Re: Simultaneous-Use Checking with FreeRadius + MYSQL
Erik wrote: wouldn't you at least see checkrad initiate in the freeradius -X debug if I set the NAS type to cisco? I was just trying to get it to initiate, not expecting it to work. In the debug, it doesn't even come up. I've read in prior posts where you said that checkrad should initiate regardless if the radutmp or mysql modules were used. Are you looking for additional problems, or are you trying to solve the original issue? Fix one thing at a time. There's a good reason checkrad isn't run. The reason is documented. Reflash the NAS so that it has a firmware which supports this feature. which feature(s)? RADIUS accounting, SNMP, finger, or rusers? Your guidance here would really help so I can make sure I acquire appropriate NAS' in the future. Buy a NAS which costs more than $50. You get what you pay for. The NAS should support SNMP. Generally, is there any way to get simultaneous-use to work if a given NAS doesn't send accounting packets to the radius server? 3rd party software? I already gave you my opinion. Do you think asking again will change it? Do you think I was lying to you the first time? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: newbie and realms
Am 08.11.2011 11:48, schrieb Alan DeKok: walter harms wrote: Is seems that i dont understand the concept of realms. largely... if you don't know what realms are, you don't need to use them. Realms are just domain names. They are a simple way to group users together, without configuring lists of users on the server. no my idea, Can someone point me to a documentation that explains how to setup that realms ? raddb/proxy.conf That is the *only* place to configure realms, and it is well documented. i found: http://linux.die.net/man/5/rlm_realm http://wiki.freeradius.org/Proxy but i do not find the point where to place the name of the realm. re, wh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: newbie and realms
walter harms wrote: Can someone point me to a documentation that explains how to setup that realms ? raddb/proxy.conf That is the *only* place to configure realms, and it is well documented. i found: http://linux.die.net/man/5/rlm_realm http://wiki.freeradius.org/Proxy I told you to read a file that is shipped with the server, and you looked somewhere else. Why? but i do not find the point where to place the name of the realm. I'm not surprised. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: newbie and realms
On Wed, Nov 9, 2011 at 6:42 PM, walter harms wha...@bfs.de wrote: Can someone point me to a documentation that explains how to setup that realms ? raddb/proxy.conf That is the *only* place to configure realms, and it is well documented. i found: http://linux.die.net/man/5/rlm_realm http://wiki.freeradius.org/Proxy but i do not find the point where to place the name of the realm. Did you read http://wiki.freeradius.org/Proxy.conf (or proxy.conf that came with the default installation)? Like Alan said, if you don't know what realms are, you don't need to use them. If you DO need them, basically you just need to figure out what you want to do with them; for example: - AAA for users @domain-A.com will be proxied to server-a.com - users @domain-B.com will be processed locally using virtual server virtual-B - users @domain-C.com will be processed by the default server. After that, everything in proxy.conf should be self-explanatory. Regarding the names, a realm name usually matches whatever is included in user-name; e.g. if user-name is us...@domain-a.com, then you need to define a realm called domain-A.com on proxy.conf (see examples for realm example.com and realm virtual.example.com). However there are cases where freeradius realm names does not need to match what's in user-name, that is if: - you manually set Proxy-To-Realm control attribute, or - you use wildcard (see last example on proxy.conf). If you still have no idea what I'm talking about, then better describe what you need. Perhaps you don't need realms at all. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Simultaneous-Use For Group Using Unlang
Hi, I was able to implement simultaneous-use checking for a group using exec-program-wait attribute. So a user logging in which belongs to the group will be checked against that attribute. It is working but I worry that with too many connections coming from this group of users, it will exhaust the MySQL connection. Because the program used in exec-program-wait opens new connection to MySQL everytime. And even when the program closes the MySQL connection, the port for the connection will not be freed up immediately. It takes sometimes before the port is released. It stays in the close_wait status for sometime. I'd like to implement this using unlang but not sure where to start. The part that I am having difficulty is on where to create the procedure and how to call the procedure. The rest of the things like the DB query I can reuse from the existing program. I want to implement this using unlang to avoid having to open a new MySQL connection. Any example, I can follow? Thanks a lot! Det - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: newbie and realms
Am 09.11.2011 13:42, schrieb Fajar A. Nugraha: On Wed, Nov 9, 2011 at 6:42 PM, walter harms wha...@bfs.de wrote: Can someone point me to a documentation that explains how to setup that realms ? raddb/proxy.conf That is the *only* place to configure realms, and it is well documented. i found: http://linux.die.net/man/5/rlm_realm http://wiki.freeradius.org/Proxy but i do not find the point where to place the name of the realm. Did you read http://wiki.freeradius.org/Proxy.conf (or proxy.conf that came with the default installation)? Like Alan said, if you don't know what realms are, you don't need to use them. If you DO need them, basically you just need to figure out what you want to do with them; for example: - AAA for users @domain-A.com will be proxied to server-a.com - users @domain-B.com will be processed locally using virtual server virtual-B - users @domain-C.com will be processed by the default server. After that, everything in proxy.conf should be self-explanatory. Regarding the names, a realm name usually matches whatever is included in user-name; e.g. if user-name is us...@domain-a.com, then you need to define a realm called domain-A.com on proxy.conf (see examples for realm example.com and realm virtual.example.com). However there are cases where freeradius realm names does not need to match what's in user-name, that is if: - you manually set Proxy-To-Realm control attribute, or - you use wildcard (see last example on proxy.conf). If you still have no idea what I'm talking about, then better describe what you need. Perhaps you don't need realms at all. mmh, i am starting to understand, i was expecting something different therefore i did not realize what i have found. use case: my task is to setup a radiusd for 6 realms (Again not my idea). all realms should be equal and will be used for m2m only. so dropping everything outside these realms would be ok. the number of users will be very limited. I did not expect that this would be anything complicated. re, wh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simultaneous-Use For Group Using Unlang
det.explo...@yahoo.com wrote:
I'd like to implement this using unlang but not sure where to start. The part
that I am having difficulty is on where to create the procedure and how to
call the procedure. The rest of the things like the DB query I can reuse from
the existing program. I want to implement this using unlang to avoid having
to open a new MySQL connection.
