Min Qiu [EMAIL PROTECTED] writes:
I would like to restrict user login by NAS-IP-address or
fqdn if possible. Therefore I can restrict user to login
a group of devices.
user1 Auth-Type := Local, User-Password == sceret,
NAS-IP-address ==10.1.2.0/24
Using a regexp is just as easy
I have a Windows XP SP2 client, with winpcap 3.1 installed. I have downloaded wpa_supplicant 0.5.0, but the executable wpasvc.exe is not recognized by the system, is it possibile? After installing winpcap, what do I have to do?
Yahoo! Mail: gratis 1GB per i messaggi, antispam, antivirus,
I have a Windows XP SP2 client, with winpcap 3.1 installed. I have downloaded wpa_supplicant 0.5.0, but the executable wpasvc.exe is not recognized by the system, is it possibile? After installing winpcap, what do I have to do?
Yahoo! Mail: gratis 1GB per i messaggi, antispam, antivirus,
Ernesto, thanks a lot for quick reply.
I have used the radtest command and I can get access
accept successfully.
What I don't know understand is the next step (after
NAS authenticate and authorize).
How can we measure the users usage. Where should I put
the attribute session start and how i
Hi,
I'm pretty stuck in a radius/ldap 802.1x authentication.
During the authentication process the client (windows 2k through a e1
switch) sends the authentication using MD5-Challenge which is for what I
understand the easiest of all.
The FreeRadius server recevies everything but failed to
I am away from the office, returning on the 30th of January 2006, if you have
any urgent problems please forward them to SWRC IT ([EMAIL PROTECTED]). Or Call
9780 7314 .
See you soon
Robert
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I know that this is FreeRadius forum, but since ICRadius forum is almost
dead i thought someone can help me, here. It turns out this morning that
I have over 1,800,000 records in my RadAcct table with blank username.
Probably I am under attack. The record is so much different than regular
user
Robert WAKIM wrote:
rlm_ldap: checking if remote access for gab is allowed by radiusFilterId
rlm_ldap: Added password {MD5}mmGCSLZNti0VswCgewBYCw== in check items
Nope. That won't work. EAP-MD5's MD5 algorithm needs the plaintext
password so unless you can get that out of LDAP, you'll have to
Rohaizam Abu Bakar wrote:
Which file i should fix? and what to add?
You can manually fix 1.1.0 by removing these two lines in file
src/modules/rlm_otp/otp_state.c:
Index: src/modules/rlm_otp/otp_state.c
===
RCS file:
Robert WAKIM wrote:
rlm_ldap: checking if remote access for gab is allowed by
radiusFilterId
rlm_ldap: Added password {MD5}mmGCSLZNti0VswCgewBYCw== in check
items
Nope. That won't work. EAP-MD5's MD5 algorithm needs the plaintext
password so unless you can get that out of LDAP, you'll
Hi
I have a rather simple freeradius server. I run freeradius 1.0.5
on solaris 10 with PEAP/MS-CHAPv2 authentication through the users
file.
I want to see who's connected with radwho, but when I run that I only
get:
# radwho
Radwho: Error reading /usr/local/var/log/radius/radutmp: No such
Rafael Roldán wrote:
But when I tried to test the ippool module I obtained a segmentation
fault when I run radiusd.
Please no HTML to the list.
If you found a bug in FreeRADIUS, follow the instructions here:
http://freeradius.org/radiusd/doc/bugs
In my rlm_ippool directory I have:
# pwd
Dear list,
I'm setting up FreeRADIUS so that I can authenticate WPA (Enterprise)
from a Linksys access point against Kerberos (via. RADIUS).
I can get FreeRADIUS to authenticate against Kerberos (using radtest),
and I can get FreeRADIUS to talk EPA-TTLS with the access point (or the
WIFI
dark0s dark0s schrieb:
Excuse me, but what is AEGIS protocol?
How can I disable the disable the binding of the
AEGIS Protocol of the network card?
The AEGIS protocol is the broken supplicant of your wlan card.
I have only an german windows so I can't tell you how the menu name is
called in
Hi,
Have anyone been able to use freeradius with mysql and a bind dns server
to update a domain say dynamic.com everytime a user connects?
