Re: Radius and VPN configurations
I'm doing sometnihg like that with pptp on linux as a vpn server. I'm usin windows DUN asnthe clients, should work with the d-link routers too. Take a look at PoPToP --- Maqbool Hashim <[EMAIL PROTECTED]> wrote: > Hi, > > Is it possible to do the following with radius? > > I have a vpn setup on my netscreen firewall. This netscreen will be > a > radius client. I wish to ease the administration headache for adding > new > vpn users. So when a new user wants to connect to the vpn with his > dlink router or similar, I want to be able to add the relevant vpn > settings > on the radius server. So all the authentication and vpn settings are > > moved to the radius server rather than us having to change the > firewall > settings every time. So this will mean that customers who want to > set > up home users to be able to vpn into the firewall, will only have to > add > these users on the radius server and we won't have to do anything on > the > firewall. > > Any suggestions would be very welcome. > > Regards, > > Maqbool Hashim > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > = Julius Igugu SouthWork Co. Ltd. 234 (802) 320-7540 __ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm sql counter
Hi,
I'm tryin to setup radius accounts that expire after a predetermined
ammount of usage time (eg 5 hours) and are only valid for a
predetermined number of days (eg 30 days) after the first login.
I've setup an sql counter 'noresetcounter' that counts the online time:
sqlcounter noresetcounter {
counter-name = Max-All-Session-Time
check-name = Max-All-Session
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{%k}'"
}
this works fine until I setup another counter 'validitycounter', that
checks the number of days since the first login:
sqlcounter validitycounter {
counter-name = Total-Usage-Days
check-name = Relative-Validity
sqlmod-inst = sqlcca3
key = User-Name
reset = never
query = "SELECT ((UNIX_TIMESTAMP(CURDATE()) -
UNIX_TIMESTAMP(MIN(AcctStartTime))) / 86400) from radacct WHERE
UserName = '%{%k}'"
}
radius now sends the Relative-Validity as the Session-Timeout.
I've tried having the 'validitycounter' before the 'noresetcounter' and
the other way round but it still does the same.
Is there a way to make this work?
Thanks
=
Julius Igugu
SouthWork Co. Ltd.
234 (802) 320-7540
__
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlcounter question
It's possible, you'll have to increasing the Max-All-Session time to recharge. Otherwise just setup non-rechargable accounts, when exhausted they get another account. --- Bartosz Jozwiak <[EMAIL PROTECTED]> wrote: > Hello, > > I would like to set up following configuration: > > I am trying to set up prepaid solution for dialup customers. > Some accounts in radius should be allowed to login (total time on > line) for > 60 minutes. > Some accounts in should be configured to login (total time on line) > 30 > minutes. > This "time on-line" should never be cleard or renew (no dail, no > monthly > etc...). > But when customer whats to by more "time on-line" I can change it in > database (recharge his account) > > Is such a configuration possible with rlm_sqlcounter ? > > I would be happy to get some suggestions and help. > > Regards, > Bartosz Jozwiak > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > = Julius Igugu SouthWork Co. Ltd. __ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlcounter question
Did you set 'Session-Timeout := ???' for the account? And did you follow the instructions in doc/rlm_sqlcounter? --- Bartosz Jozwiak <[EMAIL PROTECTED]> wrote: > Ok I have managed to configure rlm_sqlcounter but I get > fallowing error while login: > > rlm_sqlcounter: Entering module authorize code > rlm_sqlcounter: Could not find Check item value pair > modcall[authorize]: module "noresetcounter" returns noop for > request 0 > > How I can fix it ? > I have seen it in archives of mailing list but I could not solve the > problem. > > Bartosz > > > > I would like to set up following configuration: > > > > > > I am trying to set up prepaid solution for dialup customers. > > > Some accounts in radius should be allowed to login (total time on > line) > > > for > > > 60 minutes. > > > Some accounts in should be configured to login (total time on > line) 30 > > > minutes. > > > This "time on-line" should never be cleard or renew (no dail, no > monthly > > > etc...). > > > But when customer whats to by more "time on-line" I can change it > in > > > database (recharge his account) > > > > > > Is such a configuration possible with rlm_sqlcounter ? > > yes it is possible. my advise for you to read more of > rlm_sqlcounter and > > other > > freeradius attributes.more help are existing with the mailling > list, just > > dig more of it. > > //milver > > > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > = Julius Igugu SouthWork Co. Ltd. __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlcounter question
I have this setup using the flat files and sql and they both work. I used 1.0.0pre3 on ReHat 9.0. What version of freeradius do you have? --- Bartosz Jozwiak <[EMAIL PROTECTED]> wrote: > > > > > Did you set 'Session-Timeout := ???' for the account? > > I have tryed it just now with Session-Timeout and I have tryed > without. > Still the same problem. > > > > > And did you follow the instructions in doc/rlm_sqlcounter? > > Yes I have followed instructions from doc/rlm_sqlcounter. > I have searched archives and a lot of peoples has problem with the > same > error > but there is no solution. > Can somebody help ? Please... > > Bartosz > > > > > --- Bartosz Jozwiak <[EMAIL PROTECTED]> wrote: > > > Ok I have managed to configure rlm_sqlcounter but I get > > > fallowing error while login: > > > > > > rlm_sqlcounter: Entering module authorize code > > > rlm_sqlcounter: Could not find Check item value pair > > > modcall[authorize]: module "noresetcounter" returns noop for > > > request 0 > > > > > > How I can fix it ? > > > I have seen it in archives of mailing list but I could not solve > the > > > problem. > > > > > > Bartosz > > > > > > > > I would like to set up following configuration: > > > > > > > > > > I am trying to set up prepaid solution for dialup customers. > > > > > Some accounts in radius should be allowed to login (total > time on > > > line) > > > > > for > > > > > 60 minutes. > > > > > Some accounts in should be configured to login (total time on > > > line) 30 > > > > > minutes. > > > > > This "time on-line" should never be cleard or renew (no dail, > no > > > monthly > > > > > etc...). > > > > > But when customer whats to by more "time on-line" I can > change it > > > in > > > > > database (recharge his account) > > > > > > > > > > Is such a configuration possible with rlm_sqlcounter ? > > > > yes it is possible. my advise for you to read more of > > > rlm_sqlcounter and > > > > other > > > > freeradius attributes.more help are existing with the mailling > > > list, just > > > > dig more of it. > > > > //milver > > > > > > > > > > > > > > > > - > > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > > > > > > > > > > - > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > > > > > > = > > Julius Igugu > > SouthWork Co. Ltd. > > > > > > > > __ > > Do you Yahoo!? > > Yahoo! Mail - 50x more storage than other providers! > > http://promotions.yahoo.com/new_mail > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > = Julius Igugu SouthWork Co. Ltd. __ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlcounter question
Sorry, you don't set the Sessiun-Timeout, you set the Mas-All-Session,
the server calculates the session-timeout.
Do this:
> INSERT into radcheck VALUES
('','test0001','Max-All-Session','54000',':=');
Where 'test0001' is the username and '54000' is the number of seconds
of total online time.
--- Bartosz Jozwiak <[EMAIL PROTECTED]> wrote:
>
>
>
> > Did you set 'Session-Timeout := ???' for the account?
>
> I have tryed it just now with Session-Timeout and I have tryed
> without.
> Still the same problem.
>
> >
> > And did you follow the instructions in doc/rlm_sqlcounter?
>
> Yes I have followed instructions from doc/rlm_sqlcounter.
> I have searched archives and a lot of peoples has problem with the
> same
> error
> but there is no solution.
> Can somebody help ? Please...
>
> Bartosz
>
> >
> > --- Bartosz Jozwiak <[EMAIL PROTECTED]> wrote:
> > > Ok I have managed to configure rlm_sqlcounter but I get
> > > fallowing error while login:
> > >
> > > rlm_sqlcounter: Entering module authorize code
> > > rlm_sqlcounter: Could not find Check item value pair
> > > modcall[authorize]: module "noresetcounter" returns noop for
> > > request 0
> > >
> > > How I can fix it ?
> > > I have seen it in archives of mailing list but I could not solve
> the
> > > problem.
> > >
> > > Bartosz
> > >
> > > > > I would like to set up following configuration:
> > > > >
> > > > > I am trying to set up prepaid solution for dialup customers.
> > > > > Some accounts in radius should be allowed to login (total
> time on
> > > line)
> > > > > for
> > > > > 60 minutes.
> > > > > Some accounts in should be configured to login (total time on
> > > line) 30
> > > > > minutes.
> > > > > This "time on-line" should never be cleard or renew (no dail,
> no
> > > monthly
> > > > > etc...).
