I am trying to get the rlm_sqlcounter module working in freeradius-0.8.1
and am have a bit of trouble. It appears that the module is not
querying the sql database...
When running radius -X, I get the following:
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check
hi all,
did anyone know how to use the
radiusCheckItem and radiusReplyItem in the user's ldif file?
If i want to restrict user who just can use nas 192.168.0.1, i should
use
radiusCheckItem: NAS-IP-Address == "202.14.68.50"
am i correct? should i do anything in radiusd.conf?
Thank you
On Mon, 31 Mar 2003, Brian Leung wrote:
hi all,
i wanna to add some rules in freeradius so the user just can access the system from
the Calledstationid 123456, for example
my ldif is like that:
add it in the users file.
example,
user User-Password == password, Called-Station-ID ==
Sorry, I see that you are using ldap, so you probably don't want to list
the users in the users file as well. If you enable compare_check_items,
then all the check items that come in should match what's in the ldap
directory.
So if you add radiusCalledStationId to the check items, then it must
On 31 Mar 2003, at 0:00, Nikhil Chauhan wrote:
Hello:
Is it possible that freeRadius and AP functionality (on a WLAN
NIC card) be on
the same physical machine...
Comments appreciated.
bhh
It is possible to have both Radius and an AP on the same
physical machine, at least for
hi ,
the ldap.attrmap is :
checkItem $GENERIC$ radiusCheckItem
replyItem $GENERIC$ radiusReplyItem
checkItem Auth-Type radiusAuthType
checkItem Simultaneous-UseradiusSimultaneousUse
sorry, typing error
If i want to restrict user who just can use nas 192.168.0.1, i should
use
radiusCheckItem: NAS-IP-Address == "192.168.0.1"
am i correct? should i do anything in radiusd.conf?
- Original Message -
From:
Brian
Leung
To: freeradius
Sent: Monday,
On Mon, 31 Mar 2003, Brian Leung wrote:
hi all,
i wanna to add some rules in freeradius so the user just can access the system from
the Calledstationid 123456, for example
my ldif is like that:
dn: uid=brianlk,ou=dialup,o=test
objectClass: top
objectClass: person
objectClass:
On Mon, 31 Mar 2003, Brian Leung wrote:
hi all,
did anyone know how to use the
radiusCheckItem and radiusReplyItem in the user's ldif file?
If i want to restrict user who just can use nas 192.168.0.1, i should use
radiusCheckItem: NAS-IP-Address == 202.14.68.50
am i correct? should i do
the ldap.attrmap is :
checkItem $GENERIC$ radiusCheckItem
replyItem $GENERIC$ radiusReplyItem
checkItem Auth-Type radiusAuthType
checkItem Simultaneous-UseradiusSimultaneousUse
Hi Kostas,
i don't understand what's checkval module?
can u give a sample to me?
assume i want to restrict uid=john to use NAS-IP-Address 192.168.0.1?
what should i add into the ldif file?
Thank you. please help
Brian
- Original Message -
From: Kostas Kalevras [EMAIL PROTECTED]
To:
On Mon, 31 Mar 2003, Kostas Kalevras wrote:
On Mon, 31 Mar 2003, Brian Leung wrote:
hi all,
did anyone know how to use the
radiusCheckItem and radiusReplyItem in the user's ldif file?
If i want to restrict user who just can use nas 192.168.0.1, i should use
radiusCheckItem:
Martin Shears [EMAIL PROTECTED] wrote:
I am not sure if there is a problem or something different on my machine ut I
am getting errors running make using configure options:
./configure --prefix=freeradius-cvs-20030331 --with-experimental-modules
The '--prefix' is where you want to install
On Mon, 31 Mar 2003, Brian Leung wrote:
Hi Kostas,
i don't understand what's checkval module?
can u give a sample to me?
assume i want to restrict uid=john to use NAS-IP-Address 192.168.0.1?
what should i add into the ldif file?
Thank you. please help
radiusCheckItem: NAS-IP-Address :=
Robert R. George [EMAIL PROTECTED] wrote:
I am trying to get the rlm_sqlcounter module working in freeradius-0.8.1
and am have a bit of trouble. It appears that the module is not
querying the sql database...
When running radius -X, I get the following:
rlm_sqlcounter: Entering module
On Mon, 31 Mar 2003, Dustin Doris wrote:
On Mon, 31 Mar 2003, Kostas Kalevras wrote:
On Mon, 31 Mar 2003, Brian Leung wrote:
hi all,
did anyone know how to use the
radiusCheckItem and radiusReplyItem in the user's ldif file?
