Wow! No hassles! or Dr. Appointments

using SQL with both dynamic user entries and static DEFAULTs

, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Foundry command authorization help

, foundry-command-exception-flag = 0 This is with a FastIron 1500 running 07.6.03hT51. Good luck, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Status...

Hi, That's what I thought, but the Freeradius web site says this: It currently only supports Microsoft's MS-CHAPv2 version of tunneled EAP authentication, so Cisco clients will most likely not work. Dave Alan DeKok wrote: Here's another question, while I'm here. I believe the current PEAP

Re: Status...

the current PEAP module only supports MsChapv2, but I'll need to use it with my own EAP type. Will that be possible? If that won't work out of the box, what will be involved in making it work? Regards, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: using EAP with rlm_sql

on the EAP type, but I suspect that may not be possible. As long as we only use SIM that won't be necessary. Thanks, Dave Alan DeKok wrote: Dave Mason [EMAIL PROTECTED] wrote: For an EAP authentication, the authorize block modcall calls eap_authorize, which returns updated. However, rlm_sql runs

using EAP with rlm_sql

, the authorize block modcall calls eap_authorize, which returns updated. However, rlm_sql runs and searches the database for the EAP user, which isnt there. Everything works, but the database hit is unnecessary. Is there something I can do to prevent that? Regards, Dave Here is the full log from

Accounting and Realms

list of all realms that will be accepted by the other provider so I am unable to put all possible realms in proxy.conf. Thanks in advance for your replies, Dave. My radiusd.conf looks like this: prefix = /usr/local exec_prefix = ${prefix} sysconfdir = ${prefix}/etc localstatedir = ${prefix}/var

Re: Accounting and Realms

Hello All, I'm having a little trouble with FreeRadius 0.9.2 and realms and I'm looking for a little help from the list. I have since got the accounting proxying working, I had managed to miss the acct_users file... Doh! Cheers, Dave. -- Dave Hickey [EMAIL PROTECTED] Esat BT

Re: Accounting and Realms

=~ @*.olie1, Proxy-To-Realm := bt-radius to the acct_users file in the raddb directory. Hope that helps, Dave. -- Dave Hickey [EMAIL PROTECTED] Esat BT IP NOCwww.esatbt.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

dictionary.foundry and rlm_passwd

seems to match what's on their website: http://www.foundrynet.com/services/documentation/security/Security.html#33261 Also, why is rlm_passwd not built by default? It seems to be working well for me. Thanks, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

EAP with XP supplicant

involved, or some session-specific bit of randomness even when authenticated with the same cert?) Or do I really need to generate each users own certificate? Thanks, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: How is PEAP going?

. Hopefully the Microsoft and Cisco versions arent mutually exclusive. If they are, it would be good if the PEAP module could support both, and you could the one you want through configuration. I know there are commercial RADIUS servers that say they support PEAP - I wonder what they do... Dave Alan

How is PEAP going?

- December? March? I understand that TTLS is in the CVS head, so maybe some common code is done? Regards, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: how to access authorization database from a different RLM than rlm_sql

Thanks to you and Alan for the tips. I'll check the latest CVS. Hopefully there is something in the doc directory or sql.conf comments about the new behavior? In any case I can study the code. Sorry about the HTML earlier, I forgot to turn it off. Dave Nicolas Baradakis wrote: Dave Mason

Re: how to access authorization database from a different RLM than rlm_sql

your help with this, Dave Alan DeKok wrote: Dave Mason [EMAIL PROTECTED] wrote: This may seem a bit unusual, but I find myself in a situation where I need to update the SQL authorization database from a different RLM module than rlm_sql. That is, in my new RLM I'll want to update the

how to access authorization database from a different RLM than rlm_sql

pointers here would be helpful. Finally, if I can't reuse the rlm_sql socket, I'll need to clean up the one I created, which should not be a problem - I'll just add the close in my rlm_detach. Regards, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

module failure with multiple accounting methods

? If not, should my accounting method return RLM_MODULE_NOOP or some other code in the failure case? I looked at rlm_detail..c and it returns RLM_MODULE_FAIL in its failure cases. I thought we should send Accounting-Response if any succeed, so the remaining Accounting-Requests will be sent. Dave

Re: how to send EAP-Message [Re: LEAP authentication fails]

