I am away from the office, returning on the 9th of January 2006, if you have
any urgent problems please forward them to SWRC IT ([EMAIL PROTECTED]). Or Call
9780 7314 .
See you soon
Robert
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dusty Doris wrote:
...
If this is your users file, its incorrect. Notice the placement of
commas. The check-items should be on one line seperated by commas.
The reply items should be over multiple lines seperated by a comma,
except for the last line.
HOST/lnxad.tde002.sitest.net, User-C
Hi,
Same thing has happened, I still can not authenticate to WindowsAD. Same Error is displayed when i debug radiusd
I put quotes arround password..
radtest user 'mypass' 192.168.1.1:1812 1812 testing123
or
radtest user 'mypass' 192.168.1.1:1812 1812 testing123
What do you think is the pro
Hi all,
We've got our freeradius servers working with LDAP fine, except for
CHAP. Originally, the logs were saying "Invalid user \\user", but we
fixed that by enabling an option in radiusd.conf.
Now, when we dial up without encrypted password enabled, the connection
comes through successful
Hi Frank,
Take a look at 'configurable_failover' in the doc directory. This describes
how to do what you want.
regards,
Mike
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Frank Bonnet
> Sent: Friday, 16 December 2005 3:38 AM
> To: FreeRadius
Put quotes around the passwordone thing I learned. That
will take you further.
I have a working config. So, please let me know if you are
still running into problems.
P.S.
I will be posting a doc on the wiki once I'm done with
testing.
Alhagie Puye - Network EngineerDatawave Group o
Hi Guru's,
I have installed freeradius and used each LDAP module to authenticate
to WINDOWS 2003 AD. The problem is it cant do the authentication, seems
that i missed the radius.conf LDAP module configuration which causes
the LDAP module to failed when connecting to MSAD. Below is
my radius.con
Just added the sqlcounter to my FreeRadius configuration.
Stumbled over the "Your maximum never usage time has been reached" reply
message
for my noresetcounter (refer to doc/rlm_sqlcounter).
Changed it to: "Your maximum access time has been reached" for the 'never'
case.
Here my Q&D solution:
Maybe my last question was unclear this morning.
Therefore I would like to rephrase it:
Checkitems may be defined via ldap.attrmap e.g. like:
checkItem User-Category primaryGroupID
Those items, retrieved from an ldapserver and thus not part of the request:
Are they sup
##
HOST/lnxad.tde002.sitest.net User-Category != 515
Fall-Through = No,
HOST/lnxad.tde002.sitest.net User-Category == 515
Fall-Through = No,
HOST/lnxad.tde002.sitest.net Auth-Type := Reject
##
If this is your u
the strange thing is that the 1.0.2 config file gives this error
but also the default 1.0.5 config file
Rick
Mikhail Zolikoff wrote:
It's probably something simple, like an errant bracket. If you have
the same error but the same number [1682], it makes me think that
something was repla
I just tested the exact same setup but this time accessing this radius
server directly (instead of thru a proxy) and it works fine. So the
proxy is changing something. Thoughts?
Bill Schoolfield wrote:
Hello,
I'm getting "No matching entry in the database for request from user"
returned fro
Hello,
I'm getting "No matching entry in the database for request from user"
returned from the sql lookup. Below I have the radclient and server
diagnostics interlaced. All look correct and the querries are good (see
below for them). What is wrong?
Bill
/usr/local/bin/radclient -x -f radc
Ok, I solved the problem. The PEAP of freeRadius 1.0.1 on solaris cannot work correctly.
after I upgraded the server to 1.0.5, it is working.
Jie
On 12/14/05, Jie Yang <[EMAIL PROTECTED]> wrote:
Hi,
I removed "@domain", but still the same error.
I also run an AEGIS v.2.0.5 (a very old version th
Alan,
I got a little mixed up. I was thinking the sql query would use the
group attribute along with the username (as though the group mechanism
supported users with the same name in different groups). I know better now.
What was actually happening (I should have looked at the sql closer) is
FYI: Usable format for the Freeradius/Radius Expiration attribute (one
of many):
15 December 2005 15:33:00
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Bill Schoolfield <[EMAIL PROTECTED]> wrote:
> Here's our problem; the proxy works fine but the authentication
> (actually the user lookup) is failing when testing via radclient. The
> user lookup fails because the 'Group' attribute in the referenced
> attribute file (-f file) is being ignored (n
Maybe my last question was unclear this morning.
