And how exactly would I do all of that? I know how to set the AuthType
to nt-pap, but am not sure exactly what to do with the other two.
-Eric
Alan DeKok wrote:
Eric Faden <[EMAIL PROTECTED]> wrote:
Alright. I unset all of the Auth-Types in users and it is getting
closer, but not there y
> Andrew Long <[EMAIL PROTECTED]> wrote:
>> I need to boot users at one property after a specified time period.
>> We have adjusted the "max-daily-session" to "1800" (30 minutes),
>> but users still seem to be staying on. Can someone point me in the
>> right direction. The NAS is a Colubris cn3000.
Andrew Long wrote:
I need to boot users at one property after a specified time period.
We have adjusted the "max-daily-session" to "1800" (30 minutes),
but users still seem to be staying on. Can someone point me in the
right direction. The NAS is a Colubris cn3000.
The other attribute we have th
Alexander Serkin <[EMAIL PROTECTED]> wrote:
> We have strange behaviour on sparc solaris 10 server with fr-1.1.3
> installed:
> without any visible reason the radiusd process goes to almost 100% CPU
> usage for 3-5 minutes. Then it comes back to normal state again (less
> than 1% CPU).
Yuck.
Eric Faden <[EMAIL PROTECTED]> wrote:
> Alright. I unset all of the Auth-Types in users and it is getting
> closer, but not there yet. Here is the new output. It is getting the
> correct NT-Passwords, but doesn't actually seem to test them.
Because Auth-Type is Local, not PAP. The CVS head
"Angel L. Mateo" <[EMAIL PROTECTED]> wrote:
> But now I want to send all the logs for requests from a group of
> clients (defined as a huntgroup) to the same files, and the request for
> all other clients as now (classified with the IP address of the client).
> Is there any way to redefine th
"Mike May" <[EMAIL PROTECTED]> wrote:
> After the authn I set some authz like Cisco-AVPair =
> "priv-lvl=15" used by Cisco routers and switches for network engineers who
> live in the proper LDAP group, here is where the problem is. PIX firewalls
> do not like me setting the priv lvl, and the reas
Andrew Long <[EMAIL PROTECTED]> wrote:
> I need to boot users at one property after a specified time period.
> We have adjusted the "max-daily-session" to "1800" (30 minutes),
> but users still seem to be staying on. Can someone point me in the
> right direction. The NAS is a Colubris cn3000.
Wh
basile <[EMAIL PROTECTED]> wrote:
> is it possible to have multiple password header definition in an ldap
> section
> ( because we have differents encryption in our ldap directory )
Yes, but it's awkward. The CVS head has better support for this.
Alan DeKok.
--
http://deployingradius.com
Eric Martell <[EMAIL PROTECTED]> wrote:
> Thanks so much Neal. You got it 95% right. The problem
> is FreeRadius always authorize first (no matter what
> the order in radiusd.conf) and then authenticate.
Yes, that's how the server works.
> (This authorize should break the sequence and
> ret
"Peter Param" <[EMAIL PROTECTED]> wrote:
> I've got Cisco-AVPair for an ldap.attrmap entry and it works ...but
> unfortunately only for the first occurence of that attribute from the
> LDAP schema (it will pick the first in the schema). How do I map and
> return four Cisco-AVPair entries? Is the
hey,
I've got Cisco-AVPair for an ldap.attrmap entry and it works ...but
unfortunately only for the first occurence of that attribute from the
LDAP schema (it will pick the first in the schema). How do I map and
return four Cisco-AVPair entries? Is there a particular multiline
separator that I
Thanks so much Neal. You got it 95% right. The problem
is FreeRadius always authorize first (no matter what
the order in radiusd.conf) and then authenticate.
authorize {
.
.
.
ldap2
}
authenticate {
.
.
.
ldap1
}
So if the user fails in ld
> If(authentication in ldap1 success) {
Use ldap1 in the authenticate stage of radiusd.conf
> if(productCode attribute exists in ldap2 success) {
Use ldap2 in the authorize stage of radiusd.conf
Authorize is performed first in FreeRadius (you show authenticate
First), but it shouldn't mat
Nicolas Baradakis <[EMAIL PROTECTED]> wrote:
> You could build a Debian package from sources. The
> wiki explains how
> to do that.
>
> http://wiki.freeradius.org/Build
OK, I will do that. Thanks for the advice. Will I
need to do anything with OpenSSL.
-
List info/subscribe/unsubscribe? Se
= 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 10.10.200.3:1650, id=36, length=83
User-Name = ""
Acct-Session-Id = "&q
Hi...
I need to do multiple ldap lookups (2).. The
purpose of both the ldaps are different so it does not
abide with configurable_failover scenario in a way.
ldap1.
