Christopher Sheldon wrote:
Does anyone else who subscribes to the list specifically read every
email Alan sends just to chuckle at him berating the poor, confused
people seeking help?
My unhelpful comments are directed at the people who don't read (a)
the documentation I already wrote, or
daverum...@boothcreek.com wrote:
So funny you say that, I was just talking about that with a co worker. I
almost find myself searching for his emails and thinking that poor person who
is looking for help.
Asking people to read the debug log, as suggested in the FAQ, README,
INSTALL, man
DAve wrote:
I have read through the docs, looked into Session-Timeout and SQL
counters, but I do not see how to force a client to re authenticate.
What am I missing? What config information do I need to provide? What
information/manual/how to have I missed?
Petar Marinkovic wrote:
[mschap] Told to do MS-CHAPv2 for pmarinkovic with NT-Password
[mschap] expand: --username=%{mschap:User-Name:-None} -
--username=pmarinkovic
[mschap] mschap2: 30
[mschap] expand:
--domain=%{mschap:NT-Domain:-EXCHANGE}--challenge=%{mschap:Challenge:-00} -
Hello, first of all, sorry for my english.
I'm testing Freeradius 2.0.4+dfsg-6 in Debian. I want to configure proxy
like this (proxy.conf):
# radiusxx authentication
home_server radiusxx_auth {
type = auth
ipaddr = 1.2.3.4
port = 1812
secret = secret
response_window = 50
Not only I have to thank Alan for this or that hint and the great software.
Nowadays I find his answers amusing. They sound like a mantra:
Read the documentation, post the debug output, don't change too much in the
default configuration
What is wrong with that answer?
And knowing that one
Ana,
The notes in the proxy.conf file describe how proxying works when you do not
receive a response from a home server.
#
# If the home server doesn't respond to the request within
# this time, this server will consider the request dead, and
# respond
I insert in my users file this configuration item:
DEFAULT Huntgroup-Name == wi-fi, Ldap-Group == wifi, EAP-Type == PEAP,
Auth-Type := Reject
DEFAULT Huntgroup-Name == wi-fi, Ldap-Group == wifi, EAP-Type == TLS
Fall-Through = No
DEFAULT Ldap-Group == user, Huntgroup-Name == user
so, what you've actually got to do is run the pap method twice.
once for the user-name/password from sql_new and once for the
user-name/password from sql_old. one of those methods would
work for a valid user
thats a funky bit of group/failover requirement that'll have to
be
Hi,
You should write your custom authentication script.
theres probably a way of doing it all in config
with unlang etc - but yes, a PERL script which does
all of the SQL stuff and authentication itself
is probably the way to go for it
alan
-
List info/subscribe/unsubscribe? See
On 25/6/09 10:33, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
You should write your custom authentication script.
theres probably a way of doing it all in config
with unlang etc - but yes, a PERL script which does
all of the SQL stuff and authentication itself
is probably the way to go for it
I
Thank you to for you response. Certainly in the proxy.conf file we can read
# If the home server doesn't respond to the request within
# this time, this server will consider the request dead, and
# respond to the NAS with an Access-Reject.
#
#
i'd have freeradius rpm for opensuse 11
appreciate ur guidance
thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I leave you guys alone for 5 minutes
8-) as i said, theres probably a way of doing it
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Original Message
Subject: Re: Old password 'grace period'
Date: Thu, 25 Jun 2009 12:11:07 +0100
From: Arran Cudbard-Bell a.cudbard-b...@sussex.ac.uk
Organization: University of Sussex
To: t...@kalik.net
[snip]
I have tested something like this yesterday - it doesn't. You
Wegener, Norbert wrote:
Not only I have to thank Alan for this or that hint and the great software.
Nowadays I find his answers amusing. They sound like a mantra:
Read the documentation, post the debug output, don't change too much in the
default configuration
What is wrong with that
On 25/6/09 13:11, Ivan Kalik wrote:
I have tested something like this yesterday - it doesn't. You can't just
replace Cleartext-Password. NT-Password and LM-Passowrd were created for
the new password and mschap module will reuse them, completely
ignoring
old Cleartext-Password. They need to be
My response_window = 50 zombie_period=20. So, after 20 seconds, my
radiusxx Freeradius must consider it dead, and then, I think that
Freeradius
can proxy the request until the response_window = 50 time gone. Maybe I'm
mitaked, so I would like to know how if I'm in an error.
You are
My response_window = 50 zombie_period=20. So, after 20 seconds, my
radiusxx Freeradius must consider it dead, and then, I think that
Freeradius
can proxy the request until the response_window = 50 time gone. Maybe I'm
mitaked, so I would like to know how if I'm in an error.
You are
Hello,
I tested some things with radmin and freeradius 2.1.6 on SLES 10 SP2.
I started the server, started radmin, added the following debug condition:
debug condition '(User-Name == test)'
and then send an acces-request with this username to server. The server crashed
with the following
Hi,
I am using JRadius Client with freeRadius server for user authentication.
The following code is used to access freeRadius server:
--
AttributeFactory.loadAttributeDictionary(net.jradius.dictionary.AttributeDictionaryImpl);
I am using JRadius Client with freeRadius server for user authentication.
