subject:"RE\: \(no subject\)"

Re: (No subject)

2011-10-05 Thread Alan Buxey

ldconfig -v ??

alan
--
Message may be brief as it has been sent from my mobile

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: WildCard/Subject Alternative Names Cert Question

2011-04-18 Thread Casartello, Thomas

Well I was pounding my head against the wall on this as I couldn't find 
anything meaningful in the EAP logs. I then spoke to my CA about it and they 
said they've seen numerous problems with Wildcard certs and RADIUS, and that 
they normally just give a free normal common name cert for the RADIUS server 
when customers have this problem, so they gave me one. Seems like Microsoft's 
client just doesn't like their wildcard certs. When I put the normal cert they 
gave me into my FreeRADIUS server, it worked fine.

Thomas E. Casartello, Jr.
Staff Assistant - Wireless/Linux Administrator
Information Technology
Wilson 105A
Westfield State University

-Original Message-
From: freeradius-users-bounces+tcasartello=wsc.ma@lists.freeradius.org 
[mailto:freeradius-users-bounces+tcasartello=wsc.ma@lists.freeradius.org] 
On Behalf Of Casartello, Thomas
Sent: Saturday, April 16, 2011 9:58 AM
To: freeradius-users@lists.freeradius.org
Subject: RE: WildCard/Subject Alternative Names Cert Question

Ok thank you.

Thomas E. Casartello, Jr.
Staff Assistant - Wireless/Linux Administrator
Information Technology
Wilson 105A
Westfield State University

-Original Message-
From: freeradius-users-bounces+tcasartello=wsc.ma@lists.freeradius.org 
[mailto:freeradius-users-bounces+tcasartello=wsc.ma@lists.freeradius.org] 
On Behalf Of Phil Mayers
Sent: Saturday, April 16, 2011 5:36 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: WildCard/Subject Alternative Names Cert Question

On 04/16/2011 02:42 AM, Casartello, Thomas wrote:
 When you say client EAP tracing do you mean on the Microsoft side, or

Yes

 is there something you can do on the freeradius side? When I lookup

No

 eap tracing I get information about generating Microsoft EAP host
 tracing files, but it's an in unreadable format (.etl) that only
 Microsoft can decode and I can't seem to find a way to make any sense
 of it. Do you mean some other kind of tracing?

You need to read them on a windows system, obviously. IIRC you need to 
use the tracerpt utility.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: WildCard/Subject Alternative Names Cert Question

2011-04-16 Thread Phil Mayers


On 04/16/2011 02:42 AM, Casartello, Thomas wrote:

When you say client EAP tracing do you mean on the Microsoft side, or


Yes


is there something you can do on the freeradius side? When I lookup


No


eap tracing I get information about generating Microsoft EAP host
tracing files, but it's an in unreadable format (.etl) that only
Microsoft can decode and I can't seem to find a way to make any sense
of it. Do you mean some other kind of tracing?


You need to read them on a windows system, obviously. IIRC you need to 
use the tracerpt utility.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: WildCard/Subject Alternative Names Cert Question

2011-04-16 Thread Casartello, Thomas

Ok thank you.

Thomas E. Casartello, Jr.
Staff Assistant - Wireless/Linux Administrator
Information Technology
Wilson 105A
Westfield State University

-Original Message-
From: freeradius-users-bounces+tcasartello=wsc.ma@lists.freeradius.org 
[mailto:freeradius-users-bounces+tcasartello=wsc.ma@lists.freeradius.org] 
On Behalf Of Phil Mayers
Sent: Saturday, April 16, 2011 5:36 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: WildCard/Subject Alternative Names Cert Question

On 04/16/2011 02:42 AM, Casartello, Thomas wrote:
 When you say client EAP tracing do you mean on the Microsoft side, or

Yes

 is there something you can do on the freeradius side? When I lookup

No

 eap tracing I get information about generating Microsoft EAP host
 tracing files, but it's an in unreadable format (.etl) that only
 Microsoft can decode and I can't seem to find a way to make any sense
 of it. Do you mean some other kind of tracing?

You need to read them on a windows system, obviously. IIRC you need to 
use the tracerpt utility.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: WildCard/Subject Alternative Names Cert Question

2011-04-15 Thread Phil Mayers


On 04/15/2011 08:42 PM, Casartello, Thomas wrote:


whatnot.) Should this kind of a cert work, or does 802.1x/PEAP/mschapv2
not support validating by subject alternative names.


This isn't really a FreeRADIUS question; it's down to the supplicant to 
permit or deny the cert.


Anyway... Section 3.2.7.1 of MS-WSH says:


If the isValidateServerNameEnabled is set to TRUE, then verify that the 
subject name (Section 4.1.2.6 of [RFC5280]) or subject alternative name 
(section 4.2.1.6 of [RFC5280]) of the server certificate exists in 
ServerNames.



i.e. it should honour subjectAltName. But Microsoft have a habit of 
ignoring their own standards, so if you're sure your certificate is 
good, then the only way to be sure is turn on client EAP tracing and dig 
in the logs to see why it's being refused.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: WildCard/Subject Alternative Names Cert Question

2011-04-15 Thread Casartello, Thomas

When you say client EAP tracing do you mean on the Microsoft side, or is there 
something you can do on the freeradius side? When I lookup eap tracing I get 
information about generating Microsoft EAP host tracing files, but it's an in 
unreadable format (.etl) that only Microsoft can decode and I can't seem to 
find a way to make any sense of it. Do you mean some other kind of tracing?

Thomas E. Casartello, Jr.
Staff Assistant - Wireless/Linux Administrator
Information Technology
Wilson 105A
Westfield State University

-Original Message-
From: freeradius-users-bounces+tcasartello=wsc.ma@lists.freeradius.org 
[mailto:freeradius-users-bounces+tcasartello=wsc.ma@lists.freeradius.org] 
On Behalf Of Phil Mayers
Sent: Friday, April 15, 2011 4:14 PM
To: freeradius-users@lists.freeradius.org
Subject: Re: WildCard/Subject Alternative Names Cert Question

On 04/15/2011 08:42 PM, Casartello, Thomas wrote:

 whatnot.) Should this kind of a cert work, or does 802.1x/PEAP/mschapv2
 not support validating by subject alternative names.

This isn't really a FreeRADIUS question; it's down to the supplicant to 
permit or deny the cert.

Anyway... Section 3.2.7.1 of MS-WSH says:


If the isValidateServerNameEnabled is set to TRUE, then verify that the 
subject name (Section 4.1.2.6 of [RFC5280]) or subject alternative name 
(section 4.2.1.6 of [RFC5280]) of the server certificate exists in 
ServerNames.


i.e. it should honour subjectAltName. But Microsoft have a habit of 
ignoring their own standards, so if you're sure your certificate is 
good, then the only way to be sure is turn on client EAP tracing and dig 
in the logs to see why it's being refused.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: (no subject)

2006-12-01 Thread Scott Hughes

Thanks for the link Stefan.

