On Thu, Aug 19, 2004 at 10:29:28PM -0700, Petersen, Kirsten - NET wrote:
> Are there any plans to have a debian package for version 1.0.0 soon?
There's an unofficial one someone built, the URL was on the mailing list
earlier, and the official (DFSG-free) one is currently with my sponsor.
However,
On Fri, Aug 20, 2004 at 09:32:06AM +0200, Markus Krause wrote:
> i commented out the line and removed the dependency entry for debhelper in
> debian/control, now i got the following error after running
> "dpkg-buildpackage":
> -8<-
> [snip]
[snip]
> /usr/bin/ld: cannot find -lz
> which lib
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Maybe I was mistaken, you were talking about accounting, while I spoke of
authentication. My apologies.
On Fri, 20 Aug 2004 20:59:03 -0700
Michael Brown <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> You may want
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
You may want to look at the EAP - related modules. This is really the purpose of this
'Extensible' protocol.
This, of course, would require configuration on the Cisco side of the network, which
is beyond the scope of this list.
Hope this helps.
M
Hi. I install py-radius for the use of my radius
client authentication purposes. How can I establish
communication between the freeradius server with this
py-radius? Do I still need to use PAM authentication
module? How do I configure it in the clients file?
Thanks.
_
Any scripters on here for hire, I want to do a script please contact me
offlist at [EMAIL PROTECTED]
Thank you
Sarky
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks Alan DeKok for pointing out the obvious that the Autz-Type
directive is meaningless until the authorize section has had a hit at
'files'. You got me over that hurdle.
However, I am now experiencing a problem that I saw Kostas Kalevras and
Ron Wahler discussing back in April. I coul
Hi all,
finally I got the debian packages for both woody and sarge built (thanks to paul
hampson and michael markstaller for their hints!).
for woody i hat to comment out the line
dh_installpam --name=radiusd
in file "debian/rules" to have the packages built.
i do not know if this break
Coates Carter <[EMAIL PROTECTED]> wrote:
> The Autz-Type directive doesn't seem to behave the way I would expect,
> based upon what I read in doc/freeradius-1.0.0/Autz-Type .
Autz-Type is applied after the "authorize" section has been processed.
> In raddb/users...
>
> DEFAULT Ldap-Use
The Autz-Type directive doesn't seem to behave the way I would expect,
based upon what I read in doc/freeradius-1.0.0/Autz-Type . My setup
includes...
freeradius-1.0.0
Red Hat Enterprise Linux AS release 3 (Taroon Update 2)
openssl-0.9.7a-33.4.i686.rpm
openldap-2.2.13 (on localhost)
I
Hello,
Thanks, for your response. Do you have a patch for freeradius 0.9.3,
Regards,
Alejandro.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thor
Spruyt
Sent: Friday, August 20, 2004 12:54 PM
To: [EMAIL PROTECTED]
Subject: Re: rlm_exec and Access-Rej
Evren Yurtesen wrote:
> But anybody knows how to remove all the timestamp values from mysql
> dumps that I can insert to new database schema easily?
Import, then delete the column, then dump again :)
--
Regards,
Thor Spruyt
E: [EMAIL PROTECTED]
W: www.thor-spruyt.com
M: +32 (0)475 67 22 65
-
I experienced the previously discussed (non-TLS) segmentation fault
while binding to ldap on...
freeradius-1.0.0
Red Hat Enterprise Linux AS release 3 (Taroon Update 2)
openssl-0.9.7a-33.4.i686.rpm
openldap-2.2.13 (on localhost)
As suggested (Alan Dekok, I think), I hid libsasl from rlm_
kevin J <[EMAIL PROTECTED]> wrote:
> I just found that all reject packets include DEFAULT attributes as well.
> If I don't want to include these DEFAULT attributes from a reject packet,
> what do I need to do? I tried the following but I don't think this is
> correct.
It's a little difficult t
SPROUSE Troy F <[EMAIL PROTECTED]> wrote:
> I am having a compile problem on RedHat 9. I ran configure as ./configure
> --includedir=/usr/include/mysql but below is the output after I run make.
>
> gcc -shared sql_mysql.lo -L/usr/lib/mysql -lmysqlclient -lz -lcrypt -lnsl
> -lm -Wl,-soname -Wl,
I am having a compile problem on RedHat 9. I ran configure as ./configure
--includedir=/usr/include/mysql but below is the output after I run make.
gcc -shared sql_mysql.lo -L/usr/lib/mysql -lmysqlclient -lz -lcrypt -lnsl
-lm -Wl,-soname -Wl,rlm_sql_mysql-1.0.0.so -o .libs/rlm_sql_mysql-1.0.0.
