Hey,
I don't know if I understand everything correctly, but just take a look at
this:
http://wiki.freeradius.org/index.php/FAQ#Why_do_Acct-Input-Octets_and_Acct-Output-Octets_wrap_at_4_GB.3F
Maybe that is the solution.
Are you using Mikrotik? Any issues?
I am going to use it too, so I am very
Hi All,
I am new to the freeradius list but have been running freeradius for
some time. We are changing the way we do some of our accounting here and
have a requirement to provide users with monthly prepaid cards for
specific data values, namely 1,5 and 10GB.
I have no problems making the pass ti
Hi,
thanks for a hint.
I do not know detailed possibilities of that thing. Only theoretically... I
will get the router next week and I will start some tests...
I will let you know what I will find out! :)
Bandwith aspect is important, but not critical.
It is important to make it easy to manage.
>But I guess here is my problem. How do you assign more than one NAS to
>a huntgroup?
>
The way it is shown in the huntgroups file.
>
>But this uses SQL which we are not using and would prefer not to.
>
Use LDAP then. Or feel free to list (same) users for every huntgroup
entry.
Ivan Kalik
Kali
>But radeapclient is getting access-reject with Failure EAP-Code from radiusd
>(running like ./radiusd -X in another console).
And that's the output you should paste.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>Everything will work with the use of Mikrotik routers :)
>
I would seriously doubt that. In order to limit aggregate bandwidth on
multiple connections you need either to add them into a bundle (I don't
that Mikrotik supports multilink) or put the user in a VLAN and limit
bandwidth on that (virt
The PAM module for RSA(ACE) does work except in one case:
- an account in 'next token mode' or 'new pin mode' causes FreeRADIUS to spin
out and swallow all of the memory on the host running it till it crashes.
I have not nailed down yet if it is PAM or FreeRADIUS but as example, OpenSSH
has no
On Wed, 2007-12-12 at 16:44 +, Arran Cudbard-Bell wrote:
> I think the easiest way would be just to proxy to the RSA RADIUS
> Server
I do the exact same thing, except I use Entrust IdentityGuard RADIUS
proxy. Entrust and FreeRadius are tied to OpenLDAP.
Works well. Entrust++.
~BAS
-
Li
Hi,
Just wondering if anyone on here had some experience with authenticating
against a SecurID management server.
I think the easiest way would be just to proxy to the RSA RADIUS Server
(Funk), but I see there are some PAM modules available from RSA.
So if anyone been successful using either
rlm_ldap: user test1 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for
request 0
rlm_pap: WARNING! No "known good" password found for
the user. Authentication may fail because of this.
That's the problem.
Your LDAP mo
Hi Phil, Yes I did.. Here is the config.
modules {
ldap {
set_auth_type = no
}
}
authorize {
preprocess
ldap
pap
}
authenticate {
#
# PAP authentication, when a back-end
database listed
# in t
Replying to both suggestions inline, but neither will work.
>>
>> Try this:
>>
>> alphen NAS-IP-Address =~ '^192\.168\.2\.[56]$'
>> User-Name == test1,
>> User-Name == test2
>>
Problem is in real deployment the IPaddress will be varied from
different subnets.
Thanks,
What I ment with radreply, is the fact, that when the MAC user is
authentificated by RADIUS, Radius should send for example bandwith values.
So I need to have those
some-mac-address Attribute Op Value
in radreply table. Am I wrong?
All is want to achieve is:
I would like to have Abo-
Hi Friends,
I want to test radiusd with radeapclient. I am following from radeapclient
man page, and using "./radeapclient -x localhost auth testing123 About to send encoded packet:
User-Name = "bob"
EAP-MD5-Password = "hello"
NAS-IP-Address = 255.255.255.255
EAP-
No, radcheck.
1. Enable mac auth in hotspot profile (login-by=mac) - mac address will
be checked first, if there is no match user will be sent to the login
form
2. For mac addresses make such entries in radcheck:
UserName Attribute Op Value
some-mac-address Auth-Type := Accept
3. For
Ok,
thanks,
so in radreply I have to use:
some-mac-address Attribute Op Value
?
