Mariano Morano wrote:
Thanks Jóhann !!
Could you send me the documentation from were you cut it ?
Thanks again
>>> "Jóhann B. Guðmundsson" <[EMAIL PROTECTED]> 11/28/2006 11:22 AM >>>
Mariano Morano wrote:
> Hi all,
> We are working in a RFP and one of the customer's requirement is
that we
Mike Jakubik <[EMAIL PROTECTED]> wrote:
> I have just discovered that the NAS server has its time behind by more
> than 3 hours, is it possible that this can cause problems?
No. Session-Timeout is an offset, not an absolute time.
Alan DeKok.
--
http://deployingradius.com - The web s
On 11/28/2006 04:54 PM, Alan DeKok wrote:
[EMAIL PROTECTED] wrote:
...
> Of course, for the best security the EAP-POTP method is our
> recommended authentication protocol.
I don't suppose you have server code to contribute? :)
The current code wasn't developed for portability, and still has
Alan DeKok wrote:
Also, sometimes i have users who are getting disconnected and can not
reconnect because they are still shown to be online, and i am limiting
the sessions to 1. Again, would this be a problem with the NAS/network
because freeradius is not receiving the stop packet?
Yes
Alan DeKok wrote:
Also, sometimes i have users who are getting disconnected and can not
reconnect because they are still shown to be online, and i am limiting
the sessions to 1. Again, would this be a problem with the NAS/network
because freeradius is not receiving the stop packet?
Yes
Mike Jakubik <[EMAIL PROTECTED]> wrote:
> I am having some problems lately with freeradius 1.1.2 + mysql, and
> users staying online past their session timeout value (4 hours). Can
> anyone shed some light on the matter? I can not find any problems with
> the server itself, the loads are low and
Hello,
I am having some problems lately with freeradius 1.1.2 + mysql, and
users staying online past their session timeout value (4 hours). Can
anyone shed some light on the matter? I can not find any problems with
the server itself, the loads are low and everything seems to be
functioning OK
Thanks Jóhann !!
Could you send me the documentation from were you cut it ?
Thanks again
>>> "Jóhann B. Guðmundsson" <[EMAIL PROTECTED]> 11/28/2006 11:22 AM >>>
Mariano Morano wrote:
> Hi all,
> We are working in a RFP and one of the customer's requirement is that we
> must support EAP-TTLS
Pedro Ribeiro <[EMAIL PROTECTED]> wrote:
> The "Radiator" people are talking about problems with SSL empty
> fragments handing in Windows Vista ...
> I've tried to compile FreeRADIUS with
> SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS but the final result is the same,
> clients can't connect!
i.e. the pat
[EMAIL PROTECTED] wrote:
> If the RSA Authentication Manager, finds that the token is in New Pin
> or Next Tokencode mode, it will issue an Access-Challenge message with
> the Reply-Message attribute explaining the next step.
> The client is expected to display the text, and prompt the user, the
Martin Gadbois <[EMAIL PROTECTED]> wrote:
> Why the "Auth-Type PAP { }" construct? I tried RTFM and RTFC, but I have
> not seen an actual description of why that is there.
It's not strictly necessary, but it doesn't hurt to have it.
Alan DeKok.
--
http://deployingradius.com - The web
> > Could I also do:
> >
> > bob password = "neil", Calling-Station-Id != "0001", Auth-Type :=
> Reject
> >
> > So that both pieces of information have to be present to be authenticated?
>
> No, that would always reject the user. You could do this:
>
> bob Calling-Station-Id != "0001", Au
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
- From a typical radiusd.conf:
authenticate {
Auth-Type PAP {
pap
}
... snip ...
eap
}
Why the "Auth-Type PAP { }" construct? I tried RTFM and RTFC, but I have
not seen an actual description of why that i
On Tuesday 28 November 2006 11:53, Ross McOwat wrote:
> Hi Kevin,
>
> I am running debug with the -X flag - in this instance, I only included
> the output I thought relevant (probably a mistake). Complete output
> from the radius authentication request (with 3 attempts set) is as
> follows:
>
> ra
[EMAIL PROTECTED] wrote:
Quoting Alan DeKok <[EMAIL PROTECTED]>:
And yes, I cover all of this in my
book, which will be done real soon now...
