On Fri, 2002-11-01 at 19:13, Zack W Kneisley wrote:
> Slightly OT, Mike,
> Does inserting the correct records in your db completely setup the users
> mailbox on the mail server, or is their another process required?
I wish. The _only_ other procedure necessary to create an account is to
make an I
On Fri, 2002-11-01 at 17:10, Zack W Kneisley wrote:
> Actually, I currently have a mail server setup on a MySQL backend for
> authentication and several other applications can use a MySQL backend
> for many functions, including ISP billing, and even DNS server I have
> seen that can get it's record
I did some hunting through the archives for using multiple conditions in
the radcheck/radgroupcheck tables and what I found seemed to indicate
that it isn't possible. Is this the case?
A side question. If the above won't work, are 'Group' attribute checks
performed against the sql db when they'r
I'm running FreeRadius 0.5 (actually cvs on 03/16/2002) on Solaris/SPARC
and I'm having a strange accounting issue.
Facts:
* I'm running FreeRADIUS CVS 03/16/2002 (v0.5) compiled with GCC
* I'm running Solaris 7/SPARC
* I'm using PAM for auth
* I'm logging accounting data to detail files
based L4 switch with LVS. I wonder if I'll run into the same
problem with it.
What OS is doing NAT for you?
Cheers,
Mike
--
Mike Cathey - http://www.mikecathey.com/
Network Administrator
RTC Internet - http://www.catt.com/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Chris,
Chris Parker wrote:
> At 12:17 PM 3/21/2002 -0500, Mike Cathey wrote:
>
>> Chris,
>>
>> The qmail-ldap (<http://www.nrg4u.com>) code (actually IIRC it's the
>> auth code) supports 2 menthods of LDAP auth. One method attempts to
>> bind
as a
privileged user (one who has access to all user attributes), crypt what
the client handed you and compare it to userPassword.
I may be possible to implement the second method in FreeRADIUS and use
it for LDAP/CHAP auth. Comments?
Cheers,
Mike
--
Mike Cathey - http://www.mikecathey.com/
Network Administrator
RTC Internet - http://www.catt.com/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
J. S. Townsley wrote:
> I noticed this started happening on my servers as well. Started with one
> of the CVS versions between .4 and .5.
>
> I have never used NASLIST file though, I was under the impression that was
> login/ip information for concurrency features.
>
> --JST
I was under
c98a2ae
> Nothing to do. Sleeping until we see a request.
>
> If there's anything else that would be handy in debuging, let me know and
> I'll grab it! :)
>
> Vincent Giovannone
> Network Infrastructure Group
> Information Services Division
> Rush - Presbyteri
world was good.
I'm getting a lot of those UKNOWN client errors with bogus IP's. I have
an access list blocking access to the radius daemon from anywhere but
the RASs. What's going on there? Alan?
Cheers,
Mike
--
Mike Cathey - http://www.mikecathey.com/
Network Administrator
RTC Internet - http://www.catt.com/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok wrote:
> Maybe DNS is slow? Maybe your LDAP server is slow?
>
> Alan DeKok.
>
What are you indexing in your directory?
--
Mike Cathey - http://www.mikecathey.com/
Network Administrator
RTC Internet - http://www.catt.com/
-
List info/subscribe/unsubscri
stops but does not restart. In the log file, there
>>is anything but "Info: MASTER: exit".
>>
>>Have anybody already had this experience ?
>>
>>I use 0.4-snapshot20020215 with rlm_mysql_module
Cheers,
Mike
--
Mike Cathey - http://www.mikecathey.com/
Network
Michael,
Michael S. McCollough wrote:
> Ipchains is not running. It is opened up. I am going to try the upgrade to
> 0.5. If this doesn't work, then I really hate to pose the question to this
> list, but is there a well tested and reliable radius server that works with
> linux/openldap? I get the
it back allows it to work
Update your dictionary file. The new one (in raddb/dictionary in the
source) fixed it for me.
Cheers,
Mike
--
Mike Cathey - http://www.mikecathey.com/
Network Administrator
RTC Internet - http://www.catt.com/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
modcall[authenticate]: module "pam" returns ok
modcall: group authenticate returns ok
modcall: entering group session
Segmentation Fault
SNIP
Suggestions?
More info?
Solaris/SPARC; gcc 2.95.2
Thanks,
Mike
--
Mike Cathey - http://www.mikecathey.com/
Network Administrator
RTC Internet - http://www.catt.com/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cheers,
Mike
--
Mike Cathey - http://www.mikecathey.com/
Network Administrator
RTC Internet - http://www.catt.com/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
That's hilarious! I'll have to check this one out some more... :)
>Those who are unwilling to learn from their mistakes are
> doomed to repeat them.
