On 18 Mar 2002, Dan Perik wrote:
>
> As promised, here's the patch I threw together for the rlm_ldap module
> to solve the problem of failed auth when the LDAP server disconnects the
> idle connection.
>
> Basically, I took the ldap_connect code out of the perform_search
> function into it's own
On Mon, 18 Mar 2002, Dilkushan Karunaratne wrote:
> Hi,
>
> I'm new to the Radius Server. I have some queries to clarify. I'm referring
> to freeradius.org. If someone can help me, that will be a great help. The
> radius server is freeradius 0.4 on the Redhat 7.2 with kernal 2.4.10..
> * I m
All,
Is there a possibilty to make two radius servers
running on the same machine?
If it is possible can anyone show me how it is
possible.
thank you
thouraya
=
Thouraya BEN SALEM
Etudiante à Sup'Com-Tunis
Stagiaire à l'ENST-Paris
Tel (00 33)01 45 81 87 44
___
I run two instance of FreeRadius for proxy testing
purpose with good and reliable result.
Of course you want to run them on different port, say
one at 1645/1646 and the other one at 1812/1813.
If you need to use different setting, you can specify
option to point to another raddb directory.
Reg
On Mon, Mar 18, 2002 at 11:47:56AM +0100, thouraya ben salem wrote:
> All,
> Is there a possibilty to make two radius servers
> running on the same machine?
> If it is possible can anyone show me how it is
> possible.
Sure, you have to run them on different ports. Change the 'port' directive
in
"Michael S. McCollough" <[EMAIL PROTECTED]> wrote:
> On the radiusd side, I can see that it recognizes the initial
> request as it is issues and continues to scroll stuff (for lack of a
> technical term) by on the screen.
That "stuff" is also known as debugging messages. The messages are
there
Ipchains is not running. It is opened up. I am going to try the upgrade to
0.5. If this doesn't work, then I really hate to pose the question to this
list, but is there a well tested and reliable radius server that works with
linux/openldap? I get the feeling it is not well supported on Freeradius
or fire it up differently when invoking it with the -p option
> On Mon, Mar 18, 2002 at 11:47:56AM +0100, thouraya ben salem wrote:
> > All,
> > Is there a possibilty to make two radius servers
> > running on the same machine?
> > If it is possible can anyone show me how it is
> > possible.
>
Sometimes, when I restart the server with /etc/init.d/freeradius restart
(in a debian box), it stops but does not restart. In the log file, there
is anything but "Info: MASTER: exit".
Have anybody already had this experience ?
I use 0.4-snapshot20020215 with rlm_mysql_module.
--
Do-Risika RAF
Michael,
Michael S. McCollough wrote:
> Ipchains is not running. It is opened up. I am going to try the upgrade to
> 0.5. If this doesn't work, then I really hate to pose the question to this
> list, but is there a well tested and reliable radius server that works with
> linux/openldap? I get the
"Michael S. McCollough" <[EMAIL PROTECTED]> wrote:
> If this doesn't work, then I really hate to pose the question to this
> list, but is there a well tested and reliable radius server that works with
> linux/openldap? I get the feeling it is not well supported on Freeradius
> right now and that i
Hi,
i'm using freeradius as a radiusd-proxy with NAS which are
PAP/CHAP enabled. All works well as long as the authentication is
tried by using PAP. With CHAP it is refused all the times. If i
remove the proxy in between, CHAP-Authentication succeeds, so
the problem should have to do with fre
I saw this too, upgrade to .5, or put a watchdog cronjob to restart it if
its not running (signal 11 issues etc)
On Mon, 18 Mar 2002, Do-Risika RAFIEFERANTSIARONJY wrote:
>
> Sometimes, when I restart the server with /etc/init.d/freeradius restart
> (in a debian box), it stops but does not res
"Bernd Sontheimer" <[EMAIL PROTECTED]> wrote:
> i'm using freeradius as a radiusd-proxy with NAS which are
> PAP/CHAP enabled. All works well as long as the authentication is
> tried by using PAP. With CHAP it is refused all the times. If i
> remove the proxy in between, CHAP-Authentication suc
"Michael S. McCollough" <[EMAIL PROTECTED]> wrote:
> The debug messages were included with the original message. I did not see
> anything that looked like errors, I only noticed it was still making ldap
> queries after the access-accept packet was sent back to radtest.
