freeradius upgrade help
I'm currently using freeradius version 1.1.6, planning to upgrdate to a stable version. Please suggest a version which is stable. My radius box running linux. Thanks in advance. Regards, Rams. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sql_mysql encoding issue
I am trying to setup freeradius using EAP-PEAP using a mysql backend. I seem to have most of it working, but one small issue. I have freeradius 2.1.5. This is my radcheck table: mysql> select * from radcheck; ++--+++-+ | id | username | attribute | op | value | ++--+++-+ | 1 | MACH01\testuser | Cleartext-Password | := | mysecret | ++--+++-+ However in the (radiusd -X) I am seeing the following: rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radchec k WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'MACH01=5Ctestuser' ORDER BY id 'MACH01\testuser' is changed to 'MACH01=5Ctestuser' and thus FR does not find it. If I change username to 'MACH01=5Ctestuser' in the radcheck table it seems to work. Is there a way to change the way rlm_sql_mysql does its encoding? So I can leave it as 'MACH01\testuser'. To save bandwidth I posted the full (radiusd -X) log at www.ehoeve.com/radius-debug.log I can provide more info as needed. TIA -Eric -- -=-=-=-=-=-=-=-=-=-=-=- Eric Hoeve Email: eric-free...@ehoeve.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Vendor Specified Attribute
Hello, Can I put one attribute in database like following 256Kbps Cisco-AVPair:= ip:sub-policy-Out=256Kbps 256Kbps Cisco-AVPair:= ip:sub-policy-In=256Kbps If not. How do I define bandwidth shape both in and out ? Sincerely, Tseveen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Looking for client configurations for dynamic client
Hi guys I'm running Debian lenny... in production server I have installed freeradius 1.x and in client.conf i have seted client 0.0.0.0/0 { secret = mySecret shortname = everyone } In Debian lenny is available freeradius 2.0.4 in this version that setting for client is not available. Some time ago Alan told me that use 2.0.5 version to this settings, I did try to build a .pkg to install in my server but never can done it, because i did have some errors and my knowledge are not enought. Well I want to know if some one can tell me how i can have clients that don't have static IP's if I don't allow access to every world, because nas database is loaded only at startup time. I think i can use dynDNS or something like that, so I can declare the host.name and not IP address, but I want to know if exists some way to handle this case. Ah the clientes can be added by it self with a register page. Any Idea? Thanks guys... - Fabián Omar Franzotti Resistencia - Chaco - Argentina Tel Arg.: 54-(372)-243-8710 / 54-(372)-257-0347 USA Phone: 1-(321)-284-3865 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: groupcmp fails during tunneled request
Ivan Kalik a écrit : >> I'm having an issue with the group check (ldap_groupcmp). >> >> Everything is fine until the request is tunnelled, and I can't find out >> why my user is rejected there >> It seems that he ends in this section during this phase: >> DEFAULT Ldap-Group == BANNED , Auth-Type := Reject >> Reply-Message = "Account disabled. Please call the helpdesk." >> >> > > No. That didn't match. > > >> Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap::groupcmp: Group BANNED not >> found or user not a member >> > > See. > > >> Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: >> 0 >> Tue Apr 28 11:42:35 2009 : Info: [files] users: Matched entry DEFAULT at >> line 15 >> > > But something else did. What is on line 15 in users file? > DEFAULT Auth-Type := Reject Reply-Message = "Please call the helpdesk." > >> Tell me if you need more debug output... >> > > We do. This doesn't show anything. Post the debug with whole inner tunnel > exchange. > > >> It was working perfectly before I introduced the group check using the >> huntgroups. >> >> > > Huntgroups? > > > Content of my huntgroup file. WIFINAS-Identifier == "accessPoint-Manager" Ldap-Group == wireless, Ldap-Group == wireless2, REM NAS-IP-Address == 10.44.12.2 Ldap-Group == REM Content of my user file: DEFAULT Framed-Protocol == PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP DEFAULT Hint == "CSLIP" Framed-Protocol = SLIP, Framed-Compression = Van-Jacobson-TCP-IP DEFAULT Hint == "SLIP" Framed-Protocol = SLIP DEFAULT Ldap-Group == BANNED , Auth-Type := Reject Reply-Message = "Account disabled. Please call the helpdesk." DEFAULT Huntgroup-Name == WIFI, Auth-Type = eap Fall-Through = no, DEFAULT Huntgroup-Name == REM, Auth-Type = ldap Fall-Through = no, DEFAULT Auth-Type := Reject Reply-Message = "Please call the helpdesk." Invalid operator for item NAS-Identifier: reverting to '==' ==> I have corrected this now Full Debug: rad_recv: Access-Request packet from host 10.0.0.2 port 32769, id=13, length=219 User-Name = "alicebob" Calling-Station-Id = "00-13-02-25-CF-40" Called-Station-Id = "00-1E-13-1C-87-00:WiFi-TEST" NAS-Port = 1 NAS-IP-Address = 192.168.225.8 NAS-Identifier = "accessPoint-Manager" Airespace-Wlan-Id = 2 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "502" EAP-Message = 0x0207002219001703010017d6d3387b7eed6b4b21f289092b99288904cc4970a60bfc State = 0x6416d65c6011cf1de638dad1d46f61b2 Message-Authenticator = 0x0b5692123f68b20d631e3b7b45b39069 +- entering group authorize {...