Ok I have been able to build something a little better:
Building with disable shared everything and installing
then compiling as static and then installing only the sql module
Every module appear to work including rlm_sql_mysql but :
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql)
We are trying to authenticate users with FreeRadius 0.9.2 against
the /etc/shadow file in a solaris system.
We know that System authentication won't work for EAP-MD5. But, it's
possible to make it using CHAP or PEAP?
Thanks!
On Sun, 16 Nov 2003, Rohaizam Abu Bakar wrote:
When runing ldapsearch did you bind with the problematic DNs or with the
admin
DN? I would suggest trying to bind with the user DNs and see what happens
I bind as admin DN but why i never received the error while running in
FreeBSD 4.8..
Hello List,
I'm using mysql to authenticate all our users. I've set up
a huntgroup which denies access based on called-station-id
like this:
hg called-station-id==3456778
hg called-station-id==1689988
hg called-station-id==9983789
Then i've added an record in the table radcheck:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
No, CHAP, and MS-CHAP (the inner authentication method used with PEAP)
require clear text passwords. Therefore, the shadow password file is not
compatible with these methods. This bit me to start with.
You could always try TTLS with SYSTEM as the
Gustavo...I am interested in this issue tooI would be very gratefull if
you could answer to the list too
Regards,
German Viera
Montevideo
Uruguay
- Original Message -
From: Gustavo A. Lozano [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, November 17, 2003 11:32 PM
hello here's debug output and the error, thanks
mysql select * from radgroupcheck;
++---+--+++
| id | GroupName | Attribute| op | Value
|
++---+--+++
| 1 | admin | Auth-Type| ==
Hello, I'm using 0.9.2, very vanilla, everything has been working great.
I added the following to the top of my users file, restarted the server,
booted user1 at 6:30am, and they logged right back on. I'm using a Patton
2960 and timeouts work OK.
What am I missing?
Thanks,
-Steve
I think Login-Time is a check parameter, so you should include it on the
first
line:
user1 Auth-Type := System, Login-Time := Wk0745-1715
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 1500,
[..]
For the meaning of the operators (=, ==, :=, etc.) take a look at rlm_sql
doc
I thought there was no dynamic library version of freeradius on MacOS X..
At least that's what 0.9.2 docs say.
Jon
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
salut
No, CHAP, and MS-CHAP (the inner authentication method used with PEAP)
require clear text passwords. Therefore, the shadow password file is not
compatible with these methods. This bit me to start with.
so, there is no PAP for PEAP?
You could always try TTLS with SYSTEM as the inner
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-Original Message-
From: Artur Hecker [mailto:[EMAIL PROTECTED]
Sent: 18 November 2003 15:49
To: [EMAIL PROTECTED]
Subject: Re: Authentication against /etc/shadow using ...
salut
No, CHAP, and MS-CHAP (the inner
Jason Haar [EMAIL PROTECTED] wrote:
I'm amazed that the SSL code works at *all*.
Have you looked at the GNU TLS code? - http://www.gnu.org/software/gnutls/
No time, sorry.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
akongr [EMAIL PROTECTED] wrote:
I have set up free-radius 0.9.2 runnig on Solaris to authenticate VPN
access from VPN server running on MS-Win2000 server. The authentication
method is PAP. There is no problem in authentication for computers
running XP. But it could not be authenticated for
Andreas Wolf [EMAIL PROTECTED] wrote:
see
http://homepage.mac.com/andreaswolf/public/freeradius_installer.html
for the diffs. The modifications are minor.
I'm not sure why patch #1 is necessary. Which C files have problems
with the sha1.h file?
Patch #2 was added yesterday.
Patch #3
=?iso-8859-1?Q?Jos=E9?= Berenguer [EMAIL PROTECTED] wrote:
We know that System authentication won't work for EAP-MD5. But, it's
possible to make it using CHAP or PEAP?
No. See the FAQ. It talks SPECIFICALLY about system authentication
and CHAP.
Microsoft PEAP doesn't send clear-text
apellido jr., wilfredo p [EMAIL PROTECTED] wrote:
hello here's debug output and the error, thanks
mysql select * from radgroupcheck;
...
++---+--+++
| 1 | admin | Auth-Type| == | CHAP
Don't set Auth-Type to CHAP. Ever. The
Thanks, Jon - that did it.
-Steve
- Original Message -
From: Jonathan Ruano [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, November 18, 2003 8:29 AM
Subject: RE: Can't get Login-Time to work
I think Login-Time is a check parameter, so you should include it on the
first
Has anyone considered approaching Tim O'Reilly to do a dedicated FreeRadius
book. The existing Radius title is ok as far as it goes and the two
freeradius chapters are a plus but IMO it does not go far enough.
