Alan Buxey wrote:
> in my proxy.conf I have a FQDN for a proxy destination.
That's generally a bad idea, but OK...
> that FQDN has a record (and all other operations to
> it from the server us IPv6 for transit). however, FreeRADIUS
> doesnt want to talk to that remote proxy via IPv6
Wh
Kanwar Ranbir Sandhu wrote:
> Ok, fair enough. But, I've set up freeradius to not allow more than one
> session. How is a new row being added to radacct when the first one for
> the same user still has "acctstoptime" as NULL? I thought the sql
> queries were designed to stop that when using simu
Bandwidth is needed on your router. Between your router and your radius
server you will only have authentication and accounting packets which
are small and do not consume much of a bandwidth.
Radius server will not do any rate limiting, radius server will only
send rate limit data to router, during
Hi all,
I have done basic setup of freeradius and tested in my old PC (PIII).
Now I want to do the real thing but I need some estimation regarding
this. Can somebody share their knowledge on this?
What is the bandwidth requirement for dedicated radius service based
on numbers of user or hotspots.
I am experiencing the following oddness I am hoping someone can shed some light
on...
We are using FR 2.X and LDAP for MSCHAPv2 authentication. We are storing the
NT-Password Hash within LDAP, utilizing ldap.attrmap to map our LDAP variable
to "NT-Password"
So when an MSCHAPv2 based Auth come
escuse me, you are correct .is only to range, for 8 IPs is OK, then the network
for this (stuff /29) must be >= /27.the signification of /x in VLSM and ACL
type stuff is the same ,no changes in the
x first bits.
--
Este mensaje le ha llegado mediante el servicio de correo electronico que
o
Hi
I am running FreeRADIUS v2.1.6.
Problem is found when SQL works in 'users'.
sql.conf:
sql sql_auth {
Some auth-queries...
}
sql sql_acct {
Some acct-queries...
}
radiusd.conf:
authorize {
files
sql_auth
}
users:
DEFAULT SQL-Group == 'Group1'
...
But files
Le jeudi 20 août 2009 à 01:07 +0100, Neville a écrit :
> Hi Alex,
>
> > You are expecting an interim update to send session-timeout to your nas
> > so it disconnect your user?
> > If so, two things seems incorrect to me.
> >
> >1- You're measuring traffic volume and want disconnection to set
Check this out... I entered the Domain Name manually and it worked!
So, now I have no freaking clue... I thought it was something with the
"//" in the DomainName//UserName - but doesn't look like it.
Here's some debug output. I snipped all the stuff before this output -
from what I can tell it
Maybe, but I'm thinking it's the whole Domain Name thing being prepended
to my "user name". When I login manually the user name is simply
"ggatten" and everything is happy. When I choose "use windows logon
name and password" my "username" becomes "WADDELL\ggatten".
If I can strip off the doma
> Yup, that line is there. Much of the doc online is WAY out of date, so I'm
> wondering if by actually RTFM first I broke something?
Ok. This may sound crazy and it may not be your problem, but, I thought I'd
mention it anyway.. Look at the samAccountName attribute in A/D for a user
that is
OK, got manual PEAP auth working again.
-Original Message-
From: Gary Gatten
Sent: Thursday, August 20, 2009 3:55 PM
To: 'FreeRadius users mailing list'
Subject: RE: MS 8021.x PEAP failing
Whoops! I tried the change you mentioned and now can't get manual auth
to work either. I comme
Whoops! I tried the change you mentioned and now can't get manual auth
to work either. I commented out the working lines and restored them,
but still no love! $hit.
-Original Message-
From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org
[mailto:freeradius-users-
If I understand you correctly - I respectfully submit you are incorrect.
When using VLSM / classless masks to define a NETWORK, you are correct
(I haven't checked the math - just assuming you are correct). However,
when defining ACL type stuff, the proposed /29 would be perfectly OK.
That said, I'
you can not to use /29 for 8 IPs because 3 bits have exactly 8 combination
,..x000 is the network and ...x111 is the difusion ,then really you have 6 IPs
with /29, you need /28 16 combinations minus two,min 14 IPs for 8 numbers.
--
Este mensaje le ha llegado mediante el servicio de correo elect
Nope - no love! I'll capture a successful PEAP login when I manually
enter the credentials, and the failed login when using the "windows"
credentials.
Standby.
Gary
-Original Message-
From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org
[mailto:freeradius-users-bounc
On 08/20/2009 01:05 PM, Larry Ross wrote:
Good Morning All;
I am looking for direction into correcting an issue with FR 2.X
authenticating against a Krb5 directory with Hardware Pre-Auth enabled.
Currently I am not finding any luck in getting this off the ground.
