Dear All,
Simultaneous
Could any one tell us how many users/requests can be
connected/transferred to FreeRADIUS at the same time through NASs for different
issues (Authentication, Authorization, and Accounting purposes).
Thanks,
JT
**
Hello!
> I've searched and searched, and tried every hint I could find, and
> cannot seem to make it work using the "Windows login name and
> password." Is it possible?
Make your users set a password for their login on the XP machine. That is the
username/password combination XP will use for au
each time i connect to the server,the adsl-connect only keep 0.4
minutes,and then the modem hangup,and the auto reconnect.
is there some attribute i didn't set a right value in mysql or other
problem?
thanks.
_
与联机的朋友进行交流,请使用 MSN Me
Thanks Dustin Doris for your reply. I seem to be missing something
because I can not get it to work like you mentioned. Let me provide
some data and config info in hopes that you might be able to help
further. What I am hoping for is that it will send the profile info and
the info for the user.
Jason Ornstein <[EMAIL PROTECTED]> wrote:
> All of my issues with crypt were caused by this line in the rc.radiusd
> startup script:
>
> LD_PRELOAD=/usr/local/ssl/lib/libcrypto.so
>
> I removed that line and now everything is working as it should be.
OpenSSL implements a version of c
Douglas Sterner <[EMAIL PROTECTED]> wrote:
> Does someone have a good howto on setting up Radius to make use of an LDAP
> group. I read the ldap docs at freeradius.org and that seemed like
> overkill I just want to have a group and put the user in the group to give
> them access?
The document
"Eliot, GLI wireless tech support" <[EMAIL PROTECTED]> wrote:
> On the FreeRADIUS website, it says that it supports load balancing, but
> I cannot find any documentation at all on how to set it up. I found some
> stuff on module failovers, but nothing on load balancing. Does anyone
> have any more
* Jason Ornstein <[EMAIL PROTECTED]> [2005-03-29 11:10:32 -0700]:
> > (gdb) where
> > #0 0xff257590 in DES_ncbc_encrypt () from
> > /usr/local/ssl/lib/libcrypto.so
> > #1 0xff259b4c in _des_crypt () from /usr/local/ssl/lib/libcrypto.so
> > #2 0xff33fcb4 in lrad_crypt_check (key
I try to use my linux server with a wireless router to setup
a WPA + RADIUS wireless network. If I use static IP on the wireless client, WPA
+ RADIUS works. If I don’t use RADIUS, and only use WEP or WPA-PSK with
open authentication, the wireless client can get IP from my DHCP server on my
Does someone have a good howto on setting
up Radius to make use of an LDAP group. I read the ldap docs at freeradius.org
and that seemed like overkill I just want to have a group and put the user
in the group to give them access?
Douglas Sterner
On the FreeRADIUS website, it says that it supports load balancing, but
I cannot find any documentation at all on how to set it up. I found some
stuff on module failovers, but nothing on load balancing. Does anyone
have any more information on this?
I'm not really that interested in load balancin
Janet <[EMAIL PROTECTED]> wrote:
> I'm having some problems getting Session_Timeout to function - when the
> time limit is reached nothing happens (I assume it is suposed to send
> some sort of disconnect message).
No.
The NAS is supposed to disconnect the user.
> I'm using Alchemy (chi
On Tue, 29 Mar 2005 14:36:42 -0500, Alan DeKok <[EMAIL PROTECTED]> wrote:
> I believe it is. See src/modules/rlm_sql/rlm_sql.c, which calls
> rad_check_ts().
Yup, I definitely see that.. And now that I'm digging deeper, I'm
seeing the problem..
*sigh*
So here's what I'm guessing is going on.