Any example, I can follow?
The SQL module supports string expansion. The input strings are just
SQL statements. The output is just a one-line string containing the
result of the SQL query.
This means you can call SQL procedures directly from unlang:
if (%{sql: call procedure with args} 2) {
... more than 2 people logged in ..
}
Very simple!
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: newbie and realms
walter harms wrote: mmh, i am starting to understand, i was expecting something different therefore i did not realize what i have found. Asking good questions helps. How do I set up realms gets answered by read the realm documentation. If you want something else, ask a better question. use case: my task is to setup a radiusd for 6 realms (Again not my idea). all realms should be equal and will be used for m2m only. That doesn't make any sense. What do you mean by realms should be equal? What is m2m? so dropping everything outside these realms would be ok. the number of users will be very limited. I did not expect that this would be anything complicated. Of course it's complicated. You haven't defined what you want to do. You're using pre-existing terms (realms), but are using them wrong. Describe what you want to do *accurately*. Refer to attributes. Give examples. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Removing domain prefix from login
I'm authenticating users in RADIUS against LDAP, if I login from computer with 802.1x configured and users and password taken from domain automatic. Im getting wrong authenticated because the login has the following chain. DOMAIN\\Users How can i avoid that radius read the prefix? I've tried to introduce the option prefix in /etc/sites-enable/default , but its getting me back errors because of wrong way to introduce that line. Can any help me? Thanks very much - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius sql quastione
Hi, our freeradius is working with our softswitch perfect. All my columns in radacct are populating. Now I have set freeswitch and I also got it work with freeradius. This are two different softswitchs and I would like that bouth will populate same base. Problem appears as freeswitch is sending different attributes, so I make differences in dialup.conf (than the other softswitch will not populate right radacct table). Can I populate same base? But how to configure dialup.conf than? How can I set up in on radius to different base with to different dialup.conf (I must edit this file due to different attribute representation). Below you will find freeswitch attributes: rad_recv: Accounting-Request packet from host xxx.xxx.xxx.xxx port 33534, id=134, length=402 Acct-Status-Type = Stop Acct-Session-Id = 1d83c61f-3167-4c15-9da3-871cd76f3d7c Freeswitch-Hangupcause = Normal-Clearing User-Name = 018108500 Freeswitch-Src = 018108500 Freeswitch-CLID = 018108500 Freeswitch-Dst = 051357952 Freeswitch-Dialplan = XML Framed-IP-Address = xxx.xxx.xxx.xxx Freeswitch-Context = default Freeswitch-Ani = 018108500 Freeswitch-Source = mod_sofia Freeswitch-Lastapp = bridge Freeswitch-Billusec = 2427061 Freeswitch-Callstartdate = 2011-11-09T14:30:45.095287+0100 Freeswitch-Callanswerdate = 2011-11-09T14:30:52.965479+0100 Freeswitch-Callenddate = 2011-11-09T14:30:55.392540+0100 Acct-Session-Time = 2 Freeswitch-Signalbond = inbound NAS-Port = 0 Acct-Delay-Time = 0 NAS-IP-Address = xxx.xxx.xxx.xxx # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default P.s.: I am getting all inputs in radacct table duplicate. Can you help me out how can I deal with this issue? I have put radius log on http://pastebin.freeswitch.org/17730 BR, Miha - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: newbie and realms
Hi, mmh, i am starting to understand, i was expecting something different therefore i did not realize what i have found. ...i think there is still a fundamental mix of terminology use case: my task is to setup a radiusd for 6 realms (Again not my idea). all realms should be equal and will be used for m2m only. so dropping everything outside these realms would be ok. the number of users will be very limited. I did not expect that this would be anything complicated. ...which means what exactly? are you going to have users in the form of us...@realma.org us...@companyb.com ? those are realms.. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simultaneous-Use Checking with FreeRadius + MYSQL
Are you looking for additional problems, or are you trying to solve the original issue? I'm trying to understand exactly what's happening was wondering why checkrad wasn't being called. If I get a NAS which does SNMP, for example, I wanted to know that checkrad would work in a predictable fashion. Fix one thing at a time. There's a good reason checkrad isn't run. The reason is documented. Could you maybe point me to the document? I've read through alot of them including http://freeradius.org/radiusd/doc/Simultaneous-Use. Remember, I've set the NAS to cisco but checkrad still isn't being triggered. I'll quote some of your previous posts: ADK: If you've configured Simultaneous-Use, then there should be *something* about checkrad in the output. I don't see anything relating to checkrad in the debug output. ADK: Checkrad is called because the server may not have received accounting data. My accounting table is empty, hence nothing is received, yet checkrad is not being called (at least there's nothing in the debug). Buy a NAS which costs more than $50. You get what you pay for. The NAS should support SNMP. So I take it you're saying get a NAS with RADIUS accounting, if possible - if not, get one which is SNMP enabled. I already gave you my opinion. Do you think asking again will change it? Do you think I was lying to you the first time? You gave me your opinion, and I was wondering if someone else may have a different one (like the guy using exec-program-wait) - I suppose I should have made it clear I wasn't asking you the same question again. thanks, Erik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap+freeradius
