Stefan Adams wrote:
> Is there anyway that I can rewrite the Calling-Station-ID to the name of
> the PC instead of the MAC address? This table can be found in LDAP or
> even in DHCP. Is there a way to call an external program
See the "exec" module. It's in radiusd.conf.
And DHCP servers ge
LeRoy DeVries wrote:
> I am having a problem with the ATTRIBUTE Idle-Timeout. Sometimes it
> will log out the connected user and place the entry in the radacct table
> (AcctStopTime) and sometimes it won't. How can I debug this problem to
> resolve this issue.
Debug Chillispot. It's the one t
Hi, thanks for your prompt reply.No, I'm not trying to run it with 1.1.x files.
I've downloaded the latest snapshot in a brand new computer, which has only the
LBS.In previous versions, when I compiled FreeRadius, it was 100% functional,
obviously I needed to configure it to meet my needs, but
Hi,
I am having in starting radius. Following is text output of "radiusd -X"
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
I've attempted to compile free radius 1.1.7 on a machine running
NetBSD/amd64 without success...
% uname -v
NetBSD 4.99.20 (GENERIC.MP) #0: Thu Jul 5 13:21:09 EST 2007
[EMAIL PROTECTED]:/usr/obj/sys/arch/amd64/compile/GENERIC.MP
%
At first configure couldn't find krb5.h and make failed:
%
Is there anyway that I can rewrite the Calling-Station-ID to the name of the
PC instead of the MAC address? This table can be found in LDAP or even in
DHCP. Is there a way to call an external program that will provide the
rewrite rules such that the log shows:
Login OK: [username] (from client
Hi,
> How do we currently handle overlapping subnets, and more specifically a
> single share secret for a subnet with specific shared secrets for IPs in
> that subnet? (IMHO a valid config but something I am not sure we support at
> present)
overlapping/zopa or joins are all valid - the NAS wi
Hi,
> Does it complain and die , or just complain ?
dies.
> This is the kind of issue that I can see someone phoning me at 2am for
> *sigh* ...
>
> Oh fun... the four fields that make up the ip address haven't got a
> unique index across them...
I've made a change locally on our DB to add a
Arran Cudbard-Bell wrote:
Alan DeKok wrote:
Brian Ertel wrote:
DEFAULTUser-Name =~ "([0-9a-fA-F]:)5[0-9a-fA-F]", Auth-Type :=
Accept
... vlan stuff
So for username are you saying I can use any old text string?
*([0-9a-fA-F]:){5}[0-9a-fA-F]
unless you want to match
0:50 ;
Alan DeKok wrote:
Brian Ertel wrote:
DEFAULT User-Name =~ "([0-9a-fA-F]:)5[0-9a-fA-F]", Auth-Type := Accept
... vlan stuff
So for username are you saying I can use any old text string?
*([0-9a-fA-F]:){5}[0-9a-fA-F]
unless you want to match
0:50 ;)
What leads you to c
On Mon 27 Aug 2007, Arran Cudbard-Bell wrote:
> Alan DeKok wrote:
> > Norbert Wegener wrote:
> >> That's true, but maybe Alan's suggestion to add a debug message
> >> complaining about this
> >> would be nice here, too?
> >
> > Committed to CVS.
>
> Does it complain and die , or just complain ?
>
Alan DeKok wrote:
Norbert Wegener wrote:
That's true, but maybe Alan's suggestion to add a debug message
complaining about this
would be nice here, too?
Committed to CVS.
Does it complain and die , or just complain ?
This is the kind of issue that I can see someone phoning me a
I am having a problem with the ATTRIBUTE Idle-Timeout. Sometimes it
will log out the connected user and place the entry in the radacct table
(AcctStopTime) and sometimes it won't. How can I debug this problem to
resolve this issue.
Thanks for your help.
-
List info/subscribe/unsubscribe? See htt
Norbert Wegener wrote:
> That's true, but maybe Alan's suggestion to add a debug message
> complaining about this
> would be nice here, too?
