On Mon, Apr 05, 2004 at 08:16:24PM +0300, Kostas Zorbadelos wrote:
Hello to everyone.
I have the following problem where I work. We have a user, lets say
kzorba that is an ADSL user and has a specific profile (check and
reply attributes). We want to limit the Simultaneous-Use of
the user for
radiusd -X:
rlm_perl: %%% Connection is being freed for F5D98D0 BDEF1810 91E70050
8D49CC64
rlm_perl: Added pair Reply-Message = You exceded simultaneous usage limit.
rlm_perl: Added pair h323-credit-amount = h323-credit-amount=788
rlm_perl: Added pair h323-currency = h323-currency=USD
Hi,
Can you pls elaborate? I know there is a /etc/log.d/conf/services/pam.conf but there is nothing specific in the file.
ThksSean O'Malley [EMAIL PROTECTED] wrote:
Shouldn't the pam_tally module be in the auth part of the pam.conf ?On Sun, 4 Apr 2004, Small Boy wrote: Hi all, :) I have
On Mon, 5 Apr 2004, Kostas Zorbadelos wrote:
Hello to everyone.
I have the following problem where I work. We have a user, lets say
kzorba that is an ADSL user and has a specific profile (check and
reply attributes). We want to limit the Simultaneous-Use of
the user for this service to 1.
Hi all,
I'm new user of linux and freeradius, here's my config(802.1x with EAPOL
on a wired link) : xsupplicant, cisco 3550, freeradius.
Connections beetween this three parts are ok, but after the
identification step, with login OK on the radius, I don't know how to
send the password in EAP MD5
Hi,
To configure your switch, read this before :
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2970/12218se/2970scg/sw8021x.htm
It's very easy to configure.
After you have to modify files clients.conf and user in freeradius
conf directory .../raddb/. There are examples include in this
Jack J [EMAIL PROTECTED] wrote:
Question: Can FreeRADIUS use ntlm_auth from Samba
to make this happen ?
I mean: PEAP w/MSCHAPv2 and using AD as User
profile storage ?
I have no idea.
I think that we'll need a rlm_winbind module to do this. There's
winbind code out there which can be
--
__
Mike Ockenga, CCNP [EMAIL PROTECTED]
Network Engineer IIVoice: 952/230-4673
Onvoy Inc.
300 North Highway 169Minneapolis, MN 55441
_
1) Will
Steve OBrien [EMAIL PROTECTED] wrote:
So they're different. If you want to know exactly what they are,
add debug statements to print them out.
would that be debug_eap = 0x in eap.conf?
Huh? There's no such configuration line in eap.conf.
I was suggesting to edit the source code.
I wanted to know if anyone ahs had any problems with running radius and ldap on the
same server without using PAM. The reason for this is down the line there will be two
radius/ldap servers for redundancy. But the problem I am seeing is when radius tries
to do a tls call to ldap using the
Hi Alan,
rlm_winbind:
I see Samba 3.0.2 has winbind code available.
Andrew Barlett of Samba (author of winbind)
has made it available.
Is anyone working or planning to work on
rlm_winbind module for FreeRADIUS ?
(That is : make a similar port which Andrew did
for pppd to FreeRADIUS) ??
Thank
I am getting:
ld: fatal: library -lcom_err: not found
ld: fatal: File processing errors. No
output written to .libs/rlm_krb5-1.0.0-pre0.so
when trying to compile rlm_krb, I have
googled and do not see any reference to this library, what is it?
TIA,
Steve
Hello Alexander,
Friday, April 2, 2004, 2:10:25 PM, you wrote:
AL Hello freeradius-users,
AL First of all, i'd like to thank all those people, who helped me last
AL time with traffic limiting (thread how can i limit traffic use?),
AL and special thanks to Alexander M. Pravking.
AL Now,
I was last on this list in Dec. 2002 asking about Gigawords accounting with a
Cisco 7200 VXR. I have finally updated the Cisco IOS (with the help of a
Cisco engineer, it wasn't straightforward) and now am looking at Freeradius
again.
My problem is that Freeradius - even the CVS version -
Steve Cole [EMAIL PROTECTED] wrote:
My problem is that Freeradius - even the CVS version - still seems to have no
support for the RADIUS extensions for large data transfers
(Acct-Input-Gigawords, Acct-Output-Gigawords).
Huh?
