Chris wrote:
> What is the proper way to call a specific LDAP module based on
> NAS-IP-Address (or huntgroup, probably)?
authorize {
...
if (NAS-IP-Address == 1.2.3.4) {
ldap_1
}
elsif (NAS-IP-Address == 3.4.5.6) {
ldap_2
}
Hi,
>I have installed the latest freeradius server (version: 2.0.3) on my
> Fedora Core 5 i386 PC. Now it can work ok when I use "radtest test test
> localhost 0 testing123" to test local user from local. And under debug mode
> "radiusd -X" the server can print out relevant handle info. Howev
Sylvain Robitaille wrote:
>> And yes, it really is that easy. ...
>
> And quite frankly, darned amazing! All (?!? nearly all?) the third-party
> documentation out there makes it *seem* difficult.
2 reasons: (1) that "documentation" is usually written be people who
don't understand how the ser
On Apr 2, 2008, at 5:52 PM, Alan DeKok wrote:
Sylvain Robitaille wrote:
What I'm aiming to accomplish, however, is that the FreeRADIUS server
will authorize users for different services based on a slightly
different LDAP query. The users are in various groups, which can be
checked by supplyin
On Thu, 3 Apr 2008, Alan DeKok wrote:
I have trouble remembering messages from 10 minutes ago. It's easier
that way.
There were messages 10 minutes ago? ;-)
...
- My configuration files are nearly "stock", with the exception of the
necessary configuration to get the ldap module tal
Hi I have set up Free Radius to allows users to set up certificates on their
notebook and get access to the Internet.
When i set EAP i cant sem to allow monowall captiv portal users to login to
the RADIUS Server.
Is there any settings to be done in users.conf file or radiusd .conf file to
allow
The result is still same. It doesn't return Session-Timeout.
How would be the Value field in radgroupreply, if I tried to use mysql
table instead of users file.
> Try SQL-Group == "static" in user file entry. You are not using Unix
> groups.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 2/4/
>What is in the Access-Accept packet?
>Ivan Kalik
>Kalik Informatika ISP
Sending Access-Accept of id 98 to 172.20.50.202 port 1037
Session-Timeout := 30
MS-MPPE-Recv-Key =
0x7a1997f1239667f0efeb3c4461711ac3467845bad3fc11db5ceaaae6b4161ec7
MS-MPPE-Send-Key =
0x23e0e4835b
Sylvain Robitaille wrote:
>
> I'm back. Small reminder, since it appears that list members are
> helping a sufficient number of folks that remembering my particular
> setup would be non-trivial:
I have trouble remembering messages from 10 minutes ago. It's easier
that way.
...
> - My confi
Eric Martell wrote:
> If there a way when ldap query (irrespective of how I use) finds
> multiple resultset, gets the first result and returns success instead of
> sending reject.
Edit the source code to rlm_ldap.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/li
UNCLASSIFIED
> -Original Message-
> From:
> [EMAIL PROTECTED]
eradius.org [mailto:freeradius-users->
[EMAIL PROTECTED] On
> Behalf Of Dean Smith
> Sent: Thursday, 3 April 2008 09:20
> To: freeradius-users@lists.freeradius.org
> Subject: Hints & Huntgroups
>
> Should I be able to either
I've to set up my FR to let a User telnet into my Cisco Router.
Whithout further contact to my client until Friday, I will test my
environment in advance.
Accepting a session using this attributes will work fine. I'll get an IP and
can connect to the router using telnet.
Session-Timeout : 14400
Id
Should I be able to either
1) Set a Huntgroup via the huntgroups file (matching on NAS-IP-Address) and
use that in the Hints file as a match (Huntgroup-Name == "blah") or
2) Set a Hint in the hints file and use that to define as the match for the
Huntgroup
Currently testing on FreeRADIUS Ver
>server is silent, and stop "Ready to process requests.". That means the
>server cannot handle external radius request.
>
>I use Wireshark and can capture the radius request packet. And it is right
>request, but server cannot handle it and print anything on termination. I'm
>confused. Could you giv
Hi,
I have installed the latest freeradius server (version: 2.0.3) on my
Fedora Core 5 i386 PC. Now it can work ok when I use "radtest test test
localhost 0 testing123" to test local user from local. And under debug mode
"radiusd -X" the server can print out relevant handle info. However,
Confi
>
>On users file, last line say:
>
> # On no match, the user is denied access.
>
>(so no match imply deny, that imply no WLAN-party ;).
>
>
That applies if user details are stored (only) in files. Not if they are
in ldap, sql ...