Therefore I would like to rephrase it:
Checkitems may be defined via ldap.attrmap e.g. like:
checkItem User-Category primaryGroupID
Those items, retrieved from an ldapserver and thus not part of the request:
Are they sup
It's probably something simple, like an errant bracket. If you have the
same error but the same number [1682], it makes me think that something
was replaced in the upgrade but didn't properly clean up the file.
Riccardo Veraldi wrote:
Yes these are the messages running radiusd -A -X
any hints
Alan,
Perfect! Worked like a charm! Now, is it possible to have a more
specific expiration date, i.e. "16:00 15 Dec 2005" ? Or perhaps a unix
date?
Alan DeKok wrote:
Mikhail Zolikoff <[EMAIL PROTECTED]> wrote:
I'd like to set a "dropdead date/time" by which a user can log into
Hello,
We are switching out a client from cistron radius to FreeRadius with
MySQL. To test things out without changes to the NASs, we are proxing
certain realms to the new FreeRadius server.
Here's our problem; the proxy works fine but the authentication
(actually the user lookup) is failing
Yes these are the messages running radiusd -A -X
any hints ?
thanks
Rick
Doug Hardie wrote:
On Dec 15, 2005, at 05:42, Riccardo Veraldi wrote:
hell oI upgraded from freeradius 1.0.2 to 1.0.5 and nothing works
anymore
I have this error:
radiusd.conf[1682] Unknown Auth-Type "Pam" in auth
Phil Mayers <[EMAIL PROTECTED]> wrote:
> Ok, let's take a breath. First things first:
...
Could this be a Wiki page?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Frank Bonnet <[EMAIL PROTECTED]> wrote:
> If the login is not found on our local LDAP server it will be search on
> the next LDAP server in a list and so on until all LDAP servers have
> been searched ?
doc/configurable_failover. See the "notfound" return code.
Alan DeKok.
-
List info/subs
=?iso-8859-1?Q?Beno=EEt_Bianchi?= <[EMAIL PROTECTED]> wrote:
> In my users file I=92ve set a list of the mac address like
> this :
...
> "001122334455" Auth-Type := Accept
Anyone logging in with that username will get accepted.
> The problem is that when doing EAP-TTLS auth
> Christophe Gravier wrote:
>>>
>> My password are not stored in LDAP in clear text but hashed using SHA
>> algorythm, so this won't work ;-(
>
>
> Ok, let's take a breath.
Yes, I agree, that's why I quit for today ;-)
> First things first:
>
> If your passwords are in SHA (which they are) your R
Mikhail Zolikoff <[EMAIL PROTECTED]> wrote:
> I'd like to set a "dropdead date/time" by which a user can log into my
> Freeradius server. I'm thinking of an attribute or counter that sets or
> performs the following:
See the "expiration" attribute.
Alan DeKok.
-
List info/subscribe/unsubscr
Christophe Gravier wrote:
My password are not stored in LDAP in clear text but hashed using SHA
algorythm, so this won't work ;-(
Ok, let's take a breath. First things first:
If your passwords are in SHA (which they are) your Radius server will
ONLY be able to answer PAP requests.
The ve
Frank Bonnet wrote:
Hello
I have a chillispot that works with OpenLDAP
on a Debian box
Strictly the same thing I want to achieve indeed ! ;-)
How are your password in your LDAP ? (clear ? hash form ?)
Moreover, except this configuration of the ldap remote server, what did
you put in authori
On Dec 15, 2005, at 05:42, Riccardo Veraldi wrote:
hell oI upgraded from freeradius 1.0.2 to 1.0.5 and nothing works
anymore
I have this error:
radiusd.conf[1682] Unknown Auth-Type "Pam" in authenticate section.
commenting out pam thne I Got this
radiusd.conf[1682] Unknown Auth-Type "System
Hello
I have a chillispot that works with OpenLDAP
on a Debian box
here are the modifications in radiusd.conf I wrote
# Lightweight Directory Access Protocol (LDAP)
#
# This module definition allows you to use LDAP for
# authorization and authentication (Auth-Type := L
Installation: Debian (sarge) + Freeradius 1.0.2 w/rlm_sqlcounter + MySQL
4.1.11
Hello, everyone!