I am having a problem with our wireless clients re-authenticating
(non-radius issue I believe) anywhere from a few seconds, to four minutes,
to a few hours.  The client is NOT moving.  This is a simple design of Cisco
1231 APs and laptop/desktop clients.  Strange.

Also, I am under the understanding that EAP-TLS does NOT require a client
side cert, and EAP-TTLS DOES require a client side cert.  Is this correct or
is my thinking backwards.  I am only interested in a server side cert.

Scott


-Original Message-
From: Stefan Winter [mailto:[EMAIL PROTECTED] 
Sent: Friday, December 01, 2006 9:54 AM
To: [EMAIL PROTECTED]; FreeRadius users mailing list
Subject: Re: (no subject)

Hi,

 Are there any open source wireless clients for Windows based (2000  XP)
 machines, rather than using what comes with the wireless hardware?

Several. My favourite is at http://www.securew2.com. .

Stefan

-- 
Stefan WINTER

Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de 
la Recherche
Ingenieur Forschung  Entwicklung

6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED]     Tel.:     +352 424409-1
http://www.restena.lu                Fax:      +352 422473


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE : (no subject)

2006-12-01 Thread Thibault Le Meur


 Also, I am under the understanding that EAP-TLS does NOT 
 require a client side cert, and EAP-TTLS DOES require a 

EAP-TLS requires both server-side and client-side certs.

EAP-TTLS requires only a server-side cert. The client-side authentication is
performed through an inner TLS tunnel and is usually PAP (but can be any EAP
method).

Regards,
Thibault



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: RE : (no subject)

2006-12-01 Thread Martin Gadbois

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Thibault Le Meur wrote:
 EAP-TTLS requires only a server-side cert. The client-side authentication is
 performed through an inner TLS tunnel and is usually PAP (but can be any EAP
 method).
 

Several 801.1x/WPA clients can elect _not_ to verify the server's
certificate with EAP-TTLS and EAP-PEAP.

This allows Man-in-the-middle attacks.

- --
== +--+
Martin Gadbois | Windows might take you from 0 to 60 faster, |
S/W Developer  |  but to go to 100 you need Unix.|
Colubris Networks Inc. +--+
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFcHE79Y3/iTTCEDkRAmcaAJ4zhaOrgU2eJu+DYjxJ1LeeLj4LRgCgrHfg
znf7AG/N0tZsXjiKtEM/XZ4=
=Lm4S
-END PGP SIGNATURE-
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject)

2006-08-14 Thread Igor Smitran

  From: 
  c k 
  To: freeradius-users@lists.freeradius.org 

  Sent: Tuesday, August 08, 2006 6:33 
  AM
  Subject: (no subject)

  I m using EAP-TLS as an authentication protocol.I want to authorize the 
  clients in my network to access only certain protocol traffics.For some users 
  i want to allow only http,while for others http and ftp.How can i create such kind of profiles and 
  perform access control on routers.Sorry friends i m new to radius...plz help 
  me out.

You need router that supports that kind of thing. 
Something like named access lists. Then you use freeradius to send access list 
name to router. Try to find what attributes your router can receive from radius. 
Try googling something like "your router name radius attributes".
If not, you can use diferent pools for users that 
have ftp access and user that don't have ftp access. For those pools you setup 
diferent access lists. After that you just use freeradius to give diferent IP 
adresses to users that have ftp access and users that don't have ftp 
access.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Alvarion attributes Re: (no subject)

2006-07-14 Thread Robert Dukes

Alan,Thanks for the info,but can you giude me more on this this patch. i am very newbie in the linux and freebsd world. I am more of a window person. On 7/14/06, 
Alan DeKok [EMAIL PROTECTED] wrote:
Robert Dukes [EMAIL PROTECTED] wrote: This really sucks :) We invested so much into the gear here as our project is funding by caring people. So there is no way to get this done ah 
Try the patch below, which should work in 1.1.x.No guarantees... it just compiles, and I haven't tested it.You'll also have to create a dictionary, but I leave that part up toyou.Alan DeKok.
Index: src/include/libradius.h===RCS file: /source/radiusd/src/include/libradius.h,vretrieving revision 1.76.2.2.2.9diff -u -r1.76.2.2.2.9
 libradius.h--- src/include/libradius.h 15 Jun 2006 21:47:14 -1.76.2.2.2.9+++ src/include/libradius.h 13 Jul 2006 21:22:18 -@@ -65,12 +65,13 @@ #define CHAP_VALUE_LENGTH 16 #define MAX_STRING_LEN 254 /* RFC2138: string 0-253 octets */
+#define VENDOR(x)((x  16)  0x)+ #ifdef _LIBRADIUS #define AUTH_HDR_LEN 20 #define VENDORPEC_USR429 #define VENDORPEC_LUCENT 4846
 #define VENDORPEC_STARENT8164-#define VENDOR(x)((x  16)  0x) #define DEBUGif (librad_debug) printf #define debug_pair(vp) do { if (librad_debug) { \
putchar('\t'); \Index: src/modules/rlm_preprocess/rlm_preprocess.c===RCS file: /source/radiusd/src/modules/rlm_preprocess/rlm_preprocess.c,v
retrieving revision 1.52.2.1.2.1diff -u -r1.52.2.1.2.1 rlm_preprocess.c--- src/modules/rlm_preprocess/rlm_preprocess.c 5 May 2006 17:31:53 - 1.52.2.1.2.1+++ src/modules/rlm_preprocess/rlm_preprocess.c 13 Jul 2006 21:22:18 -
@@ -48,6 +48,7 @@int with_ntdomain_hack;int with_specialix_jetstream_hack;int with_cisco_vsa_hack;+ int with_alvarion_vsa_hack;
 } rlm_preprocess_t; static CONF_PARSER module_config[] = {@@ -69,6 +70,8 @@no },{ with_cisco_vsa_hack,PW_TYPE_BOOLEAN,offsetof(rlm_preprocess_t,with_cisco_vsa_hack), NULL, no },
+ { with_alvarion_vsa_hack,PW_TYPE_BOOLEAN,+ offsetof(rlm_preprocess_t,with_alvarion_vsa_hack), NULL, no },{ NULL, -1, 0, NULL, NULL } };@@ -115,7 +118,7 @@
charnewattr[MAX_STRING_LEN];for ( ; vp != NULL; vp = vp-next) {- vendorcode = (vp-attribute  16); /* HACK! */+ vendorcode = VENDOR(vp-attribute);
if (!((vendorcode == 9) || (vendorcode == 6618))) continue; /* not a Cisco or Quintum VSA, continue */if (vp-type != PW_TYPE_STRING) continue;@@ -170,6 +173,26 @@}
 }++/*+ * Don't even ask what this is doing...+ */+static void alvarion_vsa_hack(VALUE_PAIR *vp)+{+ int vendorcode;+ int number = 1;+
+ for ( ; vp != NULL; vp = vp-next) {+ vendorcode = VENDOR(vp-attribute);+ if (vendorcode != 12394) continue;+ if (vp-type != PW_TYPE_STRING) continue;
++ vp-attribute = number | (12394  16);+ snprintf(vp-name, sizeof(vp-name),+Breezecom-Attr%d, number++);+ }
+}+ /** Mangle username if needed, IN PLACE.*/@@ -515,6 +538,14 @@cisco_vsa_hack(request-packet-vps);}+ if (data-with_alvarion_vsa_hack) {
+ /*+*We need to run this hack because the Alvarion+*people are crazy.+*/+ alvarion_vsa_hack(request-packet-vps);
+ }+/* *Note that we add the Request-Src-IP-Address to the request *structure BEFORE checking huntgroup access.This allows-List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html-- Robert Dukes 
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject)

