stefan/list,
I am not sure this is a freeradius thing, but maybe others have similar
questions/issues.
there are obviously different kinds of encryption and as you mention with
out a key, decryption
is not possible. that leaves public key based encryption. so, poptop can
do ssl based encrypti
Hi gokhan,
this is my first mail. actually I am reading mails for a while. and by the aim of this list
ý managed to install and run mysql radius and gnugk.
from now I want to make a sistem that works with tarriff and prepaid balances.
for example usera calls userb and it talks 60 seconds. the ta
On Wed, 20 Oct 2004, EROS wrote:
Well, the pb is that if you are doing this a user could login for more
than 90days after his first connection.
And this kind of user already have a max session timeout in setting.
So now I make a perl script that check every 24h the first connection of
a user and s
Well, the pb is that if you are doing this a user could login for more
than 90days after his first connection.
And this kind of user already have a max session timeout in setting.
So now I make a perl script that check every 24h the first connection of
a user and set the Expiration attribute to 9
What do you use for authentication?
MAC Addresses, 802.1x, etc?
--- "Nurul Faizal Bin M.Shukeri" <[EMAIL PROTECTED]> wrote:
> I've got cisco aironet 350 series AP.
>
>
>
> ---
>
>
>
> This will depend on your NAS/RAS.
>
>
>
> Which one do you have?
>
>
>
> --- "Nurul Faizal Bin M
Like I said:
# snmpwalk -c community -Of nas.domain.tld ciscoAAASessionMIB
.iso.org.dod.internet.private.enterprises.cisco.ciscoMgmt.ciscoAAASessionMIB
= No Such Object available on this agent at this OID
Not all Cisco equipment responds to the same OID's.
I seem to remember looking through the I
You'll need to use one of the ODBC sql modules. There are two depending
on which unix ODBC package you prefer, rlm_sql_iodbc and
rlm_sql_unixodbc.
--Mike
On Wed, 2004-10-20 at 11:53, Matt wrote:
> Hi,
> What do I need to do to get freeradius to access Microsoft SQL server?
> Someone else in th
Perhaps
> rlm_krb5.c:40:21: com_err.h: No such file or directory
Mearl
>>> [EMAIL PROTECTED] 10/20/2004 12:17:10 PM >>>
how did you try installing? On my fedora system I
always use "yum" to get and install the programs I
want
Matt wrote:
> Hi,
> Can anyone explain to me why I'm getting the e
Matt <[EMAIL PROTECTED]> wrote:
> Can anyone explain to me why I'm getting the error I am and the
> aborted compile? I'm compling on a fedora core 1 system.
See the web archives. Fedora/redhat put into a weird
location.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freer
[EMAIL PROTECTED] wrote:
> I'm using freeRadius version 1.0 and Linksys AP. I am trying to
> authentic= ate Wlan users using WPA authentication. The actual
> authentication is suppose= d to be done in an external script which
> is launched from freeRadius.
Are you sure? From the example you pos
I could use yum.. may actually ... I just usually like to compile from
source... checking out the oreily book now.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
how did you try installing? On my fedora system I
always use "yum" to get and install the programs I
want
Matt wrote:
Hi,
Can anyone explain to me why I'm getting the error I am and the
aborted compile? I'm compling on a fedora core 1 system.
rlm_exec.c: In function `exec_xlat':
rlm_exec.c:124
Matt
I just sent this link to someone else having setup issues. It is a web page
that has an excerpt from an O'rielly book about radius that specifically
talks about setting up Freeradius.
The site is http://www.oreilly.de/catalog/radius/chapter/ch05.html
Best Regards,
Bryan
-Original Mess
Bryan,
I found that same site and it's what I used
orginally to get everything set up. I was going
to purchase this book, but it's more then I want
to spend on a book for a small nonn-production
server. I thought I had followed the site so
everything would work, but I guess not. Does
anyo
Hi,
Can anyone explain to me why I'm getting the error I am and the
aborted compile? I'm compling on a fedora core 1 system.
rlm_exec.c: In function `exec_xlat':
rlm_exec.c:124: warning: unused parameter `func'
rlm_exec.c: In function `exec_detach':
rlm_exec.c:162: warning: passing arg 2 of `xlat
Hi,
What do I need to do to get freeradius to access Microsoft SQL server?
Someone else in the list here said they use it to do stored
procedures and the like, but I'm not showing freeradius shipping with
Microsoft SQL support.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/lis
"EROS" <[EMAIL PROTECTED]> wrote:
> For example, a user could connect 90d after his first connection and no
> more.
> I don't know how to setup a counter like this , if somebody has an idea
> !
rlm_counter. See raddb/radiusd.conf for examples.
