Dear All,
I am trying to implement huntgroups via MySQL according to
http://wiki.freeradius.org/SQL_Huntgroup_HOWTO On difference is the
assignment of huntgroups not according to NAS-IP, but to Called-Station-Id.
The goal is to suppress roaming between hotspot routers, between groups of
hi guys,
i need to check certs of a client that connected to my radius server.for
example i want to check only the state,the provence or only the organization
unit.is it possible?the options check_cert_issuer and check_Cert_cn doesn't do
this :(
bye
dario-
List info/subscribe/unsubscribe? See
upgraded freeradius from 1.x to 2.x version and some parts of radgroupcheck
are now refusing to work as they did in first version.
1. i have user 'e...@evdo.lattelecom' in usergroup it has 'LTK' group.
2. in radgroupcheck group 'LTK' has been given the attribute
'Calling-Station-Id' so the look
Dario wrote:
i need to check certs of a client that connected to my radius server.for
example i want to check only the state,the provence or only the
organization unit.is it possible?the options check_cert_issuer and
check_Cert_cn doesn't do this :(
This cannot currently be done. It would
lamersons wrote:
upgraded freeradius from 1.x to 2.x version and some parts of radgroupcheck
are now refusing to work as they did in first version.
Read doc/rlm_sql for a detailed explanation as to how the queries work
in 2.x.
1. i have user 'e...@evdo.lattelecom' in usergroup it has 'LTK'
Hanno Schupp wrote:
I am trying to implement huntgroups via MySQL according to
http://wiki.freeradius.org/SQL_Huntgroup_HOWTO On difference is the
assignment of huntgroups not according to NAS-IP, but to
Called-Station-Id. The goal is to suppress roaming between hotspot
routers, between
Куприянов Максим wrote:
I'm using FreeRadius 2.1.3 with LDAP (eDirectory) and plain-text (users file)
backends and I don't know how to solve a couple of problems :(
How do you tell the users apart?
1. Is possible to mix users with same names, but different passwords from
LDAP and from
Ok ill try to explain. I have some clients, they all have different
calling-station-ids, like phone numbers.
a. 24703137..
b. 24703237..
c. 24703337..
and i have different usernames that clients use to login to network
a. tria...@triatel.lv
b. e...@evdo.lattelecom
c. tria...@evdo.triatel.lv
i
The goal is to suppress roaming between hotspot routers, between groups of
hotspots.
`radhuntgroup`
`id`, `groupname`, `calledstationid`
1, 'Test-Rejec', '00-1D-7E-E7-96-9F'
`usergroup`
`UserName`, `GroupName`, `priority`
'yubvef13', 'TestGroup', 1
This is OK.
`radgroupcheck`
`id`,
Thank you very much!
After short analisys I decided to use the configuration explained into the
copy-acct-to-home-server file.
I configured a virtual server polling on the detail file (I set the creation of
one single detail file for every client connected) in order to ONLY forwards
all the
I understand this will be received like
cisco-avpair=Disc-Cause-Ext=No Reason
cisco-avpair=PPP-Disconnect-Cause=some cause.
How to store in radacct table both Disc-Cause-Ext, PPP-Disconnect-Cause
attributes individually?
Attribute = Cisco-AVPair
Value = Disc-Cause-Ext = whatever
Ivan Kalik
-Original Message-
From: t...@kalik.net [mailto:t...@kalik.net]
Sent: Monday, 19 January 2009 10:52 p.m.
To: FreeRadius users mailing list
Subject: Re: Huntgroups issue - every user is accepted
The goal is to suppress roaming between hotspot routers, between groups
of
hotspots.
-Original Message-
From: Alan DeKok [mailto:al...@deployingradius.com]
Sent: Monday, 19 January 2009 10:29 p.m.
To: FreeRadius users mailing list
Subject: Re: Huntgroups issue - every user is accepted
Hanno Schupp wrote:
I am trying to implement huntgroups via MySQL according to
After short analisys I decided to use the configuration explained into the
copy-acct-to-home-server file.
