RE: public secret and public radius server. Is it secure?
If you don't want Dynamic address use VPN between your RADIUS server an your hotspots. My question is : - What can a malicious user can do with the secret? Can it alter accounting and other things? (chillispot uses chap auth-type) one is spell it out and try rumble it so he forms a new word from it Is it a real security problem? I will be using accounting for facturation purposes... - Is there a way of maintaining a per hotspot secret with dynamic ip addresses? yes. check client and clients.conf relationship I did not find. clients.conf entry seems to be ip based. How do I setup a NAS without knowing its ip? (and differentiate between several of them) - why not implement static IP for APs? -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.8.1/354 - Release Date: 6/1/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Un amor, una aventura, compañía para un viaje. Regístrate gratis en MSN Amor Amistad. http://match.msn.es/match/mt.cfm?pg=channeltcid=162349 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: public secret and public radius server. Is it secure?
Hi, I don't want to do that, because it is too complex to setup. My users setup their hotspot by themself (at least at the beginning) Setting up a vpn is too complicated. I just want the setup as simple as possible. you are planning to roll out captive portals, with RADIUS authentication, most likely SQL based accounting and volume/time account restrictions etc. you MAY have to install a form of proxy to protect juveniles from certain sites etc - depending on local legal requirements. compared to this, setting up a VPN tunnel to the central AAA box with OpenVPN is trivial. Its about 15 lines of openvpn.conf file. oh, and a 'yum install openvpn' beforehand. which do you want? security and a workable system, or a hatchet job? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting problem with CISCO 5200
Hello! I have CISCO 5200 with the following config: aaa accounting delay-start aaa accounting update periodic 5 aaa accounting network default start-stop radius Also, I have freeradius server connected with SQL database. Alive-packets (from cisco) don't include information about sent/received bytes (AcctInputOctects/AcctOutputOctets), however, the Stop records include such information. So, is it possible to enable AcctInputOctects/AcctOutputOctets in the alive-packets from CISCO 5200? How? Is it issue of CISCO IOS or radius server? Sincerely Yours, Axe Sky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius-Users Digest, Vol 14, Issue 15
I am on holiday between June 3 to June 10. I will return to my office on June 11. See you soon. Thanks, Gilbert Lo helpdesk at St. George's School - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
multiple Autz-Type
Hello everybody. I'll tell you what i wanna do and the problem i get so you could either fix my configuration or give me some new ideas. First, I´m using freeradius 1.1.1 + ldap. What I have is this: I have three radius working in different placement of one organization, these radius authorize against three subtrees of the ldap. When a user is not found they do proxy to another radius. This work quite well.
What I want: I want to have another radius ( only one ) to acct as a backup of these servers ( for configuring my ciscos with two servers ). This radius has the complete tree but it must look in each subtree depending on the NAS-IP, not in the whole ldap. If the user is not found in the corresponding subtree it must do proxy to the central radius.
I don't know if I have explain it correctly, if I haven't just tell me ( I'm not an english speaker )For this configuration I've defined three ldaps in radiusd.conf:module{ ldap ldap1{ }
ldap ldap2{ } ldap ldap3{ }}...authorize{... autztype customer1{ redundant { group { ldap1 {
notfound = return fail = return } files mschap
eap notfound = 1 fail = 1 } files } }
Autz-Type customer2{ [ similar configuration as above ] } Autz-Type customer3{ [ similar configuration as above ] }}My hints file:
DEFAULT NAS-IP-Address == 192.168.51.220 Autz-Type := customer1DEFAULT NAS-IP-Address == 192.168.51.221 Autz-Type := customer2
DEFAULT NAS-IP-Address == 192.168.51.222 Autz-Type := customer3Users:DEFAULT Proxy-to-realm := wickwar_centralThe problem is that it doesn't execute any of Autz-Type sections.
