Freeradius 2.0.3 - radtest utility
Hi,
Been using Freeradius for 5+ years now and I'd just like to say
it's great
software, many thanks to Alan et al for all their hard work !
I'm currently investigating moving from RHEL4 / Postgresql 8.1 / FR
1.1.6
to Centos5.1 / Postgresql 8.3 / FR 2.0.3 - fell down a couple of holes
(config wise) but I think I've got everything working OK now.
I've found that the radtest client in FR 2.0.3 isn't displaying the
Accept / Reject message any more. However NTRadPing against
the same server works OK.
Is this me or a feature ?
Many Thanks,
--
Jeff Green
Network Support Manager
SAPIENS (UK) Ltd
t: +44 (0)1895 464228 f: +44 (0)1895 463098
"the mirrors of my eyes are always focused in surprise,
my mouth is covered by a smile"
Confidentiality Note: The information contained in this email and document(s)
attached are for the exclusive use of the addressee and may contain
confidential, privileged and non-disclosable information. If the recipient of
this email is not the addressee, such recipient is strictly prohibited from
reading, photocopying, distribution or otherwise using this email or its
contents in any way.
Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail
immediately at [EMAIL PROTECTED], if you have received this email in error.
Disclaimer: The views, opinions and guidelines contained in this confidential
e-mail are those of the originating author and may not be representative of
Sapiens (UK) Ltd.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: clients date from DB
Hi, I can't help but notice, but these updated files don't appear in the "nightly CVS snapshot" either. I assume this deliberate. BTW,I'm currently running 0.9.3 in production (great product) and testing 1.0.0-prel3 - I was hoping this functionality would be in the 1.0.0 release. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kostas Kalevras Sent: 23 July 2004 13:00 To: [EMAIL PROTECTED] Subject: Re: clients date from DB On Fri, 23 Jul 2004, Edgars wrote: > should i install that rlm_sql?because i can't find it on my machine? i > just found it in not freeradiusd extracting directory. > Where can i get that new rlm_sql version?my current one is v1.116.2.3 >From the usual place www.freeradius.org You could also use the CVS web interface yo only download the latest rlm_sql.c and conf.h for src/modules/rlm_sql > > Edgars > > Kostas Kalevras wrote: > > >On Fri, 23 Jul 2004, Edgars wrote: > > > > > > > >>nope,doesn't work for me, the same error. Maybe i should use the > >>lates version? now the table looks like this: > >> > >>freeradius=# select*from nas2; > >> id | nasname |shortname | type | ports | secret | comunity | > >>description > >>++--+--+---++- -+- > >> 1 | 10.5.8.103 | testings_baigais | | | xxx| | > >> > >> > > > >sql clients was added in revision 1.125 of rlm_sql (check rlm_sql.c > >rcsid for that). > > > >Also run the server in debug mode to see exactly what's happening. > > > > > > > >>Edgars > >> > >>Kostas Kalevras wrote: > >> > >> > >> > >>>On Fri, 23 Jul 2004, Edgars wrote: > >>> > >>> > >>> > >>> > >>> > so the structure of the table should be as yours? Because my > deasn't work (error message about unknow client 1-.5.8.103): > > > > > >>>db_postgresql.sql has not been updated yet. Please use my table structure. > >>> > >>> > >>> > >>> > >>> > freeradius=# select*from nas; > ipaddr |shortname | secret | nasname | type | ports | > community | snmp | naslocation > +--++-+--+---+-- -+--+- > 10.5.8.103 | testings_baigais | xxx| | | > | | | > (1 row) > > Regards, > Edgars > > Kostas Kalevras wrote: > > > > > > >On Fri, 23 Jul 2004, Edgars wrote: > > > > > > > > > > > > > > > >>ok, have added readclients=yes in the radiusd.conf, added rows > >>in the > >>postgresql.conf: > >> > >>nas_table="nas" > >>readclients=yes > >> > >>I should write some SQL query now in this postgresql file, > >>right? Can you please give some example (i am checking IP and secret coming from NAS)? > >> > >> > >> > >> > >> > >> > >No you don't need to write any SQL queries, the query is hard > >coded in the sql module code. > > > >mysql> select * from nas; > >++---+---+---+- --++---+--+ > >| id | nasname | shortname | type | ports | secret | > >community | description | > >++---+---+---+- --++---+--+ > >| 1 | nas.hostname.com | prometheus.dialup | cisco | 180 | secret | > >public| Cisco 5350 Access Server | > >++---+---+---+- --++---+--+ > > > > > > > > > > > > > > > >>Edgars > >> > >> > >>Kostas Kalevras wrote: > >> > >> > >> > >> > >> > >> > >> > >>>On Fri, 23 Jul 2004, Edgars wrote: > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> > ok, thanx! > But how does freeradius know from which postgresql table to > check client IPs? > > > > > > > > > >>>Hmm, that information is missing ... fixed > >>> > >>>You will need to add the following directives to your postgresql.conf: > >>> > >>>nas_table = "nas" > >>>readclients = yes > >>> > >>>Also add a nas table with the same structure as the one defined in db_mysql.sql. > >>>The db_postgresql.sql file has not been updated yet and still > >>>has the old structure. > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> > Regards, > Edgars > > Kostas Kalevras wrote: > > > > > > > > > > >On Thu, 22 Jul 2004, Edgars wrote:
RE: "how to authenticate IE from freeradius"
Hi,
Simon's correct, you need a firewall to control access to the
resource
(in this case the internet). You can then configure the firewall to use
a RADIUS server for
Authentication/authorisation.
