Re: Using encrypted passwords in users file
that is the hashed password. You can change it by generating a hash of your new password... you would probably use crypt(3) to do that... The original password was never stored in cleartext form. You could store a cleartext password if you really wanted to, but that is less than secure. On Thu, Sep 1, 2011 at 8:57 AM, sundoo sandu_nas...@yahoo.com wrote: Hello, I'm new to FreeRadius and to linux. Maybe this question will sound stupid, but I really need you help. I have a server running freeradius. These are some outputs of the configuration: *etc/freeradius/radiusd.conf* # passwd = /etc/passwd shadow = /etc/shadow # group = /etc/group */etc/freeradius/users* test1 Auth-Type := Crypt-Local, User-Password := $1$NzW2iwkn$ygDcJgb4WhAEqQYfySFkj/ Service-Type = Administrative-User, Cajun-Service-Type := 3, */etc/shadow* test1:$1$cnEh49V6$Q.68mw.3P5rgmsfhbo/iC1:15217:0:9:7::: I would like to change the password for the user test1. But in the users file I see only the encrypted password. Where is the original password stored ? How do I change it ? Thanks a lot for your help. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Using-encrypted-passwords-in-users-file-tp4758890p4758890.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Quis custodiet ipsos custodes?: who shall watch the watchers themselves? - Juvenal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Restrict access per NAS
you are probably looking to check for the calling-station-id attribute... im not sure how to do with ldap. On Fri, Apr 8, 2011 at 7:11 AM, Sergio Belkin seb...@gmail.com wrote: Hi, Is there a way to restrict an LDAP user to be authorized only from an specific NAS (Access Point)? I'm using FreeRADIUS Version 2.1.1 Thanks in advance! -- -- Sergio Belkin http://www.sergiobelkin.com Watch More TV http://sebelk.blogspot.com LPIC-2 Certified - http://www.lpi.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Quis custodiet ipsos custodes?: who shall watch the watchers themselves? - Juvenal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS + Cygwin + Active Directory authentication?
Frankly, running Free Radius on windows sounds like a bad idea, especially should you ever need to update it or have another person (maybe 5 years down the road) change it a bit. Generally, running server process under cygwin is a lot of extra work for not much convenience. I would suggest either running it on a linux server (and documenting everything you do) or running a different RADIUS server that natively runs on windows. On Wed, Feb 9, 2011 at 9:36 PM, Moe, John j...@hatch.com.au wrote: I'm trying to set up a FreeRADIUS server in our organization, and the corporate preference is to run on Windows. I've got FreeRADIUS to compile and have successfully completed the PAP test (from http://deployingradius.com/documents/configuration/pap.html) to make sure it works. Now I'm looking to set up Active Directory authentication. To do that, all the documentation I've read is geared towards Linux servers running Samba. From what I gather, it uses the ntlm_auth program to authenticate to the Windows Active Directory, which returns NT_KEY output, which is needed in order for FreeRADIUS to perform MS-CHAP authentication. Is there a way I can do this on a Windows/Cygwin server? I tried to get Samba to compile and install to test if it'd work on a Windows server, but it needed Kerberos to talk to AD, and Kerberos didn't seem to want to compile without shared libraries, which apparently Cygwin doesn't support. Does anyone know any other programs that can be used to provide this authentication mechanism, that also run on Windows? Or do I need to do this on a Linux server? I've tried to Google for the answers to this without luck. Any help or pointers would be appreciated. Thanks. John H. Moe Network Support - Hatch IT HATCH Tel: +61 (7) 3166 Direct: +61 (7) 3166 7684 Fax: +61 (7) 3368 3754 Mobile: +61 438 772 425 61 Petrie Terrace, Brisbane, Queensland Australia 4011 * NOTICE - This message from Hatch is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential or proprietary. Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, arrive late or contain viruses. By communicating with us via e-mail, you accept such risks. When addressed to our clients, any information, drawings, opinions or advice (collectively, information) contained in this e-mail is subject to the terms and conditions expressed in the governing agreements. Where no such agreement exists, the recipient shall neither rely upon nor disclose to others, such information without our written consent. Unless otherwise agreed, we do not assume any liability with respect to the accuracy or completeness of the information set out in this e-mail. If you have received this message in error, please notify us immediately by return e-mail and destroy and delete the message from your computer. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Quis custodiet ipsos custodes?: who shall watch the watchers themselves? - Juvenal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re:
It depends on they way your NAS (access point of whatnot) sends the mac address. some send it as the username/password... some send it other ways... On Wed, Nov 24, 2010 at 12:26 PM, Leander S. i...@netocean.de wrote: to prevent tears: check out /etc/raddb/clients.conf but now there is now way arround reading the instructions - cause otherwhise you'll screw it up! Am 24.11.2010 21:21, schrieb NetOcean: Check that one out: http://lmgtfy.com/?q=rtfm ... unfortunately Ubuntu doesn't serve a preconfigured FreeRADIUS Server a UserManagement GUI yet ;/ - you may request that ... Am 24.11.2010 20:34, schrieb Hugo Lúa Garcia: COULD SOMEONE HELP ME TO KNOW WHAT ARE THE FILES THAT SHOULD CHANGE TO VALIDATE USER THROUGH THE MAC ADDRESS, AND I HAVE ALREADY INSTALLED FreeRADIUS 2.1.10 and am running the server on a Ubuntu operating system, HOW DO YOU ADD USER the server and validate MAC ADDRESS? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Quis custodiet ipsos custodes?: who shall watch the watchers themselves? - Juvenal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to setup in fedora ?
look at the configuration files in /etc/raddb, they're pretty self-explanatory. It really depends on what you want to do. On Thu, Jul 8, 2010 at 11:03 PM, Abraham Varricatt abraham.varricatt+freerad...@googlemail.com wrote: Hello, I just flashed a linksys with dd-wrt and now I'm trying to setup a freeradius server on a Fedora system. For the life of me, I can't figure out what to do next on the system. I've installed freeradius by running - sudo yum install freeradius on my Fedora, but what do I do next? The online wiki hasn't been too helpful with fedora-specific info. I'm hoping to setup a dialupadmin interface and manage things from there. I don't want to hold hands here, but could someone give me a hint on what I should be looking into next ? Puzzled, Abraham V. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Quis custodiet ipsos custodes?: who shall watch the watchers themselves? - Juvenal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to use Freeradius with traffic limit?
