From: Artur Hecker [mailto:[EMAIL PROTECTED]]
Sent: den 19 november 2002 20:27
To: [EMAIL PROTECTED]
Subject: Re: eap_identity or username attribute?
i only wanted to say, that the certified identity could be e.g.
[EMAIL PROTECTED] so, the eap-id would carry [EMAIL PROTECTED] each AP
Hi,
is there a script/app that permits me to stress test my radius server ?
TIA
giuliano
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi All!
I have configured a user in users file as is:
fedya Auth-Type := MS-CHAP, User-Password == trali-vali
Service-Type = Framed,
Framed-Protocol = PPP,
Framed-IP-Address = 192.168.223.32,
Framed-IP-Netmask = 255.255.255.0,
Framed-Routing =
Title: Round-Robin
Dear
All,
Can
freeradius be configured to lock the user if there is
a number of failed log-in attempts? Can there be a password policy whereby user
is prompted for changing password, limiting the period of a
password.
Thanks
Rakesh
Disclaimer:
Any non
official
probably you are using the default queries of sql.conf (that refer to
MySQL). The Oracle schema use different format for date field than MySQL.
If you upgrade to 0.8 you can find the file oraclesql.conf with the correct
queries for oracle.
At 15.39 19/11/02, you wrote:
Hello freeradius-users,
Íà ñð, 2002-11-20 â 10:15, Giuliano Zorzi çàïèñà:
Hi,
is there a script/app that permits me to stress test my radius server ?
Read under doc/* in source tree of Radius
TIA
giuliano
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Best Regards,
On Wed, 2002-11-20 at 11:25, Boian Jordanov wrote:
îÁ ÓÒ, 2002-11-20 × 10:15, Giuliano Zorzi ÚÁÐÉÓÁ:
Hi,
is there a script/app that permits me to stress test my radius server ?
Read under doc/* in source tree of Radius
I've missed the performance/testing file :-)
thanks
giuliano
-
On Tue, 19 Nov 2002, Kevin Bonner wrote:
authorize {
preprocess
suffix
files
autztype tst{
ldap_tst
}
autztype com{
ldap_com
}
}
Move the files line below the Autz-Type's in your
James Xie wrote:
Hi, Can I say both of you premise that NAS(radius client) must set
User-Name value to eap-id? I see in FreeRadius that the username to
i can't speak for Lars, but i would say yes, that's what is dictated by
the standard. the ap must set the User-Name to eap-id since it is the
From: Artur Hecker [mailto:[EMAIL PROTECTED]]
James Xie wrote:
Hi, Can I say both of you premise that NAS(radius client) must set
User-Name value to eap-id? I see in FreeRadius that the username to
i can't speak for Lars, but i would say yes, that's what is
dictated by the standard.
:)
Lars Viklund wrote:
Promise that it must is a bit strong :-) However, I would say that
a NAS that doesn't do this is broken.
so, you are stating the same :)) well, i would say, the first Radius
client MUST do so, because otherwise what could it probably put inside
of User-Name and why?
I'm new to freeradius and radius at all.
What I need to configure to make authentication by sql to work?
When a user log in I receive this
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module sql returns ok
users: Matched DEFAULT at 152
modcall[authorize]: module files
Do you have a line containing:
Auth-Type System
in your users file?
You may want to try changing that to
Auth-Type := System
--
Mark P. Hennessy [EMAIL PROTECTED]
On Wed, 20 Nov 2002, Jamil Buchalla Neto wrote:
Date: Wed, 20 Nov 2002 12:34:28
On Tue, 19 Nov 2002 13:32:45 -0500 (Eastern Standard Time) William Ragsdale
[EMAIL PROTECTED] wrote:
Greetings,
I have a rather strange problem. Freeradius 0.8 works great, except
when
rejecting a user for incorrect login.
With my cistron radius I get the proper (windows at least)
From: Artur Hecker [mailto:[EMAIL PROTECTED]]
Sent: den 20 november 2002 14:51
To: [EMAIL PROTECTED]
Subject: Re: eap_identity or username attribute? (to Artur and lars)
so you want the rlm_eap_tls to check if eap_id = certified identity,
right? sounds very reasonable for me, but in some
Mark Hennessy wrote:
Do you have a line containing:
Auth-Type System
in your users file?
