OK, I'm dealing with a UUNet reseller who apparently requires me to return
the Proxy-State attribute he sends me in either an Access-Accept or
Access-Reject situation. The Proxy-State attribute is returned just fine
when the username and password works correctly (Access-Accept). However,
when th
Were do you guys keep the accounting information?
Thanks,
Ben
***
***
Sc
Our wireless ethernet land will require two-factor authentication, something
you have (x.509 cert) and something you know (system pasword via pam).
Windoz (98, 2K and XP) and Linux (suse and redhat) endpoints will be
utilizing Meetinghouse's Aegis 802.1x client.
Is it possible for FreeRadius
On Tue, 30 Apr 2002 14:14:03 -0700, Joseph Liu wrote:
I had this problem with freeradius also... But with a portmaster3. I solved it
using mysql accounting and changing the table so that unique_id is really unique...
>Please help. This may have already been solved. If someone knows where I can
>
also,
I get this error now.
Module: Loaded files
/usr/local/etc/raddb/users[112]: Parse error (check) for entry DEFAULT:
Unknown attribute Pool-Name
Errors reading /usr/local/etc/raddb/users
Ben
- Original Message -
From: "Ben Casado" <[EMAIL PROTECTED]>
To: <[EMAIL PRO
Ok, but what do you mean by this?
> create one instance of the ippool module for each nas
Ben
- Original Message -
From: "Kostas Kalevras" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, May 04, 2002 9:54 AM
Subject: Re: IPPOOL
> On Fri, 3 May 2002, Ben Casado wrot
I'm trying to get FreeRadius
working with MySQL authentication and prettymuch have it going with one
minor issue. When a user who is not in myauthentication database tries
to connect FreeRadius does not appear to sendback a rejection. It
seems to not respond at all causing the client torep
@ 3APA3A
>I see no problem if authorization always succeeds.
>For your case you can change Auth-Type to MS-CHAP for VPN users. >If user
>is not VPN and he tries to use VPN account he will be authorized by
>ldap1 or ldap2 but he will not have NT-Password LM-Password >attribute
>and will
Alan DeKok wrote:
> Eddie Stassen <[EMAIL PROTECTED]> wrote:
>
>> DEFAULT
>> [EMAIL PROTECTED],Called-Station-Id==1234,Proxy-To-Realm:=realm.com
>>
>> Problem is that the Suffix attribute always strips the username making the
'nostrip'
>> option in rlm_realm useless. As most of my realms
Eddie Stassen <[EMAIL PROTECTED]> wrote:
> DEFAULT [EMAIL PROTECTED],Called-Station-Id==1234,Proxy-To-Realm:=realm.com
>
> Problem is that the Suffix attribute always strips the username making the
> 'nostrip' option in rlm_realm useless. As most of my realms require the nostrip
> option I ca
Sean Martin <[EMAIL PROTECTED]> wrote:
> I would be interested in this option as well, being the only ISP
> with v.92 fully operational in the UK we are having to run work
> arounds for our customers so that they do't get charged for calls,
> one of these is bouncing the call at 55 mins, but only
Dave Brodin <[EMAIL PROTECTED]> wrote:
> From looking at how things work with FreeRADIUS, it seems like the
> Simultaneous-Use function would only work if the authentication and
> accounting servers are the same so RADIUS has access to the radutmp file
> at authentication time. Is that correc
Max Malzkuhn <[EMAIL PROTECTED]> wrote:
> This is the first error I encountered in config.log...anyone seen this?
You don't have a dynamic library, so you can't do shared library
linking.
Try: ./configure --disable-shared
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.fr
"Stephan Viljoen" <[EMAIL PROTECTED]> wrote:
> Hi , I need to write a few external scripts for radius but have no idea =
> where to tell
> radius to use them. Is there a place where you need to tell radius to =
> parse data
> through them?
See 'scripts/exec-program-wait'
Alan DeKok.