I searched throught the threads and found this thread exactly matching to my error I am getting. I am getting following error while debugging freeradius for using LDAP: /usr/local/etc/raddb/modules/ldap[29]: Failed to link to module 'rlm_ldap': file not found /usr/local/etc/raddb/sites-enabled/inner-tunnel[237]: Failed to load module ldap. /usr/local/etc/raddb/sites-enabled/inner-tunnel[237]: Failed to parse ldap entry. David, How did you solve this problem? I don't know what to do... Your suggestions would be greately appreciated. Thanks, -- View this message in context: http://freeradius.1045715.n5.nabble.com/ldap-freeradius-tp2781398p4978124.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simultaneous-Use Checking with FreeRadius + MYSQL
Erik wrote: I'm trying to understand exactly what's happening was wondering why checkrad wasn't being called. If I get a NAS which does SNMP, for example, I wanted to know that checkrad would work in a predictable fashion. It does. It works. See man checkrad. I'll quote some of your previous posts: ADK: If you've configured Simultaneous-Use, then there should be *something* about checkrad in the output. I don't see anything relating to checkrad in the debug output. For the reasons outlined in man checkrad. ADK: Checkrad is called because the server may not have received accounting data. Since you haven't given the *context* for that comment, I have no idea what it means. My accounting table is empty, hence nothing is received, yet checkrad is not being called (at least there's nothing in the debug). Checkrad is called to double-check duplicate logins. So I take it you're saying get a NAS with RADIUS accounting, if possible - if not, get one which is SNMP enabled. That's what I thought I said. You gave me your opinion, and I was wondering if someone else may have a different one (like the guy using exec-program-wait) - I suppose I should have made it clear I wasn't asking you the same question again. The guy using exec-program-wait for Simultaneous-Use was doing something different. That was clear from his post. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap+freeradius
suggestme wrote: I searched throught the threads and found this thread exactly matching to my error I am getting. I am getting following error while debugging freeradius for using LDAP: /usr/local/etc/raddb/modules/ldap[29]: Failed to link to module 'rlm_ldap': file not found And the answer is the same as last time: read the FAQ. Look for failed to load module Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simultaneous-Use Checking with FreeRadius + MYSQL
It does. It works. See man checkrad. Checkrad is called to double-check duplicate logins. Thank you, I understand now. The guy using exec-program-wait for Simultaneous-Use was doing something different. That was clear from his post. Not to me - this is a new world for me I'm doing my best to understand. In any case, you've helped me understand further, so thanks for taking the time to respond. Erik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap+freeradius
Alan, I tried the 3 steps that is suggested in FAQ, that isn't working. Also, As suggested in 3rd (b) step; I found the 'radiusd.conf' file inside /usr/local/etc/raddb/radiusd.conf. Inside radiusd.conf file it is suggesting to do : To work around the problem, find out which library contains that symbol, # and add the directory containing that library to the end of 'libdir', # with a colon separating the directory names. NO spaces are allowed. # # e.g. libdir = /usr/local/lib:/opt/package/lib Does this mean I should add libdir for rlm_ldap just below the '/usr/local/share/doc/freeradius/rlm_ldap' line of radiusd.conf as follows: *libdir = /usr/local/share/doc/freeradius/rlm_ldap* When doing locate rlm_ldap command I just see rlm_ldap path as */usr/local/share/doc/freeradius/rlm_ldap* I am confused on this. Thanks, -- View this message in context: http://freeradius.1045715.n5.nabble.com/ldap-freeradius-tp2781398p4978260.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius sql quastione
Miha Zoubek wrote: our freeradius is working with our softswitch perfect. All my columns in radacct are populating. That's good. Now I have set freeswitch and I also got it work with freeradius. This are two different softswitchs and I would like that bouth will populate same base. Problem appears as freeswitch is sending different attributes, so I make differences in dialup.conf (than the other softswitch will not populate right radacct table). This is why the SQL queries are editable. You can edit them to say use attribute X, if it doesn't exist, use attribute Y. See man unlang for the syntax. Can I populate same base? But how to configure dialup.conf than? How can I set up in on radius to different base with to different dialup.conf (I must edit this file due to different attribute representation). Edit dialup.conf. Below you will find freeswitch attributes: Ok... which freeswitch attributes do you want to use? Which SQL column do they map to? Write that down. Then, edit the SQL queries as described above. P.s.: I am getting all inputs in radacct table duplicate. Can you help me out how can I deal with this issue? Your NAS is sending duplicate accounting packets. That's really how RADIUS works. You will need to figure out why the entries are duplicate (they're probably *not* duplicate), and figure out what fields make up the same session. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap+freeradius
suggestme wrote: I tried the 3 steps that is suggested in FAQ, that isn't working. The steps in the FAQ assume that you built the server yourself from source. Did you? They also assume (step 1), that you read the output. That will tell you whether or not the required LDAP libraries and header files are on your system. Saying it didn't work is the wrong response. Saying there are no libraries is a better response. Saying there are libraries, but for some reason rlm_ldap isn't being built is an even better response. Does this mean I should add libdir for rlm_ldap just below the '/usr/local/share/doc/freeradius/rlm_ldap' line of radiusd.conf as follows: That was a good search to do, but that file is documentation. It's not a library module. So editing libdir to point to documentation won't help. When doing locate rlm_ldap command I just see rlm_ldap path as */usr/local/share/doc/freeradius/rlm_ldap* Which then means you don't have the rlm_ldap.so module on your system. This means you failed to follow (or understand) step 1 as suggested in the FAQ. If you installed the server from source, ensure that you have the necessary LDAP libraries and headers installed. The list of what is needed is printed during the configure stage. If you installed the server from a package (rpm, apt-get, etc.), consult your local OS documentation for how to find the rlm_ldap package. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius Over a NAT