Committed to CVS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[EMAIL PROTECTED] wrote:
Hi,
The "clients.conf" file may also define clients.
yes. but that still doesnt fix the issue that duplicates
could exist in the NAS table itself :-)
That's true, but maybe Alan's suggestion to add a debug message
complaining about this
would be nice he
Hi,
> The "clients.conf" file may also define clients.
yes. but that still doesnt fix the issue that duplicates
could exist in the NAS table itself :-)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Brian Ertel wrote:
> Unknown attribute "Cleartext-Password"
Use 1.1.7. It contains MAY bug fixes, security fixes, and features
over previous versions.
If you're not going to use 1.1.7, just use User-Password instead of
Cleartext-Password. But you SHOULD use ":=" for the operator, rather
tha
On Mon, 2007-08-27 at 15:50 +0200, Ivan Lago wrote:
> Thanks, i removed the password_attribute and it worked.
> Anyway i did it because my LDAP directory do not have a password
> attribute for computer entries, so i wanted to check the mac-address
> for both user-name and password. Than i didn't go
On Mon, 2007-08-27 at 09:42 -0400, Brian Ertel wrote:
> Alan,
>
> I now have the users file syntax like this:
>
> 00:0e:35:1c:e0:52 Cleartext-Password := "testing"
>
> Tunnel-Medium-Type = "IEEE-802",
> Tunnel-Type = "VLAN",
> Tunnel-Private-Group-Id = "157",
R
Thanks, i removed the password_attribute and it worked.
Anyway i did it because my LDAP directory do not have a password
attribute for computer entries, so i wanted to check the mac-address
for both user-name and password. Than i didn't go on with this for
various reasons (i should have rewr
Alan,
I now have the users file syntax like this:
00:0e:35:1c:e0:52 Cleartext-Password := "testing"
Tunnel-Medium-Type = "IEEE-802",
Tunnel-Type = "VLAN",
Tunnel-Private-Group-Id = "157",
But when radius returns the following error when attempting to start...
On Mon, 2007-08-27 at 13:56 +0200, Ivan Lago wrote:
> I tried to make it explicit, but it did not work.
> Anyway that parameter is defaulted to yes, as you said, but it's
> being ignored. Here is a dump of the loading of the module at server
> startup, without adding the set_auth_type explicita
Ok. I will do that.
Thanks,
Brian
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan
DeKok
Sent: Monday, August 27, 2007 9:12 AM
To: FreeRadius users mailing list
Subject: Re: Freeradius, Cisco WLC, Mac address auth.
Brian Ertel wrote:
> DEFAULT
Brian Ertel wrote:
> DEFAULT User-Name =~ "([0-9a-fA-F]:)5[0-9a-fA-F]", Auth-Type := Accept
> ... vlan stuff
>
> So for username are you saying I can use any old text string?
What leads you to conclude that? Have read the documentation for the
"users" file? Do you know what a reg
Alan,
What I am not clear on is for unknown users you wrote:
DEFAULT User-Name =~ "([0-9a-fA-F]:)5[0-9a-fA-F]", Auth-Type := Accept
... vlan stuff
So for username are you saying I can use any old text string?
Also you instructed to list all known mac addresses first should they be
"lis
Brian Ertel wrote:
> a correction of what I am using or syntax to accomplish the
> unknown/known user issue?
It's a correction of the entry for a known user. See the README and
"man rlm_pap" in 1.1.7.
> In other words which syntax takes care of the unknown users and which
> takes care of the k
[EMAIL PROTECTED] wrote:
> time for FAQ or Wiki entry? the error message is not too helpful
> but what it means is that you have an identical entry in your database.
> either its a duplicate, or its the same as one in clients.conf
>
> the SQL table should have a UNIQUE force attribute for IP addre
Hi,
> Hello, I've downloaded from CVS the latest snapshot of FreeRadius
> 2.0 for testing purposes, but to my surprise, i haven't yet succeeded
> in getting it to run.The error message I get is the following:Mon Aug 27
> 15:49:14 2007 : Error: Listening on IP authentication address * port 1812 bu
Hi,
> I have a larger list of clients, that is read from a mysql database.