NAS is nearly analogous to RADIUS client. basically, it depends on the thing that is talking to Freeradius to say how to configure kicking someone off in real time. You could stick a script before authentication happens to check whether or not a user has exceeded his bandwidth and then either allow or dont allow them to log on again but that seems like a bad way of doing it. On Mon, Jun 7, 2010 at 4:00 PM, RaidenII tonytz...@gmail.com wrote: I am not using a NAS actually. It is an ordinary x86 server. Alan DeKok-2 wrote: That is usually the function of the NAS. In 2.1.9, you can configure a CoA packet in the server, *if* the NAS supports CoA. i.e. check for limit in the accounting section, and send a CoA packet to disconnect them if so. See the NAS documentation for how to limit total traffic. It usually *isn't* those two attributes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://old.nabble.com/How-to-use-Freeradius-with-traffic-limit--tp28809968p28811891.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Quis custodiet ipsos custodes?: who shall watch the watchers themselves? - Juvenal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: is there a package named phpmysql
you are probably looking for php5-mysql or php4-mysql. A good source for this kind of info is your distro's package archive. 2010/5/6 dorra aa dj_dido2...@hotmail.com Hi.i'm working now in the install of mysql for the radius.I found a file that tell me to do: sudo apt-get install mysql-server phpmysql vim-full But i got: E: Impossible de trouver le paquet phpmysql (that means impossible to found phpmysql) is there a package called like that; or the file is wrong?? thank -- Hotmail: Trusted email with Microsoft’s powerful SPAM protection. Sign up now. https://signup.live.com/signup.aspx?id=60969 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Quis custodiet ipsos custodes?: who shall watch the watchers themselves? - Juvenal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: descrition tables and atributes
the wiki is your friend. Try the SQL HOWTO page. On Sat, Sep 26, 2009 at 12:36 PM, Nelson Acero Fino nelson.ac...@gmail.com wrote: Hi, Where can i found information and description about tables and atributes of radius database ?? Thanks :) ! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Quis custodiet ipsos custodes?: who shall watch the watchers themselves? - Juvenal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Add users without restarting radiusd
you could also use SQL or another database for storing users. This doesn't require HUP ing of the server. On Tue, May 12, 2009 at 8:25 PM, ournixnat...@gmail.com ournixnat...@gmail.com wrote: I may have figured it out myself. Will this work: service radiusd reload If so, what exactly is it doing? Just reloading the users file or more? On Tue, May 12, 2009 at 8:17 PM, ournixnat...@gmail.com ournixnat...@gmail.com wrote: I am fairly new to radius and would like to know if you could explain how I would go about this: In 2.1.x, you can HUP the server, and it will reload the users file. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Quis custodiet ipsos custodes?: who shall watch the watchers themselves? - Juvenal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Posting
you just have. On Mon, Apr 20, 2009 at 11:41 AM, jon jon free9...@gmail.com wrote: Help, I would like to post a messageto all the list members. Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Opportunity knocked. My doorman threw him out. - Adrienne Gusoff At school you don't get parole, good behavior only brings a longer sentence. - The History Boys - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: of Mac and Men
Right. Its better to give crackers less information versus more. so others do not get login credentials. Though, if certificates were properly implemented, there would be mutual authentication On Tue, Apr 7, 2009 at 8:12 AM, Arran Cudbard-Bell a.cudbard-b...@sussex.ac.uk wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul Bartell wrote: I too have had weird behavior on macs. I just ended up using mac-address authentication (due to insecurities in EAP. (or possibly rumored, i havn't seen a paper on it yet)) Wait what... You went to Mac-Based authentication because you thought EAP was insecure ? Ohh are you referring to the scaremongering 'The Register' was doing last year? Because of course, anyone with a hacked copy of FreeRADIUS can steal all your users credentials ! On Tue, Apr 7, 2009 at 7:08 AM, a.l.m.bu...@lboro.ac.uk wrote: Hi, Have you actually traced the wireless traffic (passively), are you sure it's the Macs at fault with this one? as everything works fine on the same Mac when it runs Vista (yes, I know...) and works all okay on random PCs and PDAs/smartphones..the big greasy pointy finger is pointing decidedly at the OSX alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAknbbVAACgkQcaklux5oVKI4EwCgkRjarq9VkbO5HS3BNGugSU6D 1vUAniLDBrvpkluK/EpMpreAb5w/vPvL =87NT -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Opportunity knocked. My doorman threw him out. - Adrienne Gusoff At school you don't get parole, good behavior only brings a longer sentence. - The History Boys - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: of Mac and Men
I'm aware of an attack on a bank which had implemented EAP, and had fun when a Pen tester was simply getting domain login credentials without having to work much at all. Could you maybe provide a rebuttal for this attack? and/or explain how to make it especially secure? On Tue, Apr 7, 2009 at 8:28 AM, Alan DeKok al...@deployingradius.com wrote: Arran Cudbard-Bell wrote: Ohh are you referring to the scaremongering 'The Register' was doing last year? Because of course, anyone with a hacked copy of FreeRADIUS can steal all your users credentials ! Unfortunately, people read his column, and believe him. They might also believe that he actually writes his own material. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Opportunity knocked. My doorman threw him out. - Adrienne Gusoff At school you don't get parole, good behavior only brings a longer sentence. - The History Boys - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: of Mac and Men