The logs:rad_recv: Access-Request packet from host 192.168.51.221:1645, id=200, length=160 User-Name = cadiz Framed-MTU = 1400 Called-Station-Id =
0011.9215.c490 Calling-Station-Id = 0004.238d.4b0e Cisco-AVPair = ssid=perfil_tipo_a Service-Type = Login-User Message-Authenticator = 0x27c966f01f1de90c836066e2a019c553
EAP-Message = 0x0202000a01636164697a NAS-Port-Type = Wireless-802.11 Cisco-NAS-Port = 395 NAS-Port = 395 NAS-IP-Address =
192.168.51.221 NAS-Identifier = ap Processing the authorize section of radiusd.confmodcall: entering group authorize for request 1 hints: Matched DEFAULT at 59 modcall[authorize]: module preprocess returns ok for request 1
rlm_realm: No '/' in User-Name = cadiz, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module ntdomain returns noop for request 1radius_xlat: '/opt/radius_LOCAL/var/log/radius/radacct/192.168.51.221/auth-detail-20060605'
rlm_detail: /opt/radius_LOCAL/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /opt/radius_LOCAL/var/log/radius/radacct/192.168.51.221/auth-detail-20060605 modcall[authorize]: module auth_log returns ok for request 1
modcall: leaving group authorize (returns ok) for request 1auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the userauth: Failed to validate the user.Login incorrect: [cadiz/no User-Password attribute] (from client ap port 395 cli
0004.238d.4b0e)Delaying request 1 for 1 secondsFinished request 1Going to the next request--- Walking the entire request list ---Waking up in 1 seconds...--- Walking the entire request list ---
Waking up in 1 seconds...--- Walking the entire request list ---Sending Access-Reject of id 200 to 192.168.51.221 port 1645Waking up in 4 seconds...--- Walking the entire request list ---
Cleaning up request 1 ID 200 with timestamp 44840b82Nothing to do. Sleeping until we see a request.If anyone could give my a hand. I would be grateful. Thanks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RADIUS Problems
I am having a pretty big problem that you all should be able to fix fairly quickly, but I cant seem to figure out how. I am using 2 Cisco Aironet 1130AGs with a freeRADIUS server I have all the users in it and setup, but I seem to get this error every 30seconds on the Access Points. Jun 5 08:32:49.650 S Warning RADIUS server ***.***.***.***:1812,1813 has returned. Jun 5 08:32:49.650 S Warning RADIUS server ***.***.***.***:1812,1813 is not responding. I have removed the IP addresses for obvious reasons, but could anyone tell me what this means and how to fix it? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Log files not being updated (version 2)
Hello, I meant to send this the other day, I goofed and just sent the output at the bottom - my apologies. I am running version 1.1.1 on FedoraCore 4. I am trying to get freeradius to work with our SkyPilot Extender DualBand AP as part of 802.1x. This is a very new to subject to me, but so far I've been able to install freeradius and I even had it running using MySQL successfully - I was able to test it using ntradping, and it responded as expected and the logs were added to properly. As part of the 802.1x setup, it turns out we need to be using eap and a few other things that I did not have running in this initial setup. The vendor was kind enough to send me a copy of a working raddb directory that they had along with some instructions. Because they were running version 1.1, I didn't want to just dump their files over mine.I first turned of the MySQL integration, tested again and it worked fine reading the text config files. I then compared their files to mine and made the changes that seemed appropriate. Now, when I start freeradius with 'radiusd -Xyfff', it boots up, and responds to requests as it should - but nothing gets added to the log file anymore. When this was originally working as expected, i was running radius as root. When I was comparing our files with the vendors and making the changes, my reading of the comments in the radius.conf file led me to believe I should run it as nobody instead. My first thought was that maybe I then had permission wrong on the log file -but changing the owner:group to nobody on the log didn't make a difference. I then changed it back to root and run radius as root (as I had been before) but no luck there either. I wonder if there's anything obvious to anyone in the output I get when I start freeradius (pasted below). I am hoping that don't have to revert to 1.1,but if that's the best way to get this to work, I'll do it for sure. Thanks for any suggestions. Hugo # radiusd -Xyfff Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /var/log/radius main: libdir = /usr/local/lib main: radacctdir = /var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = yes main: log_file = /var/log/radius/radius.log main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = no main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: user = root main: group = root main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = no proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = (null) exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null) rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = (null) mschap: authtype = MS-CHAP mschap: ntlm_auth = (null) Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = /etc/shadow unix: group = (null) unix: radwtmp = /var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = peap eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = Password: gtc: auth_type = PAP rlm_eap: Loaded and initialized type gtc tls:
Re: RADIUS Problems
Patrick Daley wrote: I am having a pretty big problem that you all should be able to fix fairly quickly, but I can’t seem to figure out how. I am using 2 Cisco Aironet 1130AG’s with a freeRADIUS server I have all the users in it and setup, but I seem to get this error every 30seconds on the Access Points. Jun 5 08:32:49.650 S Warning RADIUS server ***.***.***.***:1812,1813 has returned. Jun 5 08:32:49.650 S Warning RADIUS server ***.***.***.***:1812,1813 is not responding. I have removed the IP addresses for obvious reasons, but could anyone tell me what this means and how to fix it? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html That is what the AP's are saying, but what is freeradius saying? Are there any corresponding entries in radius.log? What happens when you run radiusd -X and look at the output whenever you see this error on your AP? Also, I'm not trying to be critical of your word usage but its a warning and not an error. This might be important. It might not actually be causing any real problems. Take a look at the things I mentioned, and the nature of the warning will probably become clearer to you. Chris Carver Network Engineer - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius-Users Digest, Vol 14, Issue 16
I am on holiday between June 3 to June 10. I will return to my office on June 11. See you soon. Thanks, Gilbert Lo helpdesk at St. George's School - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to make a persistent counter?
