Error while trying to make root CA

Hello everyone, it took a while for me to understand how to get root privileges in the terminal, i finally decided to login as root though I know I should not do that but I couldnt find a way around it since i need to get into raddb/certs with the terminal so i can remove some files and stuff t

Re: separating Users?

freerad...@corwyn.net wrote: > so if ./users: > DEFAULT Huntgroup-Name == Cisco_Huntgroup, Auth-Type:=ntlm_auth, > Ldap-Group == "Infrastructure" > > Service-Type:=NAS-Prompt-User,cisco-avpair:="shell:priv-lvl=15", > DEFAULT Huntgroup-Name == VPN_Huntgroup, Auth-Type

Re: Accounting SQL Entries

Matt Martin wrote: > Now, I am trying to log the session details, such as data to and from > the host. I've tried various configs, FAQs and similar without little > luck. If you have the authentication data logged to SQL, then logging accounting data is easy: a) create the tables

Re: Session-Octets-Limit and sqlcounter

Thanks YvesDM, I saw it - the attribute - and my problem is now solved Many thinks! the Last line ! 1.236 (09/30/2009) a.. fixed a security issue in the DHCP client (CVE-2009-0692) b.. captive portal fixes (jdegraeve): a.. changed RADIUS timeout/maxtries from 5/3 to 3/2 reducing failove

Re: MPD : mpd-drop-user

Dear Ivan, I read some of the information saying it is possible to insert attribute in Accounting Response Packet but RFC said almost no attribute will inject into response packet. There is also user ( @ year 2005) change some coding in rpm_sql to do query during the accounting update as well

Re: separating Users?

At 09:41 PM 11/30/2009, you wrote: Yes, if that DEFAULT entry doesn't match - it will get ignored. If you want authentication to fail if such conditions are not met you need to add Auth-Type to it. If there is no Fall-Through to DEFAULT forcing ntlm_auth, Auth-Type won't be set and authentication

Re: MPD : mpd-drop-user

Ok, I noted there are ext-accounting script support in MDP and it should do some checking against mpd-drop-user information and action taken accordingly. trying to locate the sample of script now. CK t...@kalik.net wrote: If what you have wrote is correct (and it does make sense) - to Accounti

Re: MPD : mpd-drop-user

If what you have wrote is correct (and it does make sense) - to Accounting-Response packet. Ivan Kalik > This is what I though as well. However, I read somewhere MPD was support > this option but no details on where to put this attribute in. > > Regards > > t...@kalik.net wrote: >>> Is anyone try

Re: Accounting SQL Entries

> I have been testing FreeRADIUS for a project we are looking at running > to authenticate users for Giganews. > > I have got the authentication part working well, and the > authentication attempts get logged correctly into MySQL. > > Now, I am trying to log the session details, such as data to and

Re: separating Users?

> What I think is my final problem. I'm now working to authenticate > VPN users in the same scenario, using the l2tp client in > windows. Looks like everything automatically picks up that it's a > MSCHAP request. > > Using a similar logic: > DEFAULT Huntgroup-Name == VPN_Huntgroup, Ldap-

Re: MPD : mpd-drop-user

Dear Ivan Kalik, This is what I though as well. However, I read somewhere MPD was support this option but no details on where to put this attribute in. Regards t...@kalik.net wrote: Is anyone try this attribute /*mpd-drop-user*/ in freeradius with Mysql? MPD support this attribute to check t

Re: {Disarmed} Re: mpd-drop-user

Dear Charles, Thank for your suggestion and in fact I've my last option whereby I will write a simple telnet session to terminate the session if the usage is over. However, I'm looking to have this option work if possible. cheers Charles wrote: Hi cktan, Was looking for a similar solution

Re: mySQL table creation file

install freeradius-mysql and you can find the source in sql/mysql/schema.sql 2009/12/1 James Hankins > Greetings, > > I'm standing up a freeradius server on Centos 5.4 with the yum installed > version of Freeradius. Where do I obtain the mysql file to create the > default tables for the databas

Accounting SQL Entries

Hello list. I have been testing FreeRADIUS for a project we are looking at running to authenticate users for Giganews. I have got the authentication part working well, and the authentication attempts get logged correctly into MySQL. Now, I am trying to log the session details, such as data to an

mySQL table creation file

Greetings, I'm standing up a freeradius server on Centos 5.4 with the yum installed version of Freeradius. Where do I obtain the mysql file to create the default tables for the database? Thank you! Jim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: separating Users?

