On Mon, 24 Feb 2003, Federico Edelman wrote:
I can't get a response.
Somebody know about this trouble?
So if you comment out the ldap module (from the authorize and authenticate
sections) your radius starts fine?
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]
On Mon, 24 Feb 2003, Derrik Pates wrote:
On Sat, Feb 22, 2003 at 11:40:24AM +0200, Kostas Kalevras wrote:
Where's the patch?
Heh. Sure enough, I forgot to attach the patch. It's attached this time,
I swear! :)
I 've already made the changes based on your idea. What you could provide is a
it should work, i don't know why it doesn't... play with setting,
activating and deactivating it all the time... eap/md5 has been taken
out of XP for wireless after SP1 but it is still available for wired...
sorry, can't really help you there.
Benoît Bécel wrote:
I would like to use eap-md5
Hi,
I would like to use cisco auth-proxy with freeradius-0.8.1. How can I configure
this? (We used to use tacacs+)
Didi
--
-
Didi Rieder
[EMAIL PROTECTED]
PGPKey ID: 3431D0B0
-
pgp0.pgp
Description: PGP Digital Signature
Ok! But, I think, the freeradius should be warns me if the basedn has wrong.
I don't like guest error.
My basedn is that.
Why do you say the basedn is wrong?
Thanks very much.
Fede
-Mensaje original-
De: Robert Canary [mailto:[EMAIL PROTECTED]
Enviado el: lunes, 24 de febrero de 2003
Have you tried using ldapsearch using these parameters? This is the
easiest and fastest way to find out if your LDAP parameters are correct and
your server is replying. Typically once you find the correct syntax in
ldapsearch, the modification of the radiusd.conf LDAP parameters becomes
trivial.
I run the same line from ldapsearch command and work fine. :(
-Mensaje original-
De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Enviado el: martes, 25 de febrero de 2003 10:25
Para: [EMAIL PROTECTED]
Asunto: Re: RV: freeradius-ldap is not running
Have you tried using ldapsearch
Hi All-
Well, this is slightly entertaining:
((this is not a FreeRADIUS mis-posting, please read on...))
I've been using FreeRADIUS for a few weeks on a USR Hiper Access 96 bank
dialup rack, authenticating with PAP. Randomly, a forward slash plus
three digits were being added to the password
Jeffery [EMAIL PROTECTED] wrote:
All my other programs are work fine and no messages like this. all the
other application in freeradius, like check-config, radtest, are work
fine. Only radiusd cannot work.
radiusd is also the only program built with libtool.
Can you give any other
Quoting Chris Parker [EMAIL PROTECTED]:
At 02:09 PM 2/25/2003 +0100, Didi Rieder wrote:
Hi,
I would like to use cisco auth-proxy with freeradius-0.8.1. How can I
configure
this? (We used to use tacacs+)
FreeRADIUS works very well with Cisco NAS ( 5x00 ) and other platforms.
Is there
Mohit Bajpai [EMAIL PROTECTED] wrote:
Could you please let me know whether FreeRadius supports IAPP.
No, it doesn't.
No one is working on it, so far as I know.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I *am* reading the freeradius-users list. Was there any need to
send an extra copy of the message to me, in addition to the list?
Ryan Beisner [EMAIL PROTECTED] wrote:
I've been using FreeRADIUS for a few weeks on a USR Hiper Access 96 bank
dialup rack, authenticating with PAP. Randomly, a
Didi Rieder [EMAIL PROTECTED] wrote:
Thanks for the answer, but could you give me a hint how to configure radius
to do this (I'm really a newbie)
Buy the RADIUS book. It describes common setups like this.
Or, there's a file suspicially named 'proxy' in the 'doc'
directory. It might have
I don't _know_ it is wrong, I have only seen ldap dn (ones with access
to passwords) include a cn of the a user configures in the ACL to see
passwords. Your basedn dosen't have that, curious.
Federico Edelman wrote:
Ok! But, I think, the freeradius should be warns me if the basedn has wrong.
Quoting Alan DeKok [EMAIL PROTECTED]:
Didi Rieder [EMAIL PROTECTED] wrote:
Thanks for the answer, but could you give me a hint how to configure radius
to do this (I'm really a newbie)
Buy the RADIUS book. It describes common setups like this.
I will
Or, there's a file
After looking at the checkrad script, I noticed a few minor things.
Namely:
- For several RAS server types, the script doesn't actually look up
username/password (or SNMP community ID) info from anyplace.
- The script only looks in the naspasswd file, which I thought was
deprecated.
[EMAIL PROTECTED] (Derrik Pates) wrote:
After looking at the checkrad script, I noticed a few minor things.
Namely:
- For several RAS server types, the script doesn't actually look up
username/password (or SNMP community ID) info from anyplace.
Yeah,checkrad hasn't had much
On Tue, 25 Feb 2003, Alan DeKok wrote:
[EMAIL PROTECTED] (Derrik Pates) wrote:
After looking at the checkrad script, I noticed a few minor things.
Namely:
- For several RAS server types, the script doesn't actually look up
username/password (or SNMP community ID) info from
On Tue, 25 Feb 2003, Federico Edelman wrote:
Yes, If do I compile and install freeradius for default, It runs ok.
