Re: (no subject)
I checked their website and there was nothing about that server. Do you happen to know where to download it? On Tue, 11 Jan 2005 22:04:43 -0500 "Janakan Rajendran" <[EMAIL PROTECTED]> wrote: > > Try Multi-tech Radius server > _ > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Zhao > Yu,SCNB R&D NNA(BJ) > Sent: Tuesday, January 11, 2005 5:27 AM > To: freeradius-users@lists.freeradius.org > Subject: (no subject) > > Is there any opensource radius server than runs well on Windows 2000. > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: multiple logins/one username
You want to write that in chinese too? On Tue, 30 Nov 2004 22:47:14 + Mihai Barbulescu <[EMAIL PROTECTED]> wrote: > Da man e posibil... > SI eu am cautat in documentatie o gramada : > > Pui as A: > Simultaneous-Use := 1 > > > Asta in tabela : radgroupcheck. >Si pui la grupul tau variabila asta. > > On Tue, Nov 30, 2004 at 06:30:09PM +0200, Samareanu Florin wrote: > > is there any way to "prevent" multiple logins for 1 username (i have > > freeradius & mysql)? > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > -- > Barbulescu Mihai > Network Engineer > RoEduNet Bucharest NOC > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ip pool in mysql
Hi. I use Mikrotik as my NAS server and there i have configured an IP-Pool called Official And this is my SQL: CREATE TABLE radreply ( id int(11) unsigned NOT NULL auto_increment, UserName varchar(64) NOT NULL default '', Attribute varchar(32) NOT NULL default '', op char(2) NOT NULL default '=', Value varchar(253) NOT NULL default '', prio int(10) unsigned NOT NULL default '0', PRIMARY KEY (id), KEY UserName (UserName(32)) ) TYPE=MyISAM; INSERT INTO radreply VALUES (341,'username','Ascend-Data-Rate','=','524288',0); INSERT INTO radreply VALUES (340,'username','Ascend-Data-Rate','=','524288',1); INSERT INTO radreply VALUES (339,'username','Port-Limit','=','1',0); INSERT INTO radreply VALUES (338,'username','Framed-IP-Address','=','255.255.255.254',0); INSERT INTO radreply VALUES (402,'username','Framed-Pool',':=','Official',0); Any other values are taken care of by the NAS server. Cheers. On Tue, 26 Oct 2004 14:09:55 -0700 ral <[EMAIL PROTECTED]> wrote: > Hi, > > I'm trying to use mysql with freeradius, my problem is, it looks like ip > pool doesn't work, I'm not sure with my schema though, can anyone give > me a sample of the schema for this? > > > Thanks. > > Lito > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Rate limit radius requests
Your NAS should be able to handle it. Set one connection per user and you should be fine. On Sat, 12 Jun 2004 09:18:11 -0800 Matthew Schumacher <[EMAIL PROTECTED]> wrote: > List, > > Is there a way to rate limit radius requests? Whenever the router guy > kicks a router full of DSL connections we get a flood of radius > accounting messages which overloads the database server causing "There > are no DB handles to use!" error messages. While the DB can handle the > current load, it can get overrun in certain circumstances. I figure > some form of rate limiting causing the radius server to only handle so > many requests per second might be the solution to this. > > Another question I have is what exactly happens with that error message, > does radius retry to insert the accounting record or does it simply drop it? > > Thanks, > > schu > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: clear text passwords?
Hi Tim. You can hack the portal to change users's password if they change them on the portal. You could of course make freeradius authenticate your users from the portal database as well. FreeRadius should work fine against MSSQL but I have never tested it myself. The passwords will not be sent in clear text, that is the whole point. Your PPP users will authenticate with encryption against SQL server with unencrypted passwords. The only danger is someone could break into your Windows box and read users's passwords. Otherwise you're on the safe side. MPPE is for PPPoE/PPTP , and PPTP is used by Microsoft to create VPN connections. This is the same thing, the same encryption method. And yes, PPP is the same protocol as the one used by dialup users. You "dial" your server with username and password pair. After that you're granted access to the rescources you want to share, i.e internet access or access to your LAN. PPPoE and PPTP work a bit differently. With PPTP users need an initial IP, either given them by you or by a DHCP server. This is like if they had a telephone number. Then they "call" your PPTP server using it's IP number. With PPPoE you do not need any initial IP. PPPoE is kinda like DHCP. The clients's software detects a PPPoE server, make a call with username and password and gets all the info needed to access your rescources. Many ISPs use PPPoE for their xDSL connections. We use it for our WLAN customers. It's a very easy and convinient way of dealing with stuff for an ISP. Windows XP users have a native PPPoE client in their OS, other users would need something like RASPPPOE to create a connection. All they need is username and password, everything else is "given" them by your PPPoE server, things like IP, DNS servers, default route, encryption method, compression(or not). If your NAS (network access server) supports it, you can also set up bandwith restrictions on each connection or for all of them. This is also something NAS gets from your database. Pretty