Paraphrase of George Santayana (sp?) Life of Reason vol. 1?
"Those who can not remember the past are condemned to repeat it.&qu
Saad wrote:
> Since this discussion has started . I would like to know how stable is
> radius in accouting with sql ,especially in oracle? any observations?
I'd love to see some account usage report queries/scripts too if
possible... :)
--
Mike Cathey - http://www.mikecathey.c
ot that I'm aware of.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
--
Mike Cathey - http://www.mikecathey.com/
Network Administrator
RTC Internet - http://www.catt.com/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan,
Thanks, I appreciate the heads up. Is it possible that my problem on
the solaris box was the same then?
I'll leave you alone so you can have more time to work on it then. =)
Have a great day!
Sincerely,
Mike
--
Mike Cathey - http://www.mikecathey.com/
Network Administrato
I had a problem on the other box (linux/dual-i686) that I installed
FreeRADIUS 0.4 on yesterday. It died with this in the log (after
running for ~19 hours):
SNIP
Wed Mar 6 19:16:03 2002 : Error: CHILD: exit on signal (11)
Wed Mar 6 19:22:57 2002 : Info: Starting - reading configurati
I upgraded to FreeRADIUS this morning ~0300 EST. It appeared to auth
users perfectly fine until ~1154 EST, at which point it just stopped
authenticating users.
I restarted radius and everything started back fine.
After looking through (/var/log/)messages the system ran out of swap
space at ~
cranky?
George wrote:
> Can anyone help me with a cranky max 6000?
>
> Thx
> George
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Filter-List redirect for that user (you will have to use a fall-through
if you use DEFAULT for everyone else)...
David Bronson wrote:
> Hello All,
>
> I would like to have all dialup customers proxied through our squid box at
> 10.0.10.1. I have set a static ip for one user to test but I am h
Homero,
You can specify Framed-Filter-Id and other such attributes. I believe
that most NASs support port redirects in filters. Allow me to provide
another possible (less expensive?) solution.
Here is what I was planning to do for content filtered users.
Check out squid-guard.org.
Your cisco 2
Michael,
You might be able to use nsswitch/pam to do the job. I'm not sure if
there is an auth_mysql module for pam, but I know you can tell it what
order in which to use the auth mechanisms that it has. For example:
SNIP start /etc/nsswitch.conf
passwd:
ldap files
shadow:
ldap file
John/Dan,
Here is what I'm using in production with a snapshot of Cistron from
April (I think). Remeber that you want to put the least expensive (CPU
wise) checks first that are most likely to get rejected. It should work
with FreeRadius (you might have to use ":=" in the check line instead o
Donovan,
I use radiusreport to generate usage from the beginning of the month to
a specific day (eg. hrs-20010901-20010926). I wrote a perl script to
output a CSV ("username","4.5" where 4.5 is hours) file with users
usage. It should be fairly easy to have a script run via cron job that
woul
ut testing it first.
Cheers,
Mike
[EMAIL PROTECTED] wrote:
> Mike Cathey <[EMAIL PROTECTED]> wrote:
>
>>Does it check only the primary group
>>or will it look for secondary groups?
>>
>
> Try it and see.
>
> Personally, I think it checks any group me
Does it check only the primary group
or will it look for secondary groups?
For example:
/etc/passwd
username:*:1000:100:.
/etc/group
badusers:100:
coolpeople:101:...:username
Could you use 'Group == coolpeople' as a Check attribute?
Thanks,
Mike
[EMAIL PROTECTED] wrote:
> "Musta
I did some reading in the docs a while back about setting up user groups
for controlling where users would be authenticated via password and via
unix group:
DEFAULT Auth := System, Group := DSL
I'm setting up an 800 number for some of our customers to use. The
Called-Station-ID will
process is up and if
> not then run radiusd just that.
>
> another idea?
>
> thanks any way
>
>
>
> -Mensaje original-
> De: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]En nombre de Mike Cathey
> Enviado el: Martes, 24 de Julio de 2001 06:48 p.m.
> Para: Freeradi
For the first prob:
Do you have aliased/multiple interfaces on this box?
If so, you might need the -i option (at least that's what it is with
cistron). I believe this is in the FAQ...
I have no idea on the second problem. Is a cron job sending it a sig or
something?
Cheers,
Mike
On Tue, 24
33 matches
Mail list logo