Re: Accessing a second AV Pair

My full SQL statement is: accounting_stop_query = "EXEC ${stopacnt_sp} @username = '%{SQL-User-Name}', @av_pair = '%{h323-incoming-conf-id}', @gw_session_id_out = '%{Quintum-h323-conf-id}', @call_origin = '%{Quintum-h323-call-origin}', @dialstring_from = '%{Calling-Station-Id}', @dialstring_to = '

Accounting : Alvarion WiMax Base Station as NAS

Dear All, As everyone already tried to use BreeMax Alvarion BTS as NAS for the freeradius ? I got trouble for the accounting part of it : * Cannot see upload/download (acct-input/output-octets) * Total time is always equal to 0 * No interim updates (even if Acct-I

RE: RE: Problems to do an SSID based authentication(t...@kalik.net)

was scrubbed... > URL: > <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20091116/b10f1801/attachment.html> > > -- > > Message: 3 > Date: Tue, 17 Nov 2009 00:01:08 - (UTC) > From: t...@kalik.net > Subject: RE: RE: Pro

Re: Multiple forests

Thank you. I will give it a try. --- 09年11月16日，周一, Peter Lambrechtsen 写道： 发件人: Peter Lambrechtsen 主题: Re: Multiple forests 收件人: "FreeRadius users mailing list" 日期: 2009年11月16日,周一,下午5:50 You will need to setup two (or more) LDAP directory configs in the modules/ldap config. AD's LDAP inte

realm --help

Hi, I have a realm as "vsnl.net" given to all the users (approx 2800 users), with different passwords. I have defined it in the "proxy.conf" as realm vsnl.net { type= radius authhost= local accthost= local } So, is this correct,

RE: Accessing a second AV Pair

What operator are you using? I have multi AVPairs and i have := on the first one and += on the others working for me. Andrew Paternoster Senior System Engineer [cid:logo1af4.jpg] [cid:spacerecc.jpg] 2/94 Abbott Road, Hallam, VIC 3083 P

Accessing a second AV Pair

Hi, I have a Radius message which has two AV Pairs and I want to insert them both in to a database. However, I'm unable to access the second AVPair. Here is the Radius packet rad_recv: Accounting-Request packet from host 10.152.0.7 port 20001, id=87, length=662 NAS-IP-Address = 10.1

freeradius and openser

I am configuring Freeradius server with openser... By default there is openser dictionary file that the path of that file should be included in freeradius master dictionary file... now i am confuse that command $INCLUDE {path of the openser dictioanry file} how will i include that over the network

COA Examples

HI Does anyone have any COA policy examples? I want to use them on a cisco router to change the traffic shaping policy at different times of the day. Thank you Andrew Paternoster Senior System Engineer [cid:logo35.jpg][cid:spacer7cf.jpg]

Re: bug in rlm_ldap authorization password handling?

> I'm a little confused by how rlm_ldap is handing passwords. First let me > state what I believe to be true, if I'm wrong on any of these > assumptions please correct me. They are, sort of, correct. > Or am I just missing something? You are looking at rlm_ldap in isolation. rlm_pap will "handle

RE: RE: Problems to do an SSID based authentication

>> > My users.conf file looks like this: >> >> > PeterCleartext-Password := "kaffe" , Called-Station-Id == >> "04-0B-6B-33-62-35:raket" >> > JensCleartext-Password := "kaffe" , Called-Station-Id == >> "02-0B-6B-33-62-35:3" > The logs from my radius -X is following: > > rad_recv: Access-Req

Book About Free-Radius Configurations

Hello, I have some days out, but I'm back. I would like know if exists any book with examples and explications about freeRadius configurations and the RADIUS protocol. What you thinks about the book http://www.amazon.com/AAA-Network-Security-Mobile-Access/dp/0470011947/ref=pd_bxgy_b_img_a Than

acct-delay-time appears to be off

I have been looking at this, and scratching my head. It appears as if the (timestamp -(minus) acct-delay-time) does not always = the actual start time of the session. From my observation, and log reading script, I have found that there could be a +/- 1 second variance in either the timestamp, or

bug in rlm_ldap authorization password handling?

I'm a little confused by how rlm_ldap is handing passwords. First let me state what I believe to be true, if I'm wrong on any of these assumptions please correct me. Authentication modules need access to either the cleartext password or hashed password, it is the role of the authorization modu

Re: FreeRADIUS + Postgresql dies unexpectedly

Hi, >>  I'd suggest changing sql_query() function in sql_postgresql.c to: >> >>        ... >>        if (!errormsg) return -1; >>        ... >> >>  instead of the current block of code { errormsg = "FATAL ERROR" } >> Well I tried this change, you can see the gdb output at: http://dl.dropbox.com

Re: Unexpected "Exiting normally" 2.1.8?