I too have had weird behavior on macs. I just ended up using mac-address authentication (due to insecurities in EAP. (or possibly rumored, i havn't seen a paper on it yet)) On Tue, Apr 7, 2009 at 7:08 AM, a.l.m.bu...@lboro.ac.uk wrote: Hi, Have you actually traced the wireless traffic (passively), are you sure it's the Macs at fault with this one? as everything works fine on the same Mac when it runs Vista (yes, I know...) and works all okay on random PCs and PDAs/smartphones..the big greasy pointy finger is pointing decidedly at the OSX alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Opportunity knocked. My doorman threw him out. - Adrienne Gusoff At school you don't get parole, good behavior only brings a longer sentence. - The History Boys - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radclient PHP
try exec() or shell_exec() 2009/4/1 AHMED KHIDR a.kh...@gmail.com: Hii All , Please Any one have an idea how to make a PHP code to run Radclient in order to disconnect users , Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Opportunity knocked. My doorman threw him out. - Adrienne Gusoff At school you don't get parole, good behavior only brings a longer sentence. - The History Boys - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem compiling on OSX 10.5
I have two problems: One is with compiling in mysql support. Despite using the following ./configure line ./configure --prefix=/usr/local/freeradius --with-mysql-include-dir=/usr/local/mysql-5.1.30-osx10.5-x86/include/ --with-mysql-lib-dir=/usr/local/mysql-5.1.30-osx10.5-x86/lib/ it still says checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking for SQLConnect in -liodbc... yes checking for isql.h... yes configure: creating ./config.status config.status: creating Makefile === configuring in ./drivers/rlm_sql_mysql (/Users/admin/radiusd/src/modules/rlm_sql/./drivers/rlm_sql_mysql) configure: running /bin/sh ./configure '--prefix=/usr/local/freeradius' '--with-mysql-include-dir=/usr/local/mysql-5.1.30-osx10.5-x86/include/' '--with-mysql-lib-dir=/usr/local/mysql-5.1.30-osx10.5-x86/lib/' '--enable-ltdl-install=no' --cache-file=/dev/null --srcdir=. checking for gcc... gcc checking for C compiler default output file name... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... Im am using the version from cvs. Am I not fetching the mysql module or something (which doesnt seem likely as the latest stable gives the same error)? It appears that freeradius is trying to compile a universal binary. On a PPC machine I don't have this problem. The intel machine im installing on appears to have some ppc libraries missing. Is there any way to prevent this cross compiling or does anyone know a fast fix. Ive seen numerous posts on this issue with the same errors, and all of them seem unanswered. Im using the following to configure: ./configure --prefix=/usr/local/freeradius --with-mysql-include-dir=/usr/local/mysql-5.1.30-osx10.5-x86/include when running make I get build errors. I cant get to the machine at the moment, or else i would give the exact errors, but it has something to do with rlm_perl. -- Random quote of the week/month/whenever i get to updating it: Opportunity knocked. My doorman threw him out. - Adrienne Gusoff At school you don't get parole, good behavior only brings a longer sentence. - The History Boys - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: New FR server: CentOS 5 or Ubuntu 8
Im a bit biased towards ubuntu, but i can say from experience that it is relatively easy to implement in ubuntu. My limited experience with centos has been with squid and websense, which was quite annoying to implement. (packages didn't exist/were too old) On Mon, Mar 2, 2009 at 7:48 AM, Toledo, Luis Carlos lscrls...@gmail.com wrote: Hi all, Please accept my apologies for this complicate question. I need make a new FR server from sources with mysql support, and I have only two OS options: CentOS 5 or Ubuntu 8. I used only FreeBSD, but now I have only these two options. Any suggestions? Thx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Opportunity knocked. My doorman threw him out. - Adrienne Gusoff At school you don't get parole, good behavior only brings a longer sentence. - The History Boys - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re : Centralized authentication
http://letmegooglethatforyou.com/?q=freeradius+ldap http://letmegooglethatforyou.com/?q=freeradius+openldap On Tue, Jan 13, 2009 at 6:18 AM, scouf scouf scouf...@yahoo.fr wrote: Thanks for your response. But since I'm not familiar with these technologies, I would've liked if anybody has a howto to set up the configuration.. And since I'm using an OpenLDAP server a base for users account, I was wondering should be stored users' password in the LDAP server if clients are using PAP/CHAP-like mechanisms. And how could I reset passwords on these technologies, whereas the password is stored in the LDAP server. Thanks. De : t...@kalik.net t...@kalik.net À : FreeRadius users mailing list freeradius-users@lists.freeradius.org Envoyé le : Mardi, 13 Janvier 2009, 12h31mn 47s Objet : Re: Centralized authentication Howto: put username and cleartext password in users file. Done. Works with every device and every authentication protocol (that uses passwords, not certificates etc.). Ivan Kalik Kalik Informatika ISP Dana 13/1/2009, scouf scouf scouf...@yahoo.fr piše: Hello everybody, I would like to know if anybody had worked on centralizing authentication on FreeRadius and OpenLDAP for the following technologies: - Nokia IPSO - 3com switches - Cisco Pix I'm looking for any guides, howtos... Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Opportunity knocked. My doorman threw him out. - Adrienne Gusoff At school you don't get parole, good behavior only brings a longer sentence. - The History Boys - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Some Help Regarding Remote Free Radius Server.
