too many rogue entries?

Hi all, I assume a rogue entry is caused by the radius server not receiving a disconnection notification by the NAS for some reason or another. I seem to be getting a lot of them.. about 20 a day and there are only about 300 users on the radius/mysql database. I do not have access to the NAS'

Mysql and radius .. Problem

Problem . Is it possible to have one radius server and two mysql servers at back end arranged in a way that based on realm , some users end up in one mysql and others end up in another mysql . Environment Diagram .. Mysql A

tls failed

Hi, I try use eap_tls with freeradius, wpa_supplicant and legitime certificates (not CA.pl samples and whatever passwords). My certificate chain have: CA->RA->user_certificate, so Of corse, I have private key (and password ) only for user_certificate In my eap config file have: CA_file = CA.pe

Re: USR/3-COM HiPer ARC Multiple Filter-ID

Sorry, Yahoo sent when I hit save, 4 times apparently. Let me know if what you've got so far helps any, if not I'll try to finish my original post. --- Alan DeKok <[EMAIL PROTECTED]> wrote: > Josh Potter <[EMAIL PROTECTED]> wrote: > > I have tried the "+=" operator to stack them all > to no > >

Re: USR/3-COM HiPer ARC Multiple Filter-ID

ot; rlm_realm: Accounting realm is LOCAL. modcall[preacct]: module "suffix" returns noop for request 27 modcall: group preacct returns noop for request 27 modcall: entering group accounting for request 27 radius_xlat: '/var/log/radius/radacct/66.63.192.249/detail-20040907' rlm

Re: USR/3-COM HiPer ARC Multiple Filter-ID

ot; rlm_realm: Accounting realm is LOCAL. modcall[preacct]: module "suffix" returns noop for request 27 modcall: group preacct returns noop for request 27 modcall: entering group accounting for request 27 radius_xlat: '/var/log/radius/radacct/66.63.192.249/detail-20040907' rlm

Re: USR/3-COM HiPer ARC Multiple Filter-ID

Thanks for the speedy reply. Below is the relevant info from the debug log (I don't see Filter-ID showing up anywhere but I know for a fact that one is getting set). The users file is just a set of default statements. We then use a mysql table for replying special info such as Filter-IDs. rad

Re: USR/3-COM HiPer ARC Multiple Filter-ID

Thanks for the speedy reply. Below is the relevant info from the debug log (I don't see Filter-ID showing up anywhere but I know for a fact that one is getting set). The users file is just a set of default statements. We then use a mysql table for replying special info such as Filter-IDs. rad

Re: USR/3-COM HiPer ARC Multiple Filter-ID

Josh Potter <[EMAIL PROTECTED]> wrote: > I have tried the "+=" operator to stack them all to no > avail. Always just one of the Filter-IDs specified is > used. It works for my tests. And... what does the debug log say? Are you willing to post it, and samples from your "users" file? Alan

USR/3-COM HiPer ARC Multiple Filter-ID

I am trying to get the USR/3-COM HiPer ARC's to accept multiple Filter-ID's. I know that this can be done on other equipment but I haven't found any information on this particular equipment. I have tried to just assign multiple filter-id's with both ":=" and "=" and I have tried the "+=" operator

Re: PEAP segmentation fault

Mike Here is the gdb output #0 cbtls_msg (write_p=0, msg_version=0, content_type=22, buf=0x81b1780, len=0, ssl=0x8197940, arg=0x0) at cb.c:196 #1 0x4018fdf4 in ssl3_get_message () from /lib/libssl.so.4 #2 0x40185d5b in ssl3_accept () from /lib/libssl.so.4 #3 0x401855e2 in ssl3_accept () from /

Re: memory access error

Update! I have found out that I only receive an error-massage when I uncomment TLS-module in eap.conf. Thanks, Emil Hi! My Userbase is in LDAP and I want to use EAP-TTLS (PAP) authentication. Every time when I start radiusd in debug-mode (option: -X), I get "Memory Access Error" (in German: Speic

Re: Adding own attribute to reply.

> > The key for all was to use an id < 255. Well, it seemed to works, but it doesn't. Now I have in my users file an entry like this: stive Auth-Type := Local, User-Password == "testing" Framed-IP-Address = 172.16.3.33, Framed-IP-Netmask = 255.255.255.0, MS-Primary-DN

Re: Adding own attribute to reply.