The aps are over a private network(NAT) and the Radius server is on a public network(it have a true ip). I retrived the log file but it did not show me anything usefull. Any ideias of what i must do? On Tue, Nov 8, 2011 at 3:16 PM, Tim Sylvester tim.sylves...@networkradius.com wrote: My APs are all over a NAT and the radius server is outside this nat. How i configure the clients.conf to acept the conections from the APs? It depends. If the NAT device statically maps the AP's IP address to a dedicated NATed IP address, then you can add the Aps NATed IP addresses to clients.conf. If the NAT device dynamically assigns a NATed IP address to the AP and/or shares NATed IP addresses with multiple APs, then you have a problem. Tim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Não se VAI à Igreja. Se É Igrejahttp://www.youtube.com/watch?v=ifnJtkAnBq4 . - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: newbie and realms
Am 09.11.2011 15:00, schrieb Alan DeKok: walter harms wrote: mmh, i am starting to understand, i was expecting something different therefore i did not realize what i have found. Asking good questions helps. How do I set up realms gets answered by read the realm documentation. If you want something else, ask a better question. use case: my task is to setup a radiusd for 6 realms (Again not my idea). all realms should be equal and will be used for m2m only. That doesn't make any sense. What do you mean by realms should be equal? What is m2m? equal = the realms will differ in names only, not in configuration m2m = machine to machine - no user interaction so dropping everything outside these realms would be ok. the number of users will be very limited. I did not expect that this would be anything complicated. Of course it's complicated. You haven't defined what you want to do. You're using pre-existing terms (realms), but are using them wrong. Describe what you want to do *accurately*. Refer to attributes. Give examples. Our dial-ins (now no radiusd) are moved to a 3.party and they told me setup a radiusd with 6 realms. I guess the machines will get usernames, perhaps very box the same. the realm will simple reflect the region they are calling from. hope that helps, re, wh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Access-Challenge with FreeRadius
Hello, I am a new user of FreeRadius (on windows) I have the same question as this post: How to configure freeRADIUS server so it replies with a PAP access-challenge message on access-request from a client? http://freeradius.1045715.n5.nabble.com/Help-me-with-Access-Challenge-configuration-td4296727.html Any help is greatly appreciated! Thanks in advance Best Regards, Zhuoming (zhuoming.hu...@gmail.com) -- View this message in context: http://freeradius.1045715.n5.nabble.com/Access-Challenge-with-FreeRadius-tp4978370p4978370.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Challenge with FreeRadius
well i am working with a linux as server and don't have acess to the debug mod if i get anything I will tell to you On Wed, Nov 9, 2011 at 3:03 PM, hughdavid hughdavid1...@yahoo.fr wrote: Hello, I am a new user of FreeRadius (on windows) I have the same question as this post: How to configure freeRADIUS server so it replies with a PAP access-challenge message on access-request from a client? http://freeradius.1045715.n5.nabble.com/Help-me-with-Access-Challenge-configuration-td4296727.html Any help is greatly appreciated! Thanks in advance Best Regards, Zhuoming (zhuoming.hu...@gmail.com) -- View this message in context: http://freeradius.1045715.n5.nabble.com/Access-Challenge-with-FreeRadius-tp4978370p4978370.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Não se VAI à Igreja. Se É Igrejahttp://www.youtube.com/watch?v=ifnJtkAnBq4 . - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Challenge with FreeRadius
The thread link posted has already git several answers in it...and ends quite clearly. Why are you trying to drag this up again? Some coursework? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap+freeradius
Alan,
The LDAP server was already configred in other machine by System
Administrator. I am trying to link FreeRadius to that existing and already
running LDAP server and authenticate the users using already configured
attribute. I didn't download LDAP on this machine where FreeRadius is
running. I made the LDAP option on during the FreeRadius installation
like:
== The following configuration options are available for
freeradius-2.1.10_2:
USER=on Run as user freeradius, group freeradius
KERBEROS=on With Kerberos support
HEIMDAL=off With Heimdal Kerberos support
LDAP=on With LDAP database support
MYSQL=on With MySQL database support
PGSQL=on With PostgreSQL database support
UNIXODBC=on With unixODBC database support
FIREBIRD=on With Firebird database support (EXPERIMENTAL)
PERL=on With Perl support
PYTHON=on With Python support
OCI8=on With Oracle support (currently experimental)
RUBY=on With Ruby support (EXPERIMENTAL)
DHCP=on With DHCP support (EXPERIMENTAL)
EXPERIMENTAL=on Build experimental modules
UDPFROMTO=on Compile in UDPFROMTO support
=== Use 'make config' to modify these settings
*The scenario is LDAP is already running in one server and Freeradius is
running in another server. I just changed the configuration settings on
freeBSD server where FreeRadius is running as:*
*/usr/local/etc/raddb/modules/ldap :*
ldap {
# Define the LDAP server and the base domain name
server = localhost
basedn = dc=example,dc=com
# Define which attribute from an LDAP ldapsearch query
# is the password. Create a filter to extract the password
# from the ldapsearch output
password_attribute = userPassword
filter = (uid=%{Stripped-User-Name:-%{User-Name}})
# The following are RADIUS defaults
start_tls = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
}
*/usr/local/etc/raddb/sites-enabled/default :*
authorize {
...
...
