Hello dear all,
I want to use free radius along with MySQL. When I
config /etc/raddb/radius.conf to use MySQL, radiusd no
more runs. It messages that can't instantiate sql
module. I further investigated the problem, until I
found that the rlm for MySQL doesn't compile well.
While compiling, i
On Tue, 7 May 2002, Peter Shin wrote:
> I've encountered that the maximum number of sql sockets that can only be
> used is 25. Any bigger than 25 will not work at all.
>
> The symptom is that although radiusd is listening on port 1812/1813, it will
> not respond at all. There won't be any log mess
Hi,
I've encountered that the maximum number of sql sockets that can only be
used is 25. Any bigger than 25 will not work at all.
The symptom is that although radiusd is listening on port 1812/1813, it will
not respond at all. There won't be any log message, just silence. The client
will get ti
Are there any plans to have a post authentication module section?
What about a post-proxy (Just before you send the radius packet back to
the NAS)?
By the looks of the code it would take a bit to implement, but I can see
alot of potential with it.
For example with the ippool stuff. From what I
We fixed an issue that we had with accounting and the daemon ran ok for a
bit, but then it crashed with a segmentation fault.
The only way that we were able to bring it up was by cleaning all the .db
files but we are sure that this is not the right way to get this fixed.
Any ideas/suggestions???
setup:
freeradius post .5 (cvs from May 6 2002)
groups problem.
(using rlm_unix)
in users:
DEFAULT Group == "email", Auth-Type := Reject
Reply-Message = "Your account cannot be used to dial in
with."
test without realm: works
#radtest alsch password localhost 0 testing123
Sendi
setup:
freeradius post .5 (cvs from May 6 2002)
i would get :radclient:Unknown attribute User-Password
i edit /usr/local/bin/radtest and it works
46c46
< echo "User-Password = \"$2\""
---
> echo "Password = \"$2\""
is this right??
should someone maybe fix in the sources or am i doi
setup:
freeradius post .5 (cvs from May 6 2002)
using sql in accounting (and loving it)
rlm_sqlcounter
I have gotten the latest cvs in hopes to use rlm_sqlcounter, (as rlm_counter
crashes on me, something about threads)
I am not seeing any 'clear' instructions on usage.
i have put the config
"Nick Linden" <[EMAIL PROTECTED]>
> I'd imagine this question has already been asked in the past, but, =
> is there a way to limit the times an account can login. Say you only =
> want the account active between 9am - 5pm, and then they are rejected =
> after those times?
Look for the attri
Kostas Kalevras <[EMAIL PROTECTED]> wrote:
> Alan is it ok if I go on and add an Ldap-Group attribute for ldap group
> membership?
Sounds good to me.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Nick Davis <[EMAIL PROTECTED]> wrote:
> Oops, I wrote Make.inc.in above when I meant Make.inc
Still, if the 'Make.inc' file doesn't have the correct directories,
then I'm not sure what's wrong. The 'configure' script takes care of
setting that, and it's worked in all versions of the server I'v
Anyone know how to get mysql to get Ascend-Data-Filter to work
i can only get one to show up like the string $Ascend-Data-Filter
get overwritten how do i get around this problem
any help would be appreciated,
-aaron
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.h
WOW!!!
I also get an address outside our ippool range I understand that is
within the subnetmask range, but is NOT within my
specific range!!!
===
ippool arecibo {
session-db = ${dbdir}/arecibo.db
ip-index = ${dbdir}/a
Acct-Status-Type = Stop
NAS-Identifier = "Arecibo"
Attr-172818435 = "01002D41D706939B"
Service-Type = Framed-User
NAS-Port = 16387
NAS-Port-Type = Async
Class = 0x653934
Called-Station-Id = "7879594236"
Calling-Station-Id
Hello!
Check your 'radreply' and 'radcheck' tables, OP field must be varchar2 type.
Try to execute check query from SQL Plus.
Replace value in OP '==' by ':=' in tables (it doesn't matter in my version,
but you could try).
in radiusd.conf:
authorize {
preprocess
suffix
sql
On Mon, 6 May 2002, Ben Casado wrote:
> we have setup IPPOOL and it works great!! thanks guys...
>
> now we would like to have all information that is being stored in the
> details file to go to mysql radacct table, can you point me to the right
> direction so we can get that done as
On Mon, 6 May 2002, Ben Casado wrote:
> psss... i thought it worked but
>
> something weird,
>
> Seems that people connect, and disconnect, but the ip's from the people that
> disconnect do not become available for reuse???
>
> Can you guys check that?
>
>
On Mon, 6 May 2002, John wrote:
> It was my understanding that this type of check is done in the authorize and the
> authenticate sections.
Not really, the modules register a groupcmp function which can be used by the
server and other modules.
> However, I checked and sure enough I had the un
On Monday 06 May 2002 14:37, Alan DeKok wrote:
> Nick Davis <[EMAIL PROTECTED]> wrote:
> > That is what makes sense to me, but here is
> > what happens when I run configure with those flags:
> >
> > *** from the Make.inc.in ***
> >
> > # Location of files.
