I'm relatively new to the radius universe and I'd like to ask your
help regarding my freeradius concerns. We're trying to configure
freeradius to read from different passwd files based on their domains.
We have around 20 virtual domains spanning 2 servers. Now my
question is two-fold:
1. How
On Mon, Jul 18, 2005 at 11:36:05AM -0400,Kevin Bonner, The Induhvidual,
scrabbled:
On Monday 18 July 2005 10:10, Marcin Jessa wrote:
On Mon, 18 Jul 2005 15:12:00 +0200 Erling Paulsen [EMAIL PROTECTED]
wrote:
Hello.
Right now I'm running multiple servers for listening to multiple
Hi guys,
I use freeradius with poptop, just a question that im trying to figure
out, My radius server sees the NAS-Port-Type as Async whenever a vpn
connectio is made, is there anyway to change this to let radius see for
example as a vpn nas-port-type .Must this port-type come from my vpn
Hi,
We have FreeRADIUS 0.9.3 using LDAP for authorisation. We now have a
problem that for example password with certain characters is cut. For
example password test,ing is cut to test. This is caused by the
gettoken function in src/lib/token.c which is used by the rlm_ldap
module. Google
Hi Erling,
you can do something like that :
--- radiusd.conf ---
# SERVER CONFIGURATION
listen {
ipaddr = *
port = 1812
type = auth
}
listen {
ipaddr = *
port = 1813
type = acct
}
listen {
ipaddr = *
port = 1645
type = auth
}
listen
Roy D. Hockett wrote:
I am trying to figure out a way to have different groups of realm proxies
for different NAS/huntgroups. For example, for a VPN resouces I don't
want realms, but for wireless/wired 802.1x I want to be able to forward
to other realms.
In the users file:
DEFAULT
* Alan DeKok
See src/lib/radius.c
It should be a matter of a few minutes to add a wrapper around that.
If only my C was a little less rusty than what it actually is, it
might have been. :-( I'll see what I can do, though. Thanks for the
tip.
Regards
--
Tore Anderson
-
List
Hello
I have y problem with the cisco-avpairs and a 525 cisco pix. After the pix
has gotten the avpairs and created the access-list (e.g. AAA-user-test), the
logging-table says that he needs an authorization. But radius and
authorization? No really!
Here is the line from the logging-table:
* Alan DeKok
Submit a bug on bugs.freeradius.org, sayign Seimens NAS product X
is broken. Maybe public shame will push them to fix it.
I will, if I can conclude that this is indeed the problem. Right now
it's only a suspicion. I need to check out another loose end about how
it's
Hello,
i wonder why the entry for Attribute Class in the dictionary file is octets.
I think that is the reason why the Value of Class will be stored as hex
string in detail file and sql. So i have to convert it back to ASCII to
read the contents.
The definition in RFC says that the Value of
* Tore Anderson
If only my C was a little less rusty than what it actually is, it
might have been. :-( I'll see what I can do, though. Thanks for the
tip.
I gave up, but fortunately found a Perl module which helped out. I'm
attaching the script I wrote here in case someone else
Folks,
I'm trying to get TTLS/PAP working using freeradius 1.0.4. I must have
it configured incorrectly because its giving a Segmentation fault just
before giving the Access-Accept EAP-Success back to the switch. I
have searched the archives for a solution but not found help to sort my
problem
Hi,
Im a newbie on freeradius, currently Im trying
to configure i ton a box running Fedora Core 1.
Since it comes when the box was set I chose to installed
everything. So it is already installed on the box.
Q1. Where is the dialupadmin?
Q2. How to configure it?
Q3. Is there any
Hi guys,
I use freeradius with poptop, just a question that im trying to figure
out, My radius server sees the NAS-Port-Type as Async whenever a vpn
connectio is made, is there anyway to change this to let radius see for
example as a vpn nas-port-type .Must this port-type come from my vpn
Hi,
there's a mistake in user_admin.php3 of dialup_admin.
