Kriston wrote:
> As expected, your correspondence has been worse than helpful.
So you're actually dumber for having read my post?
> I have thoroughly read the documentation, example configuration files, and
> the Wiki.
OK... it helps to understand them, too.
> Why not prove to us all that a
On Wed, Sep 19, 2012 at 9:52 AM, Kriston wrote:
> This is what an online community is supposed to provide--help.
... at their own time, without receiving anything in return. So it
might help if you're asking nicely.
And of course you need to apply some logic to adapt it to your setup,
because t
> Very well... I don't use a SQL database for users, but it occurs
> to me that Arran's only slightly tongue-in-cheeck comment about
> lonely curly braces might have convinced you to look at whether
> all the characters in your sql_user_name string are being
> properly escaped or quoted. Since 7B i
Very well... I don't use a SQL database for users, but it occurs to me that
Arran's only slightly tongue-in-cheeck comment about lonely curly braces might
have convinced you to look at whether all the characters in your sql_user_name
string are being properly escaped or quoted. Since 7B is the h
As expected, your correspondence has been worse than helpful.
I have thoroughly read the documentation, example configuration files, and
the Wiki.
Why not prove to us all that any one of these resources contains the exact
example that I am enquiring about. I'd love to be wrong, but I just don't
Kriston,
You'll find that Alan and the rest of the volunteers who maintain the code base
and the mailing list can be remarkably friendly and helpful, IFF the questions
come from a place of obviously having read the documentation and tried the
suggested process first.
Snarkiness happens, but on
Kriston wrote:
> While this comment is clever, would you provide a corrected example?
See the default configuration files. There are HUNDREDS of examples.
> Why not post the correct syntax and show us?
Because we did. The default configuration and documentation contains
hundreds of example
On Tue, September 18, 2012 17:34, Arran Cudbard-Bell wrote:
>
> On 18 Sep 2012, at 22:22, "Kriston" wrote:
>
>> I have users who log in as "usern...@example.com" and just as "username".
>> How do I append @example.com only to those users who don't have
>> @example.com
>> already? I have a fairly
We dont know how to use the git pull command that you have sent to us. Then to
fix the error of segmentation, we have just removed in the authorize section of
the default and innet-tunnel file the part eap2 { ok=return}. We have not used
the patch that you have recommand.
We have done in the fr
On 18 Sep 2012, at 23:05, SkyDiablo wrote:
> Am 18.09.2012 23:38, schrieb Franks Andy (RLZ) IT Systems Engineer:
>> I’d like to be able to take a date/time from a sql database, use unlang (not
>> a module) to compare it to the current time and make a decision based on the
>> fact that it’s, fo
As Alan B just said, radtest does not send EAP packets, no matter where you
send the RADIUS packets, to the inner tunnel or the outer tunnel, radtest
doesn't send EAP-Message.
You have hardcoded auth-type eap2 in your users file, so when the request
enters the authenticate section, the eap2 mod
Am 18.09.2012 23:38, schrieb Franks Andy (RLZ) IT Systems Engineer:
unlang time / date comparison
I'd like to be able to take a date/time from a sql database,use unlang
(not a module) tocompare it to the current time and make a decision
based on the fact that it's, for example,less or more tha
On 18 Sep 2012, at 22:38, "Franks Andy \(RLZ\) IT Systems Engineer"
wrote:
> Hi,
>
> Hopefully a simple question. I’ve looked around for a while but can’t find
> the answer to this.
>
> I’d like to be able to take a date/time from a sql database, use unlang (not
> a module) to compare it
Hi,
>Sorry to spam you, but we have #radtest user1 password 127.0.0.1:1812 0
>testing1234 and
>#radtest user1 password 127.0.0.1:18120 0 testing1234
>and we have got the same result for the client
radtest doesnt send EAP packets
>line user1 Auth-Type :=eap2, Cleartext-Pass
Sorry to spam you, but we have #radtest user1 password 127.0.0.1:1812 0
testing1234 and
#radtest user1 password 127.0.0.1:18120 0 testing1234
and we have got the same result for the client
De : arnauld ndefo
À : alan buxey ; FreeRadius users mailing list
;
Hi,
Hopefully a simple question. I've looked around for a while but can't
find the answer to this.
I'd like to be able to take a date/time from a sql database, use unlang
(not a module) to compare it to the current time and make a decision
based on the fact that it's, for example, less or more th
Hi,
Concerning the error of segmentation, we have removed in the section authorize
the part eap2{ ok = return} in the default and inner-server file. After that we
have got the output of the radiusd -X which is in the attached file
radiusd.txt. Normally we think that it is fine because the eap2
On 18 Sep 2012, at 22:22, "Kriston" wrote:
> I have users who log in as "usern...@example.com" and just as "username".
