Hi Alan
Thanks for your attentio.
By the way, I recently read about NOREALM attribute. I think I should make use of this and specify the servers which I want to treat requests without realms, am I right?
Best Regards
Ali
On 8/6/06, Alan DeKok <[EMAIL PROTECTED]> wrote:
"Ali Majdzadeh" <[EMAIL PR
Hi all,
Maybe my mail will be out of the discussion, but we plan in middle term to
migrate an existing AAA system from a commercial software to FreeRADIUS.
We already made a prototype to check the feasability (existing system performs
authentication against Oracle database sotred procedures).
T
On 8/7/06, Graham Beneke <[EMAIL PROTECTED]> wrote:
> See the "users" file.
>
Correct me if I am wrong - but 'users' is not parsed when i'm using a
MySQL backend?
Pretty sure I disabled it in my setup.
Well, yes. But you have to put the equivalent in the pertinent tables,
wherefore you shoul
Hi,
I'am working on a FreeRadius Setup für our network since 3 weeks and I
get more and more confused, even after days of RTFM. If someone could
help me, I'd owe you a beer. :-)
This is what I want to do:
We have a Linksys Switch which can be an AP for Radius. If a PC is
authenticated the P
Alan,
Refering to below config, each services having their own LDAP tree and
specified under ldap module with different Auth-Type & Autz-type specified
in radiusd.conf. How can I set in users file to search for which tree?
Normally i detect NAS-Identifier, NAS-Port-Type as check item. If I sp
Rohaizam Abu Bakar wrote:
Alan,
Refering to below config, each services having their own LDAP tree and
specified under ldap module with different Auth-Type & Autz-type
specified in radiusd.conf. How can I set in users file to search for
Aside from setting Reject/Accept, that (use of >1 mod
Aside from setting Reject/Accept, that (use of >1 module for a given
auth method) is probably the single valid use. That use would be better
supported using another method than conflating module instance names
with algorithm names.
I'm not quite understand above suggestion/comments..
Tha
reposting
I've got
read_groups = yes
but the rlm_sql module does not process the groups.
The user is found in radcheck and the check items (password) does match...
and I do NOT have "Fall-Through" = yes in the radreply ...
as per docs... (3d)
3. Group processing then begins if any of
Question,
How do you convert the SQL-User-Name sent to upper
case? I have my mac address store in upper case but
the client is sending its mac address in lower case.
I'm trying to edit the sql.conf file but not
successful.
Username = '%{SQL-User-Name}'
Thanks in advance...
__
Geoffroy Arnoud <[EMAIL PROTECTED]> wrote:
> Maybe my mail will be out of the discussion, but we plan in middle
> term to migrate an existing AAA system from a commercial software to
> FreeRADIUS.
I don't mind hearing that. :)
> All authentication is planned to be done with custom modules, and
"Rohaizam Abu Bakar" <[EMAIL PROTECTED]> wrote:
> Refering to below config, each services having their own LDAP tree and
> specified under ldap module with different Auth-Type & Autz-type specified
> in radiusd.conf. How can I set in users file to search for which tree?
Right now, you can't.
"Duane Cox" <[EMAIL PROTECTED]> wrote:
> I've got
>
> read_groups = yes
>
> but the rlm_sql module does not process the groups.
Honestly, I don't use that, and haven't even looked at it. I'd
suggest looking at the source to see what's going on.
Alan DeKok.
--
http://deployingradius.com
fvt3 <[EMAIL PROTECTED]> wrote:
> How do you convert the SQL-User-Name sent to upper
> case? I have my mac address store in upper case but
> the client is sending its mac address in lower case.
You can't really.
Why not do a case-insensitive match in SQL?
Alan DeKok.
--
http://deploying
Alexandros Gougousoudis <[EMAIL PROTECTED]> wrote:
> The problem is, if I setup the authentification with EAP-Type "Smartcard
> or Certificate" in W2K simply nothing happens, there is no request
> coming to the radius server, nor an error message on the client.
FreeRADIUS doesn't support that
Ok, so how do you set freeradius to do a
case-insensitive match? I have "AB:CD:EF:::" in mysql
and when a user authenticate with "ab:cd:ef:::" ,
radius reply with login incorect... Thanks in advance
--- Alan DeKok <[EMAIL PROTECTED]> wrote:
> fvt3 <[EMAIL PROTECTED]> wrote:
> > How do you conv
On Mon, 7 Aug 2006, Alan DeKok wrote:
"Rohaizam Abu Bakar" <[EMAIL PROTECTED]> wrote:
Refering to below config, each services having their own LDAP tree and
specified under ldap module with different Auth-Type & Autz-type specified
in radiusd.conf. How can I set in users file to search for whic
On Friday 04 August 2006 17:21, Alan DeKok wrote:
> Kevin Bonner <[EMAIL PROTECTED]> wrote:
> > One thing I didn't see mentioned on the auth type page is the
> > heavily used "Auth-Type := Local". Was that consciously omitted, or
> > are you still adding content to that page?
>
> I'm adding cont
Thanks Alan. I wanted to test your solution before replying. I've been trying it all day but couldn't get it work. Something very strange is happening . I've added, as you suggested, Auth-Type=PAP. I do that with a users-file at the end of authorization module and I set password_header={sha} in my
http://deployingradius.com/documents/configuration/setup.html
The page has two simple rules for getting the server to do what you
want. It *doesn't* get into details of what modules to touch or how
they work. Instead, it describes higher-level processes that help you
along the way, and ensure
not sure about mysql, but with mssql it's pretty easy...
just do something like this...
select id, lower('%{SQL-User-Name}'), ...
or
select id, upper(%{SQL-User-Name}'), ...
you will find something that works if you look hard enough...