Dear FreeRADIUS users: I am trying to implement some load balancing for our wireless network. Each user needs to be placed in a different VLAN to distribute the use of each one. If I had a persistent counter that I could access, I could use the rlm_expr module to take the modulus of the counter and use that to generate the next candidate VLAN. Does anyone have any idea about how that could be accomplished? Ken - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting Stop time is not inserting in radacct tables in Radius by using openser
Hi
please this Issuse
... Radius server debug mode...
rad_recv: Accounting-Request packet from host 192.168.2.55:32807, id=58,
length=221
Acct-Status-Type = Failed
Service-Type = IAPP-AP-Check
Sip-Response-Code = 0
Sip-Method = INVITE
User-Name =
[EMAIL PROTECTED]
Calling-Station-Id = sip:
[EMAIL PROTECTED]
Called-Station-Id = sip:
[EMAIL PROTECTED]
Sip-Translated-Request-URI = sip:
[EMAIL PROTECTED]
Acct-Session-Id =
[EMAIL PROTECTED]
Sip-To-Tag = n/a
Sip-From-Tag = 3693743074
Sip-Cseq = 34571
NAS-Port = 5060
Acct-Delay-Time = 0
NAS-IP-Address = 192.168.2.55
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 11
modcall[preacct]: module preprocess returns noop for request 11
rlm_realm: Looking up realm 192.168.2.55 for User-Name =
[EMAIL PROTECTED]
rlm_realm: No such realm 192.168.2.55
modcall[preacct]: module suffix returns noop for request 11
modcall: leaving group preacct (returns noop) for request 11
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 11
rlm_acct_unique: Hashing 'NAS-Port = 5060,Client-IP-Address =
192.168.2.55,NAS-IP-Address = 192.168.2.55,Acct-Session-Id =
[EMAIL PROTECTED],User-Name =
[EMAIL PROTECTED]
'
rlm_acct_unique: Acct-Unique-Session-ID = ef0513de749b7034.
modcall[accounting]: module acct_unique returns ok for request 11
radius_xlat:
'/usr/local/var/log/radius/radacct/192.168.2.55/detail-20060605'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to
/usr/local/var/log/radius/radacct/192.168.2.55/detail-20060605
rlm_detail: Failed to create directory
/usr/local/var/log/radius/radacct/192.168.2.55: Permission denied
modcall[accounting]: module detail returns fail for request 11
modcall: leaving group accounting (returns fail) for request 11
Finished request 11
Going to the next request
Below one is openser.cfg file
please help me
#*
modparam(usrloc, db_mode, 2)
modparam(auth_db, password_column, password)
modparam(auth_db, calculate_ha1, yes)
modparam(usrloc|acc|auth_db|group|msilo, db_url,
mysql://openser:[EMAIL PROTECTED]/openser)
33
modparam(acc,log_level,1)
modparam(acc,log_flag,1)
modparam(acc,log_missed_flag,2)
modparam(acc, log_fmt, cdfimorstup)
modparam(acc, failed_transaction_flag,3)
modparam(acc, report_cancels, 1)
modparam(acc,report_ack,0)
modparam(acc, db_flag, 1)
modparam(acc, db_missed_flag, 2)
modparam(acc,radius_flag,1)
modparam(acc,radius_missed_flag,2)
modparam(acc,service_type,16)
modparam(acc,radius_config,/usr/local/etc/radiusclient-ng/radiusclient.conf)
##33
modparam(nathelper,natping_interval,30)
modparam(nathelper,ping_nated_only,1)
modparam(nathelper, rtpproxy_sock, unix:/var/run/rtpproxy.sock)
#33
modparam(rr, enable_full_lr, 1)
###
route {
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header(13)) {
sl_send_reply(483,Too Many
Hops!);
exit;
};
if ( msg:len max_len ) {
sl_send_reply(513, Message too big);
exit;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
record_route();
# loose-route processing
if (loose_route()) {
t_relay();
setflag(1);
exit;
};
# account completed transactions via syslog
setflag(1);
setflag(2);
if(uri==myself)
{
if(method==REGISTER)
{
if(!radius_www_authorize(192.168.2.55))
{
www_challenge(192.168.2.55,1);
exit;
};
save(location);
if (m_dump())
{
log(MSILO: offline messages dumped - if they
were\n);
}else{