-
List
"Kelvin Hockin" <[EMAIL PROTECTED]> wrote:
> I'm trying to get FreeRadius working with MySQL authentication and pretty
> much have it going with one minor issue. When a ser who is not in my
> authentication database tries to connect FreeRadius does not appear to send
> back a rejection. It seems
"Andrew J. Bostaph" <[EMAIL PROTECTED]> wrote:
> After reading doc/proxy, I get the impression that freeradius will
> attempt to contact the proxy before checking the local users file. Is
> that correct?
If you configure it to do that, yes.
> If so, is there a way to make it check it's loc
"Chris Hartel" <[EMAIL PROTECTED]> wrote:
> rlm_sql: Make sure it (and all its dependent libraries!) are in the search
> path of your system's ld.
> The file rlm_sql_freetds.so is located in /lib/ (exactly as
> rlm_sql_mysql.so). So why doesn't radiusd find it?
And rlm_sql_freetds.so depends o
On Tue, 30 Apr 2002, Alexandre Strube wrote:
> On Mon, 29 Apr 2002 16:31:13 +0300 (EET DST), Kostas Kalevras wrote:
>
>
> >Check out the counter module.
>
> Now I found it! Needed to do using sql, which is not on 0.5 release, but only on
> CVS. I just don't know if I have to do something differen
This is the mail system at twisp.olympus.net.
A message was sent to you at: [EMAIL PROTECTED]
>From the email address: Screen Saver<[EMAIL PROTECTED]>
It contains an attachment: valentin.scr
Which appears to contain the virus: W32/Yaha-A
The message was NOT delivered.
===
On Tue, 30 Apr 2002, Chris Hartel wrote:
> Hi everyone.
>
> Here's yet another question regarding accounting+databases. ;) Is it
> possible to make radiusd write it's accounting data to an individually
> designed databases?
>
> Currently using one called 'radius' with the default 'radacct' table.
On Fri, 3 May 2002, Ben Casado wrote:
> This is what we have did to the radiusd.conf file. With this we only get
> addresses form that range, and that is not what we want.
>
> ===
> ippool {
> session-db = "manati.db"
> ip-index = 196.12.16
We have a
question about the ippools,we
have this in the radiusd.conf: ippool
{
session-db =
"${confdir}/ippool.db"
ip-index =
"manati"
range-start =
196.12.162.65
range-stop =
196.12.162.
Subsequent to my failed attempt to get a patch incorporated a while ago, I have
decided to implement my configs as suggested on the list i.e. proxy on
conditions using the following in my users file:
DEFAULT [EMAIL PROTECTED],Called-Station-Id==1234,Proxy-To-Realm:=realm.com
Problem is that th
Graeme Lee wrote:
> However, even if the accounting_stop_query is successful, the sql module
> still posts the accounting_stop_query_alt to the database (resulting in
> 2 identical lines)
There was a patch for this posted recently. Check the archives for a post
from Andrew Kukhta on 8th April 2
Dear Fduch the Pravking,
--Tuesday, April 30, 2002, 7:49:56 PM, you wrote to [EMAIL PROTECTED]:
FtP> On Thu, Apr 25, 2002 at 12:10:03PM +0400, 3APA3A wrote:
>> Dear Daniel Yeung,
>>
>> Have you installed 0.5 on new box or updated previous FreeRADIUS
>> version? You have to remove olde
Hi Patrick!
> but when dialing to model pool, it gave me the following error
-snip-
> User-Name = "peterl"
-snip-
> rlm_sql: Reserving sql socket id: 4
> rlm_sql: User DEFAULT not found and DEFAULT not found
> rlm_sql: Released sql socket id: 4
>
> It can read the username from NAS, but w
The message from [EMAIL PROTECTED] to
[EMAIL PROTECTED] was infected.
For this reason, the message was not delivered to the destination.
If you are the sender of the message, please disinfect your computer then send it
again.
If you are the destination of the message, ask the sender to retransm
Is the list down?
Sorry for the noise.
