Alan DeKok wrote:
Alan DeKok wrote:
It's about time we have a formal testing process. I have some hosted
machines with spare cycles.
I'll install CruiseControl...
Nope.
After a quick review of "continuous integration" systems:
.
I think it's easier just to write a few sh
On Wed, 11 Mar 2009 23:51:50 +0200, wrote:
Hi. I have two types of nases: 1) hotspots 2) vpn servers. I need vpn
nases authorize only vpn users and hotspot nases authorize only hotspot
users. How can i divide users into several groups and reject vpn
accounts
to login through hotspot and vice
>also i am going thru the documentation part of jradius to imply? can anyone
>of you suggest me whether i am in right direction?
>
If you want to use Java that is a good way.
>> now by
>> making the ACS to do proxying at network configuration, i can see the
>> request
Well, we don't. Post the de
>I use rlm_sql to store user attributes, but i thought sql groups it's
>internal feature of rlm_sql and not related to radius server at all.
>
It is internal, but SQL-Group can be used in other modules too. If you
check SQL-Group in, lets say, users file, rlm_sql will be called and
value of SQL-Gr
In my my inner-tunnel virtual server, authorize section, I have some
code like this, for sorting users into vlans:
update control {
Tunnel-Type := "VLAN"
Tunnel-Medium-Type := "IEEE-802"
Tunnel-Private-Group-Id :=
`/usr/local/etc/raddb/scripts
> And many requests later you ask about it:
>
> >++? if (control:Tmp-String-0 == "ldap-student")
> >(Attribute control:Tmp-String-0 was not found)
>
> .. and it's not there. Of course it's not, since it wasn't
> set during processing of that Access-Request but much earlier
> in the exchange
t...@kalik.net wrote:
In my my inner-tunnel virtual server, authorize section, I have some
code like this, for sorting users into vlans:
update control {
Tunnel-Type := "VLAN"
Tunnel-Medium-Type := "IEEE-802"
Tunnel-Private-Group-Id :=
`/usr/lo
Hi,
> Thanks for your reply, Ivan. So I don't need to "update control" to
> place a user in a vlan? If I can safely remove this section, that's my
> problem solved - thanks.
this sort of stuff needs to go into the RADIUS REPLY. you can use
eg PERL to do this, see the examples that come with t
>In my my inner-tunnel virtual server, authorize section, I have some
>code like this, for sorting users into vlans:
>
>update control {
>Tunnel-Type := "VLAN"
>Tunnel-Medium-Type := "IEEE-802"
>Tunnel-Private-Group-Id :=
>`/usr/local/etc/radd
Thank you for help. I try to do as you say and put this to authorize
section after preprocess:
preprocess
# allow hotspot users only
if (SQL-Group != 'Spot') {
reject
}
Here debug on this action:
++? if (SQL-Group != 'Spot')
sql_groupcmp
Hi Ivan,
The Zinwell manual didn't say anything about enabling account. My Freeradius is
configured with default values, only things I changed was to use EAP/PEAP and
freeradius, at radius database I configured tables NAS, Usergroup, radcheck ang
groupreply(Auth-Type:=EAP).
Could you te
Hi,
> Thank you for help. I try to do as you say and put this to authorize
> section after preprocess:
>
>preprocess
>
> # allow hotspot users only
> if (SQL-Group != 'Spot') {
> reject
> }
if (SQL-Group != /Spot/) ?
alan
-
List info/su
Dear Alan
You might consider to take a look on the mysql module on freeradius 2.1.4.
I have tried with Debian Lenny + mysql , error: mysql module not found. Same
machine with 2.1.3, no such issue.
Thanks
- Original Message
From: Johan Meiring
To: FreeRadius users mailing list
Cc:
Hi,
> The Zinwell manual didn't say anything about enabling account. My Freeradius
> is configured with default values, only things I changed was to use EAP/PEAP
> and freeradius, at radius database I configured tables NAS, Usergroup,
> radcheck ang groupreply(Auth-Type:=EAP).
if it doesnt men
>Thank you for help. I try to do as you say and put this to authorize
>section after preprocess:
>
>preprocess
>
> # allow hotspot users only
> if (SQL-Group != 'Spot') {
> reject
> }
>
>Here debug on this action:
>
>++? if (SQL-Group != 'Spot')
>sql
piston wrote:
> You might consider to take a look on the mysql module on freeradius 2.1.4.
>
> I have tried with Debian Lenny + mysql , error: mysql module not found. Same
> machine with 2.1.3, no such issue.
Is it so difficult to provide more information?
Like... configure logs, build logs
Leonardo Mártyres wrote:
> The Zinwell manual didn't say anything about enabling account.
Then it doesn't do accounting. Nothing you do to FreeRADIUS will make
the Zinwell machine send accounting packets.
Throw the Zinwell box in the garbage, and buy an access point that has
the features you
Alexander Solodukhin wrote:
> Thank you for help. I try to do as you say and put this to authorize
> section after preprocess:
>
>preprocess
>
> # allow hotspot users only
> if (SQL-Group != 'Spot') {
That won't work... the SQL-Group attribute is a "callback" attribute
>The Zinwell manual didn't say anything about enabling account.
Well, there is nothing you can do on the radius server to make AP send
accounting.