2006-07-13 Thread Alan DeKok

Robert Dukes [EMAIL PROTECTED] wrote:
 Has anyone used Freeradius with Alvarion Breezeaccess to do accounting ?
 I am having a big issue get the
 the radius to understand the rodios Attribs.

  Could you be more specific?  I have a problem, how do I fix it?
doesn't let anyone help you.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject)

2006-07-13 Thread Robert Dukes

Sorry, Ok I use Alvarion Su radios that has radius accountingoption.buttheradiossendsomeVSAthatisnotreconizableintheradius. Breezenet/Breezecom/Alvarion VSA's. These NASs sendEthernet port data in VSAs (up to 11 per accounting request) but
unfortunately dont use the same attribute numbers each time. Instead,the attribute number increments each time, then wraps at 256. Radiatorautomatically maps the fist one in a packet to Breezecom-Attr1, the
second to Breezecom-Attr2 etc through to Breezecom-Attr11.I can send a dump log if you wantOn 7/13/06, Alan DeKok 
[EMAIL PROTECTED] wrote:
Robert Dukes [EMAIL PROTECTED] wrote: Has anyone used Freeradius with Alvarion Breezeaccess to do accounting ?
 I am having a big issue get the the radius to understand the rodios Attribs.Could you be more specific?I have a problem, how do I fix it?doesn't let anyone help you.Alan DeKok.
-List info/subscribe/unsubscribe? See  
http://www.freeradius.org/list/users.html-- Robert Dukes   
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject)

2006-07-13 Thread Thor Spruyt

How about adding a dictionary will all 256 numbers?

- Original Message -
From: Robert Dukes
To: FreeRadius users mailing list
Sent: Thursday, July 13, 2006 9:26 PM
Subject: Re: (no subject)

Sorry, Ok I use Alvarion Su radios that has  radius accounting option. but
the radios send some VSA  that is not reconizable in the radius.
Breezenet/Breezecom/Alvarion VSA's. These NASs send
Ethernet port data in VSAs (up to 11 per accounting request) but
unfortunately dont use the same attribute numbers each time. Instead,
the attribute number increments each time, then wraps at 256. Radiator
automatically maps the fist one in a packet to Breezecom-Attr1, the
second to Breezecom-Attr2 etc through to Breezecom-Attr11.

I can send a dump log if you want

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Alvarion attributes Re: (no subject)

2006-07-13 Thread Robert Dukes

This really sucks :) We invested so much into the gear here as our project is funding by caring people. So there is no way to get this done ah On 7/14/06, 
Alan DeKok [EMAIL PROTECTED] wrote:
Robert Dukes [EMAIL PROTECTED] wrote: Breezenet/Breezecom/Alvarion VSA's. These NASs send Ethernet port data in VSAs (up to 11 per accounting request) but
 unfortunately dont use the same attribute numbers each time. Instead, the attribute number increments each time, then wraps at 256. Radiator automatically maps the fist one in a packet to Breezecom-Attr1, the
 second to Breezecom-Attr2 etc through to Breezecom-Attr11.Ah.*That* vendor.My suggestion is to throw away their equipmentand buy equipment that works.Barring that, file a bug with them, and
tell them their product is retarded.If you *have* to use their equipment, write a module to do thatre-mapping.It should be 30-40 lines of Perl, or about 200 lines of C.Alan DeKok.-List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html-- Robert Dukes 
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Alvarion attributes Re: (no subject)

2006-07-13 Thread Alan DeKok

Robert Dukes [EMAIL PROTECTED] wrote:
 This really sucks :) We invested so much into the gear here as our project
 is funding by caring people. So there is no way to get this done ah 

  Try the patch below, which should work in 1.1.x.

No guarantees... it just compiles, and I haven't tested it.
You'll also have to create a dictionary, but I leave that part up to
you.

  Alan DeKok.

Index: src/include/libradius.h
===
RCS file: /source/radiusd/src/include/libradius.h,v
retrieving revision 1.76.2.2.2.9
diff -u -r1.76.2.2.2.9 libradius.h
--- src/include/libradius.h 15 Jun 2006 21:47:14 -  1.76.2.2.2.9
+++ src/include/libradius.h 13 Jul 2006 21:22:18 -
@@ -65,12 +65,13 @@
 #define CHAP_VALUE_LENGTH   16
 #define MAX_STRING_LEN 254 /* RFC2138: string 0-253 octets */
 
+#  define VENDOR(x)((x  16)  0x)
+
 #ifdef _LIBRADIUS
 #  define AUTH_HDR_LEN 20
 #  define VENDORPEC_USR429
 #define VENDORPEC_LUCENT   4846
 #define VENDORPEC_STARENT  8164
-#  define VENDOR(x)((x  16)  0x)
 #  define DEBUGif (librad_debug) printf
 #  define debug_pair(vp)   do { if (librad_debug) { \
putchar('\t'); \
Index: src/modules/rlm_preprocess/rlm_preprocess.c
===
RCS file: /source/radiusd/src/modules/rlm_preprocess/rlm_preprocess.c,v
retrieving revision 1.52.2.1.2.1
diff -u -r1.52.2.1.2.1 rlm_preprocess.c
--- src/modules/rlm_preprocess/rlm_preprocess.c 5 May 2006 17:31:53 -   
1.52.2.1.2.1
+++ src/modules/rlm_preprocess/rlm_preprocess.c 13 Jul 2006 21:22:18 -
@@ -48,6 +48,7 @@
int with_ntdomain_hack;
int with_specialix_jetstream_hack;
int with_cisco_vsa_hack;
+   int with_alvarion_vsa_hack;
 } rlm_preprocess_t;
 
 static CONF_PARSER module_config[] = {
@@ -69,6 +70,8 @@
  no },
{ with_cisco_vsa_hack,PW_TYPE_BOOLEAN,
  offsetof(rlm_preprocess_t,with_cisco_vsa_hack), NULL, no },
+   { with_alvarion_vsa_hack,PW_TYPE_BOOLEAN,
+ offsetof(rlm_preprocess_t,with_alvarion_vsa_hack), NULL, no },
 
