Hi,
after testing and reading a lot of documentation, I have some questions.
First my szenario:
I want to use a freeradiusserver fpr authentication.
The Users are stored in a LDAP-service.
I have different user classes:
1.) Dialin-users: using PAP
2.) VPN-users: using PAP
Set sql_debug = no in admin.conf
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nicholas
Briere
Sent: Thursday, August 04, 2005 2:13 PM
To: freeradius-users@lists.freeradius.org
Subject: Dialup-Admin & mysql Problems help plz!
hello i just installed Free
hello i just installed Freeradius and Freeradius DialupAdmin (with mysql
support)
i changed the admin.conf so its using the correct db username/password.
When i click on quite a few links Like Create New Group i get this atop of
the New Group Page
DEBUG(SQL,MYSQL DRIVER): Query: SELECT DISTINCT g
Hi
i m running freeradius 0-9.0 with mysql on a PPPoE server. i m runinng two different PPPoE service. can i bind a user to perticular PPPoE service using radius ?
With Regards
Thanks in Advance
Nirmal
Start your day with Yahoo! - make it your home page -
List info/subscribe/un
Hello !
I use "=*" operator in User-Password attribute for special account, that
accept any passwords.
User-Password =*anypassword
In pre-1.0.0 CVS it works fine. After upgrading to 1.0.2 it is really
don't work.
Is it bug or some configuration changes must be applied? Is any known
mmm.. can I just check double login, perhaps by query database only without
snmpwalk to ap.
$sql = "SELECT COUNT(*) FROM radcheck WHERE Username='ultrabalad' AND
AccTime=0;
Once the result is equal to 1, freeradius will kick second login.
-Original Message-
From: [EMAIL PROTECTED]
[mail
"Nurul Faizal M.Shukeri" <[EMAIL PROTECTED]> wrote:
> Any suggestion for solution, perhaps my server configuration. I'm stupid
> about snmp.
It's not the server. It's the NAS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello..
It's possible.
We've a SER that authenticate in a freeRadius.
Please, fell free to send me an email ([EMAIL PROTECTED]) and I can help you.
Lima
-Original Message-
From: [EMAIL PROTECTED] on behalf of Alan DeKok
Sent: Wed 3/8/2005 23:24
To: zh
Hi Alan,
Any suggestion for solution, perhaps my server configuration. I'm stupid
about snmp.
Thanks
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nurul
Faizal M.Shukeri
Sent: Thursday, August 04, 2005 8:57 AM
To: 'FreeRadius users mailing list'
Subje
zhu lizhong <[EMAIL PROTECTED]> wrote:
> I try ot connect Freeradius and SER. when i include the dictionary.ser
> in dictionary, the ser tells me that it can nor open the
> dictionary.ser. anyone knows how to fix it? thanks in advance!
Are you willing to say what the errors are?
Odds are it's
On Wed, 3 Aug 2005, Hamid Salim wrote:
> radutmp: check_with_nas = yes
> radutmp: perm = 384
> radutmp: callerid = yes
> Module: Instantiated radutmp (radutmp)
> Listening on authentication *:1812
> Listening on accounting *:1813
> Listening on proxy *:1814
> Ready to process requests.
>
Dusty'
Thank Alan, perhaps my AP problem, coz I already enable the feature.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan
DeKok
Sent: Thursday, August 04, 2005 12:28 AM
To: FreeRadius users mailing list
Subject: Re: Regarding checkrad
"Nurul Faizal M.Shuk
Hello, guys:
I try ot connect Freeradius and SER. when i include the dictionary.ser
in dictionary, the ser tells me that it can nor open the
dictionary.ser. anyone knows how to fix it? thanks in advance!
zhu
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> How do you have this setup? Check out
doc/configurable_failover. That
> should show you how to do it.
>
I'm using configurable failover to get it to roll as it is.
>From my radiusd.conf file:
Authorize{
ldap1{
reject=1
}
ldap2{
reject=1
On Wed, 3 Aug 2005, Hamid Salim wrote:
> radutmp: check_with_nas = yes
> radutmp: perm = 384
> radutmp: callerid = yes
> Module: Instantiated radutmp (radutmp)
> Listening on authentication *:1812
> Listening on accounting *:1813
> Listening on proxy *:1814
> Ready to process requests.
>
You n
Stunning! Thanks Alan, that was all it took. I didn't even realise there
WAS a man page for the rlm_ modules. I'll go read some now.
|\/|artin
--
Senior Network Administrator, NEC (Europe) Ltd.