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsub
You (probably) haven't configured realm ntdomain {} so your username is
dom_cuernavaca\test and not test.
Ivan Kalik
Kalik InformatikaISP
Dana 2/4/2008, "Gustavo Chavelas" <[EMAIL PROTECTED]> piše:
>
>Hi Alan.
>My old version is 1.1.3-1.2 and it's installed in other server.
>I think that 2.0.2
> realm DEFAULT1 {
>
> type= radius
> authhost= 192.168.0.10:1812
> accthost= 192.168.0.10:1813
> secret = testing123
> }
>
> realm DEFAULT2 {
>
> type= radius
> authhost= 192.168.0.11:181
Hi,
> Iserver_one and server_two have to process all requests.
>
> Are following realms correct?
>
> realm DEFAULT {
>type= radius
>authhost= 192.168.0.10:1812
>accthost= 192.168.0.10:1813
>secret = testing123
> }
>
> realm DE
> > How can I specify:
> >
> > 1) server_one has to modify and proxy requests to 192.168.0.10:1812
> > 2) server_two has to proxy requests to 192.168.0.11:1812
>
> put the required attribute filters and rewrites into
> each server section. then they'll do the right thing. I'd use
> unlang t
Hi,
> How can I specify:
>
> 1) server_one has to modify and proxy requests to 192.168.0.10:1812
> 2) server_two has to proxy requests to 192.168.0.11:1812
put the required attribute filters and rewrites into
each server section. then they'll do the right thing. I'd use
unlang to write the Prox
Hi Alan.
My old version is 1.1.3-1.2 and it's installed in other server.
I think that 2.0.2 version is the newest but i have try to install 2.0.3
I don't use the same config files, i was to configure all files again.
Regards.
Message: 8
Date: Wed, 2 Apr 2008 19:05:47 +0100
From: [EMAIL PROTECT
Hi Alan,
Thanks so much. Really appreciated. It works !
One more simple/stupid question regarding "duplicate entries in the LDAP".
We have scenarios when one PC gets transfered to other user, we don't delete
the registered MAC address of the previous PC. The other new user still able to
regi
Hi,
> How can I check for syntax errors on configuration files without
> starting FreeRADIUS? There exists something like ISC DHCPD "-T" option?
with FreeRADIUS 2.0.2
[EMAIL PROTECTED] ~]$ radiusd -h
Usage: radiusd [-d db_dir] [-l log_dir] [-i address] [-n name] [-fsvXx]
Options:
-C
Hi,
> Firstly, i have to install a new server and my freeradius 2.0.2 it's running
> now.
> Bur I have a new problem.
>
> With last version, my freeradius work fine, but with this new version, the
> users can't connect.
>
> I'm attaching the raddiusd -X
so, you've just installed 2.0.2 (why no
I'm back. Small reminder, since it appears that list members are
helping a sufficient number of folks that remembering my particular
setup would be non-trivial:
- I'm running FreeRADIUS-2.0.3 (rlm_pap is patched as was discussed on
this mailing list), with TTLS/PAP using OpenLDAP as the s
I found example:
listen {
...
}
client one {
...
virtual_server = server_one
}
client two {
...
virtual_server = server_two
}
server server_one {
authorize {
...
}
...
}
server server_two {
authorize {
On users file, last line say:
# On no match, the user is denied access.
In the default config, that's correct, since the default config says:
authorize {
preprocess
chap
mschap
suffix
eap
files
pap
}
i.e. "files" is the only da
after
$ ldconfig
it works fine now.
On Wed, Apr 2, 2008 at 8:38 PM, Nicolas Goutte
<[EMAIL PROTECTED]> wrote:
>
> Am 02.04.2008 um 18:28 schrieb Mikhail Novikov:
>
>
>
> > Hello,
> >
> > After installation freeradius server 2.0.3 on Ubuntu 7.10 with:
> > ./configure
> > ./make
> > ./make install
Marco Gaiarin wrote:
> ...as a debian user, i prefer to keep on 'debian stable' ad using the
> offical packet, even if repackaged...
... with all of the bugs that were found & fixed in a later version.
> (so no match imply deny, that imply no WLAN-party ;).
Please don't be cute. It just mak
Eric Martell wrote:
>Can you please reply me about LDAP multiple attributes in the radius
> reply response on this? Will really appreciated.
raddb/ldap.attrmap See the "operator" field, which is an operator
just like in the "users" file.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Mandi! Phil Mayers
In chel di` si favelave...
>> box (using freeradius with 1.1.3 recompiled by me to support EAP-TLS).
> Upgrade to 1.1.7 at least
...as a debian user, i prefer to keep on 'debian stable' ad using the
offical packet, even if repackaged...
