Freeradius Assigning Vlan

2006-06-16 Thread fvt3
Hi, How do I assign vlan base on authentication method. Say if user is authenticated from ldap1 assign vlan1, if user is authenticated from ldap2 assign vlan2. How do I configure radius to do this? __ Do You Yahoo!? Tired of spam? Yahoo! Mail has

Re: Configuring unix password/group lookup on FreeBSD

2006-06-16 Thread Matthew Grooms
[EMAIL PROTECTED] wrote: hi, it doesnt work. What you are trying to do will work with the full config in place So it does. Thanks for the info. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -Matthew - List info/subscribe/unsubscribe? See http://ww

Re: Two Ldaps Authentication

2006-06-16 Thread fvt3
So, how can I configure radius to authenticate off ldap2 once ldap1 rejects the user because of a bad password. I want to radius to: Lookup in ldap1 : If rejected because of a bad password then do Lookup in ldap2 Basically I want radius to go through a sequence of lookup if ldap1 fails(ldap re

Re: Configuring unix password/group lookup on FreeBSD

2006-06-16 Thread A . L . M . Buxey
hi, 1) I would suggest that at this stage you upgrade to 1.1.2 rather than starting out with an old version 2) I would also suggest that you start with the main full config and then strip out stanzas one-by-one UNTIL it breaks. then you'll know why its broken rather than strip everything out and

Re: Two Ldaps Authentication

2006-06-16 Thread Terry J Fike Jr
Message: 6 Date: Fri, 16 Jun 2006 09:44:29 -0700 (PDT) From: fvt3 <[EMAIL PROTECTED]> Subject: Re: Two Ldaps Authentication To: FreeRadius users mailing list Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=iso-8859-1 Alan, This is what I have in my radius.conf Autz-

Re: Active Directory Integration with FreeRADIUS - NTLM_Auth

2006-06-16 Thread A . L . M . Buxey
hi, the guide you are following - using ntlm_auth against AD, binding into AD etc is really geared up for doing EAP (PEAP MSCHAPv2 in particular) what _you_ are attempting to do with RADIUS for login authentication of the cisco switches/routers involves plaintext passwords...int his case you'd wan

Configuring unix password/group lookup on FreeBSD

2006-06-16 Thread Matthew Grooms
Hello all, I am trying to get a basic freeradius 1.0.4 server configured to authenticate users from the local unix password/group databases on a FreeBSD 6.1 box. The end result is to get ipsec-tools to do user authentication for some development and testing. I have pared down my radius.c

Re: FreeRadius on SME 7 newbies

2006-06-16 Thread Dylan Haines
Thanks, this is a start. Dylan Dylan Haines - IT Support Specialist [EMAIL PROTECTED] CNA, A+, Network+, ACDT South Shore Regional School Board Nova Scotia 902-624-2127 >>> [EMAIL PROTECTED] 6/16/2006 12:54 pm >>> "Dylan Haines" <[EMAIL PROTECTED]> wrote: > Is there any step-by-step intro availa

Re: FreeRadios rlm_sql dumps if databaase server hiccups

2006-06-16 Thread Matt
I'll do that, however unless the fail-over has something to do with freeradius, we already do it (with our access servers)... the problem is... freradius is sending a reject packet back when it doesn't get a responce from the database EXAMPLE: Database server gets restarted (for whatever reas

Re: Two Ldaps Authentication

2006-06-16 Thread fvt3
Alan, This is what I have in my radius.conf Autz-Type LDAP1{ ldap_ldap1{ invalid=return } ldap_ldap2 } Auth-Type LDAP1 { redundant{ ldap_ldap1{

Re: Active Directory Integration with FreeRADIUS - NTLM_Auth

2006-06-16 Thread Alan DeKok
"Doug White" <[EMAIL PROTECTED]> wrote: > Here is the output of the Radiusd -X and the attempted telnet login to > the switch: ... You've sent it an authentication request with a clear-text password, and told it to use /etc/passwd for authentication. The user isn't in /etc/passwd, so authentica

Re: rlm_detail perfomances

2006-06-16 Thread Alan DeKok
Geoffroy Arnoud <[EMAIL PROTECTED]> wrote: > I have question for those who use rlm_detail module. I saw in source >code that this module is thread unsafe. My understanding is that will >not avoid FreeRADIUS to run multi-thread, but that only one thread >will be able to log details at a time. Am I r