Hi,
I figured out that timestamp field in radcheck table has vanished since
0.9.3 version. Is there any reason why? Just wondering, not complaining :)
But anybody knows how to remove all the timestamp values from mysql
dumps that I can insert to new database schema easily?
-e-
-
List info/subs
kevin J <[EMAIL PROTECTED]> wrote:
> But, I just want to do ldap-athorize and pap-authenticate. So, I
> uncommented only ldap in authorize
> and uncommented only pap in authenticate. I am using clear-txt so I put
> {clear} in module def.
> It looks like that pap is not found for auth-type.
>
"Jonathan C. Detert" <[EMAIL PROTECTED]> wrote:
> I've tried several minor variations of the above changes, to no avail.
> Here's what 'freeradius -sfX' says:
That configuration should work.
> rad_check_password: Found Auth-Type PAM
> auth: type "PAM"
> modcall: e
Ryan Moreton wrote:
> Hi,
>
> I would like to clarify a few things before Alan continues to make
> accusation about me, which I consider unfair and unjustified.
The complete discussion is on the list archive for anybody to read who said
what, so anybody who cares can read it and make up his mind a
Ryan Moreton <[EMAIL PROTECTED]> wrote:
> I would like to clarify a few things before Alan continues to make
> accusation about me, which I consider unfair and unjustified.
Yes, my recent post was inappropriate. It wasn't meant for public
distribution, and I apologize for it.
> Whilst looking
Hi,
I've been trying to compile FreeRadius for a while now. Unsuccessfully so far.
The issue is that the mysql header files are in a specific directory.
I tried to issue a ./configure --includedir=/usr/local/mysql/include to specify this
additional directory.
However when I run the make, for
add something like this to the top part of your
/etc/raddb/users file
DEFAULT Realm == "LOCAL", Autz-Type := SQLautz
Fall-Through = Yes
DEFAULT Realm == "NULL", Autz-Type := SQLautz
Fall-Through = Yes
DEFAULT Realm == "DEFAULT", Autz-Type := SQLautz
and also include this in /et
Alejandro Galue wrote:
> To reject users:
>
> Reply-Message := 'You can not login now'
> And the exit code is 1
>
> PROBLEM:
>
> BUT, Reply-Message on Access-Reject is not modified.
> The Reject Message does not contain any attributes.
According to me it's a bug and I have been submitted patches s
I see now that I have misinterpreted the RFC :)
I understood that "the port" meant the port on the NAS, but apparently that
was wrong.
--
Regards,
Thor Spruyt
E: [EMAIL PROTECTED]
W: www.thor-spruyt.com
M: +32 (0)475 67 22 65
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/li
Hello,
Sorry for the long post. I've installed freeradius 1.0.0 on a slackware
box. I'm trying to make it work against my ISP's Ascend Max40xx. I'm
supporting only PAP on my side, my users are on a MySQL db, with crypt'ed
passwords. I can only connect if I force PAP on client side (in Windows'
DUN
Nice to see you still leaving up to your name
From: "Alan DeKok" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: FW: FW: Creating Groups Date: Fri, 20 Aug 2004 11:39:50 -0400
Whoops, sorry. Rants are inappropriate for the list.
My mistake.
Alan DeKok.
-
Li
On Thu, 2004-08-19 at 09:06 +0800, ROY wrote:
> > What I am looking for is to be able to distribute load across a number
> > of radius boxes and to be able to easily take some nodes out of
> > rotation, or add to the rotation without needing to reconfigure all of
> > the nas servers.
>
> If you've
Hi,
I would like to clarify a few things before Alan continues to make
accusation about me, which I consider unfair and unjustified. I hope that
anybody who is having trouble with group authentication can get some sense
out of this messy conversation. I apologise in advance for this e-mail being
n
Whoops, sorry. Rants are inappropriate for the list.
My mistake.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"Jerlique Ban" <[EMAIL PROTECTED]> wrote:
> I've now switched to using freeradius 1.0.0-pre3 on freebsd. I am trying to
> authenticate users via my Exec-Program call, which does a whole lot of other
> queries and tests before granting access. It all works if a PAP request is
> made, but fails on
lista <[EMAIL PROTECTED]> wrote:
> well, why can't I authenticate?
> It seems to have a problem with the Auth-Type.
...
