Matthew Horoschun <[EMAIL PROTECTED]> wrote:
> Can you comment on the accounting record rate that you're achieving?
> We're currently testing FreeRadius and I'm seeing a performance ceiling
> of about 200 accounting records per second.
That's really a function of the back-end database. If you
Dusty Doris <[EMAIL PROTECTED]> wrote:
> Our authentication structure is quite different as we are looking more for
> availability. But in the accounting world, we can afford to delay the
> records if needed.
That's a great description. It should be a "howto", or whitepaper.
In the CVS he
Dan Newcombe <[EMAIL PROTECTED]> wrote:
> The short of it is I'm trying to get 802.1x with PEAP to be proxied by
> freeradius to an ias radius server.
Start simple. Use PAP, and "radtest" to send the packets. If that
makes FreeRADIUS proxy the packets, then go to PEAP. Otherwise,
you're test
Hi Dusty,
Now, I'm running freeradius 1.0.5 on freebsd 5.4. We handle about 75,000
logins per day between 3 servers and are using openldap as a backend, which
stores about 400,000 users. We use radrelay to push all the accounting
into a mysql db.
Can you comment on the accounting record ra
Hello,
Thanks everyone for the great product that I've relying on for the past
several years. I am now seeing a problem I hope someone can help with.
I'm using Freeradius-0.9.3 on FreeBSD 5.2.1-REALEASE. We have
Freeradius doing strictly dialup authentication. Some of the NAS's
querying t
Hi Dusty,
Now, I'm running freeradius 1.0.5 on freebsd 5.4. We handle about
75,000 logins per day between 3 servers and are using openldap as a
backend, which stores about 400,000 users. We use radrelay to push all
the accounting into a mysql db.
Can you comment on the accounting record ra
Lenir wrote:
Can anyone please help me with this?
Thanks,
Lenir
Just a thought. Create a 3rd group with the attributes you need?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Lenir
Sent: Wednesday, November 02, 2005 7:34 PM
To: 'FreeRadius user
Ben Walding <[EMAIL PROTECTED]> wrote:
> I've only ever used JRADIUS as an EAP-TLS client for load testing
> FreeRADIUS.
wpa_supplicant has eapol_test, which does something similar. It
includes support for PEAP, TTLS, and a bunch of other EAP protocols.
Alan DeKok.
-
List info/subscribe/un
On 11/9/05, Raoul Demour <[EMAIL PROTECTED]> wrote:
Does anyone have ever tried JRadius (jradius.sf.net)?As I'm more familiar whith Java than C, Iwonder if I'm not going to use it to handleEAP-SIM (I am not completly sure I can do so, but if
it is possible I will do so).As I understand it, JRADIUS
On 11/8/05, Michael Griego <[EMAIL PROTECTED]> wrote:
Ben Walding wrote:> We've found in testing that the XP supplicant (with certain patches)> will read the certificate and send a User-Name that is constructed> from the certificate CN (host/ + cert CN); thus rendering the whole
> "checking the CN
Okay...one step closer. I had been using a debian version of freeradius
1.0.2 and hacked in the eap-tls. I have since followed Ben Kenobi's
advice and "use the source". It appears to be sending packets to the
IAS box now, and I can cut the stuff out and use radclient and have IAS
respond, ho
[EMAIL PROTECTED] wrote:
> Should md5 be added to the list of libraries automatically defined during
> the configure process for the above?
No. src/lib/md5.c includes an MD5 implementation. The build SHOULD
use it. It's used on all other platforms, anfd I don't know why
Solaris doesn't work.
Hi all.I've done my best to try and figure this out myself, but am
really stuck.
First the basics: An enterasys C2 switch setup to do 802.1x
authentication. This switch points to my freeradius server. Attached
to the swich is my XP notebook, which is setup to do 802.1x via PEAP.
On t
Hello,
I was having problems compiling freeradius-1.0.5
on Solaris 10 (sparc) that were rather difficult to troubleshoot. I
managed to get the compilation completed successfully, but it seems that
maybe there could be some changes to improve the experience others have
with compiling freeradius o
Jason Frisvold wrote:
I *think* that's more what I'm looking for.. The idea is to put a
user in a suspended group that will only allow them to go to the
payment server. By using a proxy, I can intercept all port 80 traffic
and redirect them to the proper location.
Does that make more sense
Hello
Does anyone have ever tried JRadius (jradius.sf.net)?
As I'm more familiar whith Java than C, I
wonder if I'm not going to use it to handle
EAP-SIM (I am not completly sure I can do so, but if
it is possible I will do so).
Any experience is welcome.
___
[EMAIL PROTECTED] (Rens Houben) wrote:
> A while ago I upgraded our freeradius server to 1.0.2 from a 0.9.x
> version, and ever since our ISDN dial-up users can not gain access when
> their login type in radcheck is Crypt-Password. If I change them to a
> User-Password attribute and the cleartext p
Nicholas Thompson <[EMAIL PROTECTED]> wrote:
> I finally got freeradius to make without errors. However
> to do this I had to manually change the Makefile (in
> src/modules/rlm_sql/drivers/rlm_sql_mysql)and take
> out these options -x03 -mt and -xarch=v8, but I am not sure if this will
> affect
I finally got freeradius to make without errors. However
to do this I had to manually change the Makefile (in src/modules/rlm_sql/drivers/rlm_sql_mysql)and take
out these options -x03 -mt and -xarch=v8, but I am not sure if this will
affect the stability or useage of freeradius.
