Hello, your NAS is the one who responsible to disconnect the user. Try to
check your NAS.
- Original Message -
From: "Truong Manh Cuong" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 04, 2004 4:17 PM
Subject: RE: Session-Timeout and Cisco
>
> Hi,
>
> I've try to use
Hi,
Also you could do that by including "Service-Type = Administrative-User"
in your Access-Accept.
So in the users file, you can configure a user like this :
super-cisco Auth-Type := Local, User-Password == "whatever"
cisco-avpair = "shell:priv-lvl=15",
Service-Type = Administ
After spending some time perusing the mailing list I have been unable to
turn up any info on the problem I am experiencing.
I am attempting to authorise/authenticate xp supplicant to an NT4 domain
through a cisco AP. Freeradius-snapshot-20040302 is compiled with
experimental modules and eap is con
Hi, Im a Radius newb.So I have not deployed a Radius server before.
Are there any good web reviews on FreeRadius?
And does FreeRadius have a web/gui based admin and configuration tool?
And how good is Free Radius in comparison to say IC Radius? IC Radius looks
good, it has a web based admin tool
On Wed, 2004-03-03 at 10:39, Alan DeKok wrote:
> [EMAIL PROTECTED] wrote:
> > Hi, I am running freeradius-0.9.3 on RedHat 9.0. I have found your
> > documentation and faq page very helpful, however I cannot find an answer to
> > one question. Can Radius pass a privilege level back to a Cisco swit
I figured it out after that! I needed to change from cn=dialup to
uid=dialup, and then it all started working.
Just a comment - Shouldn't it be possible to specify the ldap search
used to get reply attributes in the rlm_ldap configuration block in
radiusd.conf? It seems really bizzare to have that
Jeff <[EMAIL PROTECTED]> wrote:
> I am trying to change the setting for "Idle-Timeout".
> I keep getting short timeouts of less than 3 minutes
> when user machines are idle. There is no idle timeout
> when user machines are kept busy. I actually want to
> turn the setting off or set it to infinite,
Rok Papez <[EMAIL PROTECTED]> wrote:
> I'm trying to proxy requests to LOCAL, but the realm part of the username
> isn't stripped.
The server doesn't proxy requests to LOCAL. It just handles them itself.
> modules {
> realm example.domain {
> format = suffix
>
Wolfgang Hottgenroth <[EMAIL PROTECTED]> wrote:
> that it is thread-safe. I assume nevertheless that the global
> interpreter lock needs to be acquired before the embedded python
> interpreter will run.
Probably.
> So, under the assumption of pure python code the module is thread-safe
> but exe
Hi,
I was playing around a bit with the rlm_python and was wondering about
,
| module_t rlm_python = {
| "python",
| RLM_TYPE_THREAD_SAFE, /* type */
`
that it is thread-safe. I assume nevertheless that the global
interpreter lock needs to be acquired before
When I ordered a voice DS1 the telco asked me how many digits I
wanted to received for the called number. All I needed for
that application was 4. Maybe your telco's only sending 5.
Just a thought.
--
Chris Linstruth <[EMAIL PROTECTED]>
QNET
1031 West Avenue M14 #A
Palmdale, CA 93551
(661) 538
Maybe somebody has a copy of the original patch without the junk?
Thanks.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Troy
Winemiller
Sent: Thursday, March 04, 2004 12:13 PM
To: [EMAIL PROTECTED]
Subject: Mikrotek + Freeradius Patch?
Hi,
I am mocki
Jeff <[EMAIL PROTECTED]> wrote:
> In detail files and MySql database, the
> Called-Station-Id attribute is only returning the last
> 5 digits of the phone number called, but
> Calling-Station-Id returns full 10 digit phone number.
> How can I get Called-Station-Id to do the same?
The server logs
"Truong Manh Cuong" <[EMAIL PROTECTED]> wrote:
> I've try to use rlm_sqlcounter, it works but I don't see anything happen
> after a period of Session-Timeout:
> After 64 seconds of Session-Timeout, Radius don't reject that connection.
