SSL_read failed in a system call (-1), TLS session fails
Hello all, We're running FreeRADIUS 1.1.3 with EAP/TTLS (openSSL 0.9.8d) on Red Hat 5.1. The server will come up and process clients for a few days, but, every now and then it begins denying all auth-requests with the following error: Error: rlm_eap: SSL error error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac Error: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. Auth: Login incorrect: [host/user/no User-Password attribute] A restart makes the server happy and it goes back to properly auth'ing clients. Thanks in advance! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem regular expressions in hints file
Sorry, but I don't understand. I need to add an attribute to the request Yes. The unlang documentation explains how to do that. It is truth, the unlang documentation explains how to do that very well :) Thanks for quoting the documentation. Did you think we didn't know about it? Sorry, I only wanted to justify why I put this in hints file. No. In the authorize section, before the files module. There are examples of this in the configuration files. OK, now it's fine. #/etc/freeradius/sites-available/default authorize { preprocess mschap suffix eap { ok = return } if (%{Realm} =~ /(temp\.)?domain\.es$/){ update control { Intentos-Reject = ... } } files ... } Thank you very mutch, Alan -- Ana Gallardo Gómez - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
regular expressions in proxy.conf
Hello, I'm using Debian and Freeradius 2.0.4-3. I want to use a regular expression in proxy.conf file to match any request that contain the word domain in the realm (suffix mode). ### /etc/freeradius/proxy.conf realm ~(domain)+ { # authhost = LOCAL # not strictly necessary # accthost = LOCAL # not strictly necessary } Then, in authorize section I have: ### /etc/freeradius/sites-available/default authorize { preprocess mschap suffix eap { ok = return } if (%{Realm} =~ /(temp\.)?domain\.es$/){ update control { Intentos-Reject = ... } } files switch %{Realm} { case temp.domain.es { sql } case domain.es { redundant { ldap2 ldap1 ldap3 } } case { update control { Auth-Type := Reject } } } expiration pap } And, in users file: ### /etc/freeradius/proxy.conf DEFAULT Intentos-Reject 10, Auth-Type := Reject Reply-Message = NUMERO DE INTENTOS FALLIDOS(%{Intentos-Reject}) EXCEDIDO PARA %{%{Stripped-User-Name}:-%{User-Name}} My problem is: the Realm that Freeradius add to the request is the regular expression... Here is my debug information: rad_recv: Access-Request packet from host 127.0.0.1 port 60112, id=208, length=68 User-Name = x...@domain.es User-Password = YYY NAS-IP-Address = 127.0.1.1 NAS-Port = 0 +- entering group authorize ++[preprocess] returns ok ++[mschap] returns noop rlm_realm: Looking up realm domain.es for User-Name = x...@domain.es rlm_realm: Found realm ~(domain)+ rlm_realm: Adding Stripped-User-Name = XXX rlm_realm: Adding Realm = ~(domain)+ rlm_realm: Authentication realm is LOCAL. ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++? if (%{Realm} =~ /(temp\.)?domain\.es$/) expand: %{Realm} - ~(domain)+ ? Evaluating (%{Realm} =~ /(temp\.)?domain\.es$/) - FALSE ++? if (%{Realm} =~ /(temp\.)?domain\.es$/) - FALSE ++[files] returns noop expand: %{Realm} - ~(domain)+ ++- entering switch %{Realm} +++- entering case [control] returns noop +++- case returns noop ++- switch %{Realm} returns noop I can resolve this adding this to proxy.conf: ### /etc/freeradius/proxy.conf realm domain.es { authhost = LOCAL # not strictly necessary accthost = LOCAL # not strictly necessary } realm temp.domain.es { authhost = LOCAL # not strictly necessary accthost = LOCAL # not strictly necessary } realm ~(domain)+ { authhost = LOCAL # not strictly necessary accthost = LOCAL # not strictly necessary } But I don't know if that is the best way to resolve my problem, so I would like to reinforce my decision. Thanks in advance and sorry for my english. -- Ana Gallardo Gómez - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Database Problem
Hello, I am using FreeRadius v 1.1.3 (lastest in the cenOS) and everything is going quite ok but I am not sure how to construct database tables to use for authorization (I am using MS SQL as a backend) I get the connection to database and can do queries against it so at this point it is standard ODBC connection that is working. I cannot choose the right attributes to put to the database for authentication to happened. I always get unknown attribute no matter if I use Cleartext-Password or Auth-Type. That are two that I found in various documentation on the web. Obviously authentication fails. I would really appriciate if you would be able to tell me how the simplest (user/password with nothing extra returned back) authentication can be done using database backend. Regards Paul - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Database Problem
