>
>I get the following errors upon make :
> gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE
> -DNDEBUG -I../../../../include -I../.. -I/usr/local/ssl/include -o
> rlm_eap_tls rlm_eap_tls.o eap_tls.o cb.o tls.o mppe_keys.o rlm_eap_tls.o
> eap_tls.o cb.o tls.o
ppe_keys.o -W
Hello all, I have insalled the CVS version of Freeradius and I have
configured it to use peap. I'm using Xsupplicant as client and a
DWL-900AP+ as Access Point.
The problem is that the connect proccess fails, and lookig the radius
log I have seen that the first phase is correct, but in the seco
Hello All,
Is it possible to forward an authentication request to another radius
server based on the domain in the user name?
Richard
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> Hello All,
>
> Is it possible to forward an authentication request to another radius
> server based on the domain in the user name?
yes
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How?
Milver S. Nisay wrote:
Hello All,
Is it possible to forward an authentication request to another radius
server based on the domain in the user name?
yes
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
If you have it setup in radiusd.conf to
look for @ to determine realms, then all you need to do is add that information
to users and acct_users.
[EMAIL PROTECTED]
you would set up
realm domain.com {
type = radius
authhost = ipaddressHere:1645
a
Are you using the latest CVS snapshot? An issue causing the same
symptoms that you are seeing was recently fixed. Try compiling the
latest snapshot and see if that fixes the error.
--Mike
On Fri, 2004-05-07 at 08:55, Manuel Sánchez Cuenca wrote:
> Hello all, I have insalled the CVS version of
We'll try it. Thanks.
Anson Rinesmith wrote:
If you have
it setup in radiusd.conf to
look for @ to determine realms, then all you need to do is add that
information
to users and acct_users.
[EMAIL PROTECTED]
you would
set up
realm
domain.com {
type =
I need to set up a Freeradius server proxying certain requests to another
radius server (Safeword Premier Access) in other to authenticate users with
tokens. All other users are to be authenticated locally.
My problem is: If I supply a correct password, the thread serving the
request gets into a
I would check on the accounting. You have it set as port 1813, whereas it
would usually be 1646 on a system with authentication at port 1645.
If you have access to swpa.sbs.sk, try running radiusd in the foreground
(radiusd -X) and watch what it tells you when you send the request.
All The Bes
Thanks for the suggestion. I was also suspicious about accounting. The ports
are correct. That's the idiocracy of Safeword Premier Access. In fact one of
the reasons for using freeradius is to log accounting packets into a SQL
database, so I have removed the accthost attribute from proxy.conf. Howe
This is the output from tcpdump between the freeradius server on
tatra.sbs.sk and the Safeword Premier Server on swpa.sbs.sk.
I just don't see any problem there.
tatra:/etc/raddb # tcpdump -i eth1 host swpa
tcpdump: listening on eth1
16:41:07.872156 arp who-has swpa.sbs.sk tell tatra.sbs.sk
16:41
How?
Hello All,
Is it possible to forward an authentication request to another radius
server based on the domain in the user name?
there are several way:1. if your company is willing to sponsor another NAS device/machine and several phone lines/E1s etc, that would be one way.2.
Hello all,
I am seeing some curious behavior with Huntgroups and how it relates to the
NAS-IP-Address attribute. This behavior is noticable in a certain RADIUS
test utility I have used. This tool sends a NAS-IP-Address attribute inside
of an Authentication request. What I see is that FreeRADIUS
I'm evaluating the use of freeRadius and wondering whether it
will be possible to return valid check pairs to the upstream NAS
from info in MySQL, without using a typical users file entry like
this example...
DEFAULT Realm = "abc.org", Login-Time = Al0555-1805
Session-Timeout = 14400,
> I'm evaluating the use of freeRadius and wondering whether it
> will be possible to return valid check pairs to the upstream NAS
> from info in MySQL, without using a typical users file entry like
> this example...
>
> DEFAULT Realm = "abc.org", Login-Time = Al0555-1805
> Session-Timeou
Certainly, just put them in the radreply or radgroupreply table (if you are
using the tables suggested).
All The Best,
Brian Andrus
Millenia Internet Services, Inc.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mark
Constable
Sent: Friday, May 07,
=?ISO-8859-1?Q?Manuel_S=E1nchez_Cuenca?= <[EMAIL PROTECTED]> wrote:
> Hello all, I have insalled the CVS version of Freeradius and I have
> configured it to use peap. I'm using Xsupplicant as client and a
> DWL-900AP+ as Access Point.
Upgrade xsupplicant. They had a bug in an older version.
The problem seems to be in the attributes the home server returns to the
freeradius proxy. When I reconfigured the home server to authenticate only
and not to send any attributes whatsover, everything worked as it should.
The attributes that caused the proxy to get into an infinite loop were:
Szelepcsenyi Robert <[EMAIL PROTECTED]> wrote:
> My problem is: If I supply a correct password, the thread serving the
> request gets into an infinite loop eating almost 100% of CPU time. Bad
> passwords are rejected correctly.
Try the latest CVS snapshot. It has a number of bugs fixed.
Alan
iMark Constable <[EMAIL PROTECTED]> wrote:
> I'm evaluating the use of freeRadius and wondering whether it
> will be possible to return valid check pairs to the upstream NAS
> from info in MySQL, without using a typical users file entry like
> this example...
>
> DEFAULT Realm = "abc.org", Logi
I am having trouble
with a proxy request in that it is timing out because it takes so long. I
actually need to set the timeout to something along the lines of 30-45 seconds,
preferably just for that realm. (this is because the system is actually making a
phone call for verification).
I do
Ok, I have figured
part of my problem out. the delay_retry is what I need,
but.