log(MSILO: no offline messages dumped\n);
};
exit;
};
if(method==INVITE|| method==ACK)
{
acc_rad_request(Start);
record_route();
force_rtp_proxy();
#setflag(1);
t_on_reply(1);
};
if (method==BYE) {
record_route();
};
if (method==MESSAGE) {
log(1, MESSAGE\n);
setflag(1); /* set for accounting (the same value as in
log_flag!) */
};
if (method==BYE || method==CANCEL) {
#log (1, BYE or CANCEL\n);
#setflag(1);
acc_rad_request(Stop);
setflag(1);
};
if(!lookup(location))
{
sl_send_reply(404,Woo. NOt found);
};
};
lookup(aliases);
setflag(2);
if(!t_relay())
{
sl_reply_error();
};
}
onreply_route[1]
{
if(status=~[0-9][0-9][0-9])
{
force_rtp_proxy();
};
}
... Naslist file in raddb(radius_server.
192.168.2.55 radiustestother
Re: Freeradius-Users Digest, Vol 14, Issue 17
I am on holiday between June 3 to June 10. I will return to my office on June 11. See you soon. Thanks, Gilbert Lo helpdesk at St. George's School - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting Stop time is not inserting in radacct tables in Radius by using openser
raviprakash sunkara [EMAIL PROTECTED] wrote: /usr/local/var/log/radius/radacct/192.168.2.55/detail-20060605 rlm_detail: Failed to create directory /usr/local/var/log/radius/radacct/192.168.2.55: Permission denied What part of that message is unclear? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Excellent Position for a Sr. Software Engineer (Radius Applications) || GA || 6 months Contract
Hi, I have an urgent position for a Sr. Software Engineer in Atlanta, GA for a 6 months Contract. Please go through the requirement once you feel comfortable please reply me back with your Updated Resume in Word Format , Present Location , Expected Rate on hourly basis and Availability. Key Words: Radius (c or java) unix administration shell (cvs or ant or gdb or sh or "gnu c" or "sun java" ) ospf bgp (wan or "wide area network") (rf or microwave) (wireless or isp or adelphia) Required Skills: . C or Java system programming skills in a Unix environment. . Debugging multithreaded applications. . Knowledge of some Unix system administration skills. . Understanding of software development life cycle i.e. requirement, design, development, testing, deployment, and support. . Knowledge of basic software development tools and Unix shell script(s) i.e. .CVS, make, ant, gdb, sh, gnu C compiler, SunJava compiler, and others. . Knowledge and experience with the RADIUS application. . Complex OSPF and BGP design in a large Wide Area Network environment. . RF/Microwave and Communication Systems, GIS Systems, and/or web portal-based authentication systems. Desired: Complex networks - both wired and wireless and in a large Internet Service Provider context. Job Description: Atlanta, GA # Of Openings: 1 6 months . Reports to Software Engineer Team Lead. . Core responsibility to troubleshoot and debug multithreaded applications. Thanks Regards,Dharmendra SachdevacyberThink Inc.Tel : (908) 429-8008 x 390Fax : (908) 429-8005[EMAIL PROTECTED][EMAIL PROTECTED]www.cyberThink.comcyberThink has been recognized as one of the fastest growing IT Services and Staffing companies in the U.S. by INC. magazine, Deloitte Touche and Purple Squirrel.cyberThink Inc. is an Equal Opportunity Employer""We are open to hire US Citizens, Green Card holders H1b Visa Holders" - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Log files not being updated (version 2)
Hugo Heriz-Smith [EMAIL PROTECTED] wrote: I wonder if there's anything obvious to anyone in the output I get when I start freeradius (pasted below). And what does it say when you send it a packet? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Log files not being updated (version 2)
If I type this:
radtest hugo test 127.0.0.1 1812 ***
then I get the following (but nothing shows up in the log).