At 06:12 PM 11/30/2009, t...@kalik.net wrote: > You need to set fall-through so that you still do per user processing. > This is documented in the raddb/users file and you should also read > doc/processing_users_file Or just add Auth-Type := ntlm_auth to the first line (ie. instead of Accept). F

Re: Session-Octets-Limit and sqlcounter

> I think you are right, I will ask in the monowall forum. > Just that the forum is not very active on Captive Portal issues. > > Could you be kind to suggest a NAS that you know which can help me achieve > my goal? > > Thanks in advance - I know I am asking too much. Yes you do. Now go and read m

Re: chilli + freeradius + mysql : Password check failed

>>t...@kalik.net>Is it well written oon the login page? Try simpler password >> (something>like 12345 - that will work even with CAPS LOCK on). If it >> still fails>take it up with chillispot people. > > I have tried with 1234 : > ... > Mon Nov 30 10:45:56 2009 : Info: Found Auth-Type = CHAP > Mon

RE: Re: Making certs for Windows users

> So the only differences between the test cert and a real one is only what > is written in the ca.cnf? Why do you think that "test" certificates aren't "real"? They also work. How else would you test things with them. > I dont need to add or remove anything or make an extra file or something > l

Re: MPD : mpd-drop-user

> Is anyone try this attribute /*mpd-drop-user*/ in freeradius with Mysql? > MPD support this attribute to check the status of account during it > update the accounting and if the value for this attribute become > non-zero, it will disconnect the session for the user. > > We use MPD to setup a PPPo

Re: separating Users?

> On 11/30/2009 05:07 PM, freerad...@corwyn.net wrote: >> At 03:27 PM 11/30/2009, David Mitchell wrote: >>> 1) Don't specify the Auth-Type. You still want to check the password I >>> assume. I think your config will let in any user who is in group >>> "Group1" irrespective of the supplied password.

Re: separating Users?

On 11/30/2009 05:07 PM, freerad...@corwyn.net wrote: At 03:27 PM 11/30/2009, David Mitchell wrote: 1) Don't specify the Auth-Type. You still want to check the password I assume. I think your config will let in any user who is in group "Group1" irrespective of the supplied password. Sigh. Here

Re: separating Users?

At 03:27 PM 11/30/2009, David Mitchell wrote: 1) Don't specify the Auth-Type. You still want to check the password I assume. I think your config will let in any user who is in group "Group1" irrespective of the supplied password. Sigh. Here I was all excited that I had everything working, and w

Re: chilli + freeradius + mysql : Password check failed

When I implemented the Hotspot i used 'User-Password' as password attribute and it works for me, maybe this can help you. Regards. David BiTx0 wrote: Hi all, Forgive me for not answering but weekends I do not work J >José Adiel Blandón Rivera canc...@gmail.com

Re: Session-Octets-Limit and sqlcounter

On Mon, Nov 30, 2009 at 4:44 PM, Charles wrote: > Thanks Allan, > > I think you are right, I will ask in the monowall forum. > Just that the forum is not very active on Captive Portal issues. > > Could you be kind to suggest a NAS that you know which can help me achieve > my goal? > > Thanks in ad

Re: separating Users?

freerad...@corwyn.net wrote: > > > > There's a piece of RADIUS that I'm not understanding. > > If I have an entry in my ./users file > DEFAULT Auth-Type:=Accept,Ldap-Group == "Group1" > > Service-Type=NAS-Prompt-User,cisco-avpair="shell:priv-lvl=15" > > And another entr

Re: separating Users?

On 11/30/2009 02:54 PM, freerad...@corwyn.net wrote: There's a piece of RADIUS that I'm not understanding. If I have an entry in my ./users file DEFAULT Auth-Type:=Accept,Ldap-Group == "Group1" Service-Type=NAS-Prompt-User,cisco-avpair="shell:priv-lvl=15" And another entry DEFAULT Auth-Type:

RE: separating Users?

