how to check multiple value of same attribute

Hi Everyone,I want to check an attribute against multiple value. But I couldn't do that. I'm using mysql with freeradius. I want my users belonging to Surfing group to have access from 9pm to 9am but on saturday they could access till 12pm. The radgroupcheck able has following entries:-

How does freeradius calculate the number of required threads?

Hi group, I'm trying to figure out optimal configuration for our radius-proxy farm. atm the farm is handling about 10-15 req/sec per device with the following config (two servers, load-balanced using an slb) thread pool { start_servers = 20 max_servers = 120 min_spare_server

experienced FreeRadius users in Switzerland?

Hi, I was wondering if there any Swiss based sysadmins or developers listening; I be interested in a physical meeting (BE,ZH,LS or GE) to exchange 802.1x experience and ideas. [I speak DE/FR too if that helps] Thanks in advance, Sean Boran [s e a n AT b o r a n. c o m] - List info/subscrib

RE: exec external script on successful proxy authentication

> you are saying that it is possible to put the "exec" module into this > stage? Well, under the heading "I'd rather teach you to fish than give you a fish", you can determine this by looking at the source. If you look at the bottom of src/modules/rlm_exec.c, you'll find: module_t rlm_exec = {

Re: exec external script on successful proxy authentication

On 10/27/06, Garber, Neal <[EMAIL PROTECTED]> wrote: > Is there a way to execute a script with the original request > attributes at the time of successul receipt of authentication reply > from a home server when FreeRADIUS is used as a proxy? We require to > execute an auxilary action on success

RE: exec external script on successful proxy authentication

> Is there a way to execute a script with the original request > attributes at the time of successul receipt of authentication reply > from a home server when FreeRADIUS is used as a proxy? We require to > execute an auxilary action on successful authentication, but currently > have only found way

RE: FR with AD authentication not working

> -Original Message-> But while using radtest tool with the same logon credentials> as above it rejects the user and here is the log message.Please paste the entire debug log.  It looks like you missed a few bits in the cut and paste.  Mike,   Here is the entire debug log. In the users file

Re: Accountig-Response

Thanks for your time Alan, i'll look again upon all this stuff!Alan DeKok <[EMAIL PROTECTED]> wrote: Vasea Marii <[EMAIL PROTECTED]>wrote:> Actually the situation is a little bit more complicated! The route> is send as you said in Access-Accept but because there are more than> one possible route a

exec external script on successful proxy authentication

Dear list, Is there a way to execute a script with the original request attributes at the time of successul receipt of authentication reply from a home server when FreeRADIUS is used as a proxy? We require to execute an auxilary action on successful authentication, but currently have only found

Re: FR with AD authentication not working

Message: 2Date: Fri, 27 Oct 2006 09:22:39 +0100From: [EMAIL PROTECTED]Subject: Re: FR with AD authentication not working To: FreeRadius users mailing list       Message-ID: < [EMAIL PROTECTED]>Content-Type: text/plain; charset=us-asciihi,remove the System auth

Re: FreeRadius not stable on my server

Nataniel Klug <[EMAIL PROTECTED]> wrote: > I am having a problem: sometimes my freeradius > get a little crazy and close some connections and other times it just > says that the client is still connected and block the client to use > (becouse of max login set to 1) like in this two situatios:

Re: Accountig-Response

Vasea Marii <[EMAIL PROTECTED]> wrote: > Actually the situation is a little bit more complicated! The route > is send as you said in Access-Accept but because there are more than > one possible route and congestions are possible, when i recieve > account-stop with the cause: route overloaded, i sen

Re: How to configure/store NAS clients in LDAP instead of clients.conf

Lenir Santiago <[EMAIL PROTECTED]> wrote: > I've been looking for the past two days all over the web regarding > this subject. Sorry if this question has been posted before. With > rlm_sql im able to store NAS clients on a SQL table. I want to do > the same but with ldap. It's not possible. If

RE : Freeradius is mad ! Or me...

> Why the command "radiusd -A" work fine and not > "/etc/init.d/raduisd start" ??? When you run 'radiusd -A' (I suppose you're root), you are running the radius Server as Root. When you run /etc/init.d/radiusd start, it switches to the 'radiusd' user identity (in FC5). So it is possible that yo

RE: Open access (Jonathan De Graeve)

Hi Jonatahan, Thanks for the quick response. It worked first time. Regards, Sean http://swarmhotspots.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: freeradius and ntlm_auth howto

Let's see if we can get this solved... > -Original Message- > Here's the full log: > Waking up in 6 seconds... > rad_recv: Access-Request packet from host 10.104.254.73:1645, This is NOT the full log. The full log would have started with the line /path/to/radiusd -X Some important s

HP-UX and AIX pam_radius problem

hi everybody, i have a problem with radius module for PAM. When i compile the source of pam_radius-1.3.16.tar, i got a lot of erros. I applied patch's available in the list, but the problems persists.In the HP-UX enviroments the messages are: begin [root] patch_pam_radius> make 

How to configure/store NAS clients in LDAP instead of clients.conf

Hi guys,I've been looking for the past two days all over the web regarding this subject. Sorry if this question has been posted before. With rlm_sql im able to store NAS clients on a SQL table. I want to do the same but with ldap. is there a way that rlm_ldap can lookup NAS clients from my ldap ser

Freeradius is mad ! Or me...

