Hi all,
my special gratitude to Leigh Martell, Alan DeKoK,Alan Buxey,
RAKOTOMANDIMBY,Ivan Kalik ,John Dennis .and all the team!
I solved the problem.
I think It ll better to put it in a tutorial or something(I ll do it)!
Best regards
2009/9/28 John Dennis
> On 09/28/2009 12:32 AM, José Johnny RA
Hi,
I found the solution (anyway it worked with mine):
-try to find what version of openldap is in your system(the default one) by
using the basic command.
-try to find what packages provides the "unfounded" shared file. On cenTos u
can do it with yum whatprovides blablafile.
-if the result is alre
> That was actually not what was really in the users file. I had changed
> that to the Cleartext syntax. I copied that straight out of the manual, so
> I'm starting to wonder if they wrote their docs for an old version of
> freeradius.
>
> But the dictionary still seems to be causing a stop.
>
> #L
Hi,
> #AudioCodes VSA dictionary
> VENDOR AudioCodes 5003
> ATTRIBUTE ACL-Auth-Level 35 integer AudioCodes
> VALUE ACL-Auth-Level ACL-Auth-UserLevel 50
> VALUE ACL-Auth-Level ACL-Auth-AdminLevel 100
> VALUE ACL-Auth-Level ACL-Auth-SecurityAdminLevel 200
you can view other dictionarys to see what
That was actually not what was really in the users file. I had changed that to
the Cleartext syntax. I copied that straight out of the manual, so I'm starting
to wonder if they wrote their docs for an old version of freeradius.
But the dictionary still seems to be causing a stop.
#Line 36 # Aud
Hi,
> john Auth-Type := Local, User-Password == "qwerty"
delete the Auth-Type part, change User-Password == to Cleartext-Password :=
- this is clearly documented in the users file and the WIKI
Ivan has already corrected your dictionary entry :-)
alan
-
List info/subscribe/unsubscribe? See http
> Trying to set up some new devices (AudioCodes MP118) to authenticate, but
> the dictionary entries the mfr. says is for FreeRadius doesn't quite work.
>
> #AudioCodes VSA dictionary
> VENDOR AudioCodes 5003
BEGIN-VENDOR AudioCodes
> ATTRIBUTE ACL-Auth-Level 35 integer AudioCodes
Delete that Au
Hello.
Trying to set up some new devices (AudioCodes MP118) to authenticate, but the
dictionary entries the mfr. says is for FreeRadius doesn't quite work.
Using FreeRadius v. 2.1.6 on Mac OS X
The users entries they say to try looks like this:
john Auth-Type := Local, User-Password == "qwerty
> 1.
> Yes correct only in two places, it works. Thanks!
>
> 2.
> Great this works! I put this is "authorize" section.
>
> 3.
> It does not log NAS-Ip address because this is included as reply
> attribute.
> Should I update reply in the similar way as User-Name?
Yes. Add it to same update section.
Yes this works!
I need to put perl module in 2 places in "post-auth" section
1st time near "reply_log"
and
2nd time
Post-Auth-Type REJECT {
reply_log
custom_module
attr_filter.access_reject
}
Thanks a lot
Alan Buxey wrote:
>
> Hi,
>
>
Thanks a lot Ivan
1.
Yes correct only in two places, it works. Thanks!
2.
Great this works! I put this is "authorize" section.
3.
It does not log NAS-Ip address because this is included as reply attribute.
Should I update reply in the similar way as User-Name?
Is this recommendation preferre
> What we need is logging all the real FINAL messages that RADIUS sends to
> the
> client Access-Rejects/Access-Accept in one line with simple detail about
> NAS
> and UserName:
>
> Something like:
> Time,Access-Reject(or Accept),NAS-IP-Address,User-Name
>
>
> I looked into "modules/detail.log" mod
> The problem about opennssl is solved afer make clean or/and reboot but my
> main problem about converting EAP-Response/Identity to Radius
> Access-Request without EAP message inside to my existing Radius server
> stay
> alive :-(
I was under the impression that I have told you what is the like
Hi,
slap perl into the post-auth section, configure a PERL module
(post-auth section of the module) to open file, print the bits
you need and then close the file. that file will be
nicely populated with what you need.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/user
Hello,
Could someone please recommend the way to configure a very simple logging in
FreeRadius 2.1.7?