} Invalid operator for item NAS-Identifier: reverting to '==' rlm_ldap: Entering ldap_groupcmp() [preprocess]expand: dc=companyname,dc=com -> dc=companyname,dc=com [preprocess] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [preprocess]expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=alicebob) rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=companyname,dc=com, with filter (uid=alicebob) rlm_ldap: ldap_release_conn: Release Id: 0 [preprocess]expand: (|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))) -> (|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=))) rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=companyname,dc=com, with filter (&(radiusGroupName=wireless)(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember= rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in uid=alicebob,ou=companystaff,dc=companyname,dc=com, with filter (objectclass=*) rlm_ldap::ldap_groupcmp: User found in group wireless rlm_ldap: ldap_release_conn: Release Id: 0 ++[preprocess] returns ok [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/10.0.0.2/auth-detail-20
Re: groupcmp fails during tunneled request
> I'm having an issue with the group check (ldap_groupcmp). > > Everything is fine until the request is tunnelled, and I can't find out > why my user is rejected there > It seems that he ends in this section during this phase: > DEFAULT Ldap-Group == BANNED , Auth-Type := Reject > Reply-Message = "Account disabled. Please call the helpdesk." > No. That didn't match. > Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap::groupcmp: Group BANNED not > found or user not a member See. > Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: > 0 > Tue Apr 28 11:42:35 2009 : Info: [files] users: Matched entry DEFAULT at > line 15 But something else did. What is on line 15 in users file? > Tell me if you need more debug output... We do. This doesn't show anything. Post the debug with whole inner tunnel exchange. > It was working perfectly before I introduced the group check using the > huntgroups. > Huntgroups? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cange username in mysql auth
Trujillo Carmona, Antonio wrote: > Hello and thank for all your work. > Right now I'm try to use freeradius to validate access to our net throw > a MAC auth. > Our problem is that we have a inventory (in mysql) of printers with a > field named MACADDR and we want check this field in order to grant > access to the printers. > How can we change the the sql query to check "MACADDR" instead of > "username"? Edit it. See the example configuration files for the default SQL queries. They can be changed. The default schema and queries are just defaults. You can change them to nearly anything you want. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problems with some libraires
Hi, I had similar problem ("radiusd: error while loading shared libraries: libfreeradius-radius-2.1.5.so") several times these days... just a few hours ago as well. Issuing a ldconfig on GNU / Linux after installation from source fixes the problem for me. Not source editing, version replacement etc needed. On 28.04.2009, at 03:55, Ernesto Cadiz wrote: Well I've changed the version problem with the libraries but when i run radius it appear this trouble: tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = "/usr/local/etc/raddb/certs/servored/ servored_cert.pem" certificate_file = "/usr/local/etc/raddb/certs/servored/ servored_cert.pem" CA_file = "/usr/local/etc/raddb/certs/servored/cacert.pem" private_key_password = "cisco" dh_file = "/usr/local/etc/raddb/certs/dh" random_file = "/usr/local/etc/raddb/certs/random" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" cache { enable = no lifetime = 24 max_entries = 255 } } rlm_eap: SSL error error:0906D06C:PEM routines:PEM_read_bio:no start line rlm_eap_tls: Error reading private key file /usr/local/etc/raddb/ certs/servored/servored_cert.pem rlm_eap: Failed to initialize type tls /usr/local/etc/raddb/eap.conf[17]: Instantiation failed for module "eap" /usr/local/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module "eap". /usr/local/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section. } i think this happens because i use a RSA key length on the certificate with 1024 bites and in the rsa_key_length line is equal to 512. i don't know if i have to change this line too and in which script i can find the line to change it. Thanks to all for the help Best Regards. Ernesto 2009/4/27 Ivan Kalik First do updatedb. Then see if locate can find this library. If it can, radius will probably run. If it doesn't - well, it's in the FAQ. Ivan Kalik Kalik Informatika ISP > OK, i try to find the script where is that part of the libraries but i > can't > find it..can anyone tell wich is the script?..thank for all > > 2009/4/24 > >> Hi, >> >> > *casa:/usr/local/etc/raddb# radiusd -X >> > radiusd: error while loading shared libraries: >> libfreeradius-radius-2.1.5.so: >> > cannot open shared object file: No such file or directory* >> >> with the current 2.1.4 release there is an identity crisis - please >> check the source code and replace the 2.1.5 with 2.1.4 and >> rebuilt/reinstall >> >> alan >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mac-based authentification fail