I would really appriciate if you would be able to tell me how the simplest (user/password with nothing extra returned back) authentication can be done using database backend. Insert in radcheck table: username - username attribute - Cleartext-Password op - := value - cleartext password Ana Gallardo Gómez - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SSL_read failed in a system call (-1), TLS session fails
Guk Victor wrote: Hello all, We're running FreeRADIUS 1.1.3 with EAP/TTLS (openSSL 0.9.8d) on Red Hat 5.1. The server will come up and process clients for a few days, but, every now and then it begins denying all auth-requests with the following error: Error: rlm_eap: SSL error error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac Error: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. Auth: Login incorrect: [host/user/no User-Password attribute] A restart makes the server happy and it goes back to properly auth'ing clients. Upgrade to a more recent version. That error hasn't shown up in 2.x. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Filter Access-Challenge Attributes
Ben Wiechman wrote: Is the following stub for filtering Access-Challenge attributes from sites-available/default for future use? There are some typos that are fix in the git stable branch. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Database Problem
On Fri, 2009-10-30 at 12:34 +0100, Ana Gallardo wrote: I would really appriciate if you would be able to tell me how the simplest (user/password with nothing extra returned back) authentication can be done using database backend. Insert in radcheck table: username - username attribute - Cleartext-Password op - := value - cleartext password Unfortunatelly Cleartext-Password is not working in version 1.1.3 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: NotBefore, NotAfter or Date attributes fot temporary accounts
Daniele Albrizio wrote: Good. Do you know where can I find the syntax for the values of the Current-Time attribute? It's a date. Is the date format is the same as for Login-Time ? UUCP intervals? In that case I cannot specify (for example) the sole december month, right? In fact if I specify in sql a check as Current-Tyme = October 12 2009 13:00 the user gets rejected because the condition doesn't seem to match: So try it with unlang first. That offers more visibility into what's going on. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Database Problem
Insert in radcheck table: username - username attribute - Cleartext-Password op - := value - cleartext password Unfortunatelly Cleartext-Password is not working in version 1.1.3 Try with User-Password Ana Gallardo Gómez - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SSL_read failed in a system call (-1), TLS session fails
On 10/30/2009 07:34 AM, Alan DeKok wrote: Guk Victor wrote: Hello all, We're running FreeRADIUS 1.1.3 with EAP/TTLS (openSSL 0.9.8d) on Red Hat 5.1. The server will come up and process clients for a few days, but, every now and then it begins denying all auth-requests with the following error: Error: rlm_eap: SSL error error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac Error: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. Auth: Login incorrect: [host/user/no User-Password attribute] A restart makes the server happy and it goes back to properly auth'ing clients. Upgrade to a more recent version. That error hasn't shown up in 2.x. For information on how to upgrade to current 2.x versions on RHEL (CentOS) 5 see http://wiki.freeradius.org/Red_Hat_FAQ -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Asking to Ana Gallardo
Querida Ana: Un gusto compartir contigo un mailing list. Lamentablemente, no tengo la solucion a tu problema, se que seguramente esperas eso, lo siento :( Mas al contrario tengo una pregunta. Has instalado FreeRadius en Debian y ademas has creado un NAS (Netw. autentication server? ) Esto te servira para que, por ejemplo usuarios tuyos se autentiquen en el Radius y el NAS les de acceso a ciertos dispositivos? te pregunto esto porque yo necesito implementar algo asi, tengo una red LAN que se extiende por la ciudad y necesito brindar nombre de usuario y contraseña para gestionar no tanto el tiempo, sino el ancho de banda que se les provee y ademas poder dar de baja o reconectar su usuario. Nosotros usamos esto para brindar internet. Yo estoy intentando hacerlo en OpenBSD ya que tengo un manual que indica casi todos los servicios (DHCP; DNS... y varios otros,,, EXCEPTO FREE RADIUS! ) :( Me gustaria saber no el como lo instalaste en Debian, sino para que lo estas usando y si estas usando un NAS.,,, una base de datos. Gracias por tu respuesta. PD.- Sorry for my.. SPANISH xD -- = = = = = Carlos Diego Raffaelli A. MSN: carlosdiego...@hotmail.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: double realm problem
