Dear,
Is there any way to make Freeradius to work as Radius/Diameter gateway?
If not is there any recommended software that can do that?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
we a trying to add mac authentication to our wireless aps radius request
comes in like so.
rad_recv: Access-Request packet from host 10.250.100.3:1038, id=119,
length=95
Service-Type = Framed-User
NAS-Port-Id = wlan1
User-Name = 00:0B:6B:56:1D:48
User-Password =
Alan DeKok wrote:
Arran Cudbard-Bell wrote:
Assertion failed in event.c, line 669
...
Happens after all the home servers have been marked as dead, and you
have an incoming request... though could be when it's firing off a ping
check event.
Either way it's repeatable, and
Arran Cudbard-Bell wrote:
Yep works for me too, reaches end of list of possible servers and starts
rejecting all users assigned
to that realm. :)
Thanks.
Also little one with access-reject when home server fails to respond.
Not sent through access reject filter, though that's probably
On Tue 10 Apr 2007, Mike McCauley wrote:
Hi all,
Open System Consultants (OSC) has established a free resource for the
RADIUS user community to collect and share information about configuring
and implementing RADIUS protocol devices and software.
RadiusExpert:Community Portal at
Ashraf Al-Basti wrote:
Dear,
Is there any way to make Freeradius to work as Radius/Diameter gateway?
No.
If not is there any recommended software that can do that?
OpenDiameter is probably your only choice.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
Arran Cudbard-Bell schrieb:
rlm_realm instances do much the same job as the Proxy-To-Realm reply
item, just they also handle splitting the username into it's component
parts.
Usually you would use one or the other, but not both.
Okay I tested both ways:
1st with suffix disabled in authorize
Hello Peter,
On Wednesday 11 April 2007 19:12, Peter Nixon wrote:
On Tue 10 Apr 2007, Mike McCauley wrote:
Hi all,
Open System Consultants (OSC) has established a free resource for the
RADIUS user community to collect and share information about configuring
and implementing RADIUS
-Original Message-
From: [EMAIL PROTECTED]
[mailto:freeradius-users-bounces+m-
[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: Wednesday, April 11, 2007 12:20 AM
To: FreeRadius users mailing list
Subject: Re: returning VSA from exec-prog-wait
Murray Hooper wrote:
Can I return
hi,
I try to use MSSQL as database for my Freeradius server, but the connection
is failed ?
i have unixodbc succefly installed.
so by typing radiusd -X i see this : rlm_sql_unixodbc: Connection failed
so any user can connected!
helps or tipps please !
Abdelghani ELMALHI
After running the server in debugging mode as suggested I did see
everything
that I expected FreeRadius to be doing
Including sending the attribute back to the NAS?
and that is why I originally wrote
the inquiry. This unfortunately was not triggering the NAS to respond as
recognizing the
Alan DeKok wrote:
Alexander Papenburg wrote:
Okay I tested both ways:
1st with suffix disabled in authorize section of radiusd.conf and:
DEFAULT NAS-IP-Address == 10.0.0.1, Proxy-To-Realm := realm
User-Name = [EMAIL PROTECTED]
In the users file? That sets the User-Name used in
Molteni Davide wrote:
Finally I successfully managed to log into the cisco switch (thanks to
your help) using freeradius.
Now I want that the radius users can directly enter into enable mode
of the cisco device. I set this in the users file
test Auth-Type := Local, User-Password == test
On 4/11/07, Alan DeKok [EMAIL PROTECTED] wrote:
To back up a bit, *why* are you HUPing the server?
I usually HUP servers to force them to re-read their configuration
without forcing the server to restart. I'm glad I found the earlier
commentary that HUPping radiusd is considered harmful. I
DEFAULT NAS-IP-Address == 10.0.0.1, Proxy-To-Realm := realm
Ah yes, still the top entry should have worked, username would have to
be rewritten in hints file.
Or with attr_rewrite.
Yippiieee,
the request has been sent through to the home-server. Still need to work
on the
Hi,
Is somebody configure 3Com switch series 4500 with Freeradius + Ldap auth. ?
I have some problem:
In debug mode i see:
---CUT---
Sending Access-Accept of id 18 to 192.168.2.201 port 5001
MS-MPPE-Recv-Key =
0x3c9698b69511f27c53657389c3994d28fa0c2db70bd6c671dc211ba697f92a09
Ethan Dicks wrote:
On 4/11/07, Alan DeKok [EMAIL PROTECTED] wrote:
To back up a bit, *why* are you HUPing the server?
I usually HUP servers to force them to re-read their configuration
without forcing the server to restart.
Well, yes. But *what* are you changing? Clients? Realms?
Hi Alan,
On Wed, Apr 11, 2007 at 03:45:18PM +0200, Alan DeKok wrote:
Milan Holub wrote:
somewhere in this list there was already mentioned that current CVS
version causes segmentation fault when received HUP signal(kill -HUP pid) -
depending on
the configuration it may survive 1st HUP
Maybe we can add features that prevent the need for the HUP, and then
remove support for HUP. That would be best, I think.
