radcheck NAS-identifier
Hi, FR + mysql authacct. Sometimes I need to restrict users or groups to acces a certain NAS. I use the nas-identifier attribute to recognize the nas To accomplish this I just add an entry to radcheck or radgroupcheck like this NAS-identifier != nas-name This works fine but, sometimes I use radtest directly on the server to test accounts if someone claims he/she is unable to login. Now for every user/group I've set the above entry in the database, radcheck on the server always returns an acces-reject for some reason. Though, users can login the nas's they are allowed to and get rejected on the certain nas I've specified, so the setup itself is working. But I've kind of lost my account testing utitlity :-) I don't understand why radcheck fails on these accounts. I understand radcheck doesn't send any nas-identifier, but I used operator ' ! = ' and not ' ==' so shouldn't the radius accept radtest requests on localhost? I 'm sure there is a good explanation why radtest returns an Acces-reject, but I'd like to know why and, if possible, if there is a solution/work-around for this. Many tnx, Y. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius logging w/syslog
[EMAIL PROTECTED] wrote: I've upgraded to FreeRADIUS Version 1.1.7 now and logging seems to be working but I'd like to be able to get more usable data. I nthe /etc/syslog.conf file I have this entry: ... From the syslog server I see this data: Oct 17 19:11:16 radius radiusd(pam_unix)[15776]: authentication failure; logname= uid=95 euid=95 tty= ruser= rhost= The pam_unix module is creating that log message. See it's documentation for how to log more data. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: accounting update
On 10/17/07, Daann [EMAIL PROTECTED] wrote: but I'd like to have some more detailed instructions on what to do. Thanks in advance Set this in the users file and accounting will get updated every 300 sec # Sent Chillispot Interim Accounting interval in every reply packet DEFAULT Acct-Interim-Interval = 300 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: issue with mysql accounting
Jan Satko wrote: So it looks like (for me) that AP is sending outer information for accounting. Maybe there is some option howto force AP to show inner username ? Send the inner user name back in the Access-Accept. Set use_tunneled_reply, and it should work. I noticed that TTLS has some options in eap.conf about tunneled-reply or variables. But i have dozen of users(usually students) which have only XP/Vista with PEAP plugin. Cannot force them to install TTLS (if TTLS will works). Peap also has use_tunneled_reply. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: issue with mysql accounting
Peap also has use_tunneled_reply. Alan DeKok. Tyvm. It is working. I'm still using old eap.conf from 2 years ago and this option was before only in TTLS section ;-) S pozdravom -- Bc. Jan 'EIS' Satko Slovak University of Agriculture network system managerTr. A. Hlinku 2 Tel: +421 37 7412 616 949 76 Nitra Slovakia - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
clients linux to freeradius
Hello. How do I do for that my clients linux (fedora core 4) soliciten autenticarse ante el servidor freeradius antes de conectarse a la red. Should I install an additional program for my client lunix asking for authentication?. Or is only necessary in some file modoficacion sde linux, as I did in Windows. Liset Vizcardo This message was sent using IMP, the Internet Messaging Program. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