[EMAIL PROTECTED] radiusd]$ grep -i giga share/dictionary
I am trying to set up FreeRADIUS 0.9.3 so that requests first
get proxied to another radius server to see if a user is valid. If the user is
valid, then everything is fine. If they are not valid, I want the user /
password combination to be checked against the sql table for radius since
We will be running freeradius as part of demos in the iLabs/LAN access
security at Networld+Interop in Las Vegas May 11-13 2004.
http://www.interop.com/lasvegas2004/interopnet/ilabs/
Right now (working on the demos) we are running
EAP TLS/MD5/PEAP/TTLS/LEAP (freeradius-snapshot-20040402)
both
Hey Steve,
You really did not give very much info but I suspect you don't
have Kerboros installed in the machine...
Gary N. McKinney
Network Administrator
Computer Services Dept.
Brevard County Library System
-- Original Message --
From: Steve
Hi Jack,
Guess I just am to hung up on TTLS... :)
ntlm_auth seems like a good bet, except I am uncertain if it is
possible to convert the inner EAP-MSCHAPV2 authentication of PEAP
to the normal MSCHAP authentication required by the ntlm_auth module...
But I think Alan would be able to answer
On Tue, Apr 06, 2004 at 10:13:01PM +0400, Alexander Lunyov wrote:
AL But it's not affecting sql :( And, while this accounting data is not shows
up in
AL sql, traffic is leaking!
While searching message base of this list i found thread
accounting_update_query. Is this query in
HSIEH, MOSES [EMAIL PROTECTED] wrote:
I am trying to set up FreeRADIUS 0.9.3 so that requests first get proxied to
another radius server to see if a user is valid. If the user is valid, then
everything is fine. If they are not valid, I want the user / password
combination to be checked against
I've just added a listen directive to the current CVS snapshot.
This lets the administrator control the IP address, port, and packet
types which the server listens for.
e.g. You can make the server listen only to authentication requests,
but not accounting requests.
e.g. You can make the
On Tuesday 06 April 2004 15:07, Alan DeKok wrote:
Steve Cole [EMAIL PROTECTED] wrote:
My problem is that Freeradius - even the CVS version - still seems to
have no support for the RADIUS extensions for large data transfers
(Acct-Input-Gigawords, Acct-Output-Gigawords).
Huh?
[EMAIL
Steve Cole [EMAIL PROTECTED] wrote:
The dictionaries don't concern me, what I need to do is log them.
Unless I'm blind, there is no support for Accounting for them in SQL
schema:
shrug So add them, and supply a patch to the schema queries.
That's why they're in configuration files: so you
Hello Alexander,
Wednesday, April 7, 2004, 12:10:16 AM, you wrote:
While searching message base of this list i found thread
accounting_update_query. Is this query in sql.conf responsible
for traffic updates (by Alive packets, i mean)?
AMP Yes.
If it so, why
default
On Wed, Apr 07, 2004 at 12:36:30AM +0400, Alexander Lunyov wrote:
If it so, why
default update_query does not include traffic and time update
fields? May it be a cause of my problem?
AMP Looks like your sql config is too old, current configs (mysql/pg/oracle)
AMP do update
On Tue, Apr 06, 2004 at 04:31:30PM -0400, Alan DeKok wrote:
Steve Cole [EMAIL PROTECTED] wrote:
The dictionaries don't concern me, what I need to do is log them.
Unless I'm blind, there is no support for Accounting for them in SQL
schema:
shrug So add them, and supply a patch to the
Hello Alexander,
Wednesday, April 7, 2004, 12:40:59 AM, you wrote:
AMP Could you show the debug output for an Alive packet?
Well, it looks something like this:
AMP Oh, no. Not the detail'ed entry, but the output from radiusd -X
Oops :)
Here it is.
--- Walking the entire
You
really did not give very much info but I suspect you don't
have Kerberos installed in the machine...
I do have the Solaris 9 binaries from
MIT Kerberos installed. In /usr/local/include there is com_err.h
but I am not sure if that is what it is looking for. It finds all
the other libraries.
I edited the makefile and moved -lcom_err
from the RLM_LIBS line to the HEADERS line and make seemed to work. Not
sure if that is a bug...
Steve
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tuesday 06 April 2004 16:23, Alan DeKok wrote:
I've just added a listen directive to the current CVS snapshot.
This lets the administrator control the IP address, port, and packet
types which the server listens for.
e.g. You can make the
Kevin Bonner [EMAIL PROTECTED] wrote:
Awesome!
g I thought it would be useful. The idea's been kicking around
in my head for a while, and I finally managed to get is simple, clean,
and neat.
Will there be a proxy type added, or will the proxy port just be a port =
auth_port?
There's a
Hi all, :)
I have installed FreeRadius 0.9.3 on RedHat Linux 9 and enabled Pam - the file name is system-auth. Pam has been configured to deny users 5 failed password attempts. I tried the pam setup by login locally and it works fine. After I installed RADIUS and edited the 'radius.conf' file
33 matches
Mail list logo