reset sql counter every 30 minute
Hi Is that possible to reset the sql counter every 30 minute? Basically, i need to get user free access of 20 minutes, after 20 minutes NAS will logout the user. And the user is allow to login again after 30 minute. Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius authentication problem.
Hello Friends,I have intalled RADIUS server on one machine which has fedora 10. I have installed freeradius-server-2.1.10 on it(server machine IP 10.150.110.42). I have one more machine with redhat linux on which i have installed pam_radius-1.3.17(client machine IP 10.150.113.4). I have done the follwoing configuration at both sides SERVER SIDE. users file "vijay" Auth-Type := Local, Cleartext-Password == "123qwe", NAS-IP-Address == "10.150.113.4" Reply-Message = "Hello, %u" clients.confclient 127.0.0.1 {secret = testing123shortname = localhostnastype = other}client 10.150.113.4/24 { secret = testing123 shortname = private-network-1} client 10.150.110.42/24 { secret = testing123 shortname = private-network-1} I have not changed anything in radiusd.conf. CLIENT SIDE/etc/pam.d/sshdauth sufficient pam_radius_auth.so /etc/raddb/server# server[:port] shared_secret timeout (s)127.0.0.1 testing123 110.150.110.42 testing123 3other-server other-secret 3 /etc/ssh/sshd_configUsePAM yes Above mentioned is my configuration. when i try to connect client with SSH it is not sending a request for authenticating user to RADIUS server. kindly let me know what else configuration i have to do, or if there are any mistakes in my configuration plz help to correcr it. Thank you. Regards, VIJAY S.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Python module/program
Is the python module catching all exceptions? You need to make sure you don't mask out the KeyboardInterrupt exception... otherwise, you may prevent Control-C from being passed up the stack. I'm not sure if that's your issue, but it sounds like it could be. It's considered a Python best practice to explicitly catch the exact exceptions that you know how to handle, and let exceptions that you're not going to handle directly trickle up. That is to say that you should never do something like: try: except: because you *will* end up masking things like KeyboardInterrupt. You should always do something like: try: except TheExceptionClass: HTH, - Terry On Wed, Jan 26, 2011 at 2:47 PM, McCann, Brian wrote: > Hi all. I've got freeradius working using a python library for auth, but > something interesting happened when I did. When I run "radius -X", and > press CRTL+C, it no longer exits. It just returns "Ready to process > requests.". The PID doesn't change, so it's not like its exiting and > restarting. > > I looked at http://wiki.freeradius.org/Rlm_perl (yes...I know...perl != > python, but as the python page doesn't say much, I'm going on the perl page > for a starting point) and it doesn't look like the script has to do anything > to handle exits. Does anyone know what I'm missing? > > Thanks, > --Brian > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Python module/program
Hi all. I've got freeradius working using a python library for auth, but something interesting happened when I did. When I run "radius -X", and press CRTL+C, it no longer exits. It just returns "Ready to process requests.". The PID doesn't change, so it's not like its exiting and restarting. I looked at http://wiki.freeradius.org/Rlm_perl (yes...I know...perl != python, but as the python page doesn't say much, I'm going on the perl page for a starting point) and it doesn't look like the script has to do anything to handle exits. Does anyone know what I'm missing? Thanks, --Brian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on Virtual Servers and inner-tunnel
Must have been a really old version of GW, I use GW here and it seems to thread fine but we are on the latest version. Thanks again.. Brett Littrell Network Manager MUSD CISSP, CCSP, CCVP, MCNE >>> On Wednesday, January 26, 2011 at 8:48 AM, in message >>> , Alexander Clouter >>> wrote: Brett Littrell wrote: > > PS: What is up with Garys email? or is it my threaded view? Gary's > email keeps popping up as a new email and not as a threaded response? > I guess corporate policy is to use a broken email client as well as an SMTP server that adds a 'legally-holds-no-water' disclaimer. The last mail client I saw doing this was Novell Groupwise Incase you did not know, if you look at the headers for the other emails here, you will see a 'References' line, that is what makes threading work...it's also the tell tell sign when folk hit 'Reply' rather than 'Compose' when they want to post a *new* thread to the mailing list. Now if you fix your email client for text/plain only... :) -- Alexander Clouter .sigmonster says: Serving coffee on aircraft causes turbulence. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on Virtual Servers and inner-tunnel
Brett Littrell wrote: > > PS: What is up with Garys email? or is it my threaded view? Gary's > email keeps popping up as a new email and not as a threaded response? > I guess corporate policy is to use a broken email client as well as an SMTP server that adds a 'legally-holds-no-water' disclaimer. The last mail client I saw doing this was Novell Groupwise Incase you did not know, if you look at the headers for the other emails here, you will see a 'References' line, that is what makes threading work...it's also the tell tell sign when folk hit 'Reply' rather than 'Compose' when they want to post a *new* thread to the mailing list. Now if you fix your email client for text/plain only... :) -- Alexander Clouter .sigmonster says: Serving coffee on aircraft causes turbulence. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on Virtual Servers and inner-tunnel
