Hey guys,
(Using freeradius-1.1.2 on Ubuntu Linux, with MySQL backend)
I'm setting up an HTTP based download service and we are looking to
authenticate users to download a specific object only. So, I'm
looking for a way to authenticate based on username, password and url.
Now, I can
Oops, should point out that I'm currently using the following line to
get the URL into the access-request:
echo User-Name = joe, Password = testing, incoming-req-uri = http://
www.blibble.net/path_to | ./radclient 127.0.0.1 auth testing123
This puts it into the access-request and the
Title: Question regarding proxying.
I've setup a Freeradius box that I'm trying to proxy to an IAS box. However, I would like all requests that need to be proxied to use ms-chapv2 to 'talk' to the IAS box. Is this possible?
Thanks,
Adam
It generally seems to me to be more an EAP problem. When i to on the
shell 'radtest user password md5hash radiusserver 0 secret' it
works fine.
When changing arround the Atrribute field i get wrong Atrribute
errors. But with the User-Password attribute i get that strange
Hi,
I am setting up a single server to handle various access points at various
locations. Is there a mechanism to limit access to a particular access point
based on the username?
Thanks,
Simon
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan:
why is it that with the recent -head cvs behaves like so.
radiusd.conf
log_file= /${logdir}/radiusd
log_destination = files
when rlm_sql is loaded, this gets printed to stdout (or maybe not stdout
because I can not seem to redirect it)
but when log is setup to use syslog,
[EMAIL PROTECTED] wrote:
I am setting up a single server to handle various access points at
various locations. Is there a mechanism to limit access to a
particular access point based on the username?
There are generic mechanisms to configure the server to do what you
want. I suggest
Everton Skywalker [EMAIL PROTECTED] wrote:
I had been installed freeradius in Fedora using the tutorial of
freeradius home page. I would like to know if necessary use the
files in the directory redhat?
No.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
Roger Thomas [EMAIL PROTECTED] wrote:
My LDAP knowledge is quite shallow and as such I would like to use
- openLDAP only for authentication
- MySQL for authorization and accounting
If that is possible, do I *still* need to extend my LDAP schema with
~/doc/examples/openldap.schema ?
I
[EMAIL PROTECTED] wrote:
I've setup a Freeradius box that I'm trying to proxy to an IAS box.
However, I would like all requests that need to be proxied to use
ms-chapv2 to 'talk' to the IAS box. Is this possible=3F
Yes.
DEFAULT MS-CHAP-Challenge =* 0x00, Proxy-To-Realm := foo
Alan
Duane Cox [EMAIL PROTECTED] wrote:
when rlm_sql is loaded, this gets printed to stdout (or maybe not stdout
because I can not seem to redirect it)
but when log is setup to use syslog, then the output is put to syslog as told.
Many log messages are printed before the log_destination entry is
Christian Poessinger [EMAIL PROTECTED] wrote:
I'm really getting confused now ... is it actually possible to use
md5 hashed passwords in a sql backend and doing EAP-TTLS for
authenticating wireless clients?
http://deployingradius.com/documents/protocols/compatibility.html
See the matrix,
Hi,
I have observed the following behaviour with FreeRADIUS 1.0.2, working in proxy
mode, with synchronous set to YES:
If the realm server is not responding, after max_request_time has expired, the
request is rejected, and the realm is marked to dead. I tried to add a backup
server to the
freeradius-users.
modules {
.
perl {
module = /usr/local/etc/raddb/kes.pl
}
.
authorize {
perl
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file:
Здравствуйте, freeradius-users.
OS: FreeBSD 4.11 STABLE
--
С уважением,
KES mailto:[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Здравствуйте, freeradius-users.
# perl -v
This is perl, v5.8.7 built for i386-freebsd-64int
sorry for many posts...
--
С уважением,
KES mailto:[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Good afternoon. I'm working on implementing a wireless hotspot using
Chillispot and Freeradius. I have an Oracle DB that I would like to pul
username/password credentials from.
I have been installed Freeradius and the SQL module, but in sql.conf it
states to use oraclesql.conf. I have
Brian Atkins [EMAIL PROTECTED] wrote:
I have been installed Freeradius and the SQL module, but in sql.conf it
states to use oraclesql.conf. I have attempted to locate the appropriate
package, module, or config file.