#
# The ldap module will set Auth-Type to LDAP if it has not
# already been set
Ldap
...
...
}
Auth-Type LDAP {
ldap
}
Also, same type of modifications has been done on :
*/usr/local/etc/raddb/sites-enabled/inner-tunnel*
Also, change has been made to users file adding LDAP user authentication.
Thanks for the suggestions...
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/ldap-freeradius-tp2781398p4978695.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap+freeradius
On 11/09/2011 01:40 PM, suggestme wrote: The LDAP server was already configred in other machine by System Administrator. I am trying to link FreeRadius to that existing and already running LDAP server and authenticate the users using already configured attribute. I didn't download LDAP on this machine where FreeRadius is running. I made the LDAP option on during the FreeRadius installation Sigh. You're using the wrong terminology. Link has a very specific meaning in the context of shared objects (e.g. .so files). What the message was trying to tell you was the dynamic loader could not load the rlm_ldap module (a shared object). That might be because rlm_ldap.so isn't on your system or your loader has not be made aware of it's existence (e.g. ldconfig on Linux). You would be connecting to the ldap server on the other system, not linking it. Really, you need to read the FAQ and learn to use the correct vocabulary, anything less and you'll be flailing hopelessly and frustrating those who are trying to help you. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap+freeradius
Alan,
*Sorry for the confusion I made. I have put the name of LDAP server
accordingly , not the localhost. Just for privacy I didn't put here.*
Here is the output of radiusd -X command:
# radiusd -X
FreeRADIUS Version 2.1.10, for host i386-portbld-freebsd8.2, built on Oct 21
2011 at 11:26:0 7
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/proxy.conf
including configuration file /usr/local/etc/raddb/clients.conf
including files in directory /usr/local/etc/raddb/modules/
including configuration file /usr/local/etc/raddb/modules/wimax
including configuration file /usr/local/etc/raddb/modules/always
including configuration file /usr/local/etc/raddb/modules/attr_filter
including configuration file /usr/local/etc/raddb/modules/attr_rewrite
including configuration file /usr/local/etc/raddb/modules/chap
including configuration file /usr/local/etc/raddb/modules/checkval
including configuration file /usr/local/etc/raddb/modules/counter
including configuration file /usr/local/etc/raddb/modules/cui
including configuration file /usr/local/etc/raddb/modules/detail
including configuration file /usr/local/etc/raddb/modules/detail.example.com
including configuration file /usr/local/etc/raddb/modules/detail.log
including configuration file /usr/local/etc/raddb/modules/digest
including configuration file /usr/local/etc/raddb/modules/dynamic_clients
including configuration file /usr/local/etc/raddb/modules/echo
including configuration file /usr/local/etc/raddb/modules/etc_group
including configuration file /usr/local/etc/raddb/modules/exec
including configuration file /usr/local/etc/raddb/modules/expiration
including configuration file /usr/local/etc/raddb/modules/expr
including configuration file /usr/local/etc/raddb/modules/files
including configuration file /usr/local/etc/raddb/modules/inner-eap
including configuration file /usr/local/etc/raddb/modules/ippool
including configuration file /usr/local/etc/raddb/modules/krb5
including configuration file /usr/local/etc/raddb/modules/ldap
including configuration file /usr/local/etc/raddb/modules/linelog
including configuration file /usr/local/etc/raddb/modules/logintime
including configuration file /usr/local/etc/raddb/modules/otp
including configuration file /usr/local/etc/raddb/modules/mac2ip
including configuration file /usr/local/etc/raddb/modules/mschap
including configuration file /usr/local/etc/raddb/modules/mac2vlan
including configuration file /usr/local/etc/raddb/modules/ntlm_auth
including configuration file /usr/local/etc/raddb/modules/opendirectory
including configuration file /usr/local/etc/raddb/modules/pam
including configuration file /usr/local/etc/raddb/modules/pap
including configuration file /usr/local/etc/raddb/modules/passwd
including configuration file /usr/local/etc/raddb/modules/perl
including configuration file /usr/local/etc/raddb/modules/policy
including configuration file /usr/local/etc/raddb/modules/preprocess
including configuration file /usr/local/etc/raddb/modules/radutmp
including configuration file /usr/local/etc/raddb/modules/realm
including configuration file /usr/local/etc/raddb/modules/smbpasswd
including configuration file /usr/local/etc/raddb/modules/smsotp
including configuration file /usr/local/etc/raddb/modules/sql_log
including configuration file
/usr/local/etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /usr/local/etc/raddb/modules/sradutmp
including configuration file /usr/local/etc/raddb/modules/unix
including configuration file /usr/local/etc/raddb/modules/acct_unique
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
including configuration file
/usr/local/etc/raddb/sites-enabled/control-socket
main {
allow_core_dumps = no
}
including dictionary file /usr/local/etc/raddb/dictionary
main {
prefix = /usr/local
localstatedir = /var
logdir = /var/log
libdir = /usr/local/lib/freeradius-2.1.10
radacctdir = /var/log/radacct
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = /var/run/radiusd/radiusd.pid
checkrad = /usr/local/sbin/checkrad
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security
Re: Radius Over a NAT
Hi, The aps are over a private network(NAT) and the Radius server is on a public network(it have a true ip).� I retrived the log file but it did not show me anything usefull. Any ideias of what i must do? the clients (APs) will have the address of their public gateway..or one of a pool from the public gateway - check your radiusd debug log to see the connections coming in. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap+freeradius
suggestme wrote: *Sorry for the confusion I made. I have put the name of LDAP server accordingly , not the localhost. Just for privacy I didn't put here.* Here is the output of radiusd -X command: Which is the same error. Your problem is simple. We are trying to help you, and you are refusing to read our messages. This isn't just you being lazy, it's you being rude. You were told *explicitly* how to solve the problem. If you didn't understand the answer, ask a question about the answer. But you need to posting the same question. If you do, you can be unsubscribed. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: newbie and realms
