I too interested and appreciate if you post the doc in the forum
Thanks and regards
Naveen
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Agent Smith
Sent: Tuesday, January 23, 2007 11:45 AM
To: FreeRadius users mailing list
Subject: Re: a freeradious/wi
Miguel Reategui wrote:
> I believe I found the problem and I will describe it here as it might
> help others
> Looks like for some reason the only access-request that was issued, was
> being resent endlessly:
> The block below would be repeated 192 times (I don't know why) each time
> adding one m
Hey guys,
Is it possible to set the expiration attribute to be of an offset type?
Instead of entering an absolute date is it possible to enter the duration of
which the user will be allowed from the first
time that he logins?
Say I set an offset of +30 days, and the user logins for the first tim
i) How rewrite accounting request to insert certain attribute in order for
billing engine to process futher.??
ii) Tried to set Proxy-To-Realm to force proxy accounting using rlm_perl.. But
failed...
$RAD_REPLY{'Proxy-To-Realm'} = "infranet2";
--haizam-
List info/subscribe/unsubscribe? See
any suggestion on below..
--haizam
- Original Message -
From: "Rohaizam Abu Bakar" <[EMAIL PROTECTED]>
To: "FreeRadius users mailing list"
Sent: Monday, January 22, 2007 2:26 PM
Subject: Proxy accounting after query LDAP
FR: freeradius-1.1.2
OD: FreeBSD 6.0
trying to query LDAP f
Hi Mike and everyone,
In message <[EMAIL PROTECTED]>,
Mike Jakubik <[EMAIL PROTECTED]> writes
Thanks for taking the time to support the port. The only issue i have, and
this may very well not be this ports fault, is that when defined to use
mysql, the port starts before mysql is ready for it, s
Dear Tas,
I am interesting, can you please send the doc to me ?
Thank you.
Tas Dionisakos wrote:
Im in a similar environment, after months of research I have come to
the following solution.
* Apache
* Freeradius
* Chillispot
* Mysql
I have a howto that will help you built a syst
Hi German,
You've already had much wisdom; I'm going to try a comprehensive reply
to the whole problem.
In message <[EMAIL PROTECTED]>, gkalinec
<[EMAIL PROTECTED]> writes
I work for a mid-size private school (about 700-800 people on campus), and
I'm trying to set up a way to limit the use o
You can user attr_rewrite to get the shortname into an item. I used this
when I wanted to get a ldap profile based on shortname. Here is what I
used:
attr_rewrite uprof {
attribute = User-Profile
# may be "packet", "reply", "proxy", "proxy_reply" or
"config"
I am interested. Please post the doc.
Thakns,
--- Tas Dionisakos <[EMAIL PROTECTED]> wrote:
> Im in a similar environment, after months of
> research I have come to the
> following solution.
>
> * Apache
> * Freeradius
> * Chillispot
> * Mysql
>
> I have a howto that will hel
Im in a similar environment, after months of research I have come to the
following solution.
* Apache
* Freeradius
* Chillispot
* Mysql
I have a howto that will help you built a system like this in about half
an hour, email me if you want the doc.
Chillispot provides a captive po
http://wiki.freeradius.org/EAP
-Peter
On Tue 23 Jan 2007 00:06, German Kalinec wrote:
> Therein lies the problem. My potential users are a lot of my students.
> The idea of having to install certificates in 200+ laptops is not really
> feasible. And showing them how to install is an exercise in
On Mon 22 Jan 2007 17:39, Phil Mayers wrote:
> Rafał Kamiński wrote:
> > Oki,
> >
> > I set ippool main {} and what i must set in users to add auth. user IP
> >
> > "rka" Auth-Type := EAP, Pool-Name := "main_ippool"
> > Framed-Route = 192.168.1.245
>
> Read the documentation please.
>
> Don't s
On Wed 17 Jan 2007 18:48, Goke Aruna wrote:
> Hi all,
>
> Can someone share his experiance with me in getting freeradius work with
> quintum CMS ?
Hi Goke
This is your second post to the list, and in both cases you have:
1) Hijacked someone else's thread by replying to an unrelated mail and
c
Quoting "King, Michael" <[EMAIL PROTECTED]>:
> You configure your client to use TTLS or PEAP, and upon connecting to
> the network, they will be prompted to enter username and password. If
> they don't have one, they don't get on. If they do have one, they get
> on.
>
This also solves your probl
Hi List (again),
i forgot to mention that with setting "authhost = localhost:1812" in
proxy.conf the "attr_filter" is processed ...