cool, isn't it ? Cheers, YazzY On Fri, 11 Jun 2004 17:27:05 +0800 <[EMAIL PROTECTED]> wrote: > Hi yazzy. > > Wow, thanks for your quick reply! I can bet I saw many of your posts on > google too... :) > > Anyway, just wondering, will it be insecure if the user/passwords are just > left in clear text on a server? > > Actually, I don't really like the idea of having a different user/pass for > the radius authentication and for the portal server authentication... makes > it more difficult should a student forget his/her password... but the worst > thing of all, the school portal server, its MSSQL db and the internal school > network are separated by the entire internet... I'm not sure about the SQL > protocol, but if I were to grab user/pass list from the portal server, does > it mean they'll be in plain text over the internet too? > > Forgive me if I'm wrong, but when you mention ppp and mppe128, I've only > heard of them as dialup/VPN protocols... or can they be used in APs too? > > > Thanks so much, > Tim. > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Martin > Jessa > Sent: Friday, June 11, 2004 5:04 PM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: MD5-hashed passwords? > > Hi Tim. > > If you want to use encryption for your ppp users you need to drop md5 > hashing of your sql passwords. > Just sync your old SQL database with a new one for radius only and put > unencrypted passwords there. > You can use md5 hashed passwords but then you will not be able to use crypto > for your PPP connections. > I'd suggest you to use PPPoE with MPPE128 bit encryption for both passwords > and data. > You will get a slight overhead on data encryption but not much really. > With PPP(oE) you can easly add different bandwith limits for each of the > users, set up user's static or dynamic IPs. > > Cheers, > YazzY > > On Fri, 11 Jun 2004 16:47:43 +0800 > <[EMAIL PROTECTED]> wrote: > > > Hi everyone. > > > > I've tried searching google countless times but can't get the solution, so > > I'm hoping you guys can help me... > > > > Case: I currently have 11 Cisco 350 series APs in a school, and I'd like > to > > move away from using MAC filters (for about 250 users so far) and use a > > radius solution. The students each have access to a portal, but the > > passwords are all hashed with MD5 and stored in a MSSQL database. > > > > Questions: Are there any authentication protocols (that can use MD5 hashed > > passwords) that I could use to authenticate the wireless users? I read > th
Re: MD5-hashed passwords?
Hi Tim. If you want to use encryption for your ppp users you need to drop md5 hashing of your sql passwords. Just sync your old SQL database with a new one for radius only and put unencrypted passwords there. You can use md5 hashed passwords but then you will not be able to use crypto for your PPP connections. I'd suggest you to use PPPoE with MPPE128 bit encryption for both passwords and data. You will get a slight overhead on data encryption but not much really. With PPP(oE) you can easly add different bandwith limits for each of the users, set up user's static or dynamic IPs. Cheers, YazzY On Fri, 11 Jun 2004 16:47:43 +0800 <[EMAIL PROTECTED]> wrote: > Hi everyone. > > I've tried searching google countless times but can't get the solution, so > I'm hoping you guys can help me... > > Case: I currently have 11 Cisco 350 series APs in a school, and I'd like to > move away from using MAC filters (for about 250 users so far) and use a > radius solution. The students each have access to a portal, but the > passwords are all hashed with MD5 and stored in a MSSQL database. > > Questions: Are there any authentication protocols (that can use MD5 hashed > passwords) that I could use to authenticate the wireless users? I read the > section about using PAP, but should I use it, does it mean that the > user/pass will be transmitted over the air unencrypted? I'm also hoping to > use some sort of dynamic WEP key rotation or TKIP. > > Right now when I try to configure the clients, I only see PEAP or > certificates (which I don't want to use) as methods of 802.1x > authentication, or LEAP if I use the cisco aironet client... does it mean > I'm limited to the two for authenticating wireless users? > > If I'm able to change the type of encryption used for the portal server's > password database, which type of encryption is supported by > EAP/LEAP/freeradius? > > I'm very new at network authentication/freeradius/linux, so forgive me if I > say something wrong. > > > Thanks, > Tim. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup-admin
Then it's propably not running. Run netstat -l |grep mysql It should be listed Or ps auxww |grep mysql On Thu, 18 Mar 2004 17:46:04 -0800 (PST) Amedzekor Kafui <[EMAIL PROTECTED]> wrote: > Hi, > > I used to run Redhat 9 but I upgraded to Fedora Core 1 > using yum. > > I run apache 2.0.4 and php 4.3.4 and postgresql 7.3.4 > on Fedora Core 1. I run yum as a cron job to update my > system every night. > > I am no more able to use dialup-admin again. Anytime I > click on New User I get the error meesage "Could not > connect to SQL database". > What could be wrong? > > Does dialup_admin work with php running as a module on > apache. > Thanks. > > Kafui Amedzekor. > > > > > __ > Do you Yahoo!? > Yahoo! Mail - More reliable, more storage, less spam > http://mail.yahoo.com > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
