nas table is used by Freeradius instead of clients.conf .
What is use of community and ports fields in nas table?
Amit Gupta
Mobile:
91-9891062552
Yahoo IM: amitguptainn
MSN IM : amitguptainn
DD> On Wed, 12 Jan 2005, Costas Christonis wrote:
>> GC> Hello,
>>
>> GC> Costas Christonis wrote:
>> >> Hi to all,
>> >> i'm trying to set the telnet access to my users through radius and ldap
>> >> server.
>> >> What i did untill now is that everyone tha has the attribute
>> >> "Service-type" w
>rashad wrote:
>> But where I must do configuration changes for Exec-Program-Wait?
>See doc/README
Thank you very much!
It's exactly that I want.
Best regards,
Rashad Rustamoff
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Got it figured out. I found a typo in the httpd.conf and noted the README
states to point your browser to the http://{site}/{directory}/{filename}
Working with one-time passwords.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-TTLS is basically the same thing as PEAP. Server certificate,
client uses username and pass to authenticate.
On Wed, 12 Jan 2005 16:22:33 -0600 (CST), [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
> Hi Brandon
> >Is this Mandatory?
> No, it is not
> >I'm just looking for the most basic way of
From: "Roger Peña Escobio" <[EMAIL PROTECTED]>
>it is important that a services never crash but is more important,
>for me at least, that the service can restart smouthly without human
>intervention (by a bash script for example)
The follow bash script might help in the meantime:
#!/bin/bash
RE
Mensaje citado por Alan DeKok <[EMAIL PROTECTED]>:
> Roger =?iso-8859-1?b?UGXxYQ==?= Escobio <[EMAIL PROTECTED]> wrote:
> > but one of the servers (the secundary) logged this:
> >
> > Mon Jan 10 21:33:09 2005 : Error: Assertion failed in modcall.c, line 68
>
> That sounds like a serious error.
Roger =?iso-8859-1?b?UGXxYQ==?= Escobio <[EMAIL PROTECTED]> wrote:
> but one of the servers (the secundary) logged this:
>
> Mon Jan 10 21:33:09 2005 : Error: Assertion failed in modcall.c, line 68
That sounds like a serious error. Can you post a backtrace, from
gdb? (see doc/bugs)
The ass
I have never used EAP-TTLS, I do not know if it is better than PEAP, I
just suggested you what I know and worked. Now you have to decide between
them!!
Victoria
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Was this a copy/paste? Look below in the radiusd.conf section. You put
in
identify = "cn=root..."
instead of
identity = "cn=root..."
That would explain why you are trying to login without a username, as
shown in your debug output.
rlm_ldap: bind as /teste to 146.164.xx.236:389
On Wed, 12 Ja
ldapsearch -x -b "dc=br" -h x.y.z.w
But, I use radius to authentication. When I use ldapsearch all is okay.
Look may config ldap:
---
include /usr/home/andersonalves/work/radius/core.schema
include /usr/home/andersonalves/work/radius/gn
hi,
first, i'm sorry with my poor english
i've a problem about web dialupadmin when client connect to radius server then i click statistics in web, i found syntax error like this
"database query failed :unknown column c in filed list "
can you help me to resolve my problem
thanks,
Fauzar
Yahoo!
Can you bind with that username/password using a command line such as
ldapsearch?
On Wed, 12 Jan 2005, Anderson Alves de Albuquerque wrote:
>
>
>
> I only put "rootpw teste" in my slapd.conf.
> I put in slapd.conf 'rootdn "cn=root,dc=voip,dc=nce,dc=ufrj,dc=br"'
> and 'suffix "dc=br"'.
> After
Hi Brandon
>Is this Mandatory?
No, it is not
>I'm just looking for the most basic way of making a username/password
>required to be able to connect wirelessly to the AP/linux box and gain
access >to the network.
In my opinion you should use PEAP
Take a glance at http://tldp.org/HOWTO/html_single/80
I only put "rootpw teste" in my slapd.conf.
I put in slapd.conf 'rootdn "cn=root,dc=voip,dc=nce,dc=ufrj,dc=br"'
and 'suffix "dc=br"'.
