> > Anyway, I have another question: After upgrading 0.5 to 0.8 I have kept
all
> > configuration files. First there was an error reported about acct_users,
> > some error with syntax ?! I have fixed it by editing the file and saving
it.
>
> Knowing the error would help to fix the problem.
First
Hi all,
First, excuse me, but the link not worked properly. I can't download the file.
Second, I appreciate your try to create sql version of ippool module (btw, why
it not process accounting on/off packets - recieving this packet RADIUS server
should mark all IPs as deallocate
Sorry,
Fixed version of the tar has been uploaded.
Allister
> -Original Message-
> From: Allister Maguire
> Sent: Wednesday, 4 December 2002 4:59 p.m.
> To: '[EMAIL PROTECTED]'
> Subject: SQL IP Pools Module
>
>
> Hello,
>
> We have finished the sql version of the ip module it can be
On Tue, Dec 03, 2002 at 10:51:44PM -0500, Alan DeKok wrote:
>
> Yes. It's a VERY bad idea to allow any machine on the Internet to
> send packets to your radius server.
I totally agree, which is why a firewall exists in front of the RADIUS
server. Maybe a hack using DynDNS is possible, however
Hello,
We have finished the sql version of the ip module it can be downloaded
from here:
ftp://lopez.globe.net.nz/Linux/freeradius/rlm_sqlippool.tar.gz
Issues:
1. It does not support multilink (MPPP), we had no need for this so did
not implement it.
2. We use transaction so could not use rlm_sql
Malcolm Caldwell <[EMAIL PROTECTED]> wrote:
> > It should return "failed to do SQL query", which is semantically not
> > that different from "unable to contact SQL server"
>
> Whose semantics? A database login would seem to be quite an expensive
> operation - why do them unnecessarily?
I agr
"Kliment Toshkov" <[EMAIL PROTECTED]> wrote:
> Anyway, I have another question: After upgrading 0.5 to 0.8 I have kept all
> configuration files. First there was an error reported about acct_users,
> some error with syntax ?! I have fixed it by editing the file and saving it.
Knowing the error w
Matt Peterson <[EMAIL PROTECTED]> wrote:
> Yes, the clients.conf in the 0.8 release doesn't include this example,
> nor does the latest version in CVS. However, client 0.0.0.0/0 errors
> out..
>
> /usr/local/etc/raddb/radiusd.conf[3]: Invalid value '0' for IP network
> mask.
Yes. It's a VERY
On Tue, Dec 03, 2002 at 08:51:38PM -0500, Kevin Bonner wrote:
>
> Did you read clients.conf? It has examples on how you can do this. You can
> use 0.0.0.0/0, but if you know the address range of IP's which they will
> always come from, I would suggest using that instead.
Yes, the clients.conf
On Tuesday 03 December 2002 19:42, Matt Peterson wrote:
> While this may sound odd, I'm situated with a number of NAS's with
> unknown/changing IPs (DHCP, PPPoE, etc). It doesn't appear possible to
> allow any client to connect; does a wildcard like DEFAULT work in
> clients.conf?
Did you read cl
Greetings all,
I'm attempting to get a working and happy install of FreeRADIUS
authenticating off a MySQL database.
FreeRADIUS works without complaint on flatfiles, but with the sql module
in, it balks.
I'm using FreeRADIUS 0.8, with MySQL 3.23.49 which I compiled myself and
installed (which incl
While this may sound odd, I'm situated with a number of NAS's with
unknown/changing IPs (DHCP, PPPoE, etc). It doesn't appear possible to
allow any client to connect; does a wildcard like DEFAULT work in
clients.conf?
--
Matt Peterson
-
List info/subscribe/unsubscribe? See http://www.freeradiu
On Wed, 2002-12-04 at 01:48, Alan DeKok wrote:
> Malcolm Caldwell <[EMAIL PROTECTED]> wrote:
> > At the moment the server crashes multiple times a day.
> >
> > I *think* I have tracked down the problem.
> >
> > If a user logs in with a username > 32 characters we have problems. The
> > column is
On Tuesday 03 December 2002 05:04 pm, Ray wrote:
> now
> its just a bunch of errors about logout without a login record, but i'm
> guessing that will just work its self out.
Yeah, just ride out that storm and you'll be good to go.
--Josh Snyder, Linux/UNIX Systems Administrator
NetNITCO Internet
yeap, that was the answer. we changed only the accounting_secondary, but we
missed that the secondary also has an accounting_secondary secret.
now its just a bunch of errors about logout without a login record, but i'm
guessing that will just work its self out.
On Tuesday 03 December 2002 4:13
Information about each NAS is stored in SQL database. All scripts supporting
that large ISP are total size of 10KB. Not a lot of work at least for me.