As you know there are many sections like Authorize,Authenticate,Post-Auth
and there is some logic in unlang so depending on if/else statements and
flow regardless if authentication passed Access-R
> dude why cant it just say that like all other programs do that Instance of
> the server is already running?
Because it doesn't have to be freeradius on that port. It can be some
other radius server or ...
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freera
The problem about opennssl is solved afer make clean or/and reboot but my
main problem about converting EAP-Response/Identity to Radius
Access-Request without EAP message inside to my existing Radius server stay
alive :-(
This is the debug message :
debian:~# radiusd -X
FreeRADIUS Version 2.1.
dude why cant it just say that like all other programs do that Instance of
the server is already running?
On Tue, Sep 29, 2009 at 12:47 PM, John Dennis wrote:
> On 09/29/2009 12:26 PM, Alex M wrote:
>
>> ok so I added "sql" in instantiate section and it start loading NAS
>> table as i even saw m
On 09/29/2009 12:26 PM, Alex M wrote:
ok so I added "sql" in instantiate section and it start loading NAS
table as i even saw my NAS ip.
Now im getting error on startup that crushes the server:
=
Failed binding to authentication address
Hello Ivan,
On Tue, Sep 29, 2009 at 3:14 AM, Ivan Kalik wrote:
>
> Try using buffered-sql virtual server to separate accounting from
> authentication. At busy time accounting will lag behind but it will catch
> up when rush passes.
Noted. I will check this out then.
Thank you.
Regards,
Muffin
Hello Alan,
On Tue, Sep 29, 2009 at 12:35 AM, Alan DeKok wrote:
>
> What does that mean? You kick all of the users off, and then allow
> them back on?
Just bypass the router and the RADIUS servers to go straight to the Internet.
> Well... if the MySQL server can't handle the traffic, no amou
Hello Alan,
On Mon, Sep 28, 2009 at 11:24 PM, Alan Buxey wrote:
>
> are you doing authentication and accounting via MySQL? did you perform
> a benchmark of the RADIUS server + MySQL (eg with dumb temp accounts)
> to check what the loading could be? in my experience, authentication can
> be done
ok so I added "sql" in instantiate section and it start loading NAS table as
i even saw my NAS ip.
Now im getting error on startup that crushes the server:
=
Failed binding to authentication address * port 1812: Address already in use
/us
On 09/29/2009 10:42 AM, paul.blal...@gmail.com wrote:
I appreciate your insight, and I might have to go with a pre-built
package after all. But I did go ahead and issue the commands, and when I
run
chkconfig --list radiusd This is what I get.
radiusd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Accordi
> According to the links that you sent me, this is what it is supposed to
> say, but the radiusd service still does not start at boot time, it still
> requires me to log on to the gnome desktop as root before the service will
> start.
Radiusd doesn't "require" you to do anything. That's how *you*
I appreciate your insight, and I might have to go with a pre-built package
after all. But I did go ahead and issue the commands, and when I run
chkconfig --list radiusd This is what I get.
radiusd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
According to the links that you sent me, this is what it is
Pavel Malev wrote:
> After authorization Freeradius send reply to Default Gateway(!), not to
> clinet:
> [tcpdump]
> 02:28:25.766341 00:30:4f:21:b4:73 > 00:30:48:35:31:32, ethertype IPv4
> (0x0800), length 342: 192.168.2.252.67 > 255.255.255.255.68:
> BOOTP/DHCP, Reply, length: 300
Hmm... I tho
> So i dont even see any access to my database at all, i see that SQL config
> is loaded but no request
> Do i have to add any parameters when compiling the code so that we have
> support of network functionality?
No, but you need to list sql *somewhere* in order for it to be used. If
you don't wa
Hi,
> Ok readclients was not enabled :(
> Still enabling that did not help. (I did restart the server after enabling
> it ;-)
>
> How do I output screen to file? I tried radiusd -X >radius_log.txt but that
> just didnt execure anything :(
you can do multiple way
'script' or 'screen'; can be use
29 matches
Mail list logo