> > > > > But when customer whats to by more "time on-line" I can
> change it
> > > in
> > > > > database (recharge his account)
> > > > >
> > > > > Is such a configuration possible with rlm_sqlcounter ?
> > > > yes it is possible. my advise for you to read more of
> > > rlm_sqlcounter and
> > > > other
> > > > freeradius attributes.more help are existing with the mailling
> > > list, just
> > > > dig more of it.
> > > > //milver
> > > >
> > > >
> > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > > >
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > >
> >
> >
> > =
> > Julius Igugu
> > SouthWork Co. Ltd.
> >
> >
> >
> > __
> > Do you Yahoo!?
> > Yahoo! Mail - 50x more storage than other providers!
> > http://promotions.yahoo.com/new_mail
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
=
Julius Igugu
SouthWork Co. Ltd.
__
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlcounter question
raddb/sqlcounter.conf:
sqlcounter noresetcounter {
counter-name = Max-All-Session-Time
check-name = Max-All-Session
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{%k}'"
}
SNIP
radiusd.conf
SNIP
modules {
# some other stuff here
#
$INCLUDE ${confdir}/sql.conf
$INCLUDE ${confdir}/sqlcounter.conf
# some other stuff here
}
authorize {
#
# some other stuff here
#
# Enforce daily limits on time spent logged in.
# daily
noresetcounter
#
# some other stuff here
#
}
--- SNIP
I think that's all I changed to get it working.
--- Bartosz Jozwiak <[EMAIL PROTECTED]> wrote:
> Yes I have set Max-All-Session to 60 seconds
> in mysql radcheck.
> I use 1.0.0pre3 on Debian (Woody)
>
> Please could you provide me your configuration files so I can compare
> it.
> It will be very heplful. Becuase I cannot find anything eals... :(
>
> Bartosz
>
>
> > Sorry, you don't set the Sessiun-Timeout, you set the
> Mas-All-Session,
> > the server calculates the session-timeout.
> >
> > Do this:
> >
> > > INSERT into radcheck VALUES
> > ('','test0001','Max-All-Session','54000',':=');
> >
> > Where 'test0001' is the username and '54000' is the number of
> seconds
> > of total online time.
> >
> >
> > --- Bartosz Jozwiak <[EMAIL PROTECTED]> wrote:
> > >
> > >
> > >
> > > > Did you set 'Session-Timeout := ???' for the account?
> > >
> > > I have tryed it just now with Session-Timeout and I have tryed
> > > without.
> > > Still the same problem.
> > >
> > > >
> > > > And did you follow the instructions in doc/rlm_sqlcounter?
> > >
> > > Yes I have followed instructions from doc/rlm_sqlcounter.
> > > I have searched archives and a lot of peoples has problem with
> the
> > > same
> > > error
> > > but there is no solution.
> > > Can somebody help ? Please...
> > >
> > > Bartosz
> > >
> > > >
> > > > --- Bartosz Jozwiak <[EMAIL PROTECTED]> wrote:
> > > > > Ok I have managed to configure rlm_sqlcounter but I get
> > > > > fallowing error while login:
> > > > >
> > > > > rlm_sqlcounter: Entering module authorize code
> > > > > rlm_sqlcounter: Could not find Check item value pair
> > > > > modcall[authorize]: module "noresetcounter" returns noop
> for
> > > > > request 0
> > > > >
> > > > > How I can fix it ?
> > > > > I have seen it in archives of mailing list but I could not
> solve
> > > the
> > > > > problem.
> > > > >
> > > > > Bartosz
> > > > >
> > > > > > > I would like to set up following configuration:
> > > > > > >
> > > > > > > I am trying to set up prepaid solution for dialup
> customers.
> > > > > > > Some accounts in radius should be allowed to login (total
> > > time on
> > > > > line)
> > > > > > > for
> > > > > > > 60 minutes.
> > > > > > > Some accounts in should be configured to login (total
> time on
> > > > > line) 30
> > > > > > > minutes.
> > > > > > > This "time on-line" should never be cleard or renew (no
> dail,
> > > no
> > > > > monthly
> > > > > > > etc...).
> > > > > > > But when customer whats to by more "time on-line" I can
> > > change it
> > > > > in
> > > > > > > database (recharge his account)
> > > > > > >
> > > > > > > Is such a configuration possible with rlm_sqlcounter ?
> > > > > > yes it is possible. my advise for you to read more of
> > > > > rlm_sqlcounter and
> > > > > > other
> > > > > > freeradius attributes.more help are existing with the
> mailling
> > > > > list, just
> > > > > > dig more of it.
> > > > > > //milver
> > > > > >
Re: I have to make choice between GNUradius and freeradius. My requirements are generally those of ISP. Which one will you recommend to me???
Hi, Why don't you tell the list what your requirements are and they might be able to tell you if FreeRadius supports it? GNU Radius features: http://www.gnu.org/software/radius/radius.html FreeRadius Features: http://www.freeradius.org/features.html Wireless Authentication is 802.1x and freeradius supports this. Regards. --- Amit Gupta <[EMAIL PROTECTED]> wrote: > Thanks Everybody for your response. > > Can you compare GNURadius with freeradius on feature by feature for > me. > > Amit Gupta > > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.718 / Virus Database: 474 - Release Date: 7/9/2004 > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > = Julius Igugu SouthWork Co. Ltd. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius--with mysql database???
Hi, There's a howto here: http://www.frontios.com/freeradius.html Regards --- "Joel n.solanki" <[EMAIL PROTECTED]> wrote: > Dear freeradius gurus, > > I am very new to radius.Just know what is radius nothing more :) > > I have downloaded freeradius-0.9.2.tar.gz and installed it. My system > is > Redhat 9.0 > > Problem:- I want my pppoe users to authenticate with freeradius and > the > (Usernames / Passwords) should be in mysql database and lot of other > things. > > So how could i enable mysql database configuration in freeradius > files? > I want mysql support in freeradius ..need to enable it? > > Can someone throw light on my small question. > > Thanking in advance. > > Joel n.solanki > > > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > = Julius Igugu SouthWork Co. Ltd. __ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: bandwidth restrction with radius
Hi, This page describes just that. Translate it with oole language tools. http://www.underlinux.com.br/modules.php?name=Sections&op=viewarticle&artid=223 I think its in portugese. Regards. --- "Joel n.solanki" <[EMAIL PROTECTED]> wrote: > >From - > Subject: bandwidth management with radius > From: "Joel n.solanki" <[EMAIL PROTECTED]> > To: radius <[EMAIL PROTECTED]> > Content-Type: text/plain > Organization: > Message-Id: <[EMAIL PROTECTED]> > Mime-Version: 1.0 > X-Mailer: Ximian Evolution 1.2.2 (1.2.2-4) > Date: 21 Jul 2004 09:28:54 +0530 > Content-Transfer-Encoding: 7bit > X-Evolution-Transport: smtp://[EMAIL PROTECTED] > X-Evolution-Account: [EMAIL PROTECTED] > X-Evolution-Fcc: file:///root/evolution/local/Sent > X-Evolution-Format: text/plain > > Dear all, > > I have sorted out to configure freeradius/mysql on pppoe server. > > Now i want to restrict bandwidth per user.What procedure should i > follow. > > I know how to restrict bandwidth with tc iproute2 package. But dont > know > how to integrate tc with freeradius/mysql on pppoe server. > > has any one over here did these things? > > any ideas/clues/rough manual... > i am in Little Urgency... > > Sorry for my english. > Regards, > Joel n.solanki > > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > = Julius Igugu SouthWork Co. Ltd. __ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Windows client
--- Larry Wade <[EMAIL PROTECTED]> wrote: > Does anyone know of an open source client for Windows 2000 or XP? I > don't want to spend $50 per client, the cost of Funk's Odyssey client For what? 802.1x? See SecureW2 = Julius Igugu SouthWork Co. Ltd. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: hi all
--- jassim El-mansori <[EMAIL PROTECTED]> wrote: > 1) has the NAS need to be a sprat machine No > > 2) the client A can reach the shared files in (C) via > > (B) after enabling the ip_forward...but i can't see any use of > freeradius Free(RADIUS) does AAA (Authentication, Authorisation and Accounting). This means you'll need an access controll device. It can be on the same machine or seperate. > > In here i mean i can reach the far end with out having freeradius > running, just normal networking. > > 3) do i need to maintain a specific protocol in order to authenticate > against the freeradius and once the user has been authenticated he > could gain access to the shared files in the other end (C) If so, > would you please tell what i have to do and how. > Take a look at ChillSpot (http://www.chillispot.org), Mikrotik (www.mikrotik.com) = Julius Igugu SouthWork Co. Ltd. __ Do you Yahoo!? Y! Messenger - Communicate in real time. Download now. http://messenger.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: web based billing
sisd.com/freeside --- Barry Murphy <[EMAIL PROTECTED]> wrote: > Hi, > > I know this may be a little OT, however does anyone have a script / > website where I can get a system that allows me to add products such > as web hosting, email, domains, dial-up (flatrate, MB usage or hourly > usage) sort of system. > > I want to be able to add plans to the system, then it does all the > work, emails customers their invoice on a monthly basis, allows the > user to login and view their usage (MB and hours). I can either allow > people to pay by paypal, or the rest will be doing a direct deposit > where I can just tick a box, or enter the amount as a credit to the > users account when they have paid. > > The ideal system would also have the ability to show me how much > money has come in as aposed to gone out. > > I know something like this would probably go for a bit of money as I > have looked at a number of them on hotscripts.com but none do > everything you need for an ISP like i have explained above. I don't > have a lot of money to spend either being a student trying to start a > small business. > > Any advice welcomed. > > Thanks > Barry = Julius Igugu SouthWork Co. Ltd. __ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reauthenticate User
This will depend on your NAS/RAS. Which one do you have? --- "Nurul Faizal Bin M.Shukeri" <[EMAIL PROTECTED]> wrote: > Hi again.., > > > > Anyone plz help me. How to reauthenticate user every example 30 min without > reenter username and password ? > > > > > > > > Nurul Faizal Bin M.Shukeri > > Pusat Komputer, > > Universiti Sains Malaysia. > > > > = Julius Igugu SouthWork Co. Ltd. ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reauthenticate User