Anyway, I have another question: After upgrading 0.5 to 0.8 I have kept all
configuration files. First there was an error reported about acct_users
I guess this isn't really a freeradius question, but I'm trying to
dynamically set the client's default gateway using Exec-Program-Wait
I've successfully gotten it to work for Ascends by add the A/V pair:
X-Ascend-Client-Gateway=192.168.1.1
but I'm having problems getting it to work on a cisco.
On Tuesday 03 December 2002 04:15 pm, Ray wrote:
> Version: freeRadius 0.7.1
> Error: Received Accounting-Request packet from xx.xxx.x.xx with invalid
> signature!
>
> we are using US Robotics total control hubs and the firmware has been
> updated as of a couple of weeks ago
>
> it currently authen
Version: freeRadius 0.7.1
Error: Received Accounting-Request packet from xx.xxx.x.xx with invalid
signature!
scrounged around the mailing list for this one, and the only things i came up
with are:
1) re-enter the secret
2) update the firmware
neither of these did it.
we are using US Robotics t
"Marc Barnum \(Hostcentric\)" <[EMAIL PROTECTED]> wrote:
> I have just setup free radius. It works fine (as a proxy) the logging is
> working, pretty well radlast, radwho ect ect. I was wondering are those the
> only 2 binaries I can run to get radius logging information. Is there any
> kind of pac
Roy Wills <[EMAIL PROTECTED]> wrote:
> I am trying to proxy from one radius server to a remote radius
> server. What is needed to set this up. I have read the proxying
> pages and cannot figure out what goes on the remote server and what
> is on the local server. Any help will be appreciated.
Se
Hi,
On Tue, Nov 19, 2002 at 04:50:23PM +, Simon White wrote:
> It would appear spammers are forging addresses and sending to the list
> from those addresses, no?
of course, but what the heck for with such content:
> > eManager Notification *
> >
> > The fol
Hi,
On Thu, Oct 24, 2002 at 07:32:12PM +0300, Kostas Kalevras wrote:
> On Thu, 24 Oct 2002 [EMAIL PROTECTED] wrote:
> > I have done some searching about configuring FreeRadius to authenticate
> > users via Active Directory. I would assume that LDAP would be the way to
> > handle this. I have no
I am trying to proxy from one radius server to a remote radius server. What is needed
to set this up. I
have read the proxying pages and cannot figure out what goes on the remote server and
what is on the local
server. Any help will be appreciated.
Roy Wills
-
List info/subscribe/unsubscri
I have just setup free radius. It works fine (as a proxy) the logging is
working, pretty well radlast, radwho ect ect. I was wondering are those the
only 2 binaries I can run to get radius logging information. Is there any
kind of package out there that calculates time and throughput ect ect? What
hi
> from the beginning again not worked. I am in trouble, I guess we need an
> update for the FAQ!!
that's definitely true anyway...
see later.
> **rad_recv:
> Access-Request packet from host 192.168.91.102:192, id=1, length
hi all,
i install freeradius-0.8 on suse 8.0
i get error :
checking for mysql/mysql.h ... no
configure: warning: mysql headers not found. Use
--with-mysql-include-dir=.
configure: warning: sql submodule 'mysql' disabled
...
is that caused by mysql.h file not found?
Regards,
Tjenen
"Andrew Grimmett" <[EMAIL PROTECTED]> wrote:
> I originally tried it with the Framed-IP-Address = xxx.xxx.xxx.xxx, but
> changed it to := to see if it would allow the static to take priority
> over the radius, but I received the same results, the user still got
> rejected.
Setting a reply attri
"Kliment Toshkov" <[EMAIL PROTECTED]> wrote:
> 60 NASes located in diferent cities across country. Different time zones and
> discounts for every NAS.
> For me billing in realtime (every minute) based on location (NAS) is best
> solution.
It's a lot of work, and completely unnecessary. You can
60 NASes located in diferent cities across country. Different time zones and
discounts for every NAS.
For me billing in realtime (every minute) based on location (NAS) is best
solution.
I have recompiled radwho from 0.5 package and replaced newer one.
---
Technical Director of VIKET NetWorks
web/m
What has happened is that the modem pool users where assigned an IP
address originally and was authenticated on the local NAS device, now
trying to change them over to the Radius Server for Authentication, I
was wanting the radius server to assign the IP address in a hybrid mode
while they still
Hi Artur,
I have read and done what the EAP/MD5 FAQ says but unfortunately it did not
worked. Next I tried all other combinations again not worked. So I started
from the beginning again not worked. I am in trouble, I guess we need an
update for the FAQ!!
Below are the simplified users,radius.
On Tue, 2002-12-03 at 10:30, Andrew Grimmett wrote:
[snip]
>
> I noticed also in Release 0.8's change log that it now has a post_auth
> section, how do you define that, or where can I locate a doc/example of
> the configuration.