On 28/4/09 12:30, sserre wrote: Le Tuesday 28 April 2009 11:42:27 Ivan Kalik, vous avez écrit : adius is under active development and information on the Internet i Youre right. It works! I m so ... disapointed. Thanks a lot kalik. Loads of people seem to be asking for this, so i've hashed out a quick example in the wiki for FR v2. http://wiki.freeradius.org/Mac-Auth Thanks, Arran -- Arran Cudbard-Bell (a.cudbard-b...@sussex.ac.uk), Authentication, Authorisation and Accounting Officer, Infrastructure Services (IT Services), E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT DDI+FAX: +44 1273 873900 | INT: 3900 GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
groupcmp fails during tunneled request
Hello list, I'm having an issue with the group check (ldap_groupcmp). Everything is fine until the request is tunnelled, and I can't find out why my user is rejected there It seems that he ends in this section during this phase: DEFAULT Ldap-Group == BANNED , Auth-Type := Reject Reply-Message = "Account disabled. Please call the helpdesk." Even if he has the correct group in the LDAP. This was working on my test bed. The configuration seems to be the same, the only change is the NAS type ( I have tested that on HP switches, and now it's using a Cisco Wireless controller). It was working perfectly before I introduced the group check using the huntgroups. I'm using version 2.1.1 of freeradius on an Debian etch box. Here is the part of the debug where it fails. Sending tunneled request EAP-Message = 0x020f000b01676269676f74 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "alicebob" Calling-Station-Id = "00-13-02-25-FF-40" Called-Station-Id = "00-1E-13-1D-85-70:WiFi-TEST" NAS-Port = 1 NAS-IP-Address = 192.168.226.8 NAS-Identifier = "accessPoint-Manager" Airespace-Wlan-Id = 2 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "502" server inner-tunnel { Tue Apr 28 11:42:35 2009 : Info: +- entering group authorize {...} Tue Apr 28 11:42:35 2009 : Info: ++[mschap] returns noop Tue Apr 28 11:42:35 2009 : Info: [suffix] No '@' in User-Name = "alicebob", looking up realm NULL Tue Apr 28 11:42:35 2009 : Info: [suffix] No such realm "NULL" Tue Apr 28 11:42:35 2009 : Info: ++[suffix] returns noop Tue Apr 28 11:42:35 2009 : Info: [eap] EAP packet type response id 15 length 11 Tue Apr 28 11:42:35 2009 : Info: [eap] No EAP Start, assuming it's an on-going EAP conversation Tue Apr 28 11:42:35 2009 : Info: ++[eap] returns updated Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: Entering ldap_groupcmp() Tue Apr 28 11:42:35 2009 : Info: [files]expand: dc=companyname,dc=com -> dc=companyname,dc=com Tue Apr 28 11:42:35 2009 : Info: [files] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details Tue Apr 28 11:42:35 2009 : Info: [files]expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=alicebob) Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: performing search in dc=companyname,dc=com, with filter (uid=alicebob) Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Tue Apr 28 11:42:35 2009 : Info: [files]expand: (|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))) -> (|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=))) Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: performing search in dc=companyname,dc=com, with filter (&(radiusGroupName=BANNED)(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember= Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: object not found or got ambiguous search result Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: performing search in uid=alicebob,ou=people,dc=companyname,dc=com, with filter (objectclass=*) Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap::groupcmp: Group BANNED not found or user not a member Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Tue Apr 28 11:42:35 2009 : Info: [files] users: Matched entry DEFAULT at line 15 Tue Apr 28 11:42:35 2009 : Info: ++[files] returns ok Tell me if you need more debug output... Best regards, Matt - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
cange username in mysql auth
Hello and thank for all your work. Right now I'm try to use freeradius to validate access to our net throw a MAC auth. Our problem is that we have a inventory (in mysql) of printers with a field named MACADDR and we want check this field in order to grant access to the printers. How can we change the the sql query to check "MACADDR" instead of "username"? -- Por favor, NO utilice formatos de archivo propietarios para el intercambio de documentos, como DOC y XLS, sino HTML, RTF, TXT, CSV o cualquier otro que no obligue a utilizar un programa de un fabricante concreto para tratar la información contenida en él. SALUD. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mac-based authentification fail
