Re: problem with proxy configuration
Hi Alan, Thanks for the response. It looks like you've configured the server to proxy to itself. Why? I do understand your technical objection of doing what I am doing, but I have a valid application reson, which is that I support multiple realms on this particular radius server. For some realms, I want the UserName to strip the Realm name (nostrip) and for some I don't Is there any other way to achieve the same than not using striop and nostrip flag in proxy.conf Thanks again for your comments. Prabh -- MyBlog: http://things-on-my-mind.blogspot.com/Get your news at www.DailyHeadlines.NET - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problem with proxy configuration
Hello, I am having following problem with proxy. In proxy.conf, I have following entries realm myPartnerRealm { type= radius authhost= mypartner.server.com:1812 accthost= mypartner.server.com:1813 secret = mypartnersecret nostrip } realm myCustomRealm { type= radius authhost= localhost:1812 accthost= localhost:1813 secret = mysecret nostrip } realm DEFAULT { type= radius authhost= localhost:1812 accthost= localhost:1813 secret = mysecret } I am able to authenticate against myPartnerRealm and default relam, but when I submit request for myCustomRealm, the server seems to go in a loop and marks the myCustomRealm as dead with the following error. marking authentication server localhost:1812 for realm myCustomRealm dead I also get the following warning message WARNING: Possible DoS attack from host 127.0.0.1: Too many attributes in request (received 201, max 200 are allowed). I read in one of the post that proxying to same server (localhost) is not allowed , but i need this feature as I do not want to strip certain Realms. Thanks for your help. Prabh -- MyBlog: http://things-on-my-mind.blogspot.com/ Get your news at www.DailyHeadlines.NET - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Banking Time
Hi, I am trying to figure out how can i support two sets of users on same DB (radius/MySQL), where one set of users are able to bank the time, and others not. For example. User A buys a plan that is good for 2 hour he/she logs in and after 1 hour logs out. One day after User A is again able to log in and use the remaining 1 hour. User B buys a plan that is also good for 2 hours he/she logs in and after 1 hour logs out. But One day after User B is not able to log in as the time was calculated from the time, when user first logged in. Thanks. With Regards, Prabh --Get your news at www.DailyHeadlines.NET - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Retry Delay and Retry Count in Proxy.conf
Hi, I would like to know if there is a way to set retry_delay ... at realm level, as I would like to wait longer for some re... Thanks Prabh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Server is being hit by requests as old as one week..... how to stop?
Hi guys, We had a problem with multiple accounting records, which we resolved by adding unique key to radacct table and modifying the insert/update SQL for accounting records. It seems that by solving this problem we had taken on a bigger problem. Because server is now returning error for any duplicate accounting record, clients are submitting the request again and again we are being hit by requests as old as one week. I guess, my question is that if there is any way to stop this requests. Thanks Prabh __ Post your free ad now! http://personals.yahoo.ca - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problem with ServiceType in radacct table
Hi, I am having problem with ServiceType field in radacct. I have setup Service-Type Attribute in radgroupreply to 1 i.e. Login-User, but radacct table is not updated accordingly. Infact, the field remains empty. Any ideas. Thanks. Prabh Freeradius Version 1.0. Linux - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Delay in updating accounting table
Hi, Does anybody know why accounting table is updated only when Account Stop packet is sent? Although the Account Start is not lost, but its only inserted when Account Stop is triggered. Does Freeradius saves the Accounting packets in some intermediary files before updating database? If it does then in which file? and if there is any way to push the insert without delay. FreeRadius: 0.93 Database: mySQL Thanks prabh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unknown Clients
Hi, Could you please post your configuration file... as its not working for me its only in clients.conf? is there any change in radius.conf? I am using 0.93 version. Thanks Prabh [EMAIL PROTECTED] (Alan DeKok) wrote in message news:[EMAIL PROTECTED]... Timothy Tan [EMAIL PROTECTED] wrote: I had a similar problem when I tried out the freeradius-1.0.0-pre1 build with fedora core 2... whenever I try to get my cisco AP to auth with freeradius, I get the same unknown client message, and the IP is already added in the clients.conf file... Hmmm... I don't run fedora, but it works for me here, even 0.0.0.0/0. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
NAS client authentication
Hi, How can one allow any NAS client to be authenticated as long as secret matches? 0.0.0.0/0 does not work in clients.conf there does not seem to be any default entry that I can set something like if the IP does not match then use this. Thannk. with regards, prabh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(no subject)
Thanks Thor, I tried 0.0.0.0/1, but it still does not work... I keep getting following messages. Just curious what the networking standard... I thought it was 0/8/16/24 or is it 1/8/16/24? rad_recv: Accounting-Request packet from host 192.168.0.121:1024, id=243, length=141 Ignoring request from unknown client 192.168.0.121:1024 --- Walking the entire request list --- Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 192.168.0.121:1024, id=206, length=228 Ignoring request from unknown client 192.168.0.121:1024 Thanks again. prabh Hi, How can one allow any NAS client to be authenticated as long as secret matches? client 0.0.0.0/1 { ... } client 128.0.0.0/1 { ... } 0.0.0.0/0 does not work in clients.conf there does not seem to be any default entry that I can set something like if the IP does not match then use this. Thannk. with regards, prabh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
NAS Id and clients.conf
Hi, Does anybody know how I can add NAS-ID instead of NAS-IP Address for identification? In other words if NAS-ID and secret matches then its as good as matching NAS-IP Address and secret. Thanks. With regards, Prabh __ Post your free ad now! http://personals.yahoo.ca - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Colubris
Thanks. I was able to resolve the problem. The operator type was wrong. Prabh --- Livraizone [EMAIL PROTECTED] wrote: Hi, I am new to FreeRadius and trying to configure it with Colubris device. I have defined many Colubris-AVPair in radgroupreply table but for some reason only first AVPair is being passed. Thanks for your help. Debug Log: rlm_mschap: adding MS-CHAPv1 MPPE keys modcall[authenticate]: module mschap returns ok for request 0 modcall: group Auth-Type returns ok for request 0 Login OK: [john/no User-Password attribute] (from client colubris port 0 cli 00-02-6F-08-50-B8) Sending Access-Accept of id 40 to 121.138.0.150:1026 Colubris-AVPair = login-url=https://login.xyz.net/CN3000BI/login.php?NASid=%n; Port-Limit = 1 MS-CHAP-MPPE-Keys = 0x1375b00d2ad7d73bea5a4a3jsp0cd188b0c2613a1d6b26aa MS-MPPE-Encryption-Policy = 0x0001 MS-MPPE-Encryption-Types = 0x0006 Finished request 0 - Post your free ad now! Yahoo! Canada Personals __ Post your free ad now! http://personals.yahoo.ca - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html