RADIUS doesn't force connections off-line. Read the FAQ abou
Thanks Dustin and Alan, this works!!!
-Original Message-
From: Dustin Doris [mailto:[EMAIL PROTECTED]
Sent: Thu 04/03/2004 18:04
To: [EMAIL PROTECTED]
Cc:
Subject: RE: Stripping domain names for LDAP filter
Giv
"Teoh, Chee" <[EMAIL PROTECTED]> wrote:
> I have not modified the proxy.conf file at all. So, no default realm or
> bulldog realm.
The Stripped-User-Name attribute is set ONLY if you tell the server
how to strip it. The server is not a magical piece of software that
reads your mind to determin
Hello all,
I am using Freeradius 0.9.3 on a X86 machine running
Gentoo Linux. I compiled Freeradius myself fromsource.
We are authenticating users fromauthentication data in
a MySql database. My clientmachines are Ascend Max
6000 and 4000, running TAOS9.0.9 and 7.0.28
respectively.
In detail file
Give this a shot.
Open proxy.conf and put in
realm DEFAULT {
type= radius
authhost= LOCAL
accthost= LOCAL
}
Then restart radiusd.
-Dusty
On Thu, 4 Mar 2004, Teoh, Chee wrote:
> Hi,
>
> I have not modified the proxy.conf file at all. So, no
Hello all,
I am using Freeradius 0.9.3 on a X86 machine running
Gentoo Linux. I compiled Freeradius myself from
source. We are authenticating users from
authentication data in a MySql database. My client
machines are Ascend Max 6000 and 4000, running TAOS
9.0.9 and 7.0.28 respectively.
I am tryin
Hi,
I have not modified the proxy.conf file at all. So, no default realm or
bulldog realm.
Chee.
-Original Message-
From: Dustin Doris [mailto:[EMAIL PROTECTED]
Sent: 04 March 2004 17:18
To: [EMAIL PROTECTED]
Subject: Re: Stripping domain names for LDAP filter
What's your proxy.conf f
Hello.
I'm trying to proxy requests to LOCAL, but the realm part of the username
isn't stripped.
FreeRADIUS: 20040304 CVS
Protocols: EAP-TTLS + PAP
User db: files
proxying to LOCAL
It is important that users may use only the "[EMAIL PROTECTED]" username
instead of just
What's your proxy.conf file say? Do you have a default realm or the
bulldog realm set?
On Thu, 4 Mar 2004, Teoh, Chee wrote:
> Hi All,
>
>
>
> I am having difficulties stripping domain name from RADIUS request
> before sending it to LDAP. I have the following in the conf file:
>
>
>
> filter =
Hi,
I am mocking up a Mikrotik Router OS and Freeradius combo for testing.
I found the patch from Evren Yurtesen referenced here:
http://www.mail-archive.com/[EMAIL PROTECTED]/msg005
28.html
Here's the thing, I keep getting 'malformed patch' errors which I assume
is because I copied the patch t
Hi All,
I am having difficulties stripping domain name from RADIUS
request before sending it to LDAP. I have the following in the conf file:
filter =
"(uid=%{Stripped-User-Name})"
However, this produces the following error:
Thu Mar 4 16:56:47 2004 : Debug:
Thread 1 handlin
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:freeradius-
> [EMAIL PROTECTED] On Behalf Of Dustin Doris
> Sent: Thursday, March 04, 2004 10:15 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Per-client "group" matching?
>
> I think I understand what you are saying.
>
<...>
>
> Now, when
I think I understand what you are saying.
You could use huntgroups and then check for a different Ldap-Group based
on the NAS-IP.
example huntgroup file
# switches/routers
netadmins NAS-IP-Address == x.x.x.x
netadmins NAS-IP-Address == y.y.y.y
# vpn concentrators
vpnusersNAS
Hi,
I'm running Version 1.0 pre
[EMAIL PROTECTED] radius]# radiusd -v
radiusd: FreeRADIUS Version 1.0.0-pre0, for host , built on Feb 25 2004 at
13:52:30
Copyright (C) 2000-2003 The FreeRADIUS server project.