I configured a virtual server polling on the detail file (I set the creation
of one single detail file for every client connected) in order to ONLY
forwards all the incoming accounting
Dear list,
I'm new to the whole radius deal, so please excuse me if this sounds
stupid/easy to you...
I'm trying to setup freeradius system which would authenticate windows
users. I'm not going for all bells and whistles at this point and only
use users file for testing. I have following in my
Куприянов Максим wrote:
I'm using FreeRadius 2.1.3 with LDAP (eDirectory) and plain-text (users
file) backends and I don't know how to solve a couple of problems :(
How do you tell the users apart?
1. Is possible to mix users with same names, but different passwords from
LDAP and
Ignoring EAP-Type/tls because we do not have OpenSSL support.
Ignoring EAP-Type/ttls because we do not have OpenSSL support.
Ignoring EAP-Type/peap because we do not have OpenSSL support.
Server didn't build with OpenSSL support. Fix that if you want to use
peap.
Ivan Kalik
Kalik Informatika ISP
Thanks alot Ivan Kalik.
I need to have both Disc-Cause-Ext, PPP-Disconnect-Cause as columns in
radacct table. For that do i need to do parsing? How to proceed. ANy
references?
Thanks,
Ramesh.
On Mon, Jan 19, 2009 at 5:23 PM, t...@kalik.net wrote:
I understand this will be received like
t...@kalik.net wrote:
In my experience detail reader drops a packet once in about 50,000 reads.
Hmm... that's not good.
Any reason why?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I need to have both Disc-Cause-Ext, PPP-Disconnect-Cause as columns in
radacct table. For that do i need to do parsing? How to proceed.
For parsing best use perl. You might want to add some attributes to
raddb/dictionary and store parsed values there. And you will need to
alter radacct table
19.01.09, 12:30, Alan DeKok al...@deployingradius.com:
Куприянов Максим wrote:
I'm using FreeRadius 2.1.3 with LDAP (eDirectory) and plain-text (users
file) backends and I don't know how to solve a couple of problems :(
How do you tell the users apart?
1. Is possible to mix users with
Thanks. Is this digest helps for making changes?
http://osdir.com/ml/gnu.radius.general/2003-04/msg00086.html
Regards,
Ramesh.
On Mon, Jan 19, 2009 at 6:15 PM, t...@kalik.net wrote:
I need to have both Disc-Cause-Ext, PPP-Disconnect-Cause as columns in
radacct table. For that do i need to do
On Mon, 2009-01-19 at 13:26 +0100, t...@kalik.net wrote:
Server didn't build with OpenSSL support. Fix that if you want to use
peap.
Ivan,
Thanks for getting back and help, I appreciate that.
I've checked if I have openssl:
r...@radius:/# dpkg -l | grep ssl
ii libssl0.9.8, 0.9.8g-4ubuntu3.3,
Tomas D wrote:
I've checked if I have openssl:
r...@radius:/# dpkg -l | grep ssl
ii libssl0.9.8, 0.9.8g-4ubuntu3.3, SSL shared libraries
You need the libssl-dev package.
And then re-build re-install the server.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Since we started using buffered accounting there is an open session now
and then. Before, when we wrote directly to sql, no packets were lost,
so I have to assume it is coming from radrelay.
It is totally random: no relation to load etc. I can't figure out any
reason. Server is self-build from
Yes. That's the general idea - create custom attributes; fill them with
vaues from avpairs; alter radacct and queries to store new attributes.
Ivan Kalik
Kalik Informatika ISP
Dana 19/1/2009, ramesh p rock786...@gmail.com piše:
Thanks. Is this digest helps for making changes?
However, the issue remains:
I do not want the user to be rejected per se. I only want the user to be
rejected if her own huntgroup as stored in radgroupcheck is different from
the huntgroup of the Called-Station-Id in the radhuntgroup table. The goal
is to prevent a user to login to a hotspot
lamersons wrote:
Ok ill try to explain. I have some clients, they all have different
calling-station-ids, like phone numbers.
a. 24703137..
b. 24703237..
c. 24703337..
and i have different usernames that clients use to login to network
a. tria...@triatel.lv
b. e...@evdo.lattelecom
c.