I've been trying to do the following, and I thought that I had it
tonight, but I can't seem to get it:
I'd like to set a "dropdead date/time" by which a user can log into my
Freeradius server. I'm
Seferovic Edvin wrote:
Hi,
rather confusing. I have to admit, I have never used chillispot, but I've
just visited their website and in FAQ I found "Why should I use
CHAP-Challenge and CHAP-Password?" so this makes me think that Chillispot
uses CHAP authorization. And when you use CHAP, you do N
> rather confusing. I have to admit, I have never used chillispot, but I've
> just visited their website and in FAQ I found "Why should I use
> CHAP-Challenge and CHAP-Password?" so this makes me think that Chillispot
> uses CHAP authorization. And when you use CHAP, you do NOT need LDAP as
> autho
Hello
I actually use freeradius to authenticate wi-fi users thru the
chillispot software.
Our freeradius server use our LDAP as backend and everything runs well
now I would like to know if it is possible to use _several_ LDAP servers
with freeradius with a kind of the following mechanism :
If
Try using += as the op, that should do it.
Ex. Cisco-AVPair += "nas-tx-speed=53300"
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of James
Wakefield (Sunet Sysadmin)
Sent: Thursday, December 15, 2005 1:22 AM
To: FreeRadius users mailing list
Subject: Cisco-
Hi,
rather confusing. I have to admit, I have never used chillispot, but I've
just visited their website and in FAQ I found "Why should I use
CHAP-Challenge and CHAP-Password?" so this makes me think that Chillispot
uses CHAP authorization. And when you use CHAP, you do NOT need LDAP as
authorisat
Hello Edvin,
First, I received my email posted to the list several times in my mail
client.
I higly hope this is not the case for all you ! (if it is, thunderbird
didn't like to switch from the testing wireless network back to cable
and vice versa, since they're all dated to the same hour)
Hello,
I must admit, I have been reading this thread, but I still do not understand
what Christophe is trying to accomplish. As far as I understand - you have
your passwords in LDAP, and you only ( kind of ) need to authorize but NOT
authenticate users that are in your LDAP directory..
Please co
Phil Mayers wrote:
Alan DeKok wrote:
<[EMAIL PROTECTED]> wrote:
rlm_ldap: Adding userPassword as User-Password, value { & op=11
That's better.
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type LDAP
Yuck.
My quick answer is to edit rlm_lda
Everything goes through the proxy.
josh.
--On Thursday, December 15, 2005 15:09:22 +0100 Nicola Iotti
<[EMAIL PROTECTED]> wrote:
Hi,
I'm using Freeradius 1.0.5 as Proxy , but does anyone knows if
freeradius have just to send requests from NAS to Server or also server's
replies to the n
I have a need to proxy users based on either AD group membership or a substring in the username. I am currently using LDAP to AD .
AD group membership scenario: If user is in group "x" then proxy to radius server "y".
Substring scenario: If username contains string "x", then strip "x" and proxy
Hi,
I’m using Freeradius for both Mac and WPA
authentication (EAP-TTLS) of my WiFi users, and i’m facing a trouble I
have no idea how to solve :
In my users file I’ve set a list of the mac address like this :
# Portable MACHIN
"001122334455"
Auth-T
Hello!
EveryOne! Nice to meet you!
You must know your password to change your options (including
changingthe password, itself) or to unsubscribe. It
is:uvazgi
:P
wanna change it now and NEVER use it again ANYWHERE
as harvesters _like_ such.
br
mfred
-
List info
Hi,
I'm using Freeradius 1.0.5 as Proxy , but does anyone knows if freeradius have just to send requests from NAS to Server or also server's replies to the nas ? I mean does the radius serves reply directly to NAS or it communicates always through the freeradius proxy?
Regards
Ing. N
Alan DeKok wrote:
<[EMAIL PROTECTED]> wrote:
rlm_ldap: Adding userPassword as User-Password, value { & op=11
That's better.
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type LDAP
Yuck.
My quick answer is to edit rlm_ldap.c to have it *never* se
Hello! EveryOne! Nice to meet you!
2005/12/15, [EMAIL PROTECTED] <
[EMAIL PROTECTED]>:
Welcome to the Freeradius-Users@lists.freeradius.org
mailing list!To post to this list, send your email to:freeradius-users@lists.freeradius.orgGeneral information about the mailing list is at:
http://lists.free
hell oI upgraded from freeradius 1.0.2 to 1.0.5 and nothing works anymore
I have this error:
radiusd.conf[1682] Unknown Auth-Type "Pam" in authenticate section.
commenting out pam thne I Got this
radiusd.conf[1682] Unknown Auth-Type "System" in authenticate section.
and so if I comment out "un
Christophe Gravier wrote:
Alan DeKok wrote:
<[EMAIL PROTECTED]> wrote:
rlm_ldap: Adding userPassword as User-Password, value { & op=11
That's better.
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type LDAP
Yuck.
