NAS sends the port attribute, but it's the same.
Analogue calls:
Dec 26 14:20:37 - 14:45:29 port 214:pr 194.102.181.1740:24
Dec 27 16:30:02 - 16:47:37 port 221:pr 194.102.181.1810:17
Dec 27 16:58:38 - 17:06:17 port 226:pr 194.102.181.1860:07
Dec 28 00:13:16 - 00:22:3
i was using cistron
i have serveral RAS in my network.
like A ,B, C RAS names
i want to authenticate perticular user only on NAS C
not on any other RAS, it should reject if he try to loging like RAS A
and B
it should onlu authenticate RAS C
how to i make check items username, password,
The attached patch to raddb/dictionary.bay has additional attributes for
the Annex-RAC R18.0 software.
Bill
--
INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC
UUCP: camco!bill PO Box 820; 6641 E. Mercer Way
FAX:(206) 232-9186 Mercer Island, WA 9804
I noticed that there was some earlier posts about getting ldap + chap support
working with freeradius. I currently am using .4 of freeradius and have it
*almost*
working..
Whats weird when running in debug mode is that the rlm_ldap processes the
correct
information (ie. password) in 'ldap_autho
I use freeRadius + Oracle,
once I dial to NAS, the authorize and authenticate passed,and then radiusd -X printf
information below:
rad_recv: Accounting-Request packet from host 192.168.0.111:2001, id=4, length=102
Received Accounting-Request packet from 192.168.0.111 with invalid signature!
Serve
On Mon, 7 Jan 2002, J. S. Townsley wrote:
>
> I've been reviewing the website and FAQ for CHAP and LDAP related
> discussion but can't find much.
>
> Looks like there is no support for CHAP unless you have your passwords
> stored in cleartext on the server.
>
> If I were to setup my accounts
On Mon, 2002-01-07 at 11:50, [EMAIL PROTECTED] wrote:
> [EMAIL PROTECTED] wrote:
> > Is it possible to authenticate my dialin pap users agains the system
> > /etc/passwd /etc/shadow.
>
> Yes... the default 'users' file which comes with the server is set
> up to authenticate against the system /
I've been reviewing the website and FAQ for CHAP and LDAP related
discussion but can't find much.
Looks like there is no support for CHAP unless you have your passwords
stored in cleartext on the server.
If I were to setup my accounts as cleartext in LDAP is their current
structure for authe
>That's easy enough:
>
>
>DEFAULT Client-IP-Address == ip.of.nas1
>Reply-Message += "You came in from NAS 1"
>Fall-Through = Tes
>
>DEFAULT Client-IP-Address == ip.of.nas2
>Reply-Message += "You came in from NAS 2"
>Fall-Through = Tes
I can get this
Title: RE: Cisco Enable
Here is a copy from a mail I sent to someone else with the same question.
Your options are to do it like I described below or, when you have a somewhat bigger router (2600 and up I believe), you can use AV-pairs.
add a:
aaa authentication enable default radius en
Fuad Cotait Neto <[EMAIL PROTECTED]> wrote:
> However, ocurr that when the same user comes with login@realm his
> huntgroup access is denied.
Yes. The 'unix' module currently only uses the User-Name attribute
to look up the group permissions. It SHOULD be configurable to use
another attribute
[EMAIL PROTECTED] wrote:
> Is it possible to authenticate my dialin pap users agains the system
> /etc/passwd /etc/shadow.
Yes... the default 'users' file which comes with the server is set
up to authenticate against the system /etc/passwd, /etc/shadow files.
> My config looks like :
>
> foo
Q <[EMAIL PROTECTED]> wrote:
> In the features list I see the section labeled "Selecting a particular
> configuration". However I can't seem to find any docs on how to set it up.
> Is there a reference somewhere or can someone help?
'man users'
See also the 'users' file that comes with t
=?iso-8859-1?q?simon=20pinkney?= <[EMAIL PROTECTED]> wrote:
> Does freeradius backend into a ldap database and
> is there any support for securid cards .
Yes, and no.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Chris Parker <[EMAIL PROTECTED]> wrote:
> At 05:22 PM 1/7/2002 +0200, Kostas Kalevras wrote:
>
> >We *really* need to do an sql_set_user for Update packets or change
> >sql.conf to read UserName = '%{User-Name}'
>
> I agree with the former. If we do it for start/stop we should do it for
> upda
In looking closer at why checkrad was not working for
me I think this might be a bug... from line 320...
sub cisco_snmp {
# Look up community string in naspasswd file.
my ($login, $pass) = naspasswd($ARGV[1], 1);
if ($login && $login ne 'SNMP') {
if ($debu
> From: "martoQ" <[EMAIL PROTECTED]>
>
> Does anyone know or perhaps have successfully configured FreeRadius
> to authenticate a Cisco enable password challenge? I think it might
> be a tacacs only feature but am uncertain. Any help is greatly
> appreciated.