I want to create a local ADSL dynamic dns service for all my adsl users,
eg. if the login name is companyX with ip 165.146.165.78 I want to
update the
Robert WAKIM wrote:
Thanks for the answer. It works if I store the passwords in clear text
in the ldap database.
What method should I use to store the passwords in md5?
I don't think you use any challenge-response mechanisms with the
passwords MD5 crypted.
Some MD5-based
Jake Messinger wrote:
I know this is the freeradius forum but I thought Id ask here.
I have a customer using icradius and they say that they cant easily
switch to freeradius because of several python scripts written to work
with icradius.
Don't know anything about that error but if the python
Hy Alan,I am interested in the following statement: And unless you have a million users, performance of the server isn't really an issue. FreeRADIUS can handle multiple hundreds of thousands of users on a commodity PC without any problems.Why a million of users? Which are the problems
They seem very resistant to change to freeradius.
They think that since the other portmasters are working fine, that it must
be THIS portmaster causing their radius logs to fill with these strange
messages:
Check list does not match request list [USER] (from nas access-2#2/S99 cli
Hy,
Thanks Nicolas. Sorry, its the first time I work in a UNIX environment.
In the configure output I obtained:
configure: warning: silently not building rlm_ippool.
configure: warning: FAILURE: rlm_ippool requires: libgdbm.
After installing the package gdbm-1.8.3, which are the steps I have
I have a Cisco 3660 router configured for dialup AAA
through FR (1.0.5) to access our LAN. I also have the
login to the router itself, for admin, authenticating
through FR (MySQL backend).
The same DB is used for all auth, so currently anyone
with a dialup account could also telnet into the
I've found that my problem might be with Apache 2 and PHP 5 - does anyone
else have dialup-admin running properly on Apache 2 and PHP 5? I'd hate to
think I'd have to downgrade.
Thanks,
Scott
- Original Message -
From: Scott Miller [EMAIL PROTECTED]
To: FreeRadius users mailing
Can you explain me better what is AEGIS protocol? Because I cannot find it on the system.
Yahoo! Mail: gratis 1GB per i messaggi, antispam, antivirus, POP3-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dark0s dark0s [EMAIL PROTECTED] wrote:
Excuse me, but what is AEGIS protocol?
How can I disable the disable the binding of the
AEGIS Protocol of the network card?
Please do not post off-topic messages to this list.
There are other lists devoted to supplicant software. Supplicant
Laker Netman wrote:
I have a Cisco 3660 router configured for dialup AAA
through FR (1.0.5) to access our LAN. I also have the
login to the router itself, for admin, authenticating
through FR (MySQL backend).
The same DB is used for all auth, so currently anyone
with a dialup account could also
FreeBSD 6.0
Apache 2.2.0
PHP 5.1.1
FreeRadius 1.0.5
Dialup_admin works fine for me. It does appear to be a PHP problem.
Look at your apache logs and see what errors you are getting if any.
You might want to check the error_reporting setting in your php.ini,
make sure it is set to E_ALL so
Hello all,I have heard about Freeradius, that it is a very powerfull server. Thank you to all for the work you have done !! I need a Radius server to perform prepaid VOIP telephony. For that the server must implement the RFCs 2865, 2866, 3539, and the extension for Prepaid follows the
Stephen Walsh [EMAIL PROTECTED] wrote:
ldap_search() failed: Operations error
It's a combination of factors. What's happening is that your LDAP
search isn't fully qualified, so when something isn't found in
students, AD returns a referral to staff. OpenLDAP fails to use
the authentication
Chris Knipe [EMAIL PROTECTED] wrote:
Uhm, any support for RFC3576, added or planned?
radclient supports those packets. FreeRADIUS doesn't.
Do you have suggestions for what FreeRADIUS is supposed to do when
it gets those packets? I'm asking for *specific* details. i.e. as
detailed as
San [EMAIL PROTECTED] wrote:
How can we measure the users usage. Where should I put
the attribute session start and how i use the session
stop. (what are the command?)
But the O'Reilly RADIUS book and read it.. The answer to your
question is too long to post here.
I really lost in this
Nataniel Klug [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] radius]# tail radius.log -n 2
Tue Jan 24 01:24:02 2006 : Auth: rlm_unix: [nata]: invalid password
Nice. Is there any particular reason you're refusing to run the
server in debugging mode, as suggested in the README, FAQ, and
INSTALL?
