[EMAIL PROTECTED] wrote:
Hi,
echo Session-Timeout:=100;
else
echo Access-Reject; //NOT WORKING!!
hmmm, normally/properly you dont send such attributes
back - thats a server job. you should simply exit with
the return code that equals reject.
alan
That is correct.
I had
Hi
I am using free radisu 1.1.7 and eap tls authentication.I would like to
know the maximum number of users/ authentication requests that it can
handle?
Regards
Anoop
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
[EMAIL PROTECTED]
Sent: Thursday,
Patric wrote:
But when you exit(2) in PHP, freeradius thinks that the script failed
and does not respond to the access-request...
It delays the Access-Reject. See the debug output.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Anoop wrote:
...
Please edit your posts to the list. It's useless to include an entire
digest message.
I am using free radisu 1.1.7 and eap tls authentication.I would like to
know the maximum number of users/ authentication requests that it can
handle?
It depends on CPU, memory, etc.
Hello all
I have written an rlm_module. It works fine. Here, we have clients which
should be authenticated using CHAP passwords. In the radiusd.conf, I have
mentioned my module before the CHAP module in the authentication section.
Also, I have found that my module should populate the
Alan DeKok wrote:
Patric wrote:
But when you exit(2) in PHP, freeradius thinks that the script failed
and does not respond to the access-request...
It delays the Access-Reject. See the debug output.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Ali Majdzadeh wrote: I have written an rlm_module. It works fine. Here,
we have clients which
should be authenticated using CHAP passwords. In the radiusd.conf, I
have mentioned my module before the CHAP module in the authentication
section. Also, I have found that my module should populate the
Tomasz Zieleniewski wrote:
I have the home_server configuration which points to my localhost.
Why?
So the scenario is the following that when I receive the Accounting-Request
with the user name of the form [EMAIL PROTECTED] I check the realm for
particular domain
and strip the user name
Hi everyone,
i am using Freeradius 1.1.7 on Suse Linux Enterprise 10.
I try to authenticate user with EAP-TLS.
Everything worked fine, until i activated the check of cert_cn.
eap.conf:
---
# This check is done only if the previous
# check_cert_issuer is not set, or if
# the
Hi all,
I know the topic has been discussed about a year ago, but I'd like to
know if it's going to be solved.
I know that Alan said it's not a FR issue
(http://lists.cistron.nl/pipermail/freeradius-users/2006-October/057588.
html), but many people says that turning on RTLD_GLOBAL is a security
Hello Alan
Yes, I am sure that the code works correctly, because the CHAP module
accepts the clear text password which I have provided in the
request-config_items. Below is my code for the authorize section of the
module:
static int netbill_authorize (void *instance, REQUEST *request)
{
Hi,
I can live with this hack in my test server, but would appreciate it if
FreeRADIUS added official support for SHA-256 digests.
I've added the appropriate OpenSSL initialization call to the source.
Alan DeKok.
thank you. The CVS version seems to work with my certificates, and also
Ali Majdzadeh wrote:
Hello Alan
Yes, I am sure that the code works correctly, because the CHAP module
accepts the clear text password which I have provided in the
request-config_items. Below is my code for the authorize section of the
module:
That looks OK.
Thu Oct 25 13:18:42 2007 :
Francesco Cristofori wrote:
I know that Alan said it's not a FR issue
(http://lists.cistron.nl/pipermail/freeradius-users/2006-October/057588.
html), but many people says that turning on RTLD_GLOBAL is a security
weakness, so perhaps it's overall good to fix the code to make it work
even with
Hi,
I have put exit(2) but as Patric said, freeradius thinks that the script
failed and does not respond to the access-request. In the client side, there
is a server time out...I don't know if that server time out is assumed as an
Access-Reject?
May be the problem comes from PHP and I could use
manIP wrote:
Hi,
I have put exit(2) but as Patric said, freeradius thinks that the script
failed and does not respond to the access-request. In the client side,
there is a server time out...I don't know if that server time out is
assumed as an Access-Reject?
No it does not assume an
manIP wrote:
I have put exit(2) but as Patric said, freeradius thinks that the script
failed and does not respond to the access-request. In the client side,
there is a server time out...I don't know if that server time out is
assumed as an Access-Reject?
Set reject_delay = 0 in
Hello,
I have a clean install of FreeRadius 1.1.7 with MySQL support.
I have a database on a separate machine that is used for almost nothing (no
traffic). I would think sockets are not an issue.
I set the radius database up based on the instructions on this page:
Doc. Caliban wrote:
When I try an authentication test, I receive the no DB handles error.
What does the full debug log say?
Odds are that the DB connection parameters are wrong, and the server
cannot open the DB.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Alan DeKok wrote:
What does the full debug log say?
Sadly, I've joined this mailing list to ask this question, and
ultimately show what an armature I am.
I just found out that mysql is only listening to localhost. That's all
it's ever been used for. D'oh! (I did not know that was a
Hi,
I'm using freeRadius with poptop and it's logging all accounting issues
well, but how can I add some rules to restrict
people , e.g. how to restrict a group of users to only connect 2 hours per
day?
tnx
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The db admin here is telling me that there as to be some standardized
way of adding users to the database. I don't know anything about SQL.
He is talking about the ID field or something like that.
What is the standard way of doing this? We have an existing db of all
of the user names and
Hello,
I'm trying to set rlm_sqlcounter up so that I can check for a monthly
use quota. Everything works, except the checks. The NAS present the
user names with a realm, which I'm processing (thus, [EMAIL PROTECTED]
becomes user.) Using SQL for accounting and such is working marvelous.
Now, when
Hello:
I am new to using Freeradius, and I am using Freeradius 1.1.6 that comes with
Ubuntu Server 7.10
I have set up Freeradius with MySQL as the backend database.
I set up one of my Cisco 3550 switches to use Radius as the login method.
This worked fine, authentication was running
On Thursday 25 October 2007 17:26:10 John Morris wrote:
I then added a second switch to the freeradius client configuration (nas
table), and encountered a problem. The password was being rejected. So I
ran Freeradius -X so I could see what was going on.
On the failed password attempt
Debug output like this usually points to non-matching RADIUS secrets. Check
the radius secret in your switch config as well as the secret configured in
your nas SQL table. Freeradius only reads the nas table on startup, so if
you make changes to that table, you must restart the daemon for those
Is there a way to define NAS info / secrets in a SQL database and have
it as part of the standard queries? Am guessing the perl / python
options would let you do it from that (pls correct me tho if not
right!) but can it just be done without writing code?
Tia
Andy
On 25/10/2007, John Morris
Andy Billington wrote:
Is there a way to define NAS info / secrets in a SQL database
Yes. See the sql.conf file.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Carlos A. Carnero Delgado wrote:
My question is, how can I modify this query definition (and the others
from sqlcounter.conf) so that they really check against the stripped
user name.
Use the Stripped-User-Name attribute.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
John Morris wrote:
It surprises me that the debug output doesn't appear to mention the
failure of the NAS secret.
It does. There's a big WARNING during the authentication portion.
I would have thought I would have gotten
then that message and that the auth would have stopped there.
It
30 matches
Mail list logo
