Alan DeKok wrote:
>
> Do-Risika RAFIEFERANTSIARONJY <[EMAIL PROTECTED]> wrote:
> > I reinitialized my freeradius (by deleting all log and counter files),
> > and when i started, the radius.log file was created but was owned by
> > root, so i had to chown freerad.freerad. Is it normal or not ?
>
Hi,all,
I use freeradius snapshot + oracle database.
I know if I use PPP CHAP , I must put the user password in cleartext in the database.
But I donot want to let the database administrator know the user's password,
so if I use PPP PAP, can I put encoded password in database, what arithmetic does
I wrote a script in perl at one point to do radius testing, but can't find
it. I think FreeRadius ships with a command line tool to do queries and
dump the results. These kinds of tools would be your best bet for
debugging.
--
Roy Hooper
Project Manager & Senior UNIX Consultant
Decisive Technol
According to the dictionary.foundry file the ATTRIBUTE id's for the
attributes I set in the DEFAULT user configuration should be values 1 2
and 3 repectively, however it looks to me that the foundry is recieving
a authentication reply packet from the server with incorrect ATTRIBUTE
id's (the I
> >Nope. Triple-checked the shared secret. They match.
> >
> >Only one RADIUS server in this setup, not separate auth and
> acct (or did I
> >misunderstand your suggestion?).
>
> If shared secret is right then we need to figure out, where
> the problem
> is.
> Can you send the radius logs.
>
Thomas Keitel <[EMAIL PROTECTED]> wrote:
> Here is the entries for the foundry dictionary file that I whipped up.
> It is for the 3 attributes that I was able to reference in the documentation
OK, I've added them as 'raddb/dictionary.foundry'
Alan DeKok.
-
List info/subscribe/unsubscribe?
Hello All,
Here is the entries for the foundry dictionary file that I whipped up.
It is for the 3 attributes that I was able to reference in the documentation
VENDOR Foundry 1991
ATTRIBUTE foundry-privilege-level 1
integerFoundry
I have found the following URL very useful:
http://www.missl.cs.umd.edu/~adam/802/
jsl
--
John Lindsay - Engineering Services Manager
Internode Professional Access
ph +61 8 8223 2999 fx +61 8 8223 1777
31 York St Adelaide, PO BOX 284 Rundle Mall SA 5000
-
List info/subscribe/unsubscribe? Se
Well, if we're supposed to be reporting bugs:
(I've encountered this problem from 0.2 all the way up to the most recent
CVS)
I have proxying configured and working, but the accounting is kind of
strange.
The accounting packets are propery proxied to the end server, but the copies
that are writt
Chris Parker wrote:
> If there is a standard attribute ( non-VSA ) that does what you want,
> I highly urge the use of that, over the VSA, as it will be more portable.
> If there isn't a standard attribute to accomplish it, then you don't have
> a choice, so you have to use the VSA.
>
> I come f
"Bernd Sontheimer" <[EMAIL PROTECTED]> wrote:
> A second point:
> To overcome the problem above myself i removed the prefix-
> checking from radiusd.conf, so that only suffix-checking remains,
> and put a entry in the users-file like
>
> No i was happy first, because authentication works no
"Eric John Seneca" <[EMAIL PROTECTED]> wrote:
> The reason there is not response back is because the 3com access point
> interprets challenge as a failure.
Then it doesn't do EAP properly.
> Is there any special setting I must define for the user? The access point
> and client only has one set
> Radius Server has sent an Access-Challenge with EAP-MD5 challenge value
> for which the client should respond back.
> Based on the response received, Radius Server authenticates the user.
The reason there is not response back is because the 3com access point
interprets challenge as a failure. He
Hi!
I tried to setup freeradius to proxy based on prefix and suffix the
same time, where prefix has preference. There are accounts like:
[EMAIL PROTECTED] (should go to isp 1)
[EMAIL PROTECTED] (should go to GRIC)
username (should go to our own radiusd on another machine)
In radiusd.conf i've:
Has any one been able compile FreeRadius on a mac running OSX?