What do you use for authentication? MAC Addresses, 802.1x, etc? --- "Nurul Faizal Bin M.Shukeri" <[EMAIL PROTECTED]> wrote: > I've got cisco aironet 350 series AP. > > > > --- > > > > This will depend on your NAS/RAS. > > > > Which one do you have? > > > > --- "Nurul Faizal Bin M.Shukeri" <[EMAIL PROTECTED]> wrote: > > > > > Hi again.., > > > > > > > > > > > > Anyone plz help me. How to reauthenticate user every example 30 min > without > > > reenter username and password ? > > > > > > > Nurul Faizal Bin M.Shukeri > > Pusat Komputer, > > Universiti Sains Malaysia. > > > > = Julius Igugu SouthWork Co. Ltd. __ Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish. http://promotions.yahoo.com/new_mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: forward request on port 80
What you need is a content filter (see www.dansguardian.org) you could put filtered users on a different subnet and redirect this subnet to the web proxy or you could redirect all to the web proxy and set which ip addresses are filtered and which are not! Bartosz Jozwiak <[EMAIL PROTECTED]> wrote: > Bartosz Jozwiak wrote:> I have a cisco router for dial-up.>> I will look on cisco website if my router supports it somehow.>> Does anybody tried to set up something like that before ? Look for Cisco SSG feature - it isn't exactly what you need,> but maybe will help you find some similar solutions>> MichalWhat I am trying to do is "safe internet for children"So some customers can turn on feature for example "website context filtering" for their account.And these users when they dial-in, router should know that website traffic should beredirected to http proxy.This is what I am trying to do and I started making my research with radius.bartosz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htmlJulius IguguSouthWork Co. Ltd.__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Is there a good web based administration tool
Yes. Dialup Admin. It's bundled with freeradius too! --- Adi Linden <[EMAIL PROTECTED]> wrote: > Hi, > > Just a quick question, is there a good web based administration tool to > manage and account dialup users? > > Adi > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > = Julius Igugu SouthWork Co. Ltd. __ Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish. http://promotions.yahoo.com/new_mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Logon and Logoff Scripts
What are you doing, prepaid cards, or subscription by the hour? You will have to specify cause it might already be built into freeradius. --- Jack Smith <[EMAIL PROTECTED]> wrote: > Hi, > Currently we have a small user base of about 150 users, I was wondering > how feasible it is to create logon scripts that make the session time of > the user equal to the amount of hours they have left in the database and > then at logoff, take the session time away from the users remaining hours. > > Without jumping through hoops, is this at all possible and if so what > will I need attributes wise? > > Jack > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > = Julius Igugu SouthWork Co. Ltd. __ Do you Yahoo!? The all-new My Yahoo! - What will yours do? http://my.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Administration.
Dialup Admin. It's bundled with freeradius. --- tekchip <[EMAIL PROTECTED]> wrote: > Is there an administration application, possibly a web based one that > will do the administration of radius and through radius the back end > user dbase or is the best bet to pick a management application that > connects directly to the back end? For example I'm planning to use > freeradius with mysql. My choices now are ? through freeradius or > something like phpmysql directly to mysql. I was kind of thinking > management through freeradius might be better that way when theres a > major issue with freeradius or the dbase you see it on the management > tool. Eliminates the possability that a user would call and say 'I > cant log in' and having the tech say, well the database is > working...knowing that radius has gone down when it happens vs. when > a user calls. Not a huge difference but I was thinking it's a small > advantage. Thanks for any help/input you can provide. > > = > Brock Hatfield > [EMAIL PROTECTED] > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > = Julius Igugu SouthWork Co. Ltd. __ Do you Yahoo!? All your favorites on one personal page Try My Yahoo! http://my.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Billing server + Radius attribute details
--- prabhan <[EMAIL PROTECTED]> wrote: > How does Radius server maitain the accounting details. in a database or in the detail file > > In a pre paid application , How does the radius server fetch the details > about the credit amount left and the duration available ? it queries the database > > Is the Radius server invoked to send the credit amount and duration > details on sending accounting request or access request packet ? the radius server sends a reply to the access request > > Or is their any specific attribute in the accounting or access request > packets which tell the radius server to send the above mentioned details > in the respective response packets ? the attributes you specify are sent back in the reply > > There are some standard attributes defined from 1 to 100. Also some > vendor specific attribute can be defined. On what basis does radius > client / radius server > take a decision on the attributes to be sent ? Do all of them go in the > request as well as response packets ? not all of them. the ones you specify > > Is there any configuration at the radius server end to specify the > attributes to be sent in the response packets ? yes Do an internet search for radius. Read the documentation in the configuration files. = Julius Igugu SouthWork Co. Ltd. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP problems
see: http://www.missl.cs.umd.edu/wireless/eaptls/ http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/8021X-HOWTO.html --- WiFi Administrator <[EMAIL PROTECTED]> wrote: > Hi all > > I am attempting to use freeradius to authenticate wireless users and am > having problems. If you know of a howto, or site with the specifics > that I am looking for, please let me know. > > Setup -> Proxim 4000 AP which will do the following authentication: > none > wep > wpa > 802.1x > > I can get the 'none' part working just fine |:) > > I won't use WEP > > I haven't been able to figure out where to put the cooresponding > information when a user selects the different security profiles. From > what I have gathered so far, wpa and 802.1x both use the MAC addy as > radcheck.UserName with redcheck.Attribute being the type of security and > the value being the secret or PSK. I have tried to input this directly > with no luck. > = Julius Igugu SouthWork Co. Ltd. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_sqlcounter
RADIUS sends a Session-Timeout (how many seconds the user can stay online) along with the Access-Accept. Then NAS disconnects the user after this time. rlm_sqlcounter will 'calculate' the Session-Timeout to send to the NAS. --- Egoitz Aguirre <[EMAIL PROTECTED]> wrote: > > Ahhh, Thanks I did not understood that very well, in some way this is > logical but what is the part that generates the disconnect signal, the > radius > or the NAT? > Does rlm_sqlcounter module generates timing signals so that NAS disconnects > clients or may be is the NAS the one whitch will ask periodically for > accounting > information? > > Egoitz Aguirre > > > >> I'm trying to build a captive portal using m0n0wall freeradius 1.0.1 and > >> mysql. It is working properly as users authentication and some accounting > >> information is writen in the database, but It does not disconnect the > users > >> when the time is over (has expired). > > > > FreeRADIUS doesn't disconnect users. The NAS disconnects users. > > > > If the users aren't being disconnected, then fix the NAS. > > > > Alan DeKok. > > > >- > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > = Julius Igugu SouthWork Co. Ltd. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MSSQL
http://www.frontios.com/freeradius.htmlnixinfo <[EMAIL PROTECTED]> wrote: I'm looking for some information regarding FreeRadius andMSSQL. I can find several documents talking about a mysql setup, but would like some particulers regarding a mssql setup. Any suggetions? Links, forums, irc channels?- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htmlJulius IguguSouthWork Co. Ltd. Do you Yahoo!? Yahoo! Search presents - Jib Jab's 'Second Term'
Re: Rejecting localhost/Not responding to requests
You'll need to post some debug output. run radiusd in debug mode (radiusd -X) try to authenticate and send the output.kalen betten <[EMAIL PROTECTED]> wrote: I have previously posted this, but received no response. I am gettingfairly desparate, and would really appreciate a response from someone,as I have no where else to turn. Thanks in advance.-Hello,I am having trouble configuring our RADIUS server for use as a 802.11bauthenticator. The box is running Debian Sarge with the FreeRADIUSpackage from apt-get install sources (1.0.1 I believe). As such, Ihave tried to follow the examples onhttp://techupdate.zdnet.com/techupdate/stories/main/0,14179,2693413,00.htmland also from the FreeRADIUS FAQ. Ideally, I would like to have theserver setup so that the username is derived from the radio's MAC(both CPE or AP radios), and the password be the secret key shared byboth the APs and the server. This way no customer intervention wouldbe necessary (i.e. internet access without entering a password eachtime). I thought everything was setup correctly, but when I try torun a radtest on localhost from the server itself, it immediatelyrejects it. I have added it to the clients file (and tried adding tothe users file as well, but to no avail). If I try to radtest on itsactual IP address, it endlessly resends requests, and never returns areply. It also doesn't let any client CPEs authenticate with iteither, even though they are listed correctly (according to examples)in the users file, and the APs are listed in both users andclients.conf. If anyone could provide any insight on this problem, Iwould greatly appreciate it. If you need more information, or I didntinclude something, please let me know and I'll be happy to respond.Thank you.--kalen- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htmlJulius IguguSouthWork Co. Ltd.__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Expire attribute
N3DERJID Max-All-Session := 18000, User-Password=="7US7VZBH", Expiration == "Sep 11 2004" Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Netmask = 255.255.255.254rashad <[EMAIL PROTECTED]> wrote: I want some users account to be expired starting from certain date. Someonewrote in mailing list that there are an Expire check attribute for thispurpose but I can't find any doc about it. Can anyone give the detailed docabout this attribute?- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htmlJulius IguguSouthWork Co. Ltd. Do you Yahoo!? Meet the all-new My Yahoo! Try it today!
