Hello!
I need to insert Event-Timestamp in request destinated to some realm.
Reading documentation i find only one correct way
Here is my preproxy_users
DEFAULT Realm == crossroam.com
Idle-Timeout := `%{Idle-Timeout:-60}`, - Worked
Acct-Interim-Interval :=
How can I authenticate my access pointCLIENT
to APin freeradius ??
In my network I have EAP/TLS authenticate and
everythinggo well when I authenticate users with windows xp and WLAN cart,
but one of myuser have a access point client
and this is a problem becouse I dont now how canI
Hi,
I want to use FR to control the access to different ressources (radius clients).
I've put my users in 'radcheck', defined groups in 'radgroupcheck' according to
Client-IP-Address and put the users in their groups in 'usergroup'.
Some users are in more than one group, but they can only access
Hi Alan,
Palmer J.D.F. [EMAIL PROTECTED] wrote:
Is it possible to set the timeout for the auth cookie used by the
mod_radius
authentication module to 0; by Zero I mean no time, not infinite time?
You mean re-authenticate for every request? That would require
source code changes.
Module: Loaded passwd
passwd: filename = /etc/samba/smbpasswd
passwd: format =
*User-Name::LM-Password:NT-Password:SMB-Account-CTRL-TEXT::
passwd: authtype = MS-CHAP
You've configured the passwd module to set Auth-Type = MSCHAP.
Don't do that.
This is the config file I am
Hi,
Palmer J.D.F. schrieb:
If I get a failed login, then try to login again it just
uses cached
credentials and doesn't prompt for details, if I close
and re-open the
browser it does then allow me to enter details.
Sounds like it might be the browser that's caching the
bad
Erling Paulsen wrote:
Only that, if there is a 'Stripped-User-Name' attribute in the request, it
seems that the server automatically uses this instead of 'User-Name' when
proxying.
Ah, yes. I didn't know the server does that.
Question for Alan: in src/main/proxy.c should we check the value
hi - i'm logging the pre-proxy and post-proxy logs. this works fine.
the proxy-logs show the user-name (and password attribute) and that is fine.
however the post-proxy logs don't contain the user-name because the reply
from the backend radius server doesn't necessarily send the username as an
Hi All,
I am compiling the free radius server code on Linux
kernel 2.4.20.
I wanted to use it for thetext file
authentication.
I am getting the error as follows:
sql_mysql.c:39:20: errmsg.h: No such file or
directorysql_mysql.c:40:19: mysql.h: No such file or directorygmake[10]:
***
Hi,
Is there any documentation for freeradius ? How and where to start ?
Thanks.
--
Best Regards,
Liew Toh Seng
System Consultant, RedHat Certified Engineer
http://www.redhat.com/rhce/rhce803005004313527.html
My Directory Sdn Bhd,
You should browse to http://www.freeradius.org. There you will find the
documents.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Liew Toh
Seng
Sent: Thursday, July 28, 2005 17:29 PM
To: freeradius-users@lists.freeradius.org
Subject: help
Hi,
Is
On Thu, 28 Jul 2005 22:29:04 +0800
Liew Toh Seng [EMAIL PROTECTED] wrote:
Hi,
Is there any documentation for freeradius ? How and where to start ?
Thanks.
--
Best Regards,
Liew Toh Seng
System Consultant, RedHat Certified
melvin [EMAIL PROTECTED] on July 24, 2005 at 02:47 -0800 wrote:
Hi Kris,
Thanks for your reply. I will be very grateful if you could post your
config
entries to me. Many tks.
Hi Melvin,
Please see attached.
I have included the certs, passwords, etc. as they are currently testing
only ones --
I tried this (adding the with-static-modules=expiration) when configuring.
Am I barking up the wrong tree?
./configure
--localstatedir=/var
--sysconfdir=/etc
--with-mysql-include-dir=/usr/include/mysql
--with-mysql-lib-dir=/usr/lib/mysql
--with-mysql-dir=/usr/bin/mysql
Hello guys,
We use freeradius on a Debian 3.1 system, I've created an hybrid distro using
packets from the testing tree to use the FR release 1.0.4 (deb revision 2).
This box needs to proxy both auth and acct requests to a customer server that
runs Cisco ACS 2.6. The NAS is Cisco AS5300.
ManyX [EMAIL PROTECTED] wrote:
How can I authenticate my access point CLIENT to AP in freeradius ??
raddb/clients.conf
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
N White [EMAIL PROTECTED] wrote:
Yes 192.168.1.1 is the NAS.
Then it's running FreeRADIUS. The error message you quoted above:
ad_recv: Disconnect-Request packet from host 192.168.1.2:47874, id=139,
length=31
Unknown packet code 40 from client 192.168.1.2:47874 - ID 139 : IGNORED
Can
Palmer J.D.F. [EMAIL PROTECTED] wrote:
You mean re-authenticate for every request? That would require
source code changes.
Effectively yes, see the description of what I'm trying to do below.
Was was pointed out, you'll get authentication dialogs for every gif
jpg on the page. This
Ramses van Pinxteren [EMAIL PROTECTED] wrote:
You've configured the passwd module to set Auth-Type = MSCHAP.
Don't do that.
This is the config file I am using minus all the comments:
That's nice. It's also irrelevant. I asked you to change *one*
thing, not to show your entire config.
Nicolas Baradakis [EMAIL PROTECTED] wrote:
Question for Alan: in src/main/proxy.c should we check the value
of realm.striprealm before overwriting the User-Name with the
Stripped-User-Name?
Sure.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Tariq Rashid [EMAIL PROTECTED] wrote:
since the state must be maintained in the freeradius proxy - is it possible
to add it to the logs so that troubleshooting is easier? currently i have to
match the timestamps.
