Actually the situation is a little bit more complicated! The route is send as you said in Access-Accept but because there are more than one possible route and congestions are possible, when i recieve account-stop with the cause: route overloaded, i send in Account-Response the second possible
Has anyone experimented with using Active Directory as a database for
Static IP Addressing?
I have two Radius groups in AD, Radius and Radius_StaticIP.
If you are a member of the radius group, you are given a address by
the NAS (I return 255.255.255.254 to the NAS).
If you are a member of the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Has anyone experimented with using Active Directory as a database for
Static IP Addressing?
Yes, just assign a static ip in the AD dial-in properties for that user and
adapt the ldap.attrmap accordingly, this works perfectly. There is no need to
FreeRADIUS 1.1.3 bug - Accounting requests reemission by FreeRADIUS
In file main\request_list.c, function refresh_request.
In the case of an accounting request (request-proxy-code ==
PW_ACCOUNTING_REQUEST), FreeRADIUS adds to the proxied packet the
attribute Acct-Delay-Time (or updates it, if
Hi,
I'm tryingto authenticate and authorize Cisco routers administrators But not the autorization (privilege level).so not wheni add "aaa authorization exec default group radiusvrf if-authenticated"to the cisco router to be able to manage privileges with radius.
to make it work, i think i need to
hi,
remove the System authentication line from your users file.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
All,
I finally got it working, but not yet
as i want.
The trick that made it work is settings
auth-type := MSCHAPv2 for the user(s) and i also started radiusd as root(changed
the rights without success to radiusd, but once everything is working i
will try to run again with radiusd user)
If i
[Apologies, I may have sent this before from the wrong mail-box]
Hello
I am running the Blastwave packaging of Freeradius 1.0.1 on Solaris
8, sparc.
This interfaces with MySQL version 4.0.18-log, built from source.
The RADIUS server inexplicably terminates with no core dump or
[EMAIL PROTECTED] wrote:
All,
I finally got it working, but not yet as i want.
The trick that made it work is settings auth-type := MSCHAPv2 for the
You should not do that, and should not *have* to do that.
Most likely you have not put the mschap module in the authorize section,
*or* you
Hello all,
I am using FreeRadius to authenticate my PPPoE clients. This is the
version I am using:
[EMAIL PROTECTED] radius]# radiusd -v
radiusd: FreeRADIUS Version 1.1.0, for host , built on Feb 20 2006 at
08:14:50
Copyright (C) 2000-2003 The FreeRADIUS server project.
My system
Here's the full log:
Waking up in 6 seconds...
rad_recv: Access-Request packet from
host 10.104.254.73:1645, id=67, length=259
User-Name
= KMT-EU.KMTG.NET\\sstruyf
Framed-MTU
= 1400
Called-Station-Id
= 0016.469b.7cd0
Calling-Station-Id
= 0011.851a.cc37
Service-Type
=
Hi,
I want to grant access to any user or password on my backup server. I
found DEFAULT Auth-Type := Accept in the FAQ, however it gives no hint
as to where to put the code. I've been trying various parts of
raddb.conf with no success.
Any help appreciated as usual.
Sean Bracken
-
List
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
-Oorspronkelijk bericht-
Van: freeradius-users-
[EMAIL PROTECTED]
[mailto:freeradius-users-
[EMAIL PROTECTED] Namens Sean
Verzonden: vrijdag 27 oktober 2006 14:20
Aan: freeradius-users@lists.freeradius.org
Onderwerp: Open access
Sri, ¿it never works ? ¿how did you
build your radius ? ¿what's your platform and mysql version ? ¿sis you
remember to have mysql-devel (mysql headers) available when you build freeradius
?, it seems to me that the driver is not working.
In the message below driver
rlm_sql_mysq is
a typo (should
Did you notice the response from ntlm_auth:
Exec-Program: /usr/bin/ntlm_auth --request-nt-key
--username=sstruyf --challenge=decc4450c3b83d2c
--nt-response=1af36673f68f926b4cc76bf8cd9f440d0c36396981ad345
Exec-Program
output: Logon failure (0xc06d)
This indicates an invalid
OK it works fine now with this in the users file:
Robert Auth-Type = LDAP
service-Type = NAS-Prompt-User,
cisco-avpair = "shell:priv-lvl=1"
but it is said in radius.conf not to use Auth-Type = LDAP.
so is there an other solution to add this attributes in reply.
Thomas
Message du 27/10/06 à
[EMAIL PROTECTED]
wrote on 10/27/2006 02:54:52 PM:
Did you notice the response from ntlm_auth:
Exec-Program: /usr/bin/ntlm_auth --request-nt-key
--username=sstruyf
--challenge=decc4450c3b83d2c --nt-
response=1af36673f68f926b4cc76bf8cd9f440d0c36396981ad345
Exec-Program output:
Hi,
I have a Freeradius on a fedora core 5 with a backend mysql.
