Re: rlm_perl & Auth-Type

2004-02-16 Thread Mike Groeneweg
Humberto, I tried making your suggested config changes, but still no luck. FYI, I've changed the 'DEFAULT Auth-Type' in the users file to 'perl_1' and copied the syntax for your authenticate section - but still no luck. When I add another module, to the 'common' (or is it System ?) list of authe

rlm_perl authorize

2004-02-16 Thread loz
Hi All, I'm trying to authorize a user by using the rlm_perl module only. I.e., I only want the perl script to control the authorization. In radiusd.conf I have set: proxy_requests = no and in the authorize part the "files" statement is commented (otherwise freeradius will look at the file 'u

postgresql 7.4 problem with timestamp

2004-02-16 Thread ROY
hi, i'm using peter nixon's cisco h323 billing scripts with postgresql. i've installed postgresql 7.4, but there seems to be a problem with data types specially with "timestamp with time zone". anybody made a work-around with this? here's a snip from my debug: <> Tue Feb 17 14:48:20 2004 : Erro

remove me

2004-02-16 Thread goodmood
remove - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re:Sql Module doesn't load

2004-02-16 Thread albert
Title: 郵件 >Hello, freeradius-users, > > Following the doc in radius,I have change the file radiusd.conf in /usr/local/etc/raddb/ > >In  Radiusd.conf:> $INCLUDE  ${confdir}/mssql.conf > >  I also change mssql.conf.   If you want to use mysql database, you should modify your Radiusd.conf li

Freeradius and Attribute

2004-02-16 Thread Pilinho
Hi, I use freeradius 0.9.3 with Nomadix. It's all OK for authentication but I would configure an Accounting for my user. Where I can put this ATTRIBUTE for example Nomadix-Expiration o other (see dictionary)? Please help me. P.S.: Where I can find a tutorial or HowTo or this configuration? Tha

rlm_python

2004-02-16 Thread apellido jr., wilfredo p
hello im just trying to install rlm_python module using CVS last Feb 16, 2004 in Freebsd 4.8. As the docs stated ive compile it this way. diameter# ./configure --with-static-modules=python And i got this error: diameter# ./configure --with-static-modules=python loading cache ./config.cache check

suffix howto ?

2004-02-16 Thread Truong Manh Cuong
Hi all, How can I use and declare suffix of username: ex: [EMAIL PROTECTED] and [EMAIL PROTECTED]. I want to use both 2 service in the same radius server. I don’t know where to declare in config file. Please help me. Thanks, Manh Cuong.

Sql Module doesn't load

2004-02-16 Thread MaFai
Hello, freeradius-users, Following the doc in radius,I have change the file radiusd.conf in /usr/local/etc/raddb/ In Radiusd.conf: $INCLUDE ${confdir}/mssql.conf I also change mssql.conf. In mssql.conf: sql { # Database type # Current supported are: rlm_sql_mysql, rlm_sq

Re: Error Message

2004-02-16 Thread Kevin Bonner
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > "Mon Feb 16 19:56:52 2004 : Error: ERROR: Realm myrealm.com cannot be load > balanced to LOCAL" Read the comments in raddb/proxy.conf Kevin Bonner -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAMXqt/9i/ml3OBYMRAkGrAJ9v73z4

Error Message

2004-02-16 Thread SPROUSE Troy F
Hello everyone,   I received this message in the radius.log file today.  I am wondering if anyone else has seen this before and what the cure may be for it.  Any more information on this would be greatly appreciated.  It also killed the radiusd process right about the time I got this messag

huntgroups file configuration

2004-02-16 Thread Sifalakis, Manolis
Hello, I recently downloaded and installed the FreeRADIUS server, and I am currently in the process of having a look at the documentation for the configuration. There are a few questions I would like to ask those more experienced with the use of the huntgroups file. 1) First of all I cannot q

Do I have a config problem?

2004-02-16 Thread Chris Chapman
Hi folks. Freeradius is an incredible piece of software and it has performed very well for us. I am trying to implement wildcard realms and think I may have a config problem but maybe I've been staring at the same stuff for too long. If anyone can offer any advice please give me a yell. rad

Re: MD5 encoded password will not validate

2004-02-16 Thread Riccardo . Veraldi
I am very interested in htis topic too but have no idea how to help you :) Actualyl I am interested if this work with utherntication type EAP Rick Quoting Mike Lampson <[EMAIL PROTECTED]>: > Hello all, > > I tried to ask this question on Friday and didn't receive an answer, so let > me try to

Re: hostAP and freeRadius

2004-02-16 Thread Bojan Dusevic
Sorry about that!!! Find what you are looking for with the Lycos Yellow Pages http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp?SRC=lycos10 - List info/subscribe/unsubscribe? See http://www.freeradius.org/li