You have to add the two public IPs of radius clients to the clients.conf file, and define a shared secret between them all. On Wed, Dec 31, 2008 at 12:26 AM, pushpraj nimbalkar pushpra...@gmail.com wrote: Hello All, First Of All New Year Wishes to all of you. I have configured freeradius server which is working fine for me. Now my wifi environment is like 2 hotels and radius server in different location. My radius server is kept in head office and i want my hotel wifi users to be authenticated by head office radius server. It's only authentication and accounting. Every Hotel have 1 ADSL connection with one static IP. Then I configured Linksys54GL with chillispot and defined my head office radius server IP address(i.e. public IP address of my radius server.). Now in hotel when user connects to linksys router then router forwards request to ADLS router and ADSL router forwards same request to my Head Office Radius server. But Problem is that radius server rejects request it gives error like : Ignoring request to authentication address * port 1812 from unknown client 59.181.96.194 port 2054 and when i start radius -X at one place it gives error like rlm_sql (sql): Read entry nasname= 59.181.96.194,shortname=AP2,secret= rlm_sql (sql): Failed to look up hostname 59.181.96.194: ip_nton: Name or service not known It's is the Ip address of my hotel ADSL connection. And ADSL Router dont have any option of defining radius server and secret. Please Help me to sort out this problem. Thanks Pushpraj N. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Opportunity knocked. My doorman threw him out. - Adrienne Gusoff At school you don't get parole, good behavior only brings a longer sentence. - The History Boys - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Restricting dialup users to certain client definitions only
You would use the Calling-Station-ID or Called-Station-ID checks in the groupcheck table. On Fri, Dec 19, 2008 at 9:48 AM, Todd R. tjrl...@lightwavetech.com wrote: In a nutshell here is what I need to do, the long story is after the short version if you are interested. Short version## I want to restrict dialup users or a group of dialup users living within my MySQL tables to certain clients or list of clients. So when a user who is only allowed access when coming from clients 1 and 2 dials in and the request comes from client 3 he is denied access. I already do this with the crappy Windows based radius solution we have been stuck on for years, surely I can accomplish the same with FR. Any help in a language which a total FR novice can understand would be appreciated. ##end short version Long Version### I have read the docs, the archives, the readmes, the examples etc. So far, I can't get a good handle on how to accomplish the following so I am again asking for some guidance from the list. Here is my situation and what I need to accomplish, any help in getting this done would be most appreciated. I don't mind doing the footwork, research etc. to build a solution that will work but please keep in mind that I am a total FR Newb and need this in dufus language :) For the last 8 years or so we have been using a dreaded windows based Radius solution that we just couldn't get away from due to how much code we have written around this horrible solution. Finally, it's time to just do it and deal with the pain. What we have right now is several dialup wholesale networks/carriers/aggregators who proxy the radius request to us, we then decide to accept or deny the dialup user based on many things but of course username/pass etc.. One of the things we use to determine if they get access or not is which client they came from meaning which of our wholesale dialup network's radius server (client) sent us the request. So, in short I need to accomplish the same thing on FR. Let's say I have 5 clients, their short names and IPs configured in my FR clients file. I need to somehow decide within FR when the request comes in from client #1 that this user (in Mysql table) is allowed to have access to that dialup network. So: Joeuser from client1 = OK (allow user) Joeuser from client2 = Not OK (deny user) I am guessing I should do something with groups within the SQL tables such as assign joeuser to dialgroup1 which is then somehow allowed from client1 or for that fact clients 1, 3 and 5 but not allowed to client2. I researched huntgroups but can't find much documentation on that, not sure if that's were I need to go or?? Regards, Todd R. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Opportunity knocked. My doorman threw him out. - Adrienne Gusoff At school you don't get parole, good behavior only brings a longer sentence. - The History Boys - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicate IPs for Radius Clients with different secrets
Okay. What you need to do is set ips in the client configuraiton file for each of the APs that is going to be authenticating by using their external ip address, which is where the connection will appear to come from to freeradius. do a freeradius -X and it should be quite explanatory, when you try to connect through an AP to it. On Mon, Dec 15, 2008 at 6:56 PM, Eric Geier m...@egeier.com wrote: Hi, I'm wondering if someone can point me in the right direction. I want to list radius clients with the same IPs (and different shared secrets). This would let me use freeradius among multiple offices, where each could use the same IP addresses for the radius clients. And how is routing going to work there? How is radius server suposed to send the response back to the correct client? This can work only if carry radius server from office to office so it works a little bit here, little bit there. If you connect those clients onto a network they will all stop working (or, at best, first one you put on the network will work but others won't). Ivan Kalik Kalik Informatika ISP I'm not exactly sure. How does a RADIUS server work over the Internet? I'm not connecting the radius clients onto the same LAN. If a radius request comes in from the internet, would the server send responses to the Internet IP that it received it from (which I think would work for my case) or would it send to the radius client IP? Here's what I'm trying to do: Host a radius server on the Internet...for PEAP 802.1X (WPA-enterprise). Each AP at the different offices would be set with the Internet IP address of where the radius server is running, along with a shared secret. There would likely be APs set to the same IP address, that's why I'm asking about all this. Hi, I'm wondering if someone can point me in the right direction. I want to list radius clients with the same IPs (and different shared secrets). This would let me use freeradius among multiple offices, where each could use the same IP addresses for the radius clients. I need something very dynamic; manually creating virtual servers in the config file won't work well. RADIUS doesn't work that way. Shared secrets are per client IP. Each client IP is used to look up the shared secret. You can't have multiple shared secrets for one IP. Right now I'm using v1.188.2.4.2.14 That's not the server version number. Use radiusd -v to get the version information. Alan DeKOk. I know it traditionally doesn't, just checking to see what people think and if I might find a way to do what I want to do. What got me thinking something like this could work is when using a different server, I thought I could modify the SQL select statement that's used to find the shared secret. For example, the default is select SharedSecret from NASES where ClientIPAddress='$c' I thought I could just add the following to the end and where Domain=(function that takes the domain from the username...after the @) I found that server can't register the username attribute during the select statement...so it all didn't work. Opps. I'm using v1.1.7 because at the moment I'm using FreeRadius.net on Windows Thanks for your help guys - Eric - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Opportunity knocked. My doorman threw him out. - Adrienne Gusoff At school you don't get parole, good behavior only brings a longer sentence. - The History Boys - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Somewhat OT: Captive portal on acess points instead complex supplicant at level end user?