After I use "ldapadd" to create my tree with all struct expect
"cn=root,dc=voip,dc=nce,dc=ufrj,dc=br" .
I don´t create "cn=root,dc=voip,dc=nce,dc=ufrj,d
Please send plain text mail.
DHCP is based on ARP, so there should be a DHCP
server on the client's LAN (which can be the router for example).
Optionally, that DHCP server can relay the requests
to another DHCP server (which can be on the same machine as your radius
server)
--Regards,
T
rashad wrote:
But where I must do configuration changes for Exec-Program-Wait?
See doc/README
--
Regards,
Thor Spruyt
E: [EMAIL PROTECTED]
W: www.thor-spruyt.com
M: +32 (0)475 67 22 65
Bestel nu uw exemplaar van Operationele verkoop (Walter Spruyt -
Liesbeth Huysmans) via www.salesguide.be Ontdek d
Hi
If it's impossible for machine that use EAP to get
their IP address via Radius, should then DHCP server running on same machine as
Radius server, or better using router.
Jacques VUVANT
From: "Ossama Suleiman" <[EMAIL PROTECTED]>
>
> radtest '' '' localhost 1 password
> below u will find the error i mentioned:
>
> rlm_sql (sql): zero length username not permitted
> modcall[authorize]: module "sql" returns invalid for request 1
>
FWIW, in the source for 0.9.3, there are commen
Dear Dustin,
Below you will find the complete output of radtest.. the
command is as following:
radtest '' '' localhost 1
password
below u will find the error i mentioned:
rlm_sql (sql): zero length username not permitted
modcall[authorize]: module
"sql" returns invalid for r
IN ldap a put:
suffix "dc=br"
rootdn "cn=root,dc=voip,dc=nce,dc=ufrj,dc=br"
rootpw teste
In radiusd:
ldap {
server="146.164.xx.236"
identify="cn=root,dc=voip,dc=nce,dc=ufrj,dc=br"
password=teste
basedn="ou=users,dc=voip,dc=
From: "Anderson Alves de Albuquerque" <[EMAIL PROTECTED]>
>
> My RADIUS is make authentication in LDAP, there this error:
>
> rlm_ldap: LDAP login failed: check login, password settings in ldap
> section of radiusd.conf
> rlm_ldap: (re)connection attempt failed
This part of your log seems to in
[EMAIL PROTECTED] wrote:
Hi, i´m have a problem whit freeradius and mysql.
Some weeks ago i'm turn off the server where freeradius is
running by electric resons. The problem is that when turn on
the server, the radiusd start but it can not connect
to the mysql server. That is not the firts time, in
My RADIUS is make authentication in LDAP, there this error:
rad_recv: Access-Request packet from host 146.164.xx.235:10808, id=117,
length=122
User-Name = "aaa"
CHAP-Password = 0x6c662e7faba88fc9791bbf10558405bc0d
NAS-IP-Address = 146.164.xx.235
NAS-Identifier =
Greetings,
I'm trying to setup a very basic radius system that authenticates over
wireless (802.1x). Everything I have read so far talks about using TLS
and suc
Hello
I'm using FreeRADIUS Version 1.0.1 + mysql Ver 12.22 Distrib 4.0.22,
for portbld-freebsd5.3 (i386) on a FreeBSD 5.3-RELEASE.
Everything set-up for pppoe + radius + mysql + dialup admin on a single
pc (the internet gateway of my local network)
My radiusd.conf
prefix = /usr/local
exec_prefi
Ok, I found an old article referring to this problem
http://lists.freeradius.org/archives/freeradius-users/2004/11/msg00096.html
Now I have a different issue. I am getting "couldn't check access. No group
file" in the HTTPD logs
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/
Mensaje citado por Dustin Doris <[EMAIL PROTECTED]>:
> >
> > hello folks
> >
> > we are using freeradius since 0.8.x and since 0.9.x we start to use the
> > rml_sql (mysql) module to store the accounting, now we also use the
> > mysql db to store the user so the auth and autz also use the rml_sql
Whats radiusd -X show?
On Wed, 12 Jan 2005 [EMAIL PROTECTED] wrote:
> Hi, i´m have a problem whit freeradius and mysql.
