sorry for my previous question... I read the wrong paragraph...
I found the explanation in doc/radrelay about my question ested ...
seems OK.. It looksat Client-IP-Address and if same as remote.. then no
replicate will be send..
thanks kostas...
- Original Message -
From: "Rohaizam
hello sir,
i've already mailed u regarding some doubts,thanks for the reply.
i've few more doubts,
Sir,Doubts regarding the freeradius server, kindly help me out.As given in section 4.12 of FAQ Debugging it yourself , i did the following steps-
patched rlm_counter but still error as below:
running as # ./configure --without-threads
rlm_ippool.c: In function `ippool_detach':
rlm_ippool.c:684: warning: implicit declaration of function
`pthread_mutex_destroy'
rlm_ippool.c:684: structure has no member named `session_mutex'
rlm_ippool.c:68
It seems it is already in PEM (Base-64) encoded format. Copy the text file(s)
to blah(s).pem and refer to that in radiusd.conf. Refer to privkey.pem as the
private key also in radiusd.conf. The cert chain will give you the root CA cert
so refer to it (PEM format) in the Trusted Root CA list secti
Hi
Any body tell me how to unsubscribe from free radius mailing list.i
have tried so many times to unsubscribe but i can't
regards
rudra
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi all!
How to configure some accounts be limited to only one login at a time and some not?
致
礼!
黄建波
EMAIL:[EMAIL PROTECTED]
TEL:020-87114020 020-87114021
2003-09-19
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htm
THANK SADDAM!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, September 18, 2003 4:28 PM
To: [EMAIL PROTECTED]
Subject: MESSAGE
FROM THE DESK OF DR WILLIAMS COLE
EMAIL:[EMAIL PROTECTED]
ATT:Sir/Madam
I feel very sorry to
FROM THE DESK OF DR WILLIAMS COLE
EMAIL:[EMAIL PROTECTED]
ATT:Sir/Madam
I feel very sorry to interrupt your peace since you are not expecting to receive any
mail from me. However, I was obliged to do so due to the importance and urgency of the
message. I crave your indulgence, and want to reas
Hi
I think I'm starting to go around in circles. I thought a post may therefore
save a bit of my sanity.
I have a number of clients, XP and Pocket PC based, that I use Cisco
wireless LAN adapters. I have these authenticate using leap with the WAP
which in turn uses FreeRadius (0.9.1). When I put
regards
Alan
Direct: 0701 741 4258
Office: 0870 765 4258
Fax: 0870 765 4259
This email is confidential and may be privileged; it is for use by the named
recipient only. If you have received it in error, please notify us
immediately; please do not copy or disclose its contents to any person
"arniel" <[EMAIL PROTECTED]> wrote:
> 1. With EAP-TLS enabled w/c is used for authentication on my Wireless
> clients, can I have a secondary authentication that will ask my wireless
> clients to input a username and a password?
Did you read my earlier response? I already told you that the
answ
"Ron Wahler" <[EMAIL PROTECTED]> wrote:
> No we are just trying to have a user with no realm processed to=
> a default realm of our choice "Site". We had this working in the past.
Use the DEFAULT realm in proxy.conf, it will do the same thing.
Alan DeKok.
-
List info/subscribe/unsubscribe?
Hi alan,
Thank you so much for the information that you've given me.. Actually my
EAP-TLS is now working with Windows XP and Windows 2000 Pro as my wireless
clients but I was trying to make EAP-TLS and PAM work together or EAP-TLS
integrated with Windows 2000 Server Active Directory work simultane
No we are just trying to have a user with no realm processed to
a default realm of our choice "Site". We had this working in the past.
At the bottom of the users file we have Proxy-To-Realm if there no
Matches on the Realms.
DEFAULT Realm == "Site", Autz-Type := Site, Auth-Type := Site,
Post
Hello Patrick,
Thursday, September 18, 2003, 8:58:18 PM, you wrote:
PdR> Hi Pavel,
PdR> Did you also compiled ppp with bsd support???