solved it now another way: authorize { auth_log suffix mschap eap { ok = return } if ( (%{User-Name} !~ /@/) || (%{User-Name} =~ /@.*@/)) { update reply { Reply-Message := FHSCommon: Wrong Username } reject } } maybe someone knows why the failed to find module... appears when using policy.conf kind regards -euro On Wed, Oct 28, 2009 at 9:31 AM, mr typo euroregist...@gmail.com wrote: when i put the validate_username direct after server eduroam { validate_username authorize { . i do not get an error. but it doesnt work. i am just trying around, i know that the validate_username doesnt make sense when NOT in the authorize section. so anyone has an idea redgarding the failed to find module... problem? thanks -euro On Tue, Oct 27, 2009 at 2:33 PM, Alan Buxey a.l.m.bu...@lboro.ac.ukwrote: Hi, /etc/raddb/sites-enabled/eduroam[9]: Failed to find module validate_username. /etc/raddb/sites-enabled/eduroam[2]: Errors parsing authorize section. hmm, interesting - this looks very much like a post i made here earlier this month where 3rd-party virtual servers dont seem to pick up details from main modules and include files - my case was that Autz-Type wasnt known if i called 'users' file in my virtual-server alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Database Problem
Thank you for help, I got it working. Can you tell me if there is tool that I can use to test mschap authentication rahter than use local radtest it can be linux or windows app. Thank you Paul On Fri, 2009-10-30 at 12:58 +0100, Ana Gallardo wrote: Insert in radcheck table: username - username attribute - Cleartext-Password op - := value - cleartext password Unfortunatelly Cleartext-Password is not working in version 1.1.3 Try with User-Password Ana Gallardo Gómez - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Database Problem
Can you tell me if there is tool that I can use to test mschap authentication rahter than use local radtest it can be linux or windows app. http://deployingradius.com/scripts/eapol_test/ Ana Gallardo Gómez - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Asking to Ana Gallardo
:( Me temo que esta lista no es para establecer comunicaciones privadas Creo que es más adecuado que realices una pregunta más específica dirigida a la lista. Un saludo. El 30 de octubre de 2009 13:20, C. Diego Raffaelli A. c.diegoraffae...@gmail.com escribió: Querida Ana: Un gusto compartir contigo un mailing list. Lamentablemente, no tengo la solucion a tu problema, se que seguramente esperas eso, lo siento :( Mas al contrario tengo una pregunta. Has instalado FreeRadius en Debian y ademas has creado un NAS (Netw. autentication server? ) Esto te servira para que, por ejemplo usuarios tuyos se autentiquen en el Radius y el NAS les de acceso a ciertos dispositivos? te pregunto esto porque yo necesito implementar algo asi, tengo una red LAN que se extiende por la ciudad y necesito brindar nombre de usuario y contraseña para gestionar no tanto el tiempo, sino el ancho de banda que se les provee y ademas poder dar de baja o reconectar su usuario. Nosotros usamos esto para brindar internet. Yo estoy intentando hacerlo en OpenBSD ya que tengo un manual que indica casi todos los servicios (DHCP; DNS... y varios otros,,, EXCEPTO FREE RADIUS! ) :( Me gustaria saber no el como lo instalaste en Debian, sino para que lo estas usando y si estas usando un NAS.,,, una base de datos. Gracias por tu respuesta. PD.- Sorry for my.. SPANISH xD -- = = = = = Carlos Diego Raffaelli A. MSN: carlosdiego...@hotmail.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Ana Gallardo Gómez - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Filter Access-Challenge Attributes
Thanks On Fri, Oct 30, 2009 at 6:42 AM, Alan DeKok al...@deployingradius.comwrote: Ben Wiechman wrote: Is the following stub for filtering Access-Challenge attributes from sites-available/default for future use? There are some typos that are fix in the git stable branch. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Database Problem
Or NTRadPing for Windows. On Fri, Oct 30, 2009 at 7:59 AM, Ana Gallardo ana.gallardo...@gmail.comwrote: Can you tell me if there is tool that I can use to test mschap authentication rahter than use local radtest it can be linux or windows app. http://deployingradius.com/scripts/eapol_test/ Ana Gallardo Gómez - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Hello. OpenBSD and Free Radius
I'm trying to install a Radius server into Open BSD for AAA for my lan users. Basically, i would like to offer username and password for each one of them. i hope to manage its bandwidth too. i have the instructions for DHCP server, Firewall, but radius. i only has encountered openbsd as pppoe client and i would like to give AAA for my users. And the problem is ...? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: isn´t registering FramedIpAdress (sometimes)!
