Re: Openser+Asterisk+Freeradius

Hi, is there any documentation or hyper links I can follow for the setup? Thanks SW - Original Message From: ram <[EMAIL PROTECTED]> To: FreeRadius users mailing list Sent: Wednesday, September 26, 2007 5:57:15 PM Subject: Re: Openser+Asterisk+Freeradius On 9/26/07, Live Great <[EMA

Re: How to send different attributes a miscellaneous nas

Use 2.0 version or CVS head. It works there. Ivan Kalik Kalik Informatika ISP Dana 26/9/2007, "Medvedev Maxim" <[EMAIL PROTECTED]> piše: >How I can solve a problem of sending of different attributes miscellaneous NAS >from which the user in combination FR+sql or FR+ldap comes? > >> Multiple gr

Re: Install Troubles

On Wed 26 Sep 2007, Brad Lachel wrote: > I am attempting to install freeradius 1.1.7 on an XServe with > integration with Novell edirectory. I ran the ./configure with the > --with-edir option, everything else was standard, out of the box. > The install appeared to go fine, but when I started up

How to send different attributes a miscellaneous nas

How I can solve a problem of sending of different attributes miscellaneous NAS from which the user in combination FR+sql or FR+ldap comes? > Multiple groups per user don't work properly. And that is what you want. > > Ivan Kalik > Kalik Informatika ISP > > > Dana 26/9/2007, "Medvedev Maxim" p

Re: how can I control a user

Configure ippool and use Pool-Name:= whatever in user/group profile and not Framed-IP-Address. Make sure that Pool-Name is a check item. Ivan Kalik Kalik Informatika ISP Dana 26/9/2007, "ann kok" <[EMAIL PROTECTED]> piše: >Hi all > >how can I control to allow a user logon only in >dynamic ip ip

how can I control a user

Hi all how can I control to allow a user logon only in dynamic ip ipool in radius server? Thank you again Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news, photos & more

Re: Install Troubles

Brad Lachel wrote: > radiusd.conf[1600] Failed to link to module 'rlm_exec': > dlopen(/usr/local/lib/rlm_exec-1.1.7.so, 9): Symbol not found: > _debug_flag Referenced from: /usr/local/lib/rlm_exec-1.1.7.so > Expected in: flat namespace Re-configure as: $ ./configure --enable-developer th

Install Troubles

I am attempting to install freeradius 1.1.7 on an XServe with integration with Novell edirectory. I ran the ./configure with the --with-edir option, everything else was standard, out of the box. The install appeared to go fine, but when I started up the server, I received the following

Re: NAS IPs in LDAP?

On Wed 26 Sep 2007, Alan DeKok wrote: > Jorgen Lundman wrote: > > Would those be appreciated, or just end up in-house? > > If the patch is against CVS head, it's likely to be accepted. Yep. I think this would be a usefull option and would be happy to help with patch testing if you do the writin

Re: Exec-Program based on LDAP Attribute

John Wever wrote: > Yes, thats exactly what I want, but the script is never fired. It is my > understanding that the acct_users file only sees accounting packet data, Yes. > if the CustomAttrib is a checkItem would it even be available to query > at this point? The acct_users file can't do c

Re: Exec-Program based on LDAP Attribute

Yes, thats exactly what I want, but the script is never fired. It is my understanding that the acct_users file only sees accounting packet data, if the CustomAttrib is a checkItem would it even be available to query at this point? Just as info, I take off the ", CustomAttrib == true" and the s

Re: unlang question

Norbert Wegener wrote: > ... The client authenticates via a certificate. Everything > works as expected. Nevertheless someone inspecting the switch logs found: ... > and claimed, the Access-Challenge with Tunnel-Private-Group, > Tunnel-Medium-Type etc. are not RFC compatible. Yes. > I can see t

unlang question

I am using a recent 2.0.0-pre cvs snapshot. For 802.1x authentication AD is querried for a valid machine account and VLAN, which the ldap modules put into the radius-attribute Huntgroup-Name. The client authenticates via a certificate. Everything works as expected. Nevertheless someone inspec

Re: Exec-Program based on LDAP Attribute

John Wever wrote: > DEFAULT Acct-Status-Type == Start, CustomAttrib == true That *matches* the Custom Attribute. Is that what you want? >Exec-Program = "/path/to/script.sh %u %{Framed-IP-Address} > %{CustomAttrib}" > > I've tried setting the ItemType of the CustomAttrib to checkItem a

