yes, they're MikroTik's attributes
Thank you!
Edgars
Alan DeKok wrote:
Edgars <[EMAIL PROTECTED]> wrote:
with timeouts it is a good helper but how to proceed with Recv-Limit and
X-Limit attributes (the tota download and upload bits)?
There are no such attributes define in RADIUS.
Your NA
On Mon, Aug 23, 2004 at 06:17:31PM +0200, Michael Markstaller wrote:
> Anyway, what I've changed in my sql.conf (using mysql, other my differ using
> POW(2,32)=4294967296) replace:
> '%{Acct-Input-Octets}' with '%{Acct-Input-Octets} + (%{Acct-Input-Gigawords:-0} *
> POW(2,32))'
> '%{Acct-Output-O
Hi (Alan),
Is there a reason that the preprocess module doesn't do any huntgroup
processing during the pre-accounting stage of a request?
I need to do some accounting processing based on huntgroup, and if there
is no particular reason for not doing it, I will most likely make a
local modification
Hi, I am using freeradius 1.0.0, at this moment it uses PEAP and
everything goes fine. Now, I would like to generate a dynamic WEP key
per client, but I have no clue how to do it, I has been searching in the
mail archives, and in the docs without any results. I will appreciate if
anyone can either
I'm still not seeing it.
Let's start over. What is the best way of authenticating users to an NT
domain over PEAP? Am I even on the right track?
Chris Hand
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan
DeKok
Sent: Tuesday, August 24, 2004 10:51 AM
> } else if (tls_session->fragment >= 0) {
Question:
Looking through the code, the fragment member of tls_session_t is a flag
that is either set to 0 or 1 in various places (depending on whether or
not there are more fragments to send). In this case, won't the above
always match? (ie tls_s
Joey Nix <[EMAIL PROTECTED]> wrote:
> the tls section excepted by check_crl and check_cert_cn out-commented.
> So I'm using the test certificates.
Ok... If you can verify that it works when the *previous* check is
changed to:
} else if (tls_session->fragment >= 0) {
...
I'm using the default config with the following changes in eap.conf:
default_eap_type = tls
and
the tls section excepted by check_crl and check_cert_cn out-commented.
So I'm using the test certificates.
EAP-Type: TLS
freeRADIUS version 1.0.0
Verified with Windows 2000/XP 802.1x Authentication C
Alan DeKok wrote:
kevin J <[EMAIL PROTECTED]> wrote:
I just found that all reject packets include DEFAULT attributes as well.
If I don't want to include these DEFAULT attributes from a reject packet,
what do I need to do? I tried the following but I don't think this is
correct.
It's a li
At 11:14 AM 8/24/2004 -0500, you wrote:
Can Freeradius provide authentication to cable modems? We are looking to
provide cable modem service in addition to dial-up, xDSL, and wireless. I
think I will have to come up with a dictionary file for the vendor but I
think it should work.
Linksys rout
Hi Joey:
Could you please provide more details on this find and
how it gets triggered (test scenario, conditions,
example config). If your find is valid (per feedback
from freeRADIUS authors then this serious flaw should
be patched asap!)
Thanks.
Regards,
Mohammed.
Mohammed H. Petiwala
Senior Sta
Hi there,
I've found a bug in the rlm_eap_tls module.
Which is created by the following commit (CVS):
File: eap_tls.c
Revision: 1.178
Changes since 1.16: +6 -1 lines
Comment: Try to handle the case where we get an ACK after sending the last fragment
http://www.freeradius.org/cgi-bin/cvsweb.cgi/r
Doug Lewis wrote:
> Can Freeradius provide authentication to cable modems?
Your question should be the other way around: "Can cable modems authenticate
with radius servers?"
I doubt cable modem can or will ever be able to, but I think the CMTS might
be able to.
--
Regards,
Thor Spruyt
E: [EMAIL
Is it the cable modem or the CMTS that would be the RADIUS client? I
would have thought the latter. Either way, if they are standards
compliant RADIUS clients, then yes, FreeRADIUS can help. Depending upon
the vendor of your CMTS/Cable Modems, you may have to write a vendor
dictionary but that's
I didn't realize CMs used radius.. You may want to check out a few of
the systems out there though.. Some are free some aren't
www.docsis.org has good info
http://freshmeat.net/projects/docsis_server/
http://www.mpthrill.com/mptmngpro/
I have my own system.. Works rather well for my company..