>My Freeradius is configured with default values, only things I changed was to
>use EAP/PEAP and freeradius, at radius database I configured tables N
On Thu, 12 Mar 2009 14:30:07 +0200, Alan DeKok
wrote:
Alexander Solodukhin wrote:
Thank you for help. I try to do as you say and put this to authorize
section after preprocess:
preprocess
# allow hotspot users only
if (SQL-Group != 'Spot') {
That won't work... t
--
>
> Message: 7
> Date: Thu, 12 Mar 2009 12:17:56 +
> From: a.l.m.bu...@lboro.ac.uk
> Subject: Re: Re: No accounting Freeradius + EAP/PEAP/TLS
> To: FreeRadius users mailing list
>
> Message-ID: <20090312121756.gd28...@lboro.ac.uk>
> Content-Type: text/plain; c
On Thu, 12 Mar 2009 14:20:58 +0200, wrote:
Thank you for help. I try to do as you say and put this to authorize
section after preprocess:
preprocess
# allow hotspot users only
if (SQL-Group != 'Spot') {
reject
}
Here debug on this action:
++?
Freeradius 2.1.3
winbindd version 3.0.33-3.7.el5
RedHat Linux 5, release 2 fully patched
I know this isn't a FreeRadius issue, but is related. Has anyone running
FreeRadius with Winbindd for windows authentication, found a solution to
these error messages in the samba.log?
[r...@prad01 log]#
>> What will be
>> the configuration then?
>>
>> DEFAULT Huntgroup-Name==testldap, Ldap-Group == employee, Auth-Type := Pam
>>Fall-Through = no
>>
>> DEFAULT if (NAS-IP-Address >z.z.z.z && NAS-IP-Address< y.y.y.y) {
>> Auth-Type:= Pam} else
>> {
>>
>> Auth-Type := Reject
>> Rep
>
>sites-enabled/default
>-
>authorize
>{
>ldap
>
> if (Ldap-Group == "employee" && NAS-IP-Address ==
> ^131\.(220)\.(1)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$)
> {ok} else
>
> if (Ldap-Group == "student" && NAS-IP-Address ==
> ^131\.(220)\.(2)\
Hi,
I've set up a 2.1.4 server, and working pretty well with authentication
against LDAP alone. What I've noticed though is that if the LDAP server is
down on the same box then the LDAP module, rightfully, fails. However whilst
this leaves the service unable to authenticate the user, it still repl
Is the default_profile setting in modules/ldap supposed to expand
runtime variables?
I tried to set:
default_profile = "cn=default,ou=%{Realm},ou=profiles,dc=mc,dc=com"
but on the logs I see:
rlm_ldap: performing search in
cn=default,ou=%{Realm},ou=profiles,dc=mc,dc=com
rlm_ldap: object not
>I've set up a 2.1.4 server, and working pretty well with authentication
>against LDAP alone. What I've noticed though is that if the LDAP server is
>down on the same box then the LDAP module, rightfully, fails. However whilst
>this leaves the service unable to authenticate the user, it still repli
Hi,
> Is there any way to force a logic whereby if the ldap module fails, it would
> drop the RADIUS request on the floor, to make it look like a service failure
> to the client? Kinda wrecks our resiliency model if not! We're only using a
> single ldap server per box, but even if we were using ot
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
My problem is that, I am not able to figure out, what wrong am I doing ? I
shall be highly thankful, if you can point me what part of config I need to
change?
Many Thanks,
JK
Jaswinder Kaur wrote:
> I am using freeradius 2.1.1 on Suse 10 SP1. I
On Thu, Mar 12, 2009 at 4:33 PM, wrote:
> >I've set up a 2.1.4 server, and working pretty well with authentication
> >against LDAP alone. What I've noticed though is that if the LDAP server is
> >down on the same box then the LDAP module, rightfully, fails. However
> whilst
> >this leaves the ser
On Thu, Mar 12, 2009 at 5:07 PM, wrote:
> Hi,
>
> > Is there any way to force a logic whereby if the ldap module fails, it
> would
> > drop the RADIUS request on the floor, to make it look like a service
> failure
> > to the client? Kinda wrecks our resiliency model if not! We're only using
> a
>
Jaswinder Kaur wrote:
> My problem is that, I am not able to figure out, what wrong am I doing ? I
> shall be highly thankful, if you can point me what part of config I need to
> change?
Have you READ eap.conf? This is documented in all of the recent
versions of the server.
This is also in
>>You have two different versions of OpenSSL installed.
I'm really stumped by this. I'm replaced the default debian openssl libraries
(as per... ldconfig -v | grep ssl) with openssl 0.9.8.j and am still getting the
pesky error, radiusd: symbol lookup error: /usr/lib/rlm_eap_tls-2.1.3.so:
unde
Hi,
Could someone suggest some NAS models to buy? I want to do account properly.
Thanks
_
Show them the way! Add maps and directions to your party invites.
http://www.microsoft.com/windows/windowslive/products/events.aspx-
L
Hi, Does an accounting server reply to a NAS's accounting message? How does an
NAS know that the accounting message is lost (due to accounting server
failure)? Thanks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Have a radius box setup and am using ntlm_auth to authenticate peapv0
with mschapv2 in the inner tunnel off a samba pdc.
All normal users authenticate fine. When I try to authenticate using the
machine account I get this:
eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] pro
rosect...@yahoo.com wrote:
> Hi, Does an accounting server reply to a NAS's accounting message?
Yes.
> How
> does an NAS know that the accounting message is lost (due to accounting
> server failure)? Thanks.
It doesn't receive a reply?
Alan DeKok.
-
List info/subscribe/unsubscribe? See ht
Peter Param wrote:
>>> You have two different versions of OpenSSL installed.
>
> I'm really stumped by this. I'm replaced the default debian openssl
> libraries
> (as per... ldconfig -v | grep ssl) with openssl 0.9.8.j and am still getting
> the
> pesky error, radiusd: symbol lookup error: /
Giovanni Lovato wrote:
> Is the default_profile setting in modules/ldap supposed to expand
> runtime variables?
No.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
40 matches
Mail list logo
