Re: Indexing multi-valued attrbutes (was RE: 3.0)
On 9 Jul 2013, at 18:01, Brian Julin wrote: > > Arran Cudbard-Bell wrote: >> >> Soon. We've gone into official feature freeze. Still finding bugs though, >> it'd be helpful if people could test. > > Just to make sure it was understood during the "foreach" fixup patch I sent > on github, I mentioned that indexed attribute accesses were broken. > None of var[#] var[2] or var[*] work in xlats, unless that's been fixed > recently. I don't believe it has. I'll add an issue. Arran Cudbard-Bell FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to get vendor-specific attribute value pairs
G'day list I have been tinkering with some Netgear managed L2/L3 switching stuff and got the login working via freeradius (actually quite simple compared to EAP stuff for wireless). But when issuing "enable" after login, going into what they call "Privileged EXEC" mode it will - very similar to Cisco - send a request for a user $enab15$ to the radius server when FR doesn't send Cisco own attribute value pair for privileges. At leat defining such a user leads to working elevation to this privileged mode but requires it instead of using the network admin's own password. In general a lot of commands on these Netgears are (very much) simiar to Cisco IOS where one can use "shell:priv-lvl=15" avpair during authentication so the Cisco switch/router know privilege level of the logged in user and thus won't ask for a $enab15$ user. FreeRADIUS doesn't have a dictionnary for Netgear stuff yet, I don't think Netgear copied Cisco's own AVpair use, but in case they do have own AV pairs, how do you guys generally identify them? Best regards Mathieu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius using linux user passwd
Hi, On Tue, Jul 09, 2013 at 10:58:15AM -0700, Julian Macassey wrote: > On 2013-07-09 at 10:18, Matthew Newton (m...@leicester.ac.uk) wrote: > > Try adding the following to the *top* of your users file: > > > > evergreen Cleartext-Password := "pa55word", MS-CHAP-Use-NTLM-Auth := 0 > > When I use the users file, it works. In fact, every possible auth > protocol works: ... > I will persevere. I have seen that in the 1.* release > there was an "Auth-Type System", which was for system username > password. Auth-Type System is obsolete and likely won't do what you want. What you want can be done, but you need to fixup some things. First to note (as said before) and importantly, your client is configured to use PEAP/MS-CHAPv2. That *won't* work with /etc/password, full stop. There is no way to get that to work, so there's no point looking any more. If you change your client to use EAP-TTLS/PAP, then you should be able to get it to work. This is because the client will then send the cleartext password (inside the TTLS encrypted tunnel) which can be used to check against the /etc/shadow hash. In your modules directory, configure 'passwd' to read the /etc/passwd or /etc/shadow file appropriately. Make sure that freeradius has permission to read shadow, which is normally restricted. In your sites-enabled/inner-tunnel file, add 'etc_passwd' (or whatever the name of the passwd module is in modules/passwd) into the authorize section near the top (definitely above 'pap'). In your eap.conf you can edit default_eap_type to be 'ttls' to save a bit of negotiation time when connecting, and then in the ttls{} section set default_eap_type to pap. Then watch the debug output and make sure that the client is doing EAP-TTLS/PAP. If not, fix the client as otherwise there's no chance of getting it to work. Macs and Linux should be OK. You might have problems if the system is using the newer $n$ type passwords. It will be possible to get working, but might be harder to check if the password is OK. Try the above and send full debug output if it's still failing. Cheers Matthew -- Matthew Newton, Ph.D. Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PEAP using different CA?
Hi, Currently we have 1000´s of users self-signed certificates (EAP-TLS), and we´re planning to move our main authentication method to PEAP, but keeping the certificates in use while valid. To avoid the need of installing our CA certificate on every Windows machine, we´ll buy the server certificate from a public CA. Can Freeradius allow me to have both methods at the same time, ie, the PEAP with the public CA and certificate users with our 'self-signed' CA? Thanks in advance, Fernando Hämmerli Pontifícia Universidade Católica do Rio de Janeiro - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to get vendor-specific attribute value pairs
On 10 Jul 2013, at 12:46, Mathieu Simon wrote: > G'day list > > > I have been tinkering with some Netgear managed L2/L3 switching stuff and > got the > login working via freeradius (actually quite simple compared to EAP stuff for > wireless). > > But when issuing "enable" after login, going into what they call "Privileged > EXEC" mode > it will - very similar to Cisco - send a request for a user $enab15$ to the > radius server > when FR doesn't send Cisco own attribute value pair for privileges. > > At leat defining such a user leads to working elevation to this privileged > mode > but requires it instead of using the network admin's own password. > > In general a lot of commands on these Netgears are (very much) simiar to > Cisco IOS > where one can use "shell:priv-lvl=15" avpair during authentication so the > Cisco switch/router > know privilege level of the logged in user and thus won't ask for a $enab15$ > user. > > FreeRADIUS doesn't have a dictionnary for Netgear stuff yet, I don't think > Netgear > copied Cisco's own AVpair use, but in case they do have own AV pairs, how do > you guys generally identify them? By asking Netgear. There's no way to query the NAS to determine which attributes it supports. Or to decode unknown VSAs into meaningful data. This is not a limitation of FreeRADIUS, but a limitation of the protocol. -Arran Arran Cudbard-Bell FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP using different CA?