Re: about me - and a question
Take a look at Dialupadmin that's bundled with the freradius server. Should do that if setup correctly.Sebastian Wild <[EMAIL PROTECTED]> wrote: Hello list,I've just joined in here. My name is Sebastian and I am from Germany. I work as adminstrator at an ISP and I also am a maintainer of a private wlan project called wlan-r.Now wlan-r uses chillispot to authenticate wireless users on hotspots via freeradius against mysql and it works fine.Recently I've seen that it is possible to get info about which users are currently online on wlan. Since that was not on a hotspot but on a website somewhere at the net I am thinking that it used a feature of the freeradius server. Now it would be very interesting to know how to get the info about which users are currently online out of free radius.Does anyone know how to do that?greets from snowy regensburg, GERSebastian- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htmlJulius IguguSouthWork Co. Ltd.__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
RE: Expire attribute
and "January 1 2005 12:33:44"Adrian <[EMAIL PROTECTED]> wrote: Hello,I am new to this, so I hope I'm not stepping on anybody's toes by asking thefollowing question:can the expiration attribute include a time as well?right now we have something like: Expiration := "2005-01-27" and we would like to send to the NAS somethinglike Expiration := "2005-01-27 15:26"Is that possible? ... Is there a different time format I have to use?... Weuse a colubris box as the NAS.PS. If we send just the date, without the time, everything works fine.Much appreciated,Adrian Boros-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKokSent: Thursday, January 27, 2005 12:53 PMTo: freeradius-users@lists.freeradius.orgSubject: Re: Expire attribute Edgars <[EMAIL PROTECTED]>wrote:> why this Expiration attribute is not mentioned in the link below?:> http://www.freeradius.org/rfc/attributes.htmlIt's not a RADIUS attribute. It's a FreeRADIUS "internal" attribute.You won't see Auth-Type listed there, either.Alan DeKok.-List info/subscribe/unsubscribe? Seehttp://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htmlJulius IguguSouthWork Co. Ltd. Do you Yahoo!? Yahoo! Search presents - Jib Jab's 'Second Term'
Re: freeradius + LAN + auth + bandwidth (+ PPPOE?)
You can use Mikrotik as a PPPoE server. --- TwoMan <[EMAIL PROTECTED]> wrote: > Hi All, > > I would like to use radius to authenticate our users (using desktop pcs) > on our lan, and give them access to internet based on their > authentication data. (to give them bandwidth). I am planning it using a > pppoe server, and then our users will use a pppoe client (eg. rasppoe) > to make the connection. Clients can be linux,w9x,w2k,wxp > Is it a good plan? :) If there's a better solution, could You tell me > what it is? > Which pppoe server is good enough to use for large number of users? (eg. > Roaring Pengiuns' RP-PPPoE server?) > How can I control their bandwidth? > > I could successfully install freeradius wisth myql backend, and I can > use this to authenticate our wifi users, so, the basics of freeradius is > ok. But this time I have to authenticate lan users with oridnary > ethernet network card. > > Thx > > TM > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > Julius Igugu SouthWork Co. Ltd. __ Yahoo! DSL Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: bandwidth per user (pppoe)
http://underlinux.com.br/modules.php?name=News&file=article&sid=4447 --- TwoMan <[EMAIL PROTECTED]> wrote: > Hi All, > > I have successfully set up freeradius with mysql backend, rp-pppoe > concentrator, and pppd. Bandwidth control also working, but every pppd > connection have the same bandwidth, because I cannot determine which > user has benn connected. I use the ppp/ip-up script to control the > bandwidth. The desired bandwidth is in the mysql database too, for each > user. > Could You help me find a way how to use different badwidth to each user? > > thx in advance > > TM > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > Julius Igugu SouthWork Co. Ltd. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: bandwidth restrction with radius and PPTP
http://www.rhbr.com.br/modules.php?name=News&file=print&sid=40Markus Wiedner <[EMAIL PROTECTED]> wrote: Dear all,I have sorted out to configure freeradius/mysql on poptop server.Now i want to restrict bandwidth per user. What procedure should I follow.I know how to restrict bandwidth with tc iproute2 package. But don't knowhow to integrate tc with freeradius/mysql on poptop server.has any one over here did these things?any ideas/clues/rough manual...I have found an older Link about tat in the List, because the Link is dead,please could someone help my?Best regards and sorry for my English- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htmlJulius IguguSouthWork Co. Ltd. Yahoo! Photos Showcase holiday pictures in hardcover Photo Books. You design it and well bind it!- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicate Logins!!!