Is there a way to
specify a different delay_retry and retry_count for each
realm?
Brian
Andrus
AD> The Session-Timeout is inappropriate here. The Login-Time
AD> attribute is a magic server-side attribute, which will set
AD> Session-Timeout, so that the user is automatically kicked off at
AD> the end of the time.
I need to return the value of a calculation as the Session-Timeout.
How should
I seem to be missing something. how should the values be defined in the
users file to achieve the specification below. Should I separate the
Cisco routers and the 3Com switches in the huntgroups file? Is it
permissible for there to be multiple Vendors Vendor-Specific values on
a "users" entry re:
UP> If you know how to make this work, a reply with instructions would
UP> be very appreciated.
I found the reason why my configuration didn't work. Problem solved
for now, thanks for your time.
Ulrich
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Sat, 8 May 2004 01:33 am, Alan DeKok wrote:
> Mark Constable <[EMAIL PROTECTED]> wrote:
> > I'm evaluating the use of freeRadius and wondering whether it
> > will be possible to return valid check pairs to the upstream NAS
> > from info in MySQL, without using a typical users file entry like
> >
Mark Constable <[EMAIL PROTECTED]> wrote:
> In this case I want users to be able to login only during business
> hours and to ALSO only have a 4 hour session limit during that time,
> and most definately get booted after -1805 if they logged in within
> 3 hours and 59 minutes of that -1805 time-ou
Craig Huckabee wrote:
attr_rewrite works but breaks EAP for me :(
I've reattempted using the users file again, and double checked that
files does indeed come before the ldap sections in the authorize
section - still get a blank filter.
A debug run shows that files is indeed getting processed
Kenneth Grady <[EMAIL PROTECTED]> wrote:
> I seem to be missing something. how should the values be defined in the
> users file to achieve the specification below.
Use the 3com dictionary from the latest CVS snapshot.
> 3com = 3Com-Administrator,
That won't work.
See the 3com dict
Craig Huckabee <[EMAIL PROTECTED]> wrote:
> However, if I use this:
>
> DEFAULT User-Name =~ "^([^/]+)/(.*)"
> Foo = `%{2}`
> ...
>
> then attempt to look at Foo using %{reply:Foo}, I get the expected value
> and the filter works.
Try the original, but look for foo in %{Foo}, or %{reques
Mike Lampson <[EMAIL PROTECTED]> wrote:
> I am seeing some curious behavior with Huntgroups and how it relates to the
> NAS-IP-Address attribute. This behavior is noticable in a certain RADIUS
> test utility I have used. This tool sends a NAS-IP-Address attribute inside
> of an Authentication requ
Hello,
I´m using freeradius and the autentication methos by userfile, now i have to
create 2 usergroups, one for 1hour to surf in the internet othre for 6hours.
Can anyone help me about creating these 2 usergroups and setting ups each user
for desired usergroup.
sorry my bad english
thanks
R
Hi
Thanks for a very helpful response. I downloaded the snapshot and
now it compiles and installs without a hitch (in /usr/local/freeradius).
However, I have a problem running radtest (after running run-radiusd -X
-A (following the procedure at
http://www.impossiblereflex.com/8021x/eap-tls-
rdo, sexta-feira, 7 de maio de 2004 às 15:06 você escreveu:
rsp> I´m using freeradius and the autentication methos by userfile, now i have to
rsp> create 2 usergroups, one for 1hour to surf in the internet othre for 6hours.
rsp> Can anyone help me about creating these 2 usergroups and setting ups
> If you want it to have huntgroups based on the source IP of the
> RADIUS packet, edit the huntgroups file, and change "NAS-IP-Address"
> to "Client-IP-Address".
Thanks. I missed that attribute when looking through the various examples.
Cheers,
_Mike
-
List info/subscribe/unsubscribe? See
"Tyrone Mills" <[EMAIL PROTECTED]> wrote:
> I can see how attr_rewrite can be used to modify particular aspects of the
> packet, but how would I go about cancelling the proxying of a particular
> packet?
Source code modifications, sorry.
Alan DeKok.
-
List info/subscribe/unsubscribe? See ht
"luc millet" <[EMAIL PROTECTED]> wrote:
> I have a proxy radius which is connected to several radius clients.
> Some of them send several accounting requests with different session id,
> for a same customer session.
That's very bad.
> The radius clients (NAS) can't be configured, the servers ca
This problem has been fixed. It was indeed a problem with the path not
being export'ed correctly.
M Singh wrote:
Upon running radtest :
[EMAIL PROTECTED] bin]# ./radtest testing123 testing123 localhost 0 testing123
/usr/local/freeradius/bin/radclient: error while loading shared
libraries: li
> > I can see how attr_rewrite can be used to modify particular
> aspects of the
> > packet, but how would I go about cancelling the proxying of a particular
> > packet?
>
> Source code modifications, sorry.
>
> Alan DeKok.
Hi Alan,
I'm almost finished writing a module (yet to be tested insid
hi all,
I'm trying to install the billing module follow instructions as the
README file.
i got this msg
Module: Instantiated detail (detail)
radiusd.conf[9] Failed to link to module 'rlm_pgsql-voip': file not
found
also i try to find that module on src files , but is no there.
any help ?
thank
I am running these on a solaris 8 box. I am having a bit of a quandry.
sometimes when doing a query against the data in oracle (lets say for
all users on an ip in a given time frame). if a user has connected but
not disconnected the entry won't show up in the query; sometimes. it is
the somet
I'm just starting out with changing over from xtRadius to
freeRadius and testing things for the next few days. I'll be
looking hard at dialup_admin and just now I've got it up on
my own test box and I can see there are a few basic and obvious
mods that could be made... that I will be doing anywa
43 matches
Mail list logo