If i want to restrict user who just can use nas
Thanks. What would be the advantage of using that over
compare_check_items?
On Mon, 31 Mar 2003, Kostas Kalevras wrote:
On Mon, 31 Mar 2003, Dustin Doris wrote:
On Mon, 31 Mar 2003, Kostas Kalevras wrote:
On Mon, 31 Mar 2003, Brian Leung wrote:
hi all,
did anyone know
On Mon, 31 Mar 2003, Dustin Doris wrote:
Thanks. What would be the advantage of using that over
compare_check_items?
It will show a corresponding failure message in radius.log
compare_check_items (paircmp() function) does not always work as expected.
On Mon, 31 Mar 2003, Kostas Kalevras
of course it's possible, where is the problem?
Nikhil Chauhan wrote:
Hello:
Is it possible that freeRadius and AP functionality (on a WLAN NIC
card) be on
the same physical machine...
Comments appreciated.
Regards,
Nikhil.
Hi All,
I have a queries. The following scenario are already implemented in
my heterogenous systems test site.
I already centralise my authentication to use the NT domain using a
pam_windbind module. Any NT domain users
can login already to my unix box using the account in our NT domain
Jay Ungab [EMAIL PROTECTED] wrote:
However, I can't successfully login to my NAS accounts when I try to
dialin using the account of my NT domain user database. I also try
to use the radtest utility if my account can authenticate using the
NT domain user database but no success at all also. But
Hello,
I would like to choose a detail filename from the acct_users file (based
on many parameters like Calling-Station-Id, NAS-IP-Address, ...) and use
that filename in the detail module. To be more precise: I want to have
only one detail instance, with a variable in the detailfile entry,
Christophe Boyanique [EMAIL PROTECTED] wrote:
I tried these in my acct_users file:
DEFAULT Called-Station-Id==9100, Acct-Type:=csd.sfr
...
detailfile = /radacct/%{%{reply:Acct-Type}:-NOREALM}_%Y%m%d.log
Try:
detailfile = /radacct/%{%{config:Acct-Type}:-NOREALM}_%Y%m%d.log
On Mon, Mar 31, 2003 at 11:48:25AM -0500, Alan DeKok wrote:
DEFAULT Called-Station-Id==9100, Acct-Type:=csd.sfr
...
detailfile = /radacct/%{%{reply:Acct-Type}:-NOREALM}_%Y%m%d.log
Try:
detailfile = /radacct/%{%{config:Acct-Type}:-NOREALM}_%Y%m%d.log
Doesn't seem to work :(
I
Gene Parks [EMAIL PROTECTED] wrote:
The new snapshot does it too.
Can you provide a gdb backtrace? I don't see any problems as of
today in the CVS snapshot.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
david tran [EMAIL PROTECTED] wrote:
This is the instruction on how to setup Cisco LEAP with FreeRadius.
I am NOT an expert with FreeRadius so I am sure this howto has
shortcomings in it. Please feel to make comments and changes to the
documentation.
I've taken a look at the default
Dear List,
I am experiencing a strange behaviour during pap authentication.
I tried this with freeradius 0.7 and 0.8.1, both running under
freebsd 4.7.
My steps:
0. preparation of radiusd.conf
under modules section:
pap {
Jochen Kaiser [EMAIL PROTECTED] wrote:
3. I start a radtest client with: (output under 'Test 1')
---
(User-Name: cryjk
Password: aaFO1iP18KyBk)
radtest cryjk aaFO1iP18KyBk localhost 0 testing123
The User-Password attribute is
On Mon, Mar 31, 2003 at 02:25:12PM -0500, Alan DeKok wrote:
The User-Password attribute is the PAP CLEAR-TEXT password, not the
crypt'd password.
Thx. I just searched the dictionary file and have some new ideas.
But it doesn't work:
On Sun, Mar 30, 2003 at 02:42:00PM -0500, Bernie, CTA wrote:
bhh
try:
[user] Auth-Type := PAP, Crypt-Password = [crypted
password]
THX for your hint, at laest the try ;-)
[users]
cryjk Auth-Type := pap, Crypt-Password == aaFO1iP18KyBk
Idle-Timeout := 3000
take two...
On 31 Mar 2003, at 21:10, Jochen Kaiser wrote:
Dear List,
I am experiencing a strange behaviour during pap
authentication.