Finally, i got the debug register: Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Accounting-Request packet from host XXX.XXX.236.1:59561, id=48, length=252 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1557370 NAS-Port-Type = Ethernet User-Name = t...@test.com Calling-Station-Id = 00:10:10:AD:F7:7B Called-Station-Id = PPPoE-Camping NAS-Port-Id = EoIP-Camping MS-CHAP-Domain = test.com Acct-Session-Id = 811025bf Framed-IP-Address = 192.168.101.249 Acct-Authentic = RADIUS Event-Timestamp = Oct 29 2009 18:33:36 AMST Acct-Session-Time = 95216 Acct-Input-Octets = 34048624 Acct-Input-Gigawords = 0 Acct-Input-Packets = 165487 Acct-Output-Octets = 190022963 Acct-Output-Gigawords = 0 Acct-Output-Packets = 214677 Acct-Status-Type = Stop Acct-Terminate-Cause = User-Request NAS-Identifier = lalala NAS-IP-Address = XXX.XXX.236.1 Acct-Delay-Time = 0 Mikrotik-Realm = test.com Processing the preacct section of radiusd.conf modcall: entering group preacct for request 399 modcall[preacct]: module preprocess returns noop for request 399 rlm_acct_unique: Hashing 'NAS-Port = 1557370,Client-IP-Address = XXX.XXX.236.1,NAS-IP-Address = XXX.XXX.236.1,Acct-Session-Id = 811025bf,User-Name = t...@test.com' rlm_acct_unique: Acct-Unique-Session-ID = 38a543632a983ade. modcall[preacct]: module acct_unique returns ok for request 399 rlm_realm: Looking up realm evo.net.br for User-Name = t...@test.com rlm_realm: No such realm test.com modcall[preacct]: module suffix returns noop for request 399 modcall: leaving group preacct (returns ok) for request 399 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 399 radius_xlat: 't...@test.com' rlm_sql (sql): sql_set_user escaped user -- 't...@test.com' radius_xlat: ' UPDATE radacct SET AcctStopTime = '2009-10-29 18:33:36', AcctSessionTime= '95216', AcctInputOctets= '0' 32 | '34048624', AcctOutputOctets = '0' 32 | '190022963', AcctTerminateCause = 'User-Request', AcctStopDelay = '0', ConnectInfo_stop = '' WHERE AcctSessionId = '811025bf' AND UserName = 't...@test.com' AND NASIPAddress = 'XXX.XXX.236.1'' rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): Released sql socket id: 2 modcall[accounting]: module sql returns ok for request 399 modcall[accounting]: module advertise returns ok for request 399 modcall: leaving group accounting (returns ok) for request 399 Sending Accounting-Response of id 48 to XXX.XXX.236.1 port 59561 Finished request 399 Radacct: |453321 | 811025bf | 7b21431a8e07e896 | t...@test.com | | XXX.XXX.236.1 | 1557829 | Ethernet| 2009-06-30 15:54:46 | 2009-10-29 18:33:36 | 95216 | RADIUS| | |34048624 |190022963 | PPPoE-Camping | 00:10:10:AD:F7:7B | User-Request | Framed-User | PPP| 0.0.0.0 | 0 | 0 | | Em 28/10/2009 09:31, t_rider t_ri...@bol.com.br escreveu: No, no problem with the pool. However, the pools are on Mikrotik, Radius just send a FramedPool. Iḿ trying to get the error with Radius -X, but it's difficult. When i get this information i'll post here. Thanks Em 27/10/2009 22:58, Marinko Tarlac mangi...@gmail.com escreveu: Maybe your IP pool in NAS config. is to small to accept all connection attempts ... t_rider wrote: Hello, It's my first time here and i'm trying to solve a big problem in my Radius server. Sometimes, and it's happening without reason, The RadAcct put 0.0.0.0 in FramedIpAdress field. I don't know why it's happening, i have others Radius servers with the same configuration, but this error occur just in this server. It's a 1.1.7 radius server. My clients are all Mikrotiks, with 3.13 version. Can anyone help me?? Thanks, Alexandre - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius in OpenBSD
Hi all. I would like to know if installing freeradius in any O.S., can be useful to AAA to LAN users. As a PPPOE authentication in a ADSL user, but int this case, there are no phone line, its only a LAN but extended by city, by Fibra Optica. (F.O.) Could i create accounts to authenticate my clients? Thanks in advance /// Hola a todos. Me gustaria saber si instalando Freeradius en cualquier S.O puede ser util para realizar AAA en usuarios de una LAN. Tal como una autenticacion de usuarios ADSL,pero en este caso no a traves de linea telefonica, es solo una red LAN extendida por la ciudad a traves de fibra optica. ¿Podria crear cuentas para autenticar mis clientes? Gracias de antemano -- = = = = = Carlos Diego Raffaelli A. MSN: carlosdiego...@hotmail.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: isn´t registering FramedIpAdress (someti mes)!
