Dear guys
I have faceing some problem when i installed latest version of
freeradius on RHEL and i start radiusd process after few min my radiusd process
die and killed so why this happend and what is the best option to start radiusd
???
#radiusd --help <-- how to start radi
Dear
I got ans what to do with cisco router if u want to start
PoD packet of disconnect basicaly it is IOS security feature so defult stop of
disable so u have to start it with
#aaa pod server command
more document on this site :
http://www.cisco.com/univercd/cc/td/do
On 3/1/2007, "Andrew D" <[EMAIL PROTECTED]> wrote:
>> how and where to get the structure file ?
>>
>
>Try looking in /usr/local/share/doc/freeradius/examples/
>docs for freeradius are in /usr/local/share/doc/freeradius/
>
Thx Andrew.. I found it at /usr/local/share/doc/freeradius/examples/
Next qu
I've figured out the solution to my own problem...
For the benefit of all, if i understand correctly, when the Windows port
of FreeRadius runs, all the folders created are owned by the system
process, and since it is created in 0666 mode, nobody can delete the
files created within.
To remove t
PD wrote:
> Dear all,
>
> I just do a fresh installation of FBSD 6.2 and FR 1.1.4
>
> According to http://www.chillispot.org/forum/viewtopic.php?t=37...
> --
> We still need to add a structure of database which FreeRadius is going to
> use. In folder
> /usr/src/freeradius-1.0.0-pre3/src/m
Dear all,
I just do a fresh installation of FBSD 6.2 and FR 1.1.4
According to http://www.chillispot.org/forum/viewtopic.php?t=37...
--
We still need to add a structure of database which FreeRadius is going to
use. In folder
/usr/src/freeradius-1.0.0-pre3/src/modules/rlm_sql/drivers/rlm_s
Alan DeKok-4 wrote:
>
>> Also, is there a C function included in the libraries that will allow me
>> to
>> convert a hex string to binary? I'm worried I might get stuck in ASCII ->
>> HEX -> BINARY conversions.
>
> Yes. see "bin2hex" and "hex2bin". See also rlm_pap in 1.1.4, which
> does a
Walt Reynolds wrote:
> Hello,
>
> I have freeradius 1.1.2 set up to listen on both ports 1812/1813 and
> 1645/1646. This is simply to separate user and admin login. What I
> would like to do is to add logging based on the port. I could add
> %{NAS-Port-Type} to the Detail such as:
>
> deta
Hello,
I have freeradius 1.1.2 set up to listen on both ports 1812/1813 and
1645/1646. This is simply to separate user and admin login. What I
would like to do is to add logging based on the port. I could add
%{NAS-Port-Type} to the Detail such as:
detailfile = ${radacctdir}/%{NAS-Port-Ty
To kick a user of the Cisco router use:
clear intreface virtual-access number
You can see which number with:
show users
As far as I know Dialup Admin doesn't work with MSSQL, only MySQL and
PostgreSQL.
Ivan Kalik
Kalik Informatika ISP
http://www.kalik.co.yu
Dana 28/2/2007, "satish patel" <[E
On Wednesday 28 February 2007 10:40, satish patel wrote:
> Dear all
>
> I have installed freeradius on RHEL with MSSQL server and it
> is working fine but now i have facing problem regarding disconnecting of
> users my NAS is cisco Router it is l2tp so what i do for this ??? problem
>
satish patel wrote:
> Dear all
>
> I have installed freeradius on RHEL with MSSQL server and
> it is working fine but now i have facing problem regarding disconnecting
> of users my NAS is cisco Router it is l2tp so what i do for this ???
> problem ??
>
You have to do it at the
i try with a user in the users file : same probleme
[EMAIL PROTECTED] and [EMAIL PROTECTED] dont work ( proxy a request with
user-name = anonymous )
[EMAIL PROTECTED] and [EMAIL PROTECTED] works
i have two differents versions of freeradius on the two server
> hi
> i try to proxy eap-ttls request
Alan DeKok-4 wrote:
>
> ChristosH wrote:
>> It's a VALUE_PAIR type, so could I check and modify the password->length
>> and
>> password->strvalue in that function?