Le Tuesday 28 April 2009 11:42:27 Ivan Kalik, vous avez écrit : > adius is under active development and > information on the Internet i Youre right. It works! I m so ... disapointed. Thanks a lot kalik. -- Service informatique IBGC CNRS 1 rue Camille Saint Saens 33077 BORDEAUX CEDEX Tel. +33 (0)5 56 99 90 04 Fax. +33 (0)5 56 99 90 59 http://www.ibgc.cnrs.fr - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mac-based authentification fail
> After one week search the web for a solution, i come to this maling list. That's a week wasted. Freeradius is under active development and information on the Internet is in most cases out of date. Like the instructions you followed. If only you followed examples in users file ... > I > have to set up a mac-based authentication system (pretty simple) with HP > procurve swtichs. I have see lot of tutorials, buy a book, download more, > but > it still don't work (access-request denied). > Because Auth-Type Local is breaking chap. Remove that. And change password attribute and operator to Cleartext-Password := like in all the examples in users file. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mac-based authentification fail
Hello gentlemen's, After one week search the web for a solution, i come to this maling list. I have to set up a mac-based authentication system (pretty simple) with HP procurve swtichs. I have see lot of tutorials, buy a book, download more, but it still don't work (access-request denied). I hope somebody can look at my basic problem a few minute. User is reconized (found at line X), but freeradius don't know how to interprete the password (I think). I have see that the CHAP-password attribute send by the client (HP Procurve 2800), is not the same heach time. Is it normal (I don't think). The switch look like he is well configured (running-config in attachement). In attachement, you will find initialisation of freeradius (radius_init), an acces-request from the client (acces-request), the entry of my test user (users), and the running config of the HP Procurve. I hope somebody know this problem. Kind regards Sébastien Serre -- Service informatique IBGC CNRS 1 rue Camille Saint Saens 33077 BORDEAUX CEDEX Tel. +33 (0)5 56 99 90 04 Fax. +33 (0)5 56 99 90 59 http://www.ibgc.cnrs.fr 000b5d29434fAuth-Type := Local , User-Password == "000b5d29434f" Tunnel-type = VLAN, Tunnel-Medium-Type = 802, Tunnel-Private-Group-ID = 1 FreeRADIUS Version 2.0.4, for host i486-pc-linux-gnu, built on Sep 7 2008 at 23:35:34 Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including configuration file /etc/freeradius/snmp.conf including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/inner-tunnel including configuration file /etc/freeradius/sites-enabled/default including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 allow_core_dumps = no pidfile = "/var/run/freeradius/freeradius.pid" user = "freerad" group = "freerad" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes security { max_attributes = 200 reject_delay = 1 status_server = yes } } client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" } client 172.18.100.54 { require_message_authenticator = no secret = "bidibule" shortname = "HP1" } radiusd: Loading Realms and Home Servers proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: Instantiating modules instantiate { Module: Linked to module rlm_exec Module: Instantiating exec exec { wait = yes input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating expr Module: Linked to module rlm_expiration Module: Instantiating expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: Loading Virtual Servers server inner-tunnel { modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating pap pap { encryption_scheme = "auto" auto_header = yes } Module: Linked to module rlm_chap Module: Instantiating chap Module: Linked t
RE: Adding vendor specefic attributes
> Hi >Thanks for the response. I am using free RADIUS version 1.1.7.I just > require MAC authentication alone. Is anything wrong in the 'users' file > > NAS will support the VSA in this case. > Vendor has given the following details > Network Access Server Vendor- (Code for the specific vendor) > Vendor Assigned Attribute number-1 (for Input/Uplink) > 2 (for Output/Downlink) > Attribute format decimal > Attribute value-(Desired Input/Output bandwidth) > > How I can configure this attribte? > That info is, erm, less than helpful (to be polite). You should ask them the *name* of the attribute. It's going to be hard configuring it without the name. Who is the vendor? Look into dictionary.vendor_name and see what are the names of attributes 1 and 2. Then add them as reply items in users file entry with appropriate values. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html