freeradius upgrade help
I'm currently using freeradius version 1.1.6, planning to upgrdate to a stable version. Please suggest a version which is stable. My radius box running linux. Thanks in advance. Regards, Rams. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sql_mysql encoding issue
I am trying to setup freeradius using EAP-PEAP using a mysql backend.
I seem to have most of it working, but one small issue.
I have freeradius 2.1.5.
This is my radcheck table:
mysql> select * from radcheck;
++--+++-+
| id | username | attribute | op | value |
++--+++-+
| 1 | MACH01\testuser | Cleartext-Password | := | mysecret |
++--+++-+
However in the (radiusd -X) I am seeing the following:
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, value, op FROM
radchec
k WHERE username = '%{SQL-User-Name}' ORDER BY id ->
SELECT
id, username, attribute, value, op FROM radcheck
WHERE username = 'MACH01=5Ctestuser' ORDER BY id
'MACH01\testuser' is changed to 'MACH01=5Ctestuser' and thus FR does not
find it.
If I change username to 'MACH01=5Ctestuser' in the radcheck table it
seems to work.
Is there a way to change the way rlm_sql_mysql does its encoding? So I
can leave it as 'MACH01\testuser'.
To save bandwidth I posted the full (radiusd -X) log at
www.ehoeve.com/radius-debug.log
I can provide more info as needed.
TIA
-Eric
--
-=-=-=-=-=-=-=-=-=-=-=-
Eric Hoeve
Email: eric-free...@ehoeve.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Vendor Specified Attribute
Hello, Can I put one attribute in database like following 256Kbps Cisco-AVPair:= ip:sub-policy-Out=256Kbps 256Kbps Cisco-AVPair:= ip:sub-policy-In=256Kbps If not. How do I define bandwidth shape both in and out ? Sincerely, Tseveen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Looking for client configurations for dynamic client
Hi guys
I'm running Debian lenny... in production server I have installed freeradius
1.x and in client.conf i have seted
client 0.0.0.0/0 {
secret = mySecret
shortname = everyone
}
In Debian lenny is available freeradius 2.0.4 in this version that setting for
client is not available.
Some time ago Alan told me that use 2.0.5 version to this settings, I did try
to build a .pkg to install in my server but never can
done it, because i did have some errors and my knowledge are not enought.
Well I want to know if some one can tell me how i can have clients that don't
have static IP's if I don't allow access to every
world, because nas database is loaded only at startup time.
I think i can use dynDNS or something like that, so I can declare the host.name
and not IP address, but I want to know if exists
some way to handle this case. Ah the clientes can be added by it self with a
register page.
Any Idea?
Thanks guys...
-
Fabián Omar Franzotti
Resistencia - Chaco - Argentina
Tel Arg.: 54-(372)-243-8710 / 54-(372)-257-0347
USA Phone: 1-(321)-284-3865
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: groupcmp fails during tunneled request
Ivan Kalik a écrit :
>> I'm having an issue with the group check (ldap_groupcmp).
>>
>> Everything is fine until the request is tunnelled, and I can't find out
>> why my user is rejected there
>> It seems that he ends in this section during this phase:
>> DEFAULT Ldap-Group == BANNED , Auth-Type := Reject
>> Reply-Message = "Account disabled. Please call the helpdesk."
>>
>>
>
> No. That didn't match.
>
>
>> Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap::groupcmp: Group BANNED not
>> found or user not a member
>>
>
> See.
>
>
>> Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id:
>> 0
>> Tue Apr 28 11:42:35 2009 : Info: [files] users: Matched entry DEFAULT at
>> line 15
>>
>
> But something else did. What is on line 15 in users file?
>
DEFAULT Auth-Type := Reject
Reply-Message = "Please call the helpdesk."
>
>> Tell me if you need more debug output...
>>
>
> We do. This doesn't show anything. Post the debug with whole inner tunnel
> exchange.
>
>
>> It was working perfectly before I introduced the group check using the
>> huntgroups.
>>
>>
>
> Huntgroups?
>
>
>
Content of my huntgroup file.
WIFINAS-Identifier == "accessPoint-Manager"
Ldap-Group == wireless,
Ldap-Group == wireless2,
REM NAS-IP-Address == 10.44.12.2
Ldap-Group == REM
Content of my user file:
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "CSLIP"
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "SLIP"
Framed-Protocol = SLIP
DEFAULT Ldap-Group == BANNED , Auth-Type := Reject
Reply-Message = "Account disabled. Please call the helpdesk."
DEFAULT Huntgroup-Name == WIFI, Auth-Type = eap
Fall-Through = no,
DEFAULT Huntgroup-Name == REM, Auth-Type = ldap
Fall-Through = no,
DEFAULT Auth-Type := Reject
Reply-Message = "Please call the helpdesk."
