Hi,
i read at FreeRadius.Org, there are PAM Auth and mod_auth for Apache.
Perhaps i would take OpenLDAP or MySQL if supported.
even the basic info on FreeRADIUS clearly mentions MySQL :-)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PLEASE ANYONE HELP ME
I'm trying to authenticate user from a proxy radius to my radius but
i have some problem.
this is my network configuration:
NAS --- PROXY --- MY RADIUS
PROXY: 192.168.1.25
MY RADIUS : 192.168.1.5
now ... to try the authentication procedure i use radclient
Hello!
I'm working on a prepaid public internet access system. And I would like to
be able to update the value of the Session-Timeout attribute in the MySQL
database through freeRadius, as opposed to just a direct SQL statement to
the MySQL server. The reason for wanting to do this is so that
That`s simple:
Add another SQL module, that You would use in accounting section.
The query on accounting stop would update the Session-Timeout appropriately.
Comment out other queries in this added module.
All info is in sql.conf - copy that file, modify queries, and include in
radiusd.conf that
On Tue, 8 Jul 2003 07:59:16 +0400
Pubs [EMAIL PROTECTED] wrote:
Hi,
I will probably say something wrong but why not use a Proxy-Radius which
could send the request to several Real-Servers. ?
When the proxy radius server gets several thousand requests, this will be echoed to
the underlying
I want to store encrypted (md5) passwords of users (not clear text) in the file
users
How can I make it?
mailto:[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
In the users files, replace:
Password == plaintext password
with:
Crypt-Password == encrypted password
You can use the /scripts/cryptpasswd script from the tarball archive to
encypt the password:
./cryptpasswd --md5 plaintextpassword
DP
-Original Message-
From: [EMAIL PROTECTED]
On Mon, 2003-07-07 at 14:08, Kostas Kalevras wrote:
On Mon, 7 Jul 2003, Nickitas wrote:
Hi ,
I am having a little problem setting a default value in default.vals .
I want the default value for Callback-Number to be
lcp:callback-dialstring= . The problem is the : symbol . Since it is
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Thats why i am looking for the docs that would explain all about it. I am
not asking all the persons in this list to guide me step by step ..
Yes, you are. The docs already give everyone else enough
information to figure it out. You clearly were
stambazzi andrea [EMAIL PROTECTED] wrote:
I'm trying to authenticate user from a proxy radius to my radius but
i have some problem.
...
marking authentication server 192.168.1.25:1812 for realm pbc dead
The home server is dead.
Now .. anyone know why radiusd try to connect with SNMP with
Ok, so from all the info I have gathered it is not possible to decrypt the
MS-CHAP password into a clear text. Is there any method to authenticate
wireless EAP clients to a kerberos server? As of right now, things are
looking bleak, seeing how rlm_krb5 needs the plain-text password and MS-CHAP
Hello,
I want to send our DNS servers to all users. My
entries looks so:
mysql select * from radcheck where username=DEFAULT;
+-+--+--++-+
| id | UserName | Attribute| op | Value |
+-+--+--++-+
| 102 |
i have a little problem, my router (cisco 3640) with his configuration
without radius authentification do the callback normally, but with radius
authentification, the connection is without callback, the radius server
have this instructions :
login Auth-type := Local, Password == pass
Chris Akens [EMAIL PROTECTED] wrote:
Ok, so from all the info I have gathered it is not possible to decrypt the
MS-CHAP password into a clear text. Is there any method to authenticate
wireless EAP clients to a kerberos server?
Not right now.
As of right now, things are looking bleak,
On Tue, Jul 08, 2003 at 04:31:55PM +0200, labis siegfried wrote:
i have a little problem, my router (cisco 3640) with his configuration
without radius authentification do the callback normally, but with radius
authentification, the connection is without callback, the radius server
have this
Earl C. Ruby III [EMAIL PROTECTED] wrote:
What is the recommended procedure for updating a shared secret with zero
downtime?
Source code patches to the server to allow what you tried.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
www.freeradius.org
ftp://ftp.freeradius.org/pub/radius/freeradius.tar.gz
--
Gustavo Lozano [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Tue, 8 Jul 2003, stambazzi andrea wrote:
this is my network configuration:
NAS --- PROXY --- MY RADIUS
PROXY: 192.168.1.25
MY RADIUS : 192.168.1.5
(snip)
rad_recv: Access-Request packet from host 192.168.1.25:49404, id=224, length=34
(snip)
rlm_realm: Found realm
marking authentication server 192.168.1.25:1812 for realm pbc dead
The home server is dead.
