Hi,
is there a way to reference the name of the client stanza (or its
shortname) in unlang? I.e. if there is
client foo {
ipaddr = 1.2.3.4
shortname = foostuff
}
Then there's a request coming in from this client. In the client
processing, can there be sth like
if ( -- something that rev
Stefan Winter wrote:
> Hi,
>
> is there a way to reference the name of the client stanza (or its
> shortname) in unlang? I.e. if there is
>
> client foo {
> ipaddr = 1.2.3.4
> shortname = foostuff
> }
>
> Then there's a request coming in from this client. In the client
> processing, can
>is there a way to reference the name of the client stanza (or its
>shortname) in unlang? I.e. if there is
>
>client foo {
>ipaddr = 1.2.3.4
>shortname = foostuff
>}
>
>Then there's a request coming in from this client. In the client
>processing, can there be sth like
>
>if ( -- something t
Hello,
I've implemented this situation.
well, our solution was a bit more complex, we have "peak" and "off peak" times.
for example weekends are "off peak".
Users have a limited traffic based on their group, say 25GB/month.
here is pretty much what i have done (simplified!):
1. add a "traffic" usa
I have copied the file of the default virtual server to my virtual server file
and edited it.
Then I disabled the default Virtual server.
Pedro Mazzoni
Tecnologia da Informação
intelitiva.com
+55 21 3553-1947 / +55 21 9354-2234
pedro.mazz...@intelitiva.com
Rua da Assembléia, 10 - Sl. 2213
Cent
>I have copied the file of the default virtual server to my virtual server file
>and edited it.
>Then I disabled the default Virtual server.
>
And did you enable the new one? Read the README file in
raddb/sites-available in order to find out how to fix/add listen section
in order to make this w
dave anderson wrote:
> Wimax.c needs a small fix in order to print the right debug message
> content.
Fixed, thanks.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi, I have several problems when I would like to link freeradius with AD
using OpenLDAP.
When I tried to test the binding of OpenLDAP to the AD with radtest, it
responds Access-Accept (as you can see in the log after).
But when I wanted to check with a real supplicant (under WinXP with
MD5-Challen
>Hi, I have several problems when I would like to link freeradius with AD
>using OpenLDAP.
Look up
http://deployingradius.com/documents/configuration/active_directory.html
to see how to inegrate with AD for pap and mschap/PEAP.
>When I tried to test the binding of OpenLDAP to the AD with radtest
Would Kerberos authentication work with AD and EAP, or am I thinking
too early in the day?
On Tue, Feb 17, 2009 at 8:55 AM, wrote:
>>Hi, I have several problems when I would like to link freeradius with AD
>>using OpenLDAP.
>
> Look up
> http://deployingradius.com/documents/configuration/active_
I would like to write the Wimax Freeradius Wiki but need an account. Can
you help me get a log in.
-Original Message-
From: Alan DeKok [mailto:al...@deployingradius.com]
Sent: February 17, 2009 6:15 AM
To: FreeRadius users mailing list
Subject: Re: wimax.c
dave anderson wrote:
> Wimax.
>Would Kerberos authentication work with AD and EAP, or am I thinking
>too early in the day?
>
No. Kerberos requires clear text passwords in the request. EAP-MD5
doesn't provide them. EAP-TTLS PAP will work - but native XP supplicant
doesn't support that. You can get SecureW2 to do it.
Ivan Kalik
> Remember when you put your Root CA file (and perhaps the CRL for that
> CA) into your certificate directory, and ran 'c_rehash directory>'?
If you mean when I installed ssl certs for Apache, I never did this. I
simply put the server cert and the chain file on the server, then
configured mod_ssl
>What i've got currently can be up to 3 files. Firstly, the server
>certificate itself, which has been signed by Verisign's Intermediate CA,
>then the cert for said Intermediate CA, and finally the root cert used
>to sign the Intermediate CA. My current setup is with the server cert in
>a file on i
SDamron wrote:
> Would Kerberos authentication work with AD and EAP, or am I thinking
> too early in the day?
It won't work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dave anderson wrote:
> I would like to write the Wimax Freeradius Wiki but need an account. Can
> you help me get a log in.
Account creation was disabled to prevent spammers.
I've mailed you information privately.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.o
> >I've actually dropped the -crl_check from this test, as i'm not doing
> >crl checking within FreeRADIUS until i've got it working without it.
> >Also, this command didn't seem to work when my verisign.pem contained
> >
> >1 cert, even after a c_rehash, it only worked if all the certs were
in
> >
Hi all:
i would like to use unix file /etc/passwd to authenticate users on my
routers and somehow it always fails:
rad_recv: Access-Request packet from host 192.168.10.101:61706, id=153,
length=53
User-Name = "tester"
User-Password = "test"
NAS-Identifier = "lab_1"
ipfreak wrote:
> i would like to use unix file /etc/passwd to authenticate users on my
> routers and somehow it always fails:
Because you broke the "passwd" file.
> rad_recv: Access-Request packet from host 192.168.10.101:61706, id=153,
> length=53
> User-Name = "tester"
> User-
>My client is still giving the same behaviour of not getting the
>certificate chain, however.
>
OK. So which certificate signed the client certificate?
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Alan,
FreeBSD's /etc/master.passwd file always has a comment at the top
starting with a # which means ignore the line.
Regards
--jm
On 17 Feb 2009, at 8:52 PM, Alan DeKok wrote:
ipfreak wrote:
i would like to use unix file /etc/passwd to authenticate users on my
routers and somehow it
Jacques Marneweck wrote:
> FreeBSD's /etc/master.passwd file always has a comment at the top
> starting with a # which means ignore the line.
That is non-standard...
Anyways... if you're getting that message, it's because:
1) you're using a very old version of the server
AND
a) y
Alan DeKok a écrit :
Fabiano wrote:
Can you point me to a document or website where the following mechanism
is described well ?
ie MSCHAPv2 Radius Client -> Freeradius does the MSCHAPv2 challenge ? ->
auth is delegated to external script receiving attributes like username
and password in cle
I've noticed that the check that ./configure script does in order to
find out if gdbm si used only tries to link with gdbm_compat.
But the man page of gdbm says:
If you wish to use the dbm or ndbm compatibility routines, you must link
in the gdbm_compat library as well. For example:
g
Fabiano wrote:
>> A database? You should know what the *correct* password is, otherwise
>> you don't be able to authenticate the user.
>>
> You mean, for example making the OTP script (doing exactly the contrary
> of what it actually does) write the password every 10 seconds to a
> database f
Alan DeKok a écrit :
Fabiano wrote:
A database? You should know what the *correct* password is, otherwise
you don't be able to authenticate the user.
You mean, for example making the OTP script (doing exactly the contrary
of what it actually does) write the password every 10 sec
Thanks.
1) rlm unix cache is set to 0.
2) yes, i am using FreeBSD7.1 and whatever the version the FreeBSD comes with.
what really want to do is simple, just use /etc/passwd file for authentication.
> Date: Tue, 17 Feb 2009 20:15:06 +0100
> From: al...@deployingradius.com
> To: freeradius-use
ip freak wrote:
> Thanks.
>
> 1) rlm unix cache is set to 0.
> 2) yes, i am using FreeBSD7.1 and whatever the version the FreeBSD comes
> with.
>
> what really want to do is simple, just use /etc/passwd file for
> authentication.
Then use the default configuration that comes with 1.1.X for the
28 matches
Mail list logo