Thx,
CoMeC
On Wed, 12 Dec 2007 13:17:41 +0100, <[EMAIL PROTECTED]> wrote:
> MAC address in mac auth is sent as User-Name not Calling-Station-Id.
>
> So, for mac auth:
>
> some-mac-add-ress Auth-Type :=
Ok,
Sorry for unsufficent informations. :)
For both authentifications methods there will be 2 separate NAS (one for
username/pass auth and one for MAC auth)
As NAS I will use Mikrotik routers.
The thing is
- router will lease DHCP Address to a clients machine.
- router sends Calling-Station-id
MAC address in mac auth is sent as User-Name not Calling-Station-Id.
So, for mac auth:
some-mac-add-ress Auth-Type := Accept
For a user:
username Clertext-Password := "hispassword"
Ivan Kalik
Kalik Informatika ISP
Dana 12/12/2007, "CoMeC" <[EMAIL PROTECTED]> piše:
>Hi,
>
>I try to confi
>Authorization via MAC Address (with no username required)
This is being done by your NAS ! Username is usually the MAC address.
> if the machine is using a valid IP Address, it is automatically allowed to
surf.
> (I know there is a Calling-Station-id attribute in radcheck)
IP address has to be
Hi,
> if anybody has the same problem, here's the solution..
>
> i've installed 2.0.0-pre2 and made just the following
> changes to radiusd.conf:
>
> mschap {
> with_ntdomain_hack = yes
> ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
> --username=%{mschap:User-Name} --challenge=
Hi all,
I have a problem when I receive a "Event-Timestamp" attribute. The provider
assures me that he sends it in seconds (...elapsed since Jan 1st 1970) but
My radius server "convert it into a date.
For instance, the operator has sent Event-Timestamp = 1197392955 and I
receive Event-Timestamp
Hi,
I try to configure such a solution:
Authorization via MAC Address (with no username required) - if the machine
is using a valid IP Address, it is automatically allowed to surf.
(I know there is a Calling-Station-id attribute in radcheck)
But I need also a support for username/password authe
if anybody has the same problem, here's the solution..
i've installed 2.0.0-pre2 and made just the following
changes to radiusd.conf:
mschap {
with_ntdomain_hack = yes
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name} --challenge=%{mschap:Challenge}
--n
Don't use EAP-TLS. Use PEAP or EAP-TTLS.
Ivan Kalik
Kalik Informatika ISP
Dana 12/12/2007, "Hangjun He" <[EMAIL PROTECTED]> piše:
>Hi,
> I am using freeRADIUS 1.1.6.
> And I use EAP-TLS and with correct certs. Even if I set wrong username
> in Odessey Client, freeRADIUS will return
Hi,
I am using freeRADIUS 1.1.6.
And I use EAP-TLS and with correct certs. Even if I set wrong username
in Odessey Client, freeRADIUS will return success.(check_cert_cn not set).
Can I let freeRADIUS to check if username in the users file or other
database? If not, reject user
Michael Patzer wrote:
...
> server: 2.0.0-pre1
I would suggest using CVS head. It has a large number of fixes and
additions over -pre2.
> it works all fine, as long as i'm not supply any domain-name. if i
> supply
> a domain-name it immediately fails with
>
> rlm_eap: Identity does not match U
So you are using DHCP to assign ip addresses as well. Find out what's
dhcp reservation. This is nothing to do with radius. And use one method
to assign addresses: dhcp or radius - don't use both at the same time.
Ivan Kalik
Kalik Informatika ISP
Dana 12/12/2007, "hadi golestani" <[EMAIL PROTECTED
ip is coming from poptop config file ( pptpd.conf )
it's always ok with Pool-Name but with Framed-IP-Address the normal ip
config from pptpd.conf is assigned.
the user isn't in any group.
On Dec 12, 2007 1:25 AM, <[EMAIL PROTECTED]> wrote:
> And that address is coming from ... ? Are you assigning
hi,
i found the same question and also this topic already on the
mailinglist,
but no solution which works for me. i'm already debugging this thing
the whole day, without any solution.
i'm using 802.1x with
clients: winXP sp2
method: EAP-MSCHAPv2
server: 2.0.0-pre1
it works all fine, as lo
29 matches
Mail list logo