200.180.22.9 (the proxy).
The correct proxy.conf is:
$ cat proxy.conf | grep -v # $$$
proxy server {
synchronous = no
retry_delay = 5
retry_count = 3
dead_time = 120
servers_per_realm = 15
default_fallback = yes
}
realm
ok
looking at your radiusd.conf file, i wonder if you have to add a preacct
section with a suffix module in it in order to look up the realms.
otherwise it seems ok to me.
ciao
artur
I made a mistake editing that mail last night.
realm dimapel.com.br {
type= radius
Hi
Having this configured already in proxy.conf, why do I have to configure
the users file?
Realm DOMAIN {
Type = radius
authhost = LOCAL
accthost = LOCAL
Strip
}
Is this something standard in radius servers, I've worked with cistron
and icradius
Hi Alan
It worked, like this
I just changed proxy.conf to do this
Instead of
Realm DOMAIN {
Type= radius
Authhost = LOCAL
Accthost = LOCAL
strip
}
I did
Realm DOMAIN {
Type=radius
Authhost= localhost:1812
Accthost = localhost:1813
Mustafa N. deeb [EMAIL PROTECTED] wrote:
Having this configured already in proxy.conf, why do I have to configure
the users file?
Configure *what* in the 'users' file?
From what I saw from debug, the realm module recognizes the realm, but
when
The authorize module reaches sql, it adds
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: Wednesday, September 17, 2003 4:54 PM
To: [EMAIL PROTECTED]
Subject: Re: proxy.conf problem
Mustafa N. deeb [EMAIL PROTECTED] wrote:
So far I'm able to authenticate users with any problems, but if I use
[EMAIL PROTECTED] it doesn't
Mustafa N. deeb [EMAIL PROTECTED] wrote:
Below is the debug of 2 attempts, the first is successful and the other
is not
So compare the two, to see what the differences are.
You do realize that the two usernames test and [EMAIL PROTECTED] are
different, don't you? The 'users' file keys on
Hi
We have just migrated from Icradius
to FreeRadius using the MYSQL module
So far Im able to authenticate users with any
problems, but if I use [EMAIL PROTECTED] it doesnt
user is ok
[EMAIL PROTECTED] - LOCAL doesnt authenticate,
the data in proxy.conf looks like
Mustafa N. deeb [EMAIL PROTECTED] wrote:
So far I'm able to authenticate users with any problems, but if I use
[EMAIL PROTECTED] it doesn't
user is ok
[EMAIL PROTECTED]- LOCAL doesn't authenticate,
Have you tried running it in debugging mode, as suggested in the
FAQ, README's, and
Hello all,
I want to test and install freeradius on a new maschine parallel to our
dialin-service, which works with an old ascend radius version. The
runnung dialin-service runs without realms. My idea for testing and
configuration was the following:
proxy.conf
need to be able to have my servers be able to insert this as
well. He isn't running FreeRadius (I told him to eat his keyboard :) so
he's not sure how I can add this and neither am I.
I'm under the impression that I only have one place to add the hint into
the stream, that's in my proxy.conf. I'd
At 04:41 PM 7/10/2003, you wrote:
Thanks Chris-
I too found the marking in files.c, not proxy.c
and the ldflag spec in mainconfig.c
I believe fail_over was functional since FR 0.4
I have specified the ldflag = fail_over simply due to a script I have
which makes the proxy.conf file
Chris
Thank you, thank you, thank you.
Your one statement is what makes sense for this to work
max_request_time is important because if your retry_count * retry_delay
max_request_time then the request will be dropped before the fail-over can
take place.
Not sure where you read this or if
in the proxy.conf file
with each item pointing at a different Radius server which are running
Cistron. I have also specified the ldflag = fail_over for both line items.
This is the top of proxy.conf
# proxy.conf - proxy radius and realm configuration directives
proxy server {
synchronous
At 03:34 PM 7/10/2003, you wrote:
I am simply not successful in getting fail_over to work running FR 0.8.1
in proxy mode.
I thought the code was there to handle fail_over.
Look for a statement in proxy.c that read, marking authentication server
%s:%d for realm %s dead. Look for code in
Thanks Chris-
I too found the marking in files.c, not proxy.c
and the ldflag spec in mainconfig.c
I believe fail_over was functional since FR 0.4
I have specified the ldflag = fail_over simply due to a script I have which
makes the proxy.conf file and future use of round_robin.