Read the comments in the huntgroups file in the raddb directory. This will show you how to setup a huntgroup which can be used to authorize users based on the switch (NAS) sending the authentication request. Tim > -Original Message- > From: freeradius-users- > bounces+tim.sylvester=networ

Re: Exec and ntlm_auth

At 11:21 AM 11/30/2009, freerad...@corwyn.net wrote: Add to top of ./raddb/users: DEFAULT Ldap-Group == "UserGroup",Service-Type = NAS-Prompt-User,cisco-avpair = "shell:priv-lvl=15" DEFAULT Auth-Type = ntlm_auth Hmm, it looks like DEFAULT Ldap-Group == "UserGroup",Service-Type =

separating Users?

There's a piece of RADIUS that I'm not understanding. If I have an entry in my ./users file DEFAULT Auth-Type:=Accept,Ldap-Group == "Group1" Service-Type=NAS-Prompt-User,cisco-avpair="shell:priv-lvl=15" And another entry DEFAULT Auth-Type:=Accept,Ldap-Group ==

Re: Exec and ntlm_auth

freerad...@corwyn.net wrote: ... > Add to top of ./raddb/users: > > DEFAULT Ldap-Group == "UserGroup",Service-Type = > NAS-Prompt-User,cisco-avpair = "shell:priv-lvl=15" Are you sure that is correct? > If I removing authorization from the Cisco config to: > no aaa authorization exec defaul

Re: TS - custom script for access

d.tom.schm...@l-3com.com wrote: > You refer to the scripts/exec-program-wait and I read what I could. > It is still vague to me. > Is there a simple example HOW-TO, etc. showing a simple script (bash > shell) Umm... that file *is* a simple shell script. It contains comments describing how to e

RE: TS - custom script for access

You refer to the scripts/exec-program-wait and I read what I could. It is still vague to me. Is there a simple example HOW-TO, etc. showing a simple script (bash shell) That is executed by an entry in a flatfile in radius? I don't need a database for the entries as I build them upon reques

Re: Exec and ntlm_auth

At 11:13 PM 11/29/2009, freerad...@corwyn.net wrote: A resummary: Goal: Authenticate and Authorize users that telnet into the switches in Groups A and/or B based on their inclusion in a specific AD security group for A & B . Environment: CentOS 5.2 (IP 10.10.0.1) freeradius2-2.1.7-2.el5 fre

Re: Making certs for Windows users

On 11/30/2009 10:02 AM, Peter Carlstedt wrote: > This is Unix 101. You need to be "root" to edit the files in that > directory. Yes I understand that I need root permissions to edit files in that directory BUT is there anyway to get those permission without having to login with the root account

Re: Session-Octets-Limit and sqlcounter

Thanks Allan, I think you are right, I will ask in the monowall forum. Just that the forum is not very active on Captive Portal issues. Could you be kind to suggest a NAS that you know which can help me achieve my goal? Thanks in advance - I know I am asking too much. Charles - Original

RE: Re: Making certs for Windows users

> Message: 1 > Date: Mon, 30 Nov 2009 09:43:07 + > From: Peter Carlstedt > Subject: Making certs for Windows users > To: > Message-ID: > Content-Type: text/plain; charset="iso-8859-1" > > > Hello everyone. > > I got some questions regarding how to make a certificate that works towards >

Re: Session-Octets-Limit and sqlcounter

Charles wrote: > My NAS is m0n0wall (http://m0n0.ch/wall/features.php) and its captive > portal features are briefly outlined here: > http://doc.m0n0.ch/handbook/ch12s06.html . > It mentions bandwidth setings. How nice. > In my current setup, I use session_timeout and it works very well but I >

Re: Session-Octets-Limit and sqlcounter

Thanks Alan for your help. My NAS is m0n0wall (http://m0n0.ch/wall/features.php) and its captive portal features are briefly outlined here: http://doc.m0n0.ch/handbook/ch12s06.html . It mentions bandwidth setings. In my current setup, I use session_timeout and it works very well but I have u

Re: Session-Octets-Limit and sqlcounter

Charles wrote: > Do you manage to fix your problem? > Kindly share your solution. I am interested in knowing how I can > configure my freeradius to limit users by both time and max download size As with *ALL* of these questions: Does your NAS support this? Go read the NAS documentat

