hi alan
sorry for the delay.
you might be right. yet i think that we might ignore some opportunities
which would be possible/supported by diameter.
Like... what?
well, from my perspective the main arguments would be:
- reliability (especially for accounting)
in every related
Hi,
First of all, I'm not very familiar with freeradius, so bear with me. If
more specific information is needed, please ask.
We have set up freeradius to do accounting to a postgresql database, and
I was expecting to see one record pr. session, and mostly we do. But
there are also a lot of
Thanks Dusty. I just implemented your suggestions and it's working very
well.
Once again I am pleasantly surprised by the flexibility of FreeRADIUS.
Great job!
Jason
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Dusty Doris
Sent: Wednesday,
Well I can use pam_krb5, but what I am trying to accomplish here is that I
have quite a few Linux workstation on my network and I thought if I can
setup those Linux workstation to point to the radius server where they login
using there Active Directory credentials.
So I am not sure if this can
You're right, sorry
Here's what I get in my radius.log
Error: WARNING: Malformed RADIUS packet from host 172.17.: Vendor
specific attributes do not exactly fill Vendor-Specific
That's the only error I get.
Alan DeKok [EMAIL PROTECTED]
Enviado por: [EMAIL PROTECTED]
13/07/2005 10:34
On Thu, 14 Jul 2005 [EMAIL PROTECTED] wrote:
You're right, sorry
Here's what I get in my radius.log
Error: WARNING: Malformed RADIUS packet from host 172.17.: Vendor
specific attributes do not exactly fill Vendor-Specific
That's the only error I get.
Please run radius under debug
Hello,
I use Debian Linux Sarge, kernel 2.6.8-2(368),
freeradius 1.0.2, and I'm trying to configure
freeradius + mysql Accounting.
I created database from script db_mysql.sql, and
created a user to access database with full
privileges. I tested to access database from another
host and it's fine.
OK, Last time I tried accounting was 2 years ago so I kinda forgot how to do it or what I did to get that error.Today I enabled accounting in my PIX for all udp traffic (that would be ipsec) and in /usr/local/var/log/radius/radacct/mypixIP/ I got a file named detail-20050714 which has, for example
hello,
trying to get freeradius working (again) I figured out a strange behaviour:
Authentication with CHAP as my testaccount failed until I tried it with
PAP first. After one (or more) successful authentifications with PAP CHAP works.
It took some time until I figured out that my password
Hi Stefan,
I also saw this. The escape character is \.
Special characters I would think of are !, #, *, ?, ^, $, , % and
(obviously) \. There may well be others.
Rgds,
Guy
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Stefan Nehlsen
Sent:
Hello,
I am calling radclient form a cgi perl script as
follow :
--- code fragment--
$av_string = User-Name = fredf, User-Password = wilma,
NAS-IP-Address = 192.168.89.1, NAS-Port = 0;
my $response = `echo -E $av_string | radclient -d
/etc/freeradius -r $radretries -t $radtimeout
Roger Kristiansen [EMAIL PROTECTED] wrote:
We have set up freeradius to do accounting to a postgresql database, and
I was expecting to see one record pr. session, and mostly we do. But
there are also a lot of records that:
...
Are screwed up. Can you say NAS implementations are often bad?
Talwar, Puneet (NIH/NIAID) [EMAIL PROTECTED] wrote:
Well I can use pam_krb5, but what I am trying to accomplish here is that I
have quite a few Linux workstation on my network and I thought if I can
setup those Linux workstation to point to the radius server where they login
using there Active
Stefan Nehlsen [EMAIL PROTECTED] wrote:
It took some time until I figured out that my password contained a % and
the daemon tried some variable substitution.
don't do this!
How do I escape special chars in the users file and what characters are
special?
Use '\'. And for variable
We're going to be setting up a freeRADIUS server to service around 400
simultaneous connections. (500 AP's, 4000 users, about 400 online at
once) Accounting info would be on another different server.(Not part of
FreeRADIUS)
What's a good server for this? What's more important? Memory or CPU?