Chris Kalin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I'm trying to set certain attributes based on my users' GIDs in the
/etc/passwd file.
For example:
DEFAULTGroup == "nologin", Auth-Type := Reject
Should (and used to) prevent any users in my "nologin" group from logging
in. I upgraded to 0.5 from 0.3-ish CVS on this particular server,
due to some of the meory issue with 0.5 i am working with 0.4 but i have
0.5 in the lab
running a mysql back end the latest snap shot on a ultra sparc linux
platform.
what i need to do is get ascend data filters to spit out when a
authectication works.
essentially
yes it is its kinda like apache a little
bring up a vip ifconfig eth0:0 ipaddress etc.
bind the radius server to that then bind the client to that and i dont
see a limit to how many radius server you can run.
you may have to have another directory tree i am not sure
you would know how to put
Quick question, we are running freeradius 0.5 and mysql and we are
having a problem with simultaneous logins, our database is setup like
this:
Radgroupcheck table:
id GroupName AttributeValue op
1 DEFAULT Simultaneous-Use 2:=
We keep getting errors like this:
Heya, Dan...
On Thu, 2 May 2002, Dan Bell wrote:
>
> Is it possible to run two RADIUS servers on the same box (i.e. one RADIUS
> server serving port 1645 and another daemon serving port 1812)?
Is it _possible_? Yes, in fact, I'm doing it now as a temporary solution
to a problem until a company
Hello,
This is the mail system at twisp.olympus.net. A message was just sent
from your email address:
Screen Saver<[EMAIL PROTECTED]>
to one of our customers at:
[EMAIL PROTECTED]
We were unable to deliver it because it contains an attachment
named:
valentin.scr
which appears to be i
Incident Information:-
Originator:[EMAIL PROTECTED]
Recipients:[EMAIL PROTECTED]
Subject: Melt the Heart of your Valentine with this beautiful Screen saver
WARNING: The file valentin.scr you received was infected with the
W32/Yaha@MM virus. The file attachment was not successfully cle
"Rodrigo Gonzalez" <[EMAIL PROTECTED]> wrote:
> I tried latest CVS and the CPU issue is not solved, maybe I am doing =
> something wrong.I test configuring delete_blocked_request yo yes and =
> no, but it is the sameafter 2 or 3 hours the CPU goes to 99% and I =
> need to restart the daemo
At 09:20 PM 5/2/2002 -0400, Ben Casado wrote:
>We are trying to configure our radius to give out the addresses instead of
>the comm servers. For that we have downloaded the software and compiled it
>with the rlm_ippool.
>
>Can someone direct us to what we need to do next?
Configure rlm_ippool a
At 12:12 PM 5/2/2002 -0300, Rodrigo Gonzalez wrote:
>I tried latest CVS and the CPU issue is not solved, maybe I am doing
>something wrong.I test configuring delete_blocked_request yo yes and
>no, but it is the sameafter 2 or 3 hours the CPU goes to 99% and I
>need to restart the daemon
At 11:05 AM 5/2/2002 +, Erling Paulsen wrote:
>Has anyone managed to compile FreeRADIUS under any version of HP-(s)UX?
I believe people have attempted to do so in the past. I do not know of any
recent posts to the list. If you have HP-UX/Tru-64/whatever you may want
to give it a try yoursel
At 11:56 AM 5/2/2002 +0100, Dan Bell wrote:
>Is it possible to run two RADIUS servers on the same box (i.e. one RADIUS
>server serving port 1645 and another daemon serving port 1812)?
Yes, simply install the config files into different directories and edit
appropriately.
-Chris
--
\\\|||///
Yes, start the second with:
radiusd -p 1645
it will read the same configuration file thereby mirroring the config on 2
ports. Other options of interest can be seen by issuing: radiusd --help
If you were going to run a different config on two port, you will have to
get creative.
-Original
On Thu, 2 May 2002 11:56:59 +0100 Dan Bell <[EMAIL PROTECTED]> wrote:
> Is it possible to run two RADIUS servers on the same box (i.e. one RADIUS
> server serving port 1645 and another daemon serving port 1812)?