>-xarch=v8 so
Cheers Josh. :)
That's pretty much the way we do the Roanmode stuff.
Just wasn't sure being EAP whether you could mess around with the return
packet.
Do you have any cunning solutions to how you might get around the reject
issue?
I'd imagine it's quite a common scenario, IE wanting to let users
Jason Frisvold <[EMAIL PROTECTED]> wrote:
> I *think* that's more what I'm looking for.. The idea is to put a
> user in a suspended group that will only allow them to go to the
> payment server. By using a proxy, I can intercept all port 80 traffic
> and redirect them to the proper location.
T
Thomas Stieglitz <[EMAIL PROTECTED]> wrote:
> Hello Helen,
?
> > It's possible, but I don't think RADIUS is the right tool.
> Which one or which technics do you think ist the right solution for my
> problem?
?
Did you read the text you quoted?
Alan DeKok.
-
List info/subscribe/unsub
Hi Jezz,
Palmer J.D.F. wrote:
Hi,
Can anyone tell me if it's possible to proxy EAP-PEAP from a Cisco Aironet
to an IAS server via FreeRADIUS (I can do this bit), then, set the user's
VLAN information within FreeRADIUS in the access-accept packet returned to
the AP?
Yes - write a script that o
Hi,
Can anyone tell me if it's possible to proxy EAP-PEAP from a Cisco Aironet
to an IAS server via FreeRADIUS (I can do this bit), then, set the user's
VLAN information within FreeRADIUS in the access-accept packet returned to
the AP?
Also, is there a way to return an access-accept with a 'dirty
On 11/8/05, Joe Maimon <[EMAIL PROTECTED]> wrote:
> Framed-Route instructs the NAS to install a route as described by the
> value, to the dialed up user. (at least that what my nas's do)
>
> So in and of itself, I do not think it will accomplish any sort of
> forced proxying.
Right.. the framed r
i use radwatch to check the status of the radiusd, but it keeps sending
"Radius died, restarting" mail to me, but radiusd runs well if i donnot
run radwatch. pls tell why, thanks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Can anyone please help me with this?
Thanks,
Lenir
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Lenir
Sent: Wednesday, November 02, 2005 7:34 PM
To: 'FreeRadius users mailing list'
Subject: RE: return ALL the AVPs for a username that belongs multiple
Title: Nachricht
Yohoo!
I've a (for me)
strange problem mit ntlm_auth.
I want to use
freeradius as an proxy for authentication against ActiveDirectory. So I've
installed winbind. "wbinfo -u" and "wbinfo -g" shows me the User and Grouplists.
Nice :)
I've configured
freeradius like Alan
A while ago I upgraded our freeradius server to 1.0.2 from a 0.9.x
version, and ever since our ISDN dial-up users can not gain access when
their login type in radcheck is Crypt-Password. If I change them to a
User-Password attribute and the cleartext password, it works.
I've compiled a debug log a
Jason Frisvold wrote:
Hi there,
I'm looking for a way to force certain users through a proxy. I
*think* Framed-Routes are the way to go. Can someone help me out a
little?
Framed-Route instructs the NAS to install a route as described by the
value, to the dialed up user. (at least that w
Sorry for the late reply.
Thanks for the info, i'll give it a try.
Best Regards,
Pedro Marcolino
On Mon, 07 Nov 2005 14:27:28 +0100
Nicolas Baradakis <[EMAIL PROTECTED]> wrote:
> Pedro Marcolino wrote:
>
> > Ldapsearch show the following:
> >
> > (...)
> > ispRadiusCiscoAVPair: lcp:interface-
Hello
I have some problems with dialup_admin1.62.
i use freeradius-1.0.1 with mysql on Fermi Linux LTS Release 3.0.1
- first, I have a problem in showing the online user in dialup_admin.
in fact, when i use a telnet user to connect on NAS , it appears in
online user but when it 's a ppp user
Jason Clifford wrote:
> On Mon, 7 Nov 2005, Nicolas Baradakis wrote:
>
> > > If you are going to make a change in freeradius to cope with this don't
> > > waste time trying to read the my.cnf file as you wont know where it is
> > > with any certainty.
> >
> > This is a one-line-change in FreeRAD
System pocztowy Galtex S.A. informuje, iz Twoja wiadomosc zostala dostarczona
Wiadomosc wygenerowana automatycznie przez system pocztowy uzytkownika belskia
Prosze na ta wiadomosc nie odpowiadac.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
System pocztowy Galtex S.A. informuje, iz Twoja wiadomosc zostala dostarczona
Wiadomosc wygenerowana automatycznie przez system pocztowy uzytkownika belskia
Prosze na ta wiadomosc nie odpowiadac.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello Helen,
thank you for your informative answer!
> It's possible, but I don't think RADIUS is the right tool.
Which one or which technics do you think ist the right solution for my problem?
Greetings,
Tom Stieglitz
FreeRadius users mailing list schrieb
am 07.11.05 18:38:23:
>
> Thom
36 matches
Mail list logo