MD5 encoded password will not validate

2004-02-16 Thread Mike Lampson
Hello all, I tried to ask this question on Friday and didn't receive an answer, so let me try to explain it better. I am presently running FreeRADIUS using Unix crypt passwords. This works fine. However I need to add support for better (i.e. longer) passwords and would like to use MD5 encoded p

hostAP and freeRadius

2004-02-16 Thread Bojan Dusevic
Has anybody managed to get hostAP to work with freeRadius? I have a network that consists of 2 APs(Linux boxes running hostAP) For freeRadius, I followed Raymond McKay's HowTO and so far I got the certificates as well as the simple authentication test(given in the howto) working. I am currentl

hostAP and freeRadius

2004-02-16 Thread Bojan Dusevic
Has anybody managed to get hostAP to work with freeRadius? I have a network that consists of 2 APs(Linux boxes running hostAP) For freeRadius, I followed Raymond McKay's HowTO and so far I got the certificates as well as the simple authentication test(given in the howto) working. I am currentl

hostAP and freeRadius

2004-02-16 Thread Bojan Dusevic
Has anybody managed to get hostAP to work with freeRadius? I have a network that consists of 2 APs(Linux boxes running hostAP) For freeRadius, I followed Raymond McKay's HowTO and so far I got the certificates as well as the simple authentication test(given in the howto) working. I am currentl

hostAP and freeRadius

2004-02-16 Thread Bojan Dusevic
Has anybody managed to get hostAP to work with freeRadius? I have a network that consists of 2 APs(Linux boxes running hostAP) For freeRadius, I followed Raymond McKay's HowTO and so far I got the certificates as well as the simple authentication test(given in the howto) working. I am currentl

RE: Problem with remote LDAP

2004-02-16 Thread José Luis Solano
  Yees!!!   (I'm going to name you Sir. Lionel ! ;))) José Luis SolanoSGI - Soluciones Globales Internet S.A.Delegación Regional Sur[EMAIL PROTECTED](+34) 954.088.060

Re: Problems with EAP/TTLS+PAP and LDAP

2004-02-16 Thread Arne Brutschy
Alan DeKok wrote: > Why the heck are you doing packet sniffing when you could run the server in debugging mode to see what it's doing? I was running debug mode - but the setting use_tunneled_reply didn't change anything. After a day of debugging I realized that this was the most idiotic configu

RE: Problem with remote LDAP

2004-02-16 Thread Lionel Gavage
  does it work ?     LG. -Message d'origine-De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]De la part de José Luis SolanoEnvoyé : lundi 16 février 2004 19:55À : [EMAIL PROTECTED]Objet : Re: Problem with remote LDAP   Thanks again Lionel ;) !!!    

Fw: Problem with remote LDAP

2004-02-16 Thread José Luis Solano
    Thanks again Lionel ;) !!!       José Luis SolanoSGI - Soluciones Globales Internet S.A.Delegación Regional Sur[EMAIL PROTECTED](+34) 954.088.060 - Original Message - From: Lionel Gavage To: [EMAIL PROTECTED] Sent: Monday, February 16, 2004 7:38 PM

Re: Problem with remote LDAP

2004-02-16 Thread José Luis Solano
  Thanks again Lionel ;) !!!       José Luis SolanoSGI - Soluciones Globales Internet S.A.Delegación Regional Sur[EMAIL PROTECTED](+34) 954.088.060 - Original Message - From: Lionel Gavage To: [EMAIL PROTECTED] Sent: Monday, February 16, 2004 7:38 PM S

RE: Problem with remote LDAP

2004-02-16 Thread Lionel Gavage
Hi,   Remove the "access_attr = "dialupAccess"" parameter in LDAP config (put in comment). And retest.     Lionel Gavage.   -Message d'origine-De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]De la part de José Luis SolanoEnvoyé : lundi 16 février 2004 19:32À : [EMAI

Problem with remote LDAP

2004-02-16 Thread José Luis Solano
      Dear all !!   My old configuration was (2 different PC's): IP Client: XXX.XXX.XXX.205 IP Freeradius and LDAP: XXX.XXX.XXX.222   With this configuration, my system runs ok!!     My currently configuration is (3 different PC's): IP Client: XXX.XXX.XXX.205 IP Freeradius: XXX.XXX.XXX

Problem with remote LDAP

2004-02-16 Thread José Luis Solano
Dear all !!   My old configuration was (2 different PC's): IP Client: XXX.XXX.XXX.205 IP Freeradius and LDAP: XXX.XXX.XXX.222   With this configuration, my system runs ok!!     My currently configuration is (3 different PC's): IP Client: XXX.XXX.XXX.205 IP Freeradius: XXX.XXX.XXX.206 IP