{ NULL, -1, 0, NULL, NULL }
 };
@@ -115,7 +118,7 @@
charnewattr[MAX_STRING_LEN];
 
for ( ; vp != NULL; vp = vp-next) {
-   vendorcode = (vp-attribute  16); /* HACK! */
+   vendorcode = VENDOR(vp-attribute);
if (!((vendorcode == 9) || (vendorcode == 6618))) continue; /* 
not a Cisco or Quintum VSA, continue */
 
if (vp-type != PW_TYPE_STRING) continue;
@@ -170,6 +173,26 @@
}
 }
 
+
+/*
+ * Don't even ask what this is doing...
+ */
+static void alvarion_vsa_hack(VALUE_PAIR *vp)
+{
+   int vendorcode;
+   int number = 1;
+
+   for ( ; vp != NULL; vp = vp-next) {
+   vendorcode = VENDOR(vp-attribute);
+   if (vendorcode != 12394) continue;
+   if (vp-type != PW_TYPE_STRING) continue;
+
+   vp-attribute = number | (12394  16);
+   snprintf(vp-name, sizeof(vp-name),
+Breezecom-Attr%d, number++);
+   }
+}
+
 /*
  * Mangle username if needed, IN PLACE.
  */
@@ -515,6 +538,14 @@
cisco_vsa_hack(request-packet-vps);
}
 
+   if (data-with_alvarion_vsa_hack) {
+   /*
+*  We need to run this hack because the Alvarion
+*  people are crazy.
+*/
+   alvarion_vsa_hack(request-packet-vps);
+   }
+
/*
 *  Note that we add the Request-Src-IP-Address to the request
 *  structure BEFORE checking huntgroup access.  This allows

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject)

2006-05-12 Thread Dennis Skinner

Yasir Elhaggaz wrote:
 
 
 Hello all,
  
 i have allready freeradius installed and working well, but i can see
 resentlly its became very slow to replay the DataBase wich is MySQL, 
 could any one send me the formal configuration file for one freeradius
 witch is allreay running well and acting good with MySql Database?

If it is working, there isn't much you can do to FreeRADIUS to make it
work faster, the slowdown is coming from MySQL.

If your tables are large, change them from MyISAM to InnoDB (table vs.
row locking makes all the difference).  Also make sure they are properly
indexed.  We also have a replication setup and do this in authorize:

redundant {
sql-slave
sql-master
}

and this in accounting:

sql-master

to separate the reads and writes.  Be aware that changing the engine on
mysql tables, causes them to lock and large tables take a long time to
change, so you will be unable to write to them during that time.  Reads
will also be quite slow (if it responds at all).  I took our radius
servers offline during the change at like 4am.

Archiving old accounting data will help too.

-- 
Dennis Skinner
Systems Administrator
BlueFrog Internet
http://www.bluefrog.com
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: (no subject)

2006-04-01 Thread Seferovic Edvin

Hi,

1. modify your pppoe-server to send accouting updates every hour or less
2. modify sql.conf to write an entry to sql for each accouting-update packet
3. based on session start time and update time you can calculate and see the
hourly transfer.

Regards,

Edvin

PS: I am planing to use such system to detect misuse ;)

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
g] On Behalf Of [EMAIL PROTECTED]
Sent: Samstag, 01. April 2006 11:06
To: freeradius-users@lists.freeradius.org
Subject: (no subject)

hi,

i have freeradius + mysql + cisco + pppoe clients.

the pppoe client is 3 day online. 
the radius have 1 line with input/output octets

the statistic for the users must to every hours the input/output octets

have you a idea?


best regrds
harald

-- 
Feel free - 10 GB Mailbox, 100 FreeSMS/Monat ...
Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail
- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject)

2006-02-21 Thread Alan DeKok

Walter Reynolds [EMAIL PROTECTED] wrote:
 Currently we have two files that appear to be accounting data to me.
 
 Following are what we get (I have removed IP info for safty sake)
 
 These two lines are from logfile.20060220
 
 Mon Feb 20 13:07:12 2006: Received-Authentication: 63/62890 'waltr' from 
 XXX.XXX.XXX.XXX port 9126 PPP

  That's not accounting data.  That's just logging information.  You
can update FreeRADIUS to log that, too.  See src/main/auth.c

 Mon Feb 20 13:07:12 2006: Authentication: 63/62890 'waltr' from 
 XXX.XXX.XXX.XXX port 9126 PPP - OK -- total 0, holding 0

  'total 0, holding 0'?  What does that mean?

  I've never understood Merit's logs.

 No, what is more important to me os from the session.20060220.las file 
 (mainly the first line)  This is strange though as because Pre-Auth the 
 accounting data is sent to the merit radius then forwarded to a freeradius 
 and back.

  I have no idea what that means.

 NA  NA  1140458855  20  20  waltr@  NA 
 'PROFILE' NA  NA  XXX.XXX.XXX.XXX/9126NA  NA 
 Framed/PPP/XXX.XXX.XXX.XXX
 ##  User-Name:0='waltr' Calling-Station-Id:0='XXX.XXX.XXX.XXX' 
 Acct-Status-Type:1=Stop

  I have no idea what that log file format is.  The ':0' and ':1'
stuff looks like nonsense to me.

  I'd suggest re-phrasing your requirements as what information do
you need to have logged, and ignore the existing format.  Then, write
a Perl script that reads the detail file, and produces whatever data
you want.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: (no subject)

2006-02-15 Thread Herman Swensson

I have changed this
Result:

tls: private_key_file = /usr/local/etc/raddb/certs/cert-srv.pem
 tls: certificate_file = /usr/local/etc/raddb/certs/cert-srv.pem
 tls: CA_file = /usr/local/etc/raddb/certs/demoCA/cacert.pem
 tls: private_key_password = SecretKeyPass77
 tls: dh_file = /usr/local/etc/raddb/certs/dh
 tls: random_file = /usr/local/etc/raddb/certs/random
 tls: fragment_size = 1024
 tls: include_length = yes
 tls: check_crl = no
 tls: check_cert_cn = (null)
rlm_eap_tls: Loading the certificate file as a chain
20988:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:632:Expec
ting: CERTIFICATE
20988:error:06065064:digital envelope routines:EVP_DecryptFinal:bad
decrypt:evp_
enc.c:438:
20988:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:421:
20988:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
lib:ssl_rsa.c:
707:
rlm_eap_tls: Error reading private key file
rlm_eap: Failed to initialize type tls
radiusd.conf[10]: eap: Module instantiation failed.
radiusd.conf[1902] Unknown module eap.
radiusd.conf[1849] Failed to parse authenticate section.