(or whatever value you want) to the attribute list. The state attribute is described in RFC 2865, and EAP-Message and Message-Authenticator are in RFC 2869. Good luck, Dave claufer writes: Hey Dave, thanks a lot! nice thing... worked fine for me so far . There=B4s tool called ntradpad(winnt), you

how to send EAP-Message [Re: LEAP authentication fails]

it configurable in radiusd.conf. Dave claufer writes: Hello, thanks for the quick response alan! I=B4m sorry! you=B4re right, maybe sometimes i need someone else to open = my=20 blind eyes . I guess there is no testing tool where i can send a eap message with, or=20 is there? regards, cl Alan DeKok

Doco update, FAQ 4.14 - mysql_rlm error.

ion are WITH_MYSQL_VER=40, and WITH_MYSQL_VER=41. This was for verion freeradius 0.8.1. thanks, Dave Seddon

Another noob who can't compile on OS X

I could provide to make assistance easier, would be gratefully appreciated. -- Dave Pooser Manager of Information Services Alford Media http://www.alfordmedia.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Another noob who can't compile on OS X

, but not impossible. Well, I'm a network admin and not a particularly experienced *NIX sysadmin, so annoying for you may be impossible for me-- but I'm willing to keep plugging away if anyone more knowledgeable than I (a description fitting most of this list, I imagine) has any suggestions. -- Dave Pooser

Cisco 1200 - radius authetication?

to process requests. Sorry again for such ignorance. All I want to see is an attempted connection and then I can figure out the EAP/LEAP stuff later. Thanks! Dave Please note: Emails authored under this address do not reflect the opinions of my employer unless otherwise stated. - List info

Error starting

updated to binutils-2.14 and then re-compiled and all was well. Dave Gibelli - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Freeradius EAP roadmap [Re: A question about implementing PEAP]

the next release? I prefer to do my work on top of a released version, since it will need to go to our customers. Regards, Dave Alan DeKok wrote: pankaj Goel [EMAIL PROTECTED] wrote: I configured rlm_eap-peap module and used the code from eap-tls module to get till the first phase of peap

Re: Freeradius EAP roadmap

there. Otherwise I'll wait and see what happens. Regards, Dave Alan DeKok wrote: Dave Mason [EMAIL PROTECTED] wrote: This leads me to a quick question about where we are for EAP and where we're going. I still have an item on my Todo list to fix rlm_eap and the submodules to use RLM return codes

Error starting

Hi I get sparc20:~/freeradius-0.9.0# /usr/local/sbin/radiusd -Xradiusd: Cannot findELF

Killedsparc20:~/freeradius-0.9.0# The 3 squares are smiley faces! What is ELF? This is on Solaris8 with gcc 3.3 Dave

Freeradius - MySQL

to freeradius in order to write this informations into the accounting table? The rest of the infos get into it, example: SessionTime, CallerID etc... Thanks a Lot, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

questions about v0.9 updates

:= System. Is the fix to drop the : or am I missing something? In v0.8.1 I comment this out and use a line like this: DEFAULT Auth-Type := EAP * Include strong PRNG By any chance would this implement the FIPS186-2 algorithm 1? If not, what is it? Regards, Dave - List info/subscribe

Re: compile problems with freeradius-0.9.0-pre-1

/freeradius/freeradius-0.9.0-pre1/src' gmake[1]: *** [common] Error 1 gmake[1]: Leaving directory `/home/dmason/freeradius/freeradius-0.9.0-pre1' make: *** [all] Error 2 The static and dynamic targets in rules.mak refer to $(top_builddir) which must not be getting set. Dave Mathew Schumacher wrote

Re: Missing nas-strvalue in add_nas_attr, bad EAP request ID

there. Is that expected? I checked the .libs directories for the subtypes and the .a libraries there look good. Functions in rlm_eap such as eap_authenticate are linked into radiusd. Regards, Dave PS: While I'm here, it looks like I still won't get to that RLM_MODULE fix for EAP for a while. I still

Re: Missing nas-strvalue in add_nas_attr, bad EAP request ID

I just grabbed the June 26 CVS and eap.c looks like the original unpatched version. Dave Alan DeKok wrote: Dave Mason [EMAIL PROTECTED] wrote: That worked like a champ. Here's my new code, with the old code commented out. From eap.c: ... I've added that patch

can't read socket when running as a daemon

the forking in radiusd but the runs it in the background. Any ideas? On another note, thanks everybody for the help with partial realms. Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Red Hat Linux RPM