Acton extension: 3379
NEC*Net: 800-44-21-3379
Direct: +44 20 8752 3379
Fax: +44 20 8752 3389
Mobile: +4
[EMAIL PROTECTED] sbin]# /opt/radiusd/sbin/runradiusd -X
+ LD_LIBRARY_PATH=/opt/openssl/lib
+ LD_PRELOAD=/opt/openssl/lib/libcrypto.so
+ export LD_LIBRARY_PATH
+ export LD_PRELOAD
+ /opt/radiusd/sbin/radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config:
Hi Alan,
Thanks for your explanation.
We´ve a shell script that do exactly what you sad.
I´m trying to look for another way to do this.
We´ve here a VoIP network and we need to restrict "N" connections to some
groups.
When i using a shell script it´s run properly, but it´s not fast.
I thought t
> I am trying to use the passwd module to configure a simple flat file with
> two fields, a user name and a password. I believe I have the module
> configured right:
>
> passwd text_file {
> filename = /var/text_file
> format = "*User-Name:*User-Password"
From th
I am trying to use the passwd module to configure a simple flat file with
two fields, a user name and a password. I believe I have the module
configured right:
passwd text_file {
filename = /var/text_file
format = "*User-Name:*User-Password"
authtype
"Jose Divino de Lima" <[EMAIL PROTECTED]> wrote:
> I´ve a challenge now to limit thu number of simultaneous connections
> (i.e: we can permit only ten connections at the same time).
doc/Simultaneous-Use
If you're limiting connections to 10 *different* people, you'll have
to write some custom
Hamid Salim <[EMAIL PROTECTED]> wrote:
> FreeRadius is not authenticating, there are no messages on the screen
> or the logfile. The AP does not see the FreeRadius server!
>
> I think this is a configuration issue outside of FreeRadius.
Use "tcpdump" to see where the packets are going. This i
gennaro amelio <[EMAIL PROTECTED]> wrote:
> Can i use Freeradius to do a prepaid-billing system??
Yes.
> Freeradius supports CoA and Disconnect Mesage?
radclient can send those packets, but FreeRADIUS doesn't listen for
them.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www
"Nurul Faizal M.Shukeri" <[EMAIL PROTECTED]> wrote:
> My ap is cisco 340 and I already enable snmp feature. I don't know what the
> problem is. Plz help me.
Checkrad isn't able to talk to the AP. The AP isn't listening on SNMP.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.
Forgot to mention. This is on both 1.0.2 and 1.0.4 on both Linux &
FreeBSD.
Thanks.
Fernando.
En un mensaje anterior, Fernando Schapachnik escribió:
> Hi,
> In my AAA chain I have a module that *sometimes* adds a custom
> attribute (defined in my dictionary as ipaddr) called Auth-NAS. Thi
> In the authorize stage it looks in both AD and ldap. In the
> authenticate stage it queries both AD and ldap. The problem
> is that in the authenticate stage it uses the basedn of the
> server that returns the first ok in the authorize stage. So
> if the username is in both AD and ldap, openldap
Hi people,
I need your help.
We´ve a solution that use SER athenticating, athotizing and accounting in a
freeRadius+mySQL.
I´ve a challenge now to limit thu number of simultaneous connections (i.e: we
can permit only ten connections at the same time).
Does anybody has any idea to implement th
> FreeRadius is not authenticating, there are no messages on the screen
> or the logfile. The AP does not see the FreeRadius server!
>
> I think this is a configuration issue outside of FreeRadius.
>
> Has anyone had similar problem.
>
> Any help will be greatly appreciated as i have hit a wall her
[EMAIL PROTECTED] on August 3, 2005 at 03:51 -0800 wrote:
>However, I noticed that we have had multiple dropped connections from
>Windows XP Pro with the Planet WAP-4000 and 3Com Office Connect Wireless
>Access Points every 30 to 45 minutes but the freeradius server logs does
>not show any errors.
Hi,
In my AAA chain I have a module that *sometimes* adds a custom
attribute (defined in my dictionary as ipaddr) called Auth-NAS. This
module is called in the authorize section. Later on, in the post-auth
session I have a SQL-module that has:
postauth_query = "INSERT INTO ${postauth_table
FreeRadius users mailing list on
August 2, 2005 at 16:42 -0800 wrote:
>hi all,
>
>can I use dialadmin for create users and autenticate this in a lan and
>exit
>out the router??
>
>
>LAN (many users) -> router/fw ---> internet
> |
> |
>
Post the output from starting Radius -X perhaps there we can see what is the
Problem
Mit freundlichen Grüßen
Drießen
Es liegt was in der Luft
www.feilbingert.net
Uwe Drießen
Software & Computer
Lembergstraße 33
67824 Feilbingert
Tel.: 06708 660045 Fax 06708 661397
www.edv-driessen.de
>
Tariq Rashid wrote:
> we'd like freeradius to reply to accounting requests (start, stop, interim)
> with acknowledgements, but also to forward the accounting request to a
> backend radius server but to ignore the response from this prozy behaviour.