Can Freeradius provide authentication to cable modems? We are looking
to provide cable modem service in addition to dial-up, xDSL, and
wireless. I think I will have to come up with a dictionary file for the
vendor but I think it should work.
Thanks for your replies.
--
~~~
When I try to compile freeradius, it
show:***/usr/bin/ar
cru .libs/rlm_unix.a rlm_unix.o cache.o compat.o ranlib
.libs/rlm_unix.acreating rlm_unix.la(cd .libs && rm -f
rlm_unix.la && ln -s ../rlm_unix.la rlm_unix.la)gmake[6]: Saliendo
d
Apologies for previous mail which was sent in HTML format. I reposted :)
Hints file
Hi,
We are currently setting up freeradius-1.0.0 on fedora core 2 to
act as a proxy server.
We found a problem with the hints file. The basic Hints file syntax that
used to work on a previous version o
Hints file
Hi,
We
are currently setting up freeradius-1.0.0 on fedora core 2 to act as a proxy
server.
We found a problem with the hints file. The basic
Hints file syntax that used to work on a previous version of freeradius (on
freeradius 0.8.1 it worked fine) was :-
On Tue, 2004-08-24 at 15:53, Alan DeKok wrote:
> Graeme Hinchliffe <[EMAIL PROTECTED]> wrote:
> > Maybe worth adding a few more checks in somewhere in the SQL
> > subsystem. If a query doesn't return the expected attributes (ie
> > "SELECT 1") then FreeRADIUS segfaults.
>
> doc/bugs?
doc/b
Alan Miller <[EMAIL PROTECTED]> wrote:
> We are an ISP in Northern Ontario.
Mmmm... rock and trees and trees and rocks and rocks and trees...
> The problem is that our Unlimited customers are having issues with
> it because Radius thinks they are authenticating twice (which they
> are) and reje
Graeme Hinchliffe <[EMAIL PROTECTED]> wrote:
> Maybe worth adding a few more checks in somewhere in the SQL
> subsystem. If a query doesn't return the expected attributes (ie
> "SELECT 1") then FreeRADIUS segfaults.
doc/bugs?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://
"Nurul Faizal Bin M.Shukeri" <[EMAIL PROTECTED]> wrote:
> rlm_eap_peap: Had sent TLV failure, rejecting.
Read the REST of the debugging output to see what went wrong.
If you're only going to read the last 10 lines of debugging output,
there's no point in reading any of it.
Alan DeKok.
-
Edgars <[EMAIL PROTECTED]> wrote:
> with timeouts it is a good helper but how to proceed with Recv-Limit and
> X-Limit attributes (the tota download and upload bits)?
There are no such attributes define in RADIUS.
Your NAS may support them as a vendor extension, but you would have
to check y
"Hand, Chris" <[EMAIL PROTECTED]> wrote:
> Yes, I am using the ntdomain realm. However, I do not see it show up in
> the debugging output. Do I need to do anything other than list
> "ntdomain" in the 'authorize' section to make freeradius use it?
If it's listed there, you should see it printed o
Edgars wrote:
> i have problems when using PPTP connection (mschap2 with encryption).
> Are there any special setting to set in clients.conf file because the
> user side can't connect to the NAS? With PAP everythinh works
> perfectly. Currently in client.conf i have the following:
>
> client 10.5.
Tobias Amon wrote:
> Now I get the "Error": Forbidden You don't have permission to access
> /dialup on this server
Possibly because following symbolic links is not allowed.
Check documentation on apache.httpd.org and your httpd.conf or .htaccess
files.
--
Regards,
Thor Spruyt
E: [EMAIL PROTECTE
i have problems when using PPTP connection (mschap2 with encryption).
Are there any special setting to set in clients.conf file because the
user side can't connect to the NAS? With PAP everythinh works perfectly.
Currently in client.conf i have the following:
client 10.5.8.103 {
secret =
Alan Miller wrote:
> We are an ISP in Northern Ontario. Our unlimited dialup customers are
> only allowed to login ONCE so we set their Simultaneous-Use attribute
> in Radius
> to 1. This works great.
> We just started offering a High Speed Dial-up client (basically it's a
> client that communicate
Hello,
Thank You it's working almost.