> Kostas Kalevras <[EMAIL PROTECTED]> wrote: >> Create a vendor specific attribute. The easiest way is to add >> another attribute in the dictionary.freeradius. The key for all was to use an id < 255. Maybe a FAQ ? :) > Please don't. That's the *FreeRADIUS* dictionary, not a site-local > dict

Re: Ldap and Ldap-Group

Hello, I just installed FreeRadius-1.0.0 on my test workstation, I get the same results. I have this setup: radiusd.conf: ldap dialup { server = "hoggle.gwi" identity = "cn=Manager,dc=gwi,dc=net" password = "jogging cures the common cold"

RE: dialup_admin empty statistics

There are a couple scripts in the bin directory that require to be running via cron to compile the stats.. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tobias Amon Sent: Tuesday, September 07, 2004 11:33 AM To: [EMAIL PROTECTED] Subject: dialup_admin empty stat

dialup_admin empty statistics

[EMAIL PROTECTED] finally I managed Dialup_admin to worl with mysql. But now I only get empty statistics. Where d o I get the data? THX <>

Re: Proxy.conf configuration options question

Kostas Zorbadelos <[EMAIL PROTECTED]> wrote: > I have noticed that the setup below, used in my production system > (0.9.3), does not work in case of accounting packets. Accounting packets are never re-tried. Instead, new accounting packets are sent. > To be precise, whenever I do not receive a

Passwords in LDAP aren't found...

"Alexandre Durand" <[EMAIL PROTECTED]> wrote: > I've seen the debug but i don't understand and nobody seems to want help me. > So i begin to think that i'm going to abort!! So... post the debug output here. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/us

Re: Oracle Bug Report

Kostas Zorbadelos <[EMAIL PROTECTED]> wrote: > This seems like a good improvement in the freeradius code. > Will this patch be accepted in the CVS and be available in a next > minor revision? If it fixes the problem you're seeing, yes. I don't run Oracle, so I can't test it myself. Alan D

Re: Oracle bug report

Andrea Gabellini <[EMAIL PROTECTED]> wrote: > looking at the code, the server return SQL_DOWN if there is any type of error. > > Errors like "ORA-01401: inserted value too large for column" are set by the > Oracle server, so the server is up and running. > > In this situation it's not a good ide

Re: Is there some kind of trick to make Cisco LEAP work???

> Richard, > > Thanks for that input, it sounds very straightforward to me. I'll try > your patches on Tuesday (Monday is a holiday here). Have you brought > this up with Cisco? If not, I will open a case next week. I'd like to > know whether Cisco's leap/eap developers intended for the

Re: exec-program as unknown attribute

thnks Alan! i've already found that i had a space after the attribute which has been written in the DB. Edgars Alan DeKok wrote: Edgars <[EMAIL PROTECTED]> wrote: rlm_sql: unknown attribute Exec-Program-Wait rlm_sql (sql): Error getting data from database Odds are your SQL server is retu

Re: Freeradius with securid

"Michael Markstaller" <[EMAIL PROTECTED]> wrote: > Anyway, I've also RSA ACE SecurID users in my ACS which I need to send > to the ACE-server (speaking RADIUS) for authentication; this also works > fine with a realm (@ace) for testing but my problem is, that this means > telling several hundred use

Re: radutmp is not written

[EMAIL PROTECTED] wrote: > My problem is, that freeradius doesn't write to radutmp, absolutely > nothing. The server writes data to radutmp ONLY if it receives accounting packets. Check that the server is receiving accounting packets... Alan DEKok. - List info/subscribe/unsubscribe? Se

Re: Adding own attribute to reply.

"Pierluigi Frullani" <[EMAIL PROTECTED]> wrote: > I've then create an attribute in dictionary, using an identifier marked as > free ( # Range: 1800-2999 Free ) in this way: What about reading /etc/raddb/dictionary? It contains instructions for adding attributes which WON'T conflict with future

Re: exec-program as unknown attribute

Edgars <[EMAIL PROTECTED]> wrote: > rlm_sql: unknown attribute Exec-Program-Wait > rlm_sql (sql): Error getting data from database Odds are your SQL server is returning the attribute names with embedded spaces. Delete them, and it will work. Alan DeKok. - List info/subscribe/unsubscribe?

Re: WPA and Network Devices

"Mahesh S Kudva" <[EMAIL PROTECTED]> wrote: > Would it be possible to have WPA authentication for any network devices > like wireless printers which supports WPA? If they do wireless authentication, yes. > How can I do it? > What are the requirements in the RADIUS Server? > Any links or inform

Re: Adding own attribute to reply.