Greeting,

Herman

-Oorspronkelijk bericht-
Van: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Namens Phil Mayers
Verzonden: dinsdag 14 februari 2006 20:51
Aan: FreeRadius users mailing list
Onderwerp: Re: (no subject)

Herman Swensson wrote:
  tls: private_key_file = /usr/local/etc/raddb/certs/cert-srv.pem
  tls: certificate_file = (null)
 

Note this, then:

 
 rlm_eap_tls: Loading the certificate file as a chain
 
 20360:error:0200100E:system library:fopen:Bad 
 address:bss_file.c:259:fopen('','r')

Set certificate_file in eap.conf correctly. It's empty, so it's failing.
- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-- 
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 267.15.8/260 - Release Date: 14-2-2006
 

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 267.15.9/261 - Release Date: 15-2-2006
 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject)

2006-02-14 Thread Phil Mayers


Herman Swensson wrote:

 tls: private_key_file = /usr/local/etc/raddb/certs/cert-srv.pem
 tls: certificate_file = (null)



Note this, then:



rlm_eap_tls: Loading the certificate file as a chain

20360:error:0200100E:system library:fopen:Bad 
address:bss_file.c:259:fopen('','r')


Set certificate_file in eap.conf correctly. It's empty, so it's failing.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: (no subject)

2005-12-19 Thread maruna

yes

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of debik
Sent: Wednesday, December 14, 2005 1:15 AM
To: FreeRadius users mailing list
Subject: (no subject)

Isit posible to authenicate users on LAN with freeradius, without any Access

Point ? 

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: (no subject)

2005-12-19 Thread Bohannan, Chad W

Yes (using 802.1x or some other protocol)

Chad 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
debik
Sent: Tuesday, December 13, 2005 6:15 PM
To: FreeRadius users mailing list
Subject: (no subject)

Isit posible to authenicate users on LAN with freeradius, without any
Access 
Point ? 

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject)

2005-12-07 Thread Philippe Sultan

Hi, Josh.

the following describes the 'group lock' feature, considering a  Cisco
VPN 3000 concentrator and a RADIUS server (check the RADIUS Class
attribute) :
http://www.cisco.com/en/US/customer/tech/tk59/technologies_configuration_example09186a00800946a2.shtml

It is mentioned hereafter that the Cisco PIX Security Appliance
supports RADIUS group locking :
http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_data_sheet0900aecd801a9de9.html

It looks like your RADIUS client is actually a Cisco PIX SA (beware of
Cisco's terminology though), so I hope this can help you solve your
problem.

Regards,

Philippe

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject)

2005-10-11 Thread Josh Howlett


Nope.

josh.

nagaraj wrote:

 Hi, Has any body had any experience implementing CHAP-PASSWORD to
authenticate http clients against a radius server ? I read a document
that says The CHAP-Challenge and CHAP-PASSWORD attributes are not
suitable since the CHAP algorithm is not compatible with HTTP digest.
If that is the case, Please let me know if there is a work around.

Regards,
Nagaraj




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject)

2005-08-29 Thread Thor Spruyt

Matt morris wrote:
 So how do I setup freeradius to use rlm_perl then? Some pointers will
 be greatly appreciated. Thank you.

rlm_perl is still experimental
That means that you'll need to compile freeradius with
the --with-experimental-modules option.
The configuration is in etc/raddb/experimental.conf

rlm_exec is stable, so your freeradius will support it already.
The configuration is in etc/raddb/radiusd.conf
You can use any executable script (which *can* be a perl script).
Look in CVS, there's a lot of information added about rlm_exec!

--
Groeten, Regards, Salutations,

Thor Spruyt
M: +32 (0)475 67 22 65
E: [EMAIL PROTECTED]
W: www.thor-spruyt.com

www.salesguide.be
www.telenethotspot.be

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject)

2005-06-20 Thread Dustin Doris

On Fri, 17 Jun 2005, Graham, Robert wrote:

 Dustin,

 Thanks for the response.  I was kind of wondering if the location of the
 group in Active Directory was an issue.  But that brings up another
 question.  Doesn't a ldapsearch use the basedn as a starting point?  If
 instance, I have the basedn set as follows in radiusd.conf:

 basedn = ou=mem users,dc=mem-ins,dc=com

 And the structure of our AD is:

 MEM-INS.COM
 |
 |
 |_MEM Users
   |
   |
   |
   |

Where are the groups at?  Are they under ou=mem users?  If so, you are
correct, you should be able to find it in your search.



 And why is it that it can find the user rgraham but not the group.


Either the ldap search query you have setup in radiusd.conf is incorrect,
or perhaps the user you are binding with doesn't have permissions to
search the groups?

Can you post an example, of what a group member would look like in AD?

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: (no subject)

2005-05-25 Thread John Riggs

The user is in the /etc/passwd file. I uncommented out the passwd, shadow
and group files in radiusd.conf. Is there away to check to see if the
program is reading the passwd file.

John Riggs
619-313-2213
[EMAIL PROTECTED]

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Alan DeKok
Sent: Friday, May 20, 2005 1:55 PM
To: freeradius-users@lists.freeradius.org
Subject: Re: (no subject)

John Riggs [EMAIL PROTECTED] wrote:

 A local user can log on but a user using the default system password file
 can not log on. I've look at the debug but I'm not sure I understand the
 problem and how to correct it.  I believe this is the problem; modcall:
 entering group authenticate, modcall[authenticate]: module unix returns
 notfound,

  The user wasn't found in /etc/passwd?  Why would he be able to
authenticate?

  Alan DeKok.

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject)

2005-05-25 Thread Alan DeKok

John Riggs [EMAIL PROTECTED] wrote:
 The user is in the /etc/passwd file.

  shrug  The error message is definitive.

 I uncommented out the passwd, shadow and group files in
 radiusd.conf. Is there away to check to see if the program is
 reading the passwd file.

  Don't uncomment those lines.  It should work.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: (no subject)

2005-05-20 Thread John Riggs

A local user can log on but a user using the default system password file
can not log on. I've look at the debug but I'm not sure I understand the
problem and how to correct it.  I believe this is the problem; modcall:
entering group authenticate, modcall[authenticate]: module unix returns
notfound, modcall: group authenticate returns notfound.