Hi
I'm having some problems getting Session_Timeout to function - when the time limit is reached nothing happens (I assume it is suposed to send some sort of disconnect message). Is there anything else that needs set alongside this to have it function? because when the user is connected there isn
If a utmp is in place, in the above occurance, checkrad would be called
which will verify that the user is NOT logged into the NAS, and thus will
allow the auth. You will however still sit with the stale accounting
records in SQL
No. See src/main/session.c. If the user is no longer logged in,
t
"Chris Knipe" <[EMAIL PROTECTED]> wrote:
> In this situation, the correct approach would be for checkrad to be
> called from FR yes - something, which for some reason it is not
> doing.
It should, but I'm not sure why.
> If a utmp is in place, in the above occurance, checkrad would be called
>
On Tue, 29 Mar 2005 21:18:06 +0200, Chris Knipe <[EMAIL PROTECTED]> wrote:
> Again, I am guessing this is incomplete code (at this stage).
> you manually reset all the SQL acocunting records)... I hope I'm making
> sense...
Yup.. seems clear anough..
> Again, IMHO checkrad should be called
It may actually be a good idea to get checkrad to be called if utmp *OR*
SQL
thinks a user is loged in twice But that will require some source
hacking I think.
I guess I don't understand the purpose of the simul checks in the
sql.conf file then.. If utmp is the only thing that checks for simu
On Tue, 29 Mar 2005 20:58:45 +0200, Chris Knipe <[EMAIL PROTECTED]> wrote:
> You must run utmp. Even if it is just for simul. use. You can stil have
> all your accounting in SQL instead of detailed files, but utmp must be there
> for checkrad.
Ugh.. So, if my primary radius server fails to back
I don't have radutmp enabled. I noticed, however, in the radutmp
module definition, the check_with_nas option. It appears that this
causes the checkrad program to be called. If radutmp is not enabled,
checkrad isn't called.. I think.
To my knowledge, checkrad is never called if utmp isn't avail
Wow.. today seems to be the day I sent a lot of mail to the freeradius
list.. :)
Hopefully an answer to this will finish off what I need to accomplish... :)
In my radiusd.conf file, I have enabled sql for simultaneous use checking :
session {
sql
}
I don't have radutmp enabled. I not
> Can someone send me a sample of a php login page that hits the freeradius
> server? I have the server running with mysql as the db backend and it is
> working just fine. Now I need the php code calls the radiusd process and
> returns the results (which I will forward to an Access Point).
>
Neve
Hi there,
Am I right in that the checkrad program needs to be customized per
environment? It appears, at least thus far, that the checkrad program
doesn't check the naspasswd file for patton RAS units...
Is this accurate?
--
Jason 'XenoPhage' Frisvold
[EMAIL PROTECTED]
-
List info/subscribe/
>
> Not sure how to ask my next question so I will try my best. We have
> some users who receive static IP addresses and other special attributes
> that are unique to only that user. Then we have some who receive the
> same attributes and attribute values as the next person. The big
> difference
* Jason Ornstein <[EMAIL PROTECTED]> [2005-03-25 17:11:57 -0700]:
> Fri Mar 25 09:01:45 2005 : Debug: auth: type Crypt
> Segmentation Fault - core dumped
> radiusd
>
> (gdb) where
> #0 0xff257590 in DES_ncbc_encrypt () from /usr/local/ssl/lib/libcrypto.so
> #1 0xff259b4c
Hi,
Environment:
FreeRADIUS 1.0.2
WinXP Pro (patched)
I'm >almost< there. I've got FreeRADIUS authenticating the WinXP Pro
client (Intel PRO/Wireless 2915 and NetGear FWAG114, btw) using the
smbpasswd file on the server *if* I configure XP *not* to use my
"Windows login name and passwor
On Tue, 29 Mar 2005 12:09:46 -0500, Jason Frisvold <[EMAIL PROTECTED]> wrote:
> Ok, so I added multiple NAS-IP-Address entries in the database.
> Tested it from a RAS that wasn't in that list, and got on without a
> problem. So... I'm missing something. Is there some special module
> that needs
On Tue, 29 Mar 2005 17:59:13 +0200, Chris Knipe <[EMAIL PROTECTED]> wrote:
> Yep. Should work. Multiple addresses... Hmmm... try adding it multiple
> times?
