hi , any one can tell me , how to logout user???
i use freeradius to my radius server ,i`m testing 802.1x and user login
success with username & pw from wireless ap
but after user reboot laptop , then the laptop will login again automatic ,
so , i hope someone to tell me how to logout user after
It's been quite a challenge to maintain both radiusNTPassword and
sambaNTPassword in a user's LDAP object, especially when
radiusNTPassword is just sambaNTPassword, prepended with '0x'. If
nothing else, that's redundant.
So, what about this patch? It just takes your sambaNTPassword and
prepends
Thankyou Alan!
I don't want to shout at the NAS owner (we rely on them for customer
connections on a private DSL network and the other sites are fine!)
without backup / confidence that I'm not making mistakes.
The users connect, both the logs earlier and now the debug output show
Accept messages
Andy Billington wrote:
> Was thinking about setting up another FR instance, separate IP and
> with just pure text (users) info but am not sure - what concerns me is
> seeing a few mails that have same symptoms (connect starts, then
> restarts after 10s)
Do those users get connected at *all*? If
hi Ivan,
Just been able to restart witout affecting working sites, have started
using -X and am seeing lots of info; for a start its binding to
correct IP (which counters the multi-home issue i was concerned
about). The sites that have probs are all reporting RADIUS ok, my
query / concern is that w
You can't do that. Why don't you use freeradius as your radius server
instead of that one that does only PAP.
Ivan Kalik
Kalik Informatika ISP
Dana 8/8/2007, "Joăo Mendes" <[EMAIL PROTECTED]> piše:
>HI,
>I was wondering if freeradius could do the following:
>- I have a radius client that ne
João Mendes wrote:
> HI,
> I was wondering if freeradius could do the following:
> - I have a radius client that needs to talk MS-Chapv2 and a Radius
> server that only talks PAP.
> Can freeradius convert and proxy the request to the server than
> answer to the client??
No. It's impossi
On Wed 08 Aug 2007, Toledo, Luis Carlos wrote:
> > > Hey all,
> > >
> > > I have a serius problem with non valid Nas-port received
> >
> > from NASes,
> >
> > > because a need to provide a dynamic IP (rlm_ippool).
> > >
> > > Have anyone any suggestion?
> >
> > http://wiki.freeradius.org/Rlm_sqlipp
João Mendes wrote:
> HI,
> I was wondering if freeradius could do the following:
> - I have a radius client that needs to talk MS-Chapv2 and a Radius
> server that only talks PAP.
> Can freeradius convert and proxy the request to the server than
> answer to the client??
>
No,
Amongst oth
This looks promising. Thanks, I will check it out.
Warren
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of [EMAIL PROTECTED]
Sent: Wednesday, August 08, 2007 4:31 PM
To: FreeRadius users mailing list
Subject: Re: redirect authentication to a different radiu
HI,
I was wondering if freeradius could do the following:
- I have a radius client that needs to talk MS-Chapv2 and a Radius
server that only talks PAP.
Can freeradius convert and proxy the request to the server than
answer to the client??
Thanks
João Mendes
-
List info/subscribe/
http://wiki.freeradius.org/Proxy
Ivan Kalik
Kalik Informatika ISP
Dana 8/8/2007, "Warren Maurer" <[EMAIL PROTECTED]> piše:
>Does anyone know of a way to authenticate most users locally, but redirect
>some users to another radius server for authentication based on the login
>domain name specifie
The best way to verify this is to look at the debug (radiusd -X) for the
requests coming from the sites that have a problem.
Ivan Kalik
Kalik Informatika ISP
Dana 8/8/2007, "Andy Billington" <[EMAIL PROTECTED]> piše:
>Thanks Alan - that last point was what I wanted to confirm before
>going to t
Hi,
> >
> > See "man unlang" for details.
>
> Is it this feature disponible in the stable 1.1.7 version ?
no
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Does anyone know of a way to authenticate most users locally, but redirect
some users to another radius server for authentication based on the login
domain name specified by the user? I am using FreeRadius on a Debian box.
Local authentication works properly, but I need to have some users
authentic
> > Hey all,
> >
> > I have a serius problem with non valid Nas-port received
> from NASes,
> > because a need to provide a dynamic IP (rlm_ippool).
> >
> > Have anyone any suggestion?
>
> http://wiki.freeradius.org/Rlm_sqlippool
>
I am use mysql for all radius operations and data storage, is
Thanks Alan - that last point was what I wanted to confirm before
going to the NAS owner to request they start looking. As you've said,
teh RADIUS server sends out packets and they hit the network - if
routing / network was the cause if this, none of the auth responses
would get through. I'm trying
Andy Billington wrote:
> debug didnt seem a likely source of info given that this is a server
> that has been functionig without incident for six months and no
> changes have been made to its config. I have been looking at network /
> routing issues but couldnt figure out why some sites would work
On Wed 08 Aug 2007, Toledo, Luis Carlos wrote:
> Hey all,
>
> I have a serius problem with non valid Nas-port received from NASes,
> because a need to provide a dynamic IP (rlm_ippool).
>
> Have anyone any suggestion?
http://wiki.freeradius.org/Rlm_sqlippool
--
Peter Nixon
http://peternixon.net
thanks for your quick response!
debug didnt seem a likely source of info given that this is a server
that has been functionig without incident for six months and no
changes have been made to its config. I have been looking at network /
routing issues but couldnt figure out why some sites would wor
Hey all,
I have a serius problem with non valid Nas-port received from NASes, because
a need to provide a dynamic IP (rlm_ippool).