John Riggs
619-313-2213
[EMAIL PROTECTED]

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Alan DeKok
Sent: Thursday, May 19, 2005 3:05 PM
To: freeradius-users@lists.freeradius.org
Subject: Re: (no subject)

John Riggs [EMAIL PROTECTED] wrote:
 The connect type is a PPP connection. I hope this is enough info
 this is my first time configuring a radius server. Thanks

  Run the server in debugging mode, as suggested in the README,
INSTALL, and FAQ.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


debug520.rtf
Description: MS-Word document

Re: (no subject)

2005-05-20 Thread Alan DeKok

John Riggs [EMAIL PROTECTED] wrote:
 
 A local user can log on but a user using the default system password file
 can not log on. I've look at the debug but I'm not sure I understand the
 problem and how to correct it.  I believe this is the problem; modcall:
 entering group authenticate, modcall[authenticate]: module unix returns
 notfound,

  The user wasn't found in /etc/passwd?  Why would he be able to authenticate?

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject)

2005-05-19 Thread Alan DeKok

John Riggs [EMAIL PROTECTED] wrote:
 The connect type is a PPP connection. I hope this is enough info
 this is my first time configuring a radius server. Thanks

  Run the server in debugging mode, as suggested in the README,
INSTALL, and FAQ.

  Alan DeKok.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject)

2005-05-11 Thread Raghu

On 5/8/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
 Hello, I have a problem and I hope that You can help me, please!?
 
 version: 1.0.0
 I want use (Free)RADIUS for AAA on IPv6.
 Only one router, one RADIUS server and one user. User(IPv6 address) connect 
 with Telnet to
 Router(IPv6 address)
 Questions:
 Can RADIUS solve this problem?
 Can be RADIUS on Linux with IPv6 address?(problem with: radius-server host 
 192.168.2.2 auth-port
 1812 acct-port 1813 - there is not IPv6 address)
 if yes, I need configuration of RADIUS
 if no, and it is on IPv4 address, need configuration of RADIUS
 Example: If all addresses are IPv4)
 Conf. on router:
 Router(config)# aaa new-model
 Router(config)# radius-server host 192.168.2.2 auth-port 1812 acct-port 1813
 Router(config)# radius-server retransmit 1
 Router(config)# radius-server key radius
 Router(config)# aaa authentication login default group radius
 Router(config)# aaa authorization exec default group radius
 Conf. of RADIUS:
 clients.conf:
   client 192.168.2.1  {
   secret  = radius
 shortname  = ethernet
 nastype= cisco
 }
 users:
 test Auth-Type := Local, User-Password == test
 
 I read RFC 3162 but it didn't help me...
 best solution for me is:
 
 Router(config)# aaa new-model
 Router(config)# radius-server host !!different!! 2001::2/64(IPv6) auth-port 
 1812 acct-port 1813
 Router(config)# radius-server retransmit 1
 Router(config)# radius-server key radius
 Router(config)# aaa authentication login default group radius
 Router(config)# aaa authorization exec default group radius
 Conf. of RADIUS:
 clients.conf:
   client !!different!!2001:1::/64(Ipv6)  {
   secret  = radius
 shortname  = ethernet
 nastype= cisco
   !!different!!
 and there something like : Login-IPv6-Host
   NAS-IPv6-Address
 }
 users:
 test Auth-Type := Local, User-Password == test

 but this in not possible:)
 PLEASE HELP!


Try the latest CVS and try your IPv6 client configuration
For now, I guess, Login-IPv6-Host  NAS-IPv6-Address
are not supported.

-Raghu

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject)

2005-05-09 Thread Kostas Kalevras

On Fri, 6 May 2005, Alan DeKok wrote:
Babar Shafiq [EMAIL PROTECTED] wrote:
I know i can see the reject cause while running in debug mode but I
want to store the reject causes in database or logs it. so it will
be helpful in future for support people,customer support etc, so
they can inform users what is the exact cause of the rejection !!
 Then always run the server in debugging mode.
 Or, write scripts to log reasons for failure.
log_badlogins from the dialupadmin package will do what you want.
 Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject)

2005-05-06 Thread Alan DeKok

Babar Shafiq [EMAIL PROTECTED] wrote:
 I know i can see the reject cause while running in debug mode but I
 want to store the reject causes in database or logs it. so it will
 be helpful in future for support people,customer support etc, so
 they can inform users what is the exact cause of the rejection !!

  Then always run the server in debugging mode.

  Or, write scripts to log reasons for failure.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject)

2005-04-19 Thread Sayantan Bhowmick


  
  
  HI

Can you run the server in debug mode and post the messages 

that you get. 


-Sayantan.[EMAIL PROTECTED] 04/19/05 5:52 pm HiI have a very strange problem.I authenticate a user agains a Novell 6 Server which is not theproblem.But I need some Attributes from the authentication brought back to theNASI put these in the users file and it worked with another server:Users complete-DEFAULT Auth-Type :=LDAP Ldap-Group == CN=WGRASO=FKELReply-Message = Welcome you are allowed to have dialupaccessFramed-Filter-Id = std.pppFall-Through = 0--The Ldap portion of the radiusd.conf comments removedldapserver = 170.56.185.59identity = anonymousbasedn = OU=AbteilungenO=FKELfilter = uid=Stripped-User-Name:-User-Namestart_tls = nodictionary_mapping = raddbdir/ldap.attrmapldap_connections_number = 5groupmembership_attribute = radiusGroupNametimeout = 20timelimit = 20net_timeout = 10Strangely the binds need a very long time up to 8 seconds each - butwhat has this to do with the not transmitting the Attributes As I said the authentication works but the Attributes are missing -Any Ideas RegardsAndre-List info/subscribe/unsubscribe See http://www.freeradius.org/list/users.html

Re: (no subject)

2005-03-14 Thread Chris Knipe

It's really obvious...
- Info: rlm_sql (sql): There are no DB handles to use! skipped 0, tried
to connect 0. 
^^ Increase your DB Handles to a higher value.

- Info: Using deprecated naslist file.  Support for this will go away
soon.
^^ I'd suggest fixing and using clients.conf as well.
-  Error: rlm_sql (sql): Could not link driver rlm_sql_oracle: file not
found
^ There's your biggest problem IMHO.
Just my 2c.
--
Chris.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject)

2005-02-04 Thread Stefan . Neis

Anderson Alves de Albuquerque schrieb:

   After I need that RADIUS use crypt or DES to have
 password in clean txt.

It's impossible. Once you have the password
crypted, you cannot get the clear text from
it anymore. It's like making an omelette. You
can make one from eggs, but you can't get the
eggs back from the omelette.

   How could I tell RADIUS use crypt or DES to have clean
 TXT?

How can you tell your cook to turn the omelette back into eggs?

  If RADIUS know like have original password is stored in
 LDAP the RADIUS 
 could done the HASH. Then RADIUS could know if this hash
 is like of the 
 hash that RADIUS receive of the [aplication].