That file is included in the server source distribution. See the
main web
Where does this go? Users?
-Original Message-
From:
[EMAIL PROTECTED]
g
[mailto:[EMAIL PROTECTED]
adius.org] On Behalf Of Alan DeKok
Sent: Tuesday, August 01, 2006 10:39 AM
To: FreeRadius users mailing list
Subject: Re: Question regarding proxying.
[EMAIL PROTECTED] wrote:
I've setup
I've setup a FR server that I've proxied to an IAS server. If a request
hits my FR server with an Auth-type PAP can I translate the auth-request
to ms-chapv2 and forward to my IAS server for authentication? If so how
do I accomplish that?
Alan,
It looks as though Cisco has updated their Cisco VPN 3000 dictionary
with some added attributes (WebVPN primarily). These new pairs are fully
compatible with their ASA 5000 series as well, and may be of some use.
Could you possibly include these in your next update to FreeRADIUS?
Deramus, Chris [EMAIL PROTECTED] wrote:
It looks as though Cisco has updated their Cisco VPN 3000 dictionary
with some added attributes (WebVPN primarily). These new pairs are fully
compatible with their ASA 5000 series as well, and may be of some use.
Could you possibly include these in your
[EMAIL PROTECTED] wrote:
I've setup a FR server that I've proxied to an IAS server. If a request
hits my FR server with an Auth-type PAP can I translate the auth-request
to ms-chapv2 and forward to my IAS server for authentication? If so how
do I accomplish that?
I have no idea why this
Hi,
I am replacing a server that is currently running RedHat 9 and
FreeRadius 0.9.3 to a newer server with Fedora 5 and FreeRadius 1.1.2. While
using my old FreeRadius notes I've come across this error message on startup
that I can't seem to beat. I've tried configuring FreeRadius with
From What I could find, it seems that it required moving/copying
sql.conf to oraclesql.conf (correct me if I am wrong).
Also, as I am weeding my way through this, has anyone used Freeradius to
query existing DBsTables/columns rather than creating a new/unique one?
Brian
Alan DeKok wrote:
I've Devices that use PAP. I'd like to translate to mschap and auth
against Active Directory. I've looked at using LDAP but I'm unable
encrypt the ldap queries / responses.
-Original Message-
From:
[EMAIL PROTECTED]
g
[mailto:[EMAIL PROTECTED]
adius.org] On Behalf Of Alan DeKok
Sent:
[EMAIL PROTECTED] wrote:
I've Devices that use PAP. I'd like to translate to mschap and auth
against Active Directory. I've looked at using LDAP but I'm unable
encrypt the ldap queries / responses.
Use ldaps, and it will be encrypted. See the ldap configuration
section in radiusd.conf.
Brian Atkins wrote:
From What I could find, it seems that it required moving/copying
sql.conf to oraclesql.conf (correct me if I am wrong).
Also, as I am weeding my way through this, has anyone used Freeradius to
query existing DBsTables/columns rather than creating a new/unique one?
No.
Geoffroy Arnoud [EMAIL PROTECTED] wrote:
If the realm server is not responding, after max_request_time has
expired, the request is rejected, and the realm is marked to dead. I
tried to add a backup server to the realm, and actually, the other
incoming requests are sent to the secondary server
Quoting Alan DeKok [EMAIL PROTECTED]:
Roger Thomas [EMAIL PROTECTED] wrote:
My LDAP knowledge is quite shallow and as such I would like to use
- openLDAP only for authentication
- MySQL for authorization and accounting
If that is possible, do I *still* need to extend my LDAP schema
Zitat von Roger Thomas [EMAIL PROTECTED]:
Quoting Alan DeKok [EMAIL PROTECTED]:
Roger Thomas [EMAIL PROTECTED] wrote:
My LDAP knowledge is quite shallow and as such I would like to use
- openLDAP only for authentication
- MySQL for authorization and accounting
If that is
Quoting Markus Krause [EMAIL PROTECTED]:
Zitat von Roger Thomas [EMAIL PROTECTED]:
Quoting Alan DeKok [EMAIL PROTECTED]:
Roger Thomas [EMAIL PROTECTED] wrote:
My LDAP knowledge is quite shallow and as such I would like to
use
- openLDAP only for authentication
- MySQL for
32 matches
Mail list logo