Strangely, what I do see in the log are a few lines from last
weekend, when I was trying to get this to work (as I mentioned, I was
changing the user this runs under from 'nobody'back to 'root'.
Sat Jun 3 22:09:11 2006 : Info: rlm_exec: Wait=yes but no output
defined. Did you mean output=none?
Sat Jun 3 22:09:11 2006 : Info: rlm_eap_tls: Loading the certificate
file as a chain
Sat Jun 3 22:09:11 2006 : Info: Ready to process requests.
Below is the output I got when I ran the radtest command.
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:33086, id=59,
length=56
User-Name = hugo
User-Password = test
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
radius_xlat: '/var/log/radius/radacct/127.0.0.1/auth-detail-20060605'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%
Y%m%d expands to /var/log/radius/radacct/127.0.0.1/auth-detail-20060605
modcall[authorize]: module auth_log returns ok for request 0
modcall[authorize]: module chap returns noop for request 0
modcall[authorize]: module mschap returns noop for request 0
rlm_realm: No '@' in User-Name = hugo, looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module eap returns noop for request 0
users: Matched entry DEFAULT at line 152
users: Matched entry hugo at line 216
modcall[authorize]: module files returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type System
auth: type System
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
modcall[authenticate]: module unix returns notfound for request 0
modcall: leaving group authenticate (returns notfound) for request 0
auth: Failed to validate the user.
Login incorrect: [hugo/test] (from client localhost port 1812)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 59 to 127.0.0.1 port 33086
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 59 with timestamp 448458e9
Nothing to do. Sleeping until we see a request.
And, when I ran it once more before I mailed this, just to make sure
I was getting everything straight, I got this as part of the output:
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type System
auth: type System
ERROR: Unknown value specified for Auth-Type. Cannot perform
requested action.
auth: Failed to validate the user.
Login incorrect: [hugo/test] (from client localhost port 1812)
I'm sure i didn't change anything, but now, it is saying System is an
unknown value? Is this problem perhaps bigger than I realize -or am I
just not thinking clearly...
thanks,
Hugo
On Jun 5, 2006, at 11:43 AM, Alan DeKok wrote:
Hugo Heriz-Smith [EMAIL PROTECTED] wrote:
I wonder if there's anything obvious to anyone in the output I get
when I start freeradius (pasted below).
And what does it say when you send it a packet?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Excellent Position for a Sr. Software Engineer (Radius Applications) || GA || 6 months Contract
Hi, I have an urgent position for a Sr. Software Engineer in Atlanta, GA for a 6 months Contract. Please go through the requirement once you feel comfortable please reply me back with your Updated Resume in Word Format , Present Location , Expected Rate on hourly basis and Availability. Key Words: Radius (c or java) unix administration shell (cvs or ant or gdb or sh or "gnu c" or "sun java" ) ospf bgp (wan or "wide area network") (rf or microwave) (wireless or isp or adelphia) Required Skills: . C or Java system programming skills in a Unix environment. . Debugging multithreaded applications. . Knowledge of some Unix system administration skills. . Understanding of software development life cycle i.e. requirement, design, development, testing, deployment, and support. . Knowledge of basic software development tools and Unix shell script(s) i.e. .CVS, make, ant, gdb, sh, gnu C compiler, SunJava compiler, and others. . Knowledge and experience with the RADIUS application. . Complex OSPF and BGP design in a large Wide Area Network environment. . RF/Microwave and Communication Systems, GIS Systems, and/or web portal-based authentication systems. Desired: Complex networks - both wired and wireless and in a large Internet Service Provider context. Job Description: Atlanta, GA # Of Openings: 1 6 months . Reports to Software Engineer Team Lead. . Core responsibility to troubleshoot and debug multithreaded applications. Thanks Regards,Dharmendra SachdevacyberThink Inc.Tel : (908) 429-8008 x 390Fax : (908) 429-8005[EMAIL PROTECTED][EMAIL PROTECTED]www.cyberThink.comcyberThink has been recognized as one of the fastest growing IT Services and Staffing companies in the U.S. by INC. magazine, Deloitte Touche and Purple Squirrel.cyberThink Inc. is an Equal Opportunity Employer""We are open to hire US Citizens, Green Card holders H1b Visa Holders" - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Log files not being updated (version 2)