Phil Mayers [EMAIL PROTECTED] wrote:
...because it doesn't have the required info. Probably it should yell
about needing the right kind of password, though how it's supposed to
know the one you've given it is the wrong one I would have to think about.
In 1.x, the LDAP module puts the
Robert WAKIM [EMAIL PROTECTED] wrote:
Thanks for the answer. It works if I store the passwords in clear text
in the ldap database.
What method should I use to store the passwords in md5?
If you store the passwords as MD5 hashes in your database, then the
only authentication methods that
Jakob Oestergaard [EMAIL PROTECTED] wrote again:
If I put this in my users file, EAP-TTLS works and FreeRADIUS correctly
sees the PAP password from the laptop:
DEFAULT Auth-Type = EAP
You don't need to do that. The server will figure it out on it's own.
If I put this in my users file,
Torkel Mathisen [EMAIL PROTECTED] wrote:
I don't have that radutmp file.
How do I get freeradius to log users in that file?
Make the NAS send data that FreeRADIUS can log. See the FAQ.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Willem Pretorius [EMAIL PROTECTED] wrote:
Have anyone been able to use freeradius with mysql and a bind dns server
to update a domain say dynamic.com everytime a user connects?
Run an external shell script from the server when the user connects.
Alan DeKok.
-
List
Marta Lajas [EMAIL PROTECTED] wrote:
Why a million of users? Which are the problems that may appear?
For one, you probably don't want to run only one server. If you
have 100 users and your RADIUS machine dies, it's not a big deal. If
you have a million users, it's much more of a problem.
I'm able to make it work by using huntgroups
admin NAS-IP-address =~ ^10\.1\.2\.# thanks a lot to Bjørn
User-Name = admin1,
User-Name = admin2,
...
...
and users
admin1 Auth-Type := Local, User-Password == secret, Huntgroup-Name ==
admin
...
I
I have noticed that Radius connects to my LDAP server and maintains that
connection open for many many hours for user lookups. Is there a way to
have it connect only when a suer needs to authenticate? Are there
pros/cons to doing something like that?
Thanks!
Tim Crouch
Systems
Yes, it is working fine, at least in freeradius
1.0.5.
Read my comments here:
http://lists.freeradius.org/mailman/htdig/freeradius-users/2005-October/047765.html
Unfortunately every change in the nas_table requires a restart of the
freeradius server. Would
be
nice to have something like a
I'm sure someone can give me a quick answer to this problem. I have one
radius server that handles request in the form:
username
[EMAIL PROTECTED]
[EMAIL PROTECTED]
We this setup in our proxy.conf file:
realm domain1.com {
type= radius
authhost= LOCAL
Willem Pretorius wrote:
Hi,
Have anyone been able to use freeradius with mysql and a bind dns server
to update a domain say dynamic.com everytime a user connects?
I want to create a local ADSL dynamic dns service for all my adsl users,
eg. if the login name is companyX with ip
On Tuesday 24 January 2006 11:24, Laker Netman wrote:
I have a Cisco 3660 router configured for dialup AAA
through FR (1.0.5) to access our LAN. I also have the
login to the router itself, for admin, authenticating
through FR (MySQL backend).
The same DB is used for all auth, so currently
I'm doing this with huntgroups
J.
-Oorspronkelijk bericht-
Van: freeradius-users-
[EMAIL PROTECTED]
[mailto:freeradius-users-
[EMAIL PROTECTED] Namens
Lewis
Bergman
Verzonden: dinsdag 24 januari 2006 18:01
Aan: FreeRadius users mailing list
Onderwerp: Re: Restricting access to a
On Monday 23 January 2006 20:37, User for Free Radius mail list wrote:
The result is domain2.net will Auth OK them but they cannot get on line
because domain1.com will reject them because of the users file.
How do I fix this problem?
Thanks!
Ken
Running in debug mode should show you what
Thanks a lot for the reply!
On Tue, Jan 24, 2006 at 12:28:00PM -0500, Alan DeKok wrote:
Jakob Oestergaard [EMAIL PROTECTED] wrote again:
If I put this in my users file, EAP-TTLS works and FreeRADIUS correctly
sees the PAP password from the laptop:
DEFAULT Auth-Type = EAP
You don't
deborah malka [EMAIL PROTECTED] wrote:
I need a Radius server to perform prepaid VOIP telephony. For that the
server must implement the RFCs 2865, 2866, 3539, and the extension for
Prepaid follows the specifications : X.S0011-005-C and X.S0011-006-C.
