Theparanoidone Theparanoidone wrote:
We have tried to copy all configuration settings from the old server to the
new (so that nothing would change). We have no desire to change any of our
configurations because they previously were working.
You've already said it was working previously.
Hello Aleksey
I think this is permission problem.
radiusd is running under non-root UNIX user when launched by
Ubuntu-provided init script. Check that /var/www/html/radius-client.php
is readable by this user.
Бедняков Алексей wrote:
Hi,
I'm trying to configure Freeradius with MOTP
On Fri, Aug 17, 2012 at 08:56:37PM +0100, Scott Lambert wrote:
+ATTRIBUTEMikrotik-Delegated-IPV6-Pool22 string
I'd suggest that this should be type 'ipv6prefix'.
Ben
--
| Ben Brown Broadband Solutions for
| Systems Engineer
On 08/21/2012 07:08 AM, Theparanoidone Theparanoidone wrote:
Hi Alan~
We have tried to copy all configuration settings from the old server
to the new (so that nothing would change). We have no desire to
change any of our configurations because they previously were
working.
What happened?
Hi Alan~
You already said you are now running 2.1.12. Why are you repeating
yourself? Do you think we're stupid, and we don't understand your messages?
What version WERE you using before this? I asked, and you didn't say that.
Current: radiusd: FreeRADIUS Version 2.1.12, for host
Bitte senden Sie mir keine Mail mit leerem Betreff. Ihr mail wird nicht
zugestellt.
Please do not send me mails with a empty Subject. Your mail will not be
delivered.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Hope this is a quick request for someone to answer, been googling and
can't find the reply.
I've altered the post-auth sql recording data a bit from the standard
schema - I wanted to record some of the details of the request packet
without relying on the NAS to do proper accounting, which I
On 21/08/12 13:33, Franks Andy (RLZ) IT Systems Engineer wrote:
Hi,
Hope this is a quick request for someone to answer, been googling and
can’t find the reply.
I’ve altered the post-auth sql recording data a bit from the standard
schema–Iwanted to record some of the details of the request
Franks Andy (RLZ) IT Systems Engineer wrote:
‘%{request:Client-Short-Name}’ didn’t seem to work – blank string.
Use: %{client:foo}
This expands to the foo entry of the relevant client section:
client stuff {
ipaddr = 1.2.3.4
secret = hello
foo = bar
bad =
On Tue, Aug 21, 2012 at 01:33:00PM +0100, Franks Andy (RLZ) IT Systems Engineer
wrote:
got into yet. I'd quite like to record the attribute ClientShortname as
referred to by the clients.conf file, but expansion of
'%{request:Client-Short-Name}' didn't seem to work - blank string.
Looking at
Ben Brown bbr...@plus.net writes:
On Fri, Aug 17, 2012 at 08:56:37PM +0100, Scott Lambert wrote:
+ATTRIBUTE Mikrotik-Delegated-IPV6-Pool22 string
I'd suggest that this should be type 'ipv6prefix'.
I don't think so. It seems this is referring to a pre-configured pool
by
Ok, schoolboy error there! Thanks guys.
Whilst on the subject, is it possible (in theory) to write different
INSERT statements dependent on, for example, whether the post-auth
section is based on having accepted or rejected the user. The sql
modules named in the default virtual server file link
On 21 Aug 2012, at 14:46, Franks Andy \(RLZ\) IT Systems Engineer
andy.fra...@sath.nhs.uk wrote:
Ok, schoolboy error there! Thanks guys.
Whilst on the subject, is it possible (in theory) to write different
INSERT statements dependent on, for example, whether the post-auth
section is based
Am 21.08.2012 11:07, schrieb Theparanoidone Theparanoidone:
DEFAULT Group-Name == testgroup
Tunnel-Type = 13,
Tunnel-Medium-Type = 6,
Tunnel-Private-Group-Id = 101,
Fall-Through = no
You do realize that format is incorrect, right? The extra blank line
Thanks Fajar!!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi everybody!!
Im using freeradius in a simple way (freeradius + MySQL). I have some users
attached to some groups... it works fine!! The groups have some simple
attributes like Max-All-Session in radgroupcheck table.
Now I need to limit the users to some MAC Address.