>
> Thanks,
>
> Dan
>
Greetings,
We hare 2 cistron radiuses running on one box.
"Ben Casado" <[EMAIL PROTECTED]> wrote:
> We are trying to configure our radius to give out the addresses instead =
> of the comm servers. For that we have downloaded the software and =
> compiled it with the rlm_ippool.
>
> Can someone direct us to what we need to do next?
Run it in debugging
"Dan Bell" <[EMAIL PROTECTED]> wrote:
> Is it possible to run two RADIUS servers on the same box (i.e. one RADIUS
> server serving port 1645 and another daemon serving port 1812)?
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Erling Paulsen <[EMAIL PROTECTED]> wrote:
> Has anyone managed to compile FreeRADIUS under any version of HP-(s)UX?
Yes, but it may require small amounts of editing header files.
If you can supply patches, we will integrate them to make it easier
for other people to build on HP-UX.
Alan D
Title: can't connect to MySQL
I am using FreeRadius 0.5 and MySQL.
I assure the host, username and password are correct in sql.conf,
but I dont know why freeradius can't connect to database every time
rad_recv: Access-Request packet from host 202.70.19.252:1645, id=60, length=85
NA
<<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>>
This e-mail is never sent unsolicited. If you need to unsubscribe,
follow the instructions at the bottom of the message.
***
Melt the Heart of your loved ones with this beautiful Scree
Title: MySQL problem
Hi,
I am using FreeRadius 0.5 and MySQL.
I have put the followings in radiusd.conf:
authorise {
preprocess
suffix
sql
}
authenticate {
pap <--- I remove sql as I know sql is not allowed in 0.5 version
}
but when dialing t
hi, everyone:
who can explain the error I met.
I am puzzled by the errors when i am trying to
usefreeradius+oracle. I know you have much experienceabout it. Can you
give me a favor?I am using Redhat7.2+oracle8.1.7 on the same
computerand the process of installation is nothing wr
I've had to modify the accounting_onoff_query and
accounting_stop_query_alt to work correctly with postgresql (I'm using
v7.2.x)
However, even if the accounting_stop_query is successful, the sql module
still posts the accounting_stop_query_alt to the database (resulting in
2 identical lines)
I'v
currently i am working with freeradius-0.4
i have it working fine with just a username but when its a
[EMAIL PROTECTED]
i can get the realm to strip off even though i have edit the sql.conf
any help would be appreciated.
-aaron
-
List info/subscribe/unsubscribe? See http://www.freeradius.or
I would be interested in this option as well, being the only ISP with
v.92 fully operational in the UK we are having to run work arounds for
our customers so that they do't get charged for calls, one of these is
bouncing the call at 55 mins, but only for certain users! Based either on
part cli
Alexandre Strube wrote:
> On Sun, 28 Apr 2002 13:18:44 -0500, Erich Zigler wrote:
>
> I've been searching the last months freeradius' users list for this question, and
> somewhere on it was told that the actual CVS version has a patch for this. This
> is a thing that could be in the release ver
Hello,
To those of you using LDAP to authenticate your users, which LDAPv3
schema are you using? If you're using RADIUS-LDAPv3.schema found in
the doc directory, how did you resolve the error in it?
Thanks,
Jack
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
Thank you. It works with XP and FreeEADIUS using EAP/MD5.
We found the problem from "EAP's id". Supplicant(Windows XP) is
disturbed by EAP's id.
AP -> XP EAP/Request identity (id=1)
XP -> AP -> FR EAP/Response identity/RADIUS Access Request (id=1)
and FR RADIUS/challenge (i
Hello,
Thank you. It works with XP and FreeEADIUS using EAP/MD5.
We found the problem from "EAP's id". Supplicant(Windows XP) is
disturbed by EAP's id.
