are supplied by libtool.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
))*60)
Value,op from ${authreply_table}, pb_tariffs,surcharge
where \%{Called-Station-Id}\ regexp
concat(^...
A double quote inside of a double-quoted string?
I am getting the error after adding 'regexp' to the
query.
Then what you added is the source of the problem.
Alan
Yosi Corcia [EMAIL PROTECTED] wrote:
I am triying to create the client and server certificates. I am following
the Howtos:
See 'scripts/CA.all'. It's a script taken from the Howto's, which
will create the certificates for you.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
accounting packets, the server logs two.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Shashidhara S Bapat [EMAIL PROTECTED] wrote:
Please let me know what all changes I have to do for my network to work.
See the FAQ, and run the server in debugging mode.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Prasad Yaramti [EMAIL PROTECTED] wrote:
Help me how store the username and password in the server,how to
authneticate ? How to pass the my username and password to server ???
Read the FAQ. It explains how to do this.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
.
If you're trying to create CHAP-Passwords from plain-text passwords,
you shouldn't. There's no point.
If you're trying to create plain-text passwords from CHAP-Passwords,
you can't. It's impossible.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
by comparing source IP
addresses.
So the packets should be duplicate *only* if they're being sent from
the same IP.
delete_blocked_requests = no (Is this safe to turn to yes yet)
No.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Stephan von Krawczynski [EMAIL PROTECTED] wrote:
Only half answered, I'm afraid. I tried auth_log and reply_log, but it is
unclear how to find out corresponding req and reply without any id logging ...
shrug You've got the source code. It's only a 1-line change.
Alan DeKok.
-
List info
Cris Boisvert [EMAIL PROTECTED] wrote:
Is their a way to use the exported users.txt file from mac radius to
import it into freeradius?
Edit it by hand. The configuration files are probably quite different.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
broken. The response can't make it
back from the ISP to you, so I don't see how *anything* would work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cris Boisvert [EMAIL PROTECTED] wrote:
Does Anyone Use an easy user interface...Webmin.. Or a script?
dialup_admin? It comes with the server. Did you look?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
=?iso-8859-1?q?santi=20baztan?= [EMAIL PROTECTED] wrote:
I have radius server with EAP-TLS and I'm tryin to
install eap-ttls. HAve you a howto of eap-ttls.
You configure it, as it says in 'radiusd.conf'.
After that, you have a client send it EAP-TTLS packets. It's that easy.
Alan DeKok
accounting packets.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
nothing else.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Nick Davis [EMAIL PROTECTED] wrote:
I guess it might be a good idea to ask Alan to put sql as a commented option
in the authorize and accounting sections of the radiusd.conf.
Done.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
was upgraded to 0.9.3 , it did not help.
That *should* do it, if you deleted the old libperl files.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Spetzler, Arne (DZ-SH) [EMAIL PROTECTED] wrote:
in the process of superseding Cisco ACS with freeradius, I have
enhanced the
dictionary.cisco.vpn3000
...
Those attributes are already in the CVS head. They weren't included
in 0.9.3, though.
Alan DeKok.
-
List info/subscribe
Oliver Graf [EMAIL PROTECTED] wrote:
So what about a answer-delay option for sluggy NASes? ;)
Yuck.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Soujanya Rao [EMAIL PROTECTED] wrote:
Can anyone tell me where I am going wrong? This is urgent and I am
clueless as to what else needs to be done.
Ensure that 'sql' is listed in the 'accounting' section.
Run: radiusd -X
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
-TLS) and also a
username/password against LDAP. Would this be EAP-TTLS?
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the configuration files.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-Password or NT-Password attribute found. Cannot
perform MS-CHAP authentication.
It needs a password.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
password).
Then it's a problem with the NAS configuration. Nothing you do to
FreeRADIUS will help.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
for you. You still argue with me, ignore
what I say, and tell me I'm wrong. I can only conclude that you're
uninterested in solving your problem. You're only interested in
social gossip on the list.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
yeah I have done that exactly before and it did overwrite my config that is
one of the reasons I am asking.