I'm used build in system ppp, withot compile it.
--
Best regards,
Pavelmailto:[EMAIL PROTECTED]
-
List info/subscribe/unsubscri
"Ron Wahler" <[EMAIL PROTECTED]> wrote:
> I am still trying to get a NULL realm user to default to a certain
> Realm. Has anyone worked with defaulting a realm, in the proxy.conf
> and users files ?
It works for me. I'm not sure what you're trying to do.
> I am trying to use the NULL realm in
"Patrick Mowry" <[EMAIL PROTECTED]> wrote:
> openssl genrsa -out privkey.pem 2048
> openssl req -new -key privkey.pem -outform PKCS#10 -out cert.csr
>
> and copy/pasted the contents of cert.csr into the PKCS # 10 Request
> field on the web site request form. what I received back was a text
> file
dutmp)
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on
1814/udp.
Ready to process requests.
rad_recv: Accounting-Request packet from host 172.24.236.118:1027, id=1,
length=188
Acct-Status-Type = Start
User-Name = "00022d18b500"
Acct-Session-Id
[EMAIL PROTECTED] wrote:
> The /etc/pam.d/httpd file contains:
>
> auth required pam_auth_radius.so
>
> This has worked wonderful with Squid on other machines.
>
> With Apache, the authentication is working fine if the RADIUS user exists
> as a local user as well.
...
> Require valid-user
> From: Paul Hampson
> Sent: Friday, 19 September 2003 1:47 AM
> > From: Nicolas Baradakis
> > Sent: Wednesday, 17 September 2003 11:35 PM
> > The following patch allow for SQL logging after authentication. It
> > extends the rlm_sql module so now you can put one more query in your
> > sql.conf f
> From: Nicolas Baradakis
> Sent: Wednesday, 17 September 2003 11:32 PM
> When the authentication step says the user the is rejected, the
> "Post-Auth-Type" attribute is overwritten with the value "REJECT". It
> gives the possibility to alter Access-Accept and Access-Reject replies
> with a differ
- Original Message -
From: "Chris Parker" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 18, 2003 6:21 PM
Subject: Re: rlm_attr_filter
> > > Why is this module not called in the post-proxy section ?
> >
> > Because no one has supplied a patch to make it do that
Hi Bernie,
how about a little more debug information?
F.e. enable sql_debug in admin.conf...
I don't know that much on MySQL but on PostgreSQL you have to edit a
file called "pg_hba.conf" which controlls which user is allowed to
connect to a specific database from a specific host...
Cheers,
Uli
I am still trying to get a NULL realm user
to default to a certain Realm. Has anyone
Worked with defaulting a realm, in the proxy.conf
and users files ?
Getting this error now.
rlm_realm: Request already proxied. Ignoring.
I am trying to use the NULL realm in proxy.conf
and a
At 10:50 AM 9/18/2003, Alan DeKok wrote:
=?iso-8859-1?Q?Pascal_S=E9guy?= <[EMAIL PROTECTED]> wrote:
> I am asking myself how rlm_attr_filter can work since it has only an
> 'authorize' method called before the realm stuff.
> Why is this module not called in the post-proxy section ?
Because no one
- Original Message -
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 18, 2003 5:50 PM
Subject: Re: rlm_attr_filter
> =?iso-8859-1?Q?Pascal_S=E9guy?= <[EMAIL PROTECTED]> wrote:
> > I am asking myself how rlm_attr_filter can work since it has only
Dear Ulrich,
Now the error had gone in "Check Server" option in dialup_admin web tool
But I have still some problem in connecting my sql server. I'm still unable
to connect to my "mysql" database server.
Here is my admin.conf
general_prefered_lang: el
general_prefered_lang_name: Greek
general_c
We are using the iPlanet (Netscape) Certificate Manager as our corporate CA.
