Hi
There is FW between NAS and private network. If the ip
address assignment is controlled by radius. Then I can
restrict where the dialup users go to after the
authentication.
My NAS configure:
aaa new-model
aaa authentication login default radius
aaa authentication ppp default radius
On Fri, 20 Sep 2002, Nick Marino wrote:
How can you lock a user other than changing thier password when
authenticating against a mysql database?
Set Auth-Type to Reject for that user
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of
On Fri, 20 Sep 2002, [iso-8859-1] ho k wrote:
Hi
There is FW between NAS and private network. If the ip
address assignment is controlled by radius. Then I can
restrict where the dialup users go to after the
authentication.
You can send back a reply item stating the nas ip pool from which
On Thu, 19 Sep 2002, Homer Parker wrote:
Having a bit of a time getting an Orinoco AS-2000 to get an ip address
from the ippool module.. I authenticate just fine, it just falls through
the users file to the dial-up stuff before it gets a match... Here's some
info:
users file
Hi
User profile:
b NAS-IP-Address == 192.168.31.10, Auth-Type :=
Local, Password == b, Pool-Name :=
RAS1
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Routing = Broadcast-Listen,
Framed-MTU = 1500,
Framed-Compression = Van-Jacobson-TCP-IP
Dear [EMAIL PROTECTED],
Group-Name == slow
checks for Group-Name attribute in check list (that is list of
attributes received in RADIUS request).
format = *User-Name:User-Password:Group-Name
adds Group-Name attribute to config items list. So there will never be
Group-Name in
Hi,everybody
I have some questions about freeradius.I have set up EAP/TLS authentication between
Supplicant and Freeradius similar to that described at
http://www.missl.cs.umd.edu/wireless/eaptls/.And it is written in IEEE 802.11-02/389
IEEE 802.1x Pre-Authenticationthat the RADIUS server
Dear [EMAIL PROTECTED],
Group-Name == slow
checks for Group-Name attribute in check list (that is list of
attributes received in RADIUS request).
format = *User-Name:User-Password:Group-Name
adds Group-Name attribute to config items list. So there will never be
Group-Name
Thanks to help who helped me solve my previous problem while compiling
freeradius.
The error message listed below comes out when I run radiusd -xx . I am
using freeradius-snapshot-20020920 and freetds-0.60 running on a redhat
Linux 7.X.
', '%{Acct-Delay-Time}')
sql: group_membership_query
On Fri, 20 Sep 2002 11:45:51 +0300 (EEST)
Kostas Kalevras [EMAIL PROTECTED] wrote:
I am not sure that you can do group membership checks with the pam
module. Try using the unix module for that (just put it in the
instantiate section to register it's groupcmp function).
I'll give
Hi List,
We are currently trying to get FreeRadius 0.7.1 to work with our
VopRadius server. This is how it flows.
Our users dial into the Qwest Network. The Qwest NAS sends a request
to Qwest's radius proxy servers - Qwest proxy servers send a request to one
of our proxy servers
hi
if you install the newest version of freeradius (try the newest snapshot
but it should be in the version 0.7 already integrated) you will have
this feature. you just have to pay attention on the compilation process
of the rlm_eap_tls module.
if you have more questions on it, feel free to
Indeed SteelBelted and Microsoft IAS issues very short State attributes that the NAS doesn´t truncate.Is possible to change the State attribute max length in freeradius? (I know is a workaround to solve the problem temporally)Ragards and thanks for your answer.JorgeArtur Hecker [EMAIL
hi jorge
it's definitely possible to change the maximum length of the State
attribute by changing the provided source code. however, i have no idea
on how to do it exactly.
perhaps Alan could help. or you could try to take a look yourself, it
can't be difficult.
ciao
artur
--
At 09:51 AM 9/20/2002 -0400, Brandon Lehmann wrote:
Hi List,
We are currently trying to get FreeRadius 0.7.1 to work with our
VopRadius server. This is how it flows.
Our users dial into the Qwest Network. The Qwest NAS sends a request
to Qwest's radius proxy servers - Qwest
Brandon Lehmann [EMAIL PROTECTED] wrote:
This is what we are running into. On top of some errors about
accounting (FreeRadius wants us to add ALL of qwest's NAS boxes to the
clients file.. ick)
No, that's definitely not true. The ONLY addresses which are
required to be in the
Hi
I am running radiusd in debugging mode
radiusd -fxxyz -p 1812
Returns these results: (ip's *'d out)rad_recv: Access-Request packet from
host ***.**.16.64:4610, id=0, length=61Ignoring request from unknown client
***.**.16.64:4610
Any suggestions?
Need more info?
I have a question about moving accounting data out of a SQL database. We
are planning on running freeradius 0.7.1 on RH 7.3 using mySQL for
accounting. What do people do here to move the old accounting data out of
the radacct table in such a way that you don't loose any new accounting
At 10:33 AM 9/20/2002 -0500, [EMAIL PROTECTED] wrote:
Hi
I am running radiusd in debugging mode
radiusd -fxxyz -p 1812
Returns these results: (ip's *'d out)
rad_recv: Access-Request packet from host ***.**.16.64:4610, id=0, length=61
Ignoring request from unknown client ***.**.16.64:4610
That
Two possible scenarios:
1) You don't have this client defined in your clients.conf file.