Invalid operator for item NAS-Identifier: reverting to '=='
==> I have corrected this now
Full Debug:
rad_recv: Access-Request packet from host 10.0.0.2 port 32769, id=13,
length=219
User-Name = "alicebob"
Calling-Station-Id = "00-13-02-25-CF-40"
Called-Station-Id = "00-1E-13-1C-87-00:WiFi-TEST"
NAS-Port = 1
NAS-IP-Address = 192.168.225.8
NAS-Identifier = "accessPoint-Manager"
Airespace-Wlan-Id = 2
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "502"
EAP-Message =
0x0207002219001703010017d6d3387b7eed6b4b21f289092b99288904cc4970a60bfc
State = 0x6416d65c6011cf1de638dad1d46f61b2
Message-Authenticator = 0x0b5692123f68b20d631e3b7b45b39069
+- entering group authorize {...}
Invalid operator for item NAS-Identifier: reverting to '=='
rlm_ldap: Entering ldap_groupcmp()
[preprocess]expand: dc=companyname,dc=com -> dc=companyname,dc=com
[preprocess] WARNING: Deprecated conditional expansion ":-". See "man
unlang" for details
[preprocess]expand: (uid=%{Stripped-User-Name:-%{User-Name}}) ->
(uid=alicebob)
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=companyname,dc=com, with filter
(uid=alicebob)
rlm_ldap: ldap_release_conn: Release Id: 0
[preprocess]expand:
(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
->
(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=)))
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=companyname,dc=com, with filter
(&(radiusGroupName=wireless)(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in
uid=alicebob,ou=companystaff,dc=companyname,dc=com, with filter
(objectclass=*)
rlm_ldap::ldap_groupcmp: User found in group wireless
rlm_ldap: ldap_release_conn: Release Id: 0
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/10.0.0.2/auth-detail-20
Re: groupcmp fails during tunneled request
> I'm having an issue with the group check (ldap_groupcmp). > > Everything is fine until the request is tunnelled, and I can't find out > why my user is rejected there > It seems that he ends in this section during this phase: > DEFAULT Ldap-Group == BANNED , Auth-Type := Reject > Reply-Message = "Account disabled. Please call the helpdesk." > No. That didn't match. > Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap::groupcmp: Group BANNED not > found or user not a member See. > Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: > 0 > Tue Apr 28 11:42:35 2009 : Info: [files] users: Matched entry DEFAULT at > line 15 But something else did. What is on line 15 in users file? > Tell me if you need more debug output... We do. This doesn't show anything. Post the debug with whole inner tunnel exchange. > It was working perfectly before I introduced the group check using the > huntgroups. > Huntgroups? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cange username in mysql auth
Trujillo Carmona, Antonio wrote: > Hello and thank for all your work. > Right now I'm try to use freeradius to validate access to our net throw > a MAC auth. > Our problem is that we have a inventory (in mysql) of printers with a > field named MACADDR and we want check this field in order to grant > access to the printers. > How can we change the the sql query to check "MACADDR" instead of > "username"? Edit it. See the example configuration files for the default SQL queries. They can be changed. The default schema and queries are just defaults. You can change them to nearly anything you want. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problems with some libraires
Hi,
I had similar problem ("radiusd: error while loading shared
libraries: libfreeradius-radius-2.1.5.so") several times these
days... just a few hours ago as well. Issuing a ldconfig on GNU /
Linux after installation from source fixes the problem for me. Not
source editing, version replacement etc needed.
On 28.04.2009, at 03:55, Ernesto Cadiz wrote:
Well I've changed the version problem with the libraries but when i
run radius it appear this trouble:
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/usr/local/etc/raddb/certs/servored/
servored_cert.pem"
certificate_file = "/usr/local/etc/raddb/certs/servored/
servored_cert.pem"
CA_file = "/usr/local/etc/raddb/certs/servored/cacert.pem"
private_key_password = "cisco"
dh_file = "/usr/local/etc/raddb/certs/dh"
random_file = "/usr/local/etc/raddb/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
cache {
enable = no
lifetime = 24
max_entries = 255
}
}
rlm_eap: SSL error error:0906D06C:PEM routines:PEM_read_bio:no start
line
rlm_eap_tls: Error reading private key file /usr/local/etc/raddb/
certs/servored/servored_cert.pem
rlm_eap: Failed to initialize type tls
/usr/local/etc/raddb/eap.conf[17]: Instantiation failed for module
"eap"
/usr/local/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find
module "eap".
/usr/local/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing
authenticate section.
