Hello everyone,
I work for a mobile operator and we have a product (something like proxy)
which is able to do so-called "Header Enrichment".
A "mobile customer" who is connected over this proxy will have enriched his
http header with phone number (MSISDN).
A problem is that this proxy know IP ad
> -Original Message-
> following would work just as well and be much more readable:
>
> Calling-Station-Id =~ "^(00-0D-93-|00-03-93-|00-05-02-)"
>
I was just concerned with a partial match I wasn't expecting.
E.g. XX-XX-00-0D-93-XX
> And as to where it goes, anywhere a check expres
Hey all,
Two questions, related to SQL...
1:
I recently became enamored by the power of SQL, and while I find no easy
way through SQL to do multiple check-items easily in a logical
fall-throughable order.
I.e. through SQL how would one do (for an entry level tech):
Jeremy nas-ip-address="the
Evan Vittitow wrote:
>>
>>
> The thing is, method number 1 (EAP-TLS) makes more sense for my laptops.
> Method number 2 (EAP-PEAP) makes more sense for guest laptops that are
> not mine.
>
> The FreeRadius CA wrapper scripts did not work for my distro, so I'm
> having to run CA.pl and the vario
You don't *really* need to match the whole string. The following
would work just as well and be much more readable:
Calling-Station-Id =~ "^(00-0D-93-|00-03-93-|00-05-02-)"
And as to where it goes, anywhere a check expression goes: users
file, SQL radcheck table, etc. As long as the server
Phil Mayers wrote:
> Evan Vittitow wrote:
>
>> Let me re-phrase, as I think I'm not quite making sense.
>>
>> openssl req -new -keyout kurama.pem -out kurama.pem -days 730
>> openssl x509 -in kurama.pem -out kurama.crt
>>
>> openssl req -new -keyout altanis.pem -out altanis.pem -days 730
>> open
I'd like to proxy user's off to a different RADIUS server based on
they're MAC address.
Currently, my NAS reports MAC address as Calling-Station-Id =
"00-0D-93-EA-89-06"
I'd like any user that has a MAC starting with 00-0D-93 (and about 8
more MAC's) to be proxied off to another Radius server.
On 2/2/07, Jeffrey Sewell <[EMAIL PROTECTED]> wrote:
> >
> > > (2). How does FreeRADIUS support WiMAX?
> >
> > No idea. What does the server have to do in order to support WiMAX?
> > Please be specific. :)
> >
>
> So far (since WiMAX isn't fully defined yet) all it has to do is
> support EAP
If you want to use Debian, that's fine.
If you want to use Debian with EAP (typically used in Wireless
deployments) you will have to create your own package. (License
restrictions prevent the redistribution of OpenSSL)
This is easy enough
http://wiki.freeradius.org/Build#Building_Debian_packag
I am having a hard time getting FreeRadius to log the FramedIPAddress in my
MySQL database. This worked perfectly when I was using ICRadius, but quit
when I upgraded (migrated) to FreeRadius over a year ago.
Anyone now what I need to look at to enable this once agin?
Thanks,
Scott
-
List info/
I did a disk based install of opensuse 10.2 first and was very
disappointed with the install process. To much confusion and disk
swapping. And just why did I need to download 5 disk when it only used 3
for the install?
Debian install was a pleasure. Updating and installing packages seams a
bit ease
OK, so I pulled down the tarball for 1.1.4 from the site and I am in the
process of compiling it on Cygwin. Now I am getting an entirely
different error:
/home/Administrator/freeradius-1.1.4/libtool --mode=compile gcc -g -O2
-D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG
>
> > (2). How does FreeRADIUS support WiMAX?
>
> No idea. What does the server have to do in order to support WiMAX?
> Please be specific. :)
>
So far (since WiMAX isn't fully defined yet) all it has to do is
support EAP-TLS and EAP-TTLS. EAP-AKA is on the list for WiMAX and
will probably
> Alan,
>
> Thanks for your response.
>
> We have tried to configure ttls as you suggested in your mail.
> Unfortunately we have not succeeded.
>
> To make things easier, we have tried to set up a completely new
> configuration, with just one local user called test. Our Windows XP
> client i
we see a request.
rad_recv: Access-Request packet from host 10.0.1.15 port 1027, id=0, length=169
Message-Authenticator = 0x684003590372513db1c8c0172cce4e24
Service-Type = Framed-User
User-Name = "test"
Framed-MTU = 1488
Called-Station-Id = "00-12-CF-1A-15-80:Eduroam"
Calli
On Fri 02 Feb 2007 16:44, Stephen Baker wrote:
> I have to set up a Freeradius server ASAP (in less then a week.)