No. If you create two hashes from the same 
password, they are different. Just looking at 
the two, nobody can tell if they were created
from the same password or not.

 HTH,
   Stefan

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject)

2005-01-21 Thread Neil Craig

What platform are you running it on? Easiest way is to use rpm or
yum/apt etc to install (on Linux).
Have a look at http://www.frontios.com/freeradius.html and also search
the list archives - the notes are also included in all the conf files
which are pretty handy


 [EMAIL PROTECTED] 21/01/2005 10:59:59 
Hi all! 

I am new in freeradius. I use debian testing. How i install and config

freeradius, freeradius-dialupadmin? 

Please help me guys 

Sincerely,
Tulga.G
Lead Programist of Netsoft LLC

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject)

2005-01-21 Thread tulga

Tnx for your reply! 

My kernel is 2.6.8-1-686. OS is Debian testing. 

I install: apt-get install freeradius and apt-get install 
freeradius-dialupadmin. Installation is successfully finished. So i cannot 
config freeradius and cannot use dialup-admin. My installed dialupadmin 
hasn't sql, and more folders. 

Neil Craig writes: 

What platform are you running it on? Easiest way is to use rpm or
yum/apt etc to install (on Linux).
Have a look at http://www.frontios.com/freeradius.html and also search
the list archives - the notes are also included in all the conf files
which are pretty handy 


[EMAIL PROTECTED] 21/01/2005 10:59:59 
Hi all!  

I am new in freeradius. I use debian testing. How i install and config 

freeradius, freeradius-dialupadmin?  

Please help me guys  

Sincerely,
Tulga.G
Lead Programist of Netsoft LLC 

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html  

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Sincerely,
Tulga.G
Lead Programist of Netsoft LLC 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject)

2005-01-21 Thread Neil Craig

Use apt to install freeradius-sql..

 [EMAIL PROTECTED] 21/01/2005 11:27:06 
Tnx for your reply! 

My kernel is 2.6.8-1-686. OS is Debian testing. 

I install: apt-get install freeradius and apt-get install 
freeradius-dialupadmin. Installation is successfully finished. So i
cannot 
config freeradius and cannot use dialup-admin. My installed dialupadmin

hasn't sql, and more folders. 

Neil Craig writes: 

 What platform are you running it on? Easiest way is to use rpm or
 yum/apt etc to install (on Linux).
 Have a look at http://www.frontios.com/freeradius.html and also
search
 the list archives - the notes are also included in all the conf
files
 which are pretty handy 
 
 
 [EMAIL PROTECTED] 21/01/2005 10:59:59 
 Hi all!  
 
 I am new in freeradius. I use debian testing. How i install and
config 
 
 freeradius, freeradius-dialupadmin?  
 
 Please help me guys  
 
 Sincerely,
 Tulga.G
 Lead Programist of Netsoft LLC 
 
 - 
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html  
 
 
 - 
 List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html 
 


Sincerely,
Tulga.G
Lead Programist of Netsoft LLC 


- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: (no subject)

2005-01-14 Thread Janakan Rajendran

Hi,

Check out this link

http://www.multitech.com/SUPPORT/Families/CommPlete4000/software.asp

Regards,
Janakan Rajendran

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Martin
Jessa
Sent: Thursday, January 13, 2005 1:02 PM
To: freeradius-users@lists.freeradius.org
Subject: Re: (no subject)

I checked their website and there was nothing about that server.
Do you happen to know where to download it?


On Tue, 11 Jan 2005 22:04:43 -0500
Janakan Rajendran [EMAIL PROTECTED] wrote:

  
 Try Multi-tech Radius server
   _  
 
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Zhao
 Yu,SCNB RD NNA(BJ)
 Sent: Tuesday, January 11, 2005 5:27 AM
 To: freeradius-users@lists.freeradius.org
 Subject: (no subject)
  
 Is there any opensource radius server than runs well on Windows 2000. 
 

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject)

2005-01-13 Thread Martin Jessa

I checked their website and there was nothing about that server.
Do you happen to know where to download it?


On Tue, 11 Jan 2005 22:04:43 -0500
Janakan Rajendran [EMAIL PROTECTED] wrote:

  
 Try Multi-tech Radius server
   _  
 
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Zhao
 Yu,SCNB RD NNA(BJ)
 Sent: Tuesday, January 11, 2005 5:27 AM
 To: freeradius-users@lists.freeradius.org
 Subject: (no subject)
  
 Is there any opensource radius server than runs well on Windows 2000. 
 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: (no subject)

2005-01-13 Thread Mike Barber

Try Google search for radius200.exe

Cheers Mike

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Martin
Jessa
Sent: 13 January 2005 18:02
To: freeradius-users@lists.freeradius.org
Subject: Re: (no subject)

I checked their website and there was nothing about that server.
Do you happen to know where to download it?


On Tue, 11 Jan 2005 22:04:43 -0500
Janakan Rajendran [EMAIL PROTECTED] wrote:

  
 Try Multi-tech Radius server
   _  
 
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Zhao
 Yu,SCNB RD NNA(BJ)
 Sent: Tuesday, January 11, 2005 5:27 AM
 To: freeradius-users@lists.freeradius.org
 Subject: (no subject)
  
 Is there any opensource radius server than runs well on Windows 2000. 
 

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: (no subject)

2005-01-11 Thread Janakan Rajendran











Try Multi-tech Radius server









From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Zhao Yu,SCNB RD NNA(BJ)
Sent: Tuesday, January 11, 2005
5:27 AM
To: freeradius-users@lists.freeradius.org
Subject: (no subject)





Is
there any opensource radius server than runs well on Windows 2000.

Re: (no subject)

2004-12-03 Thread Neil Craig

 [EMAIL PROTECTED] 03/12/2004 17:37:45 
I am testing my freeradius using NTRadPing Utility. I am running
radius
in debugger mode and I get this:

rad_recv: Access-Request packet from host 10.192.1.11:3628, id=1,
length=44
Ignoring request from unknown client 10.192.1.11:3628

In clients.conf I have this entry:

client 10.192.1.11/16 {
   secret  = testing123
shortname   = mbasso
}

Have you tried just having the single IP in clients.conf?
client 10.192.1.11 {
   secret  = testing123
shortname   = mbasso
}

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: (no subject)

2004-10-27 Thread Geissbühler Johannes




radtest and radclient come 
together with the freeradius Server

enter man radtest or man 
radclient for more information

depending on your configuration 
radclient ist installed in /opt/gnu/bin/radclient