Right now, it's displaying the Download value twice on the Online Users
page. Once as human-readable value under Upload and once as raw bytes
under Download.
I found the glitch on line 196.
if ($lastlog_input)
$lastlog_input =
Hi,
I'm a newbie on freeradius, currently I'm trying to configure i ton a box
running Fedora Core 1.
Since it comes when the box was set I chose to installed everything. So it
is already installed on the box.
I would advise you not to use the one that comes with Fedora
Q1. Where is the
Hi,
I have made a system of authorization with freeradius 1.0.4 based on
LDAP attribute radiusGroupName and it works perfectly!
Now I have this problem:
I have on my access points two VLAN named data and students. I want to
create different group for the authorization to access to this
Hi people,
I am using freeradius with mysql support for two years. I installed the last version of freeradius 1.0.4 and a Postgres DB. My Radius server authorize well, however it can not account.
When I debug with radius -X in the inictial mesages appear this query:
INSERT into radacct
It seems that when I start radius in debug mode, it is correctly reading my
clients.conf file, but when I start it normally, it is not recognizing my
nas device. Its as if it's not reading the correct clients.conf. Any ideas
why this would be?
-will
-
List info/subscribe/unsubscribe? See
Hi,
I have made a system of authorization with freeradius 1.0.4 based on
LDAP attribute radiusGroupName and it works perfectly!
Now I have this problem:
I have on my access points two VLAN named data and students. I want to
create different group for the authorization to access to this
The ntlm_auth command works from the
command line, but not within freeradius (1.0.1) on RHEL 3.0 update 4
Below is my ntlm_auth command from within
radiusd.conf and the debug output and the successful command line run of the
ntlm_auth program.
Where do I look for what I have
Bryan Beronilla [EMAIL PROTECTED] wrote:
1. How will I configure the conf files in order to authenticate
different users to different passwd and shadow files based on their
domain names?
You don't. You configure the passwd module to read passwords from
the different files. The server will
Andreas Engler [EMAIL PROTECTED] wrote:
i wonder why the entry for Attribute Class in the dictionary file is octets.
Because it's not a text string.
The RFC's used string for all variable length data, so that's what
most servers used in the dictionaries. FreeRADIUS added octets for
Will Carter [EMAIL PROTECTED] wrote:
It seems that when I start radius in debug mode, it is correctly reading my
clients.conf file, but when I start it normally, it is not recognizing my
nas device. Its as if it's not reading the correct clients.conf. Any ideas
why this would be?
File
Ken George [EMAIL PROTECTED] wrote:
The ntlm_auth command works from the command line, but not within
freeradius (1.0.1) on RHEL 3.0 update 4
There's really no difference between the command-line invocation
FreeRADIUS running it. The ntlm_auth program *is* being executed,
because you see an
I am running FreeRADIUS 1.0.4 on FreeBSD 4.11 authenticate/authorize users via
LDAP on a NetWare 6.5 server/tree.
I can successfully authenticate and authorize users if they reside in the root
context (o=rootcontext), but authorize fails if the user is in an ou in the
root context. The identity
Check the filter statement in the ldap portion of radiusd.conf. It's searching
on uid which in eDirectory is an integer field and isn't populated by default.
Change the filter to filter = (cn=%{Stripped-User-Name:-%{User-Name}}) and
try it. That will get you past the object not found message.
[EMAIL PROTECTED] wrote:
I'm trying to get TTLS/PAP working using freeradius 1.0.4. I must have
it configured incorrectly because its giving a Segmentation fault just
before giving the Access-Accept EAP-Success back to the switch. I
have searched the archives for a solution but not found
Do You Yahoo!?
La mejor conexión a Internet y 2GB extra a tu correo por $100 al mes. http://net.yahoo.com.mx
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I need your help
I want to limit the number of times one user account can login;
I have next in the user file:
wireless User-Password == "wireless", Simultaneous-Use := 1 Aruba-User-Role = "STAFF"
But de user "wireless" can login moreof one times
How can i solve this problem?
