Hello Ivan Kalik
Thank you very much for your help.
I didn't implement 2 different attribute on the one user by myself. I was
trying to do following
If packet goes to subnet 192.168.0.0/24 then router should use policy-map
512Kbps.
If packet goes to subnet any then router should use policy-m
Good Afternoon;
I am looking at different ways to authorize users using local resources. I
would like to create various Text files (like foundry.acl, juniper.acl etc etc)
with a list of kerberos principles contained within (each principle separated
by new line).
When a user attempts to authenti
hello all!
any possibility to use a database for CRL management?
imho there is no way since I think FR uses directly openssl commands
and it needs the crl and the revoked certs as files inside the CA_path
directory? right?
I'm thinking to use a database filesystem like DBI-Fuse or something like
>unfortunately i was not the one who installed our current freeradius
>and i have to add that i am quickly learning how to use it :)
>
>i installed v2.x on another server works like a charm .. but i have to
>make it work on the current one for the moment, would adding an entry
>in the users file he
On Thu, Mar 26, 2009 at 3:30 PM, wrote:
> >radius_xlat: 'SELECT
> >radgroupcheck.id,radgroupcheck.GroupName,radgroupcheckAttribute,radgroupcheck.Value,radgroupcheck.op
> FROM radgroupcheck,usergroup WHERE usergroup.Username = '0021709d3d47' AND
> usergroup.GroupName = radgroupcheck.GroupName O
Okay.
Generating my password with :
htpasswd -nd plemelin ( crypt )
and setting the attribute to crypt-password in mysql did the trick.
Generating the password with :
htpasswd -nm plemelin ( md5 )
and setting the attribute to MD5-password doesnt work.
I think i did enough radius for the we
>radius_xlat: 'SELECT
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheckAttribute,radgroupcheck.Value,radgroupcheck.op
> FROM radgroupcheck,usergroup WHERE usergroup.Username = '0021709d3d47' AND
>usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
>rlm_sql_mysql: MYSQ
>
> > 1- What do I set the "attribute" field to in the radcheck table to use
> > MD5 passwords ?
>
> Crypt-Password
In which scenario should MD5-Password be used ?
> 3- Is there a good reference to setup the mysql database to use
> > authentication ? Frankly, the ammount of questions and conflic
Sanz Malagón wrote:
> Alter that, I restart the service like this /etc/init.d/freeradius
> restart and I get this error since then
>
> Starting RADIUS daemon radiusd: pthread_mutex_lock.c:115:
> __pthread_mutex_lock: Assertion `mutex->__data.__owner == 0' failed.
That's a pretty bad failure. I
phil lemelin wrote:
> 1- What do I set the "attribute" field to in the radcheck table to use
> MD5 passwords ?
Crypt-Password
> 2- What do I set the "attribute" field to in the radgroupcheck IF I have
> too ( I should'nt have right ? decided by user unless I want to lock
> them out of a method
Delcamp, Christopher D CTR SPAWAR SSC LANT, 50DE wrote:
> Here is the debug output with several authentications.
...
> rlm_sql_mysql: MYSQL check_error: 1146 received
Ah... you're running an older version of the server, and using a MySQL
stored procedure in the SELECT. MySQL requires some speci
021709d3d47] (from client technet port 50230 cli
00-21-70-9D-3D-47)
Sending Access-Accept of id 77 to 10.50.50.104 port 1645
Tunnel-Private-Group-Id:0 = "MEC_IPC_NOC"
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Finished request 0
Going to the next request
--
> > Well, assuming by "barf" you mean not start, in 2.0.3 and 2.0.5, the
> > server doesn't barf and the error message only appears when debug is
on
> > (-Xx). Within the debug, it's closer to the beginning of my output
> > (line 188 of 542 messages). Here's a very abbreviated example:
>
> I t
Following on my adventure with freeradius, I decided to enable mysql and use
EAP-TTLS. Having my passwords in SQL, I now want to encrypt them ( MD5 ) and
use them to authenticate my user.
After reading the protocols compatibility matrix ,I saw that with EAP-TTLS,
with tunneled PAP, I should be abl
I'm sorry, I forgot it
The output is:
BOF
FreeRADIUS Version 2.0.5, for host i686-pc-linux-gnu, built on Oct 9 2008 at
16:13:43
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY o
Michel GAUDET wrote:
> To make my (new) experience with freeRADIUS I try to authenticate with simple
> User-name and password in the users file.
You have gone to great effort to delete most of the server
configuration. Don't do this.