Have anyone any suggestion?
Thx
Toledo, Luis Carlos
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Andy Billington wrote:
> auth-detail reports the Access-Request properly AFAIK.
> reply-detail reports the Access-Accept properly.
>
> In the radius.log I get
As opposed to debug mode, which is suggested in the README, FAQ,
INSTALL, etc.?
> In the detail log I get
Accounting packets. NOT a
Emmanuel Dreyfus wrote:
> On Wed, Aug 08, 2007 at 11:53:43AM -0500, Hugh Messenger wrote:
>> Especially in this case, where you have plenty of warning
>> that the feature you need is going away.
>
> Well, that's not realy fair, since the current release does not seems to
> offer me a way without
Toledo, Luis Carlos wrote:
>> See "man unlang" for details.
>
> Is it this feature disponible in the stable 1.1.7 version ?
No.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
We are just setting up 2 new FreeRadius boxes to handle DSL radius
authentication. This is nothing new to us. What is new is using a MySql data
base with the FreeRadius.
Anyway we have most everything working as should be. We are running the
MySql databases as master and slave for replica
>
> See "man unlang" for details.
Is it this feature disponible in the stable 1.1.7 version ?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi all,
I've searched the list for clues but havent' found a resolution for
the following:
1. On a testing network, with seven identically configured routers,
four connect and three dont. They are all the same make / model.
2. They're all using different usernames and passwords, and the NAS is
repo
On Wed, Aug 08, 2007 at 11:53:43AM -0500, Hugh Messenger wrote:
> Especially in this case, where you have plenty of warning
> that the feature you need is going away.
Well, that's not realy fair, since the current release does not seems to
offer me a way without using the deprecated feature.
--
Emmanuel Dreyfus said:
> On Wed, Aug 08, 2007 at 10:14:45AM -0400, Alan DeKok wrote:
> > The deprecated feature *will* be going away. It's not necessary, and
> > it's wrong.
>
> Agreed, but it could be quite useful as a migration path, couldn't it?
If this was a minor version update, I might a
Hi Claudiu,
Thanks for your response,
Wed, 8 Aug 2007 12:24:57 +0300, you wrote:
>For Cisco, please be sure that you have in your config
>
>radius-server vsa send accounting
>gw-accounting aaa
>
>(or "gw-accounting h323 aaa" for an older IOS)
>
>
>Best regards,
>
>Claudiu Filip
>@: [EMAIL PROTECT
Tom Griffin wrote:
> Since the dbm module was ran before the mschap module, Auth-Type was
> being set to Local as instructed in the DBM user file.
It would have been useful to say that earlier.
The response, as (almost always) is DO NOT SET AUTH-TYPE. Doing so is
almost always wrong.
> As
Emmanuel Dreyfus wrote:
>> The deprecated feature *will* be going away. It's not necessary, and
>> it's wrong.
>
> Agreed, but it could be quite useful as a migration path, couldn't it?
There are lots of other features which are in 2.0 for backwards
compatibility. This feature isn't one of
Hello,
After some more extensive debugging, I believe we have got to the bottom
of this issue.
The MS-CHAP module seems to use 'Auth-Type = mschap' (single equals) and
not 'Auth-Type := MS-CHAP' (colon equals) as described in the comments
of radius.conf.
Since the dbm module was ran before th
On Wed, Aug 08, 2007 at 10:14:45AM -0400, Alan DeKok wrote:
> > Right, I'll wait for the next release. I just hope that the deprecated
> > feature won't go away at the same release the much easier feature gets
> > in. That would be painful.
>
> The deprecated feature *will* be going away. It's
Emmanuel Dreyfus wrote:
> Right, I'll wait for the next release. I just hope that the deprecated
> feature won't go away at the same release the much easier feature gets
> in. That would be painful.
The deprecated feature *will* be going away. It's not necessary, and
it's wrong.
There is *no
On Wed, Aug 08, 2007 at 09:38:15AM -0400, Alan DeKok wrote:
> > That post_proxy_authorize option is documented as depreacted and
> > scheduled for future removal. How can I acheive my setup without it?
> > I'm pretty confident there is a way of doing it, but I have not been
> > able to find it.
>
Emmanuel Dreyfus wrote:
> That post_proxy_authorize option is documented as depreacted and
> scheduled for future removal. How can I acheive my setup without it?
> I'm pretty confident there is a way of doing it, but I have not been
> able to find it.
In CVS head (what will be 2.0), this is mu
Dear all
I am on ISP and i want to configure billing gateway means
user authentuicate that gateway and surffing net so is these type of any
opensource package is available and radius for billing
Rgds
satish patel
$ cat ~/satish/url.txt
For Cisco, please be sure that you have in your config
radius-server vsa send accounting
gw-accounting aaa
(or "gw-accounting h323 aaa" for an older IOS)
Best regards,
Claudiu Filip
@: [EMAIL PROTECTED]
Http://www.globtel.ro
T:+40344880100
F:+40344880113
Monday, August 6, 2007, 6:58:06 PM,
Hi,
I'm most likely missing the point, but how can I execute a query on
post-proxy or preacounting using that module?
kind regards
Pshem
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello
Sorry if this is a FAQ, but I have not found the answer, so here I am:
I use freeradius-1.1.6. The server do authorization and authentication
for a few NAS. Some users have logins in the local realm and others have
logins in proxied realms.
When a user passes authorization, the server re
41 matches
Mail list logo
