Thanks for the tip - yes, I'm using Cisco APs and setting up one (more
by the time I'm done) as a radius server allows WLSE to authenticate.
On Wed, 2005-12-21 at 16:10 -0500, Alek Barsky wrote:
> I am working with WLSE in my organization.
> The product has a lot of shortcomings.
> I do not think
Hoping someone can give me some hints/ideas. We have 2 modem pools
available to our users, the availability of which is controlled by the
user's unix group and the Radius Client IP. We also offer dialup
accelleration which is available to members of either modem pool, and is
also controlled by a
Damjan <[EMAIL PROTECTED]> wrote:
> Well, I must say the documentation for freeradius is a bit of a mess...
As always, patches are welcome. Now that the Wiki exists, it's even
easier to submit docs.
> and looking at the source of rlm_files.c, check_pairs is config_items.
> It's a bit confusing
Zitat von Alan DeKok <[EMAIL PROTECTED]>:
> Markus Krause <[EMAIL PROTECTED]> wrote:
> > i would like to authenticate users via pam and sql.
>
> Huh? I don't know what that means. Usually if the user has a
> password, they have one password, which can be stored in one place.
> You don't need to
> > Yep, I tried it and it doesn't work when in the "hints" file...
> > It works when I set that DEFAULT entry in the "users" file.
> >
> > Can you explain what the difference is?
>
> Read the documentation for the differences between the "users" file
> and the "hints" file. Those are the dif
I have to admit that I'm using a paid for client (Funk Odyssey). It's very good but at around £25 to £30 per seat (depending upon numbers) it isn't cheap.
SecureW2 used to be free and was very good. I seem to remember them going open source but I've not really investigated that product in a whi
> Hello. I'm also interested in this.
> What Expire attribute?
The attribute name is actually "Expiration". You set it in rad(group)check
to something like Expiration == "24 Dec 2005 14:00:00", and if the user
connects in 13:48, he'll get a 12 minutes of Session-Timeout.
> Can't find any referen
Alan DeKok wrote:
That would appear to be a bug in the AP. I'd be curious to know how
many AP's have that bug. If so, it would be a very, very, serious
problem.
Which is why it startled me.
I'm not sure how to fix that, to be honest. There's little you can
do on the RADIUS server to m
I'm very curious about the outcome of this as well. The AP is
*supposed* to block all traffic except for EAP traffic pending the
required EAP-Success from the Authentication Server. If the AP is
allowing non-EAP traffic through, and, given that the client->AP traffic
occurs unencrypted until
Damjan <[EMAIL PROTECTED]> wrote:
> Yep, I tried it and it doesn't work when in the "hints" file...
> It works when I set that DEFAULT entry in the "users" file.
>
> Can you explain what the difference is?
Read the documentation for the differences between the "users" file
and the "hints" file
"Ming-Ching Tiew" <[EMAIL PROTECTED]> wrote:
> I am logging to MSSQL and I have tried in the past to do it directly,
> I find that the stability is POOR and reliability is NOT ACCEPTABLE.
> For example, the sql driver does not reconnect upon failure. I tried fixing
> it myself but I also faced othe
=?ISO-8859-1?Q?Joseba_Beltr=E1n?= <[EMAIL PROTECTED]> wrote:
> Really strange, because if I setup the ap to talk directly with the end
> freeradius server it works ok ¿?
Then look at the packets via tcpdump. For some reason the AP or
the supplicant is ignoring the response from the server.
A
SantaYeh <[EMAIL PROTECTED]> wrote:
> I just want to know how can we stop the users checking if mysql return OK.
doc/configurable_failover
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"Timothy J. Miller" <[EMAIL PROTECTED]> wrote:
> However, the AP holds the authentication pending but *leaves the
> client fully connected*. This means that as long as an incomplete
> reauthentication is pending, a previously-authenticated client
> remains online. Not the effect I was looking for
Markus Krause <[EMAIL PROTECTED]> wrote:
> i would like to authenticate users via pam and sql.
Huh? I don't know what that means. Usually if the user has a
password, they have one password, which can be stored in one place.
You don't need to use both PAM & SQL.
> authenticate {
> pam
hello list,
i would like to authenticate users via pam and sql.
part of my radiusd.conf (freeradius 1.0.5 on sles 9) is:
+ part of radiusd.conf
instantiate {
}
authorize {
preprocess
files
sql
shorttermaccount
}
authenticate {
pam
}
preacct {
This is a neat one.
EAP-TLS is working just fine between an XP supplicant, a Cisco AP1200
WAP running 12.3(4)JA, and FreeRADIUS 1.0.1 (plus a patch to allow
multiple root CAs for EAP-TLS trust). Client certificates are on
smartcards, and the AP has a reauthentication timer set, with the inten
Zitat von Damjan <[EMAIL PROTECTED]>:
> > query = "SELECT TO_DAYS(NOW()) - MIN(TO_DAYS(AcctStartTime)) FROM radacct
> WHERE
> > UserName = '%{%k}' LIMIT 1";
> >
> > this actually works very well, a user logs in and is allowed to access to
> the
> > network until the date changes e.g. the second tim
> query = "SELECT TO_DAYS(NOW()) - MIN(TO_DAYS(AcctStartTime)) FROM radacct
> WHERE
> UserName = '%{%k}' LIMIT 1";
>
> this actually works very well, a user logs in and is allowed to access to the
> network until the date changes e.g. the second time if he is allowed access
> for
> two days. but
>> I have this in the hints file:
>> DEFAULT Called-Station-Id == "987654321", Autz-Type := DialUp
>
> I don't think that will do what you want. I suggest using the
> "users" file.
Yep, I tried it and it doesn't work when in the "hints" file...
It works when I set that DEFAULT entry in the "u
From: "Lewis Bergman" <[EMAIL PROTECTED]>
> This is probably a stupid question but whay not log the accounting
> directly to the sql via the sql module?
>
Reasons :-
I am logging to MSSQL and I have tried in the past to do it directly,
I find that the stability is POOR and reliability is NOT
> Hello
> As I am new to this free radius, could you please suggest me a
good
> documentation(free) available on the net.
> Version I am using is Free RADIUS 1.0.5.
>
>
> Regards
> Manuj
Hi, I've written a tutorial that you might find helpful. You'll find it
here http://www.swarmhotspots.com
Really strange, because if I setup the ap to talk directly with the end
freeradius server it works ok ¿?
>>The problem is when I try to authenticate a valid user. I can see the
>>request beeing proxied and a Access-Challenge packet beeing received,
>>but the process stalls.
>>
>>
> The suppli
I store all user account in mysql, and freeradius works fine.
And now, we have some special account that need to write a external
program to do authentication. So we use
the users file using DEFAULT auth-type = Accept with exec-program-wait.
The problem is all mysql accounts doesn't work any more.
24 matches
Mail list logo