You should say "reset = never", and then set th
Carl
I read some of your post and have a web page that has an excerpt from an
O'rielly book about radius that specifically talks about setting up
Freeradius. I used this book and this procedure to get mine running with
mysql as the backend. With that being the setup you can make a script or
whate
Hi,
I would like to setup a counter that set expiration after a defined
time.
For example, a user could connect 90d after his first connection and no
more.
I don't know how to setup a counter like this , if somebody has an idea
!
Thx
-
List info/subscribe/unsubscribe? See http://www.freerad
Hi,
> 2. what is the best way to have encrypted transport
> and encrypted passwords?
It depends on what you mean by encryption. Of course you
can encrypt stuff by some symmetric encryption method and
store the key to get the cleartext from the encrypted text
somewhere (e.g. radius secrets
Alan DeKok wrote:
users: Matched DEFAULT at 152
It's probably at line 152.
It would be more evident if the error message was clear about 152
referring to a line number. Thanks for mentioning it.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
This should be done in USER MANAGE MODULE of your OSS ,where u can set your
own attribute ,and control the list radius server access user info.
Regards.
Yyc
And the vision that was planted in my brain.
Still remains with the Sound of Silence.
preprocess" returns ok for request 0
radius_xlat: '/home/radacct/x.x.x.x/auth-detail-20041020'
rlm_detail: /home/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /home/radacct/x.x.x.x/auth-detail-20041020
modcall[authorize]: module "auth_log" returns ok for re
Sweet, that worked. However, by turning off
system authentication, I would manually have to
enter users; this is just a test server, so for
the time being, I want to authenticate users based
on if they have an account on the server. I had
tried using
DEFAULTAuth-Type = System
F
Hi,
is there an attribute for a user, like the tacacs "expires = \"DATE\"",
which limits an account until a specific date?
thanks in advance
flo
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
You can use sql (you find it in radius.conf)
There is a table radacct that includes AcctStartTime - AcctStopTime,
Nas-IP-Address etc. for accounting packets.
See if this table has anything that you need and use it.
Regards,
Kyriaki Gali,
IT Applications Specialist
Kinetix Tele.com Support Cente
Carl <[EMAIL PROTECTED]> wrote:
> I'm trying to use FreeRadius as an authentication
> server to authenticate wireless network users. I
> have it installed and configured, but I don't have
> it configured correctly evidently. In the users
> file, I have a user bob with the password bob. If
>
"Cameron Birky" <[EMAIL PROTECTED]> wrote:
> 1. is that why everybody on the list seems to use sql as a back end, so that
> the db can handle the
> encrypted passwords, and not have to make radius do it?
No. They use DB's because they're easier to manage than flat text
files.
Nothing in SQL
Hi Raimund,
Nicolas and I did some test on proxy forwarding , we use this model :
CLIENT 172.16.69.1
|
vlan 69
|
"Michael Luthe" <[EMAIL PROTECTED]> wrote:
> lol, the solution was that i needed backquotes around the expression at mysql:
>
> "`%{sql:%{config:modules.sql.seto} UserName='%{SQL-User-Name}'}`"
See doc/variables.txt. It's explained there.
Alan DeKok.
-
List info/subscribe/unsubscribe? Se
Paul,
You are not going to believe this but the error was a in the clients.conf
file. I had put a uppercase 'C' instead of a lower case one!!
T
>-- Original Message --
>From: Paul <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Re: Cisco NAS not authenticating
>Reply-To: [EMAIL PROTECTED]
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wednesday 20 October 2004 13:41, Peter Nixon wrote:
> Hi Guys
>
> I have a configuration on a large network with many NAS and and a number of
> RADIUS servers proxying Authentication requests to a FreeRADIUS box. I also
> have a number of NAS direct
I'm trying to use FreeRadius as an authentication
server to authenticate wireless network users. I
have it installed and configured, but I don't have
it configured correctly evidently. In the users
file, I have a user bob with the password bob. If
I use the command "radtest bob bob localhos
Hello List
we have freeradius1.0.1 and auth users via Domain.
Thats all okay.
With perl script radiusreport, i see all users with date and time.
And now i will see the traffic. Any idea ??
What must i enabled in radius.conf or must i install an sql server?
ThX
Regards / Grüße / Danke
Marco Pa
Alan DeKok schrieb:
"[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
Manually adding certificates to 100's of laptops does not sound like my cup
of tea.
Each laptop has to have a copy of the server certificate for PEAP to
work. There really isn't any alternative.
And because it's Windows, it's
I think u misunderstand me, I mean i have no device but a bad computer + Linux :)
Regards.
Yyc
And the vision that was planted in my brain.