It's work fine 20 days.
But i have stopped it (/etc/init.d.radiusd stop) and use radiusd -A commande for
testing another login for mysql. An since this change the serveur radius can
connect to serveur mysql on debug mode (rdiusd
Hi guys,I've been looking for the past two days all over the web regarding this subject. Sorry if this question has been posted before. With rlm_sql im able to store NAS clients on a SQL table. I want to do the same but with ldap. is there a way that rlm_ldap can lookup NAS clients from my ldap
hi everybody, i have a problem with radius module for PAM. When i compile the source of pam_radius-1.3.16.tar, i got a lot of erros. I applied patch's available in the list, but the problems persists.In the HP-UX enviroments the messages are:
begin [root] patch_pam_radius make
Let's see if we can get this solved...
-Original Message-
Here's the full log:
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.104.254.73:1645,
This is NOT the full log. The full log would have started with the line
/path/to/radiusd -X
Some important
Hi Jonatahan,
Thanks for the quick response. It worked first time.
Regards,
Sean
http://swarmhotspots.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Why the command radiusd -A work fine and not
/etc/init.d/raduisd start ???
When you run 'radiusd -A' (I suppose you're root), you are running the
radius Server as Root.
When you run /etc/init.d/radiusd start, it switches to the 'radiusd' user
identity (in FC5).
So it is possible that you
Lenir Santiago [EMAIL PROTECTED] wrote:
I've been looking for the past two days all over the web regarding
this subject. Sorry if this question has been posted before. With
rlm_sql im able to store NAS clients on a SQL table. I want to do
the same but with ldap.
It's not possible. If it
Vasea Marii [EMAIL PROTECTED] wrote:
Actually the situation is a little bit more complicated! The route
is send as you said in Access-Accept but because there are more than
one possible route and congestions are possible, when i recieve
account-stop with the cause: route overloaded, i send in
Nataniel Klug [EMAIL PROTECTED] wrote:
I am having a problem: sometimes my freeradius
get a little crazy and close some connections and other times it just
says that the client is still connected and block the client to use
(becouse of max login set to 1) like in this two situatios:
Message: 2Date: Fri, 27 Oct 2006 09:22:39 +0100From: [EMAIL PROTECTED]Subject: Re: FR with AD authentication not working
To: FreeRadius users mailing list freeradius-users@lists.freeradius.orgMessage-ID:
[EMAIL PROTECTED]Content-Type: text/plain; charset=us-asciihi,remove the System
Dear list,
Is there a way to execute a script with the original request
attributes at the time of successul receipt of authentication reply
from a home server when FreeRADIUS is used as a proxy? We require to
execute an auxilary action on successful authentication, but currently
have only found
Thanks for your time Alan, i'll look again upon all this stuff!Alan DeKok [EMAIL PROTECTED] wrote: Vasea Marii <[EMAIL PROTECTED]>wrote: Actually the situation is a little bit more complicated! The route is send as you said in Access-Accept but because there are more than one possible route and
-Original Message- But while using radtest tool with the same logon credentials as above it rejects the user and here is the log message.Please paste the entire debug log. It looks like you missed a few bits
in the cut and paste.
Mike,
Here is the entire debug log. In the users file,
Is there a way to execute a script with the original request
attributes at the time of successul receipt of authentication reply
from a home server when FreeRADIUS is used as a proxy? We require to
execute an auxilary action on successful authentication, but currently
have only found ways to
On 10/27/06, Garber, Neal [EMAIL PROTECTED] wrote:
Is there a way to execute a script with the original request
attributes at the time of successul receipt of authentication reply
from a home server when FreeRADIUS is used as a proxy? We require to
execute an auxilary action on successful
you are saying that it is possible to put the exec module into this
stage?
Well, under the heading I'd rather teach you to fish than give you
a fish, you can determine this by looking at the source. If you
look at the bottom of src/modules/rlm_exec.c, you'll find:
module_t rlm_exec = {
Hi,
I was wondering if there any Swiss based sysadmins or developers
listening; I be interested in a physical meeting (BE,ZH,LS or GE) to
exchange 802.1x experience and ideas. [I speak DE/FR too if that helps]
Thanks in advance,
Sean Boran
[s e a n AT b o r a n. c o m]
-
List
Hi group,
I'm trying to figure out optimal configuration for our radius-proxy
farm. atm the farm is handling about 10-15 req/sec per device with the
following config (two servers, load-balanced using an slb)
thread pool {
start_servers = 20
max_servers = 120
35 matches
Mail list logo