2) Someone is sending you radius requests you don't know about. Go whack
'em.
(Note that 1 doesn't preclude 2 from happening. :) )
Vincent Giovannone
Network Infrastructure Group
Information
Fernandez, Jorge [EMAIL PROTECTED] wrote:
Is possible to change the State attribute max length in freeradius?
(I know is a workaround to solve the problem temporally)
Sure. Edit the source code, and submit a patch to the list.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Some suggestions:
1) Setup the sql query so that it inserts into the radacct_MM table, or
something similar. You can do this by using 'radacct_%Y%m' for the table
name. One problem with this would be at the end of the month when a new
table is used, the accounting stop records won't
On Fri, 20 Sep 2002, Brandon Lehmann wrote:
The only reason that this would happen is because our proxy server is
NOT sending back a Proxy-State [33] attribute. How can I make sure that
FreeRadius sends this attr back? If I can't get it to do this, can
someone please advise a software
At 01:31 PM 9/20/2002 -0500, Franklin Trumpy wrote:
On Fri, 20 Sep 2002, Brandon Lehmann wrote:
The only reason that this would happen is because our proxy server is
NOT sending back a Proxy-State [33] attribute. How can I make sure that
FreeRadius sends this attr back? If I can't get it
Hello everyone,
I am trying to get realms to work correctly in FreeRadius with no
success. I've tried reading some postings and the documentation but still
with no success. Is it possible for me to setup users in certain realms so
that they would access a different portion of the tree in
rad_recv: Access-Request packet from host
***.**.16.19:1711, id=213,
length=59 User-Name =
"test" User-Password =
"b\031)\352\243\201\357|3\356,\351\213j\361?"
NAS-IP-Address = 255.255.255.255
NAS-Port-Id = "1812"modcall: entering group authorize
modcall[authorize]: module "preprocess"
Chris,
This is the result from my debug (radiusd -x -x)
rad_recv: Accounting-Request packet from host 209.211.205.27:46810, id=250,
length=445
Thread 2 assigned request 6
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/1/4
Waking up in 5 seconds...
Thread
On Fri, 20 Sep 2002, Thai Tran wrote:
Hello everyone,
I am trying to get realms to work correctly in FreeRadius with no
success. I've tried reading some postings and the documentation but still
with no success. Is it possible for me to setup users in certain realms so
that they would
I wrote a script to import rad detail files into the SQL table. Kinda
rough around the edges, but it's a start.
You can get the script at:
http://users.2z.net/rpuhek/scripts_public/radius/detail2db.pl
--Rich
Mike Hendrix wrote:
I have a question about moving accounting data out of a SQL
At 03:19 PM 9/20/2002 -0400, Brandon Lehmann wrote:
Chris,
This is the result from my debug (radiusd -x -x)
rad_recv: Accounting-Request packet from host 209.211.205.27:46810, id=250,
length=445
Thread 2 assigned request 6
--- Walking the entire request list ---
Threads:
Thanks Chris... Funny how that works... They are both slow at fixing
problems and mindless in setting up their own specifications.
Thanks again. If I need anymore help, now I know where to get it :)
Brandon Lehmann
Network Support Specialist
Networld Online Inc.
1243 Napoleon Street
Fremont, OH
On Friday 20 September 2002 15:00, [EMAIL PROTECTED] wrote:
radius_xlat: 'SELECT users.ID,username,networks.name as net FROM
users,network WHERE users.network=networks.ID Username = 'test''
Unless something new has been released, I don't think you can use ampersands
in mysql queries. Try
Just as a fun Record. I have resolved this issue... Read below for some fun
stuff.
START CUT
-Original Message-
From: Ballew, Dean A [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 20, 2002 4:49 PM
To: Brandon Lehmann; Radius Testing
Cc: Dan-CPM;
rlm_sql: Reserving sql socket id: 4
MYSQL check_error: 1146 received
rlm_sql_getvpdata: database query error
rlm_sql: SQL query error; rejecting user
rlm_sql: Released sql socket id: 4
modcall[authorize]: module sql returns fail
modcall: group authorize returns fail
There was no
Anyone know why I am getting the below message when I run
check-radius-config? And there is no other radius server running.
Module: Instantiated radutmp (radutmp)
auth bind: Address already in use
There appears to be another RADIUS server already running on the
authentication port UDP 32768.
Attached is the gdb output of my freeradius-snapshot-20020920 and
freetds-0.6.0 running on Redhat Linux 7.1. I am attempting freeradius
to connect to an MS SQL 2k database.
Core was generated by `radiusd -xx'.
Program terminated with signal 11, Segmentation fault.
#0 0x4012bb5d in ?? ()
(gdb
Anyone see version 0.8 released anywhere.
according to this link it was released on 8-22 and shows the complete
changelog for it..
http://www.freeradius.org/radiusd/doc/ChangeLog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
37 matches
Mail list logo