I'd recommend skipping PAM and using MIT's kerberized telnet. I don't
believe PAM supports single signon, whereas you can have single sign-on with
kerberized telnet.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Alan DeKok
Sent: Thursday, July
on the sql.conf add sqltrace = yes
start up with radiusd -X and see what happen.
You test the mysql conneciotn from the SAME host that freeradius?
On 7/14/05, Leonardo Valente [EMAIL PROTECTED] wrote:
Hello,
I use Debian Linux Sarge, kernel 2.6.8-2(368),
freeradius 1.0.2, and I'm trying to
Radius is not realy apropriate personaly id take a look at
http://www.wlug.org.nz/ActiveDirectorySamba and
http://mirrors.techiesabode.com/linuxgazette/101/levkovich.html
Well I can use pam_krb5, but what I am trying to accomplish here is that I
have quite a few Linux workstation on my
King, Michael [EMAIL PROTECTED] wrote:
We're going to be setting up a freeRADIUS server to service around 400
simultaneous connections. (500 AP's, 4000 users, about 400 online at
once) Accounting info would be on another different server.(Not part of
FreeRADIUS)
That's a pretty small
Artur Hecker [EMAIL PROTECTED] wrote:
well, from my perspective the main arguments would be:
...
Those are all nice arguments for diameter, and good reasons why the
protocol was designed.
But I keep coming back to: Where are the client implementations?
There are few to none client
Ken George [EMAIL PROTECTED] wrote:
Still unable to get this to work via freeradius, but works with
ntlm_auth from the command line.
[EMAIL PROTECTED] raddb]# ntlm_auth --username=test ops
--password=m1sg0ps --domain=usmisgnet --request-NT-key
...
Exec-Program: /usr/bin/ntlm_auth
[EMAIL PROTECTED] wrote:
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: base64
PEZPTlQgZmFjZT0iRGVmYXVsdCBTYW5zIFNlcmlmLCBWZXJkYW5hLCBBcmlhbCwgSGVsdmV0aWNh
Base64-encoding text is wrong.
Sending HTML to the list is wrong.
Please fix your mailer to send text,
On Thu, 14 Jul 2005, Alan DeKok wrote:
Artur Hecker [EMAIL PROTECTED] wrote:
- server-initiated messaging
the strict client-server design of radius (imho amplified by the use of
the conn-less UDP) does not allow for server-initiated commands such as
disconnect or force re-authorization on
in my sql.conf:
-
sqltrace = yes
sqltracefile = ${logdir}/sqltrace.sql
-
freeradius user has privileges to write in ${logdir},
but this file not even is created when I do
freeradius -X or freeradius -x.
Yes, I tested mysql
Josh Howlett [EMAIL PROTECTED] wrote:
I think the point the original poster was making was that Diameter
allows arbitrary conversations between NASes and servers that are
initiated by either party, via applications, in an extensible manner.
Yup.
Which clients support diameter? I can't
hi
just a small preamble: i perfectly understand your position and i do not
expect you to start a diameter implementation tomorrow :-) for me it's
merely a strategic discussion.
Alan DeKok wrote:
Artur Hecker [EMAIL PROTECTED] wrote:
well, from my perspective the main arguments would
apparently we do agree. thanks to Josh for his comment. just one thing:
Alan DeKok wrote:
Josh Howlett [EMAIL PROTECTED] wrote:
I think the point the original poster was making was that Diameter
allows arbitrary conversations between NASes and servers that are
initiated by either party, via
I would like to check group membership before authenticating user
login requests.
I currently have radiusd.conf setup such that all users can login.
However after spending several days reading man pages, and searching
these archives I haven't found the key that unlocks my problem.
radiusd.conf
Hi Alan,
Thanks for reply. Thanks to all members of this group for great support
to other members.
What are the different authentication methods requiring
Access-Challenge supported by freeRadius?
Can anyone give atleast one real time example where Access-Challenge is
seen?
Alan DeKok wrote:
29 matches
Mail list logo