Hi, I just noticed the redhat directory and the spec file inside. What's a spec file? I checked the FAQ and doc directory but didnt see anything. I'm guessing it's input to some other tool which could be useful in a production environment? Dave Oliver Graf wrote: On Mon, Jun 23, 2003 at 01

how to use a wildcard in realm in proxy.conf

the usual wildcard characters but they didnt work, and I also tried naming the realm with only a leading dot, .owlan.org. Any ideas? Regards, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: how to use a wildcard in realm in proxy.conf

I searched for several forms of realm wildcard and only found my own post. Dave Oliver Graf wrote: On Tue, Jun 24, 2003 at 09:35:22AM -0500, Dave Mason wrote: I might have missed an answer to this so I'll try a repost. This is a simple config question I couldnt find the answer to. I need

static build problem in rlm_eap

it be STATIC_OBJS += $(shell ls -1 types/rlm_eap_md5/rlm_eap_md5.a types/rlm_eap_leap/rlm_eap_leap.a 2/dev/null) Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

can't turn off SNMP

build the server and move it to the other machine, it cant run there because libltdl.so.0 is missing. When I built the server on the machine without SNMP, I never saw that error. Any ideas? Regards, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: can't turn off SNMP

Woops - As you might guess libltdl is a different problem. My build machine seems to have a different version installed, libltdl.so.3. If configure would use libltdl.so I'd be OK - is that an option? Dave Dave Mason wrote: Hi, This is related to some similar SNMP questions that appeared

how to use a wildcard in realm in proxy.conf

also tried naming the realm with only a leading dot, .owlan.org. Any ideas? Regards, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

MySQL: Unknown attribute SQL-User-Name

): sql_set_user escaped user -- 'sqlusr3' Unknown attribute SQL-User-Name modcall[authorize]: module sql returns fail Anyone could tell me why I not seeing a SQL Query on the screen? Instead I get Unknow attribute SQL-User- Name Thanks, Dave - List info/subscribe/unsubscribe? See http

Re: how to deny access based on realm

realms, but I guess that behavior can be configured whichever way makes life easier for the operators. Are there any guidelines I should be aware of for how or whether to use proxy.conf for local realms? Dave Chris Parker wrote: At 01:51 PM 6/13/2003 -0500, Dave Mason wrote: Hi, I checked the FAQ

Re: Upcomming FreeRadius 0.9 release

also need to change the other sub-modules. That is, they probably dont get magically updated to fit somehow. :) I've never submitted a patch before, but the process looks straight-forward. Dave Alan DeKok wrote: Dave Mason [EMAIL PROTECTED] wrote: I'm working on a new EAP type. I did

how to deny access based on realm

, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Upcomming FreeRadius 0.9 release

this error: radiusd.conf: "eap" modules aren't allowed in 'post-proxy' sections -- they have no such method. Once I commented that out, it ran fine. Dave PS: In another thread I mentioned to Alan that I need to be able to return RLM_MODULE_HANDLED from rlm_eap in some cases. The v0.8.1 versi

Re: how to use different accounting modules for different realms

{ detail2 } unix radutmp } --- Dave Franklin Trumpy wrote: On Mon, 9 Jun 2003, Dave Mason wrote: I need to process accounting data with different modules based on the realm in the User-Name. If I recall correctly, the CVS head includes support

how to use different accounting modules for different realms

else, etc. If it's possible I'm sure it's a configuration issue - any advice will help. Regards, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dropping an EAP packet

(the RLM_MODULE codes) but the other code is preserved that way. From your last response I suspect you would rather use the sane approach, but I thought I'd double check because I want to stay compatible with later Freeradius versions. Dave AlanDeKok wrote: Dave Mason [EMAIL PROTECTED] wrote: This may

dropping an EAP packet

require me to modify eaptype_select, eaptype_call, etc. to return a new value (EAP-NOOP?). RLM_MODULE_HANDLED appears to be the only return code that does nothing; that is, doesnt send Access-Reject. Regards, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list

help with WEP keys

because encoding will be done by tunnel_pwencode. What's going on there? Is that only for passwords or can other attributes use it too? Regards, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Missing nas-strvalue in add_nas_attr, bad EAP request ID

+state-length, request-packet-src_ipaddr, sizeof(request-packet-src_ipaddr)); return id; } Thanks, Dave Alan DeKok wrote: Dave Mason [EMAIL PROTECTED] wrote: This is an old post from January. At the time you agreed it was a bug and updated the CVS, but today I had a fresh look