>
>
to add a post-authorize method, there are a few steps:
1) in
"Kliment Toshkov" <[EMAIL PROTECTED]> wrote:
> Please advise how to configure radius/radwho to show nas short name in
> radwho reply!
In 0.8, you can't.
As always, patches are welcome.
> I have upgraded from 0.5 to FreeRadius 0.8. As for now, radwho does not
> show nas short names, which my
I'm willing to bet that it might have something to do with the fact that
your users file says Local and your radiusd -X says System.
On Tue, 2002-12-03 at 11:20, [EMAIL PROTECTED] wrote:
> Hi all, i am trying to send packets but they are all denied.
> This is what i did:
> file users:
> "martinol
Please advise how to configure radius/radwho to
show nas short name in radwho reply!
I have upgraded from 0.5 to FreeRadius 0.8. As for
now, radwho does not show nas short names, which my billing process (realtime)
relies on. I have included in clients.conf NASes but it still does not appea
Novoselsky Alexander <[EMAIL PROTECTED]> wrote:
> It seems to me, that it would be useful to have possibility to configure the
> number of SQL queries.
> Because only to comment them is not enough.
Hmm... You're right. The SQL code uses the queries without every
checking to see if they exist.
Hi all, i am trying to send packets but they are all denied.
This is what i did:
file users:
"martinoli" Auth-Type := Local, User-Password =="martinolim"
Reply-Message = "Hello, u%"
file naslist:
localhost local portslave
file clients.conf:
client 127.
Malcolm Caldwell <[EMAIL PROTECTED]> wrote:
> At the moment the server crashes multiple times a day.
>
> I *think* I have tracked down the problem.
>
> If a user logs in with a username > 32 characters we have problems. The
> column is VARCHAR2 32, and so the insert/update fails (fair enough).
"Chau, Tim" <[EMAIL PROTECTED]> wrote:
> Does FreeRADIUS support 4-octet VSA?
Not right now, but it wouldn't be difficult to add.
As alwats, patches are welcome.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Evren Yurtesen <[EMAIL PROTECTED]> wrote:
> It could be nicer and easier for people like me who doesnt use cvs very
> often to have a web interface for checking cvs histories...actually...
> Like at http://www.freebsd.org/cgi/cvsweb.cgi/
It exists. Spend 10 seconds reading the web pages and you
At 17.06 03/12/02, you wrote:
Yes I posted a few times maybe but I am not a developer and I dont want to
track the latest sources etc. I couldnt find fix for this problem in the
mailing list archives and the same problem was existing previous versions
of freeradius. At least now somebody who downl
Yes I posted a few times maybe but I am not a developer and I dont want to
track the latest sources etc. I couldnt find fix for this problem in the
mailing list archives and the same problem was existing previous versions
of freeradius. At least now somebody who downloaded 0.8 version or another
f
I'm using FR 0.8 and checkrad is working OK. can you send the output of
radiusd in debug mode without your patch?
At 01.37 03/12/02, you wrote:
changing the line in session.c
if ((child_pid <= 0) || (child_pid == pid)) {
to
if ((child_pid < 0) || (child_pid == pid)) {
solved the problem (since c
A good point, in the meantime, I have been contacting netscape.net and
mail.com to shut down these jokers email addresses.
Raymond McKay
IT Manager / Network Administrator
Funnybone Interactive
Vivendi Universal Games
-Original Message-
From: Jeremy Parr [mailto:[EMAIL PROTECTED]]
Sen
At 07.28 03/12/02, you wrote:
Hello,
I have been having problems with freeradius 0.8 crashing for us
regularly.
First: we are using freeradius 0.8 with ldap authentication and sql
accounting to an oracle database. I can supply config files if
required.
At the moment the server crashes multiple
Evren Yurtesen <[EMAIL PROTECTED]> wrote:
> actually I already fixed the problem by changing child_pid <=0 to
> childpid < 0
Yes, I know. You said that *repeatedly*, and *repeatedly* posted
the code. Once would have been enough, we're not deaf.
> About CVS. I dont usually track software with
"Alan Wong" <[EMAIL PROTECTED]> wrote:
> Im not sure if this value is valid or not but I keep getting for
> acct-session-id a negative value.
> rad_recv: Accounting-Request packet from host 192.168.111.30:1604, id=38,
> length=41
> User-Name = "test"
> Acct-Status-Type = Start
>
Wouldnt that be a bad idea if the connecting guy sets your web server IP
address in his xp? or even worse some IP where he can collect all the
passwords of your users?