Do you have in mind a favorite technique for signaling daemons that
the config files have changed? HUP is a common way to do it, but I'm
sure there are other ways.
Hi Alan,
On Wed, Apr 11, 2007 at 04:02:15PM +0200, Alan DeKok wrote:
Do you have in mind a favorite technique for signaling daemons that
the config files have changed? HUP is a common way to do it, but I'm
sure there are other ways.
A command-line tool that uses some other method to
Hi all,
when I've compiled in snmp support (--with-snmp) on current cvs head I got
following segmentation fault(does not matter whether NAS are stored in DB or in
clients.conf):
DEBUG OUTPUT START
...
Ready to process requests.
Nothing to do. Sleeping until we see a request.
SMUX read start
-Messaggio originale-
Da: [EMAIL PROTECTED] per conto di Alexander Papenburg
Inviato: mer 11/04/2007 15.41
A: FreeRadius users mailing list
Oggetto: Re: log on device directly in priviledged mode
Molteni Davide wrote:
Finally I successfully managed to log into the cisco switch
hi,
I want to use MSSQL as a database for my Freeradius,so
i have unixodbc installed.
but the connection is failed ?
by debug modus i can see this : rlm_sql_unixodbc: Connection failed
any help?
Regards,
Abdelghani ELMALHI
Devesestr. 1
45897 Gelsenkirchen
Deutschland
Hi all,
with currect cvs head I've observed following behaviour:
- I'm using rlm_sql
- clients stored in mysql DB(standard DB scheme)
- in sql.conf I have readclients=yes(to read the nas table)
We are having multiple NASes on the same IP distinguished only by
different port(eg. multiple
Milan Holub wrote:
== I've found really useful the idea of telling freeradius
to reload via snmp - could be such functionality easily kept when using
your proposed approach?
Reloading via SNMP is exactly the same as HUP.
Configuring a server by doing SNMP writes is very hard.
Alan
Milan Holub wrote:
- we are keeping NAS entries in DB.
Then the server should re-load them via reading the DB.
- these entries are edited by operation guys via web interface
- when a new NAS entry is added then we need to reload/restart
freeradius
- we reload freeradius using SNMP
inverse wrote:
Going back to the subject, a useful feature would be a periodical
reload of certificate revocation lists and the users list. These two
lists are prone to changing frequently in production environments: a
production server usually has an otherwise stable configuration.
That
Milan Holub wrote:
Hi all,
when I've compiled in snmp support (--with-snmp) on current cvs head I got
following segmentation fault(does not matter whether NAS are stored in DB or
in clients.conf):
I just committed fixes for SNMP. I haven't tested it, but the code
that was obviously
Molteni Davide wrote:
-Messaggio originale-
Da: [EMAIL PROTECTED] per conto di Alexander Papenburg
Inviato: mer 11/04/2007 15.41
A: FreeRadius users mailing list
Oggetto: Re: log on device directly in priviledged mode
Molteni Davide wrote:
Finally I successfully managed to
Milan Holub wrote:
We are having multiple NASes on the same IP distinguished only by
different port(eg. multiple instances of nocat wlangw running on
differet ports).
No. NASes are distinguished by IP. Nothing else.
There is no way in RADIUS to have multiple NASes on the same IP with
FWIW, I have had a chance to test this on 2.2.3 and it did not work
for me either. Not sure if it is a bug in apache or a change has been
made and the mod_auth modules need updating.
On 3/29/07, Nick Owen [EMAIL PROTECTED] wrote:
On 3/28/07, Ramazan Ulker [EMAIL PROTECTED] wrote:
Hi
these
That will be fixed on another commit.
It turns out the easiest way to fix that was to remove the multiple
places that called Post-Auth-Type Reject, and move it to one central
location. Simpler, less code, does exactly the same thing as before,
and adds the call to Post-Auth-Type Reject
Hi all
I am using two radius servers for our DSL clients.
but our client has ip conflict issue.
it looks like the first radius issues the ip to the A
DSL client. but seondary radius doesn't know this ip
already allocated and issue this ip to B DSL client.
Then two clients have the same ip
Are there any open source programs that parse the accounting logs produced
by freeradius? I can find a couple in Google, but they appear to have been
left behind in 1999.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
this looks great for my purpose as well thanks very much for your help
Alan,
The problem for me was that when the ldapsearch failed to find the MAC
address, freeradius didn't reject authorisation.
The solution for me, ( I'm sure the big boys can point out how it's
wrong ), was the following
Murray Hooper wrote:
Are there any open source programs that parse the accounting logs produced
by freeradius? I can find a couple in Google, but they appear to have been
left behind in 1999.
Accounting detail file formats haven't changed in years, so they
probably work fine.
I recall
36 matches
Mail list logo