Ok, so I added multiple NAS-IP-Address entries in the database.
Tested it from a RAS that wasn't in that list, and got on without a
proble
On Tue, Mar 29, 2005, Mametz Laurent wrote:
> Hello,
>
> I want to make an authentification with PEAP TLS.
> I think that my tls tunnel works fine, but i can't authenticate any user
> from my windows XP SP2. I have an AP netgear WG302, and my freeradius
> run on Mandrake 10.1.
> I read the FAQ a
Mametz Laurent <[EMAIL PROTECTED]> wrote:
> I want to make an authentification with PEAP TLS.
> I think that my tls tunnel works fine, but i can't authenticate any user
> from my windows XP SP2.
SP2 doesn't work with non-MS RADIUS servers. There is a fix. Read
their knowledge base, or search
Mark <[EMAIL PROTECTED]> wrote:
> I've added the following lines to the users file to configure this:
>
> # Proxy just the tunnel
> DEFAULTEAP-Type == MS-CHAP-V2, Auth-Type := EAP, Proxy-To-Realm :=
> mydomain
OK... so you're telling the server to use EAP authentication, and
also telling i
kolargol <[EMAIL PROTECTED]> wrote:
> I have problem with Calling-Station-Id set up in user file:
>
> kolargol User-Password == "xxx", Calling-Station-Id == "000ce5475611"
>
> during auth debug log shows:
Not much of anything useful.
As a hint: reading the last little bit of the debug
I would like to know if it is possible to set up freeradius to first
authenticate against the local database and if not found proxy the request
off to another radius server. I am running freeradius 0.9.3 on a postgres
database
Jaco van Tonder
-
List info/subscribe/unsubscribe? See http://ww
On Tue, 29 Mar 2005 10:06:06 -0600, Matthew Opoka <[EMAIL PROTECTED]> wrote:
> If so is there a command the encrypts the text password in the users file?
> How do I get an encrypted password?
Well, our billing system does this for us, but it should be simple
enough to put together a quick perl pro
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Jason Frisvold
> Sent: Tuesday, March 29, 2005 9:59 AM
> To: freeradius-users@lists.freeradius.org
> Subject: Re: aaa authentication enable on cisco
>
> On Tue, 29 Mar 2005 09:54:42 -0600, Matthe
On Tue, 29 Mar 2005 09:54:42 -0600, Matthew Opoka <[EMAIL PROTECTED]> wrote:
> Cisco sends "$enable15$" as a user name to radius for enable authentications
> is there a way not to store the password in etc/raddb/users? I don't think
> linux will allow a username to start with a "$". Or can I encr
- Original Message -
From: "Jason Frisvold" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, March 29, 2005 5:51 PM
Subject: Re: Authenticating and Blocking per client
On Tue, 29 Mar 2005 17:13:33 +0200, Chris Knipe <[EMAIL PROTECTED]>
wrote:
What the value of Called-Station-Id is supposed to be
Cisco sends "$enable15$" as a user name to radius for enable authentications
is there a way not to store the password in etc/raddb/users? I don't think
linux will allow a username to start with a "$". Or can I encrypt the
password some how in the users files?
Thanks,
Matthew
On Tue, 29 Mar 2005 17:13:33 +0200, Chris Knipe <[EMAIL PROTECTED]> wrote:
> What the value of Called-Station-Id is supposed to be, is up to what your
> NAS sends to FR though. As the other reply also stated, huntgroups is
> another way to do this but it may not be a viable option to have all your
Yes, it does.
A sample from our users file
#testy Auth-Type := Local, Simultaneous-Use := 1, Max-All-Session := 10800,
Pool-Name := ippool-prepaid, Called-Station-Id = "wcore-nasgw01",
NAS-Port-Type == Ethernet
# Acct-Interim-Interval = 300,
# Rate-Limit = 256k/256k,
# Service-
Hello,
I want to make an authentification with PEAP TLS.