This is exactly what Coova does. It blocks all access to the network, until a correct username/password combination is made. The downfall to such a system is 1. No encryption, and 2. Any somewhat-knowing script-kiddie can spoof a mac address and hijack someone's session. On Sun, Dec 14, 2008 at 5:54 PM, Sergio Belkin seb...@gmail.com wrote: Hi, Currently I'm using: *OpenWRT Kamikaze in AP's *Freeradius 2.1.2 *LDAP End users either use ttls or peap on their notebooks, as I have a LDAP server, each use his username and a password. Problem with this approach is that is somewhat complex for end users, they must either install a software or do a complicated configuration (think in end users terms, please). I'd want to have a open wireless network and that each user access to captive portal and enter his username and password, that captive portal redirects request to freeradius and freeradius in turn queries to ldap server. I'd want to know if CoovaAP (or something similar, what?) can perform such task as portal captive installed on APs. I'd be glad to read suggestions Thanks in advance!! -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Opportunity knocked. My doorman threw him out. - Adrienne Gusoff At school you don't get parole, good behavior only brings a longer sentence. - The History Boys - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and Ubuntu 8.10
Sudo apt-get install freeradius Its a bit of an older version if i remember correctly, so if you need virtual hosts (or whatever they are called) you should compile from source. First get the tar file tar -xvf freeradius* cd freeradius* ./configure (with whatever modules you need) make sudo make install pretty simple if i may say. On Wed, Dec 10, 2008 at 5:23 PM, Matthew Carriere [EMAIL PROTECTED] wrote: I am also about to install FreeRadius, anyone have experience with installing on Ubuntu 8.10 Server 32 Bit? -- Matthew Carriere [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Opportunity knocked. My doorman threw him out. - Adrienne Gusoff At school you don't get parole, good behavior only brings a longer sentence. - The History Boys - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Supported Acesspoints
I find that my WRT54G-L works well with DD-WRT flashed on it. I know some weird linksys voip box from T-mobile supports WPA-ENT authentication, making me think that maybe in Linksys' enterprise products they would have some kind of WPA enterprise authentication possibility. Usually is it in the specifications weather or not an AP will work with radius. On Wed, Nov 26, 2008 at 6:35 AM, M.K. ten Napel [EMAIL PROTECTED] wrote: Hi, Previously I asked if anyone had trouble with the Linksys WAP54G, Like I did. I'm think about trying another type of Accesspoint. Before buying one, I would like to know what AP's are being used with FreeRadius. Any tips/suggestions on buying an AP that works wel in WPA-enterprise (EAP-TLS) with FreeRadius? Thanks! :) Mariourk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Opportunity knocked. My doorman threw him out. - Adrienne Gusoff At school you don't get parole, good behavior only brings a longer sentence. - The History Boys - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP group checking
Im having a hard time figuring out how to do group checking with freeradius. I am trying to authenticate against open directory, but I have no idea where to give the group name to check for. (modifying the schema isint really an option) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: certificates confusion
tinyca is a nice graphical interface for linux with openssl in the backend. Its much easier than remembering all the openssl commands needed, especially when you dont add/revoke certificates all the time. On Mon, Nov 24, 2008 at 1:18 PM, Craig White [EMAIL PROTECTED] wrote: please excuse me if this isn't entirely related to freeradius but it's all about getting WindowsXP laptops to my wireless network with freeradius and 8021.x I see that there is certificate failures and am thinking that I need to clean this up up until now, server2 is my ca and I have used that to generate and sign certificates. my radius server though is running on server1 and I think that my failure is related to the fact that I'm generating the certificates and signing them with server2. So my questions... 1. Do I set up server1 to be its own CA or do I still use server2 as the CA? 2. If server2 is the CA, do I then generate the request on server1, copy it to server2 and then sign it on server2? 3. Does anyone see any problems with these methods of generating certificates ? (openssl on Linux) # Generate server certificate signing request openssl req -new -nodes -keyout $SSL/radius_server_key.pem \ -out $SSL/radius_server_req.pem \ -days 730 \ -config $SSL/openssl.cnf # Sign server certificate openssl ca -config $SSL/openssl.cnf \ -policy policy_anything \ -out radius_server_cert.pem \ -extensions xpserver_ext \ -extfile $SSL/xpextensions \ -infiles $SSL/radius_server_req.pem # Edit out text information in radius_server_cert.pem and then run # cat $SSL/radius_server_key.pem \ # $SSL/radius_server_cert.pem \ # $SSL/radius_server_keycert.pem # Generate client certificates # openssl req -new -keyout $SSL/radius_client_key.pem \ -out $SSL/radius_client_req.pem \ -days 730 \ -config $SSL/openssl.cnf # Sign client certificates openssl ca -config $SSL/openssl.cnf \ -policy policy_anything \ -out $SSL/radius_client_cert.pem \ -extensions xpclient_ext \ -extfile $SSL/xpextensions \ -infiles $SSL/radius_client_req.pem # cat $SSL/radius_client_key.pem $SSL/radius_client_cert.pem $SSL/radius_client_keycert.pem Thanks Craig - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Opportunity knocked. My doorman threw him out. - Adrienne Gusoff At school you don't get parole, good behavior only brings a longer sentence. - The History Boys - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Opendirectory with group checking
Hello, I have successfully set up freeradius on OSX 10.5 with recent CVS version of freeradius, and am confused as to how i would only allow users within a specified group to be allowed access. Mainly, where do i define GroupName? (or am i not understanding http://wiki.freeradius.org/Rlm_ldap quite right?) -- Random quote of the week/month/whenever i get to updating it: Opportunity knocked. My doorman threw him out. - Adrienne Gusoff At school you don't get parole, good behavior only brings a longer sentence. - The History Boys - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: control panel