> > prefix = /usr/local
> > exec
It was my understanding that this type of check is done in the authorize and the
authenticate sections. However, I checked and sure enough I had the unix
module listed in accounting. I removed this, restarted the server and had the
same results (no ldap/group checks).
Just for fun, I threw
On Mon, 6 May 2002, John wrote:
> Hello,
>
> This is kind of a long email, but I wanted to give all the information that I think
> YOU(tm) will need. Unfortunately I'm on a sort of time-crunch to get this up and
> running, so I will try and get as
> much information in per message as possible.
Hello,
I'd imagine this question has
already been asked in the past, but, is there a way to limit the times an
account can login. Say you only want the account active between 9am - 5pm, and
then they are rejected after those times?
Thanks,
Nick
At 05:33 PM 5/6/2002 -0300, Gelson Dias Santos wrote:
> >> we have tried various things but cannot get it to give addresses based on
> >> the nas identifier. what are we doing wrong?
> >
> >That's not the idea behind the ip_pool module. The idea is to assign
> ip's from
> >the same pool to all t
Hi, I am beginig with Radius and I want to authenticate with login-time
atrribute on sql (postgresql)
What is the requeriments?, Version of Radius o extra Software?
Regards,
>From: Mojahedul Hoque Abul Hasanat <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED]
>Subject:
Title: Re: IPPOOL
>> we have tried various things but cannot get it to give addresses based on
>> the nas identifier. what are we doing wrong?
>
>That's not the idea behind the ip_pool module. The idea is to assign ip's from
>the same pool to all the access servers and not maintain separate po
psss... i thought it worked but
something weird,
Seems that people connect, and disconnect, but the ip's from the people that
disconnect do not become available for reuse???
Can you guys check that?
Ben
- Original Message -
From: "Kostas Kalevras
Nick Davis <[EMAIL PROTECTED]> wrote:
> That is what makes sense to me, but here is
> what happens when I run configure with those flags:
>
> *** from the Make.inc.in ***
>
> # Location of files.
> prefix = /usr/local
> exec_prefix = ${prefix}
> sysconfdir = ${prefix}/etc
U
Alan,
Thanks for the prompt response!
> > If I run configure with these flags:
> >
> > ./configure
> > --with-localstatedir=/var --with-sysconfdir=/etc --with-thread-pool
> > --with-mysql-include-dir=/usr/include/mysql/
> > --with-mysql-lib-dir=/usr/lib/ --with-mysql-dir=/usr/bin/
> > configura
Alan DeKok wrote:
>
> Raymond <[EMAIL PROTECTED]> wrote:
> > Our wireless ethernet land will require two-factor authentication, something
> > you have (x.509 cert) and something you know (system pasword via pam).
> > Windoz (98, 2K and XP) and Linux (suse and redhat) endpoints will be
> > utilizi
"Chris A. Kalin" <[EMAIL PROTECTED]> wrote:
> Alan, you da man. :) The rlm_unix fix you commited to CVS this morning
> worked like a charm. Thanks so much for jumping on this.
It was a patch submitted by someone else. :)
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.fr
Alan, you da man. :) The rlm_unix fix you commited to CVS this morning
worked like a charm. Thanks so much for jumping on this.
Chris Kalin
> - Original Message -
> From: "Alan DeKok" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, May 06, 2002 09:31 AM
> Subject: Re: GI
Can anyone help out with a few questions I have on per-session (dynamic) WEP for 802.11
Does XP itself support dynamic WEP?
What RADIUS attribute carries the WEP key back to a Cisco 340/350 AP?
Is the WEP key selected entirely by the RADIUS server or is there some interaction
with the client? (T
Hello,
This is kind of a long email, but I wanted to give all the information that I think
YOU(tm) will need. Unfortunately I'm on a sort of time-crunch to get this up and
running, so I will try and get as
much information in per message as possible. I imagine I'll probably get the
solution
Yeah, for some reason, I can't make it work by replacing the rlm_unix module
in the CVS with the ones from 0.4 or even 0.3. I'll wait for the fix
tonight and give it a shot.
Thanks again,
Chris Kalin
- Original Message -
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Se
Nick Davis <[EMAIL PROTECTED]> wrote:
> If I run configure with these flags:
>
> ./configure
> --with-localstatedir=/var --with-sysconfdir=/etc --with-thread-pool
> --with-mysql-include-dir=/usr/include/mysql/ --with-mysql-lib-dir=/usr/lib/
> --with-mysql-dir=/usr/bin/
>
> The localstatdir an
"Wayne Ying-Jui Lee" <[EMAIL PROTECTED]> wrote:
> Because dynamic generation of WEP keys needed in some vendors' AP
> is not supported in FR, I can't use EAP/TLS. :~~
> (EAP module doesnot send "MS-MPPE.." with the Access-Accept packet)
The mschap module does.