Regards
Markus
Zitat von Markus Krause <[EMAIL PROTECTED]>:
Hi List,
i am still stuck in the problem on how to overwrite replies from
freeradius to a nas de
On Mon 22 Jan 2007 13:01, Phil Mayers wrote:
> Rafał Kamiński wrote:
> > Hi,
> >
> > Is it works ?
>
> No
>
> > If yes, can somebody tell me how i can do that ?
> >
> > My users is auth. and i want get him some address IP.
>
> FreeRadius contains an ippool module suitable for assigning IPs to
> thi
Without being too subtle, You've mis-understood much of the research
you've read. Don't worry about it, there is quite a bit of
contradictory information out there.
There's quite a bit of background information, so it'll be a little bit
before I mention FreeRADIUS.
First. It's WPA, not WAP. (
On Mon 22 Jan 2007 23:19, Brian Atkins wrote:
> I am working on setting up a wireless hotspot using Chillispot on
> DD-WRT. I have installed Freeradius on a W2K server that runs an Oracle
> database.
I don't believe that "freeradius.net" contains database support of any kind.
You will likely have
Thanks for your reply Alan,
I believe I found the problem and I will describe it here as it might
help others
Looks like for some reason the only access-request that was issued, was
being resent endlessly:
The block below would be repeated 192 times (I don't know why) each time
adding one more Pr
Allen,
Is there anyone in particular I could work with on this? I'd be happy to
contribute my time and development oracle server to the cause.
Brian Dourty
System Administrator - Team Lead
IAT Services
University of Missouri - Columbia
573-882-1035
-Original Message-
From: [EMAIL PROTE
Therein lies the problem. My potential users are a lot of my students.
The idea of having to install certificates in 200+ laptops is not really
feasible. And showing them how to install is an exercise in futility,
since most of our students are not computer savvy enough to do it.
German Kalinec
On 1/22/07, Brian Atkins <[EMAIL PROTECTED]> wrote:
Which I assumed might be able to be trimmed down to:
authorize_check_query = "SELECT barcode,pin FROM ${authcheck_table} \
WHERE barcode = '%{SQL-User-Name}'"
Am I incorrect in this assumption?
Try it and see. =)
--
Jeremy L. Gaddi
On 1/18/07, gkalinec <[EMAIL PROTECTED]> wrote:
places on campus for students and staff to access our network. The person
who set these up (my current boss) simply did a MAC access control list on
each AP and made the students and staff come to him to register their
computers. This was a major
Hi,
Use EAP-TLS, the most secure one. It will automatically give encryption
key to the clients. U have to do onething, install the client certificates
in the beginning in each client machine that will use your wireless and
thats it.
There are other options like EAP-PEAP, LEAP etc
Check out for
I am working on setting up a wireless hotspot using Chillispot on
DD-WRT. I have installed Freeradius on a W2K server that runs an Oracle
database.
After reading the documentation and various howtos, I wanted to see if
someone could offer some pointers on authenticating to Oracle using a
pre-
Hello,
I work for a mid-size private school (about 700-800 people on campus), and
I'm trying to set up a way to limit the use of our wireless to our
students/staff. The main problem that I'm encountering is finding a
solution that will fit our needs. A little background first...
When I first sta
Evan Vittitow wrote:
> I think a large part of my problem is the creation of a Certificate
> authority.
Why? See the various 802.1x howto's (pointed to from freeradius.org &
the wiki) for how to create certificates for the server.
> Its very possible, that said Certificate authority for Radius
Miguel Reategui wrote:
> Greetings Listers,
> On testing a development FreeRadius Server we found out that everything
> is working, except that the Access-Accept comes only on every second
> attempt (!)
And what does the FULL debug log say?
> As we can safely discard all network and database pr
Dourty, Brian R. (IATS) wrote:
> We have configured our radius servers to send accounting information to
> an Oracle database. It works our really well except when the oraclce
> database server isn’t available (I.E. maintenance or cold backups). The
> radius process dies when it loses connectivity
Polyxronopoulos Adreas wrote:
> I looked up but i could'nt find them(root.pem,root.p12...) where
> exactly are stored on the users machine ? The authentication is
> peap-eap/mschapv2.
They're stored wherever you put them.
On Windows, they're in the normal CA authority list. On Linux,
they'r
I think a large part of my problem is the creation of a Certificate
authority.
This will get a little Hypothetical so let me lay a few facts out on the
table.
Mandriva 2007 discontinues CA.sh in favor of CA.pl
Certificates as far as I know, at least the demo certs are in
/etc/pki/tls - not /usr/
Hi Alexandre,
I mean the standard RADIUS attribute Service-Type. I believe some of
the 3Com switches require the attribute to be set to Administrative.
