"Guido" <[EMAIL PROTECTED]> wrote:
> When response: Access Reject, I can't see any h323-return-code.
Access-Reject packets are not allowed to contain any attributes.
If you want to return an attribute, edit the source code.
Alan De
-
List info/subscribe/unsubscribe? See http://www.freerad
thanks for all you input so far, and i am still looking, trying to use the hint and huntgroup file for a work around so success yet. By the way i should mention the code worked perfectly well with redhat 9.
[00-0423-236767-676752-6752-52]
the first and the last octet works, its just {2} - {5} t
Hello everybody, I'm using freeradius 1.1.0. The issue is with
h323-return-code and reject as response.
When response: Access Accept all works fine, I can see h323-return-code,
h323-credit-time.
When response: Access Reject, I can't see any h323-return-code.
The question is there are some to
Zoltan Ori wrote:
> On Thursday 11 May 2006 16:30, Dennis Skinner wrote:
>> Are you responding to me?
>>
> Yes, he is.
I was subtly suggesting he should include relevant text in his responses
like I am doing. If someone searches the archives later, they have no
context for his message.
> Mr Por
On Thursday 11 May 2006 16:30, Dennis Skinner wrote:
> Damian Porter wrote:
> > the user-name is coming to the radius process without any dashes and i
> > want to add dashes to separate the octets.
> >
> > I have looked an that document and it does not offer a solution for the
> > problem.
>
> Are
On Thu, 2006-11-05 at 15:13 -0400, Damian Porter wrote:
>
> I have bee struggling with problem for a few days now.
>
> I use Centos 4.3 and freeradius 1.0.1. I am trying to rewrite a
> username to include dashes. see my statement below in the rewrite
> section.
>
>searchfor = "([a
Damian Porter wrote:
> the user-name is coming to the radius process without any dashes and i
> want to add dashes to separate the octets.
>
> I have looked an that document and it does not offer a solution for the
> problem.
Are you responding to me?
0e35-353afe-3afe19-fe19 has dashes. Either
[EMAIL PROTECTED] wrote:
>
> Dear list:
>
>
> I´m taking up again my work with freradius since two years ago. Now I´m
> working over a RHE AS linux distribution box and working with a Mysql
> 5.0. In this version the password hashing algorithm has changed and
> differ from Mysql 3.x or 4.x. Then
the user-name is coming to the radius process without any dashes and i want to add dashes to separate the octets.
I have looked an that document and it does not offer a solution for the problem.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Damian Porter wrote:
>
> I have bee struggling with problem for a few days now.
>
> I use Centos 4.3 and freeradius 1.0.1. I am trying to rewrite a username
> to include dashes. see my statement below in the rewrite section.
>
>searchfor =
> "([a-z0-9]{2})([a-z0-9]{2})([a-z0-9]{2}
Dear list:
I´m taking up again my work with freradius
since two years ago. Now I´m working over a RHE AS linux distribution box
and working with a Mysql 5.0. In this version the password hashing algorithm
has changed and differ from Mysql 3.x or 4.x. Then I´d like to know if
freeradius engine wi
I have bee struggling with problem for a few days now.
I use Centos 4.3 and freeradius 1.0.1. I am trying to rewrite a username to include dashes. see my statement below in the rewrite section.
searchfor = "([a-z0-9]{2})([a-z0-9]{2})([a-z0-9]{2})([a-z0-9]{2})([a-z0-9]{2})([a-z0-
I was wounding if there was a way for ldap to look into
nested groups.
I have enabled ldap groups, and I have a ldap group that
contains another group, and I would like ldap to search with in that main group
and nested group to see if a user belongs to either group.
If anyone know
Hello Jeremy,
PLEASE ! SPECIFY YOUR PROBLEM ! you have sent 2-3 comments to the mailing
list and nobody ( besides Alan ) wanted to respond! Why? No needed
information ( aka I have car, car has tires, but I cannot drive, why? ).
You are using db. Okay. What DB? Firebird, MySql, MSSQL, Oracle?
How
Hi,
> i tried ntradping it seems to work. but from what me and my friend are seing
> its being stopped at the mysql database. we arent sure
could you be more specific - ie send the output from FreeRADIUS in debug mode -
radiusd -X
you may, of course, obfuscate private words and bytes
alan
-
L
Jeremy ohara wrote:
> i tried ntradping it seems to work. but from what me and my friend are
> seing its being stopped at the mysql database. we arent sure
>
> have you delt with MYSQL much?