Kostas Kalevras <[EMAIL PROTECTED]> wrote: > Create a vendor specific attribute. The easiest way is to add > another attribute in the dictionary.freeradius. Please don't. That's the *FreeRADIUS* dictionary, not a site-local dictionary. Instead, invent another dictionary, with another vendor-

AW: dialup_admin

Just another question: how can i login to dialup_admin Do I have to login? I see the menu at the left side -Ursprüngliche Nachricht- Von: Tobias Amon im Auftrag von Tobias Amon Gesendet: Di 07.09.2004 15:23 An: [EMAIL PROTECTED] Cc

AW: dialup_admin

permissions are set correctly. debugging does not show any errors but changing the user/password to false values also doesn't show any errors -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] im Auftrag von Cris Boisvert Gesendet: Di 07.09.2004 15:14 An: [

RE: dialup_admin

Does it not connect to the database? Ensure the database permissions are set correctly. Inside admin.conf enable debugging.. it will display errors in the browser that will help you find out why.. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tobias Amon Sent

AW: dialup_admin

Thanks, now I made my freeradius work with mysql. Now the dialup_admin does not find the users I added in the database. How do I connect the dialup_admin to the mysql_database. I found the admin.conf - file there I changed the values for user and pass to be able to conect to the database but it

Re: Adding own attribute to reply.

On Tue, 7 Sep 2004, Pierluigi Frullani wrote: > Hi all, > for a custom application I need to add some personal attribute in the > reply I get from radius server, but can't find anywhere info on how to do > that. > > I've then create an attribute in dictionary, using an identifier marked as > free

Re: dialup_admin

On Tue, 7 Sep 2004, Tobias Amon wrote: > Hi, > > I've installed freeradius 0.9.3 which came with Suse 9.1 > I don't know exactly where it has been installed and now I'm trying to use > dialup_admin > to configure the server. > I found the dialup_admin pages at /usr/share/doc/packages/freearadius/

dialup_admin

Hi, I've installed freeradius 0.9.3 which came with Suse 9.1 I don't know exactly where it has been installed and now I'm trying to use dialup_admin to configure the server. I found the dialup_admin pages at /usr/share/doc/packages/freearadius/dialup_admin I made a symlink to %APACHEROOT%/dialup

Freeradius with securid

Hi, I know there're at least 10 ways to do this but wonder which is the best one, so I ask. I'm (still) in the process of replacing a Cisco ACS with freeradius on debian woody with a mysql-backend. The dial-up-part with static users is done & running great; thanks for freeradius ! Anyway, I've a

Re: Allowing users from one NAS and not another.

you can also modify radcheck query adding also '%{NAS-IP-Address}' checking from specific table. Edgars Kostas Kalevras wrote: On Tue, 7 Sep 2004, Raymond Myren wrote: Hi group, I'm currently in the process of testing FreeRadius with MySQL backend. Is it possible by some Attribute in the DB,

radutmp is not written

Hi, we're using freeradius 0.9.3 an 1.0.0 on Solaris 8. Authentication works fine. We now want to make use of the "Simultaneous-use"-feature. AFAIR, the daemon is checking the radutmp-file, if the user is already logged in and if yes, he then checks the NAS. My problem is, that freeradius doe

EAP Peap query

Hello all, I was going through the EAP-PEAP draft-8, section 2.5 talks about Key Derivation. I wanted to know where are these keys used? Are the used for encrypting and signing the TLS application data in PEAP phase-2? Regards, Avinash - List info/subscribe/unsubscribe? See http://www.freeradiu

Re: Allowing users from one NAS and not another.

On Tue, 7 Sep 2004, Raymond Myren wrote: > Hi group, > > I'm currently in the process of testing FreeRadius with MySQL backend. > > > > Is it possible by some Attribute in the DB, only to allow a user to log > on from one NAS? Or is it possible to find another workaround to this. > All URLs and co

Adding own attribute to reply.

Hi all, for a custom application I need to add some personal attribute in the reply I get from radius server, but can't find anywhere info on how to do that. I've then create an attribute in dictionary, using an identifier marked as free ( # Range: 1800-2999 Free ) in this way: ATTRIBUTE M

Allowing users from one NAS and not another.

Hi group, I’m currently in the process of testing FreeRadius with MySQL backend.   Is it possible by some Attribute in the DB, only to allow a user to log on from one NAS? Or is it possible to find another workaround to this. All URLs and comments are welcome.   \raymond