Hi all,
I assume a rogue entry is caused by the radius server not receiving a
disconnection notification by the NAS for some reason or another. I
seem to be getting a lot of them.. about 20 a day and there are only
about 300 users on the radius/mysql database. I do not have access to
the NAS'
Problem .
Is it possible to have one radius server and two mysql servers at
back end arranged in a way that based on realm , some users end up in
one mysql and others end up in another mysql .
Environment Diagram ..
Mysql A
Hi,
I try use eap_tls with freeradius, wpa_supplicant and legitime
certificates (not CA.pl samples and whatever passwords).
My certificate chain have: CA->RA->user_certificate, so
Of corse, I have private key (and password ) only for user_certificate
In my eap config file have:
CA_file = CA.pe
Sorry, Yahoo sent when I hit save, 4 times apparently.
Let me know if what you've got so far helps any, if
not I'll try to finish my original post.
--- Alan DeKok <[EMAIL PROTECTED]> wrote:
> Josh Potter <[EMAIL PROTECTED]> wrote:
> > I have tried the "+=" operator to stack them all
> to no
> >
ot;
rlm_realm: Accounting realm is LOCAL.
modcall[preacct]: module "suffix" returns noop for
request 27
modcall: group preacct returns noop for request 27
modcall: entering group accounting for request 27
radius_xlat:
'/var/log/radius/radacct/66.63.192.249/detail-20040907'
rlm
ot;
rlm_realm: Accounting realm is LOCAL.
modcall[preacct]: module "suffix" returns noop for
request 27
modcall: group preacct returns noop for request 27
modcall: entering group accounting for request 27
radius_xlat:
'/var/log/radius/radacct/66.63.192.249/detail-20040907'
rlm
Thanks for the speedy reply. Below is the relevant
info from the debug log (I don't see Filter-ID showing
up anywhere but I know for a fact that one is getting
set). The users file is just a set of default
statements. We then use a mysql table for replying
special info such as Filter-IDs.
rad
Thanks for the speedy reply. Below is the relevant
info from the debug log (I don't see Filter-ID showing
up anywhere but I know for a fact that one is getting
set). The users file is just a set of default
statements. We then use a mysql table for replying
special info such as Filter-IDs.
rad
Josh Potter <[EMAIL PROTECTED]> wrote:
> I have tried the "+=" operator to stack them all to no
> avail. Always just one of the Filter-IDs specified is
> used.
It works for my tests.
And... what does the debug log say? Are you willing to post it, and
samples from your "users" file?
Alan
I am trying to get the USR/3-COM HiPer ARC's to accept
multiple Filter-ID's. I know that this can be done on
other equipment but I haven't found any information on
this particular equipment. I have tried to just
assign multiple filter-id's with both ":=" and "=" and
I have tried the "+=" operator
Mike Here is the gdb output
#0 cbtls_msg (write_p=0, msg_version=0, content_type=22, buf=0x81b1780,
len=0, ssl=0x8197940, arg=0x0) at cb.c:196
#1 0x4018fdf4 in ssl3_get_message () from /lib/libssl.so.4
#2 0x40185d5b in ssl3_accept () from /lib/libssl.so.4
#3 0x401855e2 in ssl3_accept () from /
Update!
I have found out that I only receive an error-massage when I uncomment TLS-module in
eap.conf.
Thanks,
Emil
Hi!
My Userbase is in LDAP and I want to use EAP-TTLS (PAP) authentication.
Every time when I start radiusd in debug-mode (option: -X), I get
"Memory Access Error" (in German: Speic
>
> The key for all was to use an id < 255.
Well, it seemed to works, but it doesn't.
Now I have in my users file an entry like this:
stive Auth-Type := Local, User-Password == "testing"
Framed-IP-Address = 172.16.3.33,
Framed-IP-Netmask = 255.255.255.0,
MS-Primary-DN
> Kostas Kalevras <[EMAIL PROTECTED]> wrote:
>> Create a vendor specific attribute. The easiest way is to add
>> another attribute in the dictionary.freeradius.
The key for all was to use an id < 255.