I'm trying to set up FreeRadius 0.9.0 compiled against the Stock RedHat 9
openssl RPMs version 0.9.7a for EAP-TLS. To request a WTLS server
certificate I ran:
openssl genrsa -out privkey.pem 2048
openssl req -new -key p
Dear all,
I am trying to set up a reverse proxy with Apache 2.0.47 using
mod_auth_pam.
PAM is configured to use pam_auth_radius in /etc/pam.d/httpd
User shall be authenticated against a remote RADIUS server using
pam_auth_radius.so
The /etc/pam.d/httpd file contains:
auth required pam_auth_
=?iso-8859-1?Q?Pascal_S=E9guy?= <[EMAIL PROTECTED]> wrote:
> I am asking myself how rlm_attr_filter can work since it has only an
> 'authorize' method called before the realm stuff.
> Why is this module not called in the post-proxy section ?
Because no one has supplied a patch to make it do that
> From: Nicolas Baradakis
> Sent: Wednesday, 17 September 2003 11:35 PM
> When you have multiple freeradius servers, you want to store
> authentication attempts in a database rather than a flat file.
> The following patch allow for SQL logging after authentication. It
> extends the rlm_sql module
hello,
I want to filter attributes returned by a proxy, with freeradius > 0.9.1,
and I can get no result.
I am asking myself how rlm_attr_filter can work since it has only an
'authorize' method called before the realm stuff.
Why is this module not called in the post-proxy section ?
-
List inf
"arniel" <[EMAIL PROTECTED]> wrote:
> Can anyone tell me how to make EAP-TLS and PAM work together? or
> EAP-TLS and a Windows Active Directory work together?
You can't. They're not designed to work together.
> I want my Users to authenticate based on the /etc/passwd of my
> linux box.. or
Hi all !
Can anyone tell me how to make EAP-TLS and PAM work together? or EAP-TLS
and
a Windows Active Directory work together?
I want my Users to authenticate based on the /etc/passwd of my linux box..
or users in my active
directory? aside from the "whatever" shared secret authentication
[EMAIL PROTECTED] wrote:
> during client authentication process FreeRadius (0.9.1) reports
> the attached messages.
>
> Here I see two problems:
>
> TLS_accept:error in SSLv3 read client certificate A
> rlm_eap_tls: SSL_read Error
That isn't much of a problem. It's fixed in the latest CVS sna
Hi,
during client authentication process FreeRadius (0.9.1) reports
the attached messages.
Here I see two problems:
TLS_accept:error in SSLv3 read client certificate A
rlm_eap_tls: SSL_read Error
Error code is . 2
SSL Error . 2
and
rlm_eap: EAP packet type notification id 6 length 17
hi paolo
(alan :-))
people often misunderstand security as weirdly encrypting and signing
stuff, the more the better... security is much more about management -
management of the security associations.
so, basically i would agree with alan's point. i.e. it's pretty useless,
in the global sens
"Passeri, Paolo" <[EMAIL PROTECTED]> wrote:
> I have a question concerning some security features of FreeRadius.
> In my implementation I should have to store some critical informations
> on the database, and I would need that the whole database, and not only
> the password be encrypted and integr
All,
Just upgraded from 0.3 to 0.9.1. Th eFreeRadius is doing proxy only.
The radius.log is missing the time part and there is no end of line:
: Info: Starting - reading configuration files ... : Info: Core dumps
are enabled.
: Info: Listening on IP address 172.31.13.132, ports 1812/udp and
1813
Jean Frontin <[EMAIL PROTECTED]> wrote:
> I don't understand the error message :
>
> auth: No authenticate method (Auth-Type) configuration found for the=20
> request: Rejecting the user
> auth: Failed to validate the user.
You edited the default configuration, so that it wouldn't work any
more
[EMAIL PROTECTED] wrote:
> When is the schedule of PEAP?
Right now, whenever it's done.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"arniel" <[EMAIL PROTECTED]> wrote:
...
A question that had absolutely nothing to do with the subject line.
You also quoted the entire digest, which is similarly a waste of
time.