No, my user file is the default that came with freeradius
You may want to try changing that to
Auth-Type := System
Default users file alreayd have this
I just don't know what to do.
I have put
At 11:12 PM 11/19/2002 -0200, you wrote:
Chris Brotsos wrote:
At 06:04 PM 11/19/2002 -0200, you wrote:
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql: The 'op' field for attribute 'User-Password =
$1$C.zZID82$kp/ZF6uwfT3dIHwtLd1B70' is NULL, or non-existent.
rlm_sql: You MUST FIX THIS if
William Ragsdale [EMAIL PROTECTED] wrote:
Freeradius 0.8 is generating error 734 on invalid password.
I have 0.7 and 0.6 tarballs, and when compiled, and installed they
generate the same error.
I'm willing to bet, then, it's not a bug in the server.
I do not know enough to trouble
It appears I should move to a different registrar for DNS. I've
consistently received invoices a day (if that) before the domains
expire, and which are dated two months previously.
As of Monday, I had paid their invoices, and had checked that the
domains existed, and used the correct name
rakesh jha [EMAIL PROTECTED] wrote:
Can freeradius be configured to lock the user if there is a number of failed
log-in attempts?
That's a local configuration issue. You'll probably have to run a
script to get that to work.
Can there be a password policy whereby user is prompted for
connor [EMAIL PROTECTED] wrote:
I have configured a user in users file as is:
fedya Auth-Type := MS-CHAP, User-Password == trali-vali
Service-Type = Framed,
...
So, I want that radius send Service-Type = Framed to my NAs. But in debug
mode I see that it _allways_ send Service-Type
hi Lars
What wierd way are you refering to? Is it the Use a different user
name for the connection check box you are talking about or something
else?
yes, exactly.
so we probably shouldn't verify that...
But if you don't verify that the User-Name (or EAP identity, if you
have already
20-Nov-02 at 11:10, Alan DeKok ([EMAIL PROTECTED]) wrote :
It appears I should move to a different registrar for DNS. I've
consistently received invoices a day (if that) before the domains
expire, and which are dated two months previously.
As of Monday, I had paid their invoices, and
On Wed, 20 Nov 2002 11:02:41 -0500 Alan DeKok [EMAIL PROTECTED] wrote:
William Ragsdale [EMAIL PROTECTED] wrote:
I do not know enough to trouble shoot the code, nor do I know where
else to look.
Don't trouble shoot the code. Trouble shoot your local
configuration.
Have you
On Wed, Nov 20, 2002 at 11:10:50AM -0500, Alan DeKok wrote:
It appears I should move to a different registrar for DNS. I've
consistently received invoices a day (if that) before the domains
expire, and which are dated two months previously.
As of Monday, I had paid their invoices, and
William Ragsdale [EMAIL PROTECTED] wrote:
I checked the output in debug mode. It shows that it is sending the reject
packet.
Wonderful. The debug output ALSO says WHY it's sending the reject
packet.
Have you tried reading the rest of the debug output?
Alan DeKok.
-
List
On Wed, 20 Nov 2002, Simon White wrote:
Who is your registrar? I might recommend www.gandi.fr
I think you mean: http://www.gandi.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
As of 9:24am MST
whois freeradius.org
...
Registrar of Record: TUCOWS, INC.
Record last updated on 20-Nov-2002.
Record expires on 19-Nov-2003.
Record Created on 20-Nov-1998.
Domain servers in listed order:
NS1.STARNETINC.COM 216.126.128.41
NS3.STARNETINC.COM 216.126.136.251
I'm going insane with that.
I don't now what else I can do to make it work. When a user try to login
i get this error.
The Auth-Type in my users file is := System and I don't know what to put
in there to make it work with sql.