Fernando Hammerli wrote: > To avoid the need of installing our CA certificate on every Windows > machine, we´ll buy the server certificate from a public CA. > Can Freeradius allow me to have both methods at the same time, ie, the > PEAP with the public CA and certificate users with our 'self-signed' CA? Just put both CAs in the directory pointed to by CA_path. And using a public CA is usually not a good idea. It means that your users will trust *any* certificate signed by that CA, not just your certificate. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius using linux user passwd
Julian Macassey wrote: > It does when it is all in the 'users' file, in fact, when > I put my username and password in the users file, my laptop and > smartphone authenticate and connect to the WiFi. That's good. > But, I want to get that info from /etc/password. I note > from looking around that there used to be (Version 1?) an > Auth-Type= System that did just that. As has been said, that won't work. So don't do it. >> Read raddb/sites-available/inner-tunnel. It describes how to get the >> "inner-tunnel" portion working. > > I have that working and tested via radtest using the > protocols noted in the radtest man page (-t pap/chap/mschap/eap-md5) Not for /etc/passwd. Because it's impossible. > What I do see is: > > # Executing section authorize from file > # /etc/freeradius/sites-enabled/default > +- entering group authorize {...} > ++[preprocess] returns ok > ++[digest] returns noop > [suffix] No '@' in User-Name = "evergreen", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > > > > So, doing the obvious and fixing proxy.conf to: > > realm NULL { Don't do that. It's not needed. > authhost= localhost:1600 > accthost= localhost:1601 Were did you get these values from? > My output now looks like: ... > Waking up in 4.9 seconds. > Cleaning up request 0 ID 15 with timestamp +4 > Marking home server 127.0.0.1 port 1600 as zombie (it looks like > it is dead). So... you don't have a RADIUS server running on localhost, port 1600. Why then did you configure it to proxy requests to there? It looks like you're trying random things in the hope that something will magically start working. Well, it won't. You need to understand what's going on. Proxying packets to a server that doesn't exist shows you're not understanding it. > So... Works with the users file, doesn't work when I try > to get it to use /etc/passwd Because (among other things), it's impossible to do PEAP / MSCHAP with /etc/passwd. So don't try. And undo your changes for the NULL realm. They're not necessary. They're causing *additional* problems. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP using different CA?
On 10 Jul 2013, at 13:38, Alan DeKok wrote: > Fernando Hammerli wrote: >> To avoid the need of installing our CA certificate on every Windows >> machine, we´ll buy the server certificate from a public CA. >> Can Freeradius allow me to have both methods at the same time, ie, the >> PEAP with the public CA and certificate users with our 'self-signed' CA? > > Just put both CAs in the directory pointed to by CA_path. > > And using a public CA is usually not a good idea. It means that your > users will trust *any* certificate signed by that CA, not just your > certificate. Well that's not strictly true. Most supplicants support specifying the CN of the certificate presented, but yes, it's still better to use your own CA and deploy it as part of enrolment. There is absolutely no security advantage to using a commercial CA, and several disadvantages. If this is a usability issue, I recommend you look at dissolvable setup clients like cloudpath, or investigate the various certificate/settings bundles that things like iPhones support. Arran Cudbard-Bell FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP using different CA?
