Hi,
I am struggling to configure my FreeRADIUS server for eduroam
(www.eduroam.org), as I understood that some subscribers have done the
configuration successfully, I come here to get help.
I have been running my FreeRADIUS server with out problem for several
years, identifying to an
On 28 Jun 2012, at 02:54, Olivier Nicole wrote:
Hi,
I am struggling to configure my FreeRADIUS server for eduroam
(www.eduroam.org), as I understood that some subscribers have done the
configuration successfully, I come here to get help.
I have been running my FreeRADIUS server with out
All,
I was after some clarification about the implementation of CUI in freeRADIUS.
My first point is the use of Client IP Address. I notice that client IP Address
makes a regular appearance but I'm wondering whether it should. Looking at the
cui.conf the post-auth insert adds the Client IP
Hi,
I have been running my FreeRADIUS server with out problem for several
years, identifying to an openLdap backend.
I managed to configure a test WiFi access point to identify with
802.1x against that same radius/ldap server.
But I have a problem to configure eduroam, so I would be glad
On 28.06.2012 09:07, Scott Armitage wrote:
All,
I was after some clarification about the implementation of CUI in freeRADIUS.
My first point is the use of Client IP Address. I notice that client IP
Address makes a regular appearance but I'm wondering whether it should.
Looking at
Hi,
Thank you to Stefan, Scot and Alan who took time to reply to me.
For some reason, it is working now, I did only tiny changes though.
What I still don't understand:
- the differences between the WiKi
https://confluence.terena.org/display/H2eduroam/How+to+deploy+eduroam+on-site+or+on+campus
Hi,
For some reason, it is working now, I did only tiny changes though.
well..you made changes... obviously they were beneficial
- the differences between the WiKi
https://confluence.terena.org/display/H2eduroam/How+to+deploy+eduroam+on-site+or+on+campus
and the cookbook
Hi Guys, Im having a problem with Ippools with freeradius2 and i cant seem to
get any username to get an address from the pool.90% of the usernames will have
static IP's but i want a few to be in a pool but i really am stumped - i tried
putting username@realm
Framed-Pool
:=
EZPOOL into
On Thu, Jun 28, 2012 at 7:03 PM, Taz Manian djta...@hotmail.com wrote:
Hi Guys,
Im having a problem with Ippools with freeradius2 and i cant seem to get any
username to get an address from the pool.
90% of the usernames will have static IP's but i want a few to be in a pool
but i really
On Thu, Jun 28, 2012 at 7:08 PM, Fajar A. Nugraha l...@fajar.net wrote:
On Thu, Jun 28, 2012 at 7:03 PM, Taz Manian djta...@hotmail.com wrote:
so i know is readying that - i then have a pool set up in radippool
Also, IMHO you should just use rlm_sqlipool. It's easier to setup and debug.
Hi all,
I need to stop proxying Interim Accounting for a particular domain on
our legacy Freeradius 1.1.2 platform.
Reading the unlang man page, I've tried:
accounting {
if ( (%{Acct-Status-Type} = Interim-Update)
(%{User-Name} =~ /@domain/) ) {
update control {
Hello,
to some time ago informed me that the ippool not work properly with mysql.
As it is now?
I'm not sure what the problems were occurring, but informed me that it
worked better and smoothly only in postgres.
They try to succeed in this scenario freeradius / mysql?
Thanks for listening,
Steve Brown wrote:
Reading the unlang man page, I've tried:
accounting {
if ( (%{Acct-Status-Type} = Interim-Update)
(%{User-Name} =~ /@domain/) ) {
That's wrong on a number of levels. The documentation says you can
just refer to an attribute by name. And use '==':
if
I'm running FreeRADIUS in conjunction with PostgreSQL 9.1. Snippet from
radiusd.conf:
modules {
...
$INCLUDE sql/postgresql/counter.conf
...
}
in my sql/postgresql/counter.conf, I have the following:
sqlcounter dailycounter {
counter-name = Daily-Session-Time
Michell wrote:
to some time ago informed me that the ippool not work properly with
mysql. As it is now?
someone somewhere said something. That's not helpful.
Read the documentation and examples distributed with FreeRADIUS. They
give you the CORRECT answers.
In this case,
Hi Alan,
Thanks for the pointer. This is actually what I started with :(
I still get the error Error: /etc/raddb/radiusd.conf[1433]: Line is not
in 'attribute = value' format; line 1433 is this actual 'if ((' line.
accounting {
if ((Acct-Status-Type == Interim-Update) (User-Name =~
On Thu, Jun 28, 2012 at 7:26 PM, Michell bill.c...@gmail.com wrote:
Hello,
to some time ago informed me that the ippool not work properly with mysql.
It works just fine
As it is now?