AP -> XP EAP/Request identity (id=1)
XP -> AP -> FR EAP/Response identity/RADIUS Access Request (id=1)
and FR RADIUS/challenge (id
i have freeradius on a small radius server.
i have a portmaster 3 as a NAS
how do i do callback?
what do i need?
i want to log from home on windows98 on the net with callback .
does win98 supports the callback thingie?
thx a lot in advance.
--
Petre L. Daniel,System Administrator,
Canad Systems
Yeah, I figured that out in the day and a half between when I posted that
message and when it went to the list the first time - and then it went out
again the following day. Sorry about the noise. :)
Chris Kalin
- Original Message -
From: "Chris Parker" <[EMAIL PROTECTED]>
To: <[EMAIL
On Tue, 30 Apr 2002, Chris Hartel wrote:
> Hi folks!
>
> Compiling FreeRADIUS with FreeTDS support works fine. But I can't get it to
> actually work!
>
> With last night's snapshot (freeradius-snapshot-20020430) and FreeTDS 0.53
> MySQL works fine, but as soon as I switch the 'driver' line in sql
On Mon, 29 Apr 2002 16:31:13 +0300 (EET DST), Kostas Kalevras wrote:
>Check out the counter module.
Now I found it! Needed to do using sql, which is not on 0.5 release, but only on
CVS. I just don't know if I have to do something different on ./configure to compile
it... Using the plain ./confi
From looking at how things work with FreeRADIUS, it seems like the
Simultaneous-Use function would only work if the authentication and
accounting servers are the same so RADIUS has access to the radutmp file
at authentication time. Is that correct?
I've been hosting auth on one server and ac
This is the first error I encountered in config.log...anyone seen this?
I am running the configure on a clean install of Solaris 8. I installed
gcc and make from sunfreeware.com. This is the released 0.5 version and I
am running on a Ultra 60 Sparc system.
ltconfig:2490: checking whether a pr
Dear Dan Bell,
Yes, it is. You should use -p to specify port and -d to specify config
flags for radiusd.
--Thursday, May 2, 2002, 2:56:59 PM, you wrote to [EMAIL PROTECTED]:
DB> Is it possible to run two RADIUS servers on the same box (i.e. one RADIUS
DB> server serving port 1645 and another
Please help. This may have already been solved. If someone knows where I can
find the answer in the mailing list, please let me know.
I encounter a small problem with FreeRADIUS 0.5 release. The test
environment is between a Cisco IOS 12.2 router and a RedHat 7.2 Linux
FreeRADIUS server. FreeRADI
Hi
I am using freeradius 0.4. I have set up two radius servers A and B on
a single machine.
A is a Proxy running on 1812 (accounting on 1813). B is the
authentication and accounting server running on 1900 (accounting on
1901). I have created a different config directory for B (raddb2) and
start
- Original Message -
From: "Slim CHTOUROU" <[EMAIL PROTECTED]>
Sent: Wednesday, May 01, 2002 12:25 AM
Subject: problem with EAP/TLS
> I use cvs version for freeradius (radiusd-02.28.02.tar.gz) and I want to
make
> eap/tls authentication
> when I want to start radiusd I have the following
I am unclear regarding the feature set of FreeRadius v0.5.
As FreeRadius supports MS-CHAP v2 and MPPE and a tunnel dictionary is
included, can FreeRadius function as a PPTP Server (terminator) for Win9x /
Win2K clients to encapsulate WEP in a Wireless LAN environment?
Is PAM supported with the
Hello,
Thank you. It works with XP and FreeEADIUS using EAP/MD5.
We found the problem from "EAP's id".
Although EAP/MD5 is insecure, it's convenient to use for general users. :)
Because dynamic generation of WEP keys needed in some vendors' AP
is not supported in FR, I can't use EAP/TLS.
(EAP m
I apologize if this is a stupid configuration error, but ...
Prefaced that I have something compiled for Mac OS X (from freeradius 0.5 source).
Can¹t really test it yet nor identify its lineage.
I cannot get radiusd to recognize any of the rlm_* modules.