>
> Huh? Why? Do it elsewhere.
>
Well, that's part of my issue; where's the best place to check the password
and convert it
It is possible with a huntgroups like:
gear NAS-IP-Address > IPaddress1 , NAS-IP-Address < IPaddress2
Group == admin
But I would assign admin group it's address pool and then restict access
with access control lists. That should be the job for the firewall.
Ivan Kalik
Kalik Infor
hi
i try to proxy eap-ttls request from a freeradius server to another
i use outer identity [EMAIL PROTECTED] and username [EMAIL PROTECTED]
first server proxy to the second a request with anonymous as username
so it don t work
if i use outer identity [EMAIL PROTECTED] ( anoterdomain is local
to
Dear all
I have installed freeradius on RHEL with MSSQL server and it is
working fine but now i have facing problem regarding disconnecting of users my
NAS is cisco Router it is l2tp so what i do for this ??? problem ??
and i want to connect my dialupadmin with mssql ??
Is it possible to specify a range of IP addresses in a huntgroups file?
What I am trying to accomplish is:
1) AAA authentication to our Cisco devices using radius
2) Only allow people in a specific group to access the devices
3) Reject everyone else.
I am using the following:
huntgroups:
---
Hi List,
I want to accomplish following task with freeradius:
Users have two possibilities to authenticate
1. Authentication via username ldap password
2. Authentication via username mini Token
What would be a possible solution?
Do the normal authentication with username and password against ldap
Hi!
I'm trying to configure freeradius with rlm_krb5 using mini howto from Enrik
Berkhan http://archives.free.net.ph/message/20060104.153134.68c5be76.en.html
, but i have some troubles.
when i type
radtest [EMAIL PROTECTED] userpass localhost 10 testing123
i got:
Sending Access-R
Hi!
How can I configure radius to always check the group table for a user without
utilizing the Fall-Through parameter in the radreply table for a particular
user??
I tried to use read_groups=yes in the sql.conf but it didn't help.
Thanks in advanced
-tomasz
-
List info/subscribe/unsubscrib
Hi,
[EMAIL PROTECTED] wrote:
> Oh, by the way, may be this is a little off-topic but can I authenticate
> windows xp users through peap without using a certificate?
you COULD decide not to trust or check any certificate. nasty though.
Radius says peap needs tls for windows xp authenticatio
Josh Shamir wrote:
> Now I need that the Supplicants can do "roaming" between the Access Points.
> The IEEE 802.1X asserts that can be used two mechanisms to obtain roaming :
>
> - PMK Caching
> - Pre Authentication
>
> I would to know how I could implement this mechanisms in my system. Are
> req
Hello,
I'm using FreeRADIUS with Coova Chilli in proxy mode with IEEE
802.1Xauthentication (PEAP auth. method to be more specific).
In my network there are 6 Access Point that use TKIP as security protocol.
Now I need that the Supplicants can do "roaming" between the Access Points.
The IEEE 802.1X
Victor wrote:
> proxy.conf:
>
> post_proxy_authorize = yes
In the CVS head you can use postproxy_users file, which is a much
better solution.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/uns
Matt Ashfield wrote:
> Based on the WIKI FAQ, I found:
> The following entry denies access to a group of users. The same restrictions
> as above on location in the raddb/users file also apply:
>
> DEFAULT Group == "disabled", Auth-Type := Reject
> Reply-Message = "Your account has been disabled"
ChristosH wrote:
> Okay, in the radius.c file they call a function rad_chap_encode() that uses
> the password attribute.
> Is that what I'm looking for?
Yes.
> It's a VALUE_PAIR type, so could I check and modify the password->length and
> password->strvalue in that function?
Huh? Why? Do i
Hello,
I need to modify proxy-reply auth packet with condition. All i need - if proxy
user enter UserName like
'username#554466' send UserName like 'username' to proxy (its already
work) and check proxy-reply - if it consist av-pair
Ascend-CBCP-Mode=CBCP-Any-Or-No changer this pair value to CBCP-
28 matches
Mail list logo