I could recomend dalo radius. Its interface looks pretty nice from here. I havent been able to evaluate it yet though. On Wed, Nov 12, 2008 at 3:32 AM, Allan Patrick Ksiaskiewcz [EMAIL PROTECTED] wrote: Hello how are? I would some indication of the control panel, use the dial_up admin, but it is bad, I tested the phpradmin. Outside the two anyone could spend some more? Thanks Allan Patrick Ksiaskiewcz Brazil Guarapuava/PR Novos endereços, o Yahoo! que você conhece. Crie um email novo com a sua cara @ymail.com ou @rocketmail.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Opportunity knocked. My doorman threw him out. - Adrienne Gusoff At school you don't get parole, good behavior only brings a longer sentence. - The History Boys - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MAC OS X Install
I recently installed on leopard, even with the perl module disabled, it would not work. the latest CVS version compiled fine though. On Thu, Oct 23, 2008 at 10:12 AM, Saurabh Bhasin [EMAIL PROTECTED] wrote: No, I don'tSo, I did the following: $sudo ./configure --without-rlm_perl and it went well from there. Thanks for the pointer, Andres. -Saurabh On Oct 23, 2008, at 12:06 AM, Anders Holm wrote: Do you have a need for the Perl module? If not, disable it. Sent from my iPhone On 22 Oct 2008, at 23:19, Saurabh Bhasin [EMAIL PROTECTED] wrote: Folks, I've been trying to compile (using MacPorts 1.600) freeradius on Leopard (10.5.5) and continue to get the following error. I've been able to trace this down to https://trac.macports.org/ticket/13503 but it looks like there was no closure there and nothing definitive on what's supposed to workI'd appreciate if you could please point me in the right direction. --- Building freeradius with target all Error: Target org.macports.build returned: shell command cd /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_ports_sysutils_freeradius/work/freeradius-server-2.0.4 make all returned error 2 Command output: Making all in rlm_krb5... make[6]: Nothing to be done for `all'. Making all in rlm_ldap... Making all in rlm_logintime... Making all in rlm_mschap... Making all in rlm_otp... Making all in rlm_pam... Making all in rlm_pap... Making all in rlm_passwd... Making all in rlm_perl... /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_ports_sysutils_freeradius/work/freeradius-server-2.0.4/libtool --mode=link /usr/bin/gcc-4.0 -release 2.0.4 \ -module -export-dynamic -L/opt/local/lib -o rlm_perl.la \ -rpath /opt/local/lib rlm_perl.lo rlm_perl.c /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_ports_sysutils_freeradius/work/freeradius-server-2.0.4/src/lib/libfreeradius-radius.la `perl -MExtUtils::Embed -e ldopts` -framework DirectoryService -lresolv -lpthread *** Warning: Linking the shared library rlm_perl.la against the *** static library /System/Library/Perl/5.8.8/darwin-thread-multi-2level/auto/DynaLoader/DynaLoader.a is not portable! rm -fr .libs/rlm_perl-2.0.4.so .libs/rlm_perl.a .libs/rlm_perl.so /usr/bin/gcc-4.0 ${wl}-flat_namespace ${wl}-undefined ${wl}suppress -o .libs/rlm_perl-2.0.4.so -bundle .libs/rlm_perl.o -L/opt/local/lib /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_ports_sysutils_freeradius/work/freeradius-server-2.0.4/src/lib/.libs/libfreeradius-radius.dylib -L/usr/local/lib /System/Library/Perl/5.8.8/darwin-thread-multi-2level/auto/DynaLoader/DynaLoader.a -L/System/Library/Perl/5.8.8/darwin-thread-multi-2level/CORE -lperl -ldl -lm -lutil -lc -lresolv -lpthread -arch i386 -arch ppc -framework DirectoryService ld warning: in /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_ports_sysutils_freeradius/work/freeradius-server-2.0.4/src/lib/.libs/libfreeradius-radius.dylib, file is not of required architecture (cd .libs rm -f rlm_perl.so ln -s rlm_perl-2.0.4.so rlm_perl.so) ar cru .libs/rlm_perl.a /System/Library/Perl/5.8.8/darwin-thread-multi-2level/auto/DynaLoader/DynaLoader.a rlm_perl.o /System/Library/Perl/5.8.8/darwin-thread-multi-2level/auto/DynaLoader/DynaLoader.a ranlib: archive member: .libs/rlm_perl.a(DynaLoader.a) fat file for cputype (18) cpusubtype (0) is not an object file (bad magic number) ar: internal ranlib command failed make[6]: *** [rlm_perl.la] Error 1 make[5]: *** [common] Error 2 make[4]: *** [all] Error 2 make[3]: *** [common] Error 2 make[2]: *** [all] Error 2 make[1]: *** [common] Error 2 make: *** [all] Error 2 Error: Status 1 encountered during processing. Thanks, -Saurabh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Opportunity knocked. My doorman threw him out. - Adrienne Gusoff At school you don't get parole, good behavior only brings a longer sentence. - The History Boys - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: NAS-Identifier
You can use the called-station-id variable to say yay or nay for authentication. For example, we have a Staff network, that requires different usernames/passwords from the regular wifi SSIDS. We use regex to check for regular users trying to get onto the staff ssid. On 10/13/08, Alan DeKok [EMAIL PROTECTED] wrote: Stefan Eck (gmail) wrote: Well, the new NAS device sends 5 different NAS-Identifier. eg WebAdmin, SSLVPN or HTTP. But only one RADIUS can be configured. One one RADIUS can be configured... where? I'm just thinking about that users can be authenticated via RADIUS server1 and admin(webadmins) can be authenticated via RADIUS server2. Or similar like that. Why? Currently, I don't have any clue to take advantage of the NAS-Identifier. Where is this attribute configured on the RADIUS. Other devices send the NAS-IP, but this is only relevant for the shared secret or the accouting. No. The server does NOT use the NAS-IP-Address to look up the shared secret. If you want to apply policies based on attributes, see man unlang. You can write complex policies using a very simple language. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Opportunity knocked. My doorman threw him out. - Adrienne Gusoff At school you don't get parole, good behavior only brings a longer sentence. - The History Boys - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to configure FreeRadius so that clients don't have to be changed?