Hi, > Currently we have 1000´s of users self-signed certificates (EAP-TLS), > and we´re planning to move our main authentication method to PEAP, but > keeping the certificates in use while valid. > > To avoid the need of installing our CA certificate on every Windows > machine, we´ll buy the server certificate from a public CA. > Can Freeradius allow me to have both methods at the same time, ie, the > PEAP with the public CA and certificate users with our 'self-signed' CA? easy /easier with FreeRADIUS 3 as you can define different TLS parameters for each EAP IIRC :-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to get vendor-specific attribute value pairs
G'day 2013/7/10 Arran Cudbard-Bell > > On 10 Jul 2013, at 12:46, Mathieu Simon wrote: > > > FreeRADIUS doesn't have a dictionnary for Netgear stuff yet, I don't > think Netgear > > copied Cisco's own AVpair use, but in case they do have own AV pairs, > how do > > you guys generally identify them? > > By asking Netgear. > > There's no way to query the NAS to determine which attributes it supports. > Or to decode unknown VSAs into meaningful data. This is not a limitation > of FreeRADIUS, but a limitation of the protocol. > Thank you Arran, that's what I suspected but hoped that there would be another way to find out. I'll see if Netgear is willing to approve existence of AV pairs (and if theyre willing to share them). -- Mathieu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP using different CA?
Hi As a possible hint since your question sounds similar to an issue I had: I was looking to provide a server-side certificate to my clients from a public CA but only allow clients to authenticate via EAP-TLS when presenting a cert from our internal CA which avoids the misconfiguration to trust any certificate issued by the public CA. Check the difference of CA_file (containing root CA cert of your internal CA), but set server cert (including cert chain) inside certificate_file. ( http://lists.freeradius.org/pipermail/freeradius-users/2013-April/065990.html ) Regards, Mathieu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to get vendor-specific attribute value pairs
Hi, >Thank you Arran, that's what I suspected but hoped that there would be >another way to find out. >I'll see if Netgear is willing to approve existence of AV pairs (and if >theyre willing to share them). on some kit you can run a command to see the VSA list/desc most vendors will document their AV pairs - buried somewhere on their support sites alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP using different CA?
Hello, >>> To avoid the need of installing our CA certificate on every Windows >>> machine, we´ll buy the server certificate from a public CA. Having the CA cert installed only does half of the job; for EAP configuration purposes, the CA must explicitly marked as trusted /for this EAP identity/. So you still need to tell users to set a checkbox besides that CA. The difference to importing the CA before that is not much more work; on Windows, it's a couple of clicks only. > If this is a usability issue, I recommend you look at dissolvable setup > clients like cloudpath, or investigate the various certificate/settings > bundles that things like iPhones support. And since he is from a university and likely his deployment is an eduroam one, you should also mention the dissolvable client setup tool "eduroam CAT", https://cat.eduroam.org , which is free and tailored to eduroam. It will install private CAs just as fine and automated as it does commercial CAs. Greetings, Stefan Winter > > Arran Cudbard-Bell > FreeRADIUS Development Team > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP using different CA?
Hi, thanks for you reply (extensive to the others), > Just put both CAs in the directory pointed to by CA_path. Curently my CA_path is where my users certificates are stored. I thought I had to offer a different server certificate to the user. I was able to make it work (PEAP only, not the TLS) by pointing to that certificate via 'certificate_file =' and the public CA chain via 'CA_file ='. Could you give me a hint about you tip, that seems to be easier. I agree 100% about the security concerns on using a public CA. The problem is that we need to make the usage process as simple as possible. Students and teachers are easier to help, but we have seasonal/sporadic users (short curses, seminars), and requiring any intervention has been creating complaints (and is considered annoying). Even a simple root CA installation procedure (for Windows only clients) is considered annoying. So that´s why are considering the public CA - Microsoft could have done things easier for us :) Thanks! Fernando. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Update sections
Update sections in 3.0 are considerably more powerful than 2.x.x In addition to being able to override lists on an attribute by attribute basis, e.g: update { request:foo = 'bar' } You can also perform full list copies: update { request: += &reply: } Filtered list copies (all instance of attribute in a list) update { request: += &reply:foo } Reference attributes: update { request:foo += &reply:foo } and perform both types of program execution: update { request:foo := `` # foo is assigned the output of my program } update { request: := `` # any VALUE_PAIRs returned by my program are added to the request list } Update sections may now also return fail. (0) update { (0) Executing: "/tmp/foo %{User-Name}" (0) expand: "%{User-Name}" -> 'foo' (0) Program returned code (2): Failed to execute "/tmp/foo": No such file or directory (0) ERROR: Failed to execute "/tmp/foo": No such file or directory (0) } # update = fail In which case subsequent statements are not executed. As with modules failure this can be checked with if (fail). Update sections are no longer atomic as a whole. But individual statements are. That is if a statement fails, all VALUE_PAIRs created up to the point of the failure are discarded. We may be able to restore atomicity of update sections once sets and lists are implemented in 3.1. If you absolutely require it in 3.0 you can wrap each statement in it's own update section and check for failure. -Arran Arran Cudbard-Bell FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Update sections
On 10/07/13 15:43, Arran Cudbard-Bell wrote: Update sections may now also return fail. Can you clarify - AIUI, sql xlat can now also distinguish between empty and fail, so if I do this: update { request:Tmp-String-0 := "%{sql:...}" } ...and the SQL server is down, the xlat will fail and the update section as a whole will fail? If so - very very cool. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP using different CA?