The following code is used to access freeRadius server:
--
AttributeFactory.loadAttributeDictionary(net.jradius.dictionary.AttributeDictionaryImpl);
On 25/6/09 12:01, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
I leave you guys alone for 5 minutes
8-) as i said, theres probably a way of doing it
:P Granted, was trickier than it first appeared. After a brief discussion with
Ivan, looks like this should work (he pointed out the security
Alan often replies immediately with useful information, often for
questions which are constantly repeated. I'm personally impressed with
his tireless dedication, not only in being one of the primary help
desk roles but also in developing the software, both of which you're
getting for *free*. I
-Original Message-
From: freeradius-users-
bounces+jmdanner=samford@lists.freeradius.org [mailto:freeradius-
users-bounces+jmdanner=samford@lists.freeradius.org] On Behalf Of
John Dennis
Sent: Thursday, June 25, 2009 8:54 AM
To: FreeRadius users mailing list
Subject: Re:
On 25/6/09 14:53, Arran Cudbard-Bell wrote:
On 25/6/09 12:01, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
I leave you guys alone for 5 minutes
8-) as i said, theres probably a way of doing it
*sigh* the Coffee excuse doesn't work past lunch time does it... (missed out
some curly braces)
I'm trying to include rlm_raw
(http://osdir.com/ml/freeradius.devel/2005-01/msg00027.html) in the
installation of FR 1.1.7, but it's never included at usr/lib/freeradius
after install. I've tried in Ubuntu and Debian. I'm not sure if it's a
general module/compiling problem or something with
Thanks a lot, guys. I am on vacation until Monday, but am very tempted
to login to work and give this a try..nah, it can wait until Monday
:).
Thanks again for you efforts.
John
-Original Message-
From: freeradius-users-
bounces+john.kane=prodeasystems@lists.freeradius.org
First, thanks Alan for your help, I managed to make it work with AD. Now I
want to try to test to make EAP-TTLS with PAP to authenticate users in
domain. I saw this link
http://lists.freeradius.org/mailman/htdig/freeradius-users/2008-March/msg00417.html
So I added following lines to modules
If anyone needs help in getting there openldap to work with freeradius2
please reply back. I finally was able to figure it out and then used
unlang to authorize my groups and would like to share what I have learned.
Christopher Sheldon wrote:
Does anyone else who subscribes to the list
Hi Dave... What do you think about wiki? You can post there your
experience...
Best regards
Dave Rummel wrote:
If anyone needs help in getting there openldap to work with
freeradius2 please reply back. I finally was able to figure it out and
then used unlang to authorize my groups and would
Hi,
exec ntlm_auth_pap {
wait = yes
input_pairs = request
shell_escape = yes
output = none
program = /path/to/ntlm_auth --username=%{User-Name}
--domain=EXCHANGE --password=%{User-Password}
Would like to make a request for an account to the wiki so I can add to it.
Dave Rummel wrote:
If anyone needs help in getting there openldap to work with
freeradius2 please reply back. I finally was able to figure it out and
then used unlang to authorize my groups and would like to share what
Alan DeKok wrote:
DAve wrote:
I have read through the docs, looked into Session-Timeout and SQL
counters, but I do not see how to force a client to re authenticate.
What am I missing? What config information do I need to provide? What
information/manual/how to have I missed?
Marinko Tarlac wrote:
You can use expiration attribute or you can disconnect user with PoD.
http://wiki.freeradius.org/Packet_of_Disconnect
Expiration Attribute? I've not seen that in any docs. The POD is useful,
I think I can provide a cronjob to query the DB once a day and terminate
Sebastian Heil wrote:
I started the server, started radmin, added the following debug condition:
debug condition '(User-Name == test)'
and then send an acces-request with this username to server. The server
crashed with the following errormessages:
Thu Jun 25 13:50:26 2009 : Error:
hello,
I'm trying to use unlang to limit LDAP user's access to different network
devices. Here is what I have so far in the site-enable/default:
Auth-Type LDAP {
ldap
if(NAS-IP-Address == 10.1.1.1 LDAP-Group ==
'RouterAdmin') {
ok
I noticed an unwanted behavior in rlm_sql.c
In a while loop that fetches rows the return code of rlm_sql_fetch_row is
not checked properly.
If rlm_sql_fetch_row returns -1, then sql_get_grouplist should also fail,
but it return 0 instead and in this case rlm_sql module returns notfound
instead
First, thanks Alan for your help, I managed to make it work with AD. Now I
want to try to test to make EAP-TTLS with PAP to authenticate users in
domain. I saw this link
http://lists.freeradius.org/mailman/htdig/freeradius-users/2008-March/msg00417.html
So I added following lines to modules
I'm trying to use unlang to limit LDAP user's access to different
network
devices. Here is what I have so far in the site-enable/default:
Auth-Type LDAP {
ldap
if(NAS-IP-Address == 10.1.1.1 LDAP-Group ==
'RouterAdmin') {
ok
I'd like our radius proxy server to allow an A/V pair, but, cannot find any
examples where I can apply any regex type rules to allow a range of values.
For example, I received the following from a remote radius server :
Cisco-AVPair = vpdn:ip-addresses=10.10.1.4
and would want to (using attrs)
41 matches
Mail list logo