I think that my tls tunnel works fine, but i can't authenticate any user
from my windows XP SP2. I have an AP netgear WG302, and my freeradius
run on Mandrake 10.1.
I read the FAQ and the news but, i am always in black ...
My conf.
users
-
On Tue, 29 Mar 2005 07:51:41 -0700, Kenneth Grady <[EMAIL PROTECTED]> wrote:
> One way to do it is to add the users allowed to the huntgroups. Example:
> huntgroups...
Ok, so now what happens when you start dealing with other devices like
a redback? Can those be added into the huntgroups as well?
One way to do it is to add the users allowed to the huntgroups. Example:
huntgroups...
NAS1NAS-IP-Address == 1.2.3.4
User-Name == user1,
User-Name == user2
NAS2NAS-IP-Address == 2.3.4.5
User-Name == user3,
User-Name == user4
users...
user1 Huntgroup-Name =
On Tue, 29 Mar 2005 16:23:43 +0200, Chris Knipe <[EMAIL PROTECTED]> wrote:
> Called-Station-Id ?
Radius checks this and allows/denies appropriately? Do you have a
link to documentation on how to set something like this up?
Thanks!
> --
> Chris.
--
Jason 'XenoPhage' Frisvold
[EMAIL PROTECTED]
Called-Station-Id ?
--
Chris.
I love deadlines. I especially love the whooshing sound they make as they
fly by..." - Douglas Adams, 'Hitchhiker's Guide to the Galaxy'
- Original Message -
From: "Jason Frisvold" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, March 29, 2005 4:18 PM
Subject: Auth
Hi all,
Up until now, we've used freeradius to authenticate a pool of RAS
units. Moving forward, we want to authenticate some users on some RAS
units, but deny them on others. What is the proper way to do this?
Is this a function of the RAS or a function of the radius server?
Any help would be
On Mon, 28 Mar 2005, Jarred Cleem wrote:
I am setting up a test environment and I am having some problems. Any help
would be great. I have the servers build very similarly to what is document
at
http://www.freeradius.org/radiusd/doc/ldap_howto.txt. I have created a few
profiles like dialup,
Hi
I'm trying to proxy just the tunneled part of my PEAP authentication.
The user is to log in as "[EMAIL PROTECTED]". The tunnel is decoded
locally and then the tunneled authentication is proxied to a remote
server.
I've added the following lines to the users file to configure this:
# Proxy ju
On Tuesday 29 March 2005 13:49, [EMAIL PROTECTED] wrote:
> Hello all,
>
> I have read a lot of docs in making the postgresql works with freeradius v
> 1.0.2 however, all my effort proves abortive.
>
> I will be glad if I can be directed to a mail on the list or docs to read
> to get freeradius work
Hello all,
I have read a lot of docs in making the postgresql works with freeradius v
1.0.2 however, all my effort proves abortive.
I will be glad if I can be directed to a mail on the list or docs to read to
get freeradius work with postgresql.
Thanks
Adegoke
-
List info/subscribe/unsubscr
each time it works fine just 0.4minutes,and then the modem hangup
i found the configure file in the radius server,i could not find any option
about the time limiute..
_
享用世界上最大的电子邮件系统― MSN Hotmail。 http://www.hotmail.com
-
L
> > When a user logs in 23 hours and 59 minutes after the first
> > connection, I expected freeradius to return the Session-Timeout
> > attribute in the access-accept (with value 60).
> >
> > Actually it does not, so the user can stay connected well after the 24
> > hours limit.
>
> So... what d
On Tue, 29 Mar 2005 09:41:50 +0200, Sebastian Wild <[EMAIL PROTECTED]> wrote:
> Mark Nichols wrote:
>
> >Can someone send me a sample of a php login page that hits the freeradius
> >server? I have the server running with mysql as the db backend and it is
> >working just fine. Now I need the php co
53 matches
Mail list logo