Use the 'Simultaneous-Login' check attribute. Simultaneous-Login := 1 "Kirti S. Bajwa" <[EMAIL PROTECTED]> wrote: Hello List:I have tried but failed, since I am new to freeRADIUS, I humbly ask forhelp.I want to setup freeRADIUS so it does not allow more than onesimultaneous login on the same UID/PW. I have read it somewhere that itcan be done in freeRADIUS but not can't seem to find the file or thecommand string. Please help.Kirti- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Julius IguguSouthWork Co. Ltd. Yahoo! Autos. Looking for a sweet ride? Get pricing, reviews, & more on new and used cars.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Prepaid billing using freeradius and rlm_counter/rlm_sqlcounter
Assuming you had a way to populate the radius database with your username/password pairs, you could configure each one with a Max-All-Session-Time value.FreeRADIUS will make sure they get disconnected when their time is used up.liran tal <[EMAIL PROTECTED]> wrote: Hey guys,I'd like to try and implement a solution for pre-paid accounts.The idea is that I'd be providing pairs of username/passwords to customers and these accounts will be set to N hours,after those N hours are used by the customer (the user has ran out of his N-hour time) the account will be disabled, i.e: freeradiuswould return an access-reject.I'm currently using FreeRADIUS 1.1.0 with mysql as the back-end on debian and I've read the manpage about rlm_counter andrlm_sqlcounter though the manpage is a bit low of information and examples. Could someone please provide me with an example of how to get freeradius configured to this solution?Thanks,Sincerly, Liran Tal. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Howto Mikrotik and Freeradius
Should work out of the box. Just add mikrotik as a client in clients.confradius ra <[EMAIL PROTECTED]> wrote: Pls help me with the steps of cofiguring Freeradius for Mikrotik.. Or pls locate the link to howto for the same.. Thanks in Advance. kaushal patel Do you Yahoo!?Yahoo! Search presents - Jib Jab's 'Second Term'Julius IguguSouthWork Co. Ltd.__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Pppoe example
Simply defining UserName and Password (and ignoring the other attributes) should work. Take a looka at the 'Rate-Limit' radius attribute in the mikrotik documentation.Ross Tsolakidis <[EMAIL PROTECTED]> wrote: Hello,First time posting on this list, I'm sure this question has beenanswered but I couldn't find a way to search the list.I'm setting up a Freeradius server to authenticate PPPOE, the nas unitsare Mikrotik Routers.I had a look at the examples in the 'users' file, but I could not workit out.Could someone give me an example of a 'users' file specifically forPPPOE users ?User/Pass, IP address, etc...Also, (kinda off topic, but there may be some Mikrotik users out there),do you define the speed say 512/512 in the 'users' file ?Is it possible ?How does one go about doing this in Radius ?Thanks for your time and patience :)--Ross.-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htmlJulius IguguSouthWork Co. Ltd. Do you Yahoo!? Yahoo! Search presents - Jib Jab's 'Second Term'
Re: RADIUS and PPPoE
MikrotikColin O'Keeffe <[EMAIL PROTECTED]> wrote: okay, so a PPPoE server is required to handle the requests. anyrecommendation for a good one ?On Sun, 13 Feb 2005 10:57:15 -0500, Alan DeKok <[EMAIL PROTECTED]>wrote:> Colin O'Keeffe <[EMAIL PROTECTED]>wrote:> > can I set up a dial-up icon that connects to radius to authenticate a> > user and give them access to the network?> > No. RADIUS doesn't work that way.> > The "dial-up" is a PPPoE client, which connects to a PPPoE server.> The PPPoE server may use RADIUS to authenticate the "dial-up" user,> but that user never knows.> > I suggest reading up a lot more on networks before designing or> deploying anything.> > Alan DeKok.> > -> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html>- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htmlJulius IguguSouthWork Co. Ltd.__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: RADIUS and PPPoE
Roaring Penguin PPPoEColin O'Keeffe <[EMAIL PROTECTED]> wrote: I want a software one for linux.thanks for the helpOn Mon, 14 Feb 2005 08:39:37 -0800 (PST), Julius Igugu <[EMAIL PROTECTED]>wrote:> Mikrotik> > Colin O'Keeffe <[EMAIL PROTECTED]>wrote: > okay, so a PPPoE server is required to handle the requests. any> recommendation for a good one ?> > > On Sun, 13 Feb 2005 10:57:15 -0500, Alan DeKok wrote:> > Colin O'Keeffe wrote:> > > can I set up a dial-up icon that connects to radius to authenticate a> > > user and give them access to the network?> > > > No. RADIUS doesn't work that way.> > > > The "dial-up" is a PPPoE client, which connects to a PPPoE server.> > The PPPoE server may use RADIUS to authenticate the "dial-up" user,> > but that user never knows.> > > > I suggest reading up a lot more on networks before designing or> > deploying anything.> > > > Alan DeKok.> > > > -> > List info/subscribe/unsubscribe? See> http://www.freeradius.org/list/users.html> >> > - > List info/subscribe/unsubscribe? See> http://www.freeradius.org/list/users.html> > > Julius Igugu> SouthWork Co. Ltd.> > __> Do You Yahoo!?> Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htmlJulius IguguSouthWork Co. Ltd.__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: FreeRADIUS for Wi-Fi authentication
Take a look at chillispot (http://www.chillispot.org/). You could have both the captive portal and radius server on the same machine if you like! So you'd have: Wireless laptops -> access point --> (radius + chillispot (or nocat)) --> internet Yu-Jia Zhu <[EMAIL PROTECTED]> wrote: Thx for the fast reply.Yeah I've checked out NoCat.. But doesn't this system require an additional computer?The setup would be like this:Wireless laptops --> access point --> nocatauth gateway --> nocatauth authorization server (or radius server)I want my setup to be like this:Wireless laptops -> access point --> radiusShould I be pointing the access points to the linux box as a DHCP server?..I know that moonwall is similar product to nocat.. but I think that it is designed to be running on a separate machine as well..Thanks!-Yu-JiaOn 19-Feb-05, at 7:31 PM, Alan DeKok wrote:> Yu-Jia Zhu <[EMAIL PROTECTED]>wrote:>> I am now trying to take this server to the next level and try and get>> it working so that we can use it for wifi authentication.>> I've been googling around and have found some solutions, including>> using EAP authentication (laptops connected wirelessly to access>> points).. but it seems like all of these solutions need additional>> software to be running on the laptop.>> Not if they're running Windows. They can use 802.1x>>> What I am trying to do is have get full-fledged wireless>> authentication, on any laptop, just by being in the vicinity of the>> access points. We haven't bought our access points yet, but figure>> need something that allows 802.1x authentication (currently looking at>> some US Robotics models).>> I don't have strong opinions one way or the other.>>> As an example, the local public libraries offer free wifi where I >> live.>> You just simply stroll in, open your laptop, and start up your web>> browser. A captive portal redirects your browser to a login screen >> with>> some info/links (walled garden?).. and if you login with a correct>> library card # and password, you are granted full access to the>> internet.>> That doesn't use RADIUS. Or, at least, the AP's don't talk RADIUS.>>> This is basically what I am trying to do. I know of captive portal>> software, but it seems like they're very costly and you require an>> additional computer between the access point and the RADIUS server.. I>> would like everything to be comprised of just roaming laptops, access>> points, and my central linux server. Any ideas??>> http://nocat.net/>> Free captive portal software.>> Alan DeKOk.>>> -> List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html>- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htmlJulius IguguSouthWork Co. Ltd. Do you Yahoo!? Yahoo! Search presents - Jib Jab's 'Second Term'
Re: Wireless MAC Authentications
It is related to your NAS and it is 'goodly' documented. To get MAC Auth onMikrotik you'll have to enable Auth MAC and Auth MAC Password in the HotSpot setup. --- Chris Knipe <[EMAIL PROTECTED]> wrote: > Hi, > > Before anyone jump and say this is related to your NAS, please just let me > start by saying that while my nas (Mikrotik) does support Radius, it is > badly documented. MAC Authentication is not documented at all. > > Is there anyone who managed to get MAC Authentication to work on Mikrotik, > that can shed some light? Up to now, I have no idea what the check items > are, and the reply items I managed to get out of Mikrotik are not inside any > dictionary. > > The reply items I have been provided: > # Wireless-Forward - not forward the client's frames back to the wireless > infrastructure if this attribute is set to "0" (Wireless only) > # Wireless-Skip-Dot1x - disable 802.1x authentication for the particulat > wireless client if set to non-zero value (Wireless only) > # Wireless-Enc-Algo - WEP encryption algorithm: 0 - no encryption, 1 - > 40-bit WEP, 2 - 104-bit WEP (Wireless only) > # Wireless-Enc-Key - WEP encruption key for the client (Wireless only) > > As I said, none of these are in any dictionary, these are the option names > in the router's GUI. I hardly doubt whether these are the right reply > attributes to begin with. > > Hope anyone can shed some light for me. > > -- > Chris. > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > = Julius Igugu SouthWork Co. Ltd. __ Do you Yahoo!? Yahoo! Mail - 250MB free storage. Do more. Manage less. http://info.mail.yahoo.com/mail_250 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Wireless MAC Authentications
If you ask on the Mikrotik forum you'll understand what I'm saying. --- Chris Knipe <[EMAIL PROTECTED]> wrote: > It's operating as a AP, not a Hotspot, that's the whole problem... > > I must be misunderstanding something somewhere... Will RTFM some more. > > -- > Chris. > > > > - Original Message - > From: "Julius Igugu" <[EMAIL PROTECTED]> > To: > Sent: Monday, February 21, 2005 11:54 PM > Subject: Re: Wireless MAC Authentications > > > > It is related to your NAS and it is 'goodly' documented. > > > > To get MAC Auth onMikrotik you'll have to enable Auth MAC and Auth MAC > > Password > > in the HotSpot setup. > > > > --- Chris Knipe <[EMAIL PROTECTED]> wrote: > > > >> Hi, > >> > >> Before anyone jump and say this is related to your NAS, please just let > >> me > >> start by saying that while my nas (Mikrotik) does support Radius, it is > >> badly documented. MAC Authentication is not documented at all. > >> > >> Is there anyone who managed to get MAC Authentication to work on > >> Mikrotik, > >> that can shed some light? Up to now, I have no idea what the check items > >> are, and the reply items I managed to get out of Mikrotik are not inside > >> any > >> dictionary. > >> > >> The reply items I have been provided: > >> # Wireless-Forward - not forward the client's frames back to the wireless > >> infrastructure if this attribute is set to "0" (Wireless only) > >> # Wireless-Skip-Dot1x - disable 802.1x authentication for the particulat > >> wireless client if set to non-zero value (Wireless only) > >> # Wireless-Enc-Algo - WEP encryption algorithm: 0 - no encryption, 1 - > >> 40-bit WEP, 2 - 104-bit WEP (Wireless only) > >> # Wireless-Enc-Key - WEP encruption key for the client (Wireless only) > >> > >> As I said, none of these are in any dictionary, these are the option > >> names > >> in the router's GUI. I hardly doubt whether these are the right reply > >> attributes to begin with. > >> > >> Hope anyone can shed some light for me. > >> > >> -- > >> Chris. > >> > >> > >> - > >> List info/subscribe/unsubscribe? See > >> http://www.freeradius.org/list/users.html > >> > > > > > > = > > Julius Igugu > > SouthWork Co. Ltd. > > > > > > > > __ > > Do you Yahoo!? > > Yahoo! Mail - 250MB free storage. Do more. Manage less. > > http://info.mail.yahoo.com/mail_250 > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > = Julius Igugu SouthWork Co. Ltd. __ Do you Yahoo!? Yahoo! Mail - Easier than ever with enhanced search. Learn more. http://info.mail.yahoo.com/mail_250 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Manip.pm can't be located??