User a deployment tool as then things like CN checks are done alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP using different CA?
Hi Mathieu, thanks for your reply. It´s not clear to me what exactly has to be done. So, I´ll place both server certificates inside the certificate_file, correct? Do I declare it only under the 'tls' section (not on the peap)? How does FR knows which certificate for each method? How do I declare both private keys? Sorry for my stupid questions. Thanks, Fernando. Em 10/07/2013 10:44, Mathieu Simon escreveu: > Hi > > As a possible hint since your question sounds similar to an issue I had: > > I was looking to provide a server-side certificate to my clients from > a public CA > but only allow clients to authenticate via EAP-TLS when presenting a > cert from our > internal CA which avoids the misconfiguration to trust any certificate > issued by the public CA. > > Check the difference of CA_file (containing root CA cert of your > internal CA), but set server cert > (including cert chain) inside certificate_file. > > (http://lists.freeradius.org/pipermail/freeradius-users/2013-April/065990.html) > > Regards, > Mathieu > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Loading fails without reporting an error
Hello again, I've successfully gotten to the point where local authentication is working well for all modes, using multiple SSIDs through two virtual servers, so I felt confident jumping into the less familiar world of proxying. Not that the concept is hard to understand, it's just always seemed like there were many moving parts (realms and such). With the simpler realm configuration (all in proxy.conf) offered by 2.x, it seems logically laid out and should just work. But now when I load freerad in debug mode, it simply stops loading with no error, after one of my two home_server_pool stanzas. At that point, it has successfully loaded the basic proxy server, all three home_server stanzas, and the first home_server_pool. It just seems to stall. Should I be looking for an error in the last stanza that successfully displayed, or the first one that fails to load? Or would this happen with a missing dependency? Thanks, Steve Entire debug here: root@freerad13:/etc/freeradius# /usr/sbin/freeradius -X FreeRADIUS Version 2.2.0, for host x86_64-pc-linux-gnu, built on Sep 21 2012 at 05:38:16 Copyright (C) 1999-2012 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/mods-enabled/ including configuration file /etc/freeradius/mods-enabled/echo including configuration file /etc/freeradius/mods-enabled/perl including configuration file /etc/freeradius/mods-enabled/chap including configuration file /etc/freeradius/mods-enabled/smbpasswd including configuration file /etc/freeradius/mods-enabled/soh including configuration file /etc/freeradius/mods-enabled/passwd including configuration file /etc/freeradius/mods-enabled/smsotp including configuration file /etc/freeradius/mods-enabled/krb5 including configuration file /etc/freeradius/mods-enabled/always including configuration file /etc/freeradius/mods-enabled/ntlm_auth including configuration file /etc/freeradius/mods-enabled/ldap including configuration file /etc/freeradius/mods-enabled/dynamic_clients including configuration file /etc/freeradius/mods-enabled/detail.log including configuration file /etc/freeradius/mods-enabled/rediswho including configuration file /etc/freeradius/mods-enabled/checkval including configuration file /etc/freeradius/mods-enabled/mschap including configuration file /etc/freeradius/mods-enabled/otp including configuration file /etc/freeradius/mods-enabled/realm including configuration file /etc/freeradius/mods-enabled/cui including configuration file /etc/freeradius/mods-enabled/unix including configuration file /etc/freeradius/mods-enabled/linelog including configuration file /etc/freeradius/mods-enabled/exec including configuration file /etc/freeradius/mods-enabled/detail.example.com including configuration file /etc/freeradius/mods-enabled/digest including configuration file /etc/freeradius/mods-enabled/etc_group including configuration file /etc/freeradius/mods-enabled/redis including configuration file /etc/freeradius/mods-enabled/policy including configuration file /etc/freeradius/mods-enabled/acct_unique including configuration file /etc/freeradius/mods-enabled/pap including configuration file /etc/freeradius/mods-enabled/opendirectory including configuration file /etc/freeradius/mods-enabled/dhcp_sqlippool including configuration file /etc/freeradius/mods-enabled/sql_log including configuration file /etc/freeradius/mods-enabled/mac2ip including configuration file /etc/freeradius/mods-enabled/pam including configuration file /etc/freeradius/mods-enabled/preprocess including configuration file /etc/freeradius/mods-enabled/sqlcounter_expire_on_login including configuration file /etc/freeradius/mods-enabled/files including configuration file /etc/freeradius/mods-enabled/radutmp including configuration file /etc/freeradius/mods-enabled/inner-eap including configuration file /etc/freeradius/mods-enabled/expiration including configuration file /etc/freeradius/mods-enabled/counter including configuration file /etc/freeradius/mods-enabled/sradutmp including configuration file /etc/freeradius/mods-enabled/detail including configuration file /etc/freeradius/mods-enabled/radrelay including configuration file /etc/freeradius/mods-enabled/attr_filter including configuration file /etc/freeradius/mods-enabled/logintime including configuration file /etc/freeradius/mods-enabled/cache including configuration file /etc/freeradius/mods-enabled/expr including configuration file /etc/freeradius/mods-enabled/attr_rewrite including configuration file /etc/freeradius/mods-enabled/mac2vlan including configuration fi
Re: PEAP using different CA?