Re: Re: Error= Expecting section start brace '{' after "FreeRADIUS Version"

Hi, > Hi, > > Thanks for the quick answer. I removed nohup.out and its not throwing that > error. But now it is throwing this error. It would be great if you can point > out the solution. did you build FreeRADIUS from source yourself? if so, you built it without mysql support - maybe because t

Re: Re: Error= Expecting section start brace '{' after "FreeRADIUS Version"

Hi, Thanks for the quick answer. I removed nohup.out and its not throwing that error. But now it is throwing this error. It would be great if you can point out the solution. ### bash-3.00# tail nohup.out simul_verify_query = "SELECT radacctid

Re: Session-Octets-Limit and sqlcounter

Do you manage to fix your problem? Kindly share your solution. I am interested in knowing how I can configure my freeradius to limit users by both time and max download size e.g. 1usd for 1 hour or 20MB (whichever comes first). charles - Original Message - From: Hamid Reza Hasani

Re: Making certs for Windows users

Peter Carlstedt wrote: > I got some questions regarding how to make a certificate that works > towards windows clients while running Freeradius with PEAP. The howto's are detailed, and should be relatively clear. > Well I have read on the wiki for Freeradius about making a standalone > cert for

Re: mpd-drop-user

Hi cktan, Was looking for a similar solution and never made it work. Basically, in my setup i have users buy airtime for using the internet. I also sell access to video clips, when user downloads the video clip, an entry is made in radacct table. What I wanted to is for the NAS to re-authenti

Re: Error= Expecting section start brace '{' after "FreeRADIUS Version"

Hi, > Hi Everyone, > > I was trying to set-up mysql for logging the accounting logs for the users. I > followed the instruction on http://www.frontios.com/freeradius.html and also > on http://wiki.freeradius.org/SQL_HOWTO. The I tried to run the FreeRadius > server. It did not start and was giv

MPD : mpd-drop-user

Dear all, Is anyone try this attribute /*mpd-drop-user*/ in freeradius with Mysql? MPD support this attribute to check the status of account during it update the accounting and if the value for this attribute become non-zero, it will disconnect the session for the user. We use MPD to setup a

Making certs for Windows users

Hello everyone. I got some questions regarding how to make a certificate that works towards windows clients while running Freeradius with PEAP. Well I have read on the wiki for Freeradius about making a standalone cert for windows clients (root cert) but why do i need that installed on the

RE: chilli + freeradius + mysql : Password check failed

Hi all, Forgive me for not answering but weekends I do not work J >t...@kalik.net>Is it well written oon the login page? Try simpler password >(something>like 12345 - that will work even with CAPS LOCK on). If it still >fails>take it up with chillispot people. I have tried with 1234

Re: chilli + freeradius + mysql : Password check failed

Hi all, Forgive me for not answering but weekends I do not work J >t...@kalik.net>Is it well written oon the login page? Try simpler password >(something>like 12345 - that will work even with CAPS LOCK on). If it still >fails>take it up with chillispot people. I have tried with 12

Re: Error= Expecting section start brace '{' after "FreeRADIUS Version"

On Mon, Nov 30, 2009 at 09:20:32AM -, Yagnesh Dave wrote: > including configuration file /usr/local/etc/raddb/sites-enabled/nohup.out > /usr/local/etc/raddb/sites-enabled/nohup.out[1]: Expecting section start > brace '{' after "FreeRADIUS Version" > Errors reading /usr/local/etc/raddb/radiusd.

Error= Expecting section start brace '{' after "FreeRADIUS Version"

Hi Everyone, I was trying to set-up mysql for logging the accounting logs for the users. I followed the instruction on http://www.frontios.com/freeradius.html and also on http://wiki.freeradius.org/SQL_HOWTO. The I tried to run the FreeRadius server. It did not start and was giving this error a

Re: Remote access control in freeradius with mysql

Dear all, Problem solved. Using Auth-Type attribute in radcheck table solve the problem. Cheers. cktan wrote: Dear all, I've a freeradius server running with LDAP as the Authentication and Authorization where else Accounting running on Mysql. It was working well at the moment and I'm look