Perhaps you can use Framed-IP-Address = 192.168.40.126 ? If the XP
requests an IP then it would be in the check list so (I am not
actually I already fixed the problem by changing child_pid <=0 to
childpid < 0 since as far as I know usually child pid is 0 ? or at least
that was why it was not waiting for checkrad because I put a logging line
inside the most inner if clause and the child_pid was always 0 but now
when I set <=
When authentication occurs when dialing through a Cisco Router, and the
Framed-IP-Address is assigned, the client (Windows XP)is rejecting the
connection if it has been set for a static IP address. Is there away to
allow static IP addresses to connect while there account is still set
with a Frame
Graeme Lee <[EMAIL PROTECTED]> wrote:
> Was this ever answered? I too, need to limit the numbers of ports
> available to groups of users.
It can't be done right now. You'll have to write code and/or a
script yourself.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradiu
"Michael Siegmund" <[EMAIL PROTECTED]> wrote:
> I got it to work in my entire LAN when I did an entry in the
> client.conf for the router`s static private IP address , but I don`t have
> any idea how to get the radius server to work to accept any IP address ,
> private or public.
You don't. It'
Julio Cesar Pinto <[EMAIL PROTECTED]> wrote:
> rad_recv: Access-Request packet from host 192.168.0.3:1645, id=136,
> length=73
> NAS-IP-Address = 192.168.0.3
> NAS-Port = 3
> NAS-Port-Type = Virtual
> User-Name = "jc"
> Calling-Station-Id = "192.168.0.34"
>
can anyone tell me how to add a user in freeradius?
thank you
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I have upgraded from 0.5 to FreeRadius 0.8. As for
now, radwho does not show nas short names, which my billing process (realtime)
relies on. I have included in clients.conf NASes but it still does not appear in
radwho output.
Please advise how to fix!
---Technical Director of VIKET
NetWork
Evren Yurtesen <[EMAIL PROTECTED]> wrote:
> Now checkrad is working but freeradius doesnt wait for the result of
> checkrad before authenticating! it passes it immediately almost in half a
> second even though checkrad takes about 1 second to complete...
I think there's an issue related to check
:(. i have the same problem.
rad_recv: Access-Request packet from host 192.168.0.3:1645, id=136,
length=73
NAS-IP-Address = 192.168.0.3
NAS-Port = 3
NAS-Port-Type = Virtual
User-Name = "jc"
Calling-Station-Id = "192.168.0.34"
User-Password = "\210\33
Hi JC:
I would try:
"jc"Auth-Type := Local, Password == "news0525"
Login-IP-Host = 0.0.0.0,
Login-Service = Telnet,
Login-TCP-Port = 23
OR
"jc"Auth-Type == Local, Password == "news0525"
Login-IP-Host = 0.0.0.0,
Login-Service = Telne
Hello.
I have in the users file the following information.
jc Auth-Type = Local, Password == "news0525"
Login-IP-Host = 0.0.0.0,
Login-Service = Telnet,
Login-TCP-Port = 23
Have some wrong.
Thanks for you help.
On Tue, 2002-12-03 at 03:50, Nikhil Chauhan wrote:
> Hi JC
That same problem is happening here with fr0.8 and postgres.
We have to restart freeradius each hour to protect the SQL server and we
are losing a lot of account records.
Please if you patch this send it to me or make it appear in the CVS.
Thanks
Guillermo
Malcolm Caldwell wrote:
Hello,
I
Actually I was using 0.7 but then upgraded to 0.8 and the problem was
something else then. The child process number was always 0 so freeradius
wasnt waiting for checkrad's reply!
Evren
On Tue, 3 Dec 2002, Andrea Gabellini wrote:
> if you upgraded to 0.8 check that in the clients.conf there is t
if you upgraded to 0.8 check that in the clients.conf there is the nastype
directive for the NAS.
At 21.08 02/12/02, you wrote:
Hello,
I went through the faq etc. but I dont know why freeradius dont call
checkrad. I keep the session database on mysql (well if you got my
previous message radutmp
Title: FreeRadius 0.8, Oracle 8.1.7. Improvement of performance
As I understood, for authentication without accounting FreeRadius 0.8 with Oracle uses in minimal configuration:
- 5 tables (radcheck, radreply, radgroupcheck, radgroupreply, usergroup) and
- 4 SQL queries in file 'sql.conf' (aut
Can anyone tell me whether it is possible to define user groups in the
users file or any similar file specific to groups.
Thanks,
Ken
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
we use an cisco 3005 and since yesterday version 0.8 of radius. But now we
have a problem :
after authentification the client (w2k)immediately lost connection. on
radius log everything
seems ok :
rad_recv: Accounting-Request packet from host 162.9.200.251:1305, id=144,
length=119
U
Hi JC:
Please check if your raddb/users file has the username
in the following fashion:
"USER_NAME"Auth-Type:=Local,
User-Password="passwd"
--- Julio Cesar Pinto <[EMAIL PROTECTED]> wrote:
> Hello.
>
> I'm new in the list, and in the use of radius.
>
> I'm trying that cisco's
67 matches
Mail list logo