walter harms wrote: What do you mean by realms should be equal? What is m2m? equal = the realms will differ in names only, not in configuration Since it's clear you don't know what realms are, I have no idea what you mean by this. m2m = machine to machine - no user interaction Which means... what in the context of RADIUS? Our dial-ins (now no radiusd) are moved to a 3.party and they told me setup a radiusd with 6 realms. I guess the machines will get usernames, perhaps very box the same. the realm will simple reflect the region they are calling from. That's a little better. But not enough. If you really wanted to solve the problem you would have posted the above paragraph in your first message. You would have included *everything* which might be relevant. You've refused to do that. Multiple times. It's clear you're reluctant to give any useful information which allows us to help you. You're more interested in playing 20 questions than solving your problem. My answer now is the same as in my first message: go read raddb/proxy.conf. Everything about realms is defined there. You obviously haven't read it, because *all* explanations of realms is included there. That documentation might reference terms you're not familiar with. Too bad. Those terms are *also* documented in proxy.conf. Go read it. Now stop being unhelpful, go help yourself. I'm done here. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap+freeradius
Hi, *Sorry for the confusion I made. I have put the name of LDAP server accordingly , not the localhost. Just for privacy I didn't put here.* okay Here is the output of radiusd -X command: and there. bingo. libdir = /usr/local/lib/freeradius-2.1.10 urgh. why? really...why? when you did the ./configure stage did you ask for it to go into this special non-standard directory? if its therethen you need to ensure that your system knows its there too - and a default server wont. you will need to edit the configuration file for your dynamic linker - usually /etc/ld.so.conf ..and then re-run /sbin/ldconfig ..you need to ensure your linker shows that it knows this /sbin/ldconfig -vif you need to check and double-check. if you dont see the freeradius libraries there at all then you need to check again. finally...if you dont see the rlm_ldap.so then go back one more step...and check that the LDAP module was actually built int he first place! ./configure --with-whatever-options | grep WARN you need to ensure you have LDAP support installed - the ldap development libraries usually something like openldap-devel in your package manager the fact that all the other bits work suggests that the other .so files are found..which points to the lack of ldap development libraries as the main culprit /usr/local/etc/raddb/modules/ldap[29]: Failed to link to module 'rlm_ldap': file not found /usr/local/etc/raddb/sites-enabled/inner-tunnel[237]: Failed to load module ldap. /usr/local/etc/raddb/sites-enabled/inner-tunnel[237]: Failed to parse ldap entry. yep. the .so dynamic library file cannot be loaded alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Challenge with FreeRadius
hughdavid wrote: I thought that we can configure FreeRadius to implement the methods, that generate Access-Challenge messages for PAP protocol, and we can define some logic scenarios for these challenge exchanges Apparently it is not possible with FreeRadius Yes, it is. But you need to write the code to make it do that. There is no pre-packaged configuration saying implement Access-Challenge here All Access-Challenge scenarios are tied to pre-existing authentication methods. e.g. EAP, SecurID, etc. If you're technical enough to implement your own Access-Challenge method, you're technical enough to *implement* your own Access-Challenge method. If you can't figure out how to implement Access-Challenge in the server (hint: there are examples), then you don't need to implement it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap+freeradius
Alan DeKok wrote too quickly: But you need to posting the same question. If you do, you can be unsubscribed. You need to *stop* posting the same question. I think I might set up a bot to monitor the list. The same question 3 times from someone results in them being unsubscribed. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: ldap+freeradius
Alan, Sorry for any inconvenience caused by it. I just put the output 3rd time since Alan Buxey asked for the complete radiusd-X output, not the small 3 line output to get the complete picture. Yesterday only I joined this freeradius list. Yesterday I opened the thread thinking to get suggestion where you were the one to give suggestion, I couldn't figure out how to solve that; and today I found this 'LDAP+Freeradius' thread with the same issue and posted here thinking I Might get quick response from the individual who already faced and solved this issue. My intention is not to trouble by sending the same post. I just want suggestion from this group. Again, Sorry if my questions troubled you guys. Thanks Date: Wed, 9 Nov 2011 12:19:15 -0800 From: ml-node+s1045715n4978982...@n5.nabble.com To: samanaupadh...@hotmail.com Subject: Re: ldap+freeradius Alan DeKok wrote too quickly: But you need to posting the same question. If you do, you can be unsubscribed. You need to *stop* posting the same question. I think I might set up a bot to monitor the list. The same question 3 times from someone results in them being unsubscribed. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html If you reply to this email, your message will be added to the discussion below:http://freeradius.1045715.n5.nabble.com/ldap-freeradius-tp2781398p4978982.html To unsubscribe from ldap+freeradius, click here. See how NAML generates this email -- View this message in context: http://freeradius.1045715.n5.nabble.com/ldap-freeradius-tp2781398p4979011.html Sent from the FreeRadius - User mailing list archive at Nabble.com.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap+freeradius
My intention is not to trouble by sending the same post. I just want suggestion from this group. That's the problem. You have HAD suggestions. Why haven't you followed them? Again, Sorry if my questions troubled you guys. Thanks Date: Wed, 9 Nov 2011 12:19:15 -0800 From: [hidden email] /user/SendEmail.jtp?type=nodenode=4979011i=0 To: [hidden email] /user/SendEmail.jtp?type=nodenode=4979011i=1 Subject: Re: ldap+freeradius Alan DeKok wrote too quickly: But you need to posting the same question. If you do, you can be unsubscribed. You need to *stop* posting the same question. I think I might set up a bot to monitor the list. The same question 3 times from someone results in them being unsubscribed. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/ldap-freeradius-tp2781398p4978982.html To unsubscribe from ldap+freeradius, click here. See how NAML generates this email http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewerid=instant_html%21nabble:email.namlbase=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespacebreadcrumbs=instant+emails%21nabble:email.naml-instant_emails%21nabble:email.naml-send_instant_email%21nabble:email.naml View this message in context: RE: ldap+freeradius http://freeradius.1045715.n5.nabble.com/ldap-freeradius-tp2781398p4979011.html Sent from the FreeRadius - User mailing list archive http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius proxy to IAS w/SQL attributes?
