Hi!
Ok, i get it working to my mysql db line
INSERT INTO radgroupreply VALUES('12','Group','Cisco-AVPair',':=','
shell:priv-lvl=15','0');
Ok fine, but now fradius dont put my request log anymore.
Best regards,
Ville
-
List info/subscribe/unsubscribe? See
On Thu, Sep 25, 2003 at 06:14:56PM +0200, Laurens Pit wrote:
Trying to compile rlm_perl module, but no luck. Missing perl.h file. Can
anyone give me a hint what I should do to get this compiling okay?
Hello,
it seems that perl.h is missing.
i suggest you to upgrade your perl to 5.6.1 or 5.8.x
We're observing segfaults of freeradius 0.9.1 on Solaris 8
immediatly after delivering large user records (that means
many reply items per user) to the client.
Is there any kind of limit on the maximum number of reply
items, expressed in bytes or no of items?
nhk
-
List
Hi,
My current shiva box not allow to ause Window NT for authetication.
I am thinking using freeradius to proxy the request to window NT for
authetication. May I know how can I configure the radius proxy,
Damien
-
List info/subscribe/unsubscribe? See
I have tested eap-ttls with freeradius and client is aegis, the ms-chap, ms-chap-v2
and eap-md5 is work, but it seems the pap and chap isn't work, here is the message
from radiusd(using eap-ttls-pap), thanks !
rad_recv: Access-Request packet from host 192.168.102.1:1200, id=187, length=281
hardly ever.
the APs have NOTHING to do with neither TTLS nor TLS.
ciao
artur
Michael Brown wrote:
I know the Linksys WAP/WRT54G accepts TTLS auth, but I don't know a D-Link
product that does TTLS. That is most likely your problem.
Michael Brown
-
List info/subscribe/unsubscribe? See
Hi,
I am trying to build a wireless network based on time limited accounting
which uses Peabird's Access Points (alias Earthcom-networks). These APs are
built with a radius server that is *supposed* to be Windows 2000 adv serv
compatible (I did not test them with it).
As i don't want
There are a few references to Thread 6 which it is assigned to, but
nothing in the log that lets me know what the request was or what
happened to it... There appear to be dumps of requests in the log
but I cannot see any relation to this info and a request number.
That's a little
Hi,
We're running FreeRADIUS version 0.8.1, and have been trying out
authentication using a couple of WPA-capable 802.11 APs and PCMCIA cards
on laptops, with EAP-TLS and certs.
We've tried a matrix of the following:
Laptops
- Win2K SP4 w/ MS 802.1x patch and with Funk Odyssey client
- WinXP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Ian,
I've seen something like this when doing MAC authentication. It was
actually a feature of the WinXP/Win2k supplicant which defaults the
session time to about 6 seconds! If I explicitly set the session time to be
something more useful
hi Guy!
how can you change the session time in windows?
thanks,
artur
Guy Davies wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Ian,
I've seen something like this when doing MAC authentication. It was
actually a feature of the WinXP/Win2k supplicant which defaults the
session
Hi,
please help. I want to send more than one IP-Pool-Definition to my
ascend box. Freeradius sends only one of them.
users-file:
pools-Moritz Auth-Type := Local, User-Password ==secret
Service-Type = Dialout-Framed-User,
Ascend-IP-Pool-Definition = 1
At 07:30 AM 9/26/2003, you wrote:
Hi,
please help. I want to send more than one IP-Pool-Definition to my
ascend box. Freeradius sends only one of them.
users-file:
pools-Moritz Auth-Type := Local, User-Password ==secret
Service-Type = Dialout-Framed-User,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Artur,
You don't :-) You set the session-timeout in the RADIUS reply.
Regards,
Guy
-Original Message-
From: Artur Hecker [mailto:[EMAIL PROTECTED]
Sent: 26 September 2003 12:56
To: [EMAIL PROTECTED]
Subject: Re: WPA w/ EAP-TLS
that is the response i kind of feared. sorry, that's nonsense.
in that case the whole story has nothing to do with the respective
supplicant, since it simply NEVER gets in touch with Radius attributes.
that would be the problem of the AP and NOT of the supplicant as you
pointed out.
ciao
Dear ML,
we have to setup a Radius-Proxy which will proxy auth/acct packets to
an individual
Radius-Server by NAS-IP-Address. The Proxy works quiet probally, we
are using the
hints file in combination with DEFAULT entries to setup the
Proxy-to-Realm attribute.
