Theparanoidone Theparanoidone wrote:
> Password change is not part of RADIUS.
>
> I am new to radius, and although it is now clear that "expired passwords ==
> user
> is blocked until they can authenticate from some other computer" ... I'm just
> surprised.
RADIUS is a protocol which co
Hi Alan~
Thank you for the reply; your response helps saves me some time.
> 3) A long term solution; I don't believe password expirations are that
>uncommon
> anymore with all the security requirements (HIPPA, PCI, etc etc) that depend
> upon this.
Password change is not part of RADIUS.
Theparanoidone Theparanoidone wrote:
> We have successfully implemented a test patch. This test patch moves away
> from
> implementing mschapv2 in the client connection and specifying PAP. It
> changes
> the opendirectory response, and only requires two lines of code to change in
> rlm_opend
>> If you want to change all REJECTs to ACCEPT so that
>> authentication always succeeds, then you are effectively
>> eliminating the requirement for 802.1x authentication for
>> network connectivity. If it's not required, why not just turn
>> off port security on your switches?
>> If it i
John,
Thanks for pointing that out to me. I'll update it to this version tomorrow.
I dont expect a whole lot of difference with regards to this issue though
but it never hurts to run a more recent version of the software.
- Jasper
On Thu, Aug 12, 2010 at 5:08 PM, John Dennis wrote:
> On 08/12
Thanks Alan. Will do that.
-Latha.
--- On Thu, 8/12/10, Alan DeKok wrote:
From: Alan DeKok
Subject: Re: Vendor Specific Attributes
To: "FreeRadius users mailing list"
Date: Thursday, August 12, 2010, 12:40 PM
Latha Krishnamurthi wrote:
>
> Thanks for the prompt reply. I can defly do t
> Understanding the security risks... is there an example of
> setting Post-Auth-Type REJECT {...} to override the reject
> force the response to Auth-Accept?
If you want to change all REJECTs to ACCEPT so that authentication always
succeeds, then you are effectively eliminating the requirem
maximatt wrote:
> false cru .libs/libfreeradius-radius.a dict.o filters.o hash.o hmac.o
"false" is not a valid linker.
Install the correct tools which let you compile software.
This is not a FreeRADIUS problem.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.or
Latha Krishnamurthi wrote:
>
> Thanks for the prompt reply. I can defly do that, not an issue. I have a
> module running in freeradius.
>
> Assuming my module already handles delivering vendor specific attribute
> in the RADIUS response (this is available to me through some shared
> memory) and
Per your suggestions from the last email I checked and the:
Un-comment the "unix" entry from the "authorize" section of
raddb/sites-available/default
Was un-commented and below is the output from trying to authenticate a user
that is a member of the DialupFS group and does not have an account in
Ok Fine we made a RPM with The Git source and the radius is no more
"crashing" so bug # 34 seems to be resolved.
Thanks,
Eric B.
-Original Message-
From:
freeradius-users-bounces+eric.belliere=mail.mobistar...@lists.freeradius.org
[mailto:freeradius-users-bounces+eric.belliere=mail.mobis
hi...
i try to compile freeradius 2.1.9 on solaris 10, but i have some
problems
i install from freeware the following packages . gcc-3.4.6-sol10-x86-local
and /libiconv-1.13.1-sol10-x86-local.gz
and then i try to just have a simple compilation.
# PATH=/usr/local/bin/:/usr/sfw/bin/:$PATH; e
Thanks for the prompt reply. I can defly do that, not an issue. I have a module
running in freeradius.
Assuming my module already handles delivering vendor specific attribute in the
RADIUS response (this is available to me through some shared memory) and
tomorrow there is a new vendor, then
We use this every day for wifi hotspots off a Mikrotik. It works without
issues.
From: freeradius-users-bounces+wiechman.lists=gmail@lists.freeradius.org
[mailto:freeradius-users-bounces+wiechman.lists=gmail@lists.freeradius.org]
On Behalf Of Spacelee
Sent: Thursday, August 12, 2010
Greetings Alan~
>
> Possible solutions:
> ---
> Solution 1) Edit the opendir.c module to simple detect error status -14161
> and
>
> -14162... and simply set the status to 0 instead.
>> Absolutely not. Expired passwords are *not* OK.