Still remains with the Sound of Silence.
-éäåä-
åää: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTE
On Wednesday 20 October 2004 07:34, Yyc wrote:
> hi all,
> About implementing Web Authentication and Accouting used in school network
> access? I have 2 problems:
> 1. where should the web server be, in NAS or independent?
> 2. if web server is independent , it can get info from
Yes, you can do this, you have to use LDAP to integrate the two, and
I've included a link that might be of some use...
LDAP (Incorporates radius server with AD Authentication)
http://www.siliconvalleyccie.com/linux-adv/ldap.htm
--
Thomas Lasswell
http://www.graphinesystems.com
[EMAIL PROTECTED]
Hi ,
I would like to know if freeradius works with Active
directory. If so how can I configure it.
secondly, I want to use Active Directory within for
802.1x/EAP authentication. Is there any possibility to
establish this tak.
Thanks,
Raza.
__
hi all,
About implementing Web Authentication and Accouting used in school network
access?
I have 2 problems:
1. where should the web server be, in NAS or independent?
2. if web server is independent , it can get info from radius server, but how
does webserver or
in radacct table inserts an AcctStartTime and an AcctStopTime, when execute
an accounting_start and an accounting_stop packet. You can use these.
Kyriaki Gali,
IT Applications Specialist
Kinetix Tele.com Support Center,
Tel & Fax: +30 2310 256140
GSM: +30 6947 723737
http://www.kinetix.gr
e-mail:
hi,
how do i make use of billing(login time and logout time) for freeradius server.
Regards,
Srinivasan.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Wed, 20 Oct 2004, Nicolas Viers - SCI wrote:
Mitchell, Michael wrote:
Configurable failover IS what you want... You just have to specify
not_found = 1 (or some other number depending on your other options). Have
another read of the doco. :)
I had seen the file "doc/configurable_failover" but
No, what is it. All of my clients have wireless CPEs. In other words it's
not the pc that authenticates it's the wireless device. The pc connects to
its Ethernet port.
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:freeradius-
> [EMAIL PROTECTED] On Behalf Of Paul
> Sent: Tuesday
Mitchell, Michael wrote:
Configurable failover IS what you want... You just have to specify not_found = 1 (or some other number depending on your other options). Have another read of the doco. :)
I had seen the file "doc/configurable_failover" but in my case i have
TWO ldap server and so two b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Guys
I have a configuration on a large network with many NAS and and a number of
RADIUS servers proxying Authentication requests to a FreeRADIUS box. I also
have a number of NAS directly Authing from my radius server.
I am using huntgroups to on
lol, the solution was that i needed backquotes around the expression at mysql:
"`%{sql:%{config:modules.sql.seto} UserName='%{SQL-User-Name}'}`"
instead of
"%{sql:%{config:modules.sql.seto} UserName='%{SQL-User-Name}'}"
I hope that this would might help another one too :)
>Hi,
>
>i'm using ´Fr
Additionally
Peap goes through about 10 steps in authenticating, I discovered that at
about stage 6 the Radius server is awaiting response from the supplicant
about its certificate. If the certificate is not loaded or is not ticked in
Peap properties the Radius server just sits waiting for a res
Configurable failover IS what you want... You just have to specify not_found = 1 (or
some other number depending on your other options). Have another read of the doco. :)
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Nicolas Viers - SCI
> Se
Peter
I used http://www.freeradius.org/doc/EAPTLS.pdf and followed the method to
install the certificates.
Just click the Client Certificate once youve imported it in the Authorised
Certificates on the PEAP Properties page for the wireless connection.
Regards
Dave
- Original Message -
F
Hello all,
I'm not sure what to call about that program?
The program which will comminicate with the NAS to get an Ip address and auth with the
NAS radius.
Anyone know where can I find such a software. Pay or fre (will be nice).
Our NAS is actually a switch... so it is quite funny to do somethin
Meanwhile i found out, that when i change in the dictionary file the type for
Session-Timeout from integer to string, like it is for Reply-Message a value is given
back, but it is only the expression i've written at the field in the MySQL-Table and
nothing is "calculated" like it is when i use R
Hello,
i would like to configure my freeradius server with multiple ldap server
(two), because we had two
authentication bases of users on each one.
When a user initiate a authentication request, if the first ldap server
does not find it, freeradius must
search in
Hi,
i'm using ´Freeradius in combination with MySQL.
I've got the following problem:
When i try to calculate the Session-Timeout with the following value:
"%{sql:%{config:modules.sql.seto} UserName='%{SQL-User-Name}'}"
nothing happens, but when i change the Attribute to "Reply-Message" instead
54 matches
Mail list logo