Hello Folks!
I´m planning to use a Radius-Server for the Authentication/Accounting of my VPN-Users.
Is there a plugin for an ACE-Server, so the Radius-Server asks the ACE to authenticate the user?
--
Bye
Frank Sackewitz
29-Jan-03 at 17:42, Brandon Lehmann ([EMAIL PROTECTED]) wrote :
I'm sorry I got my log files mixed up. Either way I want the information
from the server (radius.log) to log to sql. I may just have to fire a
cronjob to parse it and toss it into the sql dbase but thats the complex way
out. The
29-Jan-03 at 18:35, Ryan Beisner ([EMAIL PROTECTED]) wrote :
My problem is: when a Win9x machine dials and auths, it uses CHAP.
While I'm tailing the log file, it points out that it isn't gonna
work, and to read the FAQ. OK.
Win9x can authenticate via PAP.
--
|-Simon White, Internet
Hi list,
Is it possible to use logical OR in check items, returned by
authorize_check_query?
For example I whant to restrict user by Calling-Station-ID to be allowed to
use one of 2 or more phone numbers.
Maybe it should be something like += with many Calling-Station-ID check items?
Thanks in
you could add them in a huntgroup, adding them to the file
etc/raddb/huntgroups like this:
id Calling-Station-Id==11
id Calling-Station-Id==22
id Calling-Station-Id==123456
where id is the huntgroup name, add as many as you like, hope that helps
Ossama
B.I.
Unfortunately, no, there is no plug in so that freeradius can directly
authenticate against an ACE server.
I have been in contact with RSA on this issue. RSA's response was
basically, 'We've never heard of freeradius, so piss off.' I even offered
to write the freeradius plug in. RSA's reply
o.k.,
Ive successfully tested the Crypt-Password Attribute
w/ my mysql database encrypting peoples passwords
with mysql function encrypt(pass)
Somehow, freeradius sources for
crypt-password must match mysql encrypt.
The problem I have is that I have a list of md5 passwords Id
like
Frank Sackewitz [EMAIL PROTECTED] wrote:
Is there a plugin for an ACE-Server, so the Radius-Server asks the ACE to
authenticate the user?
You can proxy requests from FreeRADIUS to the ACE server.
Or, you can use the Exec-Program-Wait feature to run their
command-line client, to do the
B.I. [EMAIL PROTECTED] wrote:
Is it possible to use logical OR in check items, returned by
authorize_check_query?
For now, regular expressions.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I use EAP/TLS authentication and want to add the Session-Timeout
attribute to the authentication reply message. I changed my users file
to :
DEFAULT Auth-Type:=EAP
Session-Timeout = 14400
That's all what's not commented out in my users file. I checked the
whole debugging output,
Alan
Did you get a chance to review the info I posted? Any ideas/thoughts
would be greatly appreciated.
Matt
On Wed, 2003-01-29 at 10:08, Matt Scifo wrote:
On Wed, 2003-01-29 at 02:11, Alan DeKok wrote:
Matt Scifo [EMAIL PROTECTED] wrote:
I didn't even think to look in /proc. I found
Matt Scifo [EMAIL PROTECTED] wrote:
Did you get a chance to review the info I posted? Any ideas/thoughts
would be greatly appreciated.
Yeah, it didn't look unreasonable to me. The only unusual thing was
that there were a lot of threads in the pool. But that shouldn't
cause problems...
Right now I'm between a rock and a hard place. We are wanting to
implement limits on user usage per month. Say give user abc 10 hours a
month.
Reading up on this I think I need to do two things. First recompile
radius w/ exparimental modules - then move our users file over from a
flat
Roger [EMAIL PROTECTED] wrote:
Reading up on this I think I need to do two things. First recompile
radius w/ exparimental modules - then move our users file over from a
flat listing of files and into a sql database, and use the
Max-Monthly-Session to limit times monthly.
Huh? You don't
I am setting up dial up accounts and email. I am looking at RADIUS to
handle AAA.
Is this a recommended setup?
{
Install Redhat Linux on a i386 box as a Mail Server (sendmail)
create user accounts for email only.
install FreeRADIUS Server on email server.
in the clients.conf file, include the
On Thu, 2003-01-30 at 04:15, Alan DeKok wrote:
Matt Scifo [EMAIL PROTECTED] wrote:
Did you get a chance to review the info I posted? Any ideas/thoughts
would be greatly appreciated.
Yeah, it didn't look unreasonable to me. The only unusual thing was
that there were a lot of threads in
In article [EMAIL PROTECTED],
Peter Nixon [EMAIL PROTECTED] wrote:
Is it possible to people to please start a new thread with a new message, not
a reply to an existing thread. This can get very annoying for this of us who
use threaded mail clients that thread based on In-Reply-To: headers.
David Wise [EMAIL PROTECTED] wrote:
I am setting up dial up accounts and email. I am looking at RADIUS to
handle AAA.
Is this a recommended setup?
{
Install Redhat Linux on a i386 box as a Mail Server (sendmail)
create user accounts for email only.
install FreeRADIUS Server on email
All help here is greatly appreciated.
I posted yesterday -- THANK YOU to those who responded -- but I'm still
stuck in a rut.
I have a dialup RAS with Win 95 98 XP clients dialing in etc. When I
dial and attempt to authenticate, it says it can't use CHAP and to read
the FAQ. OK I read the FAQ.
