Not only would FreeRADIUS have to support the required EAP methods,
Thats a given, and will happen as/when FreeRADIUS developers are interested,
need it themselves, are sponsored by someone else who does, or an outsider
donates the appropriate code.
but new dictionary files would have to be
Ramon Barquier wrote:
We see the 'negotiation' messages, but no sign of Success at the end
(neither Wireless connection, of course).
The client stops talking to the server. This is in the FAQ. Read it.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
Brian Atkins wrote:
OK, so I pulled down the tarball for 1.1.4 from the site and I am in the
process of compiling it on Cygwin. Now I am getting an entirely
different error:
In file included from sql_oracle.c:28:
/home/Administrator/freeradius-1.1.4/src/include/radiusd.h:11:22:
Dan Mahoney, System Admin wrote:
My second question is, now that I've got a list of all my NASes in
SQL, has anyone written (or added to beta or something similar) code to do
*those* via SQL? Specifically we already have all our network devices
(and shared secrets) in a SQL database
Peter Micunek wrote:
So I have to design a Accounting FreeRADIUS server which will store the
RADIUS acconting with IP and MSISDN to OpenLDAP.
That's not good. LDAP isn't really designed for large volumes of
writes. I would suggest using an SQL database.
Alan DeKok.
--
Peter Micunek wrote:
A problem is that this proxy know IP address of customer instead of
MSISDN and unfortunately cannot use a RADIUS to
obtain the MSISDN from another source. This proxy is able to use only
the LDAP request with IP of customer and then
FreeRadius can't write to (account to)
Thanks, Alan.
But I have lots of problems.
First, what is difference between challenge-response and chap?In my opinion,
challenge-response is a authentication mechanism and flow while chap is a
method to hide and transport user' password. In challenge-response, the
random challenge is produced by
We are currently using FreeRADIUS 1.1.2 since a lot of months (with a
custom module to retrieve and record data from/to our database and
perform custom things).
Now we have to check every authentication against TWO different
passwords (it's OK if ONE is matched). Something like setting two
yao guoxian wrote:
Second,suppose we have enabled the NAS(client) and Freeradius to support
our specified attribute My-Aes-Password , how to write the new module
to handle the attribute?
See the examples the documentation. What about them is unclear?
Third , how to enable Freeradius
Federico Giannici wrote:
Now we have to check every authentication against TWO different
passwords (it's OK if ONE is matched). Something like setting two
different and alternative User-Password attributes...
Sort of. See doc/configurable_failover.
Alan DeKok.
--
Alan DeKok wrote:
Federico Giannici wrote:
Now we have to check every authentication against TWO different
passwords (it's OK if ONE is matched). Something like setting two
different and alternative User-Password attributes...
Sort of. See doc/configurable_failover.
I read it, but I'm
The proxy cannot speak to an SQL server.
Do you know some LDAP-SQL proxy which listen on LDAP server port and
convert LDAP request to SQL and vice versa.
Also, I am considering to use:
NAS --- FreeRADIUS (rlm_sql_mysql) --- MySQL DB --- OpenLDAP with
slapd-sql --- LDAP client
what do
if all else fails, try using rlm_perl to do the authentication (or maybe,
compare the password against both elements in the database, then 'rewrite'
it as the first if it matches, so rlm_sql recognises it properly. This, of
course, is a bit of a hack (but if it works every time and is less
Peter Micunek wrote:
The proxy cannot speak to an SQL server.
Why not?
Do you know some LDAP-SQL proxy which listen on LDAP server port and
convert LDAP request to SQL and vice versa.
Huh? In one word: No.
Also, I am considering to use:
NAS --- FreeRADIUS (rlm_sql_mysql)
I have just upgraded from 1.1.2. to 1.1.4.
Now I tried to convert my custom authorization module to use the
Cleartext-Password attribute instead of User-Password (my passwords
are in clear-text).
I simply replaced the following command at the end of the authorization
routine of my module:
Jan Mulders wrote:
if all else fails, try using rlm_perl to do the authentication (or
maybe, compare the password against both elements in the database, then
'rewrite' it as the first if it matches, so rlm_sql recognises it
properly. This, of course, is a bit of a hack (but if it works
Peter Micunek wrote:
The proxy cannot speak to an SQL server.
Then it's very poor software, and my advice would be to look elsewhere.
Do you know some LDAP-SQL proxy which listen on LDAP server port and
convert LDAP request to SQL and vice versa.
OpenLDAP will do this, but it's not
Where you put it all depends on your local configuration. If you put
it in the users file, it might look something like this:
DEFAULT Calling-Station-Id =~ ^(00-0D-93-|00-03-93-|00-05-02-),
Proxy-To-Realm := ReamToProxyTo
--Mike
On Feb 2, 2007, at 7:47 PM, King, Michael wrote:
radrelay copies accounting packets, not authentication packets. In
FreeRADIUS, the Login OK message appears in radius.log
ONLY when the
server sends an Access-Accept.
In any case, the radius.log file is informative, not
definitive. If
you're using it for any purpose other
Dear All,
I need your help to configure FreeRadius to rewrite the User-Name
attribute in Accounting-Request.
my setup as follow; please correct me if i had a mistake,
i'm using Freeradius to do a proxy to another radius server. we are
using one username (wanadoo) as a default username for our
John Brittain wrote:
It's being used for incorrect logins and other information, and we had a
web page that pierced that file when a customer called with a problem.
Now, we have to look at both files to see the errors/information.
Having a web server parse (or even have read access to) the
Federico Giannici wrote:
I have just upgraded from 1.1.2. to 1.1.4.
Now I tried to convert my custom authorization module to use the
Cleartext-Password attribute instead of User-Password (my passwords
are in clear-text).
...
But the daemon started to give Login incorrect errors (with no
Ashraf Al-Basti wrote:
...
in the freeradius server we replace the username with a new one which is
the same as the password, so we are using pre-proxy to call attr_rewrite
that will replace the username with the new one. As an authintecation
process every thing goes will, but for the
Thanks Alan..
But do have any idea to work around that?
Alan DeKok wrote:
Ashraf Al-Basti wrote:
...
in the freeradius server we replace the username with a new one which is
the same as the password, so we are using pre-proxy to call attr_rewrite
that will replace the username with the
24 matches
Mail list logo