IE:
> localhost# /usr/local/sbin/rad
Title: MySQL problem
Hi,
I am using FreeRadius 0.5 and MySQL.
I have put the followings in radiusd.conf:
authorise {
preprocess
suffix
sql
}
authenticate {
pap <--- I remove sql as I know sql is not allowed in 0.5 version
}
but when dialing t
Title: can't start MySQL module
Hi,
I specify sql in authticate section in radiusd.conf
but when starting freeradius0.5, it gave me following errors:
Starting - reading configuration files ...
Module: Loaded SQL
rlm_sql: Driver rlm_sql_mysql loaded and linked
rlm_sql: Attempting to connec
Hi , I need to write a few external scripts for
radius but have no idea where to tell
radius to use them. Is there a place where you need
to tell radius to parse data
through them?
Regards
Stephan
Hello everyone
I installed couple of days ago FreeRadius. So far I cannot
find way to make different user groups with rights to be connecte to different
NAS. And second question is it possible to use with Cisco Aironet LEAP
autentification?
Pls. help i can't find much doc's on that.
regar
On Mon, Apr 29, 2002 at 05:57:41PM +0300, Do-Risika RAFIEFERANTSIARONJY wrote:
>
> For those using mysql, how do you replicate your authentication
> (and eventually your accounting) tables to a backup server ? I'm
> looking for the best method.
This problem hunted me for a long time. I have man
Title: MySQL
Dear all,
Because I dont wanna change the existing MySQL schema,
Can I just store the username/password in MySQL,
other attributes are still stored in users file?
Thanks.
Patrick
Thanks for the reply Chris. I did actually try it this way was well. I did
not see any difference other than the daemon did not complain as much in
debugging mode. Two more questions. Is there a better (more elegant) method
to accomplish this task besides huntgroups? If not, does the following
syn
I am out of the office today. If this is an emergency, please contact Ron Wangler at
972-687-2093.
Thank you.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I'm trying to get FreeRadius working with MySQL authentication and pretty
much have it going with one minor issue. When a ser who is not in my
authentication database tries to connect FreeRadius does not appear to send
back a rejection. It seems to not respond at all causing the client to
repea
On Mon, Apr 29, 2002 at 05:57:41PM +0300, Do-Risika RAFIEFERANTSIARONJY wrote:
>
> Hi all,
>
> For those using mysql, how do you replicate your authentication (and
> eventually your accounting) tables to a backup server ? I'm looking for
> the best method.
Use the built-in replication.
Tim
--
Will at least get back to you if I give up/succeed :)
Right now, I am running into compile linking issues since Mac OS X/Darwin is an
interesting blend of GNU/Mach/FreeBSD and misc networking assumptions are baked into
some of the code. We will see ...
Eric
On 4/29/02 at 10:48 AM, [EMAIL PRO
On Thu, 2 May 2002, Bjorn Nordbo wrote:
> Is it possible, with FreeRADIUS 0.5 and rlm_ldap, to put add check items
> by using profiles? Ie., if the user has:
>
> dn: uid=testuser,ou=users,dc=xyzzy,dc=net
> objectclass: radiusprofile
> objectclass: uidObject
> objectclass: simpleSecurityObject
> u
On Sat, 27 Apr 2002, Andreas Grote wrote:
> Ok, I have a pretty comlex confgiuration here.
> I am using freeradius 0.5
>
> -- The setting
>-
>
> 1.
>
> I need to check for username, Password, Accessatrrib
This is what we have did to the radiusd.conf file. With this we only get
addresses form that range, and that is not what we want.
===
ippool {
session-db = "manati.db"
ip-index = 196.12.162.64
range-start = 196.12.162.65
Quick question, we are running freeradius 0.5 and mysql and we are
having a problem with simultaneous logins, our database is setup like
this:
Radgroupcheck table:
id GroupName AttributeValue op
1 DEFAULT Simultaneous-Use 2:=
We keep getting errors like this:
84 matches
Mail list logo