Eric Geier wrote:
> If sql xlat won't work in the clients file,
What does that mean?
> do you recommend to check
> something in particular? I also can't get the mac authentication working
> with Calling-Station-ID in the radcheck table...maybe I have something wrong
> with my sql on the freerad
On Tuesday 03.02.2009 08:42:44 Alan DeKok wrote:
> > - If I reject in pre-proxy my server crashes. No error message or
> > anything, it just exits (see attached debug). Is this a bug? I'm using
> > version 2.1.0.
>
> That would be a bug. My first suggestion would be to upgrade rather
> than tryi
whats the difference between Accounting stop and AcctStatusType=stop?
Accounting stop and AcctStatusType=tunnel-stop
I need only stop packets. I'm not going to store accounting start packets.
If i send accounting stop packets and AcctStatusType=tunnel-stop am
receiving it as AcctStatusType=St
Alan,
> The comments in radiusd.conf just before that say that the "authorize"
>etc. sections are in virtual hosts, and that the "include" line includes
>those virtual hosts.
I see; thanks for the clarification. This is a departure from how FreeRADIUS
1.0 was configured, where the authenticate
>I executed freeradius on debug mode, then I used the radtest command.
>
>The message is almost the same,
Almost is the key word here.
>but the proxy (@dialup,usp.br - another
>radius server in another city) returns OK.
>
>Why using radtest it returns OK and using monowall it retorns Reject?
Who
>I have a Monowall athorizing and accounting on a Freeradius 2.1.1
>
I have news for you - you don't. Some other server does that. Yours just
proxies requests to it.
>[suffix] Looking up realm "dialup.usp.br" for User-Name = "
>nbati...@dialup.usp.br"
>[suffix] Found realm "dialup.usp.br"
>[suffi
.125
> > Called-Station-Id = "00:11:2f:75:81:7c"
> > Calling-Station-Id = "00:1b:77:b5:34:9d"
> > +- entering group authorize {...}
> > ++[preprocess] returns ok
> > [auth_log] expand:
> > /usr/local/var/log/radius/
Framed-IP-Address = 125.125.125.125
> Called-Station-Id = "00:11:2f:75:81:7c"
> Calling-Station-Id = "00:1b:77:b5:34:9d"
> +- entering group authorize {...}
> ++[preprocess] returns ok
> [auth_log] expand:
> /usr/local/var/log/radius/radacct/%
Calling-Station-Id = "00:1b:77:b5:34:9d"
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/143.107.192.54/auth-detail-20090203
[auth_log]
/
Awesome! Thanks for the info.
On Tue, Feb 3, 2009 at 6:07 PM, Marinko Tarlac wrote:
> Insert failed login attempts in radpostauth table and count them... After
> that add Auth-Type Reject...
>
> SDamron wrote:
>>
>> Is there a way using what ever method to lock out accounts after
>> several bad
Insert failed login attempts in radpostauth table and count them...
After that add Auth-Type Reject...
SDamron wrote:
Is there a way using what ever method to lock out accounts after
several bad login attempts?
TIA,
Damron
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
Is there a way using what ever method to lock out accounts after
several bad login attempts?
TIA,
Damron
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The file is called daloradius.conf.php
There's a file called INSTALL, if you would have done some reading it
would have saved you 2 days
and the world a couple of hundreds bytes of un-necessary email.
Regards,
Liran.
On Tue, Feb 3, 2009 at 9:37 PM, Mr Little Crazzy
wrote:
> I found my error the
I found my error the error was that in the new version of daloradius is a file
called config.php o something like that y not a faile called config.conf where
i did my config.
> Date: Tue, 3 Feb 2009 21:19:01 +0200
> Subject: Re: radius web managment
> From: liransgar...@gmail.com
> To: freeradi
Great, thanks!
If sql xlat won't work in the clients file, do you recommend to check
something in particular? I also can't get the mac authentication working
with Calling-Station-ID in the radcheck table...maybe I have something wrong
with my sql on the freeradius machine or with the SQL server.
Hey,
I am the author of the daloRADIUS project.
All that has been said so far is true - you are really lacking some
basic knowledge to be able to set it up,
and true, the mysql database connection shouldn't really be root but
that's another course in security so we
won't go diving into that now...
Eric Geier wrote:
> Is there a Variable for the shared secret used in the request packets?
%{client:secret}
*Anything* in the client section can be referenced this way:
clients.conf:
client foo {
ipaddr = 1.2.3.4
secret = testing123
the_beatles = cool
}
authori
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jonathan Gazeley wrote:
> No - this is a completely standard FreeRADIUS configuration. Nothing
> relating to rewriting anything has been changed.
>
> In the debug log posted in one of my earlier messages, it appears the FR
> server sends an Access-Cha
Is there a Variable for the shared secret used in the request packets?
Thanks, Eric.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No - this is a completely standard FreeRADIUS configuration. Nothing
relating to rewriting anything has been changed.
In the debug log posted in one of my earlier messages, it appears the FR
server sends an Access-Challenge packet from the inner server using my
statically set outer ID (testing
>>You are aware that this will disable Simultaneous-Use?
>could you explain me more.
>
If you don't record Start packets you won't be able to detect double
(or multiple) logins by the same user. Potentially, one user can pay you
and reveal his user/pass to everybody and all of them will be able to
>You are aware that this will disable Simultaneous-Use?
could you explain me more.