Thanks in
Ok, I'm now one step closer. Mearl's solution worked somewhat. Here is the
output from the debug:
-snip-
rlm_ldap: - authorize
rlm_ldap: performing user authorization for gwaccesspo1
radius_xlat: '(cn=gwaccesspo1)'
radius_xlat: 'o=services'
rlm_ldap: ldap_get_conn: Checking Id: 0
Also note that if you're using /etc/passwd, you have to make /etc/passwd and
/etc/shadow readable by the radiusd process.
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs
-
List
Are you trying to use Universal Password to authenticate? I don't see the TLS
negotiation required for the admin to read the Universal Password.
Why don't you post the entire debug log? Then we can see all the setup info as
the radius server reads it.
Mearl
[EMAIL PROTECTED] 7/19/2005
Hi all,
I'm willing to install Freeradius. I'm using red hat 7.3 in a lab
enviroment. I now it is outdated so, which linux distribution do you
recomend for installing it ?
I've heard that gcc is something critical ...
Any opinion ?
Thanks
Regards,
Lucas
--
No virus found in this outgoing
Well Rh 7.3 is indeed a bit outdated ;)
Now in fact there is several distributions that already do ship
freeradius as package. So you needn't compile it so far.
Examples are: Debian Sarge or SuSE.
Now if u wanna set up freeradius on a server I'd suggest using Debian
Sarge. U could install it
I have not setup Universal Passwords as this is not an option because of the
complexities of the tree. As of right now, the LDAP Group in eDirectory does
not require TLS, so I am therefore not requiring it in radiusd.conf either. I
want to get it to work over cleartext for now, and then setup
We're using Universal Passwords so the setup is a bit different.
The documentation on rlm_ldap says that if password_attribute is set to NULL no
password is sent.
# default: NULL - don't add password
Have you tried it with password_attribute = userPassword ?
I'm assuming that you've
I'm using Exec-Program-Wait for authentication requests. The called
program returns some attributes.
Is there a way to cache the results of the called program, so that if
I get 5 requests in X number of seconds, the program is only called
once?
Thanks for any advice,
Norman Elton
-
On Mon, Jul 18, 2005 at 05:22:51PM +0200, Thor Spruyt wrote:
Hi,
`/home/thor/freeradius-1.0.4/src/modules/rlm_sql/drivers/rlm_sql_mysql'
gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wal
l -D_GNU_SOURCE -DNDEBUG -I../.. -I../../../../include -I'/usr/include/mysq
l'
Norman Elton [EMAIL PROTECTED] wrote:
Is there a way to cache the results of the called program, so that if
I get 5 requests in X number of seconds, the program is only called
once?
Not really. I'd suggest writing a C module which does that.
Alan DeKok.
-
List
Hi all,
Using Freeradius 1.0.4 (FB 4.11)
I want to grouping between dialup adsl...
refer to users file below by if if Ldap-Group ==ADSL is found, should
authenticate/authorizeby "ldapadsl" and if not found, assuming dialup user
and should authenticate/authorizeby "ldap1/ldap2" (DIALUP)
Hi,
If you are getting a reply with ldapsearch then you should be able
to authenticate as that user. One of the possible causes of the -669
error is an invalid password. So check the password and make sure you
are able to log in as that user.
-Sayantan
[EMAIL PROTECTED] 07/20/05 3:00 AM
I
Paul Hampson wrote:
On Mon, Jul 18, 2005 at 05:22:51PM +0200, Thor Spruyt wrote:
Hi,
`/home/thor/freeradius-1.0.4/src/modules/rlm_sql/drivers/rlm_sql_mysql'
gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS
-DOPENSSL_NO_KRB5 -Wal l -D_GNU_SOURCE -DNDEBUG -I../..
-I../../../../include
43 matches
Mail list logo