}
i think this happens because i use a RSA key length on the
certificate with 1024 bites and in the rsa_key_length line is equal
to 512. i don't know if i have to change this line too and in which
script i can find the line to change it.
Thanks to all for the help
Best Regards.
Ernesto
2009/4/27 Ivan Kalik
First do updatedb. Then see if locate can find this library. If it
can,
radius will probably run. If it doesn't - well, it's in the FAQ.
Ivan Kalik
Kalik Informatika ISP
> OK, i try to find the script where is that part of the libraries
but i
> can't
> find it..can anyone tell wich is the script?..thank for all
>
> 2009/4/24
>
>> Hi,
>>
>> > *casa:/usr/local/etc/raddb# radiusd -X
>> > radiusd: error while loading shared libraries:
>> libfreeradius-radius-2.1.5.so:
>> > cannot open shared object file: No such file or directory*
>>
>> with the current 2.1.4 release there is an identity crisis - please
>> check the source code and replace the 2.1.5 with 2.1.4 and
>> rebuilt/reinstall
>>
>> alan
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mac-based authentification fail
On 28/4/09 12:30, sserre wrote: Le Tuesday 28 April 2009 11:42:27 Ivan Kalik, vous avez écrit : adius is under active development and information on the Internet i Youre right. It works! I m so ... disapointed. Thanks a lot kalik. Loads of people seem to be asking for this, so i've hashed out a quick example in the wiki for FR v2. http://wiki.freeradius.org/Mac-Auth Thanks, Arran -- Arran Cudbard-Bell (a.cudbard-b...@sussex.ac.uk), Authentication, Authorisation and Accounting Officer, Infrastructure Services (IT Services), E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT DDI+FAX: +44 1273 873900 | INT: 3900 GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
groupcmp fails during tunneled request
Hello list,
I'm having an issue with the group check (ldap_groupcmp).
Everything is fine until the request is tunnelled, and I can't find out
why my user is rejected there
It seems that he ends in this section during this phase:
DEFAULT Ldap-Group == BANNED , Auth-Type := Reject
Reply-Message = "Account disabled. Please call the helpdesk."
Even if he has the correct group in the LDAP.
This was working on my test bed. The configuration seems to be the same,
the only change is the NAS type ( I have tested that on HP switches, and
now it's using a Cisco Wireless controller).
It was working perfectly before I introduced the group check using the
huntgroups.
I'm using version 2.1.1 of freeradius on an Debian etch box.
Here is the part of the debug where it fails.
Sending tunneled request
EAP-Message = 0x020f000b01676269676f74
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "alicebob"
Calling-Station-Id = "00-13-02-25-FF-40"
Called-Station-Id = "00-1E-13-1D-85-70:WiFi-TEST"
NAS-Port = 1
NAS-IP-Address = 192.168.226.8
NAS-Identifier = "accessPoint-Manager"
Airespace-Wlan-Id = 2
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "502"
server inner-tunnel {
Tue Apr 28 11:42:35 2009 : Info: +- entering group authorize {...}
Tue Apr 28 11:42:35 2009 : Info: ++[mschap] returns noop
Tue Apr 28 11:42:35 2009 : Info: [suffix] No '@' in User-Name =
"alicebob", looking up realm NULL
Tue Apr 28 11:42:35 2009 : Info: [suffix] No such realm "NULL"
Tue Apr 28 11:42:35 2009 : Info: ++[suffix] returns noop
Tue Apr 28 11:42:35 2009 : Info: [eap] EAP packet type response id 15
length 11
Tue Apr 28 11:42:35 2009 : Info: [eap] No EAP Start, assuming it's an
on-going EAP conversation
Tue Apr 28 11:42:35 2009 : Info: ++[eap] returns updated
Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: Entering ldap_groupcmp()
Tue Apr 28 11:42:35 2009 : Info: [files]expand:
dc=companyname,dc=com -> dc=companyname,dc=com
Tue Apr 28 11:42:35 2009 : Info: [files] WARNING: Deprecated conditional
expansion ":-". See "man unlang" for details
Tue Apr 28 11:42:35 2009 : Info: [files]expand:
(uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=alicebob)
Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: performing search in
dc=companyname,dc=com, with filter (uid=alicebob)
Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Tue Apr 28 11:42:35 2009 : Info: [files]expand:
(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
->
(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=)))
Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: performing search in
dc=companyname,dc=com, with filter
(&(radiusGroupName=BANNED)(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=
Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: object not found or got
ambiguous search result
Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: performing search in
uid=alicebob,ou=people,dc=companyname,dc=com, with filter (objectclass=*)
Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap::groupcmp: Group BANNED not
found or user not a member
Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Tue Apr 28 11:42:35 2009 : Info: [files] users: Matched entry DEFAULT at
line 15
Tue Apr 28 11:42:35 2009 : Info: ++[files] returns ok
Tell me if you need more debug output...