Which log are you talking about?
Alan DeKok.
-
List
Ranjitsinh Wable [EMAIL PROTECTED] wrote:
I am getting the error as follows:
sql_mysql.c:39:20: errmsg.h: No such file or directory
Install the MySQL libraries headers?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The reason is that the shared secret is wrong.
RADIUS accounting packets are signed by the client and the signature is
checked by the server. The authenticator is generated by the client from
the packet contents and forms this signature. The server checks this
signature.
Authentication
Jeremy Kenney [EMAIL PROTECTED] wrote:
We use freeradius with mysql. I am having problems with users dialing into
the system more then once from more then one location at the sometime. I.E
a simultaneous use problem. I cannot check against the NAS because we don't
have our own nases and are
Valeriy V. Peshkoff [EMAIL PROTECTED] wrote:
How can i add correct event-timestamp using preproxy_users? Or may be
there is a another way?
I think the version you're using doesn't support reading dates as
large numbers. This should work in the CVS head.
Alan DeKok.
-
List
Will Carter [EMAIL PROTECTED] wrote:
When I configured the freeradius install I used --with-experimental-modules.
So, I checked out what rlm*.so modules are in
/usr/local/lib/
rlm_expiration is not there
Which version of the server are you running?
Alan DeKok.
-
List
freeradius-1.0.2
I noticed that the docs I was looking at that mentioned rlm_expiration was a
different version. So that explains why I wouldn't have that module.
I still should be able to make an insert into radcheck such as the following
and expect my nas to get a session-timeout, correct?
I installed version 1.0.4 reconfigured and tried again. Still getting the
same issue. Any ideas?
Thanks,
will
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan
DeKok
Sent: Thursday, July 28, 2005 1:04 PM
To: FreeRadius users mailing list
Subject: Re:
I apologize for posting again.
Am I correct in thinking that this issue has been addressed after the 1.0.4
release? This post is making me think this.
http://lists.freeradius.org/mailman/htdig/freeradius-users/2005-June/044769.
html
Am I correct to think that if I install one of the nightly
Hello all.
I've been put in a situation in which I am forced to replace our old
icradius server. Upon finding support and development for icradius has been
discontinued for quite some time, I was persuaded to give FreeRadius a shot
due to its widespread acceptance, praise, and most naturally its
Will Carter [EMAIL PROTECTED] wrote:
Am I correct to think that if I install one of the nightly builds that is
after the 1.0.4, then this issue should be addressed. I actually tried to
install the 07282005 snapshot but it wouldn't compile.
Hmm... that's not good. Anyways, the latest
Karma Foxx [EMAIL PROTECTED] wrote:
All I've really done thus far is modify the structure
of the tables in 'oldradius' so that they can be easily copied.
Unfortunately, this presents the problem of having several columns with null
or incorrect values.
Are you willing to say which columns,
Ok, now I am completely into new territory. Never did a cvs checkout before.
Learn something new every day.
Just to be clear before I keep going down this track...
My underlying problem is that I am setting an Expiration value in radcheck,
but Session-Timeout is not getting being returned in the
Hello,
Please apologize that the following is in german only. It's an announcement
of a german forum about freeradius.
---
Ich hoffe es ist ok das hier auf die Liste zu schreiben
Ich habe ein deutschsprachiges Forum zu Freeradius gefunden:
www.freeradius.de
Es ist noch nicht
I am a bit confused now. I understood that if a module returns
RLM_MODULE_FAIL that radiusd would not return an authorization
reject. However, it appears that it still does.
rad_recv: Access-Request packet from host 127.0.0.1:53579, id=193,
length=71
User-Name = visitor
Doug Hardie [EMAIL PROTECTED] wrote:
I am a bit confused now. I understood that if a module returns
RLM_MODULE_FAIL that radiusd would not return an authorization
reject. However, it appears that it still does.
RADIUS servers are supposed to return Access-Reject's for
Access-Accepts,
Alan DeKok wrote:
N White [EMAIL PROTECTED] wrote:
Yes 192.168.1.1 is the NAS.
Then it's running FreeRADIUS. The error message you quoted above:
ad_recv: Disconnect-Request packet from host 192.168.1.2:47874, id=139,
length=31
Unknown packet code 40 from client
N White [EMAIL PROTECTED] wrote:
That's correct. Read my second reply. So other then writing custom
scripts, is there a way for the RADIUS server(FreeRADIUS) to be told to
send a disconnect packet to the NAS that a particular user is logged in
to(NAS could vary - Portmaster, Cisco, PPPoE
On Thu, Jul 28, 2005 at 06:20:35PM -0700, N White wrote:
That's correct. Read my second reply. So other then writing custom
scripts, is there a way for the RADIUS server(FreeRADIUS) to be told to
send a disconnect packet to the NAS that a particular user is logged in
to(NAS could vary -
I have posted this twice now I was wondering if someone would be kind enough
to possibly answer it
Hello,
I am a very frustrated free radius user at this point. Its most likely my
brain not working right but here is my problem
I have a free radius server that does authentication for our
Ok, I am not getting this to work after numerous tries and am feeling
frustrated and ignorant.
$ cvs -d :pserver:[EMAIL PROTECTED]:/source login
$ cvs -d :pserver:[EMAIL PROTECTED]:/source co -r release_1_0
radiusd
Is it correct to say that after I successfully execute the 2 commands above
that
On Jul 28, 2005, at 17:09, Alan DeKok wrote:
RADIUS servers are supposed to return Access-Reject's for
Access-Accepts, rather than just dropping the packets.
If the server *requires* a back-end DB, and that DB is down, then
arguable the server can pretend it's down, too.
I am trying
42 matches
Mail list logo