The cause may be because i use radclient and not radiusd?
Now .. anyone know why radiusd try to connect with SNMP with SMUX
Because it supportssome SNMP management. Don't worry about
Is anyone keeping track of buggy NASes, possibly for a known issues
list?
If not, here's one for the archives in case anyone else bumps into it...
Device: Cisco 3550 switch
OS: IOS 12.1(11)EA1
Problem: Switch was reconfigured to a different IP address, then reports
original IP address as
stambazzi andrea [EMAIL PROTECTED] wrote:
The cause may be because i use radclient and not radiusd?
No. You have a loop, as Frank said.
What are you confused about?
Because i have disabled snmp ... i don't understand why it try otherwise to
connect in snmp!!!
Then you didn't
I have two production freeradius 0.8.1 boxes running under redhat 7. We've
decided to upgrade the freeradius servers to new hardware and redhat 8.
I downloaded fr 0.8.1 to the new machines, did a ./configure
--with-snmp=no --with-threads=yes --prefix=(some directory on the
machine), then a
This one goes for the developers...
When a user tries to login in putting spaces after his login name it
passes:
Tue Jul 8 14:03:12 2003 : Auth: Login OK: [customer ] (from client
192.168.254.1 port 477 cli 55512345)
So when the record go to the database it is stored like customer
Correction -- we're moving to RedHat 9, not RedHat 8.
Vincent Giovannone
Network Infrastructure Group
Information Services Division
Rush - Presbyterian St. Luke's Medical Center
Dereferencing the .NET pointer reveals its value to be NULL.
-- TheRegister.co.uk
[EMAIL PROTECTED]
Sent
At 02:23 PM 7/8/2003 -0500, [EMAIL PROTECTED] wrote:
Then I copied over my existing config files (clients.conf, and users...
pretty simple config, eh??) to the new machine, and started up radiusd. It
runs and authenticates, but for some reason on the new machine it will
only launch _one_ thread
From aaa.txt in the FreeRADIUS docs directory:
If none of database record for this User-Name matches in check attributes
with request items authorization will fail.The check list may be
required if we need to authenticate users with same name
for different services (for example to treat
Gustavo Lozano [EMAIL PROTECTED] wrote:
This one goes for the developers...
When a user tries to login in putting spaces after his login name it
passes:
Tue Jul 8 14:03:12 2003 : Auth: Login OK: [customer ] (from client
192.168.254.1 port 477 cli 55512345)
Which database are you
Developers already thought of that one...look at radiusd.conf:
# lower_user / lower_pass:
# Lower case the username/password before or after
# attempting to authenticate.
#
# If before, the server will first modify the request and then try
# to auth the user. If after, the server will first
Yes!
On Tue, 2003-07-08 at 14:49, Omachonu Ogali wrote:
Developers already thought of that one...look at radiusd.conf:
# lower_user / lower_pass:
# Lower case the username/password before or after
# attempting to authenticate.
#
# If before, the server will first modify the request and
There is a bullet item in the release news:
* Better support (but not complete) for MAX OSX,
I assume it meant 'MAC OSX'. What is not supported or not working?
Isn't Mac OSX is based on BSD? I thought the APIs are very similar.
-Original Message-
From: [EMAIL PROTECTED]
Alex Chen [EMAIL PROTECTED] wrote:
There is a bullet item in the release news:
* Better support (but not complete) for MAX OSX,
I assume it meant 'MAC OSX'. What is not supported or not working?
doc/MACOSX ?
Isn't Mac OSX is based on BSD? I thought the APIs are very similar.
Gustavo Lozano wrote:
This one goes for the developers...
When a user tries to login in putting spaces after his login name it
passes:
Tue Jul 8 14:03:12 2003 : Auth: Login OK: [customer ] (from client
192.168.254.1 port 477 cli 55512345)
I would suspect you're using MySQL. For some
Gustavo,
Use a database sting function to trim this data during insert. I use:
lower(trim('%{SQL-User-Name}')) in postgresql but there should be
something similar in mysql if that is what your using.
schu
Gustavo Lozano wrote:
This one goes for the developers...