I'm not sure what the problems were occurring, but informed me that it
worked better and smoothly only in
Andrei Petru Mura wrote:
Now in my database. I have in radcheck table two rows:
id | username | attribute| op | value
-++++
167 | test1 | Password | :=
On Thu, Jun 28, 2012 at 7:34 PM, Andrei Petru Mura mapand...@gmail.com wrote:
id | username | attribute | op | value
-++++
167 | test1 | Password | := | test1
Steve Brown wrote:
Thanks for the pointer. This is actually what I started with :(
I still get the error Error: /etc/raddb/radiusd.conf[1433]: Line is not
in 'attribute = value' format; line 1433 is this actual 'if ((' line.
It works for me.
Check that you're using version 2? It looks
I did check the wiki , i have been on it for the last 3 days trying to figure
this out I did a search for Pool-Name and i got 4 different results as below
http://wiki.freeradius.org/search?q=Pool-Name
http://wiki.freeradius.org/Rlm_sqlippool
http://wiki.freeradius.org/Rlm_ippool
Hello,
After three month having stable situation, the ISP home servers has
started again to loose packet and to have slow response time, then our
freeradius proxies has began to crash again.
We've reproduced the crash with the Git version.
Here's the output that I got with gdb
Going to
Taz Manian wrote:
I checked each one of them and not one said anything about radcheck or
radreply.
Because they give examples for the users file. They don't give
examples for SQL, LDAP, external programs, Perl, Python, etc.
The users file example has the Pool-Name on the first line. The
On 28/06/12 14:03, Alan DeKok wrote:
Check that you're using version 2? It looks like you're using version
1. Unlang is only supported in version 2.
I'm not, and that would explain it nicely; I mentioned in my initial
message legacy Freeradius 1.1.2 platform. Is there any way of
On Thu, Jun 28, 2012 at 8:22 PM, Taz Manian djta...@hotmail.com wrote:
I did check the wiki , i have been on it for the last 3 days trying to
figure this out
I did a search for Pool-Name and i got 4 different results as below
http://wiki.freeradius.org/search?q=Pool-Name
On 28/06/12 14:34, Steve Brown wrote:
Is there any way of achieving the same end result in v1.x without Unlang?
If there was a way to simply respond to an accounting request with an
'Accept', like you can with Auth, could I do something like:
acct_users:
DEFAULT Acct-Status-Type ==
{...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -
/var/log/radius/radacct/69.38.220.74/auth-detail-20120628
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct
/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -
/var/log/radius/radacct/192.168.100.150/auth-detail-20120628
[auth_log] /var/log/radius/radacct/%{Client-IP-Address
On 28/06/12 17:13, Steve Brown wrote:
On 28/06/12 14:34, Steve Brown wrote:
Is there any way of achieving the same end result in v1.x without Unlang?
If there was a way to simply respond to an accounting request with an
'Accept', like you can with Auth, could I do something like:
You
On 28/06/12 17:33, Christopher Manigan wrote:
I am trying to use MSCHAPv2 to authenticate users. This works ok, except when
I try to proxy to a realm. Pasted below is the debug of a user trying to
authenticate. The realm is a prefix of the username. What I see buried in the
debug is:
#
Hi,
I use the policy configs to provide redundant and load-balance to update
the pool-name.
It´s work fine! But I have same questions...
- Is it the correct way to do it? Is it the better way, considering a
performance in high usage?
- Why the virtual module created in the policy and control
Thanks for pointing those things out to me. I am no longer proxying back to
myself like that, and I've told the sql module to use stripped user name when
possible and it looks like it's all working now.
Best wishes,
Chris
From:
++- if (!Huntgroup-Name) returns ok ++? if (Huntgroup-Name == list)
(Attribute Huntgroup-Name was not found)
the problem seems to be your huntgroup.. Can you post your huntgroup
definitions?
--
Jens Weibler
IT-Services
Hi,
In huntgroup I just have:
...
# Usuario = xxx xxx
list
On Fri, Jun 29, 2012 at 12:09 AM, lscrlstld lscrls...@gmail.com wrote:
Hi,
I use the policy configs to provide redundant and load-balance to update
the pool-name.
It´s work fine!
Does it?
The policy.conf
policy {
update_ctlr_PN1 {
update control {
Hi,
upgarde to 2.1.12 - it has fixes for proxy errors
as for username - you cannot play with User-Name with EAP - use
Stripped-User-Name - see examples
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
are you running the preprocess module? if not, then Huntgroups arent looked at
or populated
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Steve Brown wrote:
I'm not, and that would explain it nicely; I mentioned in my initial
message legacy Freeradius 1.1.2 platform. Is there any way of
achieving the same end result in v1.x without Unlang?
Unlang isn't in 1.1.x, and is *documented* as not being in 1.1.x. You
can't just try
Jens W. Skov - JS Consult wrote:
I’m trying to set up external authentication from our router to a
OSX-server.
I have it working fine if the user is an admin-user on the mac, but if
I try with a normal user I get:
Auth: rim_opendirectory: User vpntest is authorized.
Auth:
38 matches
Mail list logo