I know the Cisco PIX range support this ("cut-through proxy"), I'm sure
other
firewalls do something similar.
Regards,
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Simon
Bryden
Sent: 18 August 2004 14:43
To: [EMAIL PROTECTED]; jassim El-mansori
Subject: Re: "how to authenticate IE from freeradius"
The problem is not pointing IE to freeradius, the problem is controlling
the access. You need to find a solution to this first, then point *that*
to freeradius.
Simon.
---
On Wednesday 18 August 2004 14:36, jassim El-mansori wrote:
> hello
> i'm looking for a way to point the IE on WIN2000 to freeradius, so
> user can seek for authentication, and than radius allow him in to
> browse the internet thank u all
>
>
>
> __
> Do you Yahoo!?
> Yahoo! Mail - 50x more storage than other providers!
> http://promotions.yahoo.com/new_mail
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeRADIUS 1.0.1 and Cisco PIX 515 version 6.1
Title: freeRADIUS 1.0.1 and Cisco PIX 515 version 6.1 Hi, We're currently running PIX515e / Finese 6.3(4) with FreeRadius 1.0.0 and Postgresql V7.4.5 on SuSE V9.1 and it's working fine. Previously I've run Finese 6.3(2)/6.3(3) against FreeRadius 0.9.x on SuSE 9.0 / 8.x with no probs. The only problem with the PIX is that the last A in AAA is broken, which is a known problem apparently ... Regards, From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Zachary FortnaSent: 09 December 2004 14:24To: '[EMAIL PROTECTED]'Subject: freeRADIUS 1.0.1 and Cisco PIX 515 version 6.1 We recently migrated over to freeRADIUS 1.0.1 (Redhat ES 3 RPM) from Steel Belted RADIUS for authentication of our VPN. I set it up to use System authentication, and it works like a charm for a day or two, but then all of a sudden just stops. It appears that the PIX is no longer sending the access request packet to the RADIUS server which causes the problem. Using radtest works just fine and I receive the Access Request Packet. If we switch the PIX back to using Steel Belted RADIUS everything works fine. Has anyone run into a problem like this? Any ideas, as according to the guy who runs the PIX, everything is running fine there. Zachary Fortna, DAD Technical Specialist CXtec 315.476.3000, ext 2570 fax: 315.455.1800 CXtec (formerly CABLExpress Technologies) is a DBA of Cablexpress Corporation. Visit us online at www.cxtec.com. Confidentiality Note: The information contained in this email anddocument(s) attached are for the exclusive use of the addressee and may contain confidential, privileged and non-disclosable information. If the recipient of this email is not the addressee, such recipient is strictly prohibited from reading, photocopying, distribution or otherwise using this email or its contents in any way. Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail immediately at[EMAIL PROTECTED], if you have received this email in error.Disclaimer: The views, opinions and guidelines contained in this confidential e-mail are those of the originating author and may not be representative of Sapiens (UK) Ltd.
Freeradius Domain name (& website) registration expired ?
Can anyone else get to http://www.freeradius.org ? I'm getting redirected to a domain name registration of some ISP. Seems like the domain names registration has expired ??? Confidentiality Note: The information contained in this email and document(s) attached are for the exclusive use of the addressee and may contain confidential, privileged and non-disclosable information. If the recipient of this email is not the addressee, such recipient is strictly prohibited from reading, photocopying, distribution or otherwise using this email or its contents in any way. Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail immediately at [EMAIL PROTECTED], if you have received this email in error. Disclaimer: The views, opinions and guidelines contained in this confidential e-mail are those of the originating author and may not be representative of Sapiens (UK) Ltd. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Authenticate/Attributes based on NAS-IP-Address
Hi Nick, I've modified FreeRadius to retrieve NAS specific reply items from a (Postgresql) table as I have three different NAS h/w that users can connect using - they have different IP pools. Is this similar to what you want to do ? Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of N White Sent: 07 June 2005 22:29 To: FreeRadius users mailing list Subject: Authenticate/Attributes based on NAS-IP-Address Using MySQL as a backend, is there any way to configure Authentication and Attribute (replies), based on the NAS-IP-Address sent to the FreeRADIUS server? Allow requests from NAS1 to authenticate and have certain attributes for users in that group and then allow requests from NAS2 to authenticate and have different attributes. Would there be anyway to allow a user to be a part of both groups? Thanks, Nick - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Confidentiality Note: The information contained in this email and document(s) attached are for the exclusive use of the addressee and may contain confidential, privileged and non-disclosable information. If the recipient of this email is not the addressee, such recipient is strictly prohibited from reading, photocopying, distribution or otherwise using this email or its contents in any way. Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail immediately at [EMAIL PROTECTED], if you have received this email in error. Disclaimer: The views, opinions and guidelines contained in this confidential e-mail are those of the originating author and may not be representative of Sapiens (UK) Ltd. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