I
Hi,
I might have missed an answer to this so I'll try a repost. This is a simple
config question I couldnt find the answer to. I need to add a realm entry in
proxy.conf that would match all realms that end in owlan.org. That is,
[EMAIL PROTECTED] would match for any xxx or yyy. I tried
On Tue, Jun 24, 2003 at 09:35:22AM -0500, Dave Mason wrote:
I might have missed an answer to this so I'll try a repost. This is a
simple config question I couldnt find the answer to. I need to add a realm
entry in proxy.conf that would match all realms that end in owlan.org
to add a realm
entry in proxy.conf that would match all realms that end in owlan.org.
That is, [EMAIL PROTECTED] would match for any xxx or yyy. I tried
the usual wildcard characters but they didnt work, and I also tried naming
the realm with only a leading dot, .owlan.org. Any ideas
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.mail-archive.com/[EMAIL PROTECTED]/msg13199.html
Also searching for partial realm should give you something to work with.
Kevin Bonner
On Tuesday 24 June 2003 16:32, Dave Mason wrote:
I searched for several forms of realm wildcard and
On Tue, Jun 24, 2003 at 03:32:06PM -0500, Dave Mason wrote:
I searched for several forms of realm wildcard and only found my own post.
The one on the list page works well:
Hi,
This is another simple config question I couldnt find the answer to. I
need to add a realm entry in proxy .conf that would match all realms
that end in owlan.org. That is, [EMAIL PROTECTED] would match
for any xxx or yyy. I tried the usual wildcard characters but they
didnt work, and I
Mark Gaither [EMAIL PROTECTED] wrote:
I'm having problems getting Radius to proxy LDAP authentications.
For starters, I have three classes of users:
...
3) my_partner - authenticate against a remote OpenLDAP server
There is no way to configure a 'remove' LDAP server in FreeRADIUS.
You can
and my_radius/bob to authorize
against the remote RADIUS server.
Here's an excerpt from my proxy.conf:
realm local {
type = radius
authhost = LOCAL
accthost = LOCAL
}
realm my_radius {
type = radius
authhost = radius.us.com:1812
accthost = radius.us.com:1813
secret = foo
}
realm my_partner
Hey all,
I do a lot of proxy for realms to remote radius servers, and several of the
realms have the same proxy information with just a different realm name.
Currently I have proxy.conf setup as follows:
realm realm1.com {
type= radius
authhost= 1.2.3.4:1645
Darren Nay [EMAIL PROTECTED] wrote:
I do a lot of proxy for realms to remote radius servers, and several of the
realms have the same proxy information with just a different realm name.
...
Which is fine, except that I have to have a new entry in proxy.conf for
every single realm. Hence
At 01:40 PM 1/23/2003 -0700, you wrote:
Hey all,
I do a lot of proxy for realms to remote radius servers, and several of the
realms have the same proxy information with just a different realm name.
Currently I have proxy.conf setup as follows:
realm realm1.com {
type= radius
Specify all realms that do not use IP 1.2.3.4 as normal, than use a
DEFAULT
realm for the rest. Read /path/to/src/radiusd/raddb/proxy.conf for more
details.
Ahh.. Good idea. I hadn't thought of that. Thanks !
Darren
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
Hi all,
I have installed FR 0.8 release. It's worked good, but
I found THIS FILE IS DEPRECATED. . header in the
0.8's 'realms' file, so I tried to move my
domain1LOCAL
domain2LOCAL
realms to the 'proxy.conf', as described:
realm domain1 {
type= radius
If you mean, for example, to have an entry in proxy.conf as realm
somerealm match to somerealm and SOMEREALM then do the following...
In r1.67 of files.c, change the line:
if (strcmp(cl-realm, realm) == 0) {
to:
if (strcasecmp(cl-realm, realm) == 0) {'
That should force FR to accomplish
At 10:41 AM 8/22/2002 -0400, you wrote:
Chris Brotsos [EMAIL PROTECTED] wrote:
If you mean, for example, to have an entry in proxy.conf as realm
somerealm match to somerealm and SOMEREALM then do the following...
In r1.67 of files.c, change the line:
...
This is probably a good idea
,
including those with no realm, to the remote server.
With FreeRADIUS 0.5 running on an Intel /FreeBSD box, I can also do this
when I use realms. But I want to use proxy.conf instead. However, when I
set up the realms in proxy.conf, all authentication via proxy RADIUS fails
because apparently
Angus Stewart [EMAIL PROTECTED] wrote:
In searching the list, I see that this was a reported problem for v0.3 and that
there is a patch... so, after taking a look at v0.4 I decided to implement the
patch on 0.3 (still not ready to make the switch to 4 -- sorry).
And - still didn't work.
Hi all,
I recently configured a freeradius 0.3 realm in the proxy.conf file that used
different IP addresses for authentication and accounting.
It didn't work. -- the authentication IP address was used for both
authentication and accounting.
In searching the list, I see
34 matches
Mail list logo