Alan DeKok.
-
List info/subsc
Mojahedul Hoque Abul Hasanat <[EMAIL PROTECTED]> wrote:
> Q1. FR can put acc records directly to mysql, why the hell are ya
> doing the same stuff from the detail file?
>
> A1. First, I have learned the hard way "plain text" files are the most
> reliable things you can have in computers.
Hello,
I just wanted to check to see if anyone else noticed this.
In doc/README it states this:
To get the defaults that Cistron Radius used up to 1.5.4.3-beta18, use:
./configure --localstatedir=/var --sysconfdir=/etc
That means binaries will get installed in /usr/local/{bin,sb
we have setup IPPOOL and it works great!! thanks guys...
now we would like to have all information that is being stored in the
details file to go to mysql radacct table, can you point me to the right
direction so we can get that done as well?
Thanks
*
Anchal Arora <[EMAIL PROTECTED]> wrote:
> I am using freeradius 0.4.
...
> Problem is in receiving the accounting response at A (proxy) from B. At
> times (not always), when A receives the accounting response from B it
> complains of "Invalid Signature" and crashes (segmentation fault - core
> dum
On Sun, May 05, 2002 at 06:48:26PM -0400, Alan DeKok wrote:
> Steve Langasek <[EMAIL PROTECTED]> wrote:
> > Currently, we monitor our RADIUS servers 24x7 to ensure that
> > our network is always accessible. However, in the middle of the night,
> > our RADIUS traffic is so little that the requests
[EMAIL PROTECTED] wrote:
> Like the following template.
>
> ${USERNAME} Auth-Type := Local, Password == "${PASSWORD}"
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Address = ${IP},
> Framed-IP-Netmask = 255.255.255.255,
> Framed-Routing
hi everyone:
I am puzzled by the errors when i am trying to use freeradius+oracle. I know you have much experience about it. Can you give me a favor?
(1) what I have done
I am using Redhat7.2+oracle8.1.7 on the same computer and the process of installation is nothing wrong. The rlm_sql_oracleis com
> Framed-Protocol = PPP,
> Framed-IP-Address = 192.168.252.99,
> Framed-IP-Netmask = 255.255.255.255,
> Framed-MTU = 1500,
> Callback-Number = "0715282622"
This one didn't work out for us either,
so we used the next option you commented out:
> # Cisco
"Chris A. Kalin" <[EMAIL PROTECTED]> wrote:
> > You could also try using rlm_passwd, that may do what you want.
>
> These both sound like good ideas, thanks for all the help!
Actually, grab the CVS snapshot from tonight. It should have the
patch to fix it.
Alan DeKok.
-
List info/subsc
Hello again, (I pressed the send-button by accident to early :(
I have a problem getting callback working with a cisco 3620 router. I use it
in combination with Freeradius server. I configured the cisco as follows:
!
aaa authorization network default group radius if-authenticated
aaa authorizat
[snip]
> The simplest thing may be to grab the 0.4 AND 0.5 distributions (or
> the CVS head) , and replace rlm_unix in the 0.5 with the one from 0.4.
>
> I'll try to see what's going on in the Unix module.
>
> You could also try using rlm_passwd, that may do what you want.
These both sou
On Sun, 5 May 2002, Ben Casado wrote:
> we downloaded what we thought was the latest prior to making
> it..
>
> we did
>
> a) downloaded and installed the cvs application (1.11.2)
> b) and executed a download with it!!
>
> any suggestions which file to check to see if we did NOT get t
Hello,
I have a problem getting callback working with a cisco 3620 router. I use it
in combination with Freeradius server. I configured the cisco as follows:
aaa authorization network default group radius if-authenticated
aaa authorization configuration default group radius
aaa authorization
OS: Linux Kernel 2.2.17
Modules: SQL
Top shows that is a radius daemon the one who has 99% of CPU usage
It 'is not working in debug mode
Regards.
- Original Message -
From: "Chris Parker" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, May 03, 2002 11:39 AM
Subject: Re: CPU
>
"Chris A. Kalin" <[EMAIL PROTECTED]> wrote:
> Right now, I've got
> users who are able to get online who shouldn't be able to, and that's Very
> Bad (tm). I also set Session-Timeouts and the like by group name, so I'm
> kinda screwed multiple ways here. I'm only pulling group names from the
> /e
I really don't knnow how to do this, could someone explain it?
Regards.
- Original Message -
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, May 03, 2002 1:04 PM
Subject: Re: CPU
> "Rodrigo Gonzalez" <[EMAIL PROTECTED]> wrote:
> > I tried latest CVS and the
Been fiddling around with freeradius on a box I have access to.
Must state now, that I am NOT a coder, I stopped around writing my own
Turbo Pascal Units, for Turbo Pascal to do serial stuff.
/usr/bin/ld on MacOS X is not GNU LD.
http://www.osxfaq.com/man/5/Mach-O.ws
http://www.osxfaq.com/man/1/
53 matches
Mail list logo