Use the default configuration. Follow the instructions in
Hello Everybody !
Sorry for my english : the french people are known to be bad in other langage
than french !
To make my (new) experience with freeRADIUS I try to authenticate with simple
User-name and password in the users file.
Sorry for the long post but I want to give all is necessary to unde
> Date: Mon, 23 Mar 2009 11:22:22 -0400
> From: Josh Hiner
> Subject: Help checking group membership with FreeRadius
> To: freeradius-users@lists.freeradius.org
> Message-ID: <200903231522.n2nfmnxv077...@mxdrop218.xs4all.nl>
> Content-Type: text/plain; charset=UTF-8
> Currently we have a radius s
thanks !!
unfortunately i was not the one who installed our current freeradius
and i have to add that i am quickly learning how to use it :)
i installed v2.x on another server works like a charm .. but i have to
make it work on the current one for the moment, would adding an entry
in the users fi
You should post the output off radiusd -X.
2009/3/26 Sanz Malagón, Jorge
> Hi every body,
>
>
>
> My name is Jorge Sanz, from Spain, and this is my first mail in this list.
>
>
>
> I’m working with a Freeradius installed over OpenSUSE 11.0. It was working
> properly until I tryed to add a ne
Garber, Neal wrote:
> Well, assuming by "barf" you mean not start, in 2.0.3 and 2.0.5, the
> server doesn't barf and the error message only appears when debug is on
> (-Xx). Within the debug, it's closer to the beginning of my output
> (line 188 of 542 messages). Here's a very abbreviated example
> use dynamic-clients - this calls an SQL query which, if the target is
now
> in your DB will update the client list on the fly. no server
> restarts needed. radmin lists and shows the client etc
>
Sounds nice - I'll check it out. Thanks for the tip Alan..
> I seem to recall the error message
Hi every body,
My name is Jorge Sanz, from Spain, and this is my first mail in this list.
I'm working with a Freeradius installed over OpenSUSE 11.0. It was working
properly until I tryed to add a new client in /etc/raddb/clients.conf
I add the new client like this
client xxx.xxx.x
Garber, Neal wrote:
> I agree with you Alan that the server shouldn't just silently "work"
> with configuration errors. In the past, I've seen configuration errors
> preclude the server from starting. Is that still the case?
Yes.
> If so, then
> given the seriousness of the error, as describ
Perfect, works wonderfully. Thanks for the pointer. The winning statement
was...
DEFAULT User-Name =~ "^([...@]+)([...@])([...@]+)"
User-Name := "%{1}+%{3}"
This will transform "stri...@stringb" to "string1+stringb"
Thank you
Larry
>Currently my institution allows for registered user
Bruno Noronha wrote:
> I really can't make it work on SUSE 11.0. I didn't find any information
> about it and there are no attempts left for me.
You were given exact instructions. If you follow them, they work.
Downloading a new OS will not help you.
Alan DeKok.
-
List info/subscribe/unsu
> I think of CentOS 5.2, but do I really need to download 7 iso images to put
> it into work?
>
Download the DVD version if you have a dvd drive ?
Did you do :
freeradius stop
killall freeradius
ps -fe | grep -i radius
kill -s 9 `ps -fe | grep -i radius`
updatedb
`locate radiusd | grep bin | gr
I really can't make it work on SUSE 11.0. I didn't find any information
about it and there are no attempts left for me.
I would like to know what destributions really handle freeRADIUS in a good
manner. I think of CentOS 5.2, but do I really need to download 7 iso images
to put it into work?
Regar
>We are implementing 802.1x authentication with MAB (Mac Address Bypass) on our
>Cisco switches and are getting some freeradius errors. Just as a note, when
>using MAB the username and password given to radius is the MAC address of the
>device (workstation, server, printer, etc) that is attempt
We are implementing 802.1x authentication with MAB (Mac Address Bypass) on our
Cisco switches and are getting some freeradius errors. Just as a note, when
using MAB the username and password given to radius is the MAC address of the
device (workstation, server, printer, etc) that is attempting
Leonardo Mártyres wrote:
Does anyone use Chillispot to use WPA and FReeradius? Could tell me what
I have to configure at dd-wrt?
thanks
Here is a good starting point
http://coova.org/wiki/index.php/CoovaChilli/WithWPACaptivePortal
-
List info/subscribe/unsubscribe? See http://www.freeradiu
>I'm trying to implement ADSL service via cisco router by NAS, FreeRADIUS
>2.1.3 by AAA server and daloRADIUS.
>On the cisco router I defined some policy-map for traffic shape. In the
>radgroupreply table contains following attribute with value.