>> But users file was 'no match, no p
Hi to all.
Firstly, i have to install a new server and my freeradius 2.0.2 it's running
now.
Bur I have a new problem.
With last version, my freeradius work fine, but with this new version, the
users can't connect.
I'm attaching the raddiusd -X
Please help me.
LOG
Description: Binary da
Marco Gaiarin wrote:
[i'm not subscribed to this list, so, please, put me on CC]
I've just setup a 'test installation' of freeradius in a debian etch
box (using freeradius with 1.1.3 recompiled by me to support EAP-TLS).
Upgrade to 1.1.7 at least
In my environments there's ever a LDAP serve
Am 02.04.2008 um 18:28 schrieb Mikhail Novikov:
Hello,
After installation freeradius server 2.0.3 on Ubuntu 7.10 with:
./configure
./make
./make install
I got this message:
$ radiusd x
radiusd: error while loading shared libraries:
libfreeradius-radius-2.0.3.so: cannot open shared object file
Hello,
After installation freeradius server 2.0.3 on Ubuntu 7.10 with:
./configure
./make
./make install
I got this message:
$ radiusd x
radiusd: error while loading shared libraries:
libfreeradius-radius-2.0.3.so: cannot open shared object file: No such
file or directory
How can I fix that?
T
[i'm not subscribed to this list, so, please, put me on CC]
I've just setup a 'test installation' of freeradius in a debian etch
box (using freeradius with 1.1.3 recompiled by me to support EAP-TLS).
In my environments there's ever a LDAP server that serve, among other
thinks, also a samba3 serv
> -Original Message-
> From:
> [EMAIL PROTECTED]
> s.org
> [mailto:[EMAIL PROTECTED]
> reeradius.org] On Behalf Of [EMAIL PROTECTED]
> Sent: 02 April 2008 05:11 PM
> To: FreeRadius users mailing list
> Subject: Re: Please advise : Freeradius 2.0.3 on FreeBSD 7.0
> Crashing...Signal 11 ..
Hi,
> I had radius 2.0.1 installed and then removed ( via the ports tree )
s'cuse my ignorance - been a while since i dipped into the world of
BSD ports - does the uninstall remove libraries that have been installed
and unlink them etc?
alan
-
List info/subscribe/unsubscribe? See http://www.free
Hi Alan,
Can you please reply me about LDAP multiple attributes in the radius reply
response on this? Will really appreciated.
>>
I searched the following thread for ldap multiple attributes but it did not
have right logic without changing data.
http://www.mail-archive.com/freeradius-users@li
> -Original Message-
> From:
> [EMAIL PROTECTED]
> s.org
> [mailto:[EMAIL PROTECTED]
> reeradius.org] On Behalf Of Alan DeKok
> Sent: 02 April 2008 04:50 PM
> To: FreeRadius users mailing list
> Subject: Re: Please advise : Freeradius 2.0.3 on FreeBSD 7.0
> Crashing ...Signal 11 ...
>
>
Vikash Badal wrote:
> Greetings,
>
> Can someone please assist me with Freeradius 2.0.3 crashes on FreeBSD
> 7.0 .
It seems to be crashing in the same place, but it's not clear why.
Did you have an earlier version of FreeRADIUS installed on that machine?
Alan DeKok.
-
List info/subscribe/
Mikhail Novikov wrote:
> freeradius proxy server has to send all requests to 2 radius servers but
>
> proxy server has to modify attributes (by rule in hints file) in
> requests to 1 server and hasn't to modify attributes in requests to 2
> server.
>
> Is this possible?
Yes. You can run the r
> > How can I confugure the server to read the log file and proxy the
> > requests to another server?
>
> raddb/sites-available/copy-acct-to-home-server
>
freeradius proxy server has to send all requests to 2 radius servers but
proxy server has to modify attributes (by rule in hints file) in
req
Greetings,
Can someone please assist me with Freeradius 2.0.3 crashes on FreeBSD
7.0 .
Below is the outputs from radiusd -X and backtraces from the core files
Crash 1
Wed Apr 2 15:22:44 2008 : Debug: Going to the next request
Wed Apr 2 15:22:44 2008 : Debug: Wakin
Hi,
> client. For the testing purpose I've put this simple script in the perl
> program
>
> if ($RAD_REQUEST{'User-Name'} eq "john")
> {
> $RAD_REPLY{'A message'} = " Accepting John";
> return RLM_MODULE_OK;
>
>}
>
Guillaume Chartrand wrote:
...