This is the book I am waiting to read. The O'Reilly book is a good primer but
really doesn't get to the meat of what Radius can do.
You can do:
Jóhann B. Guðmundsson wrote:
Is it possible to quarantine a system by placing it in different vlan
by OpenRadius ?
If so can somebody guide me on the steps that can be tried .
The situation is like this :
System already having an IP address , but found to be infected with a
virus-worm.
So it n
I'm sorry,
The other day I said that there is nothing "unusual" about SecurID
RADIUS authentication. I'm so used to EAP, I forgot about the PAP auth
with a SecurID value as a password.
If the RSA Authentication Manager, finds that the token is in New Pin
or Next Tokencode mode, it will issue
"Ross McOwat" <[EMAIL PROTECTED]> wrote:
> rlm_sql (sql): sql_set_user escaped user --> 'ROSStest4'
> radius_xlat: ''
> rlm_sql (sql): Reserving sql socket id: 4
> rlm_sql (sql): SQL query error; rejecting user
It looks like you haven't configured the SQL queries needed by the
server. The "rad
=?ISO-8859-1?Q?Manuel_S=E1nchez_Cuenca?= <[EMAIL PROTECTED]> wrote:
> I can't this link in the wiki. Can you put here the link to the specific
> url in the wiki?
I put the information on the "Linksys" and "Cisco" pages.
Alan DeKok.
--
http://deployingradius.com - The web site of the
Hi Kevin,
I am running debug with the -X flag - in this instance, I only included
the output I thought relevant (probably a mistake). Complete output
from the radius authentication request (with 3 attempts set) is as
follows:
rad_recv: Access-Request packet from host 10.150.19.134:2250, id=0,
le
Hello Alan,
The "Radiator" people are talking about problems with SSL empty
fragments handing in Windows Vista ...
I've tried to compile FreeRADIUS with
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS but the final result is the same,
clients can't connect!
in: http://www.open.com.au/radiator/history.html
> #
On Tuesday 28 November 2006 11:00, Ross McOwat wrote:
> Other tables are empty. Running freeradius in debug mode, the following
> output is given when attempting an authentication request using
> NTRadPing:
That output is very brief for "debug" mode. You are using the -X flag, right?
If not, d
Hello all,
I'm running freeradius-1.0.1-3.RHEL4, and trying to authenticate using
postgresql-7.4.8-1.RHEL4.1. My freeradius daemon loads with no
problems, and everything appears ready-to-go. However I cannot
authenticate against data stored in my Postgres database. My database
is setup as follo
Maurizio Pederneschi wrote:
Hi,
I’m testing Freeradius in order to autenticate squid user trough PAM
module. My architecture is:
SQUID SERVER à PAM_AUTH_RADIUS à FREERADIUS à SQL DB
All work fine but frequently in /var/log/messages I see this message:
*Safesquid: pam_radius_auth: radius se
Hi,
I'm testing Freeradius in order to autenticate squid user trough PAM module.
My architecture is:
SQUID SERVER --> PAM_AUTH_RADIUS --> FREERADIUS --> SQL DB
All work fine but frequently in /var/log/messages I see this message:
Safesquid: pam_radius_auth: radius server 212.80.192.
> I have a question with regard to expiration. I'd like to update the
> expiration to a new date once a user logs in for the first
> time. I've tried to add a query to the sql conf file where
> the radacct table
> gets updated when a user logs in, but I can't seem to add a
> new query that is r
Mariano Morano wrote:
Hi all,
We are working in a RFP and one of the customer's requirement is that we must
support EAP-TTLS with Freeradius integrated with eDirectory as back-end.
We were reading the Novell documentation and at the Novell page, there appears "How
to integrate Novell® eDir
I have a question with regard to expiration. I'd like to update the
expiration to a new date once a user logs in for the first time.