That must have been a very old version of the server. The current
version does not overwrite any files in raddb/
Alan DeKok.
-
List info
the desirec password.
Without the algorithm, it's impossible to implement. And if the
algorithm is patented, it's even more impossible to implement.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Deramus, Chris [EMAIL PROTECTED] wrote:
What file(s) should I run ldd against?
rlm_sql_mysql.so
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ripunjay Bararia [EMAIL PROTECTED] wrote:
--- radius.log begin ---
Mon Dec 15 12:30:23 2003 : Info: rlm_sql (sql): There are no DB handles to
use! skipped 0, tried to connect 0
Find out why your SQL database is slow.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
when their 'radgroup'
group is set for the DialUp group.
It should work. Check, though, that the NAS is actually sending
Async.
This should let the ISDN people also do dial-up, but will prevent
the dial-up people from using ISDN.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
the same?
I don't recall.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
there, sorry.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
attributes.
Whatever the problem is, that is the only fix.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
absolutely irrelevant for the problem at hand.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
officially exist, so no one knows what it's supposed to
be.
Can I get bytes transfered during this session like dialup record?
Read the FAQ. The server can't log what isn't sent by the NAS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
There are probably ways to use the server to re-write the attributes
to make sense (so attr_filter works), but I don't see any point in
explaining them, until it's clear that you've understood what else
I've said.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
that attribute is.
You also haven't said *where* this attribute is coming from.
Knowing that would help.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
work, there isn't much else the server can
do.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the 'short name' to be the name you want logged.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mode (radiusd -X) and send it a
HUP signal
I'll put a fix into the latest CVS snapshot.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Andrea Gabellini [EMAIL PROTECTED] wrote:
I'm tring 0.9.3 using the Oracle driver from the CVS. From the version 1.32
of sql_oracle.c there is the check that the number of columns is 5. This
doesn't works with the simultaneous use checking queries.
Why?
Alan DeKok.
-
List info
Obermeier Markus ICM MP PD TS [EMAIL PROTECTED] wrote:
How does Freeradius choose the cipher suite?
It doesn't. It lets SSL pick it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Graeme Hinchliffe [EMAIL PROTECTED] wrote:
Will a HUP force a reload of the config?
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jean-Philippe Duval [EMAIL PROTECTED] wrote: Is EAP-SIM authentication available
with freeRadius ?
The latest CVS snapshot has EAP-SIM.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Gary Algier [EMAIL PROTECTED] wrote:
I have some basic SQL functionality working, but I discovered that if
the SQL module returns ok, FreeRadius still falls through to the
users file. Is there any way to prevent this?
doc/configurable_failover
Alan DeKok.
-
List info/subscribe
.
Your shared secret is wrong.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
period passes and then I
receive the message:
bash: Out of virtual memory!
I would suggest getting more memory for your machine, or increasing
the swap size
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dan Monjar [EMAIL PROTECTED] wrote:
Were you able to address the occasional server crash in response to the
HUP?
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Kostas Kalevras [EMAIL PROTECTED] wrote:
I am using freeradius 0.9.3 on a linux box
I have found the eap_ttls module in the CVS tree
How to install it ???
./configure
make
make install
And watch the server dies as soon as it receives an EAP-TTLS request.
Alan DeKok.
-
List info
should go.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
message is unclear?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a dictionary file entry for your attribure
like:
ATTRIBUTE My-Magic-Foo250 string encrypt=1
And the server will automatically encrypt it when sending, and
decrypt it when receiving.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alex Radetsky [EMAIL PROTECTED] wrote:
I'm using freeradius-0.7.1. I'm trying to configure this freeradius
as proxy server to remote.
Upgrade to 0.9.3. Please.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
proxying the request to is broken.