This ldap is solely used for authentication for
given user.
ldap2.
This ldap is solely used for checking ldap attribute
ex.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hey Michael,
King, Michael schrieb:
> I'm Interpreting your question a little
>
> Please correct the question if I've got it wrong.
>
> You want to user's to be able to have network connectivity at the logon
> prompt, so they're username/passwor
Thank you
As it turns out , there were a couple of little things wrong with the
radius set up - SSL being the worst,
but the chillispot wasn't set up correctly - and I assumed that it was
cause it worked for the other server.
That's what I get for assuming...so now I am doing a little bit of
Eric Faden wrote:
>>users: Matched entry DEFAULT at line 152
>> rad_check_password: Found Auth-Type System
>> auth: type "System"
>> ERROR: Unknown value specified for Auth-Type. Cannot perform
That error seems pretty telling. Don't set the Auth-Type. If you
didn't do it in LDAP, check
Chad Best <[EMAIL PROTECTED]> wrote:
> OpenSSL and Freeradius have both been installed with
> the Synaptic package manager. Is there anything
> else
> I can do? Any help would be greatly appreciated.
See the wiki. Debian is covered there.
Alan DeKok.
--
http://deployingradius.com
Chad Best wrote:
> OpenSSL and Freeradius have both been installed with
> the Synaptic package manager. Is there anything
> else
> I can do? Any help would be greatly appreciated.
You could build a Debian package from sources. The wiki explains how
to do that.
http://wiki.freeradius.org/Bu
Hello,
i have a problem with chained ca certificats and eap/tls.
my former setup was with simple selfsigned certificates and everything
went perfect,
but now i have to change the setup for the certificates to a third party ca,
they use a root ca and a signing ca signed by the root ca,
this subca
"Mike May"
<[EMAIL PROTECTED]> wrote:
> Hello everyone, is it
possible to have NAS entries for a subnet, if so
> could someone give me
an example
raddb/clients.conf
Alan DeKok.
--
http://deployingradius.com
- The web site of the book
http://deployingra
Alan DeKok <[EMAIL PROTECTED]> wrote:
> The TLS module wasn't built because you don't
> have
> OpenSSL
> installed. (Or you're running debian). Install
> OpenSSL, then
> re-build and re-install the server.
Thanks Alan. You are right, I am running
Debian(Ubuntu). I checked and OpenS
I need to boot users at one property after a specified time period.
We have adjusted the "max-daily-session" to "1800" (30 minutes),
but users still seem to be staying on. Can someone point me in the
right direction. The NAS is a Colubris cn3000.
The other attribute we have that may apply is "max-
-Original Message-
> Date: Tue, 7 Nov 2006 11:37:49 +0100 (CET)
> From: "Michael Messner" <[EMAIL PROTECTED]>
> Subject: freeRADIUS on Solaris 10 - x86
> To:
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset=iso-8859-1
>
> hey freeRADIUS users,
>
> now it looks much
On Tue, Nov 07, 2006 at 08:57:43AM +, Cameron Cowie said:
> Why does the /var/run/freeradius directory disapear after a reboot? Am I
> missing something here?
Ubuntu does this.
> Am I writing to the right group is this a Freeradius issue or and Ubuntu
> issue, and if it is a ubuntu issue sh
are your
>
> I think that I need the ldap module für the active directory request,
do I
> also need the krb5 module?
>
are you trying to do ad authentication?
if so you don't need ldap module, i needed: winbind,
samba, krb5.conf(don't know to which package it belongs),auth_ntlm(again
don't know
I am beginning in Radius. Somebody possesss one how you to install
freeradius and ldap.
Thanks,
Dagoberto Carvalio Junior
--
Dagoberto Carvalio Junior - CCNA/CCAI/FCPF/FCPM/SCS
Analista de Sistemas
Instituto de Ciencias Matematicas e
hey freeRADIUS users,
now it looks much better:
configure: WARNING: silently not building rlm_counter.
configure: WARNING: FAILURE: rlm_counter requires: libgdbm.
configure: WARNING: silently not building rlm_ippool.
configure: WARNING: FAILURE: rlm_ippool requires: libgdbm.
configure: WARNING
hi
is it possible to have multiple password header definition in an ldap
section
( because we have differents encryption in our ldap directory )
thanks
basile
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi all:
Still havening some issues running free radius on Ubuntu.
[EMAIL PROTECTED]:/sbin# free radius -v
free radius: free radius Version 1.0.2, for host , built on Aug 6 2006
at 20:11:24
Copyright (C) 2000-2003 The free radius server project.
Now I understand that I have to do the following
33 matches
Mail list logo