Hugo Heriz-Smith [EMAIL PROTECTED] wrote: If I type this: radtest hugo test 127.0.0.1 1812 *** then I get the following (but nothing shows up in the log). Authentication != accounting I'm sure i didn't change anything, but now, it is saying System is an unknown value? Is this problem perhaps bigger than I realize -or am I just not thinking clearly... If it says System is unknown, you changed the default config to break it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Excellent Position for a Sr. Software Engineer (Radius Applications) || GA || 6 months Contract
Damn! Ain't posting it once enough? Does this go ok with the rules of this list? This is already the 3rd time this gets posted!! Dharmendra Sachdeva wrote: Hi, I have an urgent position for a *_ Sr. Software Engineer in Atlanta, GA_* for a *6 months Contract*. Please go through the requirement once you feel comfortable please reply me back with your _Updated Resume in Word Format , Present Location , Expected Rate on hourly basis and Availability_. *Key Words:* *Radius (c or java) unix administration shell (cvs or ant or gdb or sh or gnu c or sun java ) ospf bgp (wan or wide area network) (rf or microwave) (wireless or isp or adelphia)* *_Required Skills:_* . C or Java system programming skills in a Unix environment. . Debugging multithreaded applications. . Knowledge of some Unix system administration skills. . Understanding of software development life cycle i.e. requirement, design, development, testing, deployment, and support. . Knowledge of basic software development tools and Unix shell script(s) i.e. .CVS, make, ant, gdb, sh, gnu C compiler, Sun Java compiler, and others. . Knowledge and experience with the RADIUS application. . Complex OSPF and BGP design in a large Wide Area Network environment. . RF/Microwave and Communication Systems, GIS Systems, and/or web portal-based authentication systems. Desired: Complex networks - both wired and wireless and in a large Internet Service Provider context. Job Description: Atlanta, GA # Of Openings: 1 6 months . Reports to Software Engineer Team Lead. . Core responsibility to troubleshoot and debug multithreaded applications. Thanks Regards, *Dharmendra Sachdeva* cyberThink Inc. Tel : (908) 429-8008 x 390 Fax : (908) 429-8005 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] www.cyberThink.com http://www.cyberThink.com cyberThink has been recognized as one of the fastest growing IT Services and Staffing companies in the U.S. by INC. magazine, Deloitte Touche and Purple Squirrel.cyberThink Inc. is an Equal Opportunity EmployerWe are open to hire US Citizens, Green Card holders H1b Visa Holders - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius-Users Digest, Vol 14, Issue 18
I am on holiday between June 5 to June 9. I will return to my office on June 12. See you soon. Thanks, Gilbert Lo helpdesk at St. George's School - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: multiple Autz-Type
wekz wrote:
I don't know if I have explain it correctly, if I haven't just tell me (
I'm not an english speaker )
Your english is great.
My hints file:
Nearly there. Try:
DEFAULT NAS-IP-Address == 192.168.xx.yy, Autz-Type := LDAPx
I'm not sure that'll work in a hints file - so you may need to use a
users file - hints puts items into the request pairs, Autz-Type needs
to go into the configure pairs.
Try this:
modules {
# other stuff
files filesFirst {
usersfile = ${confdir}/usersFirst
}
}
authorize {
preprocess
filesFirst
Autz-Type LDAP1 {
# stuff here
ldap1
}
# other LDAP modules
}
And in ${confdir}/usersFirst:
DEFAULT NAS-IP-Address == 192.168.51.xx, Autz-Type := LDAP1
DEFAULT NAS-IP-Address == 192.168.51.yy, Autz-Type := LDAP2
...and so on.
The other slightly simpler way might be to use a passwd (badly named)
module, e.g.:
modules {
passwd nas2autz {
filename = ${confdir}/nas2autz
format = *NAS-IP-Address:Autz-Type
# set to 0 to read file on every request - slow
# but instant-updates
hashsize = 100
}
}
authorize {
preprocess
nas2autz
Autz-Type LDAP1 {
ldap1
}
# other Autz
}
...and in ${confdir}/nas2autz
192.168.51.xx:LDAP1
192.168.51.yy:LDAP2
Hope that helps
Phil
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Stripping Username Question *important*
Hi, im working with machine authentication and EAP-TLS Zertifikates. When a machine authenticates I get the name of the mchine like host/250-IT . I nee the searchString at LDAP like 250-IT$. How can I strip away that host/ and add $ for the search at the LDAP Directory? Thanks for helping me. Greetings Armin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
