Hi,
I remain, as always, resolute in my plans for world domination. :)
cough please take your place in the queue ;-)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Steven J Lamb wrote:
I have been looking for a good example of a way to execute scripts when
there is a login or logout. I haven't yet found a good example and
unfortunately all of my attempts have failed to do anything. Any help or
suggestions as to where I can find a good example of running
If you wish to split hairs over a single line in my email that you
purposefully skewed the meaning off by all means be that guy. Should
you have anything constructive at all to offer the conversation please
do, however petty criticisms are not welcome though.
On 7/9/07, Alan DeKok [EMAIL
Peter Nixon wrote:
In other words, it should only be clearing IP's
for which a 'stop' query has gone astray, on the basis that you can't have
more than one connection to an individual NAS port. It certainly
shouldn't just free up all IP's based on expiry_time.
Exactly..
Will it
On Mon 09 Jul 2007, Alan DeKok wrote:
Peter Nixon wrote:
In other words, it should only be clearing IP's
for which a 'stop' query has gone astray, on the basis that you can't
have more than one connection to an individual NAS port. It certainly
shouldn't just free up all IP's based on
Fussy config file = petty criticism ?
If so deal with it you will hear far worse I'm sure. Why not be honest
? and admit that all your really after is to continue the conflict we
hard several months ago.
So can we drop it please? If nothing else this is counter productive.
I'm very surprised
i have a wrt54g linksys running dd-wrt
can someone help or give a link on how to deploy using the same linksys box.
Do this,
The settings below will help:
SETUP
Internet connection: IP on WAN
Under Optional Settings
Host Name: MyWireless (Name of your client-AP)
Domain Name:
I have an old instance of icradius - which - when users had a static IP
allocated - login would fail if there was a realm present but work just
fine if the realm was missing. This was in the old, dark days - when
everyone was in the same realm.
Now - freeradius works just fine with a full realm
Hi All,
I am new to FreeRadius. I am using Free Radius 1.1.3. I want to configure
the vendor attribtes in format as below,
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|RADIUS TYPE 26 | Length| Vendor-ID
my 2n comment was referring to my current project (ntlm auth +
conditional auth if ldap Field dialupaccess =1
On 7/9/07, Jacob Jarick [EMAIL PROTECTED] wrote:
On 7/9/07, Alan DeKok [EMAIL PROTECTED] wrote:
Jacob Jarick wrote:
Fussy config file = petty criticism ?
When it's clear that
Putting a User into a certain VRF is quite simple:
vrfuser User-Password == topsecret
Cisco-AVPair += lcp:interface-config#1=ip vrf forwarding \
VRFNAME,
Thank you Gerald, this is what I need to do.
I tried using this
Hi Kalik,
thanks for your reply.
I had a look at the cisco doc on vrf forwarding, but I think it's not what I
need to do.
I don't need to put all template items in fr, but only to select the vrf based
on group which the user belongs to.
Did I miss the point? Do I need to configure Templates
. Sleeping until we see a request.
Processing the authorize section of radiusd.conf
+- entering group authorize
hints: Matched DEFAULT at 4
++[preprocess] returns ok
radius_xlat: '/var/log/freeradius/radacct/127.0.0.1/auth-detail-20070709'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address
... Username='%{Stripped-User-Name}' AND realm='%{Realm:-pop.co.za}' AND
ie - if the REALM is missing - it should default to 'pop.co.za'...
Anyway - still getting incorrect logins
A radiusd -X shows me that ..WHERE Username='mje' AND realm='NULL'
AND...
That's how it
Pshem Kowalczyk wrote:
I'm building 'backend' radius servers, that only have to know about
one domain - the default one, despite the stuff the users put into
their login names.
...
rlm_sql (sql_auth): User [EMAIL PROTECTED] not found
++[sql_auth] returns notfound
rlm_pap: WARNING! No known
Hi All!