Please follow netiquette guidelines when posting to this list. Use
a real subject line, and don't quote hundre
"Rohaizam Abu Bakar" <[EMAIL PROTECTED]> wrote:
> face same problem with FreeBSD 4.8
...
> rlm_counter.c:681: structure has no member named `mutex'
This is fixed in the latest CVS snapshot.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Pavel,
Did you also compiled ppp with bsd support???
-Oorspronkelijk bericht-
Van: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Pavel Varnavsky
Verzonden: Thursday, September 18, 2003 1:42 PM
Aan: Patrick de Ruiter
Onderwerp: Re[2]: mppe
Hello Patrick,
Thursday, September 18, 2003, 6
Am Don, 2003-09-18 um 13.01 schrieb Bernie Liwanag:
> Dear Evren,
>
> I have already changed the entry for sql_server:localhost to
> sql_server:my_server_ip addr but it still won't work.When I access the
> accounting options, it says "can't connect to sql server"
>
> Below is the result of my "Ch
do you have your php compiled with radius support? do you have radius
client libraries? something is missing obviously...
Bernie Liwanag wrote:
Dear Evren,
I have already changed the entry for sql_server:localhost to
sql_server:my_server_ip addr but it still won't work.When I access the
account
Dear Pavel Varnavsky,
You need to contact pppd developers.
--Thursday, September 18, 2003, 2:29:27 PM, you wrote to [EMAIL PROTECTED]:
PV> Hello. I'm use latest freeradius version on OpenBSD 3.3-stable with
PV> pptpd, ppp. I'm reading doc, README, FAQ and other documents from
PV> internet, but
Hello Patrick,
Thursday, September 18, 2003, 6:45:31 PM, you wrote:
PdR> Hi,
PdR> Did you recompile your Kernel??
PdR> if, not you need to do this and disable kernel GRE support
Yes, of cousre. I'm use my kernel without GRE support.
--
Best regards,
Pavelmailto:[E
Hi!
Can anyone tell me how to make EAP-TLS and PAM work together? or EAP-TLS and
Windows Active Directory work together?
Users will be authenticated based on the /etc/passwd.. or users in my active
directory? aside from the "whatever" secret authentication and certificate..
pl
thanks...
On Thu, 18 Sep 2003 12:30:02 +0300 (EEST)
Kostas Kalevras <[EMAIL PROTECTED]> wrote:
> > What I need now is CHAP-Password type to be
> > send across to Radius Server from Client.My password in the LDAP database is
> > plain text.I would like to know what is addition that to be given in
> > radiusd
Dear Evren,
I have already changed the entry for sql_server:localhost to
sql_server:my_server_ip addr but it still won't work.When I access the
accounting options, it says "can't connect to sql server"
Below is the result of my "Check Server" test.
Warning: file("") - Permission denied in
/var/w
Hi,
Did you recompile your Kernel??
if, not you need to do this and disable kernel GRE support
Cheers
Patrick
-Oorspronkelijk bericht-
Van: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Pavel Varnavsky
Verzonden: Thursday, September 18, 2003 12:29 PM
Aan: [EMAIL PROTECTED]
Onderwerp: mppe
Hello to everybody
I have a question concerning some security features of FreeRadius.
In my implementation I should have to store some critical informations on the
database, and I would need that the whole database, and not only the password be
encrypted and integrity checked.
Indeed I gave a l
Hello. I'm use latest freeradius version on OpenBSD 3.3-stable with
pptpd, ppp. I'm reading doc, README, FAQ and other documents from
internet, but mppe does not working.
Section from radius.conf
use_mppe = yes
require_encryption = yes
require_strong = yes
in other section use MS-CHAP. PAP and C
> From: Rohaizam Abu Bakar
> Sent: Thursday, 18 September 2003 6:46 PM
> face same problem with FreeBSD 4.8
>
> done as below:
>
> # CFLAGS=-lc_r ./configure --without-threads
> # ./configure --without-threads
> => both giving same error as below:
> # CFLAGS=-lc_r ./configure
> => giving
I've read the docs .. but seems cannot find attr "Freeradius-Proxied-To" in
secondary server detail file...