>From my experience with trying
At 11:51 AM 1/5/2002 +0200, Igor Chen wrote:
>Seems that radius can't reach sql-user-name when updating session with
>Alive record...
Can you apply the following patch to 'src/modules/rlm_sql/rlm_sql.c' and
see if the problem is fixed?
--- beging patch ---
*** rlm_sql.c 2001/12/14 16:05:16
Hi Group,
sorry if this Question maybe was asked a hunderd times before :
I can`t find nothing about it in the user file nor in the FAQ nor in the web
Mailing List index.
Is it possible to authenticate my dialin pap users agains the system
/etc/passwd /etc/shadow. All users have valid accounts !
In my case - in the few occations where the starttime is zero, the startrecord
is actually missing in the detail-file. The sql record is probably created from
the "alive" packet sent. So, the cause in my case is likely to be network
related or simply a bug in the as5200. Anyone got a good idea
At 05:22 PM 1/7/2002 +0200, Kostas Kalevras wrote:
>We *really* need to do an sql_set_user for Update packets or change
>sql.conf to read UserName = '%{User-Name}'
I agree with the former. If we do it for start/stop we should do it for
updates as well. Otherwise we end up with incomplete quer
On Mon, 7 Jan 2002, Chris Parker wrote:
> At 11:51 AM 1/5/2002 +0200, Igor Chen wrote:
> >Seems that radius can't reach sql-user-name when updating session with
> >Alive record...
> >---
> >rlm_sql: Reserving sql socket id: 4
> >query: UPDATE radacct SET FramedIPAddress = '217.12.196.221' WHERE
>
At 12:53 AM 1/5/2002 -0500, Steven J. Sobol wrote:
>My NNTP provider and dialup provider proxy requests for [EMAIL PROTECTED]
>to my FreeRadius server, which is not stripping the realm. For some very
>strange reason, for those people who are in /etc/passwd, they can
>authenticate anyhow. But I'm
At 11:51 AM 1/5/2002 +0200, Igor Chen wrote:
>Seems that radius can't reach sql-user-name when updating session with
>Alive record...
>---
>rlm_sql: Reserving sql socket id: 4
>query: UPDATE radacct SET FramedIPAddress = '217.12.196.221' WHERE
>AcctSessionId = '0003' AND UserName = '' AND NASI
At 02:51 PM 1/7/2002 +0200, deejaylyon wrote:
>Hi,
>We have a Cyclades PR 4000 equipment, accounting is being done with Radius.
>We have no special problems, except how can we separately account users
>connecting with ISDN?
If your NAS sends the Port-Type attribute, that should enable you
differ
unsubscribe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
We have a Cyclades PR 4000 equipment, accounting is being done with Radius.
We have no special problems, except how can we separately account users connecting
with ISDN?
Thank you!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I have a Radius freeradius version:0.4 configured to work with:
/etc/passwd
/etc/shadow
/etc/group
In the radius we have set up huntgroup and realm
When a test user try login without the realm, the login is "ok"
However, ocurr that when the same user comes with login@realm his
huntgroup access
Hi Guys
I've read the FAQ's and am looking at itm now!!
just a couple of quickies
Does freeradius backend into a ldap database and
is there any support for securid cards .
Cheers
Simon Pinkney
__
Do You Yahoo!?
Everything you'll ever need on
Hi,all,
I use freeRadius + Oracle,
I know that radiusd read 'raddb/clients' to memory,
but I want radiusd to read NAS infomation from Oracle database,such as the table nas,
does freeradius support this? And how to configure?
Any help is appreciate.
-
List info/subscribe/unsubscribe? See http:/
Tell me please what table 'radgroupcheck' for? when i try to insert any
attribute in it i always get error 'pairs do not match' :-\
Anyone can give an example? please!
--
cron-ripe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Are there any log analyzers, which are found working with freeradius 0.4 and
they produce html output?
Miika
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Mon, 07 Jan 2002 around 08:54:46 +1000, Michael Pearson wrote:
> Hi, just wondering if anyone else has had, or has heard of problems
> relating to sending the timestamp of a user login to a mysql database from
> a Patton 2800 router, and having the AcctStartTime field in the radacct
> table def
You can use a feature that specific user get enable privilege by default
and doesn't have to type enable:
juraAuth-Type = System
Service-Type = Login-User,
Cisco-AVPair = "shell:priv-lvl=15"
Also you need to have authorization line:
aaa authorization login default group radiu
Hi,
Just for the record - we have the same problem,
We're using 0.3 version and mysql. Cisco AS5200.
Only some 10-20 per 2000 logins is missing startime.
Stig Andersson
At 08:54 2002-01-07 +1000, you wrote:
>Hi, just wondering if anyone else has had, or has heard of problems
>relating to sendi
35 matches
Mail list logo