OK step one:
Go to src/modules/rlm_ldap
make clean;make;make install
Does the problem persist?
Step two:
Uncomment ldap from authorize/authenticate section. Does the problem go
Kostas Kalevras [EMAIL PROTECTED] wrote:
checkrad is one huge piece of software which i don't think will ever be moved
inside the server. It uses SNMP only for specific nas types (cisco for example)
and other methods (like telnet) for other nas types.
Yeah, but moving the SNMP queries into
[EMAIL PROTECTED] (Derrik Pates) wrote:
After looking at the checkrad script, I noticed a few minor things.
Namely:
I've noticed a couple of minor things too. I'm thinking that the problems
I was having with SNMP and Simultaneous-Use killing the server earlier
were actually in part due
Kristina Pfaff-Harris [EMAIL PROTECTED] wrote:
I've noticed a couple of minor things too. I'm thinking that the problems
I was having with SNMP and Simultaneous-Use killing the server earlier
were actually in part due to this:
$sess_id = hex $ARGV[4];
On Ascend session ID's and, I think,
On Tue, 25 Feb 2003, Alan DeKok wrote:
On Ascend session ID's and, I think, others, this causes an Integer
overflow in hexadecimal number error, which seems to lead to the SNMP
errors. From what I can tell, if the snmpget call works on plain old
$ARGV[4], then we shouldn't need to even
Can someone out there who has gotten Cisco's LEAP to work with
Freeradius give me some pointers? I'm not exactly sure what modules I
need to use. Right now I have the following authorize modules
preprocess
chap
mschap
eap
suffic
files
I've configured my wireless NIC using Cisco's ACU utility
It's simply courteous to include previous respondents in further
correspondence of an issue or conversation; Just in case they happen to
overlook it in the many postings. In other lists (samba, ardour,
netfilter, squid) people are nice enough to CC: me on something I was
helping with (or asking
Shane Hickey [EMAIL PROTECTED] wrote:
Can someone out there who has gotten Cisco's LEAP to work with
Freeradius give me some pointers?
FreeRADIUS doesn't support LEAP.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Kristina Pfaff-Harris [EMAIL PROTECTED] wrote:
Hmm... probably. In fact, I'm not even sure why that is there in
the first place.
Erk. The simultaneous use problem isn't quite fixed, since it's still
doing that silly hex thing if the session isn't active.
I'll see if I can't figure
I am having a problem with a new client. Their radius server is
sending back the requests I proxy to them using random ports. It
always arrives on my port 1647, but is sent using a random port on their
side.
Initially I was getting these errors (stripped from -xxx debug log)
Tue Feb 25 11:04:15
Nathan Miller [EMAIL PROTECTED] wrote:
I am having a problem with a new client. Their radius server is sending
back the requests I proxy to them using random ports. It always arrives on
my port 1647, but is sent using a random port on their side.
That's a violation of the RFC.
Alan, I truly appreciate the speedy reply. I confirmed the requests
are definitely always coming from the same IP address, it's just the port
# which is changing. I had disabled some error checking code
(section which confirms the port #) in freeradius to get the 2nd error I
listed. I will
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]On Behalf Of Nathan
MillerSent: Tuesday, February 25, 2003 2:06 PMTo:
[EMAIL PROTECTED]Subject: Re: Proxy Server sending
from random ports
Alan,
I truly appreciate the speedy reply. I confirmed the requests are
Sorry
for the previous post!
If
they aren't using a load balancer, then their software is opening the port with
a port number of '0' rather thana
specifiedport.This is correct for many client
protocols (mostly using TCP rather than UDP), but definitely not
for
RADIUS.
Tim
Yup.. I actually just got off the phone with them. They are using a
Cisco Content switch. They are sending from port 1645 which they
proved with a tcpdump log, then the cisco content switch gets ahold of it
and randomizes the outgoing port prior to sending it to my proxy
server.
We migrated over
Thanks Alan for your patience response.
Narasimha ([EMAIL PROTECTED])
-
This mail sent through IMP: http://horde.org/imp/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I am having problems finding the correct format for configuring a reply
with tagged attributes in rlm_sql in 1.8.1. Is the attritbute field
format ATTRIBUTE:TAG for example Tunnel-Type:1? When I do this I
get this error in the debug log rlm_sql: unknown attribute
Tunnel-Type:1. I have tried
Nevermind, I figured it out. It was in the value field :TAG:VALUE.
Thanks,
Jake
Jacob S. Barrett wrote:
I am having problems finding the correct format for configuring a reply
with tagged attributes in rlm_sql in 1.8.1. Is the attritbute field
format ATTRIBUTE:TAG for example Tunnel-Type:1?
I've been wading through everything I can find regarding the installation
and configuration of the rlm_sqlcounter module using 0.8.1. It seems to me
that some changes were made to the distribution and the docs haven't
caught up. What I'd like to do is two-fold:
1. sketch out the approach I intend
Hello,
I have such problem:
I use sqlcounter module for limiting users by session time.
As shown in documentation I insert in radgroupcheck table this:
Max-Daily-Time := 100
It seems to work rejecting user when 100 seconds has expired.
But when user try to connect one more time RADIUS allows the
38 matches
Mail list logo