When a user tries to login
[EMAIL PROTECTED] wrote on 07/08/2003 02:42:28 PM:
At 02:23 PM 7/8/2003 -0500, [EMAIL PROTECTED] wrote:
Then I copied over my existing config files (clients.conf, and users...
pretty simple config, eh??) to the new machine, and started up radiusd.
It
runs and authenticates, but for some
On Tuesday 08 July 2003 03:38 am, Alan DeKok wrote:
Earl C. Ruby III [EMAIL PROTECTED] wrote:
What is the recommended procedure for updating a shared secret with zero
downtime?
Source code patches to the server to allow what you tried.
Are you saying that the patches exist or are you
[EMAIL PROTECTED] wrote:
How are you determining that it only launches one thread?
ps -aef (tsunami is currently running working system, tidalwave is the
rebuilt system...)
You are aware that on newer Linux kernels, 'ps' only reports one
thread, even if there are many?
Alan DeKok.
-
Earl C. Ruby III [EMAIL PROTECTED] wrote:
Are you saying that the patches exist or are you suggesting that I should
write the patches?
Until someone does, the functionality won't be added.
Alan Dekok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Here is what the document says:
1) download, unzip and untar freeradius.tar.gz
2) $ ./configure --disable-shared
To build static libraries. MAC OSX has a strange dynamic library
system, which FreeRADIUS doesn't currently support.
3) $ make
4) There may be issues building
Hi,
I just checked out the change list for 0.9 and have questions about a
couple of items.
* Changed default entry in the 'users' file to 'Auth-Type = System',
to allow EAP and Digest authentication to work automagically.
It looked like the first DEFAULT in the v0.8.1 users file was Auth-Type
Hi List!
I seem to have a problem with Acct Stop Packets going missing.
Quite often it seems, when our NAS's (Livingston PM3) send the stop packet
to indicate the user has logged off, the MySQL Radacct table doesnt seem
to get updated. This results in what appears to be a user remaining online
Alex Chen [EMAIL PROTECTED] wrote:
Here is what the document says:
Yes... I know... I wrote most of it.
Does this mean that we cannot use SQL module, i.e. DB server, for
Radius on a MAC?
It would appear to say something like that.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Dave Mason [EMAIL PROTECTED] wrote:
It looked like the first DEFAULT in the v0.8.1 users file was Auth-Type
:= System. Is the fix to drop the : or am I missing something? In
v0.8.1 I comment this out and use a line like this: DEFAULT Auth-Type
:= EAP
The issue with doing that is that
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Tuesday 08 July 2003 09:10 am, Alan DeKok wrote:
Earl C. Ruby III [EMAIL PROTECTED] wrote:
Are you saying that the patches exist or are you suggesting that I should
write the patches?
Until someone does, the functionality won't be added.
I wasn't asking for someone to add the
It seems that the radpath.h file doesn't get created during ./configure
on my system. Fix is simple:
chmod 755 src/include/build-radpaths-h
Alan, please change the permissions on this file in the current
freeradius.tar.gz tarball so that it will compile.
Thanks,
schu
-
List
Spoke too soon, looks like configure sets it back to mode 644.
Looking for where configure creates it, but I'm not a real programmer
and I'm sure someone will beat me to it.
schu
Matthew Schumacher wrote:
It seems that the radpath.h file doesn't get created during ./configure
on my system.
Hi,
I tried making my own radpaths.h according to what build-radpaths-h was
trying to do, and got this in the make:
gmake[5]: Entering directory
`/home/dmason/freeradius/freeradius-0.9.0-pre1/src/modules'
Making static dynamic in rlm_acct_unique...
After installing freeradius4.8 I installed
postgresql 7.3.3
andI am interested in the accounting
part which I want to be done into a database.The details are there in the detail
file.
I made the appropriate changes to the radiusd.conf
and postgresql.conf files.
And now when I run the
Hi everyone! I´m new to RADIUS hands on and also to this group.
I´m planning a LAN with 16 web servers inside. The users in the Web will reach a Cisco
router with IOS/Firewall, placed in the edge of this LAN. So, this IOS/Firewall will
prompt (in the user´s browser) a http screen as access
On Tue, 8 Jul 2003 10:46:54 -0500
[EMAIL PROTECTED] wrote:
Is anyone keeping track of buggy NASes, possibly for a known issues
list?
If not, here's one for the archives in case anyone else bumps into
it...
Device: Cisco 3550 switch
OS: IOS 12.1(11)EA1
Problem: Switch was
50 matches
Mail list logo