PS. I can rewrite this code to create workaround. But I do not know, may
be it will not correct.
It will be wrong. You should contact the people running the other
server, and tell them to fix it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
run it in debugging mode to see what's going wrong.
Also, you *do* need to configure 'radiusd.conf' to use the SQL
module. You can't just put users into an SQL database, and hope that
the server magically knows where to look.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
of the personn
EAP-TTLS doesn't require personal certificates.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
is a good exaple how this actually works.
I'm not sure that would help, and I don't see it as necessary.
Apache has one large http.conf file, and no one seems to have problems
with it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Justin Williams [EMAIL PROTECTED] wrote:
Bingo... That worked... I was missing the sql entry in the authorize
section...
That's good to hear.
Would still love to go read up on radius, though!
Buy the RADIUS book. See the web site for details.
Alan DeKok.
-
List info/subscribe
Justin Williams [EMAIL PROTECTED] wrote:
By the way, I did not see a command in the man pages to restart radiusd
after making config changes. Is there such?
Huh? It's a normal program. You just kill it, and re-start it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
versions. I'm not good with this linux installations. So what I did
was to remove the old directory where the snapshot were, and I used
again to install the stable version.
It's not a problem with FreeRADIUS. It's a problem with OpenSSL.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Ivan Dario Barrera [EMAIL PROTECTED] wrote:
...
You do READ the list, don't you?
http://lists.cistron.nl/pipermail/freeradius-users/2003-December/026413.html
Is there any way to check what are the versions I'm trying to use?
ldd. See the FAQ.
Alan DeKok.
-
List info/subscribe
Holger Schurig [EMAIL PROTECTED] wrote:
Is there a technical reason that EAP-TTLS and EAP-PEAP both need EAP-TLS
first?
Yes. Why would it be otherwise?
TTLS PEAP both involve using EAP-TLS, and then tunneling
additional data in the TLS tunnel. Therefore, they both need EAP-TLS.
Alan
ones
are added, I would have to change everyone's entry in radcheck.
Why not use rlm_passwd? Have a passwd style file, looking up the
client IP, and returning your Custom-Attr. That way, there's only one
file to manage.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
to me.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
User-Name = [EMAIL PROTECTED]
It's proxying the request to another server.
What part of that debug output was unclear?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Arthur EBEL [EMAIL PROTECTED] wrote:
I would like to know Where I can find the rlm_eap_ttls module and how to
install it
Grab the latstes CVS snapshot. Have you tried that?
Have u dot an idea how to mix eap ttls and ldap authentication ???
You don't need to do anything special.
Alan
=?iso-8859-1?Q?Andr=E9s_de_Barros?= [EMAIL PROTECTED] wrote:
I need do connections with predetermined times, ex, one hours.
It is possible with radius.
Yes.
Have some examples.
Read 'radiusd.conf'. Look for the counter' module.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
can
be used to generate certificates.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Bart Van Daal [EMAIL PROTECTED] wrote:
is this a problem with hunt-groups or
with all other check items in the
mysql radgroupcheck table?
It's a problem just with huntgroups. See the list archives for a
description of the problem, and the solution.
Alan DeKok.
-
List info/subscribe
Rick Whitley [EMAIL PROTECTED] wrote:
I am running freeradius snapshot 20030922. I need to get pap working
with ldap. How do I set the password attribute for pap? Where do I look
in the docs to provide this info?
doc/rlm_ldap should be a place to start.
users:
DEFAULT Auth-Type
automatically.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to use PAP to solve a problem you don't understand.
If you configure the LDAP module to pull a password out of an LDAP
database for a user, then almost all of the authentication methods in
the server will work AUTOMATICALLY.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
currently allows it to search in
the packet, config, or reply. Why not add proxy and prpxy_reply'
to that list?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the actual auth gets
done.
Don't use NAS-IP-Address. It can lie. Use Client-IP-Address.
