I'm using freeradius 0.93... and FreeBSD 4.9
For below entry in proxy.conf, Is it possible to STRIP the username during
authentication but NOSTRIP while doing accounting.??
realm myself.com{
type= radius
authhost= LOCAL
accthost= LOCAL
** Reply to note from Nils =?ISO-8859-1?Q?R=F8nhovde?= <[EMAIL PROTECTED]> Wed, 11 Aug
2004 07:31:44 +0200
>
> Hello,
>
> I am a bit puzzled that radiusd says "Ignoring deprecated command-line option -p"
> while usage() says:
> " -p port Bind to 'port', and not to the radius/udp, or 1646/u
Hi,
> freeradius-1.0.0 pre3
>
> How do I tell FreeRadius to DO pap and NOT do chap?
You don't. You tell the CLIENT what to do. If the client is using
chap, the server will verify the chap password, if the client is
using pap, that will be fine with the server, too.
The client is _not_ ask
On Wed, 11 Aug 2004 11:15:37 +0100
[EMAIL PROTECTED] wrote:
> ** Reply to note from Nils =?ISO-8859-1?Q?R=F8nhovde?=
> <[EMAIL PROTECTED]> Wed, 11 Aug 2004 07:31:44 +0200
> >
> > Hello,
> >
> > I am a bit puzzled that radiusd says "Ignoring deprecated
> > command-line option -p" while usage(
Hello All,
I am in the process of learning about and setting up simultaneous
usage and have a few questions about how it works.
1. What actually triggers a session to be logged in radutmp?
- Is it logged upon successful authentication of the user or
by the sending of an accounting start-packet?
Hello,
After a recent near-disaster involving a power failure with our
hosting company that managed to slag the POS backup radius server, I've
finally gotten the go-ahead to purchase and install two identical
servers to act as primary and backup radius server. I was already using
freeradiu
On Wed, 11 Aug 2004, david wrote:
> Hello All,
>
> I am in the process of learning about and setting up simultaneous
> usage and have a few questions about how it works.
>
> 1. What actually triggers a session to be logged in radutmp?
> - Is it logged upon successful authentication of the user or
Hello,
I authenticate Users on a D-LINK DWL-900+ Access Point by PEAP. So far they get their
IP-Address trgough a DHCP Server.
Now I would like to assign static IP-Addresses to the users through the PEAP
Authentication on the Access Point.
Which Reply-Items do i have to send to the Access Point
On Tue, 10 Aug 2004, Oscar Caballero Chavanel wrote:
> Hello,
>
> I started using and configuring FreeRADIUS 0.9.3 on SuSE Linux
> Enterprise Server 8.
>
> I need to authenticate RADIUS users to eDirectory server using LDAP.
> After some research, I found how to accomplish that, however, the
> per
>> 1. What actually triggers a session to be logged in radutmp?
>> - Is it logged upon successful authentication of the user or
>> by the sending of an accounting start-packet?
> radutmp works for accounting. Check radiusd.conf and you will see. So
sessions
> are logged and remov
Hi Leonard,
I'm afraid you don't. Wireless LANs are exactly like wired LANs in this
respect. The mechanism used to assign IP addresses to hosts (other than
static assignment) is DHCP. It is entirely possible to assign a static
address to a host using DHCP. You simply create a mapping between t
On Wed, 11 Aug 2004, david wrote:
>
> >> 1. What actually triggers a session to be logged in radutmp?
> >> - Is it logged upon successful authentication of the user or
> >> by the sending of an accounting start-packet?
>
> > radutmp works for accounting. Check radiusd.conf and you will see.
Hello,
Doubt..
According to Radius RFC, Session Timeout and Connectivity timeout are to sent by
Radius Server in Access-Accept, Challenge packets.
I need to know, whether a Radius CLient implementation can configure these values
by setting attributes in Access-request, if it does
Hi Gopal:
I am copying this email to the freeRADIUS community to
see if more people can help you with this:
here are my 2 cents...
you'll need to have your own certificates - normally
the organization has mandates on what type of
certificates to use and stuff, we have our own CA that
issues certifi
Thats a pitty...
i thought this way i could have limited the possibility of ip spoofing (through manual
ip configuration),
and also assign Ip Address based on user name and not mac-address...