At present am using Accounting_stop query and Accounting_stop_alt query for
storing stop packets.
My routers will be sending packets types of Acct-Status0Type =
Start,
Stop,
Checkpoint,
Accounting-On,
Accounting-O
>Hi Alan,Appreciated if you could give me some tips how to solve the problem.I
>ready have not idea why this happen or where did i get wrong..newbie.Thank in
>advance.>
What are you using to connect to the AP? Whatever you are using is
broken. Fix it or get a new one.
Ivan Kalik
Kalik Informati
Hi Alan,Appreciated if you could give me some tips how to solve the problem.I
ready have not idea why this happen or where did i get wrong..newbie.Thank in
advance.> Date: Mon, 2 Feb 2009 14:50:04 +0100> From:
al...@deployingradius.com> To: freeradius-users@lists.freeradius.org> Subject:
Re: m
А Гауэрт wrote:
I'm new at this and I was wondering if anyone can help me out configuring free
radius for mac address authentication
I need to install a server for mac address authentication, without certificates.
I have switch clients and I need authenticate users on these switches for mac
(
А Гауэрт wrote:
> I'm new at this and I was wondering if anyone can help me out configuring
> free radius for mac address authentication
>
> I need to install a server for mac address authentication, without
> certificates.
>
> I have switch clients and I need authenticate users on these switch
Jonathan Gazeley wrote:
> Sorry to 'bump' my previous post. I'm at a loss as to why FreeRADIUS
> expands the username as expected, but why this username never makes it
> back to the NAS. Does anyone have any ideas?
No idea... is there anything else that's over-writing the User-Name?
Alan DeKo
I'm new at this and I was wondering if anyone can help me out configuring free
radius for mac address authentication
I need to install a server for mac address authentication, without certificates.
I have switch clients and I need authenticate users on these switches for mac
(only).
It's about
Sorry to 'bump' my previous post. I'm at a loss as to why FreeRADIUS
expands the username as expected, but why this username never makes it
back to the NAS. Does anyone have any ideas?
Thanks,
Jonathan
Jonathan Gazeley wrote:
I'm running FreeRADIUS 2.1.1.
My config block in the post-auth se
>I need to store packets with "Acct-Status-Type := Stop" only in db
>'radacct', rest of the packets needs to be ignored. How to proceed. Plz give
>suggestion.
>
>Note: am using freeradius1.1.6 version.
>
In sql.conf leave only accounting_stop_query_alt and comment out the
others. You are aware tha
Hi all,
I need to store packets with "Acct-Status-Type := Stop" only in db
'radacct', rest of the packets needs to be ignored. How to proceed. Plz give
suggestion.
Note: am using freeradius1.1.6 version.
Regards,
Ramesh.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users
hi there
here is a link for radmanager
http://www.dmasoftlab.com/cont/home
anyway its not free and i cant see a link for a demo/trial version
2009/2/3 Gunza
> Anybody have Radius Manager copy of download link. If you have please send
> me.
>
> Thanks,
> Gunza
>
> --- On *Mon, 2/2/09, Mike Str
Cristian Novac wrote:
> I'm trying to do a TLS auth, and I get an error after user sending his
> cert;
> Could someone please take a look at the log error, maybe it tels you
> more than I understand from it.
> Thank you!
>
> ps: the cert that is doing problems is a wimax device certificate.
WiM
Will D. Spann wrote:
> Thanks for the reply. I didn't realize disabling sites-enabled would
> disable all AAA services.
The comments in radiusd.conf just before that say that the "authorize"
etc. sections are in virtual hosts, and that the "include" line includes
those virtual hosts.
> Running
Verlag Neue Stadt wrote:
> we would like to have captive users(authentication portal) authenticated
> with a one time password (OTP).
The captive portal is responsible for implementing the login page, and
all of the handling of RADIUS client requests.
> After entering the user-account at the ca
Will D. Spann wrote:
> I'm getting the same Make error when I try to compile this version
> (v2.1.3) on openSUSE 11.1 (x64). I took your advice to Marcelo &
> restarted from a fresh source tree, but got the same result both times.
> The ./configure script ran without errors. Here's a bit more of
Alan DeKok,
I'm getting the same Make error when I try to compile this version (v2.1.3) on
openSUSE 11.1 (x64). I took your advice to Marcelo & restarted from a fresh
source tree, but got the same result both times. The ./configure script ran
without errors. Here's a bit more of the output I
Ivan Kalik,
>>I should note that in my radiusd.conf file, I'm not including "eap.conf" nor
>>"sites-enabled/", but other than that I have all default settings.
>Well done! By removing /sites-enabled you have stopped the server from
>processing all As from AAA (authentication, authorization and
>
Hello,
we would like to have captive users(authentication portal) authenticated
with a one time password (OTP).
After entering the user-account at the captive login page, preferably
a/the RADIUS server should send
the unique autentication number (sometimes called mobile TAN/mTAN or
OTP) to t
Hello,
I'm trying to do a TLS auth, and I get an error after user sending his
cert;
Could someone please take a look at the log error, maybe it tels you
more than I understand from it.
Thank you!
ps: the cert that is doing problems is a wimax device certificate.
EAP-Message = 0x01070
40 matches
Mail list logo