That shouldn't happen.
>
D. Duccini wrote:
> I saw this too, upgrade to .5, or put a watchdog cronjob to restart it if
> its not running (signal 11 issues etc)
An alternative is daemontools. I was running daemontools already
(because I'm using djbdns), so I setup radiusd under it. It works like
a charm. It checks th
Alan DeKok wrote:
> Maybe DNS is slow? Maybe your LDAP server is slow?
>
> Alan DeKok.
>
What are you indexing in your directory?
--
Mike Cathey - http://www.mikecathey.com/
Network Administrator
RTC Internet - http://www.catt.com/
-
List info/subscribe/unsubscribe? See http://www
Scott Silzer <[EMAIL PROTECTED]> wrote:
> Has any one been able compile FreeRadius on a mac running OSX?
There have been reports of people trying. If you succeed, please
post to the list. If you don't, please post the problems to the list,
and we'll try to get it going on OSX.
Alan DeKok.
The debug messages were included with the original message. I did not see
anything that looked like errors, I only noticed it was still making ldap
queries after the access-accept packet was sent back to radtest.
I will update openldap, the kernel, and freeradius this afternoon and see
what devel
Edgard Castro <[EMAIL PROTECTED]> wrote:
> I found out that last CVS snapshot (yesterdays) was allocating SQL sockets
> and "forgetting" to de-alocate them. Is this reported yet?
No. What exactly is happening?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/li
All,
I just upgraded from 0.4 to 0.5 and my radius service keeps crashing with
the following error "Error: WARNING: Unresponsive child (id 13326) for
request 12". Before this problem started I was getting "Info: The maximum
number of threads (250) are active, cannot spawn new thread to handle
req
I use freeradius on RH with mysql. I have a basic
questions:
1. The user in mysql database should have an account
on Linux too?
2. I ran a test with user Bob in users, using
Ntradping and the test was successfully. Can I use
the same tool for test if I am connected to mysql?
Right
Radius and LDAP are on the same box and test use localhost 127.0.0.1 as the
interface. LDAP authentication from Sendmail/POP (Running on another machine
across the network) are realtime and I notice no difference in speed of
/etc/passwd versus LDAP with this box.
I notice a lot of
Request
Do
There are only about 15 user accounts in the directory, nothing else.
Indices are Defaults
index objectClass,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
-Original Message-
From: Mike Cathey [mailto:[EMAIL PROTECTED]]
Sen
Hi,
I'm experimenting with the SQL changes in v 0.5. As has been discussed on
the list, I've removed the sql module from my authenticate block in
radiusd.conf.
But, I used to set my Auth-Type to SQL in my users file.
DEFAULT Auth-Type := Sql, Simultaneous-Use := 1
I'm not sure what the 'corr
I'd just like to get a feel for how all of you are doing your accounting.
I need an accurate accounting method so that I can watch my users sessions
more closely when they are reaching peak usage on some of my networks.
I've always used SQL for this, but I have more and more sessions with zer
At 11:46 AM 3/18/2002 -0500, you wrote:
>I use freeradius on RH with mysql. I have a basic
>questions:
>
>1. The user in mysql database should have an account
>on Linux too?
No, not necessarily.
>2. I ran a test with user Bob in users, using
>Ntradping and the test was successfull
Townsley,
I had several problems with SQL accouting, from zero-timed sessions to
really high numbers (millions of minutes in a session). I reversed to flat
file logging and them import in a batch everyday to the database. Works like
a charm.
Plus, I was unable to open the number of sockets that
"J. S. Townsley" <[EMAIL PROTECTED]> wrote:
> I've always used SQL for this, but I have more and more sessions with zero
> accountstoptime and zero acctsessiontime. I do realize some of this is
> just due to the nature of UDP but it still seems a bit excessive.
No, it's a function of the NAS
Randy Moore <[EMAIL PROTECTED]> wrote:
> I'm not sure what the 'correct' setting is with the new system. I've tried
> both setting the Auth-Type to 'Local' and not setting the Auth-Type at
> all. Both work.
The SQL modules marks up the request with the correct password, and
the rest of the
Hi all,
I am in serious need of assistance! Any help will be very, very much
appreciated.