-Vineet
Alexandre Soares wrote:
Hello Vinnet
Thanks for your concern, but your sugest is change in user file the
attribute 3Com-User-A
On Sun, January 21, 2007 7:55 pm, David Wood wrote:
> I'm not saying that I've got everything yet, but I think the port is now
> in good shape. If anyone wants to suggest further changes, or audits the
> port and finds any problems, I'm listening. Patches are particularly
> welcome, of course.
Th
Alan DeKok wrote:
Polyxronopoulos Adreas wrote:
Is it possible for a client-user when he/she tries to connect to the
network over freeradius to read the root certificates of freeradius?
Does the root-certificates stored somewhere on the users machine?
The root certificates are store
I've had similar problems with other AAA-related logging systems where
it was important to have the records, but not necessarily immediately.
My solution was to sent the accounting data to another more easily
supportable resource, like syslog, and then use a system like syslog-ng
to aggregate it a
Jakob Hirsch wrote:
>
> is there an easy/good way to determine the huntgroup depending on the
> the shortname from clients.conf?
They're independent, so the answer is "no, not really".
> We have more than 100 clients
> configured (with a "ProviderLocationCounter" pattern), so the
> information
DESEtech - German P. Santillan wrote:
> But I don´t hace records in radacct Table. What is the problem?
See the FAQ. Is the server receiving accounting packets?
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List
Than you.
So if I understand this correctly, radiusd is not looking for a
directory with checksum'd certificates, just one file with all the
certficates in it?
Our implementation is still in the design phase and is not using LDAP
but we will be testing LDAP at a later date so I will keep your ad
Greetings Listers,
On testing a development FreeRadius Server we found out that everything
is working, except that the Access-Accept comes only on every second
attempt (!)
As we can safely discard all network and database problems, I wonder if
there is a flag that is being set on the first attempt
Hi List,
i am still stuck in the problem on how to overwrite replies from
freeradius to a nas depending on realms (see
http://marc.theaimsgroup.com/?l=freeradius-users&m=116824114228037&w=2
and
http://marc.theaimsgroup.com/?l=freeradius-users&m=116903668505574&w=2) and
trying different
Evan Vittitow wrote:
Here is the result of my first attempt. I added a Pukey-EAP entry in
the LDAP tree but it didn't do much good. And I can't tell whats the
matter with my CA.
You have configured your LDAP tree to contain either the plaintext
password or NT/LM hashes, yes? And configured F
Rafał Kamiński wrote:
Hi,
I set my freeradius with linksys and EAP, and when i use cert. that work
fine. But when i want to use ldap without cert. in logs i see:
rad_recv: Access-Request packet from host 192.168.1.245:3072, id=0,
length=119
User-Name = "rka"
NAS-IP-Address = 192
We have configured our radius servers to send accounting information to
an Oracle database. It works our really well except when the oraclce
database server isn't available (I.E. maintenance or cold backups). The
radius process dies when it loses connectivity to the oracle server. Has
anyone else n
Rafał Kamiński wrote:
Oki,
I set ippool main {} and what i must set in users to add auth. user IP
"rka" Auth-Type := EAP, Pool-Name := "main_ippool"
Framed-Route = 192.168.1.245
Read the documentation please.
Don't set Auth-Type.
Your Pool-Name is wrong.
The Framed-Route is not needed
Hi,
is there an easy/good way to determine the huntgroup depending on the
the shortname from clients.conf? We have more than 100 clients
configured (with a "ProviderLocationCounter" pattern), so the
information is duplicated in the huntgroups file (multiple times, as the
huntgroup is also determin
I actually have my Users DB in MySQL Server and my FreeRADIUS use the
"radcheck" and "radreply" tables to read (SELECT) records, in my
radiusd.conf I have...
authorize {
sql
}
accounting {
sql
}
But I don´t hace records in radacct Table. What is the problem?
Thanks in advance and
Here is the result of my first attempt. I added a Pukey-EAP entry in
the LDAP tree but it didn't do much good. And I can't tell whats the
matter with my CA.
rad_recv: Access-Request packet from host 192.168.0.250:1110, id=8,
length=159
User-Name = "Pukey-EAP"
Cisco-AVPair = "ssid=
Polyxronopoulos Adreas wrote:
> Is it possible for a client-user when he/she tries to connect to the
> network over freeradius to read the root certificates of freeradius?
> Does the root-certificates stored somewhere on the users machine?
The root certificates are stored on the users machine.
Hi!
I trying to set up freeradius not in the "stadnard directory" I would like to
have it installed in the directory specifiedby hand for instance
/home/radius/freeradius
so I run configure in such a way:
./configure --prefix=/home/radius/freeradius
--with-logdir=/home/radius/freeradius/log
--
Hi list ,
Is it possible for a client-user when he/she tries to connect to the
network over freeradius to read the root certificates of freeradius?