R: merging accounting records from two databases

> Hi, Hi Stella, I ran in your problem just quite weeks ago and I solved this way: - Use mysql replication for syncing the two database (you have to make db1 slave of db2 and db2 slave of db1: every record inserted in one db will be automatically inserted in the other one) - Use heartbeat (or what

Re: merging accounting records from two databases

I'm sure that would work if they were normal (non-radius) records in a database. The problem is there are two accounting records (stop and start). When radius receives a start record it just inserts it into the database (easy) but when it receives a stop record, it tries to find the original start

Re: merging accounting records from two databases

Given my levels of FreeRADIUS knowledge vs MySQL, I would go with a database-level approach :-) What version of MySQL are you using - you could maybe cluster the databases? Alternatively have RADIUS write to one database and use MySQL Proxy to handle the two databases if you dont want to cluster

merging accounting records from two databases

Hi, We're setting up two radius servers and configuring them so the accounting records are inserted into a mysql database. For redundancy, we're having two radius servers and two database servers. Both radius servers will attempt to write the records to the primary database, if that fails, the s

Re: Strange CHAP/PAP issue (Version 1.1.6) [SOLVED]

Dnia Śr Września 26 2007, 2:51 pm, Wojciech Ziniewicz napisał(a): > Dnia Śr Września 26 2007, 11:57 am, Alan DeKok napisał(a): >> Try also with "ntradping", or another non-FreeRADIUS client. If CHAP >> works for those clients, then the CHAP code in PPPoE is broken. >> >> Alan DeKok. > > Alan,

Re: Strange CHAP/PAP issue (Version 1.1.6)[sic!]

Dnia Śr Września 26 2007, 11:57 am, Alan DeKok napisał(a): > Try also with "ntradping", or another non-FreeRADIUS client. If CHAP > works for those clients, then the CHAP code in PPPoE is broken. > > Alan DeKok. Alan, probably you were right. Testing CHAP auth locally with ntradping (runs eas

Re: simultaneous use --solved-- :-)

That is wrong. You need to update the session to which accounting packet belongs to, not any open session for that user. It's better to investigate the source of open sessions and resolve it than to fudge things like that. Ivan Kalik Kalik Informatika ISP. Dana 26/9/2007, "Michael Ziemann" <[EMA

simultaneous use --solved-- :-)

Hi all! I solved my simultaneous-use problems with AcctStopTime -00-00 00:00:00 ... The reason was a wrong MySQL-Code in the sql.conf file: accounting_stop_query = "UPDATE ${acct_table2} SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-

Re: Problem upgrading Windows version to Ver.1.1.7

Terry Pelley wrote: > Starting - reading configuration files ... > reread_config: reading radiusd.conf > Configuration directory ../etc/raddb is globally writable. > Refusing to start due to insecure configuration. So... make /etc/raddb *not* globally writable. > Errors reading radiusd.conf >

Re: Acct-Input-Gigawords in Exec-Program env

Rob Hartzenberg wrote: > I'm having trouble identifying the Acct-Input-Gigawords field in the > shell environment of Exec-Program. > Does anyone know how to ensure that it is being exported? Read the output of debugging mode. If it's in the packet, it will be exported to any shell program. See

Re: NAS IPs in LDAP?

Turbo Fredriksson wrote: > Isn't this 'radiusClientIPAddress' (RADIUS attribute 'Client-IP-Address')? > > 'Client-IP-Address. Matches the IP address of the client in the request.' No. That *matches* the client address. It's a comparison for policies. It does NOT define a client. Real clie

Problem upgrading Windows version to Ver.1.1.7

I'm Currently running FreeRADIUS Version 1.1.3-r0.1.2 (Windows version) Knowing that I am long overdue for an upgrade, I backed up all of my configs and ran the 1.1.7 installer. everything seems to go just fine and the service is up and running when the update process completes. However, when I tr

Acct-Input-Gigawords in Exec-Program env

Hi list, I'm having trouble identifying the Acct-Input-Gigawords field in the shell environment of Exec-Program. Does anyone know how to ensure that it is being exported? I have a shell script (test-exec.sh) which according to examples in docs goes like so: #!/bin/sh /usr/bin/printenv > /tmp/env

Re: NAS IPs in LDAP?