--
Scott A Silzer
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> Yes. You can use something like this for your users file:
>
> tunneluser Auth-Type := Local, Password == "foobar"
> Tunnel-Type:1 = L2TP
> Tunnel-Medium-Type:1 = IP
> Tunnel-Server-Endpoint:1 = "10.20.30.2"
> Tunnel-Password:1 = "secret"
> Tunnel-Preference:1 =
duncan <[EMAIL PROTECTED]> wrote:
> i tried again (this time with make -v) and its the same...
Install GNU make.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
At 06:48 PM 3/14/2002 +, [EMAIL PROTECTED] wrote:
>Hi Chris, thanks for the help! I'll give it a go right now and take a
>look at the RFC you mentioned.
>
>This may seen a naive question but i only have 5 days worth of radius
>experience under my belt, when should i/should not use VSA (like
>
Edgard Castro <[EMAIL PROTECTED]> wrote:
> > * Password = "UNIX" or "PAM" backwards compatibility removed.
>
> Ok, help! I use PAM autentication, what should I do now?
If your 'users' file has:
DEFAULT Password == "PAM"
...
Then change it to:
DEFAULT Auth-Type := PAM
Ah ...
Thank you very much. That did the trick!
Mayhaps this should be added to the docs and/or the comments of the
.conf file?
Cheers,
Tom
Roy Hooper wrote:
>Because FreeBSD doesn't support shadow passwords, if I remember the code
>correctly, you have to comment out passwd= and shadow
Thomas Keitel <[EMAIL PROTECTED]> wrote:
> Ok .. what would the corresponding entry in the users file look like?
That really depends on what you want to do. Read the 'users' file
for examples. There's no point in me posting the same examples here.
> The attribute reported in radacct details
Thomas Keitel <[EMAIL PROTECTED]> wrote:
> Mayhaps this should be added to the docs and/or the comments of the
> .conf file?
Done.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ok .. what would the corresponding entry in the users file look like?
The attribute reported in radacct details is Attr-130482178, but I don't
see any attribute style information in the debug output during the auth
phase when I enable radius authentication on the router.
Cheers,
Tom
Alan DeK
> NOW I ASSUME THE MESSAGE BEING SENT BACK IT MY SECOND PACKET IN THE SNIFFER
> LOG.
> 64.95.221.220-> 192.168.100.170 UDP D=1812 S=1812 LEN=108
>
> Sending Access-Challenge of id 62 to 64.214.69.230:4916
> EAP-Message =
> "\001>\000\026\004\020#\237\300j\320\225\376<\2639\262\265\340\333
> * Fix a bug which would hang the server when many SQL
> connections were open. Found by Cvetan Ivanov <[EMAIL PROTECTED]>
Sweet. I had this problem on sunday. heh
> * Password = "UNIX" or "PAM" backwards compatibility removed.
Ok, help! I use PAM autentication, what should I do
At 04:47 PM 3/14/2002 +, [EMAIL PROTECTED] wrote:
>Hi,
>
>I have FR up and running nicely, sending back attributes to the nas's
>in question to setup tunnels.
>
>I've heard about a tunnel feature that allows the nas to receive
>multiple
>tunnel-endpoint attributes and then load balance the tun
Because FreeBSD doesn't support shadow passwords, if I remember the code
correctly, you have to comment out passwd= and shadow= to get system password
file authentication that uses master.passwd. The caching is unnecessary for
the FreeBSD system password file as it is a berkeley DB file that driv
> Try grabbing the latest CVS snapshot.
After compiling the CVS snapshot and configuring the /etc/raddb/radius.conf,
I still get authentification failure.
I sniffed the session traffic and I see the following information
192.168.100.170 -> 64.95.221.220 UDP D=1812 S=1812 LEN=75
AND THE RADIUS
Hi,
I'm running FreeRadius 0.4 on Sparc/Solaris 8 (latest patches) for
some testing i'm conducting with 3Com/Cisco L2TP tunnels - please
bear with me i'm a radius newbie and have only been running FR for a
week.
I have FR up and running nicely, sending back attributes to the nas's
in question to
> > >What does 'make -v' say?