> Solution 2) Try and rig up s
On 08/12/2010 11:01 AM, Jasper Jans wrote:
Freeradius v1.1.3 (default that ships with CentOS 5.5) using MySQL as an
backend.
freeradius 2.1.7 ships with RHEL 5.5 under the package name freeradius2.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscri
So i tried it with an condition and still devices are accessible with the
local account even if ldap is running. so basically i can login to routers
either using my AD account or the local account in the users file. how can i
restrict this behavior to ldap failure only. below is my if statement in
I got this solved
Attribute to be compared added to ldap.attrmap as an checkItem
Kept compare_check_items as no in modules/ldap
compare_check_items = no
Created a checkval module to do the comparison.
Then problem was no more. When I have "compare_check_items = yes" in
modules/ldap it always gav
Hi,
This was noted the other day. I committed a fix, and just pushed it
back to the git repositories.
Thanks. Re-pulled, compiled, installed, works with test requests.
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
On 2010/08/12 10:02 AM, Alan DeKok wrote:
Stefan Winter wrote:
libeap/.libs/libfreeradius-eap.so: undefined reference to `radius_pairmake'
This was noted the other day. I committed a fix, and just pushed it
back to the git repositories.
I can confirm that it compiles on Debian Lenny now
Latha Krishnamurthi wrote:
> Is there a way to add vendor specific attributes to the RADIUS response
> without adding the vendor to the dictionary.
What's so hard about adding a dictionary entry for the attribute?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/li
tadi...@verizon.net wrote:
> I'm using Freeradius + Chillispot+MySql for hotspot. Sqlcounter
> noresetcounter works fine for prepaid access time, however the counter is
> loaded only once when the user first authenticate.
> This means that even if Max-All-Session changes after initial logon (as i
Aqdas Muneer wrote:
> i would like to configure freeradius so that it can failover to a local
> password when the ldap server cannot be contacted. i was able to create
> a admin account in the users file with cleartext password, but when i
> enable it, it becomes accessible even when ldap is up and
Theparanoidone Theparanoidone wrote:
> We are working on a patch.
Good, thanks.
> We're of the opinion that Apple's version rlm_mschap / opendir included
> with freeradius is missing something.
>
> It appears they were only considering someone entering a failed
> login/password combo... not
PPTP+PPP+FreeRadius+MySQL
It seems it doesn't work.
--
Spacelee
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rrperez wrote:
> I have configured a Freeradius2.1.7 with an openLDAP backend and I'm planning
> to established a different type of authentication.
>
> The plan was to create one password for all the users. And the users are
> checked by the Freeradius in the openLDAP directory.
>
> Is it possibl
Stefan Winter wrote:
> libeap/.libs/libfreeradius-eap.so: undefined reference to `radius_pairmake'
This was noted the other day. I committed a fix, and just pushed it
back to the git repositories.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> I apologize for the inconvenience of sending the configuration files. I
> thought sending more detail would help :-). The below steps you provided
> still didn't work and ended with the same problem. Again I apologize.
radiusd -X ?
we cannot help without this information
alan
-
On 2010/08/12 09:36 AM, Stefan Winter wrote:
/root/freeradius-server-2.1.10-pre/src/lib/.libs/libfreeradius-radius.so
-lnsl -lresolv -lpthread -lssl -lcrypto -Wl,-rpath
-Wl,/usr/local/freeradius/2.1.10-pre/lib
libeap/.libs/libfreeradius-eap.so: undefined reference to `radius_pairmake'
collect2: l
Hi,
I want to proxy requests which's User-Name hasn't realm domain to a home
server pool, so I configure the realm NULL, but the radius server would
proxy the request to a nonexistent IP address. Why the "authhost" or
"accthost" item's value in "real NULL" can't be a home_server_pool in
proxy.conf
Hi,
I've just tried to compile with my usual set of configure flags, and got:
/usr/bin/libtool --mode=link gcc -o radeapclient radeapclient.lo
libeap/libfreeradius-eap.la -lnsl -lresolv -lpthread -lcrypto -lssl
-lcrypto
libtool: link: gcc -o .libs/radeapclient .libs/radeapclient.o
libeap
I'm using Freeradius + Chillispot+MySql for hotspot. Sqlcounter noresetcounter
works fine for prepaid access time, however the counter is loaded only once
when the user first authenticate.
This means that even if Max-All-Session changes after initial logon (as it
happens when the user adds more
32 matches
Mail list logo