> "Alan" == Alan DeKok <[EMAIL PROTECTED]> writes: Alan> Jorgen Lundman wrote: >> Is it possible to also store the NAS IPs in LDAP, so changes >> can be done centrally? Alan> Not without source code patches. Isn't this 'radiusClientIPAddress' (RADIUS attribute 'Client-IP-Ad

Re: problem with eap/ttls winXP

1. First thing written is eap.conf is "Do not set Auth-Type:=EAP". The first thing you did put in your user's entry is ... 2. This applies to TTLS as well: http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ#PEAP_or_EAP-TLS_Doesn.27t_Work_with_a_Windows_machine If you have signed the server

Re: How to send different attributes a miscellaneous nas

Multiple groups per user don't work properly. And that is what you want. Ivan Kalik Kalik Informatika ISP Dana 26/9/2007, "Medvedev Maxim" <[EMAIL PROTECTED]> piše: >In FreeRadius 1.1.7+LDAP group handling work ? > >> 1. You need to enter priority for the groups in usergroup table. >> 2. SQL gr

problem with eap/ttls winXP

hello I try to put authentication eap/ttls with win XP, I install secureW2 TTLS, and i put this in my files: radiusd.conf autorize { eap files } authenticate { Auth-Type PAP { pap } eap } eap.conf eap { default_eap_type = ttls

Re: How to send different attributes a miscellaneous nas

In FreeRadius 1.1.7+LDAP group handling work ? > 1. You need to enter priority for the groups in usergroup table. > 2. SQL group handling doesn't really work in 1.1.x versions. Upgrade to > 2.0. > > Ivan Kalik > Kalik Informatika ISP > > Dana 25/9/2007, "Elaalala Erence" pise: > >>Hi, >> >>fre

Re: Strange CHAP/PAP issue (Version 1.1.6)[sic!]

Wojciech Ziniewicz wrote: > Maybe i do something uncorrect with the operators ? or there are too few > attributes/values in my radcheck/radreply ? No. > As I understand for now - My client gives me the password md5'ed with the > challenge , then my server compares the client's string with > cle

Re: NAS IPs in LDAP?

Jorgen Lundman wrote: > > Would those be appreciated, or just end up in-house? If the patch is against CVS head, it's likely to be accepted. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: about the FreeRadius user manage tool

You are getting one with Freeradius: http://www.freeradius.org/dialupadmin.html Ivan Kalik Kalik Informatika ISP Dana 26/9/2007, "yangcuilin" <[EMAIL PROTECTED]> piše: >Hi, > > > >Do you know some FreeRadius user manager tools? > >If you know, please give me the name and web address (Or some a

Re: NAS IPs in LDAP?

Would those be appreciated, or just end up in-house? Lund Alan DeKok wrote: Jorgen Lundman wrote: Is it possible to also store the NAS IPs in LDAP, so changes can be done centrally? Not without source code patches. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freera

Re: Special Character Password Authentication

Aren Chua wrote: > The sinario is like this: > When I type in this username and password for authentication > User-Name: _abc123_ > User-Password: Aa;:/? ',<.>" (note the blank space after the "?") > > my radius server received the username and password as this:

Re: NAS IPs in LDAP?

Jorgen Lundman wrote: > Is it possible to also store the NAS IPs in LDAP, so changes can be done > centrally? Not without source code patches. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Openser+Asterisk+Freeradius

On 9/26/07, Live Great <[EMAIL PROTECTED]> wrote: > > Hi, > > Is this the solution to provide an accurate billing/accounting function? > What is the goal for integrating this 3 software? > I've been searched google for a while, but couldn't find a clear answer. > > Your comment is much appreciated

Re: Strange CHAP/PAP issue (Version 1.1.6)[sic!]

Dnia Śr Września 26 2007, 2:26 am, Alan DeKok napisał(a): > Wojciech Ziniewicz wrote: >> Now , after deleting theese lines : > ... >> I've got the following : >> >> rlm_sql (sql): No matching entry in the database for request from user >> [TEST] >> modcall[authorize]: module "sql" returns notfoun

about the FreeRadius user manage tool

Hi, Do you know some FreeRadius user manager tools? If you know, please give me the name and web address (Or some advice)? I just want to add/delete/update the user convenient. Thank you very much. Rock - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htm