> rad_check_password: Found Auth-Type System
> auth: type "System"
> ERROR: Unknown value specified for Auth-Type. Cannot perform
> requested action.
You deleted the "uni
Is their a way to add NAS Servers using the dialup admin?
The only options are "Change" "delete" and "Check"
Thanx
Cris
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.737 / Virus Database: 491 - Release Date: 8/11/2004
-
Li
I'm currently Running radius with a Mysql database..
Which has the default groups defined for each user.
If I put in the huntgroup options will they override the default group info
when authenticated from the different NAS..
Thanx
Cris
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[
John Wry <[EMAIL PROTECTED]> wrote:
> I have been struggling for some time now to get going with freeradius
> because the documentation out there is very hard to come by.
I understand. The problem is that the programmers who can write the
documentation don't have time, and the people who do hav
GOOD DAY
When Freeradius server check the result of query
"group_membership_query" ?
and what happens after it in both cases?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
makarand pawagi <[EMAIL PROTECTED]> wrote:
> My question is how to let RADIUS know the meaning of my own set of attributes.
> One way of doing this is to add my own dictionary in the RADIUS, then
> how to do this.
"man dictionary"
> How RADIUS will start using the new dictionary file.
"man d
(off-list)
> If people arent willing to pass their understanding on, then your right
> whats the point!.
I think you are missing the point of my response.
I responded to the original question. I responded politely, and
pointed out what he had done wrong. What he claimed he was trying to
do
> Is their a way to have Freeradius reply differently based on what NAS Server
> sent the request?
Yep.
>
> Example. [EMAIL PROTECTED] will connect throught our national dialup and
> get
> X-Ascend-Data-Filter == "ip in forward tcp est",
> X-Ascend-Data-Filter == "ip in forward dstip 1.2.3.4/24"
It is uncomment :)
I even changed its position (as I saw in an example configuration in the
net...)
but no advance...
On Fri, 2004-08-20 at 11:49, lista wrote:
> I is uncomment :)
> On Fri, 2004-08-20 at 10:49, Amedzekor Kafui wrote:
> > uncomment sql in the authorize section of radiusd.conf
> >
On Fri, 20 Aug 2004, Simone Giovanardi wrote:
> Is it possible manage more thn one ippool in radiusd.conf??
Yep.
>
> I' ve tried to make this but doesn't work properly
>
> Is there an example of radiusd.conf and users file to consulting?
How about you post what you tried. Here is a breif overvi
Hello All,
I have a script that run with every Access-Request Message. I'm using
freeradius 0.9.3 over Fedora Core 2. This is part of my radius.conf:
exec myauth {
wait = yes
program = '/usr/local/bin/myauth.pl'
input_pairs = request
output_pairs =reply
packet_type = Access-Request
}
I is uncomment :)
On Fri, 2004-08-20 at 10:49, Amedzekor Kafui wrote:
> uncomment sql in the authorize section of radiusd.conf
> -
> -- lista <[EMAIL PROTECTED]> wrote:
>
> > well, why can't I authenticate?
> > It seems to have a problem with the Auth-Type.
> >
> > ERROR: Unknown value specified
Is their a way to have Freeradius reply differently based on what NAS Server
sent the request?
Example. [EMAIL PROTECTED] will connect throught our national dialup and
get
X-Ascend-Data-Filter == "ip in forward tcp est",
X-Ascend-Data-Filter == "ip in forward dstip 1.2.3.4/24",
X-Ascend-Data-Fi
Is it possible manage more thn one ippool in radiusd.conf??
I' ve tried to make this but doesn't work properly
Is there an example of radiusd.conf and users file to consulting?
Thanks a lot
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
uncomment sql in the authorize section of radiusd.conf
-
-- lista <[EMAIL PROTECTED]> wrote:
> well, why can't I authenticate?
> It seems to have a problem with the Auth-Type.
>
> ERROR: Unknown value specified for Auth-Type
>
> here are the records in mysql: (the encrypted one
> was added with
They way I've always interpreted it is from the NAS standpoint, to the user.
So INPUT would be what was input to the NAS from the user and vice versa.
I was confused early on thinking from the user point of view. This also
follows because my OUTPUT is usually 10x that of my INPUT.