Re: two thread management questions

This is a multi-part message in MIME format. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

two thread management questions

, not others that are also linked in. In general, I guess I'm asking how to merge in new code that uses threads, while using only one thread for freeradius services. Regards, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

EAP-Message dictionary entry [Re: 802.1X tunnel attributes and VLANsettings]

Hi, On a related note, should the entry for EAP-Message in the dictionary file have type octets? It is currently string, so it assumes everything is ASCII. I had to change this to octets so the server would interpret my EAP attributes correctly. Let me know if this is wrong. Dave Alan

Re: thread safety, conditional proxy

Hi Allen, responses below... Alan DeKok wrote: Dave Mason [EMAIL PROTECTED] wrote: 1) I am adding a new EAP type to freeradius v0.8.1. It will need to interact with a backend and wait for replies, so I would like each authentication session to run in its own thread. Why do you care

thread safety, conditional proxy

to a pre-proxy function. Can this be used to do what I described? If not, is there a way? Regards, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: How to implement Class and Vendor-Specific attributes, accountingquestion

handler there)? Or does it do something else? The Accounting-Request will have a Class or Vendor-Specific attribute, but probably not EAP, so I'm still not sure where to put my handler. Regards, Dave Alan DeKok wrote: Dave Mason [EMAIL PROTECTED] wrote: 1) As I mentioned in a previous question

Re: How to implement Class and Vendor-Specific attributes, accountingquestion

to grab some data and stick it in the accounting record before it's recorded. What do you think? Thanks, Dave Dave Mason wrote: Hi Alan, Those examples should do the trick, except I have one follow-up question. Accounting messages come through after a client is authenticated. Since the EAP

How to add new configuration attributes

{ newAttribute = someValue } } Regards, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

How to implement Class and Vendor-Specific attributes, accounting question

Class or Vendor-Specific attributes) I'll need to parse it and send it to a backend system, but I'm not sure where to put that code. Thanks for any help you might have, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: How to add new configuration attributes

, I can study EAP-TLS to see how that works. Thanks, Dave Alan DeKok wrote: Dave Mason [EMAIL PROTECTED] wrote: I have two questions about adding new attributes to configuration data. 1) I would like to be able to add my own attributes to the realm entries in clients.conf and proxy.conf

Cisco AvPairs and MySQL (and VRF)

before any interface commands. thanks, Dave Seddon - Would you like to receive faxes to your personal email address? You can with mBox. Visit http://www.mbox.com.au/fax - List info/subscribe/unsubscribe? See http

Re: DSL Accouting?

Greetings, Yeah IP accouting is how I do it now. I use a FreeBSD bridge box, so nobody can even see it. Works well, however it makes billing on-net traffic difficult if you aren't billing the PPP sessions. thanks, Dave - Original Message - From: Simon White [EMAIL PROTECTED] Date

Re: Missing nas-strvalue in add_nas_attr, bad EAP request ID

Hi - any thoughts on this? I'm curious if there's a bug here or if everything is as intended. Regards, Dave Dave Mason wrote: Hi, I'm working on a new EAP type, and using the supplied radclient for testing. I didnt add a NAS-IP-Address attribute to the Access Request (and radclient doesnt

Re: DSL Accouting?

thoughts on whether it should be a seperate module or a modification to the proxy code? A module. Cool. It looks like I can just copy the rlm_detail module. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html thanks, Dave Seddon

Re: DSL Accouting?

would appreciate a holler There are lots of billing system and other programs to graph standard dialup radius accounting. I'm currently thinking a module could recieve an 'alive' and generate a start and a stop, with the difference between two 'alives' calculated. thanks, Dave Seddon

Re: DSL Accouting?

? thanks, Dave On Sun, 26 Jan 2003 04:16 am, Dave Seddon wrote: Greetings, Still wondering how to convert DSL interum updates to standard dail-up type radius accounting. I've done some digging through the source code, and have decided that perhaps I need to create a module, perhaps

Re: DSL Accouting?

(on a cisco). dave - NEW to mBox, receive faxes to any email address! Find out more http://www.mbox.com.au/fax - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: DSL Accouting?

break RFC and allow it to modify the 'alive' and create a 'start' and a 'stop'. Any thoughts on whether it should be a seperate module or a modification to the proxy code? thanks, Dave Seddon - Original Message - From: Dave Seddon [EMAIL PROTECTED] Date: Saturday, January 25, 2003 4:20

DSL Accouting?