Now our Problem:
In the past we
On Thu, 25 Sep 2003, Roman M. Bibikov wrote:
Hi all!
Is it allowed to describe several check items in checkval module?
I setted up Calling-Station-Id and Called-Station-Id checking by adding
new checkval section in radiusd.conf, so each of them instantiates. See
below...
checkval
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Artur is right. This was a problem previously seen by one AP vendor
with whom I talk, which affected both Microsoft's IAS and Funk's
Steel Belted RADIUS servers. The session-timeout returned by default
by those was very low and caused repeated
Alan wrote:
Huh? Logging to the 'detail' file takes nearly zero time.
Let me guess: You're running MySQL on the same machine as
FreeRADIUS.
The solution is simple: Don't do that.
Hi Alan,
thanks for replying. Yes, we're running mysqld on the same machine as
radiusd, but we're not able to
Hi,
I'm using FreeRADIUS v0.8.1 on RedHat 7.1.
I'm using it strictly for accounting purposes with
MySQL running in the background.
Also I'm using proxy features to be able to send the accounting data
to one more server, just to have another copy.
--- proxy.conf ---
proxy server {
synchronous =
I want use a cisco 7100 for vpn with mschap.
If 7100 have mppe passive mode all fill good and mscap-mppe work fine.The
user is aunthenticated and the connection is encypt 128 bit.
If 7100 il in mppe auto the user login was ok but in one second the 7100
send access accounting stop segnal foe mppe
On Thu, 25 Sep 2003, Ossama Suleiman wrote:
dear all,
while authenticationg against ldap i enabled the compare_check_items
= yes, cause i wanted to use nas-port-type based authentication, because
i have to kinds of users, analog and ISDN, in order to prevent analog
users from using ISDN
On Thu, 25 Sep 2003, Rohaizam Abu Bakar wrote:
still the same... error.. no other indication from debug log..
for the time being... i'm using freeradius 0.9.0 with my FreeBSD 4.8...
ldap: access_attr = dialupAccess
ldap: groupname_attribute = cn
ldap: groupmembership_filter =
There were 2 places you must change to get NULL realms to work.
The first was in the users file. A default user realm must be added
With the Autz-Type set on the required line.
DEFAULT Realm == NULL, Autz-Type:=sql
And the proxy.conf must have a NULL realm defined.
Realm NULL {
type=
george [EMAIL PROTECTED] wrote:
I have tested eap-ttls with freeradius and client is aegis, the
ms-chap, ms-chap-v2 and eap-md5 is work, but it seems the pap and chap
isn't work, here is the message from radiusd(using eap-ttls-pap),
thanks !
PAP CHAP work fine with the Aegis client.
Nils-Henner Krueger [EMAIL PROTECTED] wrote:
We're observing segfaults of freeradius 0.9.1 on Solaris 8
immediatly after delivering large user records (that means
many reply items per user) to the client.
That's bad.
Is there any kind of limit on the maximum number of reply
items,
=?iso-8859-1?b?RulsaXg=?= Dewaleyne [EMAIL PROTECTED] wrote:
As i don't want to use MS software but linux I choosed to use
freeradius, but I need to configure the radius server to be Win 2000
IAS compatible.
Huh? WHat do you mean by that?
Alan DeKok.
-
List
Graeme Hinchliffe [EMAIL PROTECTED] wrote:
I haven't needed to check the log dump yet as the problem hasn't
duplicated with this new code.
That's good, but I would like to know what was broken, and what got
fixed.
One thing I did notice was that the eap module wouldn't compile from
the CVS
Just goes to show that paid support isn't all that it's cracked up to be.
I opened a Cisco TAC case on this kind of issue over a year ago, and had
Cisco TAC swear up and DOWN it wasn't possible to authenticate to the http
server w/o using TACACS.