One more question how to include the perl script for parsing. I haven't done
this before. Please kindly give suggestions.
Thanks in advance!
Ramesh.
2009/1/19 t...@kalik.net
Yes. That's the general idea - create custom attributes; fill them with
vaues from avpairs; alter radacct and queries
am using freeradius-1.1.6
2009/1/19 ramesh p rock786...@gmail.com
One more question how to include the perl script for parsing. I haven't
done this before. Please kindly give suggestions.
Thanks in advance!
Ramesh.
2009/1/19 t...@kalik.net
Yes. That's the general idea - create custom
3. Also i need a reject rule for those users, who was authenticated by
LDAP and do not belong to any ldap-group. I've tried Ldap-Group !*, but
this attribute always exists for every user :(
Try unlang: if (!control:Ldap-Group) { ...
Ivan Kalik
Kalik Informatika ISP
-
List
t...@kalik.net wrote:
When multiple threads ask for an IP at the same time it is possible for
same IP to be issued to different users. That's because allocate-find
works 10 or more times faster than allocate-update. There is a chance
that several allocate-finds will complete before first
t...@kalik.net wrote:
Since we started using buffered accounting there is an open session now
and then. Before, when we wrote directly to sql, no packets were lost,
so I have to assume it is coming from radrelay.
Weird.
We will just start using checkrad. No need before - no dropped packets
Configure perl module to use your script (raddb/modules/perl). Script
should use sub acconting. List perl in accounting.
Ivan Kalik
Kalik Informatika ISP
Dana 19/1/2009, ramesh p rock786...@gmail.com piše:
One more question how to include the perl script for parsing. I haven't done
this
Upgrade. perl is experimental there.
Ivan Kalik
Kalik Informatika iSP
Dana 19/1/2009, ramesh p rock786...@gmail.com piše:
am using freeradius-1.1.6
2009/1/19 ramesh p rock786...@gmail.com
One more question how to include the perl script for parsing. I haven't
done this before. Please kindly
Hi,
On Mon, 2009-01-19 at 13:26 +0100, t...@kalik.net wrote:
Server didn't build with OpenSSL support. Fix that if you want to use
peap.
Ivan,
Thanks for getting back and help, I appreciate that.
I've checked if I have openssl:
r...@radius:/# dpkg -l | grep ssl
ii libssl0.9.8,
Does freeradius.1.1.6 supoorts? which version of freeradius supports??
2009/1/19 t...@kalik.net
Upgrade. perl is experimental there.
Ivan Kalik
Kalik Informatika iSP
Dana 19/1/2009, ramesh p rock786...@gmail.com piše:
am using freeradius-1.1.6
2009/1/19 ramesh p rock786...@gmail.com
On Mon, 2009-01-19 at 14:12 +0100, Alan DeKok wrote:
You need the libssl-dev package.
And then re-build re-install the server.
Alan DeKok.
Alan,
Thanks for your mail. I have installed libssl-dev package:
r...@radius:/home/radius/sbin# dpkg -l | grep ssl
ii libssl-dev
Tomas D wrote:
if this is what I get when staring radius:
r...@radius:/home/radius# ./sbin/radiusd -X
...
make: openssl: Command not found
You don't have the OpenSSL command installed. It is needed to create
the default certificates that come with the server.
Try doing:
$ cd
Hi,
I was running script during install here are WARNINGs:
r...@radius:/home/radius# grep WARNING ../logs/configure
configure: WARNING: snmpget not found - Simultaneous-Use and checkrad.pl
may not work
configure: WARNING: snmpwalk not found - Simultaneous-Use and
checkrad.pl may not work
19.01.09, 16:52, t...@kalik.net:
3. Also i need a reject rule for those users, who was authenticated by
LDAP and do not belong to any ldap-group. I've tried Ldap-Group !*, but
this attribute always exists for every user :(
Try unlang: if (!control:Ldap-Group) { ...