Now I get the "Error": Forbidden You don't have permission to access /dialup on this
server
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] im Auftrag von Muenz, Michael
Gesendet: Di 24.08.2004 15:39
An: [EMAIL PR
NAS = Network Access Server
In fact any device or system that has a radius
client can be a NAS and communicate to a radius server.
In your wireless example, the AP "can" be the NAS,
but doesn't "have to".
In your wired example, you'll need an access device
that has a radius client.
--Regard
Hello,
I have an interesting situation here that I'm hoping someone can help me
figure out.
We are an ISP in Northern Ontario. Our unlimited dialup customers are only
allowed to login ONCE so we set their Simultaneous-Use attribute in Radius
to 1. This works great.
We just started offering a
> Hi,
>
> just a short question:
> How do I open the dialup_admin?
> Is there a special port I have to use or do i have to
> configure apache to /.../freeradius/dialup_admin/htdocs?
> THX
just link the dialup_admin folder to your htdocs folder.
Example:
Apache HTDOCS: /usr/local/apac
Hi,
just a short question:
How do I open the dialup_admin?
Is there a special port I have to use or do i have to configure apache to
/.../freeradius/dialup_admin/htdocs?
THX
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Tue, 2004-08-24 at 08:59, jassim El-mansori wrote:
> hi
> I'm not sure about NAS
> I'm evaluating freeradius and i have this 2 figures below
>
> (WIN2K)<---ethernet->(radius)
> and wirless one
> (WIN2K)<---AP(3com)--->(radius)
> so, does need to be a phsical ite
hi
I'm not sure about NAS
I'm evaluating freeradius and i have this 2 figures below
(WIN2K)<---ethernet->(radius)
and wirless one
(WIN2K)<---AP(3com)--->(radius)
so, does need to be a phsical item
please any details about this
Do you Yahoo!?
Yahoo! Mail is new
Hiya,
Maybe worth adding a few more checks in somewhere in the SQL
subsystem. If a query doesn't return the expected attributes (ie
"SELECT 1") then FreeRADIUS segfaults.
--
-
Graeme Hinchliffe (BSc)
Core Internet Systems Designer
Zen Internet (http://www.zen.co.uk/)
Direct: 0845
I’m using, win2k(USING PEAP(EAP-MSCHAPV2) client and freeradius-1.0.0
running with slackware 10. I try to authenticate and authorize combining
username and Calling-Station-ID. I test it work on Auth-Type := Local but not in Auth-Type :=EAP .
(work) test Auth-Type := Local,
User-Passwor
On Tue, 2004-08-24 at 10:16, [EMAIL PROTECTED] wrote:
> Yes this is possible.
>
> you have to create huntgroups and then compare your users with these huntgroups eg
> like this:
>
> DEFAULT Huntgroup-Name == groupa, Auth-Type := LDAP
> Fall-Through = no
> and so on.
>
T
On Tue, 2004-08-24 at 10:05, Graeme Hinchliffe wrote:
> Hiya,
> I need to be able to provide 2 completely different authentications
> which are dependant on the NAS that the request comes from. Both
> authentication requests will come for the same user from each NAS in
> turn, the 1st NAS I
-- H T n e t - - W e b M a i l --
Ova poruka poslana je upotrebom HTnet WebMail usluge.
http://www.htnet.hr/webmail
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Yes this is possible.
you have to create huntgroups and then compare your users with these huntgroups eg
like this:
DEFAULT Huntgroup-Name == groupa, Auth-Type := LDAP
Fall-Through = no
and so on.
Markus Wintruff
> -Ursprüngliche Nachricht-
> Von: [EMAIL PROTECT
Hiya,
I need to be able to provide 2 completely different authentications
which are dependant on the NAS that the request comes from. Both
authentication requests will come for the same user from each NAS in
turn, the 1st NAS I need to respond with an accept regardless of the
username/pass
thanx Alan!
with timeouts it is a good helper but how to proceed with Recv-Limit and
X-Limit attributes (the tota download and upload bits)?
Edgars
Alan DeKok wrote:
Edgars <[EMAIL PROTECTED]> wrote:
I want to give this NAS client, for example, total session timeout to
30min (after this time
Upgraded freeradius 0.9.3->1.0.0, after running this appears in the logs (and also
debug screen):
Failed to link to module 'rlm_expr': /usr/local/lib/librlm_expr.a: invalid ELF header
Then i disabled 'expr' line in the radiusd.conf,after got the following error:
Error: radiusd.conf[509] Failed to
45 matches
Mail list logo