I take it that you mean, is it possible to make it transparent to the user, in which, the answer is yes. Depending on your access points, you may be able to do MAC address authentication, which anyone will tell you is insanely insecure, but it prevents people from driving up and accessing your network (unless they are technically inclined to use a packet capturing program and spoof a mac address). So insecure, yes. But practical so long as you dont have a bunch of crackers living around wherever you are setting up authentication. Mac OSX as well as many Linux distros have 802.1x authentication/WPA enterprise built in, so it is not much of a problem. Im not sure about the current state of windows in this department (havent used it in a while... could someone chime in) On Wed, Jul 16, 2008 at 12:37 PM, DaSilva [EMAIL PROTECTED] wrote: Alan DeKok-4 wrote: DaSilva wrote: I want to set up a FreeRadius server for WLAN authentification without the need to change anything on client PCs (because we have so much clients that this would be to much work). Is that possible? No. It's like asking how do I make the PC be a web server... but I don't want to install a web server. You have to configure WLAN authentication on the clients in order for WLAN authentication to work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html And is it possible to do this automatically via remote or something else? -- View this message in context: http://www.nabble.com/How-to-configure-FreeRadius-so-that-clients-don%27t-have-to-be-changed--tp18482025p18483881.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Like an unchecked cancer, hate corrodes the personality and eats away its vital unity. Hate destroys a man's sense of values and his objectivity. It causes him to describe the beautiful as ugly and the ugly as beautiful, and to confuse the true with the false and the false with the true. - Martin Luther King Jr. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Multiple radius servers on one machine
might i suggest using virtual machines, instead of messing around with multiple instances. (radius is rather non resource intensive) On Thu, Jun 12, 2008 at 8:11 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I have two applications that authenticate via radius. These applications require separate radius conf files, log files, users files, etc. How can I run two distinct radius servers on one server to serve these applications? Also, these applications run on one server, so how can I have their server connect each application to the appropriate radius server? Thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: Like an unchecked cancer, hate corrodes the personality and eats away its vital unity. Hate destroys a man's sense of values and his objectivity. It causes him to describe the beautiful as ugly and the ugly as beautiful, and to confuse the true with the false and the false with the true. - Martin Luther King Jr. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How can I start the freeradius server with user privileges other than root?
you could use sudo by editing the /etc/sudoers file. There should be examples in this file. Then just add all the users allowed to start radius to a group. and allow that group access to run /etc/init.d/freeradius or whatever is needed. On Feb 7, 2008 12:19 PM, Deepak Panigrahy [EMAIL PROTECTED] wrote: I need the instructions to start the freeradius server from any user account of the linux machine other than root. Can anyone help me out? Thanks, Deepak - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- He who controls the past controls the future. He who controls the present controls the past. - 1984 Random quote of the week/month/whenever i get to updating it: Its like a giant mosh pit of atoms jumping up and down - Ms. Fawcett, when explaining the transfer of heat. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: a few questions
just by the way. Im wondering what a big implementation would be. If 6000 machines is not a lot, then what is really? On Nov 24, 2007 11:41 PM, Alan DeKok [EMAIL PROTECTED] wrote: Paul Bartell wrote: Im working on a project at my school district to implement RADIUS authentication. I have two Mac powerpc servers for use, which could run either OSX or some linux variant. We are planning on using a mysql backend. Our network has around 6k machines throughout the district, a few hundred on the wifi at any given time. so my questions are: That is a very small number of systems. A 386 would probably be sufficient to handle the RADIUS traffic. 1. since mysql in OSX isn't kernel based from what i understand, would it make a big difference to use a linux based os (debian/unofficial powerpc port of ubuntu is my initial thought)? Why does that matter? 2. Are both servers needed, and if so would it make sense to use mysql replication and just have two of the same? Both servers would be needed only for fail-over, in case one died for some reason. If you just look at the RADIUS traffic, you could run one server, with MySQL on the same machine, and the machine would be 99% idle. 3. Would it make sense to just point some Ap's at one RADIUS server and some at the other, or is there a better/easier way to load balance? If you use two machines, yes, that can be a good way to load balance. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- If you are savvy and smart about the choices you make in life, The sky is not the limit! Mark Shuttleworth Random quote of the week/month/whenever i get to updating it: hate compasses i like can't use them. they don't stay straight, and i end up looking like an emo by the time i'm done, it stabs me so much - Jasmine Lee - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a few questions
Im working on a project at my school district to implement RADIUS authentication. I have two Mac powerpc servers for use, which could run either OSX or some linux variant. We are planning on using a mysql backend. Our network has around 6k machines throughout the district, a few hundred on the wifi at any given time. so my questions are: 1. since mysql in OSX isn't kernel based from what i understand, would it make a big difference to use a linux based os (debian/unofficial powerpc port of ubuntu is my initial thought)? 2. Are both servers needed, and if so would it make sense to use mysql replication and just have two of the same? 3. Would it make sense to just point some Ap's at one RADIUS server and some at the other, or is there a better/easier way to load balance? thanks, Paul -- If you are savvy and smart about the choices you make in life, The sky is not the limit! Mark Shuttleworth Random quote of the week/month/whenever i get to updating it: hate compasses i like can't use them. they don't stay straight, and i end up looking like an emo by the time i'm done, it stabs me so much - Jasmine Lee - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: With passwords only