I tried this with freeradius 0.7 and 0.8.1, both running under
freebsd 4.7.
My steps:
0. preparation of radiusd.conf
On 31 Mar 2003, at 21:46, Jochen Kaiser wrote:
THX for your hint, at laest the try ;-)
[users]
cryjk Auth-Type := pap, Crypt-Password ==
aaFO1iP18KyBk
Idle-Timeout := 3000
Also, you can not generate the crypt password with
perl -e 'print
Hello everyone,
After reading some Cisco documentation and other available docs,
I still have some questions regarding RADIUS. When using a RADIUS key
does that I understand that it would authenticate the NAS(i.e AS5300),
but will this also encrypt the data which is passed between the NAS
Dear all,
I'm using (and loving!) FreeRadius on LDAP. We had a bit of a situation last
w/e where we had to merge another ISP's user base into our LDAP setup, and
both companies are using the same dialup numbers.
I setup a different ou in LDAP to keep the two companies, changed the rootdn
in
On Mon, 31 Mar 2003, Benjamin Smith wrote:
Dear all,
I'm using (and loving!) FreeRadius on LDAP. We had a bit of a situation last
w/e where we had to merge another ISP's user base into our LDAP setup, and
both companies are using the same dialup numbers.
I setup a different ou in LDAP to
Thai Q. Tran [EMAIL PROTECTED] wrote:
After reading some Cisco documentation and other available docs,
I still have some questions regarding RADIUS. When using a RADIUS key
There is no RADIUS key. If Cisco refers to a RADIUS key in their
documentation, they're wrong.
does that I
George R. Ellis [EMAIL PROTECTED] wrote:
The malloc() in eap_tls.c:501 behaves differently on FreeBSD 5.0 than on
Linux (RH 8.0) when (reply-length - TLS_HEADER_LEN) is zero. Under
FreeBSD I end up with a bad address, thus a segmentation fault.
Ok...
This seems to be the problem so far.
Andrew Grimmett [EMAIL PROTECTED] wrote:
I looked at the rlm_unix module and it appears that it is only rejecting
the authentication request if the shadow file has an Expiration date
such as -MM-DD.
Not from what I can see.
Should or will be the maximum days the password is
valid for
I'll have to put it on the machine but I think I can get you one.
Gene
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Monday, March 31, 2003 12:13 PM
To: [EMAIL PROTECTED]
Subject: Re: Pbs with yesterday's CVS
Gene Parks [EMAIL PROTECTED] wrote:
The new snapshot
Hello Robert,
Make sure you have a Max-Monthly-Session := 3600, for example (where 3600 is
the time in seconds allowed per month) in your radgroupcheck or radcheck
table. The same applies to the Max-All-Session and the Max-Daily-Session
variables. Give it a shot and see if it works.
Ed
Hi Kostas,
The following is the whole debug when i used compare_check_items,
Listening on IP address *, ports 1645/udp and 1646/udp, with proxy on
1647/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:33291, id=223, length=59
User-Name = brianlk
I understand that in order for me to successfully set up an L2TP tunnel
using a Portmaster 3, that I have to use untagged attributes. By default,
RADIUS's have these attributes as tagged.
Do I simply need to remove the has_tag string in the dictionary.tunnel
file to untag these attributes?
Thanks. That took care of it.
--Robert R. George
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ed H
Sent: Monday, March 31, 2003 3:53 PM
To: [EMAIL PROTECTED]
Subject: Re: REPOST: rlm_sqlcounter not working...
Hello Robert,
Make sure you have a
Hi All,
I have configured the freeRADIUS to proxy requests to another remote RADIUS.
It works fine and I get all required users proxied to remote RADIUS. The
problem is for every request the freeRADIUS that proxies the request tries
to authenticate the customer locally even if that customer
I will be out of the office starting 01-04-2003 and will not return until
13-04-2003.
I will respond to your message when I return.
_
De informatie, verzonden met dit e-mailbericht, is uitsluitend bedoeld voor de
geadresseerde.
I will be out of the office starting 01-04-2003 and will not return until
13-04-2003.
I will respond to your message when I return.
_
De informatie, verzonden met dit e-mailbericht, is uitsluitend bedoeld voor de
geadresseerde.
Alan,
I don't mean to question you really but I would just like to
have a better understanding of things. Please don't take this the wrong
way.
When you use edit the clients list in Radius there is a key or
password test123 per clients, what does this really do?
I
47 matches
Mail list logo