Doug Yeager [EMAIL PROTECTED] wrote:
The problem I have is that I have a list of md5 passwords I'd like to
point freeradius to. Does anybody know where the the freeradius code to
start looking for this crypt-password attribute. I'd like to specify
the md5 algorithm instead of the one it is
Ryan Beisner [EMAIL PROTECTED] wrote:
In the radiusd.conf file, how do I force pap instead of chap?
You don't. That's up to the NAS box.
[--- I DO want to authenticate against local Linux user files. (passwd
shadow etc.)
Because it's simple to manage.
PAP is your ONLY option.
Does anyone know how to setup realm auth when using mysql
authentication?
Alan DeKok wrote:
Huh? You don't need experimental modules, and you don't need SQL.
Use the 'counter' module, not 'sqlcounter'.
Alan DeKok.
Ok. I've put this in the radiusd.conf file. As far as I can tell this
setup a counter rotating on a monthly basis using the unique key of
Roger [EMAIL PROTECTED] wrote:
I tried to add the values
RAD-Monthly-Session-Time = 60,
RAD-Max-Monthly-Session-Time = 60,
But upon restart radius said that these where invalid counters.
Try adding those attributes to the dictionary. Pick some some
greater than 2000 for their value,
Pp. 110-111 in the RADIUS book (www.theradiusbook.com)
-Original Message-
From: Roger [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 30, 2003 4:28 PM
To: [EMAIL PROTECTED]
Subject: Re: Monthly usage limits
Alan DeKok wrote:
Huh? You don't need experimental modules, and you don't
Scratch that! Wrong message! My apologies.
-Original Message-
From: Jonathan Hassell [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 30, 2003 4:39 PM
To: [EMAIL PROTECTED]
Subject: RE: Monthly usage limits
Pp. 110-111 in the RADIUS book (www.theradiusbook.com)
-Original
Pp. 110-111 in the RADIUS book (www.theradiusbook.com)
-Original Message-
From: Duane Barnes [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 30, 2003 4:15 PM
To: [EMAIL PROTECTED]
Subject: realm w/ mysql
Does anyone know how to setup realm auth when using mysql
authentication?
-
Let me be more specific.
I'm using mysql and all authentication is done via rlm_sql. In my realms
file I have listed 2 domain names that I wish to allow authentication on.
They used to work before I converted my flat file system over to mysql. I
was just wondering if anyone else out there has
.
.
You can tell who doesn't know his NAS from his A$$ here, eh? LOL
That's me!
I want to thank Alan and everyone else who contributes here. You're
wonderful!!
-Ryan Beisner
PS.
In the radiusd.conf file, how do I force pap instead of chap?
You don't. That's up to the NAS box.
Hi,
I'm trying to authenticate Wireless Access Point of
Orinoco/Lucent/Avaya/Agere/Proxim with Free Radius server. I've made the
user as AP's MAC address in /etc/raddb/users file and conf file, but when
I start the radius server in debig mode I get the following messages which
I have attached
well it is sending mac address as username,
you should perhaps set the usernames in users file as mac addresses.
what do you have in users file now?
Evren
On Thu, 30 Jan 2003, Shahid M. Bhatti wrote:
Hi,
I'm trying to authenticate Wireless Access Point of
Orinoco/Lucent/Avaya/Agere/Proxim
Alan DeKok wrote:
Try adding those attributes to the dictionary. Pick some some
greater than 2000 for their value, and 'integer' for their type.
Ok, now I have the following as a entry in the users file
grunky User-Password == blahblah, RAD-Monthly-Session-Time := 60
User-Service =
That's true, and that's why I have included the MAC address of the Access
Point and the Wireless PC Card both in the users file like this:
#Access Point 3152C
00022d-191cb3 Auth-Type = Local, User-Password == testing123
Service-Type = Framed-User,
#PC Card Orinoco Gold (Test
Hello folks
If anyone can help with the concept of handling sub-realms in free radius.I
have freeradius 0.8.1 installed on redhat 7.3. My server is doing auth
locally for few realms and plus acting as proxy for a bunch of realms.
Configuration is pretty much as default in radius.conf and
The mailing list archives are your friend. They will show you the answer you
seek
On Thursday 30 January 2003 18:59, Shohab Baig wrote:
Hello folks
If anyone can help with the concept of handling sub-realms in free radius.I
have freeradius 0.8.1 installed on redhat 7.3. My server is
Roger [EMAIL PROTECTED] wrote:
Alan DeKok wrote:
Try adding those attributes to the dictionary. Pick some some
greater than 2000 for their value, and 'integer' for their type.
...
and the below in the dictionary.compat file, the value was set
intentially low for testing purposes.
Um...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On
Behalf Of Ray
Sent: Thursday, 30 January 2003 3:00 AM
To: [EMAIL PROTECTED]
Subject: init.d script on debian
i grabbed the initscript from the debian folder,
figured it wouldn't be too
far off since i am
David, Artur,
This problem appears to be caused by having the Server Authentication
and
Client Authentication properties set in the certificate. If you disable
all
extended certificate properties except the Client Authentication in the
Client certificate on the XP machine the EAP authentication
Greetings,
Thanks to those who responded to by questions about DSL billing I'll get
back to you no that. However I have another issue.
We're trying to configure PPP sessions to authenticate within VRFs.
We want to do something like this, this is the non-MySQL version:
We've decided to dump ICRadius and use FreeRadius, assuming it works.
Unfortunately, we're having a heck of a time compiling it.
Could somebody please point me in the right direction?
Using v.0.8.1 on FreeBSD 4.3-RELEASE
vanilla ./configure
The only output from ./configure that seems odd is
40 matches
Mail list logo