You will need a shared secret between the WRT and radius server, but otherwise, just follow the howtos on the wiki. On Nov 20, 2007 2:55 PM, build [EMAIL PROTECTED] wrote: G'day All, This is my first post so I'd like to thank those who make this list possible. I see this has been asked before but I could not find a complete answer in the archive or google. I want to setup a freeRADIUS server on a debian etch system to authenticate for a WRT54G AP using username/passwords only (no certificates). I've tried to use a few howtos and just ignore the certificates bit but no success yet. Does anyone know of a HowTo that I can use to get started? Thanking you in anticipation, build - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- If you are savvy and smart about the choices you make in life, The sky is not the limit! Mark Shuttleworth Random quote of the week/month/whenever i get to updating it: hate compasses i like can't use them. they don't stay straight, and i end up looking like an emo by the time i'm done, it stabs me so much - Jasmine Lee - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: With passwords only
This is probably done through WPA enterprise or another such protocal, or chilispot or a similar captive portal. On Nov 20, 2007 4:22 PM, [EMAIL PROTECTED] wrote: VPN? Or PPPoE? I don't know what that AP can do. Read the user guide. Ivan Kalik Kalik Informatika ISP Dana 20/11/2007, build [EMAIL PROTECTED] piše: G'day Ivan, Thanks for your reply. I have seen an Access Point using the same WRT54G as mine which apparently authenticates from a freeradius installation on a debian etch box and it only requires a username and password to login. How is that done? Thanking you in anticipation, build On 21/11/2007, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: What authentication protocol are you using? If you are using 802.1x you have to use certificates. Ivan Kalik Kalik Informatika ISP Dana 20/11/2007, build [EMAIL PROTECTED] pi#65533;e: G'day All, This is my first post so I'd like to thank those who make this list possible. I see this has been asked before but I could not find a complete answer in the archive or google. I want to setup a freeRADIUS server on a debian etch system to authenticate for a WRT54G AP using username/passwords only (no certificates). I've tried to use a few howtos and just ignore the certificates bit but no success yet. Does anyone know of a HowTo that I can use to get started? Thanking you in anticipation, build - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- If you are savvy and smart about the choices you make in life, The sky is not the limit! Mark Shuttleworth Random quote of the week/month/whenever i get to updating it: hate compasses i like can't use them. they don't stay straight, and i end up looking like an emo by the time i'm done, it stabs me so much - Jasmine Lee - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
1.17 compilation errors
Hello. when trying to compile freeradius under ubuntu 7.10, i get the following error: gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I/home/paulb/build/freeradius-1.1.7/src/include -I/home/paulb/build/freeradius-1.1.7/src/modules/rlm_sql -c rlm_sqlippool.c -fPIC -DPIC -o .libs/rlm_sqlippool.o In file included from rlm_sqlippool.c:37: /home/paulb/build/freeradius-1.1.7/src/include/modpriv.h:7:18: error: ltdl.h: No such file or directory In file included from rlm_sqlippool.c:37: /home/paulb/build/freeradius-1.1.7/src/include/modpriv.h:16: error: expected specifier-qualifier-list before 'lt_dlhandle' In file included from rlm_sqlippool.c:39: /home/paulb/build/freeradius-1.1.7/src/modules/rlm_sql/rlm_sql.h:15:18: error: ltdl.h: No such file or directory In file included from rlm_sqlippool.c:39: /home/paulb/build/freeradius-1.1.7/src/modules/rlm_sql/rlm_sql.h:68: error: expected specifier-qualifier-list before 'lt_dlhandle' rlm_sqlippool.c: In function 'sqlippool_command': rlm_sqlippool.c:311: error: 'SQL_INST' has no member named 'module' rlm_sqlippool.c: In function 'sqlippool_query1': rlm_sqlippool.c:358: error: 'SQL_INST' has no member named 'module' rlm_sqlippool.c: In function 'sqlippool_postauth': rlm_sqlippool.c:539: warning: pointer targets in passing argument 2 of 'strNcpy' differ in signedness rlm_sqlippool.c:526: warning: unused variable 'self' make[6]: *** [rlm_sqlippool.lo] Error 1 make[6]: Leaving directory `/home/paulb/build/freeradius-1.1.7/src/modules/rlm_sqlippool' make[5]: *** [common] Error 2 make[5]: Leaving directory `/home/paulb/build/freeradius-1.1.7/src/modules' make[4]: *** [all] Error 2 make[4]: Leaving directory `/home/paulb/build/freeradius-1.1.7/src/modules' make[3]: *** [common] Error 2 make[3]: Leaving directory `/home/paulb/build/freeradius-1.1.7/src' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home/paulb/build/freeradius-1.1.7/src' make[1]: *** [common] Error 2 make[1]: Leaving directory `/home/paulb/build/freeradius-1.1.7' make: *** [all] Error 2 I simply have no idea what it is referring to, and what i can do to fix it. Sorry if it seems a bit noobtistic, i haven't ever compiled something this complex. Thanks, Paul -- If you are savvy and smart about the choices you make in life, The sky is not the limit! Mark Shuttleworth Random quote of the week/month/whenever i get to updating it: This is an incline plane. You roll stuff down it. Or is it one of those incline planes have been used throughout the millenia, from the Egyptian pyramids to this stupid science class videos? - Jasmine Lee - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 1.17 compilation errors
ah thanks. seems it hasent been indexed by google yet. sorry for not searching the archives. On Nov 16, 2007 5:33 PM, [EMAIL PROTECTED] wrote: You had this answered yesterday: http://www.nabble.com/Any-ideas-on-this-compile-errortf4821396.html Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- If you are savvy and smart about the choices you make in life, The sky is not the limit! Mark Shuttleworth Random quote of the week/month/whenever i get to updating it: This is an incline plane. You roll stuff down it. Or is it one of those incline planes have been used throughout the millenia, from the Egyptian pyramids to this stupid science class videos? - Jasmine Lee - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html