> Some weeks ago i'm turn off the server where freeradius is
> running by electric resons. The problem is that when turn on
> the server, the radiusd start but it can not connec
Hi, i´m have a problem whit freeradius and mysql.
Some weeks ago i'm turn off the server where freeradius is
running by electric resons. The problem is that when turn on
the server, the radiusd start but it can not connect
to the mysql server. That is not the firts time, in others
ocations i have s
Can you post the full debug output when running in radiusd -X?
On Tue, 11 Jan 2005, Ossama Suleiman wrote:
>
>
> Thanks Dustin,
>
> Yes, the '==' was a typo mistake.. I am sorry for that
>
> Well.. when using the users file only.. that works just fine.. and it only
> gets an accept, when the dial
"Jacques VUVANT" <[EMAIL PROTECTED]> wrote:
> I have configured freeradius to allow EAP-TLS authentication, and would
> like now to configure EAP User with IPpool
It's impossible. Machines using EAP get their IP address via DHCP,
not RADIUS.
You need a DHCP server.
Alan DeKok.
-
List i
Hennie Vaatstra <[EMAIL PROTECTED]> wrote:
> Authenticating against the freeradiusserver works only
> with radiusclients on 64bit systems (on the same
> server or other 64 bit zlinux images we're running).
> Using a 31 bit zlinux image as radclient or NTRadPing
> on a Win2000 laptop doensn't work
> Hello!
>
> > > In my understanding this is not the case, all Accounting packets are
> > > treated on our server and I'd have to set up an instance of radrelay for
> > > every realm. If I am right, this would be somewhat inconvenient as I
> > > would have to duplicate a lot information that usual
You could use an external script in post-auth to convert this value for
you. Here is one in php, note you'd need php cli installed on your
radius server, could just as easily use perl if you have it.
in modules section
exec getip {
wait = yes
program = "/u
Hello!
> > In my understanding this is not the case, all Accounting packets are
> > treated on our server and I'd have to set up an instance of radrelay for
> > every realm. If I am right, this would be somewhat inconvenient as I
> > would have to duplicate a lot information that usually should be
Sorry I have posted the problem but not the answer.
In my opinion there are two ways to solve this problem:
1.- Decrease data length to be writen in AcctSessionID
2.- Increase AcctSessionID field length in the database
In my case I did the second option increasing this field to 52 chars.
I dont
Hi! I am using freeradius-1.0.1 with EAP-TLS, and I am having problems
validating the user.
I have configured the radius server, generated the certificates with the
script CA.all, import root.der and cert-clt.p12 to the client
machine(Windows 2000), and when I use the D-Link 510 PCI wireless card,
Check out doc/configurable_failover, it will show you how to do that.
On Tue, 11 Jan 2005, Christopher Price wrote:
> Is it possible to check passwords against an SQL database and an LDAP
> database with the same server? If so, how does it work? Does the server
> wait for one method to fail and
> Hello,
>
> I have an authentication setup involving several realms that are proxied using
> freeradius-1.0.1. AuthN works perfectly so far. I just didn't find precise
> information about Accounting packets: are they automatically proxied and
> following the same rules as AuthN packets? I.e. if a
On Wed, 12 Jan 2005, Costas Christonis wrote:
> GC> Hello,
>
> GC> Costas Christonis wrote:
> >> Hi to all,
> >> i'm trying to set the telnet access to my users through radius and ldap
> >> server.
> >> What i did untill now is that everyone tha has the attribute
> >> "Service-type" with the valu
>
> hello folks
>
> we are using freeradius since 0.8.x and since 0.9.x we start to use the
> rml_sql (mysql) module to store the accounting, now we also use the
> mysql db to store the user so the auth and autz also use the rml_sql
> module
>
> we had problems since the begining with that module,
Andrea's Wolf wrote a patch that fixes this for OS X. I have an
installer up at http://home.sw.rr.com/jguidroz/radius.html that
includes an updated patch to work with a December snapshot. I've been
running that for a month in daemon mode with no problems. I've
currently updated the patch to work
>Please send plain text mail.
>
>This can be done with Exec-Program-Wait =3D >"/path/to/your/script" in =
>the reply items.