Hi, I have a Freeradius on a fedora core 5 with a backend mysql. It's work fine 20 days. But i have stopped it (/etc/init.d.radiusd stop) and use radiusd -A commande for testing another login for mysql. An since this change the serveur radius can connect to serveur mysql on debug mode (rdiusd -X)

RE: freeradius and ntlm_auth howto

[EMAIL PROTECTED] wrote on 10/27/2006 02:54:52 PM: > Did you notice the response from ntlm_auth: >   > Exec-Program: /usr/bin/ntlm_auth --request-nt-key --username=sstruyf > --challenge=decc4450c3b83d2c --nt- > response=1af36673f68f926b4cc76bf8cd9f440d0c36396981ad345 > Exec-Program o

Re: openldap+freeradius+Cisco

OK it works fine now with this in the users file:   Robert Auth-Type = LDAP service-Type = NAS-Prompt-User, cisco-avpair = "shell:priv-lvl=1" but it is said in radius.conf not to use  Auth-Type = LDAP. so is there an other solution to add this attributes in reply.   Thomas > Message du 27/10/06 à

RE: freeradius and ntlm_auth howto

Did you notice the response from ntlm_auth:   Exec-Program: /usr/bin/ntlm_auth --request-nt-key --username=sstruyf --challenge=decc4450c3b83d2c --nt-response=1af36673f68f926b4cc76bf8cd9f440d0c36396981ad345 Exec-Program output: Logon failure (0xc06d)   This indicates an invalid user

Re: radius + mysql problem

Sri, ¿it never works ? ¿how did you build your radius ? ¿what's your platform and mysql version ? ¿sis you remember to have mysql-devel (mysql headers) available when you build freeradius ?, it seems to me that the driver is not working. In the message below "driver rlm_sql_mysq" is a typo (should

RE: Open access

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 > -Oorspronkelijk bericht- > Van: freeradius-users- > [EMAIL PROTECTED] > [mailto:freeradius-users- > [EMAIL PROTECTED] Namens Sean > Verzonden: vrijdag 27 oktober 2006 14:20 > Aan: freeradius-users@lists.freeradius.org > Onderwerp: Open acc

Open access

Hi, I want to grant access to any user or password on my backup server. I found DEFAULT Auth-Type := Accept in the FAQ, however it gives no hint as to where to put the code. I've been trying various parts of raddb.conf with no success. Any help appreciated as usual. Sean Bracken - List info/su

Re: freeradius and ntlm_auth howto

Here's the full log: Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.104.254.73:1645, id=67, length=259         User-Name = "KMT-EU.KMTG.NET\\sstruyf"         Framed-MTU = 1400         Called-Station-Id = "0016.469b.7cd0"         Calling-Station-Id = "0011.851a.cc37"        

FreeRadius not stable on my server

Hello all, I am using FreeRadius to authenticate my PPPoE clients. This is the version I am using: [EMAIL PROTECTED] radius]# radiusd -v radiusd: FreeRADIUS Version 1.1.0, for host , built on Feb 20 2006 at 08:14:50 Copyright (C) 2000-2003 The FreeRADIUS server project. My system u

Re: freeradius and ntlm_auth howto

[EMAIL PROTECTED] wrote: All, I finally got it working, but not yet as i want. The trick that made it work is settings auth-type := MSCHAPv2 for the You should not do that, and should not *have* to do that. Most likely you have not put the mschap module in the authorize section, *or* you ha

FW: SIGSEGV SEGV_MAPERR

[Apologies, I may have sent this before from the wrong mail-box] Hello I am running the Blastwave packaging of Freeradius 1.0.1 on Solaris 8, sparc. This interfaces with MySQL version 4.0.18-log, built from source. The RADIUS server inexplicably terminates with no core dump or logge

Re: freeradius and ntlm_auth howto

All, I finally got it working, but not yet as i want. The trick that made it work is settings auth-type := MSCHAPv2 for the user(s) and i also started radiusd as root(changed the rights without success to radiusd, but once everything is working i will try to run again with radiusd user) If i conn

Re: FR with AD authentication not working

hi, remove the System authentication line from your users file. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

openldap+freeradius+Cisco

Hi, I'm trying  to authenticate and authorize Cisco routers administrators But not the autorization (privilege level).  so not when i add  "aaa authorization exec default group radiusvrf if-authenticated" to the cisco router to be able to manage privileges with radius.   to make it work, i think i

Bug on Accouting-Requests proxying

FreeRADIUS 1.1.3 bug - Accounting requests reemission by FreeRADIUS In file "main\request_list.c", function "refresh_request". In the case of an accounting request (request->proxy->code == PW_ACCOUNTING_REQUEST), FreeRADIUS adds to the proxied packet the attribute "Acct-Delay-Time" (or updates

RE: Static IP Address allocation database - Active Directory?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 > Has anyone experimented with using Active Directory as a database for > Static IP Addressing? Yes, just assign a static ip in the AD dial-in properties for that user and adapt the ldap.attrmap accordingly, this works perfectly. There is no need to