> How do I append @example.com only to those users who don't have @example.com
> already? I have a fairly generic FreeRADIUS 2.1.10 installation that
> connects to a MySQL serv
I have users who log in as "usern...@example.com" and just as "username".
How do I append @example.com only to those users who don't have @example.com
already? I have a fairly generic FreeRADIUS 2.1.10 installation that
connects to a MySQL server.
I've tried a number of different things in dialup
Am 17.09.2012 03:27, schrieb Fajar A. Nugraha:
Did you read the post?
"Resv-Start-Time" and others in that example are custom (i.e. made up)
attributes that you put on radcheck/radgroupcheck (there's no such
thing as "radius attributes table", btw).
The "comparing" is done by unlang because the
ramakrishna wrote:
> I am using FreeRADIUS 2.1.12 and I have some queries regarding the
> working of Radius server.
Why?
> 1) Does Radius server discard any Access Request messages for any reasons?
Only when the specifications require it to.
> 2) If Radius server received two Access Request
Václav Pernica wrote:
> I tried to use unlang in dialup.conf or radiusd.conf,
It helps to read the documentation. You can't use unlang like that.
The places where it *can* be used are documented.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 18 Sep 2012, at 15:07, arnauld ndefo wrote:
> My project is to authenticate a client openpana with my radius server. The
> authentication method used by the client is based on the EAP-PSK, which is
> why I would have a radius server with authtentification method as EAP-PSK.
> After apply th
On 18/09/12 14:16, Brian Candler wrote:
When a user logs into a wireless AP, I would to include some per-user
response attributes, in particular Acct-Interim-Interval = 600
However freeradius -X shows that this isn't happening, and it appears to be
because of the following stanza in the default
Hello
Alan DeKok.wrote:
>
> Not easily in 2.2.
>
What is the "not easy" approach? (in general)
Fajar wrote:
>
> see "man unlang" for details. Depending on what you need and how you
> configure your system, you might also be able to use Realm instead of
> User-Name, or use regex for co
Hi,
>My project is to authenticate a client openpana with my radius server. The
>authentication method used by the client is based on the EAP-PSK, which is
>why I would have a radius server with authtentification method as EAP-PSK.
>After apply the instruction of doc/bugs, i have go
Hi
I am using FreeRADIUS 2.1.12 and I have some queries regarding the working
of Radius server.
1) Does Radius server discard any Access Request messages for any reasons?
2) If Radius server received two Access Requests with different attributed
but with same identifier within short span of time
On Tue, Sep 18, 2012 at 9:49 PM, lscrlstld wrote:
>> > Main server check if the framed IP is within the correct pool, if not
>> > reject.
>>
>> IMHO a cleaner solution would be for you to assign the IP addresses
>> yourself.
>>
> Yeap, I think so too.
> But how to do this if the authentication is
lscrlstld wrote:
> But how to do this if the authentication is done on a remote server?
You just create a local IP pool, and add it to the post-auth section.
Make sure you delete the "upstream" Framed-IP-Address in the
post-proxy section.
The whole *point* of post-auth is to add local conf
> > Main server check if the framed IP is within the correct pool, if not
> > reject.
>
> IMHO a cleaner solution would be for you to assign the IP addresses
> yourself.
>
Yeap, I think so too.
But how to do this if the authentication is done on a remote server?
-
List info/subscribe/unsubscribe
On Tue, Sep 18, 2012 at 9:24 PM, lscrlstld wrote:
> Is there any way to ensure (or check) that the proxied server assigned a
> right framed IP within a specific range of IPs?
> unlang perhaps?
>
> Main Server proxy to +-> freeradius Server 1
> | (must be use ip pool 10.0.0.0
Is there any way to ensure (or check) that the proxied server assigned a
right framed IP within a specific range of IPs?
unlang perhaps?
Main Server proxy to +-> freeradius Server 1
| (must be use ip pool 10.0.0.0/24)
+--+
| |
My project is to authenticate a client openpana with my radius server. The
authentication method used by the client is based on the EAP-PSK, which is why
I would have a radius server with authtentification method as EAP-PSK.
After apply the instruction of doc/bugs, i have got a file gdb-radiusd.
Hi,
>Hi,
>We do this before, when we started freeradius compilation.
yes - and now you have to do it again (well, just the git pull) as a patch has
been made
to the repository.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
>We have built the v2.1.X version. After that i have followed the
>experimental.conf file to configure the eap2.conf.
>The "long term support" release. The only changes to this code will
>be minor bug fixes. All new development is done in the "stable" branch.