>
> Jeremy
Jeremy,
Have you read any of the docs included with the server? It says over
and over and
Hi there
i have free radius updated on fedora.
got a mysql database. but from what i'm noticing its not being check on the
database.
got dialupadmin installed and using that to put the accounts into the
database. and have setup freeradisu with the db
Jeremy
-
"Jeremy ohara" <[EMAIL PROTECTED]> wrote:
> i tried ntradping it seems to work. but from what me and my friend are seing
> its being stopped at the mysql database. we arent sure
Don't CC me on messages to the list. I get enough email already.
And read the FAQ for how to debug the server.
> how formilar are you with Freeradius?
Uh... try reading the list for a while.
Alan DeKok.
HAHAHHA :) Sorry - I just couldn't help myself!
For mailing-list-newbies: people that respond to your questions have more
experience then you do and they are willing to help ( in most cases ).
Nobo
i tried ntradping it seems to work. but from what me and my friend are
seing its being stopped at the mysql database. we arent sure
have you delt with MYSQL much?
Jeremy
-Original
Message-From: "Alan DeKok" <[EMAIL PROTECTED]>To:
FreeRadius users mailing list
Date: Thu, 11 May 20
"Jeremy ohara" <[EMAIL PROTECTED]> wrote:
> i'm using Radas.
Never heard of it. This probably means it's market share is
miniscule. i.e. no one else is using it.
> how formilar are you with Freeradius?
Uh... try reading the list for a while.
Alan DeKok.
-
List info/subscribe/unsubscrib
"Robles Rodriguez,Alejandro" <[EMAIL PROTECTED]> wrote:
> Well, I'm wondering if this is in a clustered configuration i.e.
> multiple nodes handling the load and cooperating (sharing data such
> as IP pools).
Sharing data is harder. You're better off splitting the IP pools by
server. The cli
The only way i got this to work, was seperate trees in ldap for each
group. and then in your default line in your users file put the tree you
want it to search for the group and nas definition.
Message: 2
Date: Thu, 11 May 2006 12:52:47 +0300
From: Mircea Harapu <[EMAIL PROTECTED]>
Subject:
i'm using Radas. i'm just about to try ntradping
how formilar are you with Freeradius?
jeremy
-Original
Message-From: "Alan DeKok" <[EMAIL PROTECTED]>To:
FreeRadius users mailing list
Date: Thu, 11 May 2006
12:51:53 -0400Subject: Re: Strange error
"Jeremy ohara"
<[EMAIL PROTECTE
[EMAIL PROTECTED] wrote:
> Then the freeradius server compare this login / nspmPassword with the
> login / password received first, it find differences and does not
> authenticate the user.
> I don?t know if the nspmPassword sent back by the Novell server is bad or
> good because the ldap response
"Jeremy ohara" <[EMAIL PROTECTED]> wrote:
> when i try to use a test radius program to test the radius to see if it
> works i geot
>
> error: warning bad radius packet form host x.x.x.x: unknown packet code 100
>
> does anyone know what th is means?
It means that the test client is not sendin
Hi there
i just setup freeradius with mysql
when i try to use a test radius program to test the radius to see
if it works i geot
error: warning bad radius packet form host x.x.x.x: unknown packet code
100
does anyone know what th is means?
jeremy
-
Am Donnerstag, 11. Mai 2006 17:38 schrieb Christopher Carver:
> If you want to use rlm_sql you do this with the tables radius.usergroup
> and radius.radgroupcheck. In radius.radgroupcheck you'd have something
> like this:
>
> ++---+---+++
>
> | id | GroupName
Am Donnerstag, 11. Mai 2006 16:23 schrieb Bogdan Dumitriu - Technical Support
Team:
> You can create a group "deactivated" for the users you don't want to
> allow to connect and set Auth-Type == Reject for that group.
(...)
> Thanks,
> Bogdan.
hi,
Auth-Type == Reject was the right solution. But
If you want to use rlm_sql you do this with the tables radius.usergroup
and radius.radgroupcheck. In radius.radgroupcheck you'd have something
like this:
++---+---+++
| id | GroupName | Attribute | op | Value |
++---+---++---
Hello,
besides the comment of Alan D. I think you should have a damn good reason
for entering more than one password for ONE user. Are you trying to make
your system THAT complicated? Or are your users just stupid to remeber ( or
even write down ) a given password?