I would have thought that FreeRadius deserves to have it's own creature.
Since Jonathon
At 11:31 AM 11/18/2003, Tim Snape wrote:
Has anyone considered approaching Tim O'Reilly to do a dedicated FreeRadius
book. The existing Radius title is ok as far as it goes and the two
freeradius chapters are a plus but IMO it does not go far enough.
I would have thought that FreeRadius deserves
Hi
I have started to look at the dialup_admin for use with postgresql.
I am using PostgreSQL 7.3.4, and FreeRadius 0.9.2.
The porblem I just discovered is that the PHP is looking for case
sensitive column names when processing returned data.
Example :
while(($row =
Title: Div2000.com News | Top Diversity Businesses Announced
|
Close Window
Top Diversity Businesses Announced
November 11, 2003
Div500 Winners Announced
SOUTHPORT, CT, Nov. 11 /DiversityBusiness.com/ In
On Nov 18, 2003, at 8:09 AM, Alan DeKok wrote:
Andreas Wolf [EMAIL PROTECTED] wrote:
see
http://homepage.mac.com/andreaswolf/public/freeradius_installer.html
for the diffs. The modifications are minor.
I'm not sure why patch #1 is necessary. Which C files have problems
with the sha1.h file?
a
At 12:56 PM 11/18/2003, Andreas Wolf wrote:
On Nov 18, 2003, at 8:09 AM, Alan DeKok wrote:
Andreas Wolf [EMAIL PROTECTED] wrote:
see
http://homepage.mac.com/andreaswolf/public/freeradius_installer.html
for the diffs. The modifications are minor.
I'm not sure why patch #1 is necessary. Which C
Hello,
how I can reach, which can log in each user,
not two times at the same time?
The Simultaneous-Use Attribute not work in
my groupcheck.
--
mario
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Nov 18, 2003, at 11:10 AM, Chris Parker wrote:
At 12:56 PM 11/18/2003, Andreas Wolf wrote:
On Nov 18, 2003, at 8:09 AM, Alan DeKok wrote:
Andreas Wolf [EMAIL PROTECTED] wrote:
see
http://homepage.mac.com/andreaswolf/public/freeradius_installer.html
for the diffs. The modifications are minor.
Greetings.
I have an Cisco as5300 that I am using for Dial customers.
The customer connects, the authentication comes through, but then at the
authorization level the connection gets dropped by the nas..
Are there any suggested attributes to put into radgroupreply for ISDN dial
in customers to the
What's the best online place for documentation of actual FR? I for one still
don't know what the difference is between := and == in my sql database
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Chris Parker
Sent: Tuesday, November 18, 2003 12:03 PM
To:
Anson Rinesmith [EMAIL PROTECTED] wrote:
What's the best online place for documentation of actual FR? I for
one still don't know what the difference is between := and == in my
sql database
doc/rlm_sql ?
Alan DeKok.
-
List info/subscribe/unsubscribe? See
At 12:56 PM 11/18/2003, Andreas Wolf wrote:
On Nov 18, 2003, at 8:09 AM, Alan DeKok wrote:
Andreas Wolf [EMAIL PROTECTED] wrote:
see
http://homepage.mac.com/andreaswolf/public/freeradius_installer.html
for the diffs. The modifications are minor.
I'm not sure why patch #1 is necessary. Which C
At 02:14 PM 11/18/2003, Anson Rinesmith wrote:
What's the best online place for documentation of actual FR? I for one still
don't know what the difference is between := and == in my sql database
This is explained in pretty good detail in 'doc/rlm_sql', which is part
of the source distribution.
Chris Parker [EMAIL PROTECTED] wrote:
Nope, current CVS load pukes at line 34 of src/include/sha1.h:
Ok, but which C file?
Everything which uses sha1.h SHOULD include sys/types.h, first.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Andreas Wolf [EMAIL PROTECTED] wrote:
Patch #3 was addressed (I thought) by changes to ttls.c on Nov. 6.
I saw your check-in but I still got an error (Diameter Attribute
overflows packet!). However, by
examining the tunneled attributes the data seemed to be correct.
I think 'data_len'
At 02:41 PM 11/18/2003, Alan DeKok wrote:
Chris Parker [EMAIL PROTECTED] wrote:
Nope, current CVS load pukes at line 34 of src/include/sha1.h:
Ok, but which C file?
src/lib/sha1.c:12
Everything which uses sha1.h SHOULD include sys/types.h, first.
And it does include sys/types.h on line 10.