> >
> > make - v
>
> Please try again.
>
> Alan DeKok.
i tried again (this time with make -v) and its the same...
"Makefile", line 10: Could not find Make.inc
Make: fatal errors encountered -- cannot continue
duncan
-
List info/subscribe/unsubscribe? See
At 10:24 AM 3/14/2002 -0500, Alan DeKok wrote:
> This is a pre-release announcement for 0.5. Anyone who has had
>problems with the CVS snapshot should announce any bugs they've
>encountered. If there are no problems, then 0.5 will be released in a
>day or so.
I'm committing a fix today for rl
Thomas Keitel <[EMAIL PROTECTED]> wrote:
> Is there an FAQ or doc that references how to use freeradius with
> routers?
I don't think so. But if the router speaks RADIUS, then it doesn't
matter if it's a router, a NAS, or a desktop box. It's just a RADIUS
client.
> In particular, I am looki
Eric Dean <[EMAIL PROTECTED]> wrote:
> I found the problem. The customer firewalls accounting which results in
> the proxy client being disabled. There's a DEAD_TIME variable that can be
> changed as well.
raddb/proxy.conf has a "dead_time" variable. The only DEAD_TIME in
the tar file is in
"Eric John Seneca" <[EMAIL PROTECTED]> wrote:
> Where do I get the module rlm_eap for freeradius? I get the following
> message
...
> It was not included in the tarball for freeradius-0.4.
Try grabbing the latest CVS snapshot.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.f
Where do I get the module rlm_eap for freeradius? I get the following
message
Module: Loaded System
unix: cache = no
unix: passwd = "/etc/passwd"
unix: shadow = "/etc/shadow"
unix: group = "/etc/group"
unix: radwtmp = "/usr/local/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload =
I am now running the snapshot from the 14th with exactly the same
results: Still broken. Keep the ideas rolling in because I'll probably
try them all!
Cheers,
Tom
Alan DeKok wrote:
>Thomas Keitel <[EMAIL PROTECTED]> wrote:
>
>>I took Andrew's advice on the 'cache = yes' parameter, but no joy
Hello All,
Is there an FAQ or doc that references how to use freeradius with
routers? In particular, I am looking for a way to use freeradius to
control enable access on a foundry switch. Right now, if I set up the
foundry to use radius to authenticate the enable command, any user who
can
=?ks_c_5601-1987?B?vNvDorfE?= <[EMAIL PROTECTED]> wrote:
> What can I do with RADIUS?=20
Authentication, authorization, and accounting.
Read the RFC's.
> How must I do ? Do I have a program for RADIUS?
Read the RFC's, it will become clearer.
Alan DeKok.
-
List info/subscribe/unsub
Try portslave. http://www.sourceforge.net/projects/portslave
Simulates a NAS with dial-in modems (and handy to set up an extra
console for testing), can set up on the same machine if you like.
Sorry, not much more detail than that - read the docs, install,
configure, test, search for any errors
This is a pre-release announcement for 0.5. Anyone who has had
problems with the CVS snapshot should announce any bugs they've
encountered. If there are no problems, then 0.5 will be released in a
day or so.
Here is the change log:
FreeRADIUS 0.5.0 ; $Date: 2002/03/11 18:47:08 $, urgency=
[EMAIL PROTECTED] wrote:
> Here is the output of my ./configure
...
> configuring in src/modules/rlm_x99_token
> running /bin/sh ./configure --enable-ltdl-install=3Dno =
> --cache-file=3D../../.././config.cache --srcdir=3D.
> loading cache ../../.././config.cache
> checking for printf in -lc... (
Do-Risika RAFIEFERANTSIARONJY <[EMAIL PROTECTED]> wrote:
> I reinitialized my freeradius (by deleting all log and counter files),
> and when i started, the radius.log file was created but was owned by
> root, so i had to chown freerad.freerad. Is it normal or not ?
Hmmm... the server SHOULD ope
duncan <[EMAIL PROTECTED]> wrote:
> >What does 'make -v' say?