>The script can then output extra attributes which will be >added to the =
>reply.
Thanks.
But where I must do configuration changes for Exec-Program-Wait?
-
List info/
Please send plain text mail.
This can be done with Exec-Program-Wait =
"/path/to/your/script" in the reply items.
The script can then output extra attributes which
will be added to the reply.
--Regards,
Thor SpruytE: [EMAIL PROTECTED]W: www.thor-spruyt.comM: +32 (0)475 67 22
65Bestel nu
So yall know, I just downloaded and built the latest snapshot and the
same semaphore error occurs.
Ugh ...
On Wed, 12 Jan 2005 05:18:26 -0600, Schley A Kutz <[EMAIL PROTECTED]> wrote:
> Running it as a daemon ...
>
> Even with the current version there is still the problem of it not
> running u
You're running a pretty old version. Give the latest stable release a try.
--Mike
---
Michael Griego
Wireless LAN Project Manager
The University of Texas at Dallas
Hennie Vaatstra wrote:
I'm running a freeradius server (FreeRADIUS Version
0.9.3, for host s390x-ibm-
Running it as a daemon ...
Even with the current version there is still the problem of it not
running unless you run it in debug mode or use -s and -f.
This may be because I compiled it without shared libraries. However,
when I left shared libraries on it would not load rlm_eap.so ... (was
not i
I want to run external program when some user
successfully authentificated and do some SQL queries in this program,
say to set new value for Session-Timeout in the
table radreply. But I want this queries to be done
before sending reply packet to NAS, so the updated value of
Session-Timeout
It 's the same thing. Proxyradiusserver is the backup of primary wich
is the backup of secondary. (I have 3 backup)
If proxyradius is down, all is down. Ok for test but
for example :
i use radtest testuser password localhost auth secret
this command order to call 127.0.0.1,but if the service
Hi all
I have discovered why rlm_counter doesn't work properly... I think it's a
bug but I'm not sure.
In radcct table there is a field called AcctSessionId whose length is 32
chars, in my case the data that was writen here was 34 chars long, and the
name was cut. When radius tried to update this
hi,
I didn't send the output, 'cause I didn't want to occupy much of your
time...
A preparation step consists on making a link "ln -s
/usr/include/sys/time.h /usr/include/sys/select.h", following (freely
interpreted) an HP recomendation, due to HP lack of select.h (hp is a
strange thing). (see
Nans Delrieu wrote:
Thanks but how to set a proxy radius server ?
Is this fonction is integrated to freeradius ?
Yes
I haven't a REAL NAS, I have only PC.
in clients.conf (proxy radius server)
client proxyradius.domain.com {
secret = rad1
shortname = NAS1
nastype = other #it is
Stefan Winter wrote:
I have an authentication setup involving several realms that are
proxied using freeradius-1.0.1. AuthN works perfectly so far. I just
didn't find precise information about Accounting packets: are they
automatically proxied and following the same rules as AuthN packets?
I.e. if
Thanks but how to set a proxy radius server ?
Is this fonction is integrated to freeradius ?
I haven't a REAL NAS, I have only PC.
in clients.conf (proxy radius server)
client proxyradius.domain.com {
secret = rad1
shortname = NAS1
nastype = other #it is a pc
}
client p
See doc/Post-Auth-Type
- Original Message -
From:
rashad
To: freeradius-users@lists.freeradius.org
Sent: Wednesday, January 12, 2005 7:32
AM
Subject: post-auth section of
radiusd.conf
Hi people.
Can anyone give an additional information about
how po
I'm running a freeradius server (FreeRADIUS Version
0.9.3, for host s390x-ibm-linux-gnu, built on Jan 11
2005 at 10:34:54) on 64bit SuSE linux (S390).
The authentication chain we use is as follows:
radiusclient > radiusserver > LDAP server on z/OS >
RACF.
Authenticating against the freeradiusserv
Hello,
I have an authentication setup involving several realms that are proxied using
freeradius-1.0.1. AuthN works perfectly so far. I just didn't find precise
information about Accounting packets: are they automatically proxied and
following the same rules as AuthN packets? I.e. if a user wit
58 matches
Mail list logo