I'm running FreeRADIUS 0.3 using support for username collision. I thus
require the RADIUS class attribute to be handled by all NAS connected to
my FreeRADIUS servers. I seem to have two types of NAS
Darrell Shandrow <[EMAIL PROTECTED]> wrote:
> I'm running FreeRADIUS 0.3 using support for username collision.
You SHOULD upgrade to 0.5.
> I thus require the RADIUS class attribute to be handled by all NAS
> connected to my FreeRADIUS servers.
Uh... what exactly do you mean by "handled"?
Hello
I'm having some trouble with a configuration where I authorize from
LDAP (works fine) and then I want to add some generic attributes with
a DEFAULT entry in users file. Basically this working right except one
small annoyance; It wont return the second cisco-avpair at all. With
pure files au
At 08:43 PM 3/18/2002 +0100, Andre Oppermann wrote:
>Hello
>
>I'm having some trouble with a configuration where I authorize from
>LDAP (works fine) and then I want to add some generic attributes with
>a DEFAULT entry in users file. Basically this working right except one
>small annoyance; It wont
Hi Alan,
Thanks for your response.
First, why should I upgrade to 0.5? Do its improvements have something to
do with the issues I am reporting?
Second, while I know I can and certainly will end up talking with Lucent,
I was just hoping that I could get some direction from other colleagues
Darrell Shandrow <[EMAIL PROTECTED]> wrote:
> First, why should I upgrade to 0.5? Do its improvements have something to
> do with the issues I am reporting?
See the main web page for one large reason to upgrade.
Also, there's no point in tracking down a bug in an old release.
The problem
At 01:08 PM 3/18/2002 -0700, Darrell Shandrow wrote:
>Hi Alan,
>
>Thanks for your response.
>
>First, why should I upgrade to 0.5? Do its improvements have something to
>do with the issues I am reporting?
Quite possibly. There have been many bugs fixed from 0.3 to 0.5. Overall
stability is imp
On Mon, 18 Mar 2002, Darrell Shandrow wrote:
> Second, while I know I can and certainly will end up talking with
> Lucent, I was just hoping that I could get some direction from other
> colleagues out here in the real world, who may have experienced and
> resolved this problem in the past.
Oh, t
Hi Chris,
Yes; quite true. I'm still compiling some of this info and trying to come
up with a sensible plan of attack to get the issues resolved. Any help
will be appreciated; I'll be writing back very shortly.
Thanks.
On Mon, 18 Mar 2002, Chris Parker wrote:
> At 01:08 PM 3/18/2002 -070
Hi Charlie,
Well, the one time I did have to talk with Lucent folks about something
with respect to a Max TNT, it cost a pretty penny! Once I have gathered
more useful data, if I do or even can get the approval to do so, I'm sure
I'll get the answers out of 'em... I guess wish me luck; I rea
Hi,
I have configure freeradius with sql (postgresql) support. I run the
radius server in debug mode (radiusd -f -y -s -x). When an
authentication query is send (by portmaster for example), the following
is printed by radiusd and the authentication fails:
rad_recv: Access-Request packet from hos
Hi,
I'm using Freeradius 0.4 on Redhat 7.2. I'm using the
radius server to log radius accounting from Cisco
gateways into an Oracle database.
I noticed that the sql module returned a 'fail' status
if the username is null. Is it okay if I just remark
the line that 'set, escape, and check user att
As far as my understanding goes, for a person to have a shell account, a
system account must be created in the /etc/passwd file... Is it correct?
Can I use radius to authenticate the person via sql tables? the person that
will have a shell account will be doing dial-up to my machine, and must be
You could use PAM to authenticate via either RADIUS or SQL.
Darren Ward
(PGradCS, CCIE #8245, CCNP, CCDP, MCP)
On Tue, 19 Mar 2002, Peter Santiago wrote:
> As far as my understanding goes, for a person to have a shell account, a
> system account must be created in the /etc/passwd file... Is
"Peter Santiago" <[EMAIL PROTECTED]> wrote:
> As far as my understanding goes, for a person to have a shell account, a
> system account must be created in the /etc/passwd file... Is it correct?
Yes, but that's more a function of your system than RADIUS. It must
give out uid/gid/home directory
Is there a way to get NIS to work with FreeRadius?
T..S
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
46 matches
Mail list logo