> I have access but my session didn’t disconnect after 30 sec. So can I do
> that with wireless configuration? My goal is to give some « guest user »
> a limited time and an expiration date.
Many systems won't support a Session-Timeout less than 10 minutes.
Some
Giovanni Lovato wrote:
> How can I check for syntax errors on configuration files without
> starting FreeRADIUS? There exists something like ISC DHCPD "-T" option?
Read the "man radiusd" documentation.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htm
What is in the Access-Accept packet?
Ivan Kalik
Kalik Informatika ISP
Dana 2/4/2008, "Guillaume Chartrand"
<[EMAIL PROTECTED]> piše:
>Hi,
>
>
>
>I'm using Freeradius 2.0, I configurated it with an sql database and the
>principal job of the radius server is to authorize and authenticate my
>wir
Alan DeKok wrote:
> Dmitry A. Sysoev wrote:
>> Good afternoon!
>> Why the radiusd (ver 2.0.3+ cvs) with
>> killall -HUP radiusd is not reload configuration files?
>
> Because it doesn't. It's hard to do right. And no, Apache doesn't
> handle HUP, either. It just *looks* like it handles HUP.
Hi,
I'm using Freeradius 2.0, I configurated it with an sql database and the
principal job of the radius server is to authorize and authenticate my
wireless user over my network. What I want to do is to give some
attribute to the user when is connected. Like Session-Timeout, bandwith
and some o
hi,
I am trying to used the rlm_perl for authentication, I've found reading
all the perl modules, but wouldn't able to handle the username from the
client. For the testing purpose I've put this simple script in the perl
program
if ($RAD_REQUEST{'User-Name'} eq "john")
{
Phil Mayers wrote:
>
>>
>> server vmps {
>>
>>... stuff
>>
>>vmps {
>>
>> ... stuff
>>
>> mac2vlan.authorize
>>
>> If (!ok) {
>> update reply {
>> VMPS-VLAN-Name = "Public"
>> }
>> }
>>}
>> }
>
> "If" is wrong - it should b
Try SQL-Group == "static" in user file entry. You are not using Unix
groups.
Ivan Kalik
Kalik Informatika ISP
Dana 2/4/2008, "[EMAIL PROTECTED]"
<[EMAIL PROTECTED]> piše:
>hi,
>
>i want to disconnect user at midnight. So I've read the April 2004's forum
>and found some solutions. But there isn'
hi,
i want to disconnect user at midnight. So I've read the April 2004's forum
and found some solutions. But there isn't anything about where to put
Session-Timeout attribute. I've tried to put into users file.
DEFAULT Group := 'static', Session-Timeout := `%{expr: ((%l + 86399) %%
86400) - %l}`
Hi,
> Hi,
>
> for wpa2 integration in our wireless network i have installed freeradius
> 1.1.7 und mysql 5.0 under ubuntu and for PEAP/MSCHAPV2 every things
> working fine.
you've configured SQL to use the group stuff too - do you
have the required group tables setup and configured? if not,
ONLY
Hi,
for wpa2 integration in our wireless network i have installed freeradius
1.1.7 und mysql 5.0 under ubuntu and for PEAP/MSCHAPV2 every things
working fine.
mysql-db:
10| test | NT-Password| := | 7C53CFA5EA7D0F9B3B968AA0FB51A3F5
when i change the db connection to the database with the
>So if i understand clear a i need to name and configure ip pool parts in
>radius.conf and than use this name as a Pool-Name in LDAp P?
Yes.
>Is there a
>chance to specify range directly in LDAP and not in ip pool?
>
No, but there is sqlippool. Or use DHCP on your NAS. Or define IP pools
on the
Thanks Ivan
So if i understand clear a i need to name and configure ip pool parts in
radius.conf and than use this name as a Pool-Name in LDAp P? Is there a
chance to specify range directly in LDAP and not in ip pool?
Thanks!
D.
2008/3/26 Ivan Kalik <[EMAIL PROTECTED]>:
> Pool-Name. Have a loo
Their DUN password is empty.
Ivan Kalik
Kalik Informatika ISP
Dana 2/4/2008, "Andrew D (Webzone)" <[EMAIL PROTECTED]> piše:
>Hi there,
>
>We are using freeradius 1.1.4 on fbsd5.5 for auth as an ISP.
>
>We occasionally have dialup users that auth with a windows domain login
>(without the domain
Hello Alan,
as I see your result I better understand unlang and the mighty of it.
Thx for your patience. All working perfectly well now.
Kind Regards,
Andreas
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Alan DeKok
Sent: Mittwoch, 2. April 2008
61 matches
Mail list logo