>$ git clone
We have built the v2.1.X version. After that i have followed the
experimental.conf file to configure the eap2.conf.
The "long term support" release. The only changes to this code will
be minor bug fixes. All new development is done in the "stable" branch.
$ git clone git://git.freeradius.org/fre
Hi,
> When a user logs into a wireless AP, I would to include some per-user
> response attributes, in particular Acct-Interim-Interval = 600
yep - so just return that in the post-auth - done by either using an entry
in users file, unlang, perl code etc
alan
-
List info/subscribe/unsubscribe? See
Hi Alan,
The output of raduisd -X is below
root@dibus-laptop:~/freeradius-server# export
LD_PRELOAD=/home/dibus/hostap-06/eap_example/libeap.so && radiusd -X
FreeRADIUS Version 2.2.0, for host i686-pc-linux-gnu, built on Sep 16 2012 at
03:55:41
Copyright (C) 1999-2012 The FreeRADIUS server proj
On 18 Sep 2012, at 13:58, alan buxey wrote:
> Hi,
>
>> Starting program: /usr/local/sbin/radiusd -f
>> [Thread debugging using libthread_db enabled]
>> Program received signal SIGSEGV, Segmentation fault.
>> 0x080529d3 in cf_log_err (ci=0x0,
>> fmt=0x8085210 "\"%s\" modules aren'
When a user logs into a wireless AP, I would to include some per-user
response attributes, in particular Acct-Interim-Interval = 600
However freeradius -X shows that this isn't happening, and it appears to be
because of the following stanza in the default config:
# The example below uses
Hi,
>Starting program: /usr/local/sbin/radiusd -f
>[Thread debugging using libthread_db enabled]
>Program received signal SIGSEGV, Segmentation fault.
>0x080529d3 in cf_log_err (ci=0x0,
> fmt=0x8085210 "\"%s\" modules aren't allowed in '%s' sections -- they
>have no suc
On 18 Sep 2012, at 13:42, arnauld ndefo wrote:
> Thank you for your reply Alan.
> I am working on a project which is based on EAP_PSK and implement this is the
> first part.
>
> As you have recommend, i have used the gdb to debug and see the problem. The
> output that i have is below
> # gd
arnauld ndefo wrote:
> I am working on a project which is based on EAP_PSK and implement this
> is the first part.
Which didn't answer my question.
> Seems that in some part of a code, the eap2 module is not allowed.
>
> Do you have an idea about this error please.
Since you're not going t
Thank you for your reply Alan.
I am working on a project which is based on EAP_PSK and implement this is the
first part.
As you have recommend, i have used the gdb to debug and see the problem. The
output that i have is below
# gdb radiusd
GNU gdb (GDB) 7.1-ubuntu
Copyright (C) 2010 Free Softw
Gregg Douglas wrote:
> >>files myfiles {
> >> key = "%{lower:%{User-Name}}"
> >> ...
> >>}
>
> >>...or something similar.
>
>
Sorry, where do I implement this ?
raddb/files
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.
>
>
> > Hi,
> >
> > Background:
> >
> > FreeRadius Version: 2.1.1-7.10.1
> > Users are stored in LDAP, I am using the users file to assign static
> > IP Addresses to certain users.
> >
> >
> > It seems that the users file is case sensitive, I found a few articles
> > on the net regardin
arnauld ndefo wrote:
> i want to implement the freeradius with eap-psk. In many forum it is
> recommend to read the experimental.conf for configure the module eap2.
> After reading the experimental.conf, i have created the file eap2.conf
> which is attached to my email.
> Also, in the radius.conf,
Hi everyone,
i want to implement the freeradius with eap-psk. In many forum it is recommend
to read the experimental.conf for configure the module eap2. After reading the
experimental.conf, i have created the file eap2.conf which is attached to my
email.
Also, in the radius.conf, i have put in
Václav Pernica wrote:
> It works now, I just changed the number to lower value.
NO. Don't do that. All of the attribute numbers are allocated, and
have pre-existing meanings. Re-using a number is WRONG. It can cause
all kinds of problems.
> And you are right, it is written there (even by ca
On Tue, Sep 18, 2012 at 2:44 PM, Václav Pernica wrote:
> One more question. Is there some easy way, how to use different SQL queries
> (authorize_check_query, authorize_reply_query) depending on the user name
> prefix or suffix.
>
> E.g.:
> user_name@domain1 -> use SQL queries 1
> user_name@doma
Hello Alan
Thanks for your hint.
> Read the file you edited: raddb/dictionary
It works now, I just changed the number to lower value. And you are right, it
is written there (even by capitals..)
One more question. Is there some easy way, how to use different SQL queries
(authorize_check_qu
51 matches
Mail list logo