Maybe a FAQ ? :)
> Please don't. That's the *FreeRADIUS* dictionary, not a site-local
> dict
Hello,
I just installed FreeRadius-1.0.0 on my test workstation, I get the same
results.
I have this setup:
radiusd.conf:
ldap dialup {
server = "hoggle.gwi"
identity = "cn=Manager,dc=gwi,dc=net"
password = "jogging cures the common cold"
There are a couple scripts in the bin directory that require to be running
via cron to compile the stats..
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tobias
Amon
Sent: Tuesday, September 07, 2004 11:33 AM
To: [EMAIL PROTECTED]
Subject: dialup_admin empty stat
[EMAIL PROTECTED]
finally I managed Dialup_admin to worl with mysql.
But now I only get empty statistics.
Where d o I get the data?
THX
<>
Kostas Zorbadelos <[EMAIL PROTECTED]> wrote:
> I have noticed that the setup below, used in my production system
> (0.9.3), does not work in case of accounting packets.
Accounting packets are never re-tried. Instead, new accounting
packets are sent.
> To be precise, whenever I do not receive a
"Alexandre Durand" <[EMAIL PROTECTED]> wrote:
> I've seen the debug but i don't understand and nobody seems to want help me.
> So i begin to think that i'm going to abort!!
So... post the debug output here.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/us
Kostas Zorbadelos <[EMAIL PROTECTED]> wrote:
> This seems like a good improvement in the freeradius code.
> Will this patch be accepted in the CVS and be available in a next
> minor revision?
If it fixes the problem you're seeing, yes.
I don't run Oracle, so I can't test it myself.
Alan D
Andrea Gabellini <[EMAIL PROTECTED]> wrote:
> looking at the code, the server return SQL_DOWN if there is any type of error.
>
> Errors like "ORA-01401: inserted value too large for column" are set by the
> Oracle server, so the server is up and running.
>
> In this situation it's not a good ide
> Richard,
>
> Thanks for that input, it sounds very straightforward to me. I'll try
> your patches on Tuesday (Monday is a holiday here). Have you brought
> this up with Cisco? If not, I will open a case next week. I'd like to
> know whether Cisco's leap/eap developers intended for the
thnks Alan! i've already found that i had a space after the attribute
which has been written in the DB.
Edgars
Alan DeKok wrote:
Edgars <[EMAIL PROTECTED]> wrote:
rlm_sql: unknown attribute Exec-Program-Wait
rlm_sql (sql): Error getting data from database
Odds are your SQL server is retu
"Michael Markstaller" <[EMAIL PROTECTED]> wrote:
> Anyway, I've also RSA ACE SecurID users in my ACS which I need to send
> to the ACE-server (speaking RADIUS) for authentication; this also works
> fine with a realm (@ace) for testing but my problem is, that this means
> telling several hundred use
[EMAIL PROTECTED] wrote:
> My problem is, that freeradius doesn't write to radutmp, absolutely
> nothing.
The server writes data to radutmp ONLY if it receives accounting
packets.
Check that the server is receiving accounting packets...
Alan DEKok.
-
List info/subscribe/unsubscribe? Se
"Pierluigi Frullani" <[EMAIL PROTECTED]> wrote:
> I've then create an attribute in dictionary, using an identifier marked as
> free ( # Range: 1800-2999 Free ) in this way:
What about reading /etc/raddb/dictionary? It contains instructions
for adding attributes which WON'T conflict with future
Edgars <[EMAIL PROTECTED]> wrote:
> rlm_sql: unknown attribute Exec-Program-Wait
> rlm_sql (sql): Error getting data from database
Odds are your SQL server is returning the attribute names with
embedded spaces. Delete them, and it will work.
Alan DeKok.
-
List info/subscribe/unsubscribe?
"Mahesh S Kudva" <[EMAIL PROTECTED]> wrote:
> Would it be possible to have WPA authentication for any network devices
> like wireless printers which supports WPA?
If they do wireless authentication, yes.
> How can I do it?
> What are the requirements in the RADIUS Server?
> Any links or inform
Kostas Kalevras <[EMAIL PROTECTED]> wrote:
> Create a vendor specific attribute. The easiest way is to add
> another attribute in the dictionary.freeradius.