Re: using date in freeradius

2004-02-16 Thread Alan DeKok
"sting sting" <[EMAIL PROTECTED]> wrote: > But this is not the point. > - the CallTimeAttr = 111 > was just an example. > It also fails in > CallTimeAttr = 3500 This is fixed in the CVS head. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/use

Re: Mschap + Mysql + Crypted Password

2004-02-16 Thread Alan DeKok
Paulo Fragoso <[EMAIL PROTECTED]> wrote: > Are there any attribute for stroe crypted password in database and works > with mschap? It's impossible. It's designed to be impossible. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Re: using date in freeradius

2004-02-16 Thread sting sting
Hello, thnxs to Paul "TBBle" Hampson. According to my understanding and the docs, the date represtents times in milliseconds from 1.1.1970. So 111 should also be OK. But this is not the point. - the CallTimeAttr = 111 was just an example. It also fails in CallTimeAttr = 3500 and CallTi

Re: TTLS and TLS (EAP-TYPES)

2004-02-16 Thread Jean-Paul Chapalain
Hi José, Note that WinXP PEAP client store the user/password in register. (See : http://support.microsoft.com/default.aspx?scid=kb;en-us;823731) Is why i use TTLS Client of Alfa/Arris. Regards, Jean-Paul. José Luis Solano wrote: Do you know if Windows XP client has authentication TTLS? Where is t

RE: TTLS and TLS (EAP-TYPES)

2004-02-16 Thread Lionel Gavage
No problem ;) Lionel Gavage -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de José Luis Solano Envoyé : lundi 16 février 2004 16:13 À : [EMAIL PROTECTED] Objet : Re: TTLS and TLS (EAP-TYPES) Thanks a lot Lionel! José Luis Solano SGI - Soluciones Globa

Re: Mschap + Mysql + Crypted Password

2004-02-16 Thread Nigel Metheringham
On Mon, 2004-02-16 at 14:45, Paulo Fragoso wrote: > Are there any attribute for stroe crypted password in database and works > with mschap? Now, only clear text password stored in radcheck table > works with mschap: No. CHAP passes a hash of the password and a random challenge across the wire.

Re: TTLS and TLS (EAP-TYPES)

2004-02-16 Thread José Luis Solano
Thanks a lot Lionel! José Luis Solano SGI - Soluciones Globales Internet S.A. Delegación Regional Sur [EMAIL PROTECTED] (+34) 954.088.060 - Original Message - From: "Lionel Gavage" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, February 16, 2004 2:04 PM Subject: RE: TTLS an

Re: Mschap + Mysql + Crypted Password

2004-02-16 Thread Paulo Fragoso
Norguhtar wrote: Are there any attribute for crypted password to work with mschap? We have ever tried "Crypt-Password" which work fine for dial-in user from other system (lucent max6000) using pap auth, but don't work with mschap. You can't used crypted password for this password is already crypt

Re: help for accounts with different timelimit...

2004-02-16 Thread Ciolo_-^DusT^-_WebMaster
ok I made some experiment about limiting session time... now I need to understand how to use this: >So you must create an > UPDATE command which will be fired when stop acct record is received > that will update value in radreply for that user. > Something like > UPDATE radreply SET value=to_char((

Re: rlm_perl & Auth-Type

2004-02-16 Thread Support
Hi, I've been doing some hacking with the perl module. The Auth-Type can be set by the authorization module or in the users file ( The latter works for me) -My users file only has the line: DEFAULT Auth-Type := perl_1 -My radiusd.conf 's relevant sections modules { ... ... perl voip {

Re: using date in freeradius

2004-02-16 Thread Paul Hampson
On Mon, Feb 16, 2004 at 04:18:58PM +0200, sting sting wrote: > Hello, > I have a problem with using a (Vendor Spcific) date attribute in > freeradius. > I had added other Vendor Spcific) attributes (string,integer,date ) with > not problem > I had added a dictionary with a date format type. > wh

using date in freeradius

2004-02-16 Thread sting sting
Hello, I have a problem with using a (Vendor Spcific) date attribute in freeradius. I had added other Vendor Spcific) attributes (string,integer,date ) with not problem I had added a dictionary with a date format type. what I had added is: ATTRIBUTE CallTimeAttr 122 date VSCompany (there

Re: Mschap + Mysql + Crypted Password

2004-02-16 Thread Norguhtar
On Mon, 16 Feb 2004 10:27:11 -0300 Paulo Fragoso <[EMAIL PROTECTED]> wrote: > Hi, > > We have a FreeRadius 0.9.3 + Mysql to authenticate a FreeBSD 5.1 + MPD > implementing PPTP vpn. All is working fine, but we have to put clear > text password in users database: > > mysql> select * from radche