, and usage graphs, etc, would all work fine. It would be very nice to build this functionality into Freeradius. -- Perhaps I should email the developers list about how to do this? thanks, Dave Seddon - Would you like to receive

Missing nas-strvalue in add_nas_attr, bad EAP request ID

and eap_regenerateid. This code is at the bottom of eap.c. These functions check the strvalue, not the lvalue as I would expect. For my case, the strvalue is all 0s, though the lvalue is set. They match up OK but only because they both have the default 0 value. Is either or both of those a problem? Dave

Re: Problems compiling

? Regards, Dave Simon White wrote: At 09:47 AM 12/5/2002 +, you wrote: Looks like you don't have the db libraries, or the configure script hasn't been told where to find them, or your db libraries are not compatible with those that freeradius needs. 05-Dec-02 at 07:24, [EMAIL PROTECTED

Re: Using MYSQL for accounting only

On Thu, 21 Nov 2002 08:41:08 -0800 Mike Denka [EMAIL PROTECTED] wrote: 1) anyone using mysql for accounting only - using another authentication and authorization? If so is the setup as simple as using the sql schema included with freeradius and just including sql in the accounting

Re: Using MYSQL for accounting only

Nope, we run both perfectly. I added the mysql config long after detail was running properly and had no problems caused by the additional accounting method. On Thu, 21 Nov 2002 12:09:58 -0500 Daniel Monjar [EMAIL PROTECTED] wrote: any problem running both accoutning methods (the detail file

Re: Using MYSQL for accounting only

have seen reference to dialup_admin being able to handle this as well. I've not yet had time to investigate dialup_admin though. I'm sure I've missed alot of the DB nuances, as I'm an SA, not a DBA. But it gets the job done. :) dave On Thu, 21 Nov 2002 10:13:39 -0800 Mike Denka [EMAIL

fail to load rlm_eap_md5 in freeRadius 0.8

find anything missing. Any ideas? Regards, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: fail to load rlm_eap_md5 in freeRadius 0.8

for a static link? Dave Dave Mason wrote: Hi, In my radiusd.conf, I turn on eap in the authorize and authenticate modules. My eap module looks like this (with comments left out): eap { default_eap_type = sim md5 { } sim { } } Other than that, it's the same as the original from

SO_RCVTIMEO proto not available?

it's waiting for a request. What can I do to troubleshoot this problem? Is it a problem with snmp or radius? How can I disable SNMP support for testing purposes to try and narrow down the possible problems? I've tried undefining the $INCLUDE in radiusd.conf to no avail. Thanks, Dave -- Dave

Re: implementing a new EAP type

releases. Thanks, Dave Alan DeKok [EMAIL PROTECTED] wrote: Dave Mason [EMAIL PROTECTED] wrote: I have a couple of questions about adding a new EAP module to freeRadius. I have version 0.7.1. *Please* don't add new code to 0.7.1. Use the latest CVS head, instead. Why? No one

how to use hex attribute values in radclient

with the same result. If I use back-quotes, the value is not taken at all. Is this a hook for some other processing? Thanks, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

implementing a new EAP type

that come with the distribution but I'm still a bit lost. Thanks for any help you may have, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: implementing a new EAP type

Thanks for the tip. I grabbed today's 11/14 CVS snapshot. Does anybody know aLinux Radius client that can send EAP messages? If not I'll look at the rlm_eapcode and see what I can do with radclient.c.DaveAlan DeKok [EMAIL PROTECTED] wrote: Dave Mason [EMAIL PROTECTED] wrote: I have

Re: Configuring without libltdl

the problem I was having there :-) The problem was that configure finds libltdl in its path, and utimately changes LIBLTDL to the local one (-lltdl). So by explicitly defining them and passing it to make it effectively forces make to compile/build the files in the libltdl directory. dave -- Dave

Re: Configuring without libltdl

are obviously *much* smarter than I am, because those tools like like a bunch of random crap to me...) Yeah, no doubt about the GNU people. You've been a great help too, thanks. Best, Dave -- Dave Wreski Corporate Manager Guardian Digital, Inc. (201) 934-9230