ANOTHER QUESTIONS:
Do you know if it is necessary to send framed-mtu reply-item to the Access Point?
re
Hi !
I need some advice.
I use freeradius with mysql authorization, and is working great.
But now i must authorize some "Access-Request" packets, which don't have
"User-Name" and "User-Password" attributes, using Calling-Station-Id and
maybe some vendor attributes . My problem
> Thats a pitty...
> i thought this way i could have limited the possibility of ip
> spoofing (through manual ip configuration),
> and also assign Ip Address based on user name and not mac-address...
Nope. Sorry.
> ANOTHER QUESTIONS:
> Do you know if it is necessary to send framed-mtu reply-it
Nils =?ISO-8859-1?Q?R=F8nhovde?= <[EMAIL PROTECTED]> wrote:
> That's obvious. I'm interested in why the feature is removed, and what my
> alternatives to using it may be.
The feature was removed because it was awkward to implement. The
interaction between the configuration files && command-line
andrei <[EMAIL PROTECTED]> wrote:
> But now i must authorize some "Access-Request" packets, which don't have
> "User-Name" and "User-Password" attributes, using Calling-Station-Id and
> maybe some vendor attributes . My problem is that the sql give me the error:
See Auth-Type := Accept
Hi Alan and thanks for reply.
On Wednesday 11 August 2004 17:51, Alan DeKok wrote:
> andrei <[EMAIL PROTECTED]> wrote:
> > But now i must authorize some "Access-Request" packets, which don't
> > have "User-Name" and "User-Password" attributes, using Calling-Station-Id
> > and maybe some vendo
I'm having a problem with the rlm_passwd and users file. I have a
working configuration with 0.9.3 that's not working under 1.0.0 and I
don't know why. Hopefully, a second set of eyes on the list will catch
this. I'm having this problem with a default radiusd.conf (with just
the passwd blocks ad
Hi:
I am interested in using the CRL feature in the R1.0.0
freeRADIUS release.
The documentation/comments in the radiusd.conf file
are the only piece I was able to get out.
Is there any other documentation on this feature in
the freeRADIUS release.
We are using CISCO ACS server as well as the MS IA
Is there any way to limit radius user access to
only certain radius clients via ip address?
TYLER JORDAN
Check scripts/users2mysql.pl in the source.
On Wed, 11 Aug 2004 13:22:02 +0200, Rens Houben <[EMAIL PROTECTED]> wrote:
> Hello,
>
> After a recent near-disaster involving a power failure with our
> hosting company that managed to slag the POS backup radius server, I've
> finally gotten th
OS = Solaris 9
ver = freeradius-1.0.0-pre3
I'm trying to get FreeRadius to strip the realm
from the User-Name before it proxies to another server. My attr_rewrite is
as follows:
attr_rewrite RmRealm
{
attribute =
User-Name
searchin =
packet
David Hart a écrit :
>
> Recent Broadcom wireless drivers in Dell laptops natively support
> EAP-TTLS but do not send an outer User-Name.
Yes. I did not find any way to change this.
> Apparently the standard permits this behavior,
That is what I understood when reading the draft (maybe ambigu
Hi, everyone.
I am fairly new to RADIUS/FreeRadius. I have FreeRadius running
smoothly, authenticating to either PAM or SQL based on which I set
radiusd.conf to use. I get the proper Attributes and options based on
that configuration as well.
I have multiple NAS devices that will be authenticat
In 2001 In installed RH 6.2 on a server with qmail (email), djbDNS, Apache,
etc. The system has been working fine except it is slow.
Now I want to move over a new server with RH9 & authenticate using
freeRADIUS.
I noticed that in the old system (RH6.2), User Names (UID) & Groups (GRP)
are differe
Hi Trevor:
why are you trying to use the attr_rewrite stuff for
proxying.