Hi All, You guys really explained it well, appreciate it. I really wanted to know to try and get an idea of how this works and figure out the best way to set this up and clarifying that really helped. And yes I did get Gary joking and I do not mind a little eldow in the ribs joking, just as long as he does not mind pay backs in other email..HeHe:) I do appreciate Alex popping is on my behalf as well, it is nice to see someone out there helping out the new guys. Anyway, I think I have enough info to do some damage, hopefully I won't spam the list with to many more questions:) FYI: You guys are great, and I think I speak for everyone new to freeradius that we appreciate your help. PS: What is up with Garys email? or is it my threaded view? Gary's email keeps popping up as a new email and not as a threaded response? Brett Littrell Network Manager MUSD CISSP, CCSP, CCVP, MCNE - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Trying to strip the Windows Domain name from a login
Brett Littrell wrote: > First you mention looking into the realm information, did that, it > is looking like that may not be to hard to do, if I am using the FR > server to access the LDAP server then I just need to set a realm of > ntdomain and auth=LOCAL, correct? Yes. > Then you go on to say strip the > domain at the LDAP lookup, well if I do it there wouldn't that fix the > problem regardless of changing the realm? I'm not sure what you mean by that. > You go on to explain that I > should do the LDAP lookup in the inner-tunnel config, I have no problem > with this, it makes sense, the problem I have is how do you specify the > inner tunnel in the configuration? Edit the inner-tunnel configuration file. >Remember, I am new to FreeRadius, been using Cisco ACS for a few > years now so I know about Radius in general, just not how to configure > FreeRadius and docs are a bit hard to come by. See the Wiki, and the comments in the configuration files. *Everything* is documented. But there are few "howtos" for specific situations. You've got to understand the pieces, and put the solution together yourself. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on Virtual Servers and inner-tunnel
Brett Littrell wrote: > Hope this is not to stupid of a question but I have been checking > out the inner-tunnel virtual server under sites-enabled. I read up a > little on virtual servers and it looks like the inner-tunnel virtual > server is just a regular old virtual server Yes. > yet in the comments is says > it specifically handles inner tunnel requests. So? Some families have two cars. One for each of two adults. > I went through the > default config for the inner-tunnel and did not see any commands that > were un-commented that seemed to specify that the server exclusively > dealt with inner-tunnel requests. It's *designed* work with inner-tunnel requests. But see the file in version 2.1.10: you can use it as a normal server for testing. > So my question is wether naming the > server inner-tunnel causes it to exclusively handle inner-tunnel > requests, in other word is inner-tunnel a hard coded name that has to be > used for handling inner-tunnel requests? See eap.conf. Look for "inner-tunnel" Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OT: email fail [was Re: Question on Virtual Servers and inner-tunnel]
Hmmm, build/use a different email system? Genius! Why didn't I think of that - Original Message - From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org To: freeradius-users@lists.freeradius.org Sent: Wed Jan 26 02:56:23 2011 Subject: OT: email fail [was Re: Question on Virtual Servers and inner-tunnel] Gary Gatten wrote: > > And I don't have control over what our half dozen email processors do > to my email after I send it. > You live in a country that prevents you using any other SMTP server other than the one allocated to you? Unable to get a freebie email address (Gborg) that comes with SMTP submission? Unable to run your own SMTP server and/or buy your own domain. That's a terrible place to live, let me know so I know never to visit. If that's not the case, learn to use a n...@waddell.com email address though you undoubtedly have. Cheers -- Alexander Clouter .sigmonster says: Everything ends badly. Otherwise it wouldn't end. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
OT: email fail [was Re: Question on Virtual Servers and inner-tunnel]
Gary Gatten wrote: > > And I don't have control over what our half dozen email processors do > to my email after I send it. > You live in a country that prevents you using any other SMTP server other than the one allocated to you? Unable to get a freebie email address (Gborg) that comes with SMTP submission? Unable to run your own SMTP server and/or buy your own domain. That's a terrible place to live, let me know so I know never to visit. If that's not the case, learn to use a n...@waddell.com email address though you undoubtedly have. Cheers -- Alexander Clouter .sigmonster says: Everything ends badly. Otherwise it wouldn't end. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on Virtual Servers and inner-tunnel
On 01/25/2011 11:18 PM, Brett Littrell wrote: with inner-tunnel requests. So my question is wether naming the server inner-tunnel causes it to exclusively handle inner-tunnel requests, in other word is inner-tunnel a hard coded name that has to be used for handling inner-tunnel requests? No. It is set in "eap.conf"; see the "virtual_server" option under the peap and ttls stanzas. You can also override (per-request) to use a different virtual server in the outer tunnel e.g. /etc/raddb/sites-available/default: authorize { ... if (EAP-Message) { if (...some lookup...) { update control { # this directs the inner tunnel from this EAP # session to the named virtual server Virtual-Server := "somedifferentthing" } } } ... } Something that might not be obvious also - the virtual server name actually comes from the: server NAME { authorize { .. } } ..."NAME" option on the server{} block. By convention and to avoid confusion the filename in /etc/raddb/sites-{available,enabled} is the same, but it doesn't need to be (and in fact doesn't need to be in a separate file) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html