Does Freeradius implements all
Jakob Oestergaard [EMAIL PROTECTED] wrote:
The kerberos module complained that no User-Password was sent, and
therefore it couldn't try authenticating against the kerb. server.
Because:
a) the server got EAP, and you told it to do kerberos
or
b) the tunneled authentication protocol
Thanks Alan;
I think I understand what you mean, however each of our trees is sorted by
campus, then OU, then users.
Student
|
|
|---Brisbane
|
|---Sydney1
|
|---Sydney2
|
|---Canberra
|
|--computers
|
|--Printers
|
|---users
and the same for staff.
Do you know an open source radius server that implements them ? I really need this !Thank you for advance,DeborahAlan DeKok [EMAIL PROTECTED] a écrit: deborah malka wrote: I need a Radius server to perform prepaid VOIP telephony. For that the server must implement the RFCs 2865, 2866,
Hi everyone.
Im trying to get RLM_perl to respond with two Cisco-AVPair lines (what
would usually be done with += in users)
Unfortunately only the first seems to get sent back to the nas - debug
output follows
rlm_perl: Added pair Cisco-AVPair = ip:dns-servers=10.10.10.10 10.10.10.12
rlm_perl:
Is it possible to configure freeradius to send its log files to a
remote syslog server? The only reference I've found at all to syslog
in the documentation is the deprecated radiusd switch -l, and that was
for a local syslog process.
Thanks,
Mark
-
List info/subscribe/unsubscribe? See
Alan Lumb wrote:
Hi everyone.
Im trying to get RLM_perl to respond with two Cisco-AVPair lines (what
would usually be done with += in users)
So try that with rlm_perl
the server functions that update the list need to see the += operator.
-
List info/subscribe/unsubscribe? See
deborah malka [EMAIL PROTECTED] wrote:
Do you know an open source radius server that implements them ?
No.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mark Tunnell [EMAIL PROTECTED] wrote:
Is it possible to configure freeradius to send its log files to a
remote syslog server? The only reference I've found at all to syslog
in the documentation is the deprecated radiusd switch -l, and that was
for a local syslog process.
You should
Alan;
I've tested it further and you are right, the search isn't recursively
entering the tree. What in the search changed between 1.01 (which works)
and 1.04 (which returns errors when trying to enter the OU's)? If is
possible to revert to the 1.01 search under 1.04?
many thanks
Stephen
How do I send radius logs to the local syslog server? The man page
says the -l radiusd switch is deprecated and that you should see the
log_dir configuration item in the radiusd.conf file. There is no
'log_dir' configuration item in the radiusd.conf file. There is a
'logdir' and a 'log_file'.
We have a Software Engineer -Radius position available. Any one interested can forward your resume to krishna_k_gutti at yahoo.comFunction DescriptionWe are looking for an experienced senior systems engineer to configure and manage our AAA (authentication, authorization, and accounting) system.
Hi all. I'm using FR on FC4 and FC2, MySQL and NTRADPING to test user AAA process. I wanna test user authentication for realm/proxy setup. There are some question: 1. Do i need to place the additional realm/proxy server section after the LOCAL or before it in proxy.conf? 2. I used IPAddrs instead
2006/1/25, Alan DeKok [EMAIL PROTECTED]:
deborah malka [EMAIL PROTECTED] wrote: Do you know an open source radius server that implements them ?No.Alan DeKok.-List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.htmlI've heared openradius can do that. But I don't know much
Agus Supriyadi [EMAIL PROTECTED] wrote:
I've heared openradius can do that. But I don't know much about it.
OpenRADIUS does prepaid, the web page gives sample configurations.
But FreeRADIUS does prepaid, too. See the docs sample files.
No open source server I'm aware of implements the
Mine too is FreeBSD 6.0 with Apache2.2.0 and php5.1 Dialup admin works
fine only one dialup menu option i.e Statistics when I click on it,
gives the error as follows;
Warning: mktime() expects parameter 1 to be long, string given in
62 matches
Mail list logo