Re: Startup message not being logged

2006-06-16 Thread John Horne
On Fri, 2006-06-16 at 09:16 -0400, Alan DeKok wrote: > John Horne <[EMAIL PROTECTED]> wrote: > > A minor question really. I have just upgraded a server from Fedora Core > > 3 (freeradius 1.0.1) to FC5 (freeradius 1.0.5). I notice that when I > > start freeradius on FC5 (using 'service radiusd start

Re: FreeRadius on SME 7 newbies

2006-06-16 Thread Alan DeKok
"Dylan Haines" <[EMAIL PROTECTED]> wrote: > Is there any step-by-step intro available on the web, we are getting > bogged down in a mass of details and conf files. Install the server. Test it with a simple user in the "users" file, as suggested in the FAQ. Once that works, see http://www.fre

Re: Two Ldaps Authentication

2006-06-16 Thread Alan DeKok
fvt3 <[EMAIL PROTECTED]> wrote: > Hi, I am trying to setup Freedius to have multiple > ldap authentication. I want to authenticate off > ldap1, then ldap2 then mysql. No, you don't. For one, MySQL doesn't do authentication. Neither does LDAP, really. What you probably mean is that you want

Re: Startup message not being logged

2006-06-16 Thread Alan DeKok
John Horne <[EMAIL PROTECTED]> wrote: > Ah. Any ideas of what to look at? I've checked the radiusd.conf and the > syslog.conf file but cannot really see anything wrong. I'll grab the RPM > source and see if I can see what happens. There's nothing wrong in the config, put it down to a bug in the

Active Directory Integration with FreeRADIUS - NTLM_Auth

2006-06-16 Thread Doug White
Hello,I am trying to walk through the following document:http://homepages.lu/charlesschwartz/radius/freeRadius_AD_tutorial.pdfin order to authenticate Cisco router and switch logins againstFreeRadius/Active Directory.  Using the HowTo, I have successfullyjoined a FC2 box to our Windows 2003 AD

Two Ldaps Authentication

2006-06-16 Thread fvt3
Hi, I am trying to setup Freedius to have multiple ldap authentication. I want to authenticate off ldap1, then ldap2 then mysql. If authentication fail in ldap1, then go to ldap2. Ldap1(ldap) and ldap2(AD). Here is my configuration Modules { ldap ldap1 { } ldap ldap2{ } } instantiate{ ldap1 ld

rlm_detail perfomances

2006-06-16 Thread Geoffroy Arnoud
Hi all, I have question for those who use rlm_detail module. I saw in source code that this module is thread unsafe. My understanding is that will not avoid FreeRADIUS to run multi-thread, but that only one thread will be able to log details at a time. Am I right? Second question: does anybody

FreeRadius on SME 7 newbies

2006-06-16 Thread Dylan Haines
Sorry, I messed up the subject, corrected above. We have now found the correct templates folders but are still a bit in the dark as to where to start. /etc/e-smith/templates-custom/etc/raddb and radiusclient (copied from the templates folder) Dylan Dylan Haines - IT Support Specialist [EMAIL

Re: Openvpn server and Freeradius client

2006-06-16 Thread hal
On Jun 16, 2006, at 1:39 AM, [EMAIL PROTECTED] wrote: Hi, The above ONLY works when the username supplied by the Openvpn client is found in the passwd file on the Openvpn server. Yes it does use the radius server to authenticate. As you can imagine this is not the behavior I want. seems f

Re: Startup message not being logged

2006-06-16 Thread John Horne
On Fri, 2006-06-16 at 09:16 -0400, Alan DeKok wrote: > John Horne <[EMAIL PROTECTED]> wrote: > > A minor question really. I have just upgraded a server from Fedora Core > > 3 (freeradius 1.0.1) to FC5 (freeradius 1.0.5). I notice that when I > > start freeradius on FC5 (using 'service radiusd start

Re: FreeRadios rlm_sql dumps if databaase server hiccups

2006-06-16 Thread Michael Lecuyer
I think that authenticating everyone if the database went down would be called 'foolsafe' :) If your database is down you're out of business. There are much better 'failsafe' methods - search for fail-over in the FreeRadius documentation. Matt wrote: Ok, Well with no answer to this question