Can someone help me?
radius_xlat: 'SELECT
I serious doubt the problem is with TUCOWS/OpenSRS. It is more likely with
your RSP:
Registration Service Provider:
RegisterYour.CA / IStop.com, [EMAIL PROTECTED]
http://www.registeryour.ca
They are responsible for billing, etc. The OpenSRS provides RSPs (I am one)
with the automated
On Wed, 20 Nov 2002 11:23:24 -0500 Alan DeKok [EMAIL PROTECTED] wrote:
William Ragsdale [EMAIL PROTECTED] wrote:
I checked the output in debug mode. It shows that it is sending the
reject
packet.
Wonderful. The debug output ALSO says WHY it's sending the reject
packet.
Have you
From: Artur Hecker [mailto:[EMAIL PROTECTED]]
Sent: den 20 november 2002 17:15
To: [EMAIL PROTECTED]
Subject: Re: eap_identity or username attribute? (to Artur and lars)
i agree with that too, but why does this box exist in Windows then? i
personally tend to think (and so I used it in that
William Ragsdale [EMAIL PROTECTED] wrote:
I looked at the debug output, I don't see anything wrong. The password IS
invalid. That the intent. With a valid password it sends a Access-Accept
and all is well. It is the invalid Access-Reject that is the problem.
Forgive me for sounding
Jamil Buchalla Neto [EMAIL PROTECTED] wrote:
I don't now what else I can do to make it work. When a user try to login
i get this error.
The Auth-Type in my users file is := System and I don't know what to put
in there to make it work with sql.
Let's back up.
The user supplies a
On Wed, 20 Nov 2002 12:15:46 -0500 Alan DeKok [EMAIL PROTECTED] wrote:
William Ragsdale [EMAIL PROTECTED] wrote:
I looked at the debug output, I don't see anything wrong. The
password IS
invalid. That the intent. With a valid password it sends a
Access-Accept
and all is well. It is
William Ragsdale [EMAIL PROTECTED] wrote:
Right, Except that the Windows Dialup User doesn't get a invalid
password error (691) they get a The PPP link control protocol was
terminated (734).
The RADIUS server doesn't control those error messages.
The old radius generates the 691 error,
Did you ever get this to work?
Gene
-Original Message-
From: Remus Anca [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 19, 2002 9:49 AM
To: [EMAIL PROTECTED]
Subject: PS: Max-Session-Time
i've see modcall[accounting]: module counternever returns noop !
--
Remus
-
List
Alan DeKok wrote:
Instead, configure the server to do pap/chap/whatever to compare the
user-supplied password with the password retreived from SQL. I think
if you just delete the 'Auth-Type' entry from the 'users' file, the
rest of the server configuration should make it work.
Thanks a
hi Lars
I think the primary purpose is to allow the user to select a
certificate other than the one associated with the currently logged
in windows user. This makes perfect sense.
no, i'm sorry it doesn't :) i can take a certificate of lars and use
the name artur, windows has no problem
From: Artur Hecker [mailto:[EMAIL PROTECTED]]
Sent: den 20 november 2002 19:16
To: [EMAIL PROTECTED]
Subject: Re: eap_identity or username attribute? (to Artur and lars)
If the realm is stripped away, wouldn't this work just
fine as long as you just verify the User-Name against the
How do I set the default gateway for the users?
When they connect the default gateway is becoming the same as theier IP
Address.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
If it can be set in your NAS, that is the best way (IMHO).
Otherwise, you need to know what attribute your NAS
is expecting to have the default gateway in, (what
dictionary are you using?) and just set that up as
one of the attributes to be returned. Where you
put that attribute depends on how
Thanks!
I set it into my NAS.
It's a very old Total Control.
The ISP where I got this job bought the equipment from an old ISP and I
could not find any manual ou decente information abou TC.
I learned how to configure it because it's almost the same operation
system that 3com adsl modems use.
Deleting the old gateway sounds like a bug.
Maybe you could assign an IP address to the TC that is on the same subnet as
the old gateway, delete the old gateway, and then change the ip address
back.
Jeremy
- Original Message -
From: Jamil Buchalla Neto [EMAIL PROTECTED]
To: [EMAIL
Thomas Linden [EMAIL PROTECTED] wrote:
you may add this dictionary to the distribution:
##
# dictionary.alteon - Alteon Webswitch dictionary#
##
VENDORATTR
Can anyone tell me why my NAS keeps sending those packets?