I don't know what Hardware Pr
Here are my sites-enabled/default and sites-enabled/inner-tunnel files.
Thanks,
Anton
2009/8/19 Alan Buxey :
> Hi,
>
>> I have another freeradius host (freeradius 2.1.3) with the same
>> authentication scheme.
>> I look at debug output on it:
>>
>> Found Auth-Type = MSCHAP
>> +- entering group M
Yup, that line is there. Much of the doc online is WAY out of date, so I'm
wondering if by actually RTFM first I broke something?
- Original Message -
From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org
To: 'FreeRadius users mailing list'
Sent: Thu Aug 20 14:09:31
Hi,
> If in my PEAP conf I uncheck "Automatically use my Windows logon name
> and password" and enter my username/password manually - I auth fine.
>
> I've been playing around with conf/module files trying to strip the
> DOMAIN out of my login request - but no luck!
this pretty muhc works out of
> I've been playing around with conf/module files trying to strip the
> DOMAIN out of my login request - but no luck!
Have you tried "with_ntdomain_hack = yes" in the mschap module config?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
I'm relatively new to FR, unlang, etc. - so bear with me.
Trying to use M$ XP 802.1x supplicant to auth to a Cisco switch. I've
gotten MD5 to work no prob (also vty login to the switch itself using
NTLM-Auth) - but can't seem to get EAP-TLS (certs) or PEAP to work.
Given that in my cert c
Hello Allan,
Thank you for your reply.
ensure your netmask etc are correct
:-)) I hope so. I was giving it like this (IP address
plus slash 29: 10.1.1.112/29)
My trouble was I did not know if I could use 10.1.1.112/29
as nasname.
Thank you all.
Cheers
Irina
==
Hi,
Hello
Hello Rokkhan,
I was curious if you could send me the configuration you have on your Cisco
AP's for telnet/ssh access? I'm having some trouble with mine, but I'm able to
authentication my routers and switches just fine.
I would ask the mailing lists, but they sometimes aren't very helpful. ;)
Of course it implies you have installed the oracle instantclient
provided by oracle in /opt/oracle...
If not point to where the oracle libs are depending on your unix
flavour.
As far as i remember the post you quoted in your mail was about ubuntu
Linux radius server with no oracle instance run
hi,
in my proxy.conf I have a FQDN for a proxy destination.
that FQDN has a record (and all other operations to
it from the server us IPv6 for transit). however, FreeRADIUS
doesnt want to talk to that remote proxy via IPv6
anyone else successfully SENDING proxied packets from FreeRADIUS
us
Hi,
> Hello,
>
> Could someone let me know if I can insert a new NAS in the following
> format
>
> insert into nas values('','xx.xx.xx.112/29','shortname',)
you can use sucha netmask to cover a rangebut they'll all
then use the same secret and be identified by the same shortname.
...jys
Hi,
> Got it. I was specifying detail file path incorrect and it's not finding
> it.one more question regarding this.
> sites-available/default have preprocess section. and same section in
> sites-enabled/buffered-sql present. Does preprocess section in buffered-sql
> needs to be commented out?
th
Got it. I was specifying detail file path incorrect and it's not finding
it.one more question regarding this.
sites-available/default have preprocess section. and same section in
sites-enabled/buffered-sql present. Does preprocess section in buffered-sql
needs to be commented out?
Thanks.
>
> Mes
Good Morning All;
I am looking for direction into correcting an issue with FR 2.X authenticating
against a Krb5 directory with Hardware Pre-Auth enabled. Currently I am not
finding any luck in getting this off the ground.
Thank you
Larry Ross
Network Operations
University California Davis
http
Hello Gary,
thank you very much for your reply.
No, not the wildcards.
Few IPs within the same class. I was not sure if I could
use /29.
Thanks again.
Irina
===
If you're asking if you can use classless masks to
represent a block of IP's, yes you can. If you're asking
Joe Maimon wrote:
> So I define multiple home servers as the potential destinations for the
> copied accounting in proxy.conf
Yes. AND you write to multiple detail files.
> How do I specify where to send the accounting in the detail-reader?
>
> Either of these?
>
> ATTRIBUTE Proxy-To-
If you're asking if you can use classless masks to represent a block of
IP's, yes you can. If you're asking if you can use "wildcards" in the
IP addresses - I don't know... I doubt it.
-Original Message-
From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org
[mailto:free
On Thu, 2009-08-20 at 08:55 +0200, Alan DeKok wrote:
> >. ... So, effectively, freeradius shows TWO live sessions for
> > the same user. When we check the NASes, we see two sessions for the
> > same user there as well.
>
> Then the user has logged in twice. There really ARE two sessions.