I have a problem with freeradius getting access to a mysql database.
I installed freeradius 1.1.5 on OpenSuse. The radius server is working,
because I get an Access-Accept Packet with radtest (I configured the
clients.conf).
But how do I configure FreeRadius to use an MySql-database?
You don't need to set up vrf templates if everyone is going to use the
default radius server and default authentication and au6thorization
groups. It's optional.
What does debug radius and debug ppp negotiation on Cisco say about why
was the Framed-IP-Address rejected. If it fails on IPCP then
On Mon 09 Jul 2007, Michael Ziemann wrote:
Hi All!
I have a problem with freeradius getting access to a mysql database.
I installed freeradius 1.1.5 on OpenSuse. The radius server is working,
because I get an Access-Accept Packet with radtest (I configured the
clients.conf).
But how do I
Are you sure? You would need to be a vendor making equipment in order to
configure new ones. If you just want to add a new vendor attribute that
is not in the dictionary.vendorName in that (older) version of
Freeradius you can add new attributes by editing that vendors dictionary
file. Just follow
Make the database tables using this script:
http://wiki.freeradius.org/MySQL_DDL_script
Configure connection details (server, username, password) to MySQL in
sql.conf. Make sure that user(name) has appropriate access to the
database.
Find sql entries in radiusd.conf and uncomment them
Ivan
Hi Daniel,
It is very easy to use as many tables you need.
You can have in config:
authorize_check_query = SELECT * FROM
pl_AUTHORIZE_CHECK('%{SQL-User-Name}', '%{User-Password}',
'%{Client-IP-Address}')
pl_AUTHORIZE_CHECK will be a stored procedure on the postgresql backend.
Phil Mayers wrote:
... Username='%{Stripped-User-Name}' AND realm='%{Realm:-pop.co.za}' AND
ie - if the REALM is missing - it should default to 'pop.co.za'...
Anyway - still getting incorrect logins
A radiusd -X shows me that ..WHERE Username='mje' AND realm='NULL'
AND...
Ivan,
Thanks for the information.
As I am totaly new to FreeRadius, Can u also tell me, in which file should i
update to reflect the attributes in Access-Accept.
is it in sql.conf?
Thanks Regards,
Govardhana K N
On 7/9/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Are you sure? You would
Since you are mentioning file, not database, Ldap or such, it's
users file (should be at /usr/local/etc/raddb/users). Read the examples
and make something like that for your user. You will see what you should
check for and what should go in the reply. Format is:
user check1, check2, ,
Hi All,
I came across this infomation and tought it would be nice to drop it here.
Eventhough it is ssl issue it has to do with PEAP. Just to discuss; any
comments.
PEAP certificates, signing requirements and examples
There are only minor differences between standard SSL certificates used by
I tried configuring the same but it there were no attributes present in
Access-Accept.
the command I used to create the Access-Request is given below:
[EMAIL PROTECTED]:~$] radclient -x 127.0.0.1 auth testing123
user-name=govardhana
user-password=govardhana
nas-identifier=jrcnas
Eshun Benjamin wrote:
Hi All,
I came across this infomation and tought it would be nice to drop it
here. Eventhough it is ssl issue it has to do with PEAP. Just to
discuss; any comments.
This is documented in eap.conf, among other places. It's on the Wiki,
in the script files that create
On Behalf Of Dave said:
Yes accounting is working well from the NAS
Are you sure the NAS is sending 'interim update' accounting packets, not
just start/stop?
Here's my understanding of how it works (I'm sure Peter will correct me if
I'm wrong!):
On an access request, sqlippool will first check
Your AP IP address is from Automatic Private IP Addressing range. Routing
is not going to work there. Make a proper /30 network between AP and
the PC.