hi, quick one liner really.. if you look at the flow of this, you will notice a small difference when the remote proxy sends back the access-accept (yes, there is a LOT of EAP output - there is also a lot of challenge-response...when you get familar, you can just ignore those 13 or 15 packets...you will learn to just 'blank' them when reading the output - so long as there is no error! ;-) look at the final bit - post-auth - this is where you want to fire off the logic you need. there is little point doing it elsewhere - for you are only sending it to IAS - which wont do anything useful...you are also making the attribute list bigger and bigger it seems :-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius proxy to IAS w/SQL attributes?
Rob Ansaldo wrote: We are already running a MS IAS Radius server that uses our AD, but what we would like to do is to use FreeRADIUS to proxy requests to our IAS server and add in some vendor specific attributes that we would set in a MySQL database. That should be possible. The IAS server does not have these attributes, nor do we want to use the IAS server for them. Or... you could just use FreeRADIUS for everything. :) What would be preferred is to set the attributes in the MySQL database based on other business logic. These are 802.1x wireless clients connecting to our wireless controller. I have successfully configured FreeRADIUS to proxy the requests from the wireless controller to our IAS server. Where I am having trouble is applying any sort of custom attributes to the response. I can see that the client username is being queried, a group is being obtained and the attributes for that group are being queried but they never appear in the Access-Accept. You're doing the SQL lookup before the proxy. So the response from IAS is overwriting it. The configuration uses the default configuration files, except that I have added my wireless controller to clients.conf, a DEFAULT proxy to the IAS server, uncommented the sql section in radius.conf and added the settings for my MySQL server. That should *mostly* work. See below. Is what I am trying to do possible and if so, how would I go about it? Yes. Delete sql from the authorize section. Instead, add it to the post-auth section as sql.authorize. The SQL module will be queried *after* it receives the Access-Accept from IAS. The SQL queries which are used will be the ones you've already configured from authorize, which seem to work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius proxy to IAS w/SQL attributes?
Alan DeKok wrote: -Original Message- Rob Ansaldo wrote: The IAS server does not have these attributes, nor do we want to use the IAS server for them. Or... you could just use FreeRADIUS for everything. :) We can dream, right? :) Is what I am trying to do possible and if so, how would I go about it? Yes. Delete sql from the authorize section. Instead, add it to the post-auth section as sql.authorize. The SQL module will be queried *after* it receives the Access-Accept from IAS. The SQL queries which are used will be the ones you've already configured from authorize, which seem to work. Yes! This works perfectly! I had previously tried using just the sql section in post-auth, but as expected it ran the postauth_query. Will go dig around the comments and see how I missed the sql.authorize syntax. Thank you Alan! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius proxy to IAS w/SQL attributes?
Rob Ansaldo wrote: Yes! This works perfectly! I had previously tried using just the sql section in post-auth, but as expected it ran the postauth_query. Will go dig around the comments and see how I missed the sql.authorize syntax. That configuration is not extremely well documented. :( Thank you Alan! You're welcome. It's what I do. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Removing domain prefix from login
Hi, I'm authenticating users in RADIUS against LDAP, if I login from computer with 802.1x configured and users and password taken from domain automatic. Im getting wrong authenticated because the login has the following chain. DOMAIN\\Users How can i avoid that radius read the prefix? ntdomain with the 'hack' option set to yes - Stripped-User-Name is then properly created - use that variable in the LDAP alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: newbie and realms
As a hint for how to ask *good* questions, see the recent post about Freeradius proxy to IAS w/SQL attributes?. He posted a *detailed* description of what he was doing, what he wanted, what went wrong, and what he needed help with. The answer was really one line: change this to that. Instead of arguing or playing 20 questions, he followed instructions. And it worked. *That* is the approach you need to take. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simultaneous-Use For Group Using Unlang
Hi,
Where do I put this piece of code? Can I do this invocation in the authorize
block? Or is it something I put in the radiusd.conf? And where do I put the
custom procedure itself? Is it in /etc/freeradius/modules?
Sorry about this. I'm confused about the placement. First time to add a custom
procedure. Possible to extend this example to show which codes go to which file?
Thanks a lot!
Det
From: Alan DeKok al...@deployingradius.com
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Wednesday, November 9, 2011 9:57 PM
Subject: Re: Simultaneous-Use For Group Using Unlang
det.explo...@yahoo.com wrote:
I'd like to implement this using unlang but not sure where to start. The part
that I am having difficulty is on where to create the procedure and how to
call the procedure. The rest of the things like the DB query I can reuse from
the existing program. I want to implement this using unlang to avoid having
to open a new MySQL connection.
Any example, I can follow?
The SQL module supports string expansion. The input strings are just
SQL statements. The output is just a one-line string containing the
result of the SQL query.