Ok,
Hello,
Could someone let me know if I can insert a new NAS in the
following format
insert into nas
values('','xx.xx.xx.112/29','shortname',)
Or do I have to insert each IP individually
insert into nas values('','xx.xx.xx.112','shortname',)
insert into nas values('','xx.xx.xx.113',
Alan DeKok wrote:
Joe Maimon wrote:
Certain systems need copies of accounting data, but I only want to send
a subset of accounting to the appropriate system. I dont want to change
the way the server updates the sql accounting and local detail files.
If you need *multiple* copies, then the
HelloI
I have been testing with my freeradius and cisco devices, such as
switches, firewalls, acces points, ...
Now, I´m able to configure users validation through freeradius with
Access Points and Peap.
Get shell acces to cisco devices and establish the level privilege of
them with freeradius.
And
Hi,
I have freeradius with proxy configuration i want to do following setup.
Some user will get aucc and auth by proxy radius and some will be locally.
1) Free radius server will accept request from RAS server ( Cisco) and forward
to proxy radius and reply of proxy radius will be send back to R
Alan DeKok wrote:
Joe Maimon wrote:
Certain systems need copies of accounting data, but I only want to send
a subset of accounting to the appropriate system. I dont want to change
the way the server updates the sql accounting and local detail files.
If you need *multiple* copies, then the
Hi,
I have lived the same problem depicted here.
Alan De kok suggested to prevent the thread creation
http://lists.cistron.nl/pipermail/freeradius-users/2007-October/msg00257.html .
Is there another solution for that (maybe changing a sysctl value ) since
machine has lots of memory and very
On 08/19/2009 06:37 PM, ganesh nagpure wrote:
Hi Jonathan,
Thanks fo your reply.
BRAS is 7206 cisco brodband RAS we are integrating with free radius.
We have two type of user prepaid and post paid .
I am just worndering how can i define this in cisco-avpair += parameter.
I'm afraid I can't
Hi,
> Hi All,
> does anyone can authenticate users with double quotes in their password
>
> with MS-CHAP ?
> No problem with TTLS/pap.
check the password and escape dodgy characters ?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi All,
does anyone can authenticate users with double quotes in their password
with MS-CHAP ?
No problem with TTLS/pap.
Thanks.
--
Richard Timsit
EPFL DIT-TI
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi ,
when i run radiusd -X
facing below problem.
Could not link driver rlm_sql_oracle: ld.so.1: radiusd: fatal:
rlm_sql_oracle.so
Make sure it (and all its dependent libraries!) are in the search path of
your s
/usr/local/etc/raddb/sql.conf[22]: Instantiation failed for module "sql"
/usr/local
Your sql should be changed.
Check any post on 24hours login. That logic will resolve this 2 days thread.
Goksie
Sent from my BlackBerry® smartphone from Etisalat
-Original Message-
From: Alexandre Chapellon
Date: Wed, 19 Aug 2009 07:55:47
To: FreeRadius users mailing list
Subject: Re:
RANDRIAMAMPIONONA José Johnny wrote:
> Here are the debug from the radius server:
You have firewall rules that are blocking the packets.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi list.
This is my first message to the list. I have read a lot before send
this message.
I have freeradius version 2.1.6 and want to for every accounting
packet exec a script.
I have configured the ${confdir}/modules/files file with:
acctusersfile = ${confdir}/acct_users
and my acct_users fil
Hi,
> I'm using the following configuration but it's not working.
^^
whats not working? whats the symptoms? wheres the radiusd -X ?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Joe Maimon wrote:
> Certain systems need copies of accounting data, but I only want to send
> a subset of accounting to the appropriate system. I dont want to change
> the way the server updates the sql accounting and local detail files.
If you need *multiple* copies, then the "detail" write/re
Hello,
It has been stated in release notes for FR 2.1.6 that loosing of tags
for tagged attributes is fixed in rlm_perl in this version, but it is
not.
Look at the example below:
$ radiusd -v | head -1
radiusd: FreeRADIUS Version 2.1.6, for host i386-portbld-freebsd7.2,
built on Aug 18
Rakotomandimby Mihamina wrote:
> I am on the way to migrate a freeRadius V1 to a V2.
>
> I would like to log the queries submitted to the running V1,
> so thaht I could test them via 'radclient' to the V2, before
> switching to production stage.
>
> So, on a V1.4, what kind of loggin should I ena
Alexander Clouter wrote:
> Only me...again doing things I probably should not do with FreeRADIUS.
It shouldn't crash...
> So I decided to slap in unwisely placed 'handled' and the attr_filter on
> the proxying server (in post-proxy) exploded. The backtrace is below
> and I also slipped in a
52 matches
Mail list logo