> Freeradius starts loading the clients, but when having loaded the first
> 2442 clients, it dies.
time for FAQ or Wiki entry? the error message is not too helpful
but what it means is that you have an identical entry in
Alan,
Thank you for the response. Was your first input:
"Don't set Auth-Type. User "Cleartext-Password := ...", not
"User-Password == ..."
a correction of what I am using or syntax to accomplish the
unknown/known user issue?
In other words which syntax takes care of the unknown users and whic
Jack Daniels wrote:
> I've downloaded from CVS the latest snapshot of FreeRadius 2.0 for
> testing purposes, but to my surprise, i haven't yet succeeded in getting
> it to run.
>
> The error message I get is the following:
>
> Mon Aug 27 15:49:14 2007 : Error: Listening on IP authentication addre
Hello, I've downloaded from CVS the latest snapshot of FreeRadius
2.0 for testing purposes, but to my surprise, i haven't yet succeeded
in getting it to run.The error message I get is the following:Mon Aug 27
15:49:14 2007 : Error: Listening on IP authentication address * port 1812 but
no server
Hello, I've downloaded from CVS the latest snapshot of FreeRadius
2.0 for testing purposes, but to my surprise, i haven't yet succeeded
in getting it to run.The error message I get is the following:Mon Aug 27
15:49:14 2007 : Error: Listening on IP authentication address * port 1812 but
no server
I tried to make it explicit, but it did not work.
Anyway that parameter is defaulted to yes, as you said, but it's
being ignored. Here is a dump of the loading of the module at server
startup, without adding the set_auth_type explicitally :
ldap: server = ".ifom-ieo-campus.it"
ldap: port
On Mon, 2007-08-27 at 12:13 +0200, Ivan Lago wrote:
> Hi
>
> I tried to update freeradius from 1.1.6 to 1.1.7 on my 2 servers, but
> i had great problems: some of the ldap instances i configured do not
Hmm. I thought it defaulted to "on" but try adding:
ldap name {
...
set_auth_type =
Hi
I tried to update freeradius from 1.1.6 to 1.1.7 on my 2 servers, but
i had great problems: some of the ldap instances i configured do not
set auth-type even if they find the user in the ldap directory.
Of the ldap instances described below only the macbypass ones do not
set Auth-Type, t
Hey Michael,
You need to make use of the attribute Simultaneous-Use as a parameter
for controlling how many session each user will be accepted by the RADIUS
server.
Regards,
Liran Tal.
On 8/27/07, Michael Ziemann <[EMAIL PROTECTED]> wrote:
>
> Hi People!
>
> Today I've another problem with free
Hi People!
Today I've another problem with freeradius.
The user has his own password and can login by himself, no problem. But
how can I avoid a second user logging in with the same user / pwd?
Is it a problem of the NAS or RADIUS ???
I didn't find any configuration examples on the web, so ple
I have a larger list of clients, that is read from a mysql database.
Freeradius starts loading the clients, but when having loaded the first
2442 clients, it dies.
Unfortunately gdb is not very helpfull:
.
rlm_sql (sql_base): Read entry
nasname=192.168.36.73,shortname=192.168.36.73,secret=m
Hello,
We do this kind of stuff for our users.
When our users run out of credit, instead of rejecting them, we return a
different ip-pool to the user(ex: 10.10.X.X)
>From that ip-pool, users can only access our ticketing system, payment
gateways and such.(ex: from 10.10.X.X users can access few ip
Norbert Wegener wrote:
> Can you already foresee, when pre2 will be released?
I had intended to do it last week, but I'll do it this week.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok wrote:
Phil Mayers wrote:
I'm only slightly wiser from reading that... Shouldn't 'eap' and 'mschap'
be in this Authz-Type to then?
No
I will note that in CVS head (2.0-pre2), this is *much* easier to
understand. There's a configuration file for the outer tunnel pi
42 matches
Mail list logo