Craig Campbell wrote: > Still running tests with bisect. > > successful runs take some time to identify (a day). > > Please let me know if the bug is identified, otherwise I'll keep > plugging away. Thanks. Once we know the commit, the fix should hopefully be easy. Alan DeKok. - List info/

Re: Unexpected "Exiting normally" 2.1.8?

ersion of virus signature database 4611 (20091116) __ The message was checked by ESET Smart Security. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FR2.1.7 with EAP-TTLS/PAP and LDAP

Hi Alan, i told myself that i should try and enable the ldap module in the authorize section, nothing wrong in that ;) and now it works... so now in my inner-tunnel file i got: server inner-tunnel { authorize { suffix update control { Proxy-To-Realm := LOCAL

Re: FR2.1.7 with EAP-TTLS/PAP and LDAP

Hi, > Hi Alan, > > i checked my sites-available/inner-tunnel file: > > in authorize section everything is commented, except: eap and pap (ldap is > commented). > > in authneticate section i have > Auth-Type PAP { > pap > } > > Auth-Type LDAP { > ldap >

Re: DHCP in FR

> Hi, > >> Module: Checking dhcp DHCP-Request {...} for more modules to load >> Module: Linked to module rlm_passwd >> Module: Instantiating mac2ip >> passwd mac2ip { >> filename = "/usr/local/etc/raddb/mac2ip" >> format = "*DHCP-Client-Hardware-Address:=DHCP-Your-IP-Address" >>

Re: FR2.1.7 with EAP-TTLS/PAP and LDAP

Hi Alan, i checked my sites-available/inner-tunnel file: in authorize section everything is commented, except: eap and pap (ldap is commented). in authneticate section i have Auth-Type PAP { pap } Auth-Type LDAP { ldap } the rest is commented t

Re: DHCP in FR

Hi, > Module: Checking dhcp DHCP-Request {...} for more modules to load > Module: Linked to module rlm_passwd > Module: Instantiating mac2ip > passwd mac2ip { > filename = "/usr/local/etc/raddb/mac2ip" > format = "*DHCP-Client-Hardware-Address:=DHCP-Your-IP-Address" > delimi

RE: RE: Problems to do an SSID based authentication

> -- > > Message: 3 > Date: Mon, 16 Nov 2009 10:03:22 + > From: Alan Buxey > Subject: Re: Problems to do an SSID based authentication > To: FreeRadius users mailing list > > Message-ID: <20091116100322.gb5...@lboro.ac.uk> > Content-Type: text/plain; chars

Re: Problems to do an SSID based authentication

Hi, > I am trying to do an SSID based authentication per user. > What I mean is that i try in the users.conf file to check for which SSID the > users is trying to use to login and if it is wrong it shall do an reject for > that user. > > The problem is that i dont succeed with this so I thought

Re: FR2.1.7 with EAP-TTLS/PAP and LDAP

hi, from your log... No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. } # server inner-tunnel [ttls] Got tunneled reply code 3 [ttls] Got tunneled Access-Reject [eap] Handler failed in EAP/ttls [eap] Failed in EAP select

Re: Multiple forests

You will need to setup two (or more) LDAP directory configs in the modules/ldap config. AD's LDAP interface isn't able to query inter-domain. So you need to setup a LDAP connection per unique domain. http://wiki.freeradius.org/Rlm_ldap On Mon, Nov 16, 2009 at 9:42 PM, John wrote: > Hi, > We a

Problems to do an SSID based authentication

of tls and ttls configuration > To: Freeradius-Users@lists.freeradius.org > Message-ID: > Content-Type: text/plain; charset=ISO-2022-JP > > > Dear All, > > Can I coexist eap tls and ttls configuration in a freeradius? > If yes, please let me know of the configurati

FR2.1.7 with EAP-TTLS/PAP and LDAP

Hi all, i followed the how-to steps from http://deployingradius.com/documents/configuration/setup.html configured PAP, and EAP, made the certificates using the defaults in ./certs/bootstrap Also: in the authenticate {} section from ./sites-available/default Auth-Type LDAP { ldap

Re: Freeradius-Users Digest, Vol 55, Issue 65

Thank you for your message. I am away until Nov 19th. I will respond to your message on my return . For urgent matters, please contact helpd...@stgeorges.bc.ca . Cheers, Gilbert Lo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Multiple forests

Hi, We are using freeRADIUS-1.1.6 talk to active-directory (multiple DOMAINs: "A.com" and "sub.A.com"). We use rlm_ldap module Global catalog port to get attributes from ADs. It works fine.   Now a forest(e.g.  "B.com", "sub.B.com" ...) that is trust with domain "A.com". I can not get attributes

Re: Problem with template.conf in proxy.conf

Thank you very much Alan. 2009/11/14 Alan DeKok > Ana Gallardo wrote: > > WARNING: No such configuration item tld-rediris > > /etc/freeradius/proxy.conf[28]: Reference "tld-rediris" not found > > Errors reading /etc/freeradius/radiusd.conf > > I've committed a fix to git. It will be in 2.1.

Re: Co-existing of tls and ttls configuration

Koichi Yagishita wrote: > Can I coexist eap tls and ttls configuration in a freeradius? Yes. > If yes, please let me know of the configuration. The server ships with this configuration. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html