As I told before I have a Total Control as my NAS
rad_recv: Accounting-Request packet from host x:1646, id=70,
length=90
Received Accounting-Request packet from x with invalid signature!
Server rejecting request 1.
Finished
Bad shared secret?
Drew
-Original Message-
From: Jamil Buchalla Neto [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 20, 2002 4:22 PM
To: [EMAIL PROTECTED]
Subject: Invalid Signature
Can anyone tell me why my NAS keeps sending those packets?
As I told before I have a Total
Hi,
I'm a newbie to both
freeradius and linux. I've tried compiling freereadius on RedHat 8.0 and have
trouble with confdefs.h. I suspect that this is a file made by configure. It
however, does not seem to exist. Are there some switches for configure that I am
missing?
Should I be using
Ken Henrich [EMAIL PROTECTED] wrote:
I'm a newbie to both freeradius and linux. I've tried compiling freereadius
on RedHat 8.0 and have trouble with confdefs.h. I suspect that this is a
file made by configure. It however, does not seem to exist. Are there some
switches for configure that I am
Changing all the ports to 1813 didn't worked.
the radiusd is still receiving those accouting requests into the 1646 port.
I wish to know from where they are comming.
Jamil Buchalla Neto wrote:
Drew Weaver wrote:
Bad shared secret?
The secret is right.
I can login with normal users and
I have several shell companies available for reverse mergers. Please reply to this
email and I will send you complete information.
Dempsey Mork
vuxyjosabspymnokbyxblhvuippirh
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
I just spent a few hours tracking down a really annoying problem
with the new 0.8 freeradius. I was having a terrible time getting
any authentications to work until I started adding debug information
to the source. To make a long story short, if you are using crypt()
passwords that
Hello,
In src/modules/rlm_sql/rlm_sql.c around line 575 there is a
block of code which looks like:
if (paircmp(request, request-packet-vps, check_tmp, reply_tmp) != 0) {
radlog(L_INFO, rlm_sql (%s): Pairs do not match for user [%s],
I would like more info.
Scott Miller
- Original Message -
From: REVERSE MERGER [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, November 20, 2002 4:08 PM
Subject: Public Shells Available ens
I have several shell companies available for reverse mergers. Please
reply to this
Sorry about that, guess replying didn't work out correctly.
Scott
- Original Message -
From: Scott Miller [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, November 20, 2002 5:15 PM
Subject: Re: Public Shells Available ens
I would like more info.
Scott Miller
- Original
Hi,
I can not compile FR0.8 on SuSE 7.3. The error is
still related to utmpx.h,
This is /usr/include/utmpx.h
*
#ifndef _UTMPX_H# error "Never include
bits/utmpx.h directly; use utmpx.h
instead."#endif
#include bits/types.h#include
sys/time.h
#ifdef __USE_GNU# include
Title: Message
Install glibc-devel.
Gene
Parks
VIP
Direct
-Original Message-From: Alex Zhang
[mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 20, 2002
7:59 PMTo: FreeRadiusUsersSubject: ut_xtime Error and
Compile Single SQL driver
Hi,
I can not compile FR0.8 on SuSE 7.3. The
Thanks for the reply Alan. I looked at the configure source and it seems
that this file is made within. However, the only line that I could see was
one which echoed a new line into the file. I'm still puzzled as to what to
do about the errors?
Regards
Ken
-Original Message-
From: [EMAIL
Hi,
Has anyone compiled this for RedHat? If so were there any secrets (switches)
to get it to compile? Does anyone have a shell script with their compile
environment?
Thanks for your help
Ken
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Yeah...RTFM and go.
As for a script, it would take more effort to make a script than it does to
compile and install manually. :)
Brian J.
- Original Message -
From: spamdump [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, November 20, 2002 9:32 PM
Subject: freeradius and RedHat
Hello,
Sorry to bother everyone with this. I have been reading the fine
documentation and the source for the last hour and don't know the answer
to this question.
Is it possible to select different account mechanisms on a per user or
per nas basis.
For eg. If the username is fred I would like
61 matches
Mail list logo