Please don't. That's the *FreeRADIUS* dictionary, not a site-local
dictionary.
Instead, invent another dictionary, with another vendor-
Just another question:
how can i login to dialup_admin
Do I have to login?
I see the menu at the left side
-Ursprüngliche Nachricht-
Von: Tobias Amon im Auftrag von Tobias Amon
Gesendet: Di 07.09.2004 15:23
An: [EMAIL PROTECTED]
Cc
permissions are set correctly.
debugging does not show any errors
but changing the user/password to false values also doesn't show any errors
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] im Auftrag von Cris Boisvert
Gesendet: Di 07.09.2004 15:14
An: [
Does it not connect to the database? Ensure the database permissions are set
correctly.
Inside admin.conf enable debugging.. it will display errors in the browser
that will help you find out why..
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tobias
Amon
Sent
Thanks,
now I made my freeradius work with mysql.
Now the dialup_admin does not find the users I added in the database.
How do I connect the dialup_admin to the mysql_database.
I found the admin.conf - file there I changed the values for user and pass to be able
to conect to the database but it
On Tue, 7 Sep 2004, Pierluigi Frullani wrote:
> Hi all,
> for a custom application I need to add some personal attribute in the
> reply I get from radius server, but can't find anywhere info on how to do
> that.
>
> I've then create an attribute in dictionary, using an identifier marked as
> free
On Tue, 7 Sep 2004, Tobias Amon wrote:
> Hi,
>
> I've installed freeradius 0.9.3 which came with Suse 9.1
> I don't know exactly where it has been installed and now I'm trying to use
> dialup_admin
> to configure the server.
> I found the dialup_admin pages at /usr/share/doc/packages/freearadius/
Hi,
I've installed freeradius 0.9.3 which came with Suse 9.1
I don't know exactly where it has been installed and now I'm trying to use dialup_admin
to configure the server.
I found the dialup_admin pages at /usr/share/doc/packages/freearadius/dialup_admin
I made a symlink to %APACHEROOT%/dialup
Hi,
I know there're at least 10 ways to do this but wonder which is the best
one, so I ask.
I'm (still) in the process of replacing a Cisco ACS with freeradius on
debian woody with a mysql-backend.
The dial-up-part with static users is done & running great; thanks for
freeradius !
Anyway, I've a
you can also modify radcheck query adding also '%{NAS-IP-Address}'
checking from specific table.
Edgars
Kostas Kalevras wrote:
On Tue, 7 Sep 2004, Raymond Myren wrote:
Hi group,
I'm currently in the process of testing FreeRadius with MySQL backend.
Is it possible by some Attribute in the DB,
Hi,
we're using freeradius 0.9.3 an 1.0.0 on Solaris 8.
Authentication works fine. We now want to make use of the
"Simultaneous-use"-feature. AFAIR, the daemon is checking the
radutmp-file, if the user is already logged in and if yes, he then checks
the NAS.
My problem is, that freeradius doe
Hello all,
I was going through the EAP-PEAP draft-8, section 2.5 talks about Key
Derivation.
I wanted to know where are these keys used? Are the used for encrypting and
signing
the TLS application data in PEAP phase-2?
Regards,
Avinash
-
List info/subscribe/unsubscribe? See http://www.freeradiu
On Tue, 7 Sep 2004, Raymond Myren wrote:
> Hi group,
>
> I'm currently in the process of testing FreeRadius with MySQL backend.
>
>
>
> Is it possible by some Attribute in the DB, only to allow a user to log
> on from one NAS? Or is it possible to find another workaround to this.
> All URLs and co
Hi all,
for a custom application I need to add some personal attribute in the
reply I get from radius server, but can't find anywhere info on how to do
that.
I've then create an attribute in dictionary, using an identifier marked as
free ( # Range: 1800-2999 Free ) in this way:
ATTRIBUTE M
Hi group,
I’m currently in the process of testing FreeRadius
with MySQL backend.
Is it possible by some Attribute in the DB, only to
allow a user to log on from one NAS? Or is it possible to find another workaround
to this. All URLs and comments are welcome.
\raymond
43 matches
Mail list logo