Got it now, as you said. Using the public CA certs on certificate_file (and related private key), and included the public CA chain on the CA_file (together with my own CA). Still needs more testing (in more enviroments), but seems to be working. Thanks! > > Check the difference of CA_file (containing root CA cert of your > internal CA), but set server cert > (including cert chain) inside certificate_file. > > (http://lists.freeradius.org/pipermail/freeradius-users/2013-April/065990.html) > > Regards, > Mathieu > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Update sections
On 10 Jul 2013, at 16:29, Phil Mayers wrote: > On 10/07/13 15:43, Arran Cudbard-Bell wrote: > >> Update sections may now also return fail. > > Can you clarify - AIUI, sql xlat can now also distinguish between empty and > fail, so if I do this: > > update { > request:Tmp-String-0 := "%{sql:...}" > } > > ...and the SQL server is down, the xlat will fail and the update section as a > whole will fail? If so - very very cool. > - Yes. Errors bubble from sql_xlat up to the update section. If the value returned from the SQL statement is empty, a zero length attribute will be created, as with 2.x.x, provided that the statement completed successfully. To support the above, all xlat functions now return an ssize_t, where >= 0 is success (length of data written to buffer), and < 0 is failure. As of a couple of minutes ago, an update section will now return two RLM_* codes, RLM_MODULE_FAIL if something has actually failed and RLM_MODULE_INVALID if an attribute or list was referenced that doesn't exist in the current request. -Arran Arran Cudbard-Bell FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Update sections
On 10 Jul 2013, at 23:59, Arran Cudbard-Bell wrote: > > On 10 Jul 2013, at 16:29, Phil Mayers wrote: > >> On 10/07/13 15:43, Arran Cudbard-Bell wrote: >> >>> Update sections may now also return fail. >> >> Can you clarify - AIUI, sql xlat can now also distinguish between empty and >> fail, so if I do this: >> >> update { >> request:Tmp-String-0 := "%{sql:...}" >> } >> >> ...and the SQL server is down, the xlat will fail and the update section as >> a whole will fail? If so - very very cool. >> - > > Yes. Errors bubble from sql_xlat up to the update section. If the value > returned from the SQL statement is empty, a zero length attribute will be > created, as with 2.x.x, provided that the statement completed successfully. Ah, yes, and the reason for the failure will be available in Module-Failure-Msg, which is now pretty much always populated correctly as it's updated by the RERROR REDEBUG REDEBUG2 macros. Arran Cudbard-Bell FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dictionary type problem
hi everybody I am adding some new attributes to dictionary.motorola. but when i run freeradius , it gives the follwoing error. including dictionary file /usr/local/etc/raddb/dictionary Errors reading dictionary: dict_init: /usr/local/share/freeradius/dictionary.motorola[78]: invalid type "hexdecimal" it clearly indicates that it doesnot support hexadecimal type. Could anyone please tell me , whts the alternative of this. Thanks in advance -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dictionary type problem
From: Muhammad Nadeem To: FreeRadius users mailing list Sent: Thursday, July 11, 2013 2:08 PM Subject: Dictionary type problem hi everybody I am adding some new attributes to dictionary.motorola. but when i run freeradius , it gives the follwoing error. including dictionary file /usr/local/etc/raddb/dictionary Errors reading dictionary: dict_init: /usr/local/share/freeradius/dictionary.motorola[78]: invalid type "hexdecimal" it clearly indicates that it doesnot support hexadecimal type. Could anyone please tell me , whts the alternative of this. Thanks in advance -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html