:/path/to/program args}` In my test I try to use a script to assign an IP address to the Attribute Framed-IP-Address : Framed-IP-Address = `%{dhcp:/etc/raddb/test %{User-Name} %{NAS-IP-Address}}` I've added this in the accounting module with the same result as I want to fic this value in the attribute Framed-IP-Address during the time of an active accounting session. I've created an exec module : exec dhcp { wait = yes input_pairs = request output_pairs = reply packet_type = Access-Accept } I get an error message when I try to start : ERROR: Cannot find a configuration entry for module "Framed-IP-Address". The rest of the radiusd.conf configuration is pointing to a MySQL database and works well. I've tested successfully the script itself alone in the echo module configuration : program = "/var/log/radius/test %{User-Name} %{NAS-IP-Address}" What am I doing wrong ? Is something missing ? Sincerely, Philippe BACQUAERT Accédez au courrier électronique de La Poste : www.laposte.net ; 3615 LAPOSTENET (0,34 /mn) ; tél : 08 92 68 13 50 (0,34/mn) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius, deb (sid)
Hiall, I'd like to use freeradius with PEAP. from freeradius -X: rlm_eap: Loaded and initialized type gtc rlm_eap: Failed to link EAP-Type/tls: rlm_eap_tls.so: cannot open shared object file: No such file or directory rlm_eap_tls.so seems to be missing. Does anyone know some debian source to get it with it? Is there some guide about how to build it and what dependencied are needed for that? br, gabor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Use of Service type attribute
Hi, I am developing a RADIUS client for our embedded product. I would like the Radius client implementation to support the association of privilege level with individual accounts, e.g. the account "normal_user" has a privilege that allows read-only access while account "admin_user" has a privilege that allows read-write access(can changes our system configuration). Is it possible to use "Service-Type" attribute for this purpose, with "Login" value for normal_user and "Administrative" for admin_user. Please clarify. Thanks -Chandra __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html