And in my radius log I keep seeing these errors. Is there a way to get the
software t
I looked through the info in docs/ and didn't see what I was after.
Is it possible to specify allowed logins on a per-client basis?
For example, our Cisco VPN3015 uses freeradius to act as the authentication
server. Any users in the group "vpnusers" are allowed to authenticate.
What I'd like to
Is testAtr in a dictionary file somewhere? You need to identify that
attribute as a radius attribute in a dictionary file.
On Wed, 3 Mar 2004, Paul Blaich wrote:
> Dustin,
>
> rad_recv: Access-Request packet from host 130.194.999.999:1365, id=2,
> length=47
> User-Name = "blaich"
>
You need to add an entry in ldap for the profile you want the reply items
taken from. Right now you have this entry to have the dial profile.
dn:
cn=dialup,cn=group,cn=radius,cn=config,ou=eaccounts,dc=megashaft,dc=com,dc=au
In that entry you need to have the reply items you want.
example.
dn:
c
> Linux Slackware, freeradius and mysql, my problem is that more than one
> user with the same username can conect in the same time. I search for a
> mode than only one user can be conect with the username. How I can resolve
> this problem???
>
show me your gnugk configuraton =)
I'm can hel
Is there a command
to send to disconnect a user if you are proxying requests through
FreeRadius?
Any help would be
greatly appreciated?
Troy
see the simultaneous-use attribute and I think there were some
documentation in docs folder of freeradius
edu wrote:
On Wed, 03 Mar 2004 14:40:57 -0300, edu wrote:
I have this configuration:
Linux Slackware, freeradius and mysql, my problem is that more than one user with the same username
On Wed, 03 Mar 2004 14:40:57 -0300, edu wrote:
I have this configuration:
Linux Slackware, freeradius and mysql, my problem is that more than one user
with the same username can conect in the same time. I search for a
mode than only one user can be conect with the usern
Hello Tom.
Tom Rixom wrote:
Thanks, but I have done exactly the same... but I get the following:
./configure --with-openssl-libraries=/usr/local/ssl/lib/ --with-openssl-includes=/usr/local/ssl/include/
Today CVS version, already tested with SecureW2 2.0.0:
./configure --prefix=/opt/freeradius --
Hi ,
I'm newbie and I've a big problem with rlm_ippool module (version 1.3.0).
I've written corretly configuration files as described, but I've this problems:
1)in function ippool_postauth when ceck if Pool-Name exist --->return RLM_MODULE_NOOP
2)after having comment this , callerid is null and por
Hi,
I use freeradius with gatekeeper. When H323Client tries to register to
gatekeeper it asks freeradius to decide.
While debugging radius messages I found this chunk of information:
..
Service-Type = Login-User
Framed-IP-Address = 192.168.0.120
Cisco-AVPair = "h323-ivr-out=terminal-alias:luke
Sorry not to have been clear (forget my NTRadping conf ;).
My problem is: how can I configure FreeRadius to get CVPN-3K-Groups from my
LDAP directory?
instead of having: CVPN-3k-Groups = "foo"
And:
1. how can I send back more than one attribute to my NAS?
2. how can I do if I want my use
Thanks!
I'll try it
--
Sergio SAGLIOCCO
SecureLAB - System & Network Security
CSP s.c. a r.l.
Kostas Kalevras wrote:
On Tue, 2 Mar 2004, Sergio Sagliocco wrote:
Hi
thanks for the suggestion.
If I use the compare_check_items keyword it doesn't work because I
think the check operator is
Hi,
I've try to use rlm_sqlcounter, it works but I don't see anything happen
after a period of Session-Timeout:
After 64 seconds of Session-Timeout, Radius don't reject that connection.
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
rlm_sql (sql): Released sql
Hi All,
I
have an existing Freeradius running in Linux box. I
use to authenticate my users in "system" box to /etc/passwd.
I am trying to implement a "callback" feature in
radius, and my entries look like this:-
dialbk Auth-Type :=
System
Service-Type = Callba
41 matches
Mail list logo