> -Original
Hi,
I've now switched to using freeradius 1.0.0-pre3 on freebsd. I am trying to
authenticate users via my Exec-Program call, which does a whole lot of other
queries and tests before granting access. It all works if a PAP request is
made, but fails on a CHAP request. Now I understand that CHAP r
John Wry wrote:
> how do i configure portslave ?? I've downloaded it, but pppd is not
> working with radius
http://www.google.com/search?q=configuring+portslave+pppd
First link is a tutorial:
http://www.yolinux.com/TUTORIALS/LinuxTutorialPPP-Dial-in.html
--
Regards,
Thor Spruyt
E: [EMAIL PROTEC
Hi I hope you can help me.
I got a software which uses EAP-MSCHAPv2 to authenticate against freeradius
and
I wonder what to do in a special situation: The Radius sends a success
packet with the authenticator response to the peer and the peer thinks that
the response is invalid, should the peer send
well, why can't I authenticate?
It seems to have a problem with the Auth-Type.
ERROR: Unknown value specified for Auth-Type
here are the records in mysql: (the encrypted one was added with
freeradius web interface)
teste1 User-Password := $1$lUrUQChU$TARPEZEQojso6S9ZlkujF0
teste3 User-Password
how do i configure portslave ?? I've downloaded it, but pppd is not
working with radius
On Thursday, August 19, 2004, at 04:40 PM, Amedzekor Kafui wrote:
You have to configure your NAS (the machine you are
dialing into) to use radius.
I think the linux radius client is called Portslave
Kafui Ame
If I may add my two cents worth:
I have been struggling for some time now to get going with freeradius
because the documentation out there is very hard to come by.
IF someone could graciously take the time to document, it would mean
less questions and less frustration to those who know AND unders
Hi Chalie
What you said below makes a lot of sense but considering i dont know
where to start to get to produce a script like that.
Do you have anything which does that if not can you give me some hints.
Sarky
On Tue, 17 Aug 2004 16:04:27 -0700, Charles J. Boening wrote:
> That would give a user
I tried radzap on V1.0 but it is not working and not giving any debug information
so i reverted back to 0.9.3 i think that is the version.
If i want to make a script so when a user logs in, the system will check if there
is already an entry there and if there is radzap and allow the user to come o
Tnx Alan,
We managed to disconnect
users using “radclient” by sending a fake stop packet
We used the following
command :-
cat testusertodiscconnect.txt
| radclient -x 127.0.0.1:1813 acct secret_password
where secret_password is ths
secret key for localhost (obviously)
and
the co
> FreeRadius then translates the "#" to "=23".
> This is the output from radiusd -X:
In sql.conf:
Change:
safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/"
To:
safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/#"
Joao
Hi,
I'm making a Radius Client for my NAS.
RADIUS provides Vendor Spesific Attributes (26) in which any one can
add his own
set of attributes (as explained in RFC 2865).
My question is how to let RADIUS know the meaning of my own set of attributes.
One way of doing this is to add my own dictionary
/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /rad//var/log/radius/radacct/XXX/auth-detail-20040820
modcall[authorize]: module "auth_log" returns ok for request 0
rlm_realm: Looking up realm "[EMAIL PROTECTED]" for User-Name = "[EMAIL PROTECTED]
i commented out the line and removed the dependency entry for debhelper in
debian/control, now i got the following error after running
"dpkg-buildpackage":
-8<-
[snip]
Making dynamic in rlm_sql_mysql...
make[11]: Entering directory
`/root/src/freeradius-1.0.0/src/modules/rlm_sql/drivers/rlm
Hi!
I tried to install the freeradius-1.0.0 version on Fedora Core 2 and i got an
error like:
errmsg.h not found
mysql.h not found
... (and many more, which are caused by the 2 first errors i think)
now i began reading documentation and forums and i got to know that i must
have mysql developer li
Yes for me it works withe PAP and LDAP. But it doesn't work with MS-CHAP !!
i ve the same problem like you but it concerns MS-CHAP !!
It' funny no?
- Original Message -
From: "kevin J" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, August 19, 2004 10:50 PM
Subject: Re: PAP
Hi!
I tried to install the freeradius-1.0.0 version on Fedora Core 2 and i got an
error like:
errmsg.h not found
mysql.h not found
... (and many more, which are caused by the 2 first errors i think)
now i began reading documentation and forums and i got to know that i must
have mysql developer
The minimum you need is 1 record for each user in
the radcheck table.
insert into radcheck (username, attribute, op,
value) values ('testuser', 'User-Password', ':=', 'testpass');
--Regards,
Thor SpruytE: [EMAIL PROTECTED]W: www.thor-spruyt.comM: +32 (0)475 67 22
65
- Original Me
64 matches
Mail list logo