Ivan Kalik
Kalik Informatika ISP
Dana 9/7/2007, Garvin Haslett [EMAIL PROTECTED] piše:
I have a tiny test network consisting of a Belkin
Some more details:
authorize {
preprocess
if (%{User-Name} =~ /^(.*)@(.*)$/) {
update request {
Stripped-User-Name := xyz
Realm := abc
}
}
auth_log
chap
suffix
Hi ppl
Wondering if anyone can provide me a link/doc (without me going out to
prepare a small lab enviroment for proof-of-concept), that will help prove
that FreeRADIUS will support Window VISTA clients with their respective
factory defaults.
Thank you.
Regards
Crowley
-
List
Thanks Arran,
Is there a doc that will shed some light as to the procedure for enabling
support for a VISA client.
(I am refering to PPTP connections.)
Again, thanx for the reply.
/Crowley
On 7/9/07, Arran Cudbard-Bell [EMAIL PROTECTED] wrote:
Jose wrote:
Hi ppl
Wondering if anyone can
Pshem Kowalczyk wrote:
Is that functionality available in the 2.0.0-pre1?
No.
You need the CVS head.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jose wrote:
Wondering if anyone can provide me a link/doc (without me going out to
prepare a small lab enviroment for proof-of-concept), that will help
prove that FreeRADIUS will support Window VISTA clients with their
respective factory defaults.
Thank you.
PEAP doesn't work that way.
Johan wrote:
I'm wondering if it's possible to authenticate a user who is using
mschap authentication with perl.
Sure. Just re-write all of the MS-CHAP authentication protocol in
rlm_mschap in Perl.
But why the heck would you want to do that?
I already made a perl script, which I use
On 10/07/07, Alan DeKok [EMAIL PROTECTED] wrote:
Pshem Kowalczyk wrote:
Is that functionality available in the 2.0.0-pre1?
No.
You need the CVS head.
Ok. Then I'll have a look into this later, for now - I figured out
that the easiest way of fixing my problem is to do it like this:
Jose wrote:
Thanks Arran,
Is there a doc that will shed some light as to the procedure for
enabling support for a VISA client.
(I am refering to PPTP connections.)
EAPOL or EAP over PPP ? Either way I don't think such a document exists
for VISTA ... though from my own tests it's much the
Pshem Kowalczyk wrote:
Thanks for your help and when is the -pre2 coming ? ;-)
ASAP, I hope.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok wrote:
Johan wrote:
I'm wondering if it's possible to authenticate a user who is using
mschap authentication with perl.
Sure. Just re-write all of the MS-CHAP authentication protocol in
rlm_mschap in Perl.
But why the heck would you want to do that?
You know
Arran Cudbard-Bell wrote:
And the advantage of supporting MSChap is that you don't have to store
your passwords in cleartext... Just NT4 or LMHash which while not much
more secure than cleartext , looks far more impressive in a password
database.
And the server already does the heavy
Thanks Arran,
Is there a doc that will shed some light as to the procedure for enabling
support for a VISA client.
(I am refering to PPTP connections.)
Again, thanx for the reply.
/Crowley
PPTP will work (with Vista as well) out of the box. It should use
MS-CHAPv2 which is enabled by default
Hugh Messenger wrote:
On Behalf Of Dave said:
Yes accounting is working well from the NAS
Are you sure the NAS is sending 'interim update' accounting packets, not
just start/stop?
My NAS is currently NOT sending interm updates, but there is an option
to use that, just wasn't
Hello,
Im currently trying to setup FR to authenticate a user / machine
regardless of password, provided that the account exists and that
DialupAccess = 1. Im a bit stuck atm because I do not know how to
ignore the passwd failing the ldap check.
In the end I hope to have the ldap check if
Forgot to paste the radiusd.conf url - http://pastebin.ca/611795
On 7/10/07, Jacob Jarick [EMAIL PROTECTED] wrote:
Hello,
Im currently trying to setup FR to authenticate a user / machine
regardless of password, provided that the account exists and that
DialupAccess = 1. Im a bit stuck atm
44 matches
Mail list logo