In case you are wondering, the other radius server is a
SecureID ACE server. I want to use a FreeRadius server as
a frontend for better control and accounting.
g Of course.
Alan DeKok.
-
List info
then does NOT authenticate the
user, and the user does NOT bind to the LDAP server.
Stop trying to work around CHAP. You can't. IT was designed to
require a plain-text password.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
You've got to set it up in post-auth so that the first pool is
always used, and if it fail, then use the second pool.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
=?ISO-8859-1?B?Um9kcmlnbyBBLiBTaW31ZXM=?= [EMAIL PROTECTED] wrote:
The 2 pool's will use the same DB files?
Never. They need seperate databases.
- I need to specify only 1 pool name on radgroupcheck?
Hmm.. you may have to specify both. I'm not sure.
ALan DeKok.
-
List info
. Read 'radiusd.conf'
However, the server has to have additional things configured to use
TLS or TTLS. Therefore they are not enabled by default.
Once TLS TTLS are configured by the admin, any client which
requests them can use them.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
.
in attach there's a patch to solve the problem
Applied, thanks.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, and the client should be
connected for long periods of time.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
at hundreds of requests per second, when
logging to SQL. If you're not using SQL, that may go up even more.
What is the limit of a freeRadius server for accounting voip calls etc..
CPU and memory. The server can record as many simultaneous calls as
you can store in a database.
Alan DeKok
Samuel Hill [EMAIL PROTECTED] wrote:
In the detail files the User-Name shows up as the entire non stripped
user name. I need the User-Name field to show up as the
Stripped-User-Name instead.
How can this be done?
Read sql.conf.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
Anson Rinesmith [EMAIL PROTECTED] wrote:
to my proxy.conf file. It still tries to authenticate locally. I was told
not to put anything in my realms file.
What am I missing?
Read the output of radiusd -X. It will tell you WHY it is, or is
not, proxying.
Alan DeKok.
-
List info
, and rename Stripped-User-Name to User-Name.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
as
pam_smb. Use the latest CVS snapshot, instead.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Bart Van Daal [EMAIL PROTECTED] wrote:
just a small question:
Do I need to configure anything special to proxy to an Ipass netserver?
Read 'radiusd.conf'. Look for the word IPASS
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
for attr_filter to include a pre-proxy
section.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
colud find some example or configuration help
about this. What kind of atributes may I use to do this ??
I would suggest asking Checkpoint.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-auth stage).
No. Absolutely not.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
module. It should do that,
though...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
' for instructions on patch format.
Your mailer re-formatted the whitespace in the patch, making it
useless.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
suggest emailing the
authors of that draft, and asking them about it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
about this capability in the docs nor
scripts.
Read raddb/clients.conf, there's an example of using CIDR notation
for clients.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
module which may
have broken PEAP. If you can do CVS, try grabbing the 1.19 version of
src/modules/rlm_eap/types/rlm_eap_tls/eap_tls.c, and re-building that
module. It may work then.
If that's the problem, we hope to have it fixed in a day or so.
Alan DeKok.
-
List info/subscribe
[EMAIL PROTECTED] wrote:
Thanks for the help! Should I grab the whole snapshot or just rlm_smb?
Grab rlm_smb. It should still build under 0.9.3.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Leonard Childers [EMAIL PROTECTED] wrote:
Tue Dec 2 13:14:23 2003 : Auth: rlm_unix: Attribute User-Password is required for
authentication. Cannot use CHAP-Password.
...
Here is the debug file. I know it has to be something simple that I am
overlooking.
The FAQ. Go read it.
Alan
radwho uses.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
it dictionary.university_of_bristol on the basis
that the official IANA vendor code calls it this? I'll also be updating
my documentation to include FreeRADIUS info, as well as spit IAS.
It's dictionary.bristol now. I can change it, but I don't see it
a huge reason to do so. (i.e. I'm lazy...)
Alan DeKok.
-
List info
1 - 100 of 2612 matches
Mail list logo