On Nov 18, 2003, at 12:45 PM, Alan DeKok wrote:
Andreas Wolf [EMAIL PROTECTED] wrote:
Patch #3 was addressed (I thought) by changes to ttls.c on Nov. 6.
I saw your check-in but I still got an error (Diameter Attribute
overflows packet!). However, by
examining the tunneled attributes the data
Chris Parker [EMAIL PROTECTED] wrote:
And it does include sys/types.h on line 10. Seems OSX doesn't have
'uint8_t' defined. It *does* however seem to have 'u_int8_t' defined.
See: src/include/autoconf.h
If uint8_t isn't defined, that header file defines it. So sha1.c
probably doesn't
At 04:16 PM 11/18/2003, Alan DeKok wrote:
Chris Parker [EMAIL PROTECTED] wrote:
And it does include sys/types.h on line 10. Seems OSX doesn't have
'uint8_t' defined. It *does* however seem to have 'u_int8_t' defined.
See: src/include/autoconf.h
If uint8_t isn't defined, that header file
Hi All,
I'm using WEP enabled mode where I get 2 EAPOL-Keys with the second
malformed from the AP-340 !!! I use also AEGIS client in Windows XP
Home.
I've attached the ethereal dumps to check what exactly I mean. I don't
know if it is a bug in the AP or the freeradius, but I suspect that the
Hi all,
Having read the RFCs (well, skimmed them at least) I am aware that
including Acct-Session-Time, Acct-Output-Octets and Acct-Input-Octets in
UPDATE messages is illegal. However, we have what we think is a good reason
to do it, and freeradius seems to allow this (and we've patched the
hi
I'm using WEP enabled mode where I get 2 EAPOL-Keys with the second
malformed from the AP-340 !!! I use also AEGIS client in Windows XP
Home.
before you continue: do you use the latest versions of the firmware on
both your AP _and_ your wifi card?
I've attached the ethereal dumps to
OK I almost got it working
When I finish teasing it into shape, I'll post a patch if anyone want's one.
If nobody wants the patch where should I submit the fix.
Guy Fraser wrote:
Hi
I have started to look at the dialup_admin for use with postgresql.
I am using PostgreSQL 7.3.4, and FreeRadius
On Tue, 18 Nov 2003, Guy Fraser wrote:
OK I almost got it working
When I finish teasing it into shape, I'll post a patch if anyone want's one.
If nobody wants the patch where should I submit the fix.
Please do submit a fix. I would be really happy to have dialupadmin
definitely working with
Hello!
Could anybody tell me what is the problem with pptpd (or maybe
radius)?
I have linux server and an windows(2k, xp) client.
Sometimes on the windows machine no more bytes being received through
the vpn interface, while no problem to the non-vpn link with the server.
I am wondering with the
Hello~
NAS
== FreeRadius(Proxy) === Other Radius Server
(PAP)(PAP)
===
(CHAP)(CHAP)
My Proxy
Server receives Auth-Request(PAP) from the NAS and proxy it to other Radius
Server.
The
other Radius Server supports only CHAP, but the NAS uses PAP.
I hope that
At 03:25 18/11/2003, Allen Chung wrote:
Hello~
NAS
== FreeRadius(Proxy) === Other Radius Server
(PAP)
(PAP) ===
(CHAP)
(CHAP)
My Proxy
Server receives Auth-Request(PAP) from the NAS and proxy it to other
Radius Server.
The other
Radius Server supports only CHAP, but the NAS
NAS == FreeRadius(Proxy) === Other Radius Server
(PAP) (PAP) ===(CHAP) (CHAP)
My ProxyServer receives Auth-Request(PAP) from the NAS and proxy it to otherRadius
Server.
The otherRadius Server supports only CHAP, but the NAS uses PAP.
I
Hi...
I think that the Proxy can get
the username and password because it usesPAP.
So the Proxy could be a new NAS
to send Auth-Request (with the username and password that it got) using
CHAP.
If the reault of challenge is
"accept", the proxy will reply Access-Accept to NAS...
From dictionary.tunnel...
ATTRIBUTE
Tunnel-Type
64 integer has_tag
what is mean by "has_tag"??
I'm currentlyworking on RADIUS - MPLS-VPN
project, and from example given by cisco.. Some of attributes needed for doing
L2TP tunnelling are as below:
Tunnel-Type = :1:L2TP
Hello, everyone!
I am a newbie of RADIUS and know very little about this software and also its
concepts (also the basic ones).
Some person advised me to read Oreilly's book -- RADIUS. But it is not easy to buy
in my local city. Because it takes me about a month to buy a U.S book in my local
49 matches
Mail list logo