I mean, I have the User
Hi,
I'm testing sqlippool, so far it's working well, but I'm with a exception
that I haven't thought about it before. We use radius to authenticate the
clients on wireless access points and with PPPoE, and now I started using
sqlippool to dynamically distribute the IP's and BGP to announce the
On 21 Aug 2012, at 16:20, Antonio Modesto mode...@isimples.com.br wrote:
Hi,
I'm testing sqlippool, so far it's working well, but I'm with a exception
that I haven't thought about it before. We use radius to authenticate the
clients on wireless access points and with PPPoE, and now
I already thought of this idea, Iliya :)Needed file has "readable for all" permissions:[root@motp-a ~]# ls -l /var/www/html/radius-client.php-r--r--r--. 1 radiusd root 337 Jul 19 21:43 /var/www/html/radius-client.phpAlso, I've just checked - you are right. Radius server is running under radiusd
Thanks for interesting info, John. Seems that I must be ashamed for inaccurate
statements.
I'm trying to configure FreeRadius to use MOTP-AS, which is a set of PHP
scripts and SQL database.
I haven't spoke of unix enviroment, I've spoke about this, FreeRadius run-time
variables. Or, if more
On 21/08/12 16:20, Antonio Modesto wrote:
Hi,
I'm testing sqlippool, so far it's working well, but I'm with a
exception that I haven't thought about it before. We use radius to
authenticate the clients on wireless access points and with PPPoE, and
now I started using sqlippool to dynamically
2012/8/21 Phil Mayers p.may...@imperial.ac.uk
On 21/08/12 16:20, Antonio Modesto wrote:
Hi,
I'm testing sqlippool, so far it's working well, but I'm with a
exception that I haven't thought about it before. We use radius to
authenticate the clients on wireless access points and with
Hello,
I have setup freeradius with ldap lookup to authentication Cisco shell
access. As if now i have 2 groups setup in the ldap database. One is for
network admins who have full access to every device. The second group is
for support staff that only have read access to all the devices, but
I've configured it this way:
if (Framed-Protocol == PPP) {
sqlippool
}
It's working so far, I'll do some more tests.
Thanks a lot.
2012/8/21 Antonio Modesto mode...@isimples.com.br
2012/8/21 Phil Mayers p.may...@imperial.ac.uk
On 21/08/12 16:20, Antonio
Hi,
I want to know if it's possible to proxy authentication request in a
redundant fashion (just like we can do with ldap or mysql modules in a
redundant block).
On each requests, we want to proxy it to a primary server, if it's
succeeding, move on, but if the authentication fails, we need
Hi Phil~
You are aware how Group-Name works, and which groups it is referring to,
right? Specifically, it is not a real attribute, and doesn't exist in a
concrete form. Rather, when you perform a comparison, a real-time search is
done against the relevant database using the value on the
Hi Klaus~
DEFAULT Group-Name == testgroup
Tunnel-Type = 13,
Tunnel-Medium-Type = 6,
Tunnel-Private-Group-Id = 101,
Fall-Through = no
You do realize that format is incorrect, right? The extra blank line is
wrong.
Do to email pasting mistake.
Hi again,
Thanks for everyone's input on the last question I asked today.
I have another : we are running cisco 1100/1200 series Aps with multiple
SSIDs. Depending on ldap groups users are assigned a VLAN which
corresponds to the internal or DMZ based network. The issue is that if a
user is in
Hi,
Because I am not aware that the cisco IOS can send an “SSID” attribute to
the radius server (if someone knows how to do this PLEASE tell me!), I
yes, it does - the attribute will depend on model and IOS version - but
if you run the server in full debug mode then you will see the
Hi - thanks for the reply
I have a relatively new version of IOS and I can't see the attribute coming
through, either on freeradius or using the debug radius command on the AP. I
wonder if it's something you have to set in the AP that's non default.
As an aside, I wonder if there's an internal
Just an update : I do see something on the IOS interface :
RADIUS: AAA Unsupported Attr: ssid [263] 8
*May 17 16:47:01.236: RADIUS: 52 53 48 5F 57 69
[RSH_Wi]
I didn't notice it as it's above the actual sent attribute section. The
attribute
Francois Gaudreault wrote:
On each requests, we want to proxy it to a primary server, if it's
succeeding, move on, but if the authentication fails, we need to proxy
to a secondary server. It's not fail-over we are looking for.
RADIUS doesn't really work that way.
The only way to do it is
32 matches
Mail list logo