Best regards,
Matt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
cange username in mysql auth
Hello and thank for all your work. Right now I'm try to use freeradius to validate access to our net throw a MAC auth. Our problem is that we have a inventory (in mysql) of printers with a field named MACADDR and we want check this field in order to grant access to the printers. How can we change the the sql query to check "MACADDR" instead of "username"? -- Por favor, NO utilice formatos de archivo propietarios para el intercambio de documentos, como DOC y XLS, sino HTML, RTF, TXT, CSV o cualquier otro que no obligue a utilizar un programa de un fabricante concreto para tratar la información contenida en él. SALUD. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mac-based authentification fail
Le Tuesday 28 April 2009 11:42:27 Ivan Kalik, vous avez écrit : > adius is under active development and > information on the Internet i Youre right. It works! I m so ... disapointed. Thanks a lot kalik. -- Service informatique IBGC CNRS 1 rue Camille Saint Saens 33077 BORDEAUX CEDEX Tel. +33 (0)5 56 99 90 04 Fax. +33 (0)5 56 99 90 59 http://www.ibgc.cnrs.fr - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mac-based authentification fail
> After one week search the web for a solution, i come to this maling list. That's a week wasted. Freeradius is under active development and information on the Internet is in most cases out of date. Like the instructions you followed. If only you followed examples in users file ... > I > have to set up a mac-based authentication system (pretty simple) with HP > procurve swtichs. I have see lot of tutorials, buy a book, download more, > but > it still don't work (access-request denied). > Because Auth-Type Local is breaking chap. Remove that. And change password attribute and operator to Cleartext-Password := like in all the examples in users file. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mac-based authentification fail
Hello gentlemen's,
After one week search the web for a solution, i come to this maling list. I
have to set up a mac-based authentication system (pretty simple) with HP
procurve swtichs. I have see lot of tutorials, buy a book, download more, but
it still don't work (access-request denied).
I hope somebody can look at my basic problem a few minute.
User is reconized (found at line X), but freeradius don't know how to
interprete the password (I think).
I have see that the CHAP-password attribute send by the client (HP Procurve
2800), is not the same heach time. Is it normal (I don't think). The switch
look like he is well configured (running-config in attachement).
In attachement, you will find initialisation of freeradius (radius_init), an
acces-request from the client (acces-request), the entry of my test user
(users), and the running config of the HP Procurve.
I hope somebody know this problem.
Kind regards
Sébastien Serre
--
Service informatique
IBGC CNRS
1 rue Camille Saint Saens
33077 BORDEAUX CEDEX
Tel. +33 (0)5 56 99 90 04
Fax. +33 (0)5 56 99 90 59
http://www.ibgc.cnrs.fr
000b5d29434fAuth-Type := Local , User-Password == "000b5d29434f"
Tunnel-type = VLAN,
Tunnel-Medium-Type = 802,
Tunnel-Private-Group-ID = 1
FreeRADIUS Version 2.0.4, for host i486-pc-linux-gnu, built on Sep 7 2008 at
23:35:34
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including configuration file /etc/freeradius/snmp.conf
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
including configuration file /etc/freeradius/sites-enabled/default
including dictionary file /etc/freeradius/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = "/var/run/freeradius/freeradius.pid"
user = "freerad"
group = "freerad"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
client 172.18.100.54 {
require_message_authenticator = no
secret = "bidibule"
shortname = "HP1"
}
radiusd: Loading Realms and Home Servers
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: Instantiating modules
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = yes
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: Loading Virtual Servers
server inner-tunnel {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating pap
pap {
encryption_scheme = "auto"
auto_header = yes
}
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked t
RE: Adding vendor specefic attributes
> Hi >Thanks for the response. I am using free RADIUS version 1.1.7.I just > require MAC authentication alone. Is anything wrong in the 'users' file > > NAS will support the VSA in this case. > Vendor has given the following details > Network Access Server Vendor- (Code for the specific vendor) > Vendor Assigned Attribute number-1 (for Input/Uplink) > 2 (for Output/Downlink) > Attribute format decimal > Attribute value-(Desired Input/Output bandwidth) > > How I can configure this attribte? > That info is, erm, less than helpful (to be polite). You should ask them the *name* of the attribute. It's going to be hard configuring it without the name. Who is the vendor? Look into dictionary.vendor_name and see what are the names of attributes 1 and 2. Then add them as reply items in users file entry with appropriate values. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