My quick answer is t
Seferovic Edvin wrote:
Hi,
I am using HP ProCurve 2626 ( smaller version of 2650 ) and I haven't seen
any dictionary files nor need for a dictionary file. MAC-Based auth is
working fine with freeradius and I suppose EAP would works fine as well.
Get them from HP then post them with a bug report
Hi,
I am using HP ProCurve 2626 ( smaller version of 2650 ) and I haven't seen
any dictionary files nor need for a dictionary file. MAC-Based auth is
working fine with freeradius and I suppose EAP would works fine as well.
Regards,
Edvin Seferovic
-Original Message-
From: [EMAIL PROTECT
Hi,
dictionary file on your freeradius server is usually found under
/usr/share/freeradius/dictionary...
Search for
ATTRIBUTE Acct-Interim-Interval 85 integer
On your pppoe server ( which is using radiusclient ), look at
/etc/radiusclient/dictionary and add if not exists
ATTRIBU
Hi.
[ You wrote Thursday, December 15, 2005, 2:52:10 PM ]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
SE> Well you have set up your pppoe-server to send the accounting information
SE> only at the end of the session. If connection is "lost", you will have the
S
Well you have set up your pppoe-server to send the accounting information
only at the end of the session. If connection is "lost", you will have the
accounting data in your database with AcctTerminateCause something like
"terminated by server".
The session you have sent me is just an open session
James Wakefield wrote:
> I've got an AS5300 that sends a few attributes, with accounting stop,
> encapsulated in Cisco-AVPair eg: Cisco-AVPair = "nas-tx-speed=53300" and
> the VSA hack doesn't appear to let me refer to that value in my SQL
> statements with either the %{nas-tx-speed} or %{Cisco
Hi.
[ You wrote Thursday, December 15, 2005, 2:14:10 PM ]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
SE> Hi,
SE> use Acct-Interim-Interval attribute
I TRY! and no changes
Tell me please in that table i need write this attribute ?
SE> ( maybe you will need
Hi.
[ You wrote Thursday, December 15, 2005, 2:14:10 PM ]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
SE> Hi,
SE> for traffic information - look at the RADACCT table in your mysql database
SE> called radius. A simple sql query could be -
-)
i know what infor
Hi,
use Acct-Interim-Interval attribute ( maybe you will need to change your
dictionary file ). This also depends on pppoe which is using radclient - I
am not sure if it is supported by your server. I am using Poptop with
freeradius and it works.
Regards,
Edvin
-Original Message-
From:
Hi,
for traffic information - look at the RADACCT table in your mysql database
called radius. A simple sql query could be -
SELECT SUM(AcctOutputOctets) as download, SUM(AcctInputOctets) as upload
GROUP BY Username ORDER BY Username ASC;
This should give you a list of your users and their upload
Hi, freeradius-users.
Linux Debian, # uname -a
Linux g48 2.6.14.3-1 #4 Sun Dec 11 05:57:57 MSK 2005 i686 GNU/Linux
#freeradius -v
freeradius: FreeRADIUS Version 1.0.5, for host , built on Oct 16 2005 at
11:56:56
# mysql -V
mysql Ver 14.12 Distrib 5.0.13-rc, for pc-linux-gnu (i486) using readli
Hi, freeradius-users-bounces.
I use pppoe+ppp+freeradius+mysql on Linux Debian.
When user connect by pppoe - into radacct table insertes records, where
inOctets & out ==0
If session will be 20 hours - data about acct will be updated after session
will be close.
But if session will be lost - i lo
Alan DeKok wrote:
<[EMAIL PROTECTED]> wrote:
rlm_ldap: Adding userPassword as User-Password, value { & op=11
That's better.
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type LDAP
Yuck.
My quick answer is to edit rlm_ldap.c to have
Hello,
I wrote a little "how to" of what I have done in order to make
freeradius working with chilli, regarding my configuration.
Because it involves several services (apache ssl, freeradius, ldap, sql,
..)
I didn't really find a suitable complete how to for my needs.
That's the reason why
I want to add a checkitem from an ldap request and use it, when later
the users file is processed.
Therefore I added
checkItem User-Category primaryGroupID
to ldap.attrmap
The users file contains nothing but:
##
HOST/lnxad.tde002.site
Hello,
I wrote a little "how to" of what I have done in order to make chilli
working, regarding my configuration.
Because it involves several services (apache ssl, freeradius, ldap, sql,
..) I didn't really find a suitable complete how to for my needs.
That's the reason why I wrote mine (in f
65 matches
Mail list logo