I didn't believe them at the time,but I didn't
[EMAIL PROTECTED] wrote:
In the past we had configured the Vendor-Id in the clients.conf file
per Client-IP, but this will no more work for us, because all
Radius-Servers have now only one Client entry, the Proxy itself.
The 'clients.conf' file has never had a 'Vendor-Id' entry.
It has
Ivan Meic [EMAIL PROTECTED] wrote:
Also I'm using proxy features to be able to send the accounting data
to one more server, just to have another copy.
Ok..
realm NULL {
type= radius
authhost= 80.253.170.52:1812
accthost= 80.253.170.52:1813
On Fri, 26 Sep 2003 07:35:22 -0400
Alan DeKok [EMAIL PROTECTED] wrote:
Graeme Hinchliffe [EMAIL PROTECTED] wrote:
I haven't needed to check the log dump yet as the problem hasn't
duplicated with this new code.
That's good, but I would like to know what was broken, and what got
fixed.
Hello,
I was try to build my own RPM-package of freeradius-0.9.0 with rlm_sql_oracle-
module support to deploy to Suse 8.2 servers. Oracle version is 8.1.7.4.
The strange trouble was discovered.
If I take default suse freeradius.spec file, then I build a buggy binary. The
error seems to in
Please,
Does anyone know how to setup this feature. My company is using FreeRadius
0.8.1 on slackware 9. with freeside 1.4.1rc6. Freeside is going to
manage the radius accounting (session monitoring), and the following link
establishes how freeside does this.
From: Nick Davis
Sent: Friday, 26 September 2003 7:57 AM
I have been using freeradius since 0.3 installed from source and I wanted to
give the debian package a try. I did not see a freeradius package in unstable
nor testing. Is freeradius still changing too fast for debian?
Not anymore, I
From: Alex Chen
Sent: Friday, 26 September 2003 8:34 AM
From: Paul Hampson
Sent: Thursday, September 25, 2003 3:03 PM
2. If the server is a proxy server, and I want the exec to
be called when
the authentication
is successful, i.e. the master server reply with
Access-Accept,
On Thu, 25 Sep 2003, Ossama Suleiman wrote:
many many thanks, it is very useful
but there is one thing left, i would be very grateful if you can help me
with it
i have to different isdn types isdn 64k (simultenous-use=1) and isdn 128k
(simultenious-use=2)
if i define it by
From: [EMAIL PROTECTED]
Sent: Friday, 26 September 2003 8:03 AM
$ LIBS=-lssl -lcrypto
$ export LIBS
$ ./configure
that may help.
Thanks, it's getting better! I did as you suggested and now
I am only getting:
/usr/lib/libsnmp.so: undefined reference to `des_cbc_encrypt'
From: Alan DeKok
Sent: Thursday, 25 September 2003 9:13 PM
Alan, I think your clock's 4 hours behind again. That made this
little show slightly less fun to read (I kept getting the back-and-forth
out of sync. And anything that interferes with my entertainment
on this list must be bad! ;-)
Kostas Kaleveras wrote an email on this list a few months ago to help
someone with returning multiple attributes in an LDAP authenticated radius
installation.
http://www.mail-archive.com/[EMAIL PROTECTED]/msg15855.html
I am in this same spot, but do not userstand where I should be changing to
Kevin D. Alford [EMAIL PROTECTED] wrote:
Configure your RADIUS server's login and logout callbacks to use the
command-line freeside-login and freeside-logout utilites.
See 'raddb/acct_users'
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Anyone know why my radutmp file is missing the users IP address for some
of the logins. Is this because the user wasn't authenticated? Or
perhaps the nas didn't send it? Any way to know for sure?
schu
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Of course they do: whether they SUPPORT (act as a pass-through device for) these
auth schemes or not.
I KNOW they have nothing to do with the actual auth beside that fact, but you
can't use EAP-TLS or TTLS with just any old AP, now can you?
Such nitpicking.
Quoting Artur Hecker [EMAIL
43 matches
Mail list logo