Ivan Kalik
Kalik
When multiple threads ask for an IP at the same time it is possible for
same IP to be issued to different users. That's because allocate-find
works 10 or more times faster than allocate-update. There is a chance
that several allocate-finds will complete before first allocate-update
makes the
Upgrade to the latest version.
Ivan Kalik
Kalik Informatika ISP
Dana 19/1/2009, ramesh p rock786...@gmail.com piše:
Does freeradius.1.1.6 supoorts? which version of freeradius supports??
2009/1/19 t...@kalik.net
Upgrade. perl is experimental there.
Ivan Kalik
Kalik Informatika iSP
Dana
On Mon, 2009-01-19 at 14:20 +, a.l.m.bu...@lboro.ac.uk wrote:
ah. you have build-essentials package and thus 'make' command - but
that is running a script which calls 'openssl' itself - which you dont
appear to have installed - you have libssl-dev and libssl - which
are the support
Since we started using buffered accounting there is an open session now
and then. Before, when we wrote directly to sql, no packets were lost,
so I have to assume it is coming from radrelay.
Weird.
Oh, it was happening much more often in testing. Often enough for me to
notice. I would place
3. Also i need a reject rule for those users, who was authenticated by
LDAP and do not belong to any ldap-group. I've tried Ldap-Group !*, but
this attribute always exists for every user :(
Try unlang: if (!control:Ldap-Group) { ...
Ivan Kalik
Kalik Informatika ISP
-
It doesn't
t...@kalik.net wrote:
solution :-D
You have to use a real database for that (e.g. PostgreSQL -- where
they're supported in the form of save points) ;)
I've added a note to sqlippool.conf about MySQL. This should
hopefully cut down on the problems questions.
Alan DeKok.
-
List
unsubscribe
--
Paul TAVERNIER
Equipe Reseaux-Securite
Division Informatique
Rectorat de ROUEN
Tel: 02.32.08.94.18
Fax: 02.32.08.94.12
Mob: 06.25.45.84.10
Dans votre ascension professionnelle,
soyez toujours très gentil pour ceux que vous
dépassez en montant. Vous
Alan,
I can't compile FR 2.1.3 in Solaris10.
Thanks,
Chris Howley
SunOS netserv3 5.10 Generic_120012-14 i86pc i386 i86pc
gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE
-DNDEBUG -I/sandbox/freeradius-server-2.1.3/src -DHOSTINFO=\
i386-pc-solaris2.10\
--username=%{Stripped-User-Name:-%{User-Name:-None}}
Try mschap:User-Name. That suggestion should be right above ntlm_auth
line in mschap configuration.
Ivan Kalik
Kalik Inormatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
this would then just strip of the Domainname from the --username
parameter. So its lost.
If possile i like to keep it eithere in the username or if i can get it
in anothere variable (will check rlm_mschap if thee is one) to feed this
into --domain. In case its Empty i could pace a Default
this would then just strip of the Domainname from the --username
parameter. So its lost.
If possile i like to keep it eithere in the username or if i can get it
in anothere variable (will check rlm_mschap if thee is one) to feed this
into --domain. In case its Empty i could pace a Default Domain
At present we are not recommended for upgrading. So is there any way to
parse Cisco-AVpair attributes in sql.conf file itself?
Regards,
Ramesh.
2009/1/19 t...@kalik.net
Upgrade to the latest version.
Ivan Kalik
Kalik Informatika ISP
Dana 19/1/2009, ramesh p rock786...@gmail.com piše:
Hello all
I'm trying to configure freeradius on a Centos server to authenticate my logins
on Cisco devices. I can see in the log file that my request is hitting the
server. I'm advised to just add a username and password in the users file so
I've done that, I've used the steve login and
19.01.09, 18:13, t...@kalik.net:
3. Also i need a reject rule for those users, who was authenticated
by LDAP and do not belong to any ldap-group. I've tried Ldap-Group
!*, but this attribute always exists for every user :(
Try unlang: if (!control:Ldap-Group) { ...
-
It
55 matches
Mail list logo