Regards,
Edvin
-Original
You can create a group "deactivated" for the users you don't want to
allow to connect and set Auth-Type == Reject for that group.
If you want to tie a group to a certain NAS you have to use huntgroups:
TestNAS1NAS-IP-Address == xxx.xxx.xxx.xxx
SQL-Group == dialup,
Hi,
I want to authorize users according to the membership in a group. With
Auth-Type=System it is easy:
DEFAULT Auth-Type = System, Group == "RASUser"
Is there any analogy to this setup in the sql module? Thanks for any help, I
am quite desparate already ...
--
Dr. Michael Schwartzkopf
=?iso-8859-1?B?U2FudGlhZ28gQmFsYWd1ZXIgR2FyY+1h?= <[EMAIL PROTECTED]> wrote:
> I use freeradius-1.1.0. Where is any problem an account has two or more
> entries in radcheck table???
>
> I use :
>11:22:33:44:55:66 :=''
>11:22:33:44:55:66 :=mypassword
WHat are you tryin
Alain Fauconnet <[EMAIL PROTECTED]> wrote:
> Then I must have missed it. I probably have searched for the wrong
> keywords... yes, I see now in the FAQ, I should have searched for
> "chap" and not "ms-chap" or "mschap". Sorry.
You're not the first person to ask this question. Google should
retu
Hi,
I use freeradius-1.1.0. Where is any problem an account has two or more
entries in radcheck table???
I use :
11:22:33:44:55:66 :=''
11:22:33:44:55:66 :=mypassword
I change the op := instead of ==. Is there any problem???
___
2006/5/10, Alan DeKok <[EMAIL PROTECTED]>:
> We have to script the coordination between the DHCP server? Yes.
For to be sure to understand ...
There are scripts who permit to coordinate the AP information for
accounting and the dialog dhcp client/server ... the AP can take the
information of dhcp
2006/5/10, Alan DeKok <[EMAIL PROTECTED]>:
A well written DHCP server should be as flexible as FreeRADIUS, andallow you to write the IP to an SQL table.
Unfortunately, there is no such DHCP server.
I don't understand ...
You want to say that it's necessary to devellop a better ippool/dhcp funct
Hello,
I apologize for the delay in this
reply.
My 802.1x client send a demand
of authentification on the network.
By means of ENTERASYS switch, the
demand of authentification arrive at the radius server with login / password.
The demand of authentification
(login /password with accents) arrives
Hi Alan,
>> So the Cisco DOES receive the attributes in the reply packet, but
obviously
>> ignores them??
>
>what does your CISCO IOS config look like for radius ? It appears that you
may
>only have the authentication line and not the authorization line...eg
>
>aaa new-model
>aaa authentication lo
Hello,
I'm using freeradius 1.0.4 with openldap 2.2.24 to authenticate users on
cisco switches.
Every switch belongs to a specific group and for every user I'm setting
the groups he can access. I also use cisco avpairs for level privilege.
So far , so good!
The problems occured when I tried to
Hi,
> So the Cisco DOES receive the attributes in the reply packet, but obviously
> ignores them??
what does your CISCO IOS config look like for radius ? It appears that you may
only have the authentication line and not the authorization line...eg
aaa new-model
aaa authentication login default r
Hi again,
>The priv lvl I use in my users file is:
>
>Cisco-AVPair := "shell:priv-lvl=1"
>
>Debug output would help determine what isn't working.
>
>Kevin Bonner
here is a debug from my radius-server:
rad_recv: Access-Request packet from host 10.0.2.241:1645, id=9, length=76
NAS-
Chris Liles wrote:
I hacked up the line to just say %{Stripped-User-Name} but that value
must be null or something, because then ntlm_auth gets called with
"--username="
Any thoughts as to why I can't get the DOMAIN\ stripped when calling
ntlm_auth
Although you've already solved it, FYI the r
Hi,
As a backend database to RADIUS I use MySQL. No I have a special problem:
I want to autorize a user for a specific service only if the user is member of
a specific group, say "RAS_User". This configuration is nescessary because
this database is used also for other authentication/autorizatio
Thanks for your reply Alan,
On Thu, May 11, 2006 at 01:53:10AM -0400, Alan DeKok wrote:
> Alain Fauconnet <[EMAIL PROTECTED]> wrote:
> > I've browsed the FAQs, the mailing list archives but I have failed to
> > find a definite, clear answer to this: what kind of user/password
> > back-end can work
46 matches
Mail list logo