>
> this means that the querying NAS equipment d
hi - is it possible for freeradius to do the following?
we'd like freeradius to reply to accounting requests (start, stop, interim)
with acknowledgements, but also to forward the accounting request to a
backend radius server but to ignore the response from this prozy behaviour.
this means that t
Hi all,
i was wondering if anyone has successfully implemented the following
setup and/or had any issues. this is my second post. your help will be
greatly appreciated.
I have a setup as follows:
Fedora core 3
FreeRadius 1.0.4
openssl .098
Dell TrueMobile 1170 Access Pointv2.3.3
802.11b/g card
I have freeradius setup to use 2 ldap servers as backend
authentication. One is openldap and the other is windows
active directory. They have different basedn structures and
these are laid out separately in the conf file. I have it
setup to authenticate off of active directory first and
openldap
Hi!
> Setting accthost to LOCAL for handling the accounting. The problem is that
> the NAS'es never recieves any accounting reply and I don't understand why?
Is there possibly a firewall blocking the packets (UDP 1813 by default)? You
should check with a packet sniffer on your server if the pack
Erling Paulsen wrote:
> realm student.X.Y {
> type= radius
> authhost= studentserv.X.Y:1812
> accthost= LOCAL
> secret =
> nostrip
> }
>
> Setting accthost to LOCAL for handling the account
Thanks,
Michel Jansens
>Michel Jansens <[EMAIL PROTECTED]> wrote:
>> Tryed to add 'Fall-Through = Yes' to all 'radgroupcheck' entries, but it
>> didn't work.
>
> It works in the CVS head, and will be in 1.1.x and following versions.
>
> Alan DeKok.
>-
>List info/subscribe/unsubscribe? See
Hi.
I might have missunderstood some concepts here!
We have a freeradius server as proxy, but it's doing all the accounting by
itself. Authentication is handled by remote servers, i.e. other
freeradius'es and IAS'es.
Accounting is logged fine to detail files and a remote Postgresql DB.
So, as I
Hello there,
I am implementing freeradius with openssl to do authentication for Wifi
Windows XP clients with Wireless Access Points which has support for
WPA.
I am using a CommGate Shield product which is based on Red Hat Linux 9.0
with the latest patches, with a custom-compiled freeradius-1.0.4
> Don't. FreeRadius typically treats EAP-Requests as _two_ requests. It handles
> the EAP stuff
> and then generates a new request for the stuff that's contained in the tunnel
> (e.g. PAP) and
> sends that to itself. So, if you force Auth-Type to either EAP or PAP
> unconditionally, either
> the
Hi,
> And forces (even if I encountered several times that may not be done like
> that) in the users conf :
> testuser Auth-Type := PAP, User-Password == "testpass"
> and also tested EAP,
Don't. FreeRadius typically treats EAP-Requests as _two_ requests. It handles
the EAP stuff
and the
hi all,
i' am an italian student and i' m a newbie with freeradius.
So sorry if i ask stupid things...
Can i use Freeradius to do a prepaid-billing system??
Freeradius supports CoA and Disconnect Mesage?
Thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi folks,
I'm trying to configure freeradius to authenticate users through a TTLS tunnel
witth PA
authentication scheme. Xsupplicant has been configured like :
allow_types = eap_ttls
eap-ttls {
root_cert = /etc/xsupplicant/tls/ca_cert.pem
phase2_type = pap
pap {
Rashad Rustamoff wrote:
> What method will be correct to reject user when Session-Timeout are
> exhausted.
Just set "Auth-Type := Reject".
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Plz, tell me the correct way.
Our clients use prepaid hourly cards. I wrote external script that runs when
Accounting-Stop packet received and decrements Session-Timeout attr. in
database by value of Acct-Session-Time attr. in the Accounting-Stop packet.
What method will be correct to reject user w
Hi all,
I made make clean, re-configured with the option --disable-share, make
and make install and now it works!
Thanks for your help!
--Vicky
Nicolas Baradakis wrote:
vicky wrote:
Nicolas,
Here is the output of gdb. Thanks a lot for your help!
[...]
Program received sig
Hi all...
I'm trying to use checkrad to check for double login. I have read
doc/Simultaneous-Use. The problem is when I'm trying to use checkrad, this
is the output :-
sony# checkrad cisco 10.201.1.3 37 ultrabalad 3706
Timeout: No Response from 10.201.1.3.
Timeout: No Response from 10.201.1.3
My
Title: Message
I want to be able to specify a Reply-Message
attribute which is passed to slipstream, which in turn picks up an replymsgs
file. However, I only want this to happen when the login fails. Everything I do
seems to make it return a Reply-message only when it is successful.
I am
50 matches
Mail list logo