--haizam
- Original Message -
From: "Kostas Kalevras" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 18, 2003 5:18 PM
Subject: Re: centralised radutmp
> On
Thanks Alan,
Simon.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Alan DeKok
> Sent: 16 September 2003 15:36
> To: [EMAIL PROTECTED]
> Subject: Re: Radiusd service script + daemontools supervise
>
> "simon mackey" <[EMAIL PROTECTED
I'm using freeradius with Ldap ;
I store an md5 password and a Nt password in Ldap.When a user want to login
to my cisco 7100 radius use username and the attribute User Password (where
i store the md5 password).When the user is making a vpn from a windows
client ( using mschap) radius use username
Please help me to
tune recommended value in radiusd.conf for HIGH load environment
Used:
FreeBSD 4.8
Freeradius 0.9.0
Openldap 2.0.27
.
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 256000
hostname_lookups = yes
allow_core_dumps =
On Thu, 18 Sep 2003, Vishal Jose wrote:
>
> Kostas Kalevras <[EMAIL PROTECTED]> wrote:
>
> > > filter = "uid=%u"
> >
> > Hmm, that should be "cn=%u" for things to work.
>
> Thanx,it solved my problem.What I need now is CHAP-Password type to be
> send across to Radius Server from Cl
On Wed, 17 Sep 2003, Narasimha Reddy Gujja wrote:
> Quoting [EMAIL PROTECTED]:
>
> > Send Freeradius-Users mailing list submissions to
> > [EMAIL PROTECTED]
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> > http://lists.cistron.nl/mailman/listinfo/freeradius-users
> > o
On Thu, 18 Sep 2003, Rohaizam Abu Bakar wrote:
> > No. Running 10 small programs shouldn't be much of a problem.
> >
> OK & noted... thanks..
>
> One more question...
> During radrelay process.. PRIMARY will read "detail-combined" file and send
> to SECONDARY radius. Then in SECONDARY radius i
Hello,
I don't understand the error message :
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [root/] (from client agly.irit.fr port 0)
here is an stdout extract and below my "users" fil
face same problem with FreeBSD 4.8
done as below:
# CFLAGS=-lc_r ./configure --without-threads
# ./configure --without-threads
=> both giving same error as below:
# CFLAGS=-lc_r ./configure
=> giving gethostbyaddr_r error
--haizam
rlm_counter.c:681: structure has no member named `mute
see conf/admin.conf
change
sql_server: localhost
to your server address
also the user/pass information etc.
Bernie Liwanag wrote:
Dear Kostas,
Thanks for responding! Can you tell me how to configure the dialup_admin on
a separate server that will lookup my other freeradius and mysql server.
TIA!
Dear Kostas,
Thanks for responding! Can you tell me how to configure the dialup_admin on
a separate server that will lookup my other freeradius and mysql server.
TIA!
Bernie
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Good Day,
With warm heart I offer my friendship, and greetings, and I hope this mail meets you
in good time. However strange or surprising this contact might seem to you, as we have
not met personally or had any dealings in the past,I humbly ask that you take due
consideration of its importance
Hi,
I read about your problem with mysql timing out after 8 hours. I have
also encountered the same problem. Is there any remedy?
Best regards,
Ilia
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Kostas Kalevras <[EMAIL PROTECTED]> wrote:
> > filter = "uid=%u"
>
> Hmm, that should be "cn=%u" for things to work.
Thanx,it solved my problem.What I need now is CHAP-Password type to be send
across to Radius Server from Client.My password in the LDAP database is plain
On Thu, Sep 18, 2003 at 09:27:14AM +0800, ???} wrote:
> Hi jeffery :
>
> i am try to cross compile freeradius on a arm platform, but i have many strange
> problems.
>
> can u tell me how to cross compile freeradius on a mips platform?
You want to crosscompile a arm freeradius on a mip
70 matches
Mail list logo