Make sure Date::Manip is installed. Do you have more than one version of perl installed? --- zack musa <[EMAIL PROTECTED]> wrote: > When I try to run the log_badlogins script (perl > log_badlogins) the following output appear: > _ > > [EMAIL PROTECTED] bin]# perl log_badlogins > Can't locate Date/Manip.pm in @INC (@INC contains: > /usr/local/lib/perl5/5.8.6/i686-linux > /usr/local/lib/perl5/5.8.6 > /usr/local/lib/perl5/site_perl/5.8.6/i686-linux > /usr/local/lib/perl5/site_perl/5.8.6 > /usr/local/lib/perl5/site_perl .) at log_badlogins > line 15. > BEGIN failed--compilation aborted at log_badlogins > line 15. > > > Where is the @INC located? Manip.pm is already located > at the /Date directory. I'm sure it is there. But what > is the @INC and why its contain the path to some > directories.What should this directory contain that > make it used by the log_badlogin scripts? > Please help. thanks in advanced. > P/S-My totaccts and mtotaccts run successfully. thank > you to any help on that. > > > > > > > > > __ > Celebrate Yahoo!'s 10th Birthday! > Yahoo! Netrospective: 100 Moments of the Web > http://birthday.yahoo.com/netrospective/ > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > Julius Igugu SouthWork Co. Ltd. __ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: About client web authentication
You need a WLAN Access Point that can isolate/block inter-client traffic. Regards. --- "Nurul Faizal M.Shukeri" <[EMAIL PROTECTED]> wrote: > > Tq 4 ur response > > But if I do this, wlan user still can access each other. How to protect > that? Is that mod_auth_radius that I'm looking for? > > TQ > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Marcin > Jessa > Sent: Wednesday, March 09, 2005 6:31 PM > To: freeradius-users@lists.freeradius.org > Subject: Re: About client web authentication > > You need some kind of hotspot server like routeros or staros. > Or you can do that with Squid and custom firewalling rules to open > connections from i.e. PPTP authenticated users. > > > > On Thu, 10 Mar 2005 09:28:01 -0800 > "Nurul Faizal M.Shukeri" <[EMAIL PROTECTED]> wrote: > > > Hi everyone., > > > > Can anyone explain how to deploy client web authentication. I'm using > > freeradius to authenticate wireless user. For the time being I'm just > > installed Aegis or 802.1X built in windows to be supplicant. Anyone, plz > > help me . > > > > TQ very much > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > -- > > Regards, > M. Jessa > Software developer/System Administrator > http://www.yazzy.org > > > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > Julius Igugu SouthWork Co. Ltd. __ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius+chillyspot
those files should be in /usr/local/etc/raddb/ --- Sebastian Wild <[EMAIL PROTECTED]> wrote: > Rupak wrote: > > > Hello all I am having problems configuring chillyspot with free > > radius.I am confused if this is the correct list to post this > > messasge.The version of free radius is freeradius-1.0.2.tar.gz.This is > > latest free-radius version.The chillyspot version is > > chillispot-1.0RC3.i386.rpm .the chilly installation was ok.I installed > > the radius as follows > > > > $./configure > > > > $make > > > > #make install > > > > Now the tutorial of chilly has instructed to edit a file called > > /etc/raddb/users > > > > /etc/raddb/clients.conf > > > > But there is no such directory or file over there.I think many of you > > people have done this successfully.So can you people help me out of this. > > > > Thanks > > > with freeradius it is /etc/freeradius/users and > /etc/freeradius/clients.conf. > > We have serveral Linksys WRT54G with chillispot in the firmware running > with a freeradius server and it works fine. > More info about our Project available at http://www.wlan-regensburg.de . > > cheers > Sebastian > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > Julius Igugu SouthWork Co. Ltd. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Expiration time of users.
YOu'll need to run a script to set the 'expiration' when the user first logs in. --- Marcin Jessa <[EMAIL PROTECTED]> wrote: > Hi. > > I set up FreeRadius with MySQL backend and sqlcounter to be able to limit > session time of a user. > It works great but I miss one thing. > I'd like a user to be able to login for say 12 hours but the user account > itself would expire after one day after his first login, even if the 12 hours > time quota is not fully used. > What would be the easiest/best/most elegant way to achieve it in combination > with SQL and sqlcounter? > > Cheers, > Marcin Jessa > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > Julius Igugu SouthWork Co. Ltd. __ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question about reauthentication
'Session-Timeout'? --- Ignacio Siles <[EMAIL PROTECTED]> wrote: > Hi all, > > I have a problem with reauthenticacion, because my AP doesn't have the > option to set "reauthenticacion interval". Is there any possibility that > freeradius "force" reauthenticacion? > > My system is as follows: > > - Gemtek P-560 as AP. > - Freeradius 1.0.1 in a Red Hat Enterprise 3. > - Windows XP SP2 EAP/PEAP clients. > > Thanks in advance, > Ignacio. > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > Julius Igugu SouthWork Co. Ltd. __ Discover Yahoo! Have fun online with music videos, cool games, IM and more. Check it out! http://discover.yahoo.com/online.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to populate Postgresql base with users ?
--- "Leonardo B. Cuquejo (Arachnius)" <[EMAIL PROTECTED]> wrote: > Dear Sirs, > > I want to implement PPTP server (either mpd or poptop) with CHAP+MPPE > authentication against freeradius. > > I've successfully configured freeradius+postgresql, but I'm lost in the > database, I've no idea how to populate database. You should be able to do this with Dialup Admin. Julius Igugu SouthWork Co. Ltd. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Are there any Virtual NAS?
--- Yam Biz <[EMAIL PROTECTED]> wrote: > Thank you, > But are there any Virtual NAS or something else can be replace a NAS? > You know, that is difficult to have a NAS, it is so expensive. > Thank again! If you explain a little more about what you'll be doing I could offer some not "so expensive" solution. Julius Igugu SouthWork Co. Ltd. Yahoo! Sports Rekindle the Rivalries. Sign up for Fantasy Football http://football.fantasysports.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: total sesstion timeout?