- Original Message -
From: "Alan DeKok" <[EMAIL
On 8/7/06, Yan Cai <[EMAIL PROTECTED]> wrote:
tls: check_cert_cn = "%{User-Name}"
rlm_eap_tls: Loading the certificate file as a chain
Segmentation fault
Hi,
hm, would you care to check if (from your eap.conf)
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
are acce
1, installed openssl-0.9.7-stable-SNAP-20060731, which is downloaded from
www.openssl.org.
2, completed the necessary settings in openssl, which is locaed in
/usr/local/openssl/ssl.
rlm_eap_tls: Loading the certificate file as a chain
Segmentation fault
Seg Fault humm... I usually get this e
Hi,
You can try phpRADmin (www.phpradmin.org), is pre-alpha yet but it can be
useful for you.
Regards.
Toni de la Fuente.
On Mon, 7 Aug 2006 10:37:18 +0530, "raviprakash sunkara" <[EMAIL PROTECTED]>
wrote:
> Hi Guys...
>
> I need to integrate php and raadius...
>
> Actually i want to crea
Le Mon, Aug 07, 2006 at 12:45:37PM -0400, Alan DeKok ecrivait:
> http://deployingradius.com/documents/configuration/setup.html
>
> The page has two simple rules for getting the server to do what you
> want. It *doesn't* get into details of what modules to touch or how
> they work. Instead, it
Duane Cox wrote:
> reposting
>
>
> I've got
>
> read_groups = yes
>
> but the rlm_sql module does not process the groups.
>
My own testing found that the usergroup table would not be used unless
the SQL-Group attribute is found. I set it in the huntgroups file
myself, but you should be
Le Mon, Aug 07, 2006 at 09:10:56AM -0700, fvt3 ecrivait:
> Ok, so how do you set freeradius to do a
> case-insensitive match? I have "AB:CD:EF:::" in mysql
> and when a user authenticate with "ab:cd:ef:::" ,
> radius reply with login incorect... Thanks in advance
Did you try to set lower_user t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi :
I am trying to strip some sort of prefixes out of the usernames using
regular expressions in the hints file with no success in some cases. I have
two scenarios with prefixes, where usernames can be received in the
following form :
Case 1. KNOW
Hi,
Thanks for your reply. I will appreciate you very much if you could tell me
how to verify their accessibility. I am sure they exist in the corresponding
folders. Thanks a lot.
Best wishes,
Yan
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
org] On Behalf Of K. H
- Original Message -
From: "Francois-Xavier GAILLARD" <[EMAIL PROTECTED]>
To: "FreeRadius users mailing list"
Sent: Monday, August 07, 2006 9:19 PM
Subject: Re: sql.conf
Le Mon, Aug 07, 2006 at 09:10:56AM -0700, fvt3 ecrivait:
Ok, so how do you set freeradius to do a
case-insensitiv
Hi, Sorry if this question is a repeat but I saw the
mail archives and not able to find what I am looking
for.
We are using freeradius to connect to LDAP server.
I can able to authenticate with the radius sever fine.
Now I want to retrieve ldap attribute called
productId. Depends on the product
Francois-Xavier GAILLARD <[EMAIL PROTECTED]> wrote:
> I think there's a typo on the page:
Fixed, thanks.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
On Fri 04 Aug 2006 18:35, John Horne wrote:
> Hello,
>
> Is there a problem with the freeradius wiki
> (http://wiki.freeradius.org)? I am trying to sort out a problem and came
> across a reference to the wiki page. However my browser just sits there
> when trying to access the page. I can resolve t
wekz <[EMAIL PROTECTED]> wrote:
> I've added, as you suggested, Auth-Type=PAP. I do that with a users-file at
> the end of authorization module and I set password_header={sha} in my ldaps
> modules ( I hope I won't be wrong ).
That can work, IF the LDAP module returns the sha1 password to
the se
any docs to help on my problem... ? in doc/rlm_ldap, there is section about
LDAP XLAT.. Is it the one ?
thanks..
--haizam
- Original Message -
From: "Kostas Kalevras" <[EMAIL PROTECTED]>
To: "FreeRadius users mailing list"
Sent: Tuesday, August 08, 2006 12:28 AM
Subject: Re: More doc
On Aug 7, 2006, at 14:20, Peter Nixon wrote:
On Fri 04 Aug 2006 18:35, John Horne wrote:
Hello,
Is there a problem with the freeradius wiki
(http://wiki.freeradius.org)? I am trying to sort out a problem
and came
across a reference to the wiki page. However my browser just sits
there
when
I m using EAP-TLS as an authentication protocol.I want to authorize the clients in my network to access only certain protocol traffics.For some users i want to allow only http,while for others http and ftp.How can i create such kind of profiles and perform access control on routers.Sorry friends i
K. Hoercher wrote:
Well, yes. But you have to put the equivalent in the pertinent tables,
wherefore you should contemplate the information contained in the
default users file. Actually, Alan didn't say you have to use it. *g*
The radcheck table is populated automatically by the php script - and i
Hi everyone
I have freradius server on debian linux.
The server gave such error two days
ago
Tue Aug 8 09:29:19 2006 : Info: rlm_eap_tls:
Received EAP-TLS ACK messageTue Aug 8 09:29:20 2006 : Info:
rlm_eap_tls: Received EAP-TLS ACK messageTue Aug 8 09:29:40 2006 :
Info: rlm_eap_tl
38 matches
Mail list logo