Re: Configuring without libltdl

in the directory you've specified, but rather, it's in ./libltdl/.libs/. dave -- Dave Wreski Corporate Manager Guardian Digital, Inc. (201) 934-9230Pioneering. Open Source. Security. [EMAIL PROTECTED]http://www.guardiandigital.com - List

Re: Configuring without libltdl

reason. Even once it's built, there is nothing in that file that explicitly specifies to look in ./libs/ for libltdl. Am I still misunderstanding something? Thanks, Dave -- Dave Wreski Corporate Manager Guardian Digital, Inc. (201) 934-9230Pioneering

Re: Configuring without libltdl

/freeradius-snapshot-20021108/libltdl/.libs/libltdl.a Alan, does this sound reasonable? ldd shows radiusd isn't linked against it, but shouldn't nm show 'ltdl' anywhere in it's output when run against radiusd? dave -- Dave Wreski Corporate Manager Guardian Digital, Inc

Re: Configuring without libltdl

. Do you have any further recommendations? IOW, it's not purely a linking problem, but 'configure' apparently finds libltdl in the LD_PATH and stops looking once it finds it, despite the options above that tell it not to. Thanks, Dave -- Dave Wreski Corporate Manager

system group access

Greetings I have downloaded FreeRadius 0.7.1 and am trying to use system group membership to grant access. I see that the users file contains an example of how to deny users who are a member of a particular group, but what I want to do is only permit users who are members of a particular group

Exec-Program-Wait Abnormal exit - 0.7/Snapshot

Hi All, Is Exec-Program-Wait still broken? I have tried 0.7 as well as Snapshot dated 09-04-2002 and while 0.7 continues to run after an Abnormal exit, the Snapshot build dies immediately...but when entering group authorize and apparently not getting to Exec-Program-Wait. Any ideas? -Dave

RE: Multiple RADIUS instances

Hi, I did this simply by compiling it twice, once with ./configure --prefix=/usr/local/radius1 once with ./configure --prefix=/usr/local/radius2 then everything (bin,config,logs) is in it's respective directory. Then I just have /etc/init.d/radius1, /etc/init.d/radius2 to start/stop them. Dave

md5 passwords in database

utter to authenticate against these hashes? Many thanks, Dave -- Dave Logan NO! Try not! Do. Or do not. -- Yoda - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: md5 passwords in database

() function lives? I haven't even started looking at the code yet because I thought surely this would already exist somewhere. Thanks for all the feedback though, it will help me at least look like I'm making progress (which I am, thanks to mattt). Dave -- Dave Logan NO! Try not! Do. Or do not. -- Yoda

0.5/0.6 Problems at authorize

nothing that stood out as odd... radisud is running supervised...but I wouldn't guess that should matter at alldoes it? Any help would be greatly appreciated. -Dave ## radius log ## Thu Jul 18 12:31:16 2002 : Auth: Login incorrect: [username/password] (from client nas1 port 1879 cli

Re: 0.6 SegFault in rlm_preprocess

radiusd -X output (gdb output below) [root@ns1 root]# /usr/local/sbin/radiusd.new -X -p 1645 Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/radius/clients.conf main: prefix = /usr/local main: localstatedir = /var main: logdir =

Re: 0.6 SegFault in rlm_preprocess

Uhh...I think I forgot something... What is the flag to compile radiusd with all modules built statically and no dependencies?? I think the problem is that the new radiusd is using the 0.5 rlm libsooops! -Dave radiusd -X output (gdb output below) [root@ns1 root]# /usr/local/sbin

Re: about ldap

using the suggested schemas, as they are better documented, and appear to be easier to work with than the Solaris Extensions. If you can use the documented schema, I believe all you will have to modify is the radius.conf file with your LDAP server information. Dave Vondracek CTO, IntNet [EMAIL

Really odd: rlm_unix failing on subsequent attempts

??...please??...;) -Dave /etc/raddb/user --Matched Entry-- username Auth-Type := System Idle-Timeout = 1800, Session-Timeout = 28800 # /usr/local/sbin/radiusd -A -f -X -y -z -p 1645 reread_config: reading radiusd.conf Config: including file: /etc/radius/proxy.conf Config

Re: ldap remoteuser auth problem

:= LDAP Thank you for your help! I've still got a couple problems getting PAP/CHAP to work at the same time, and getting the realm stripped. I haven't given up yet, but you might hear back from me shortly. Dave Vondracek CTO, IntNet [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http

  1   2   >