Max-All-Session-Time --- Armin ranjbar <[EMAIL PROTECTED]> wrote: > hi list , > > Is there any way to describe 'total session timeout' , i mean total time that > the can login . the session timeout attribute is usefull over single > connection ... > > > -- > Q:What does a WASP Mom make for dinner? > A:A crisp salad, a hearty soup, a lovely entree, followed by > a delicious dessert. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > Julius Igugu SouthWork Co. Ltd. __ Yahoo! Mail for Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: newbie questions using freeradius as wifi access point
I think you have succesfully compiled and installed FreeRADIUS. Try, "radiusd -X" --- Will Carter <[EMAIL PROTECTED]> wrote: > Please take a look here... > http://wcarter.webitects.com/freeRadiusDebug.html > > This url outlines what I did and has links to the terminal output with each > command. > > I executed these commands... > $ cvs -d :pserver:[EMAIL PROTECTED]:/source login > $ cvs -d :pserver:[EMAIL PROTECTED]:/source co -r release_1_0 > radiusd > > now I have a radiusd folder with what seems like all the files I need to > compile. > > executing this configure... > ./configure --localstatedir=/var --sysconfdir=/etc > --with-mysql-include-dir=/usr/include/mysql > --with-mysql-lib-dir=/usr/lib/mysql --with-mysql-dir=/usr/bin/mysql > --with-experimental-modules > configure debug > > make > > make install > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Alan > DeKok > Sent: Friday, July 29, 2005 12:12 PM > To: FreeRadius users mailing list > Subject: Re: newbie questions using freeradius as wifi access point > > "Will Carter" <[EMAIL PROTECTED]> wrote: > > Is it correct to say that after I successfully execute the 2 commands > above > > that I should have a set of code that I need to compile with configure, > > make, and make install? > > Yes. This is *exactly* how 1.0.4 was created. It's just a "tar" > file from that process. > > > When I attempt this, I get a set of files but am not successful at > > compiling them. > > Are you willng to say what errors you're seeing? > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > Julius Igugu SouthWork Co. Ltd. Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius with auth Mac addresses
--- robin rapa <[EMAIL PROTECTED]> wrote: > 000F20-93DD75 Auth-TYPE := Local, User-Password == "passecret" > You have the above entry in your users file. > rad_recv: Access-Request packet from host 192.168.0.6:1024, id=17, > length=150 > User-Name = "00-0f-20-93-dd-75" > NAS-IP-Address = 192.168.0.6 > Called-Station-Id = "00-10-40-01-7f-01" > NAS-Identifier = "ap" > NAS-Port-Type = Wireless-Other > Framed-MTU = 1400 > Calling-Station-Id = "00-0f-20-93-dd-75" > Service-Type = Authenticate-Only > User-Password = "passecret" > Message-Authenticator = 0x5f3efecba64473e28b2d9b48d8f0a30c Your NAS sends the above request. You aught to have: 00-0f-20-93-dd-75 Auth-TYPE := Local, User-Password == "passecret" in your users file. Julius Igugu SouthWork Co. Ltd. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup-admin not giving results
Did you import the database shema included with dial-up admin into your radius database? The settings can be changed in the config file for dialup admin.Sarky <[EMAIL PROTECTED]> wrote: Hi all I have installed Freeradius and it is working fine with mysql, now for ease of configuration i have installed Dialup-Admin now i can add all users in there but i am having problems with statistics/user statistics/online users/bad users/failed logins none of the above work. another thing i have noticed that if i add a user I have a 4hour limit per day and i dont know how to change those basic settings. Thank you Sarky IncrediMail - Email has finally evolved - Click Here Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it!
Re: Script to convert users
After untaring freeradius, there's one in the scripts directory.Bartosz Jozwiak <[EMAIL PROTECTED]> wrote: Hello,is there any scrip to convert/copy all radius accounts from a file intomysql database?Thank you in adavance.Bartosz- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it!
Re: help.
Try mikrotik. (www.mikrotik.com) or hotspotd (www.mondru.com). They both have free versions. Julius Igugu SouthWork Co. LtdwEiRDo <[EMAIL PROTECTED]> wrote: Norguhtar, thank you for the help. Sorry but I am just starting using freeRadius. I just want to know though do we need a hardware to implement NAS? can you please give me some links on this topic. and lastly, can i test my freeradius server without a NAS (I mean, for the meantime). thank you._Leonardo D. Pabroquez Jr.00-51582Department of Computer Science, College of EngineeringUniversity of the PhilippinesDiliman, Quezon City- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it!
Re: Wireless
It does. I tested it with eap-ttls and it worked ok. Julius Igugu SouthWork Co. LtdHoria Chirculescu <[EMAIL PROTECTED]> wrote: Hello, from Romania.Does anyone knows if AEGIS client software works with freeradiusEAP server? I know that there is a free client (alpha stage?) on linux,but how about windows?Thank you. o ~ // // / __ \ // \ // //'''' //\\//_// / / / / //___ / // // // \\// // / /_/ / // \ // // //\\ // // \/ // \ // \\ // \\Comtec Net RomaniaWEB: www.eltop.ro IRC: irc.eltop.ro NEWS: news.eltop.roHoria Chirculescu [EMAIL PROTECTED]Connex: +40 723 205 086Zapp: +40 788 374 059- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Do you Yahoo!? Yahoo! Search - Find what youre looking for faster.
Re: Wireless
Horia Chirculescu <[EMAIL PROTECTED]> wrote: Hi, JuliusCan you please be more specific? What was actually your setup/hardwarethat you used? Freeradius CVS version on redhat 9.0 (compiled with experimental modules) What type of Wireless AP did you use, YDI's AP+ Access Point (confidured 802.1x authentication) what type ofWireless client(s) did you use, YDI's USB-Ant as client and so on...I would like to try the Zyxell's equippment: B200 (AP) and B420 (SA). Doyou know something about that setup? Don't know about Zyxell equipment but check to see if 802.1x authentication is supported on the access point then I think it should work. eap-ttls should work ?Thank you. see http://www.missl.cs.umd.edu/wireless/eaptls/ o ~ // // / __ \ // \ // //'''' //\\//_// / / / / //___ / // // // \\// // / /_/ / // \ // // //\\ // // \/ // \ // \\ // \\Comtec Net RomaniaWEB: www.eltop.ro IRC: irc.eltop.ro NEWS: news.eltop.roHoria Chirculescu [EMAIL PROTECTED]Connex: +40 723 205 086Zapp: +40 788 374 059On Fri, 5 Mar 2004, Julius Igugu wrote:> It does. I tested it with eap-ttls and it worked ok.> > Julius Igugu> SouthWork Co. Ltd> > Horia Chirculescu <[EMAIL PROTECTED]>wrote:> Hello, from Romania.> > Does anyone knows if AEGIS client software works with freeradius> EAP server? I know that there is a free client (alpha stage?) on linux,> but how about windows?> > Thank you.> > > o ~ > // // / __ \ // \ // //'''' //\\> //_// / / / / //___ / // // // \\> // // / /_/ / // \ // // //\\ > // // \/ // \ // \\ // \\> > Comtec Net Romania> > WEB: www.eltop.ro IRC: irc.eltop.ro NEWS: news.eltop.ro> > Horia Chirculescu [EMAIL PROTECTED]> Connex: +40 723 205 086> Zapp: +40 788 374 059> > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html> > -> Do you Yahoo!?> Yahoo! Search - Find what youre looking for faster.-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Do you Yahoo!? Yahoo! Search - Find what youre looking for faster.
Re: Aplication of Free Radius Server
Also, take a look at mikrotik (www.mikrotik.com), it has a hotspot solution that does web based auth. It could be used with an access point or could be setup as one (with the addition of a witeless lan card).Michael Griego <[EMAIL PROTECTED]> wrote: On Sun, 2004-03-07 at 12:54, Matt Bailey wrote:> The trick is that I don't want a proxy server at the remote location. I'm trying> to accomplish this with a Radius server and AP's that are 802.1X compliant, but> I'm not sure if this is the appropriate way to accomplish this.802.1x requires the use of a RADIUS server, so you're heading in theright direction if you want to use 802.1x.> For some reason I am under the impression that some AP's have an HTML splash> screen to enter user name and password via a radius server. The only AP I have> had to test is a dwl900AP+ trying to authenticate a WinXP box, and it certainly> does not come up with an HTML splash screen (After doing some reading it almost> sounds like you have to have proprietary client software on every computer that> wants to authenticate???).This is not what 802.1x is. 802.1x *does* require a client, but it is*not* a proprietary client. Many OS's these days come with them builtin, ie Windows XP and up and Mac OS X 10.3 and up. A free 802.1x isavailable for Linux (http://www.open1x.org).> What AP's (if any) have this functionality?If you're wanting to use the HTML splash page type setup and still useRADIUS as the AAA platform, take a look at the Proxim AP-2500 units. They're designed to do just this.> Am I completely off base w/ my application of this Radius Server?Not at all, you just need to understand what it is you're wanting andwhat each technology does a little better.I would personally suggest you continue on your course with 802.1x. 802.1x does require the setup of a client, however it providesadvantages over other methods, such as dynamic keying when TLS-based EAPmethods are used.-- --Mike---Michael GriegoWireless LAN Project ManagerThe University of Texas at Dallas- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Do you Yahoo!? Yahoo! Search - Find what youre looking for faster.
Re: Using FreeRadius for a HotSpot with a PrePaid Billing System
Yes.John Kiehnle <[EMAIL PROTECTED]> wrote: I have like many I am sure, developed a full system in php with registration linked to VeriSign for CC processing. If the card transaction is accepted VeriSign can send all the data to a form which posts the UID / password into MySQL or LDAP for instant authentication. It is very basic but gets the $$$ into bank and user online right now. Anyone want copies of the php scripts. JKOn Tue, 23 Mar 2004 10:41:44 -0500"Oswin Ondarza" <[EMAIL PROTECTED]>wrote:>Hi everyone,>>I am trying to build a Hotspot system using FreeRADIUS, > I have a Colubris CN3000 NAS and it works great with >the FreeRADIUS, but now I need a billing system >integrated to the FreeRADIUS so users when enter the >hotspot can pay with credit card using the >explorer/mozilla to get access or to get login >information.>>I would like to build a complete open source solution, so >the only prepaid billing system open source that I have >found thar "could" be intergrated with the FreeRADIUS is > "FreeSide" (http://www.sisd.com/freeside/) but I >haven't tried it yet, I would like to hear a little about >this before doing it.>>>So, any Opinion ? Suggestions ? is anybody tryng the >same solution ???>>>I hope someone can help me,>>Thanks in advance !!!>>Oswin.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htmlJulius IguguSouthWork Co. Ltd.234 (802) 320-7540Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time.