Re: FreeRadios rlm_sql dumps if databaase server hiccups

2006-06-16 Thread Dylan Haines
Hi, we are looking at setting up FreeRadius on a test SME 7 box for the first time - we are using an AOpen AP as a test AP. Is there any step-by-step intro available on the web, we are getting bogged down in a mass of details and conf files. Thanks for any pointers. Dylan Dylan Haines - IT S

Re: FreeRadios rlm_sql dumps if databaase server hiccups

2006-06-16 Thread Matt
Ok, Well with no answer to this question let me ask it another way... In the event of database (via ODBC) failure... is there a way I can make the radius server go into "failsafe" mode, and just authenticate anything? On 6/15/06, Matt <[EMAIL PROTECTED]> wrote: Hi, We use FreeRadius with unixOD

Re: Startup message not being logged

2006-06-16 Thread Alan DeKok
John Horne <[EMAIL PROTECTED]> wrote: > A minor question really. I have just upgraded a server from Fedora Core > 3 (freeradius 1.0.1) to FC5 (freeradius 1.0.5). I notice that when I > start freeradius on FC5 (using 'service radiusd start') a message is > sent to stdout: > > Fri Jun 16 12:06:59

Re: 3com wx - peap-mschapv2 - freeradius - mysql

2006-06-16 Thread Alessandro Agostini
Stefan Winter ha scritto: Hi! It is incredible! I have just installed SecureW2 and all is ok now! Have you any idea why XP SP2 didn't work? For my user will be more comfortable use XP interface instead install and use SecureW2. I guess that is because Windows XP requires the TLS Server Certif

Re: 3com wx - peap-mschapv2 - freeradius - mysql

2006-06-16 Thread Stefan Winter
Hi! > It is incredible! I have just installed SecureW2 and all is ok now! > Have you any idea why XP SP2 didn't work? For my user will be more > comfortable use XP interface instead install and use SecureW2. I guess that is because Windows XP requires the TLS Server Certificate Extension to be p

Startup message not being logged

2006-06-16 Thread John Horne
Hello, A minor question really. I have just upgraded a server from Fedora Core 3 (freeradius 1.0.1) to FC5 (freeradius 1.0.5). I notice that when I start freeradius on FC5 (using 'service radiusd start') a message is sent to stdout: Fri Jun 16 12:06:59 2006 : Info: Starting - reading configurat

Re: FreeRadius rlm_sql dumps if database server hiccups

2006-06-16 Thread Nicolas Baradakis
Matt wrote: > "There are no DB handles available" instead of reconnecting... the > only way I've found to reconnect, is to restart... > > Any comments or thoughts on this problem? Please upgrade FreeRADIUS to version 1.1.2. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http:

Re: rlm_detail bug when "locking = yes"

2006-06-16 Thread Nicolas Baradakis
Michael Chernyakhovsky wrote: > we need close outfd right before "return RLM_MODULE_FAIL;" at line 236. ... or get the fixes from CVS head which solve many other problems in rlm_detail. (for example file renamed or unlinked by another program) Everyone will save a considerable amount of time if

Re: rlm_perl forking zombies

2006-06-16 Thread david . suarezdelis
Thanks for the reply! > [EMAIL PROTECTED] wrote: > > By itself, this works and no zombies are left behind, as expected. However, > > when used with FreeRadius, zombies are left behind. > FreeRADIUS has a wrapper around fork() that modules are expected to > use. The reason is that the server is

Re: RFC violations

2006-06-16 Thread Bjørn Mork
"Alan DeKok" <[EMAIL PROTECTED]> writes: > So don't get picky about RFC violations. Blind adherence to a > specification is counter-productive. Absolutely. I do acknowledge that RADIUS is one of many protocols where real-life experience and common practice is much more important than the actu

rlm_detail bug when "locking = yes"

2006-06-16 Thread Michael Chernyakhovsky
hello, everybody. my radius use a rlm_perl module, wich open and write some informations to files. also it use rlm_detail but without locking. 2 days ago i add second rlm_detail to config with option "locking = yes". since i got 2 files with corrupted datas which accessed by rlm_perl. i think

Re: Openvpn server and Freeradius client

2006-06-16 Thread A . L . M . Buxey
Hi, > The above ONLY works when the username supplied by the Openvpn > client is found in the passwd file on the Openvpn server. Yes > it does use the radius server to authenticate. > > As you can imagine this is not the behavior I want. seems fine to me - but as you don't say what bahaviour yo