>"cisco-avpair", ":= ", "ip:sub-policy-Out=512Kbps"
>
>I am configuring a freeradius server with authentication PEAP/Mschap with an
>Active Directory. The authentication works :)
>There is my question:
>I have on my AD an attribute for each user such as "vlanId = 12" and I would
>like to get this value to assign the user authenticated on this VLAN. An
Hello,
I'm trying to implement ADSL service via cisco router by NAS, FreeRADIUS
2.1.3 by AAA server and daloRADIUS.
On the cisco router I defined some policy-map for traffic shape. In the
radgroupreply table contains following attribute with value.
"cisco-avpair", ":= ", "ip:sub-policy-Out=512
Hi everyone,
I am configuring a freeradius server with authentication PEAP/Mschap with an
Active Directory. The authentication works :)
There is my question:
I have on my AD an attribute for each user such as "vlanId = 12" and I would
like to get this value to assign the user authenticated on th
Hello.
We use FreeRADIUS as an intermediate server (proxy) between commercial
billing system and radius clients (NAS, servers, etc). In this case it is a
question about SIPProxy.
The billing system sends some additional attributes. Here a example from
FreeRADIUS log:
rad_recv: Access-Reject packet
>But actually, all user ID in my home radius server doesn't have "@domain" at
>the end, so how can I proxy the request user ID with "@domain" to my home
>radius and pass the authentication with no "@domain" user ID, and is it
>possible?
Yes, if you are not using EAP. Since you are - you can't rewr
>I have a question about same 'username' from different services.
>Task:
>1) Troublefree login users with same username, from different
>places(therefore different attribute) at the same time:
>- cisco console login(radius for cisco);
>- ppp(radius for dialup).
>
Why is this a problem. You
Hi,
> Thanks for taking the time to share your thoughts Alan. I recently
> started investigating SQL for client and huntgroup definitions and I
> appreciate your insight. Does using the SQL approach still require a
> server restart to refresh any changes? Do you know if there are any
> plans to
Hi,
> Please I'd like to know if with freeradius-server-2.1.3 , i must
> install freeradius-ldap before synchronize a ldap database to my
> radius server;
> Is-it necessary also to install freeradius-dialupadmin before creating An API?
> These two modules aren't integrated in freeradius-server-2.1
Please do yo have a howto for freeradius-server-2.1.3 or a link where
i can get these informations?
thanks
2009/3/26, Marinko Tarlac :
> Please visit freeradius wiki and read Howtos ...
>
> On Thu, Mar 26, 2009 at 9:55 AM, David N'DAKPAZE wrote:
>
>> hello,
>> Please I'd like to know if with freer
Please visit freeradius wiki and read Howtos ...
On Thu, Mar 26, 2009 at 9:55 AM, David N'DAKPAZE wrote:
> hello,
> Please I'd like to know if with freeradius-server-2.1.3 , i must
> install freeradius-ldap before synchronize a ldap database to my
> radius server;
> Is-it necessary also to instal
> ouch - random working process that is happy if the wind blows in the
right
> direction. no, the code is simply allowing only exact duplicates
> to be ignored as errors...which is quirky but stop s afew issues.
> anyway, another reason to use SQL as the client storage engine - you
> can put colum
hello,
Please I'd like to know if with freeradius-server-2.1.3 , i must
install freeradius-ldap before synchronize a ldap database to my
radius server;
Is-it necessary also to install freeradius-dialupadmin before creating An API?
These two modules aren't integrated in freeradius-server-2.1.3 ?
tha
A.L.M.Buxey wrote:
>
> Hi,
>
>> But username isn't. You can't strip the username.
>
> yep. add 'nostrip' to the proxy section for that realm
> on the proxy server
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
Thanks for your reply, it
Hello!
I have a question about same 'username' from different services.
Task:
1) Troublefree login users with same username, from different
places(therefore different attribute) at the same time:
- cisco console login(radius for cisco);
- ppp(radius for dialup).
2) In some way delineate r
Hi,
> I'm running FR 2.0.3 and I just found that if there is more than one
> client with the same IP address in clients.conf, then it will stop
> processing the remainder of the file and continue startup. The only
> indication it has done this are 2 error messages that are easily missed
> when ru
> If your server is misconfigured, it's better to know and fix it,
than
> have it silently "work" for some definition of "work".
>
I agree with you Alan that the server shouldn't just silently "work"
with configuration errors. In the past, I've seen configuration errors
preclude the server fro
48 matches
Mail list logo