Re: New radius user.
For the LAN clients: > 1) Will the switch acts as a Radius Client. What model of switch are you using? Do you already have the switch? > 2) How to configure radius server and switch for the above described scenario. I need to know the answer to the above to answer this. > 3) Will I need a separate protocol for Communication between User and Switch. Maybe, depends on the switch you're using. > 4) Can user send requests directly to the Radius Server.No For the WiFi clients: > 1) Will the switch acts as a Radius Client. Most access points can act as radius clients. > 2) How to configure radius server and switch for the above described scenario. http://www.freeradius.org/doc/EAPTLS.pdf shows how to setup eap/tls. > 3) Will I need a separate protocol for Communication between User and Switch. Maybe. If you want to authenticate with username and password, you might need to use eap-ttls. > 4) Can user send requests directly to the Radius Server.NoAoun Shah <[EMAIL PROTECTED]> wrote: Hi all, I want to test radius for authenticating users on WLAN and ethernet. The scenario for ethernet is User(Ethernet Switch)[Radius Server] In my Scenario when a user plugs his laptop to any port of the switch.The switch asks user to authenticate itself. The user sends its Username and Password to switch. Switch will forward the request to the radius server. If radius server approves the authentication request the switch will open its port for the user. Now user can enjoy using the network. Now I have following questions. 1) Will the switch acts as a Radius Client. 2) How to configure radius server and switch for the above described scenario. 3) Will I need a separate protocol for Communication between User and Switch. 4) Can user send requests directly to the Radius Server. WLAN Scenario. The scenario is similar to the ethernet, but now Switch is replaced by the access point. User --Access Point[Radius Server] The questions are same just replace the word Switch with Access Point. Thankx In advance. Raza. University of stuttgart. Do you Yahoo!?Yahoo! Finance Tax Center - File online. File on time.Julius IguguSouthWork Co. Ltd.234 (802) 320-7540Do you Yahoo!? Yahoo! Small Business $15K Web Design Giveaway - Enter today
Re: 802.1x port authentication with Freeradius
Hi,
To setup freeradius with 802.1x you need to do something like this:
Server.
1. Install freeradius with eap-ttls support (compile the cvs version --with-experimental-modules)
2. Enable eap-ttls support in radiusd.conf
3. edit the users file and add a user
4. edit the clients file and add your switch (or access point) as a client
5. start your freeradius (radiusd -X)
Client (your switch or access point)
1. Enable 802.1x authentication
Suplicant (Your Windows XP Notebook).
1. Download Secure W2 client and follow the install instructions. (This enables eap-ttls on win xp so you can authenticate with a username and password)
Aoun Shah <[EMAIL PROTECTED]> wrote:
Hi,
I am in deep trouble right now. I want to use 802.1x Port based authentication for my testbed, doesn't seems to be sucessful.
(Laptop XP)-(switch cisco catalyst 2970)---(radius server).
On Laptop I have choosed EAP-MD5 challange for authentication. The switch is also enabled with radius and 802.1x. on the raduis server I have this entries in radius.conf file
eap {
md5 { username = radiuser11 password = radiuser11 }
}
In the users file I have enterd for this user.
radiuser11 Auth-Type:= EAP, User-Password== "radiuser11" Service-Type = Framed-User, Fall-Through:= Yes
in the clients file I have this enrty for switch.
129.69.1.50 cisc391s2790 #changed by Aoun 6-4-04
in the naslist I have this entry
129.69.1.50 local cisco # changed by Aoun 6-4-04
with the above all given entries I am able to get the following result.
18:11:19.828169 129.69.1.50.radius > testserv.rus.uni-stuttgart.de.radius: rad-access-req 104 [id 49] Attr[ NAS_ipaddr{129.69.1.50} NAS_port_type{Async} User{radiuser11} Service_type{Framed} Framed_mtu{1500}(zero-length attribute)
18:11:24.825612 testserv.rus.uni-stuttgart.de.radius > 129.69.1.50.radius: rad-access-reject 20 [id 49] (DF)
The radius server is always rejecting the authentication request.
I have tried the Ideas I received on this list by Frederic but no sucess. Can somebody tell me either my configurations are wrong or any other cause of this problem. I have looked on internet nobody have defined the exact way to do so. I am looking for help to proceed.
Thanks.
Aoun.
University of Stuttgart.
Do you Yahoo!?Yahoo! Finance Tax Center - File online. File on time.Julius IguguSouthWork Co. Ltd.234 (802) 320-7540Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway - Enter today
Re: EAP configurations
Could you post a copy of your radiusd.conf?Aoun Shah <[EMAIL PROTECTED]> wrote: Hi guys, While running in the debugging mode I have the following output of the radius server. I see only one message which say auth: Failed to validate the user. in this trace, I want to know why this message is coming. I hope that this is cause for rejection from radius server. Can any one tell by looking a the below traces what could be the reasons. rad_recv: Access-Request packet from host 129.69.1.50:1812, id=2, length=104 NAS-IP-Address = 129.69.1.50 NAS-Port-Type = Async User-Name = "testuser" Service-Type = Framed-User Framed-MTU = 1500 Calling-Station-Id = "00-e0-00-99-75-bd" EAP-Message = "\002\000\000\014\001radius1" Message-Authenticator = 0x0ba1ecf55dee6d6527f3b77fb9194de4modcall: entering group authorize modcall[authorize]: module "preprocess" returns okrlm_chap: Could not find proper Chap-Password attribute in request modcall[authorize]: module "chap" returns noop modcall[authorize]: module "mschap" returns notfound modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched radius1 at 215 modcall[authorize]: module "files" returns okmodcall: group authorize returns updated rad_check_password: Found Auth-Type EAP/***/ auth: type "EAP"auth: Failed to validate the user. /**/Delaying request 0 for 1 secondsFinished request 0Going to the next request--- Walking the entire request list ---Waking up in 1 seconds...--- Walking the entire request list ---Waking up in 1 seconds...--- Walking the entire request list ---Sending Access-Reject of id 2 to 129.69.1.50:1812Waking up in 4 seconds...--- Walking the entire request list ---Cleaning up request 0 ID 2 with timestamp 407562ad thanks in advance for ur help. Aoun Stuttgart Universitý. Do you Yahoo!?Yahoo! Finance Tax Center - File online. File on time.Julius IguguSouthWork Co. Ltd.234 (802) 320-7540Do you Yahoo!? Yahoo! Small Business $15K Web Design Giveaway - Enter today
Re: expiration attribute
Hi, The expiration attribute is the account expiration date. The account will be disabled on that date."Milver S. Nisay" <[EMAIL PROTECTED]> wrote: can anyone elaborate more of the "Expiration" attribute?is it an attribute of password age or expiration for password?i am am trying to play around for an expiration attribute -- expiration foran accountfrom MySQL table and not from system accounts, using freeradius under FC1.anyone?//milver- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htmlJulius IguguSouthWork Co. Ltd.234 (802) 320-7540 Do you Yahoo!? Yahoo! Photos: High-quality 4x6 digital prints for 25¢
Re: Open ports over firewall
Hi, What firewall are you using? I know with a linux firewall you could tell it to allow incomming traffic on ports 1812 & 1813 and related or established connections. This way replies to requests from your NAS are let through whatever port they come from.Julius IguguSouthWork Co. Ltd.234 (802) 320-7540 Do you Yahoo!?Win a $20,000 Career Makeover at Yahoo! HotJobs
Re: Prepaid Bandwidth disconnections
I don't know about cisco PDSN but Mikrotik supports Recv-Limit and Xmit-Limit. Check if your NAS supports something similar. I don't know about the possibility or using rlm_sql_counter for something similar to Max-All-Session-Time (Max-All-Session-Bytes?).Michael da Silva Pereira <[EMAIL PROTECTED]> wrote: Hi, I am currently trying to setup a bandwidth prepaid realm, Whereby clients buy 1G, 2G, 10Gigs, or watever. Then I need my radius server to disconnect these people as soon as this number is hit, is there anyway to do this. I am running a cisco PDSN as my NAS, I've already looked at session-timeouts, but my clients would be annoyed being disconnected all the time. Thanks, Michael da silva pereira- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail Beta.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