The simpler approach is to use the proxy.conf
and
use the 'strip' option
for e.g.
realm mydomain.net {
type= radius
authhost= anotherserver.mydomain.net
accthost= anothers
Title: Message
Hi
All,
I am
using FreeRADIUS version 0.9.3, and would like to use LEAP as the eap
method and LDAP to authorize and authenticate the
user.
Using ethereal I see
that for authorize the bind dn is picked up as configured in
radiusd.conf
but wh
Hi Mohammed,
That exactally what I needed thanks for the info!!
Trevor
- Original Message -
From: "Mohammed Petiwala" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 11, 2004 1:13 PM
Subject: Re: Pre-proxy attr_rewrite problems
> Hi Trevor:
> why are you trying to u
To test a 802.1x authentication setup, I am using Andreas Wolf's WPA
Enterprise network document at:
• http://homepage.mac.com/andreaswolf/public/wpaeap.html
I have also added modifications to enable EAP-TTLS + Kerberos
authentication, which work fine with Mac OS X 10.3 and Xsupplicant
802.1x c
andrei <[EMAIL PROTECTED]> wrote:
> > See Auth-Type := Accept
>
> You meant to accept all calls and to not use rlm_sql and eventually some
> policy for reject ?
No. Go back and read what I said. You CANNOT use any other
authentication method than "accept" if there's no username or passwor
I am attempting to replace a EXEC-PROGRAM-WAIT module in the users file
with a exec module. Defining the exec module is straight forward.
There are examples in the conf file. However, placing the call to it
is not as obvious. First I put it in the authenticate section. That
generated a seg
Dave Mussulman <[EMAIL PROTECTED]> wrote:
> passwd wireless_group {
> filename = /usr/dcs/networking/radius/etc/master-config
> format = "*User-Name:~Group-Name:"
The Group && Group-Name attributs are the same thing, and both are
implemented by the "unix"
"Kellogg, Chris" <[EMAIL PROTECTED]> wrote:
> I have a Cisco VPN device and a Cisco RAS device. Each is in a
> different subnet with different requirements and options, but both use
> the same username/password to connect (Usernames are universal for
> remote access). Either I'm failing to recogn
"Kirti S. Bajwa" <[EMAIL PROTECTED]> wrote:
> I am physically copying /etc/passwd & /etc/group files from old RH6.2 system
> to the new RH9 & freeRADIUS server. Since UID & GID do not match, freeRADIUS
> does not authenticate.
I'm not sure what you mean by that. Edit the passwd file if it's
wro
Alex Reynolds <[EMAIL PROTECTED]> wrote:
> Has anyone successfully connected AEGIS clients to freeRADIUS (esp.=
> using self-signed certificates)? Are there extra steps involved?
I've done it. I don't think there are any extra steps.
> However, I cannot get AEGIS (10.2 and WinXP) 802.1x client
"Alan DeKok" <[EMAIL PROTECTED]> wrote:
> "Kellogg, Chris" <[EMAIL PROTECTED]> wrote:
> > I have a Cisco VPN device and a Cisco RAS device. Each is in a
> > different subnet with different requirements and options,
> but both use
> > the same username/password to connect (Usernames are univers
Hi ,
Using freeradius 0.9.3 with FB 4.9 OS
Try sending request using
"bacangtesting.com/bacang" and in radiusd.conf already configure 2
realm order i.e "realmslash" and "suffix"
But since i put the "suffix" above "realmslash"...
It will search only at "suffix" and once not found.. it wil
Hello,
Kindly clear this doubt.
According to Radius RFC,
Session Timeout and Connectivity timeout are to sent by Radius Server in
Access-Accept,
Challenge packets.I need to know, whether a Radius CLient implementation can
configure these values by setting attributes in Access-request,
In release 1.0 you have an extra option "ignore_null" which will tell
freeradius not to match against the NULL domain if a realm match fails.
Otherwise if you don't need the NULL domain you can remove it.
Regards,
Simon.
---
On Thursday 12 August 2004 06:32, Rohaizam Abu Bakar wrote:
> Hi ,
>
>
42 matches
Mail list logo
