Hello
Ivan Kalik wrote:
No, it's not a bug. All the documentation suggests not to use
User-Password and not to set Auth-Type.
TESTUser-Password == TEST, Auth-Type := Local
Exec-Program-Wait = /home/corp/aaa/auth_test
ok, thx (and [EMAIL PROTECTED] too), with PAP
I enabled MS-CHAP on the radius whereby the request is to be proxied
to. Using the configuration mentioned in
http://lists.freeradius.org/pipermail/freeradius-users/2008-February/069292.html
as a guide, I was able to configure the radius to proxy the request as
plain MS-CHAP however encounter some
Proxy-State = 0x3330
+- entering group post-proxy
expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d
- /usr/local/var/log/radius/radacct/xxx.xxx.xxx.219/post-proxy-detail-20080324
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP
After a clean rpmbuild of 2.0.3, radiusd -X yielded some errors
processing files in /etc/raddb. I ran strace and found permission
denied on relevant files. The rpm installed files in this dir with
ownership root.root, so naturally radiusd cannot read them. Is it
preferable to allow read access to
I don't quite get what do you want to do. Check attributes via exec
program? That should still work. Only use updated attributes in the
script.
Ivan Kalik
Kalik Informatika ISP
Dana 24/3/2008, Oleg Kozheltsev [EMAIL PROTECTED] piše:
Hello
Ivan Kalik wrote:
No, it's not a bug. All the
Ivan Kalik wrote:
I don't quite get what do you want to do. Check attributes via exec
program? That should still work. Only use updated attributes in the
script.
Ivan Kalik wrote:
No, it's not a bug. All the documentation suggests not to use
User-Password and not to set Auth-Type.
TEST
Hi,
After a clean rpmbuild of 2.0.3, radiusd -X yielded some errors
processing files in /etc/raddb. I ran strace and found permission
denied on relevant files. The rpm installed files in this dir with
ownership root.root, so naturally radiusd cannot read them. Is it
preferable to allow read
Change this line:
%{_datadir}/%{name}
to:
%{_datadir}/freeradius
The spec file *should* then work with the
freeradius-server-2.0.3.tar.gz file, subject to the _incdir comments below.
On Cent, this means change _incdir to _includedir in freeradius.spec.
And now the rpmbuild does
Andrew Long wrote:
And now the rpmbuild does indeed complete without error.
And a question... I had 2.0.1 installed from an rpmbuild. Now, I built
2.0.3 with the caveats above, so the rpm is
freeradius-server-2.0.3.rpm. When I tested the upgrade I got conflicts
with files from freeradius-2.0.1.
Oleg Kozheltsev wrote:
And for accounting Exec-Program don't work anymore... So I create exec
acc_call { program = } module too (with auth_call module).
Now I with freeradius 2.0.1 :)
If you list exec in the post-auth section, then Exec-Program and
Exec-Program-Wait will work again for
Andrew Long wrote:
And now the rpmbuild does indeed complete without error.
OK, thanks.
And a question... I had 2.0.1 installed from an rpmbuild. Now, I built
2.0.3 with the caveats above, so the rpm is
freeradius-server-2.0.3.rpm. When I tested the upgrade I got conflicts
with files from
Andrew Long wrote:
After a clean rpmbuild of 2.0.3, radiusd -X yielded some errors
processing files in /etc/raddb. I ran strace and found permission
denied on relevant files. The rpm installed files in this dir with
ownership root.root, so naturally radiusd cannot read them. Is it
preferable
[EMAIL PROTECTED] wrote:
In all cases the server does not initialize, with the error:
rlm_eap: SSL error error::lib(0):func(0):reason(0)
rlm_eap_tls: Error reading Trusted root CA list (null)
rlm_eap: Failed to initialize type tls
sigh You have to love OpenSSL. When the server
Anyone?
by the way, my freeradius version is 2.0.2
Hello all,
I want to know if this kind of answer by RADIUS is possible:
I need to authenticate some users for the switches in my network (all from
3com) and the users don't have the same access level in all switches, for
example, the user1
Stefan Winter wrote:
Hi,
I'm trying to emulate the edunet network wireless roaming network,
which primarily uses (in this order):
what exactly is edunet? The only wireless roaming network in the educational
sector I know of is * eduroam *. Are you speaking of that or something
Alan DeKok wrote:
James McOrmond wrote:
With that, and a few configuration options (like making sure the host
was connected to the domain and ntlm_auth functioned as required), i've
managed to get PEAP and EAP-MSCHAPv2 working fine to the ntdomain.
The guides for *that* are online.
You group devices in huntgroups and users in groups and than regulate
access. If a user/group should have access only to a group of devices
you add that Huntgroup-Name to the profile. If user/group should have
access only to a single device you add that device NAS-IP-Address to the
profile.
Doing
As per previous emails, since i'm using samba/ldap i'm able to pull the
nt/lmpassword fields directly out of the ldap. Should this method
negate the use of the ntlm_auth method?
Yes. PAP can use nt hashed password. For password attribute mapping see
ldap.attrmap.
Ivan Kalik
Kalik Informatika
18 matches
Mail list logo