This means you can call SQL procedures directly from unlang:
if (%{sql: call procedure with args} 2) {
... more than 2 people logged in ..
}
Very simple!
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simultaneous-Use For Group Using Unlang
On Thu, Nov 10, 2011 at 9:27 AM, Det Det det.explo...@yahoo.com wrote: Hi, Where do I put this piece of code? Can I do this invocation in the authorize block? Or is it something I put in the radiusd.conf? man unlang Requests are processed through virtual servers (including the default one), in the sections titled authorize, authenticate, post-auth, preacct, accounting, pre-proxy, post-proxy, and session. And where do I put the custom procedure itself? Is it in /etc/freeradius/modules? Alan is using an example where you have an sql procedure. If you don't know what an sql procedure is, then you need to learn what that is (which can be a steep learning curve). The main point is if your exec-program-wait simply do ONE sql query, then you can easily replace it using sql expansion. Use it to replace your exec-program-wait (usually in authorize). If your program currently uses some complex sql queries, then you need to find some way to group them together so they can be invoked as one query. One way to do that is using stored procedure. A documentation for MySQL is here: http://dev.mysql.com/doc/refman/5.5/en/stored-programs-views.html . Since this is not freeradius-specific issue, if you need more info about stored procedure you should ask in their respective list/forum. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: newbie and realms
On Wed, Nov 9, 2011 at 11:55 PM, walter harms wha...@bfs.de wrote: What do you mean by realms should be equal? What is m2m? equal = the realms will differ in names only, not in configuration m2m = machine to machine - no user interaction radius doesn't really care whether it's a no user interaction or user have to enter username and password scenario. so dropping everything outside these realms would be ok. the number of users will be very limited. I did not expect that this would be anything complicated. It's not. Not if you know what you want :) Our dial-ins (now no radiusd) are moved to a 3.party and they told me setup a radiusd with 6 realms. I guess the machines will get usernames, perhaps very box the same. the realm will simple reflect the region they are calling from. First thing: you need to know what username the radius will get. For example: - user1@region1 - user1@region2 Next step: figure out what you want to do with them If you treat them equally, and you process AAA for them locally, then there's really no need for you to touch proxy.conf at all. By default, all realms will be handled locally. You'll only need to add the users (user1@region1, user1@region2, etc) to sql (or whatever backend you'll be using), and it should just work. If a user entry is present, and the password match, they'll pass. If the user is not in the backend (for example, if the username is incorrect, or if the realm-part is incorrect) then it will be rejected. It's as simple as that. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to calculate the handover time?
First of all,i have to say sorry,i know this topic maybe not related to FR.But I guess here is the best place to find out the answer. Enviroment: Fedora 14 + 2 AP(set to WPA_PSK). On the Fedora 14,i use wpa_cli to switch from one wireless network to another,during the handover,there will 10 PING packets be lost.right now ,i hope i could find a way to calculate the accurate handover time? Is there any way to do this? any suggestion will be really appreciate. BTW, is FR be helpful in roaming between wireless network? Or,all the roaming work should be done in the terminal ?(lile laptop) Thank you very much. snan4love -- View this message in context: http://freeradius.1045715.n5.nabble.com/How-to-calculate-the-handover-time-tp4979925p4979925.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to calculate the handover time?
On Thu, Nov 10, 2011 at 10:37 AM, snan4love snan4l...@hotmail.com wrote: First of all,i have to say sorry,i know this topic maybe not related to FR.But I guess here is the best place to find out the answer. No, it's not Enviroment: Fedora 14 + 2 AP(set to WPA_PSK). On the Fedora 14,i use wpa_cli to switch from one wireless network to another,during the handover,there will 10 PING packets be lost.right now ,i hope i could find a way to calculate the accurate handover time? Is there any way to do this? No idea any suggestion will be really appreciate. BTW, is FR be helpful in roaming between wireless network? Or,all the roaming work should be done in the terminal ?(lile laptop) AFAIK the only way that FR might be related is that if it sends Session-Timeout, and the NAS honors it. And even then it'd not be directly related to roaming. It'd only tell the NAS to cut off the session after a period of time. At that time the wireless client will (usually) scan for AP with best signal and authenticate, possibly causing roaming if it changes BSSID. Somewhat off-topic note, I found out that when multiple APs with same SSID available, my Ubuntu laptop will often do disconnect-scan-connect routine, losing connection in the process, even when it ended up connecting to the same AP in the end. I ended up creating a configuration (using network-manager) that will forcefully connect to a particular BSSID only, effectively disable roaming. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Request
when i run the radius for debugging mode using *radusd -X* command i got error like *bash: radiusd: command not found* - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Removing domain prefix from login
Alejandro Gandara wrote: I'm authenticating users in RADIUS against LDAP, if I login from computer with 802.1x configured and users and password taken from domain automatic. Im getting wrong authenticated because the login has the following chain. DOMAIN\\Users How can i avoid that radius read the prefix? You should be able to authenticate using just the user name, using ntlm_auth. See the examples in raddb/modules/ntlm_auth I've tried to introduce the option prefix in /etc/sites-enable/default , but its getting me back errors because of wrong way to introduce that line. Yes. Don't define a realm. It won't work. Post the debug output. That helps, too. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Request
if u have installed FR I guess u did it from source. Anyways check ur PATH variable. Its a simple linux error. Kindly google before u post. -Mrinal On Thu, Nov 10, 2011 at 1:50 AM, Harshavardhan chillakuru harshac...@gmail.com wrote: when i run the radius for debugging mode using *radusd -X* command i got error like *bash: radiusd: command not found* - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