Finally, i got the debug register: Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Accounting-Request packet from host XXX.XXX.236.1:59561, id=48, length=252 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1557370 NAS-Port-Type = Ethernet User-Name = t...@test.com Calling-Station-Id = 00:10:10:AD:F7:7B Called-Station-Id = PPPoE-Camping NAS-Port-Id = EoIP-Camping MS-CHAP-Domain = test.com Acct-Session-Id = 811025bf Framed-IP-Address = 192.168.101.249 Acct-Authentic = RADIUS Event-Timestamp = Oct 29 2009 18:33:36 AMST Acct-Session-Time = 95216 Acct-Input-Octets = 34048624 Acct-Input-Gigawords = 0 Acct-Input-Packets = 165487 Acct-Output-Octets = 190022963 Acct-Output-Gigawords = 0 Acct-Output-Packets = 214677 Acct-Status-Type = Stop Acct-Terminate-Cause = User-Request NAS-Identifier = lalala NAS-IP-Address = XXX.XXX.236.1 Acct-Delay-Time = 0 Mikrotik-Realm = test.com Processing the preacct section of radiusd.conf modcall: entering group preacct for request 399 modcall[preacct]: module preprocess returns noop for request 399 rlm_acct_unique: Hashing 'NAS-Port = 1557370,Client-IP-Address = XXX.XXX.236.1,NAS-IP-Address = XXX.XXX.236.1,Acct-Session-Id = 811025bf,User-Name = t...@test.com' rlm_acct_unique: Acct-Unique-Session-ID = 38a543632a983ade. modcall[preacct]: module acct_unique returns ok for request 399 rlm_realm: Looking up realm evo.net.br for User-Name = t...@test.com rlm_realm: No such realm test.com modcall[preacct]: module suffix returns noop for request 399 modcall: leaving group preacct (returns ok) for request 399 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 399 radius_xlat: 't...@test.com' rlm_sql (sql): sql_set_user escaped user -- 't...@test.com' radius_xlat: ' UPDATE radacct SET AcctStopTime = '2009-10-29 18:33:36', AcctSessionTime= '95216', AcctInputOctets= '0' 32 | '34048624', AcctOutputOctets = '0' 32 | '190022963', AcctTerminateCause = 'User-Request', AcctStopDelay = '0', ConnectInfo_stop = '' WHERE AcctSessionId = '811025bf' AND UserName = 't...@test.com' AND NASIPAddress = 'XXX.XXX.236.1'' rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): Released sql socket id: 2 modcall[accounting]: module sql returns ok for request 399 modcall[accounting]: module advertise returns ok for request 399 modcall: leaving group accounting (returns ok) for request 399 Sending Accounting-Response of id 48 to XXX.XXX.236.1 port 59561 Finished request 399 Radacct: |453321 | 811025bf | 7b21431a8e07e896 | t...@test.com | | XXX.XXX.236.1 | 1557829 | Ethernet| 2009-06-30 15:54:46 | 2009-10-29 18:33:36 | 95216 | RADIUS| | |34048624 |190022963 | PPPoE-Camping | 00:10:10:AD:F7:7B | User-Request | Framed-User | PPP| 0.0.0.0 | 0 | 0 | | Now find the start record for that session and see what happened to the Framed-IP-Address there. Stop record doesn't update IP. Start and updates do. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius in OpenBSD
I would like to know if installing freeradius in any O.S., can be useful to AAA to LAN users. As a PPPOE authentication in a ADSL user, but int this case, there are no phone line, its only a LAN but extended by city, by Fibra Optica. (F.O.) Could i create accounts to authenticate my clients? Probably. Does your PPPoE server support radius? It probably does. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html