>
> make - v
Please try again.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Yury Bokhoncovich <[EMAIL PROTECTED]> wrote:
> Does anybody know is FR vulnerable to Zlib free bug?
The server doesn't link to libz, so it isn't vulnerable.
However, one of it's modules (mysql, ldap, etc) MAY link to libz,
but I don't know for sure.
Alan DeKok.
-
List info/subscribe/uns
Thomas Keitel <[EMAIL PROTECTED]> wrote:
> I took Andrew's advice on the 'cache = yes' parameter, but no joy. I
> have included the radiusd -X debug output for your perusal.
Grab the latest CVS snapshot. It should work better...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://w
Hello All,
I took Andrew's advice on the 'cache = yes' parameter, but no joy. I
have included the radiusd -X debug output for your perusal.
Cheers,
Tom
Begin Debug Output
--
ahost# /usr/local/sbin/radiusd -X
Starting - reading configuration fil
Hello all, I'm Mr song from Korea.
I'm a graduate student majoring in Computer
Science.
I study AAA protocol like RADIUS and Diameter.
First I studied RADIUS spec(RFC 2865) and I want to study about
RADIUS
I installed Wow Linux 7.1(Paran) and I
installed FreeRadius according to th
Here is the output of my ./configure
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 14, 2002 3:03 PM
To: [EMAIL PROTECTED]
Subject: RE: error compiling freeradius 0.4
Hi all,
I have to say that I had exactly the same problem (same suze and s
Hi all,
I have to say that I had exactly the same problem (same suze and same
freeradius).
Compiling on redhat6.2 worked fine.
Benoit
-Original Message-
From: Frank Cusack [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 14, 2002 1:14 PM
To: Paul Crittenden
Cc: [EMAIL PROTECTED]
Subject
>Your $PATH is probably preferring the system (BSD) make.
>What does 'make -v' say?
make - v
"Makefile", line 10: Could not find Make.inc
make: fatal errors encountered -- cannont continue
it seems line 10 of Makefile is looking for Make.inc - which doesnt exist,
only Make.inc.in
duncan
On Thu, 14 Mar 2002, wheatly wrote:
> hi,everyone
>
> if I want to authentication and authorization with openldap, how can i do
> except for changing the radiusd.conf correctly. should i map the radius
> attribute to ldap attribute ,and should I change the source code?
>
> wheatlyshi
> tel: 86-21
On Wed, Mar 06, 2002 at 10:02:51AM -0600, Paul Crittenden wrote:
> I have a system running Suse Linux 7.1. I am currently running freeradius
> 0.3 with no problems. Because of the CERT advisory concerning RADIUS issues
> with 0.3 I was going to upgrade to 0.4. When I try to compile it I get the
On Thu, Mar 14, 2002 at 12:49:18PM +, duncan wrote:
> im currently trying to install freeradius on a freebsd server. when
> running ./configure i get:
>
> configure: error: GNU Make is not installed. Please download and install
> in from ftp://prep.ai.mit.edu/pub/gnu/make before continuin
hello, ive just joined the list - so forgive me if this question has been
asked and answered before.
im currently trying to install freeradius on a freebsd server. when
running ./configure i get:
configure: error: GNU Make is not installed. Please download and install
in from ftp://prep.ai.
hi,everyone
if I want to authentication and
authorization with openldap, how can i do except for changing the radiusd.conf
correctly. should i map the radius attribute to ldap attribute ,and should
I change the source code?
wheatlyshi
tel: 86-21-52984755-215email: [EMAIL P
>> Also the log files radutmp and radwtmp are not being generated. Hence
>> radwho does not show any logged in users.
>Look at the debug messages to see why.
The debug messages show :
>>
Module: Loaded radutmp
radutmp: filename = "/usr/local/var/log/radius/radutmp"
radutmp: username =
I run freeradius with :
user = freerad
group = freerad
I reinitialized my freeradius (by deleting all log and counter files),
and when i started, the radius.log file was created but was owned by
root, so i had to chown freerad.freerad. Is it normal or not ?
The same questions for counter files
57 matches
Mail list logo