  -Original Message-From: rajesh 
  [mailto:[EMAIL PROTECTED]Sent: Mittwoch, 27. Oktober 
  2004 12:05To: 
  [EMAIL PROTECTED]Subject: (no 
  subject)
  Hi,
  Where can i get a RADIUS client like 
  RADTEST,RADCLIENT to test with RADIUS server
  I have to test MY RADIUS server with another machine 
  (client).For that i need this client application.
  More over both my machiens r Linux 
  machines.
  Thanks  Regards
  Rajesh.Ch

Re: (no subject)

2004-07-28 Thread Thor Spruyt

kill -HUP `cat /var/run/radius/radius.pid`

- Original Message - 
From: jh vg [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, July 28, 2004 11:46 AM
Subject: (no subject)

 Hi
 I want to develop a project that supports WLAN roaming. I need the realms
to
 be configured dynamic from a database. As far as i have seen the only way
to
 configure realms is from proxy.conf or realms file. What must i do when i
 want to add a new realm without restarting the server? Is there a way for
 the server to  read realms from a database?
 Another solution is to write  new realms to proxy.conf and then force the
 server to read the file again. Can this be done?
 I have little experience with radius and i would appreciate your help

 _
 MSN 8 with e-mail virus protection service: 2 months FREE*
 http://join.msn.com/?page=features/virus

 -
 List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject)

2004-06-18 Thread Dave Shepherd

On Thu, 2004-06-17 at 16:33, Maqbool Hashim wrote:
 Is it possible to get a Windows Domain Controller to authenticate via 
 radius? Has anyone got this working?

Could you please expand on what you requirements are.

I have users authenticating against a Windows BDC via radius if that is
what you require advise on.

Dave


IMPORTANT - this email and the information in it may be confidential, legally 
privileged and/or protected by law.  It is intended solely for the use of the person 
to whom it is addressed.  If you are not the intended recipient, please notify the 
sender immediately and do not disclose the contents to any other person, use it for 
any purpose, or store or copy the information in any medium.  Please also delete all 
copies of this email and any attachments from your system.  

We cannot guarantee the security or confidentiality of email communications. We do not 
accept any liability for losses or damages that you may suffer as a result of your 
receipt of this email including but not limited to computer service or system failure, 
access delays or interruption, data non-delivery or mis-delivery, computer viruses or 
other harmful components.
  
Copyright in this email and any attachments belong to Compass Group.  Should you 
communicate with anyone at Compass Group by email, you consent to us monitoring and 
reading any such correspondence.

Nothing in this email shall be taken or read as suggesting, proposing or relating to 
any agreement concerted practice or other practice that could infringe UK or EC 
competition legislation.  
Compass Group, UK and Ireland Limited is a company registered in England and Wales 
(Company number 02272248) whose registered office is at Parklands Court, 24 Parklands, 
Birmingham Great Park, Rubery, Birmingham, West Midlands, B45 9PZ.  Compass Group UK  
Ireland Limited is a wholly owned subsidiary of Compass Group PLC, registered in 
England and Wales (Company number 4083914) whose registered office is at Compass 
House, Guildford Street, Chertsey, Surrey, KT16 9BQ.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject)

2004-04-06 Thread Alan DeKok

Steve OBrien [EMAIL PROTECTED] wrote:
 So they're different.  If you want to know exactly what they are,
 add debug statements to print them out.
 
 would that be debug_eap = 0x in eap.conf?

  Huh?  There's no such configuration line in eap.conf.

  I was suggesting to edit the source code.

 Hmm... it may be that the \ is the cause of the problem.
 
 Should I use the NT domain hack or realms or what?

  Until you edit the source code to see exactly which strings are
being compared, it would be premature to talk about a solution.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject) - Is: Segmentation Fault in CVS-Snapshot 20040328

2004-03-28 Thread xaeon

Dont hit me, i forgot the Subject :/
Sorry!

-- 
+++ NEU bei GMX und erstmalig in Deutschland: TÜV-geprüfter Virenschutz +++
100% Virenerkennung nach Wildlist. Infos: http://www.gmx.net/virenschutz


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Accounting attributes (was Re: (no subject) )

2004-03-16 Thread Alan DeKok

[EMAIL PROTECTED] wrote:
  But there isnt Acct-Termination-Cause attribute - why ?

  See the FAQ.

  The server can't log what it doesn't get.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject)

2004-03-02 Thread Graeme Hinchliffe

Hiya


 I want to log all Level 15 commands on the switches or
 routers back to the freeradius box via accounting. On
 the Cisco router i have:

I was under the impression that this functionality was only availible if using TACAS+ 
?  

If it is possible with RADIUS I would be interested in this also.

Graeme

-- 
-
Graeme Hinchliffe (BSc)
Core Team Member
Zen Internet (http://www.zen.co.uk)

ICQ 3842605 (link)

Direct: 0845 058 9074
Main  : 0845 058 9000
Fax   : 0845 058 9005


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject)

2004-02-25 Thread Kevin Bonner

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wednesday 25 February 2004 18:05, Clinton J Wooton wrote:
 I believe that the [1636] refers to the actual line in the file. I looked
 at this exact spot using gedit and found that it is the last line of the
 file and it has nothing in it.

I would make sure that all { have a matching } in the file.  If that doesn't 
help, copy your current configuration out of the way, then copy the default 
radiusd.conf in place and attempt your config changes again.

Kevin Bonner
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAPS94/9i/ml3OBYMRAm2wAJ4ok0DCBuLhV2mMUrsN1I61sciggACbBKqA
3Uocqna8iVqZuOyMd77tm1I=
=wvOc
-END PGP SIGNATURE-


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: (no subject)

2004-01-20 Thread Brian Johnson




I thought this list was going to be subscriber post only. 
:-)

Any progress toward that?

- Brian J.


  
  
  From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Tarun 
  SinghalSent: Wednesday, January 14, 2004 11:26 PMTo: 
  [EMAIL PROTECTED]Subject: (no 
  subject)
  
  
  
  Largest Matrimonial Portal For 
  Agarwal 
  We have the largest collection of Agarwal 
  Bride  Groom
  
  Agarwal Matrimonial - http://www.agarwaltoagarwal.org 
  We Have the largest data base of well educated Agarwalbrides  
  grooms from all over India and othercountries including US, UK, 
  Canada, Australia etc. Thedata base includes bio-data of Agarwal boys and 
  girlsfrom various fields of life i.e. Medicos, Engineers,IT 
  Professionals, Software Engineers, Professors,Teachers, Entrepreneurs, 
  Industrialist, Businessmen,Self Employed, Employees in private  
  public sectorsetc. It also includes bio-data of well-educated 
  homelygirls. 
  Note: We have the largest collection 
  of Manglik Agarwal.  
   
  We have largest collection of profile from different 
  Agarwal culture 
  
  E.g.: Haryana, Rajasthani, Delhi, Uttar Pradesh, 
  etc. 
  http://www.agarwaltoagarwal.org

55 matches

Mail list logo