Mschap + Mysql + Crypted Password

2004-02-16 Thread Paulo Fragoso
Hi, We have a FreeRadius 0.9.3 + Mysql to authenticate a FreeBSD 5.1 + MPD implementing PPTP vpn. All is working fine, but we have to put clear text password in users database: mysql> select * from radcheck where username='testevpn'; +--+--+---++--+ | id |

RE: TTLS and TLS (EAP-TYPES)

2004-02-16 Thread Lionel Gavage
Hi José, No Windows XP client hasn't TTLS option. Windows XP client supports PEAP on the other hand. You can use SecureW2 (http://www.alfa-ariss.com/) Lionel Gavage -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de José Luis Solano Envoyé : lundi 16 février

Re: TTLS and TLS (EAP-TYPES)

2004-02-16 Thread José Luis Solano
Do you know if Windows XP client has authentication TTLS? Where is the option? If Windows XP client has not TTLS, then do you know other client? Thankss a lot!! José Luis Solano SGI - Soluciones Globales Internet S.A. Delegación Regional Sur [EMAIL PROTECTED] (+34) 954.088.060 - Original M

RE: PEAP/LDAP

2004-02-16 Thread Lionel Gavage
Hi, It doesn't find the clear text password for rlm_chap but the user is well validated by LDAP. Extract of log: rlm_ldap: - authorize rlm_ldap: performing user authorization for u190336 radius_xlat: '(uid=u190336)' radius_xlat: 'dc=ulg,dc=ac,dc=be' ldap_get_conn: Got Id: 0 rlm_ldap: performi

Re: Restrict to NAS-Port-Type

2004-02-16 Thread Paulo Fragoso
Alan DeKok wrote: Paulo Fragoso <[EMAIL PROTECTED]> wrote: All is working fine, but we would like to restric PPTP users to only connect to vpn server. So we have created our radgroupcheck this way: ... | 8 | virtual | NAS-Port-Type| := | Virtual | That won't do what you want. Use '==

RE: TTLS and TLS (EAP-TYPES)

2004-02-16 Thread Lionel Gavage
Yes, on the level of the configuration client. Lionel Gavage -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de José Luis Solano Envoyé : lundi 16 février 2004 13:14 À : [EMAIL PROTECTED] Objet : TTLS and TLS (EAP-TYPES) Hi Lionel, I have your radiusd

Re: how to set IP restrictions ?

2004-02-16 Thread ml . radius
On Mon, Feb 16, 2004 at 12:54:13PM +0100, [EMAIL PROTECTED] wrote: > > I would like to learn how to set IP restrictions for each radius account : > > By restrictions, I mean that account n° 1 can only reach IP subset n° 1, > account n° 2 can only reach IP subset n° 2, > > An IP subset can b

TTLS and TLS (EAP-TYPES)

2004-02-16 Thread José Luis Solano
Hi Lionel, I have your radiusd.conf file, (thanks!!). But I have a simple question: if I have TL and TTL in my radius.conf, what eap-type will use freeradius TLS or TTLS? it's the client who decide the eap-type? Thanks in advance!!! José Luis Solano SGI - Soluciones Globales Internet

Re: PEAP/LDAP

2004-02-16 Thread José Luis Solano
Hi Lionel, I have your radiusd.conf file, (thanks!!). But I have a simple question: if I have TL and TTL in my radius.conf, what eap-type will use freeradius TLS or TTLS? it's the client who decide the eap-type? Thanks in advan!!! José Luis Solano SGI - Soluciones Globales Internet S.A. Delega

how to set IP restrictions ?

2004-02-16 Thread [EMAIL PROTECTED]
Hi, I would like to learn how to set IP restrictions for each radius account : By restrictions, I mean that account n° 1 can only reach IP subset n° 1, account n° 2 can only reach IP subset n° 2, An IP subset can be the whole WWW, a single IP or a specified family of IPs. And I would like

Re: PEAP/LDAP

2004-02-16 Thread Jean-Paul Chapalain
Hi Lionel, I succeeded in do to run a configuration only for EAP/TTLS with a LDAP backend. I use freeradius-snapshot of 04/feb/2004 and TTLS client of Alfa & Arris (SecureW2) on WinXP. See below 'users' file : # a0153 : Define the user for 802.1x Authentication #--

dialup-admin and postgresql

2004-02-16 Thread ml . radius
It would be nice to compile set of modifications needed for dialup_admin to work with postgresql. (Of course it would be even better that code is db independent :-) ) e.g. user_finger.php3 won't work because "SELECT DISTINCT UserName,AcctStartTime,FramedIPAddress,CallingStationId FROM $config

PEAP/LDAP

2004-02-16 Thread Lionel Gavage
Hi, I have some problems with PEAP/LDAP (and TTLS/LDAP). When I use LDAP only with a local authentification I don't have problem. Reciprocally with PEAP module without LDAP. But with these two modules the user is validated on the level of LDAP server but the 802.1x authentificaton failed! I don't