> I have a basic install of Debian running (using the term loosely.) But
> then there is this ubuntu 6.10 install CD on my desk calling my name. As
> a total newbie to Linux what is the
I'll take another look a little later to see if there's something
else you have to do. It's been a while since I did this.
--Mike
On Feb 2, 2007, at 9:00 AM, King, Michael wrote:
>
>
>> -Original Message-
>> On your Mac (as root), create the
>> directory /var/log/ eapolclient, then re
> -Original Message-
>
> So if 1.1.3 works, and 1.1.4 doesn't, that's the issue.
Anyone got 1.1.4 and Mac authenticating?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> -Original Message-
> On your Mac (as root), create the
> directory /var/log/ eapolclient, then retry your
> authentication. The EAP client is OS X should write out
> debugging information for the EAP session into that directory
> and should give you a better idea of why its haltin
I have to set up a Freeradius server ASAP (in less then a week.)
I have a basic install of Debian running (using the term loosely.) But
then there is this ubuntu 6.10 install CD on my desk calling my name. As
a total newbie to Linux what is the best OS flavor to use for
Freeradius?
Then what is th
Hi,
> Does the radiusd server listen on IPv6 address by default?How to use the
> radclient in Ipv6 ?
no. cannot do ipv4 and ipv6 at same time on same port etc. simply uncomment
the correct line in radiusd.conf
ipv6addr = ::
(fixed in recent CVS)
for radclient add the '-6' argumentbut have
Note was sent to list (freeradius-users@lists.freeradius.org) by
mistake intended to send to daemon
([EMAIL PROTECTED])
Thanks to
1. Re: help (Gaddis, Jeremy L.)
3. Re: help (Peter Nixon)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> Hi Guys,
>
> Currently i am using cistron radius
This is the FreeRADIUS list; you might have more luck at the Cistron
list :-)
Josh.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>> I want to use two ippools. That's no problem of course. But which IP
>>> pool
>>> to assign I can decide only in Exec-Program-Wait script. Now I have the
>>> following lines in users file:
>>>
>>> DEFAULT Auth-Type := Accept
>>>Exec-Program-Wait = "/etc/raddb/authclient"
>>>
>>> authclien
Hi Guys,
Currently i am using cistron radius with the following configuration for user
test Auth-Type = Local, Password = "test"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 1.2.3.3,
Cisco-AVPair = "ip:route= 1.2.3.4 255.255.255.
Hello,
I can't get this scenario to work:
On one NAS I need to set for all users which are proxied to be
switched into particular VLAN except list of my local users who have
to have VLAN ID blank.
I tried below minimalistic testing configuration but no user have
assigned the VLAN id.
huntgroup:
> If you choose to use EAP-PEAP/MS-CHAPv2 you need 4 items:
>
> 1. A server certificate, signed by a Cert Authority "serverCA"
...not forgetting the relevant OID extensions peculiar to EAP-PEAP :-)
Josh.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mindaugas wrote:
>> I want to use two ippools. That's no problem of course. But which IP pool
>> to assign I can decide only in Exec-Program-Wait script. Now I have the
>> following lines in users file:
>>
>> DEFAULT Auth-Type := Accept
>>Exec-Program-Wait = "/etc/raddb/authclient"
>>
>> authc
Evan Vittitow wrote:
> Let me re-phrase, as I think I'm not quite making sense.
>
> openssl req -new -keyout kurama.pem -out kurama.pem -days 730
> openssl x509 -in kurama.pem -out kurama.crt
>
> openssl req -new -keyout altanis.pem -out altanis.pem -days 730
> openssl x509 -in altanis.pem -out a
got you, mate
I was a kind of confused by
authenticate {
Auth-Type MS-CHAP {
mschap
}
Looking at this makes things more clear.
modules {
mschap {
authtype = MS-CHAP
Still, "Failover" is a kind of inconsistent/incomplete without pointing
> I want to use two ippools. That's no problem of course. But which IP pool
> to assign I can decide only in Exec-Program-Wait script. Now I have the
> following lines in users file:
>
> DEFAULT Auth-Type := Accept
>Exec-Program-Wait = "/etc/raddb/authclient"
>
> authclient script checks text
31 matches
Mail list logo