I've tried to add a query to the sql conf file where the radacct table
gets updated when a user logs in, but I can't seem to add a
new query that is recognized, or
> -Message d'origine-
> De :
> [EMAIL PROTECTED]
> radius.org
> [mailto:[EMAIL PROTECTED]
> sts.freeradius.org] De la part de Sean
> Envoyé : mardi 28 novembre 2006 13:22
> À : freeradius-users@lists.freeradius.org
> Objet : Expiration
>
>
> Hi,
>
> Just a quick question. Is expirati
Am Dienstag, 28. November 2006 13:11 schrieb Michael Messner:
> Dev Anand schrieb:
> > Hi All ,
> >
> > Is it possible to quarantine a system by placing it in different vlan
> > by OpenRadius ?
> >
> > If so can somebody guide me on the steps that can be tried .
> >
> > The situation is like this :
Hi,
Just a quick question. Is expiration := Never valid in radcheck? At the
moment I set dates a few years into the future for accounts that I don't
want to expire, but I'm sure that they'll come back to haunt me later.
Regards,
Sean Bracken
-
List info/subscribe/unsubscribe? See http://www.fre
Dev Anand schrieb:
> Hi All ,
>
> Is it possible to quarantine a system by placing it in different vlan
> by OpenRadius ?
>
> If so can somebody guide me on the steps that can be tried .
>
> The situation is like this :
> System already having an IP address , but found to be infected with a
> vi
Hi all,
We are working in a RFP and one of the customer's requirement is that we must
support EAP-TTLS with Freeradius integrated with eDirectory as back-end.
We were reading the Novell documentation and at the Novell page, there appears
"How to integrate Novell® eDirectoryTM 8.7.1 or later
Dev Anand wrote:
Hi All ,
Is it possible to quarantine a system by placing it in different vlan
by OpenRadius ?
If so can somebody guide me on the steps that can be tried .
The situation is like this :
System already having an IP address , but found to be infected with a
virus-worm.
So it need
Am Dienstag, 28. November 2006 11:11 schrieb Dev Anand:
> Hi All ,
>
> Is it possible to quarantine a system by placing it in different vlan
> by OpenRadius ?
>
> If so can somebody guide me on the steps that can be tried .
>
> The situation is like this :
> System already having an IP address , bu
Hi All ,
Is it possible to quarantine a system by placing it in different vlan
by OpenRadius ?
If so can somebody guide me on the steps that can be tried .
The situation is like this :
System already having an IP address , but found to be infected with a
virus-worm.
So it needs to be quarantine
Jóhann B. Guðmundsson wrote:
I was wondering what is the proper way to enable ldap attributes in
radius.conf
for example Ldap-Group
groupmembership_attribute = radiusGroupName
will then other ldap attributes be matched in the same way?
Ldap-Callingstationid
callingstationid_attribute = radi
Quoting Alan DeKok <[EMAIL PROTECTED]>:
> And yes, I cover all of this in my
> book, which will be done real soon now...
This is the book I am waiting to read. The O'Reilly book is a good primer but
really doesn't get to the meat of what Radius can do.
> You can do:
>
> bob Calling-Station
I'm all up for that and I'll add my contribution to the wiki of the AP's
I've encountered.
On 11/25/06, David Mitton <[EMAIL PROTECTED]> wrote:
On 11/23/2006 02:09 PM, Alan DeKok wrote:
>Manuel Sanchez Cuenca wrote:
> > Alan DeKok escribió:
>
> >> Do you have a more specific question?
> >>
>
I was wondering what is the proper way to enable ldap attributes in
radius.conf
for example Ldap-Group
groupmembership_attribute = radiusGroupName
will then other ldap attributes be matched in the same way?
Ldap-Callingstationid
callingstationid_attribute = radiusCallingStationId
Ldap-Realm
Alan DeKok escribió:
David Mitton wrote:
The problem with compiling such a list is acquiring the equipment to test.
Adding up everyone on this list, we can probably account for most
networking equipment sold in the past 10 years. The problem is getting
that information out, and into
41 matches
Mail list logo