Does the root-certificates stored somewhere on the users machine?
thanks
_
Jeffrey Sewell wrote:
> In the eap.conf, tls section, the comments say to use the 'CA_path'
> variable in the radiusd.conf file to indicate where the trusted CA
> chain will reside. However, this variable isn't in the tls section of
> the radiusd.conf file (it is in the LDAP section, but I'm pretty
Oki,
I set ippool main {} and what i must set in users to add auth. user IP
"rka" Auth-Type := EAP, Pool-Name := "main_ippool"
Framed-Route = 192.168.1.245
Is it correct ??
--
Rafal Kaminski
http://blstream.com
email: [EMAIL PROTECTED]
jid: [EMAIL PROTECTED]
-
List info/subscribe/unsub
Miika Räisänen wrote:
> Ok, patch applied and heres log files:
The patch hasn't helped (that's expected), but I think I now have more
information about how to fix the problem. I'll try to come up with a
patch that should fix the problem.
Alan DeKok.
--
http://deployingradius.com - Th
Hi,
I set my freeradius with linksys and EAP, and when i use cert. that work
fine. But when i want to use ldap without cert. in logs i see:
rad_recv: Access-Request packet from host 192.168.1.245:3072, id=0,
length=119
User-Name = "rka"
NAS-IP-Address = 192.168.1.245
Calle
Dear all
Here I am shareing my Knowledge. for freeradius users. i have
done freeradius-1.1.4 with mysql with cisco VPDN configuration as well as i
have configuraed per user base bandwidth configuration and simultanious user
login configuration i have sharing my configuration f
Ana Gallardo Gómez wrote:
Hello!
I want to use Freeradius as a proxy Radius server, and I think that my
Freeradius don´t have to do authorize and authenticate: my Freeradius
have to proccess request with realm "@unex.es", the others request have
to be proxyed. My configuration is:
radiusd.c
Rafał Kamiński wrote:
Hi,
Is it works ?
No
If yes, can somebody tell me how i can do that ?
My users is auth. and i want get him some address IP.
FreeRadius contains an ippool module suitable for assigning IPs to
things like dialup links.
Things like wireless/802.1x use DHCP, which Fr
On Mon 22 Jan 2007 12:13, Rafał Kamiński wrote:
> Hi,
>
> Is it works ?
>
> If yes, can somebody tell me how i can do that ?
>
> My users is auth. and i want get him some address IP.
http://wiki.freeradius.org/DHCP
--
Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/pub
Hello!I want to use Freeradius as a proxy Radius server, and I think that my
Freeradius don´t have to do authorize and authenticate: my Freeradius have to
proccess request with realm "@unex.es", the others request have to be proxyed.
My configuration is:radiusd.conf:
authorize {
preprocess
Hi,
Is it works ?
If yes, can somebody tell me how i can do that ?
My users is auth. and i want get him some address IP.
BR
--
Rafal Kaminski
http://blstream.com
email: [EMAIL PROTECTED]
jid: [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I cleaned the auth-type in users file.
Everything is OK now on freeradius side. My second problem is the NAS
sending a null port. That's not a freeradius problem.
Thanks
Dom
LALOT Dominique a écrit :
Sorry,
I didn't see your answer. I just got it via the archives.
I explain a little bit mor
I've tried to run from preacct instead of in acounting inside rlm_perl and
set Proxy-To-Realm = but still accounting not been proxied...
##
ii) radiusd.conf
perl y5perl {
module = /usr/local/etc/raddb/y5perl.pl
}
preacct {
.
y5perl
files
}
i) y5per
Sorry,
I didn't see your answer. I just got it via the archives.
I explain a little bit more. We are using freeradius for VPN access,
which can be done using PPTP or IPSEC
PPTP is done using mschap
IPSEC is done using a shared group secret, then a classic ldap user bind
to check the identity.
Dear all
I have freeradius setup with cisco vpdn with mysql. i am useing
cisco-avpair attributes for rate-limit to my user traffic it is working fine
with /etc/raddb/user file but when i put this attribites in mysql databases it
is not working so now i need help to implement thi
On 1/19/07, Alan DeKok <[EMAIL PROTECTED]> wrote:
Miika Räisänen wrote:
> Heres coredump gdb logfile
> http://cc.oulu.fi/~mraisane/tmp/gdb-radiusd.log
Well, that's pretty clear:
#0 0x00e97899 in cbtls_verify (ok=1, ctx=0xbff1e330) at rlm_eap_tls.c:257
...
handler = (EAP_HANDLER *) 0x
66 matches
Mail list logo