I've been using freeradius for quite a while now, but never really
grokked the config file. There is lots of documentation that gives you
a narrow peep hole into the specific section it's concerned with and how
to do common basic things, but there's nothing I've found that really
talks about the s
On 04/04/12 11:21, Fajar A. Nugraha wrote:
On Wed, Apr 4, 2012 at 4:01 PM, Glen Harris wrote:
Replaying the SQL query from the debug manually:
mysql> SELECT id, username, attribute, value, op FROM radcheck WHERE
username = 'user01' ORDER BY id;
++--++--
On Wed, Apr 4, 2012 at 4:01 PM, Glen Harris wrote:
> Replaying the SQL query from the debug manually:
>
> mysql> SELECT id, username, attribute, value, op FROM radcheck WHERE
> username = 'user01' ORDER BY id;
> ++--++---++
> | id | username | at
Changed subject line to reflect new topic.
I've taken your advice and asked for the project requirements to be
modified. We'll just have to deal with incompatible devices (and their
users) on an ad-hoc basis - and maybe give some people an reason to
upgrade. ;-)
I'm now using a bog standard
Hello,
I wonder if the radius encryption between radius client and radius is
secure enough if you choose a decent password like the following:
'O([G6krj\9[9FN#GVn(/|9+8h5vq2!W*J:OrA;2Uvk1G&*z~-6'emgQV 2X5iD>a('
Or if someone should always protect the connection between radius client
to radius serve
Apologies for keeping this going on the freeradius list when it is nothing to
do with it, but has anyone seen this behaviour on anything but a Windows
supplicant? I'm trying to debug whether it's a supplicant or NAS issue.
As Alan has said, this is not a freeradius issue. I see the same sympto
jaimeventura wrote:
> Now, if the user enters wrong credentials, windows prompts for credentials
> again with a message stating that the user credentials are invalid. The
> problem is that if the user now types the correct credential, the access
> will still be denied. After the third retry, window
Note: Since PacketFence relies so much on FreeRADIUS and our integration
is growing with time, we would welcome applications from students
willing to work on FreeRADIUS or FreeRADIUS / PacketFence integration!
Work all summer long on a hard-core Network Security project written in
Perl!
Students:
Apologies for reviving an old thread, but we have a response from RIM
regarding this issue.
The problem is with the version of OpenSSL on phone models 9360, 9380, and
9790.
For full details, see: http://blackberry.com/btsc/kb29914
The "workaround" reads "Turn off secure renegotiation on the RAD
mimir wrote:
> Do you have any advice on my configuration?
Read the documentation?
> I want to send same accounting packages to multiple nodes like replication.
> But, I want to log home_servers responses. You advised configuring proxy.
So I did.
> But, proxy mode only sends accounting pack
Hi Alan,
Do you have any advice on my configuration?
I want to send same accounting packages to multiple nodes like replication.
But, I want to log home_servers responses. You advised configuring proxy.
But, proxy mode only sends accounting packets to one node because of
failover or loadbalance
mimir wrote:
> Is there any difference between original accounting packets and replicated
> (which are modified and some attributes added) accounting packets?
If you modify them, then yes... there are differences.
> I asked this question because when I check the radius servers in debug mode,
>
Hello,
I am adding custom attributes and replicate or proxy them to other radius
servers.
But I also want to log this operation.
I test it via sql xlat. ( I will also use ldap xlat, I think they will be
same like "%ldap: ." )
For example, I am waiting 20 digit number from my queries. But, i
Hi,
Is there any difference between original accounting packets and replicated
(which are modified and some attributes added) accounting packets?
I asked this question because when I check the radius servers in debug mode,
I see that slave radius servers are sending "Accounting Response" but
Repl
Hello Matthew,
> Why do in perl what you can do in FR directly? That will just
> slow things down.
> if (!(Ldap-group == 'cn=group,dc=example,dc=com')) {
> reject
> }
will this work with nested groups?
Cheers,
Thomas
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/lis
On Tue, Apr 03, 2012 at 11:24:04AM +0200, Thomas Glanzmann wrote:
> > How to tell freeradius, that after successful MSCHAP auth against AD
> > it must browse AD via LDAP and check that te username belongs to
> > specified group?
>
> I think, you need to write a script that makes sure that the user
Hello Andreas,
> How to tell freeradius, that after successful MSCHAP auth against AD
> it must browse AD via LDAP and check that te username belongs to
> specified group?
I think, you need to write a script that makes sure that the user is
part of a specific group. I would do that in perl, becau
PENZ Robert wrote:
> I've a setup where it is possible to deny a request at various places for
> different reasons. I use sql_log in post-auth to log the replies. It would
> now be nice to add a comment variable which I fill at the various stations,
> that can deny a request, so I know why a req
mimir wrote:
> Can you please share docs links? I only check configuration files comments.
> I could not find any detailed docs for configurations, or my account do not
> have access?
There is no magical secret store of documentation. Everything is public.
Alan DeKok.
-
List info/subscribe/u
I have working radius - AD authentication via winbind (MSCHAP
challnge-response).
But I do not want to give all domain users ability to use VPN. I want to use
special AD group.
I have considered LDAP authorization. I've read this manual
http://wiki.freeradius.org/Rlm_ldap
and configured correct
mimir wrote:
> One more question.. is it possible to replicate to virtual hosts?
No.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
21 matches
Mail list logo