Is there a way to proxy requests based on realms before checking the
MAC
address?
Yes. You can check if the User-Name contains an @ character. If
so, proxy. For example:
if (User-Name =~ /@/) {
suffix
if (updated) {
handled
}
mac-checks...
That should stop processing the request
Hello,
I'm new to Radius. So basically i tried to setup 2 Radius server, one runs
on our SLES 10 PROD (Radius and Novell LDAP sit on the same server) - this
is works fine using eap_mschapv2 authentication. Radius version is 1.X. We
use Radius to authenticate our wireless and get LDAP
Hi,
I'm new to Radius. So basically i tried to setup 2 Radius server, one runs
on our SLES 10 PROD (Radius and Novell LDAP sit on the same server) - this
is works fine using eap_mschapv2 authentication. Radius version is 1.X. We
use Radius to authenticate our wireless and get LDAP
thank you for your reply. Yes i didn't just copy and paste, i did follow
the instruction on Novell support page too and from community.
So what i want to confirm here, are you saying that means in debug mode its
normal for me admin to see the user password? I mean it's normal
behaviour of radius
On 21.02.2013 10:15, Danny Kurniawan wrote:
In Radius 1.x - SLES 10 when i run radiusd -X ; i don't see the user
password (which is good). but in Radius 2.1.1 i can see it clearly ...
how can i eliminate this cleartext password being showed there? I'm new
to this authentication method or
Server: up2date Centos 6.3 x64
Software: freeradius 2.2.0
configured by ./configure, generated by GNU Autoconf 2.61,
with options \'--prefix=/usr/local/freeradius' '--with-dhcp'
'--with-rlm_mysql=no' '--with-rlm_perl=no' --enable-ltdl-install\
radiusd -X starts OK, and then, after first
Hi Oliver,
Thanks a lot. So could you please let me know how can i disabled the output
(which conf file and what need to be added). Also by saying echo it do i
need to put something into a config file or just echo command while i'm at
radiusd - X debug mode?
Thanks
Danny
--
Best Regards,
Danny
Hi,
So what i want to confirm here, are you saying that means in debug mode
its normal for me admin to see the user password? I mean it's normal
behaviour of radius 2.1.1?
yes. its normal behaviour - debug mode is for trouble-shooting/problem-solving
not a mode you would run in a day
On Thu, Feb 21, 2013 at 05:58:14PM +0800, Danny Kurniawan wrote:
Thanks a lot. So could you please let me know how can i disabled the output
(which conf file and what need to be added). Also by saying echo it do i
need to put something into a config file or just echo command while i'm at
Hi,
Thanks a lot. So could you please let me know how can i disabled the
output (which conf file and what need to be added). Also by saying echo it
do i need to put something into a config file or just echo command while
i'm at radiusd - X debug mode?
you'll need to edit the
On 02/21/2013 10:23 AM, Igor Smitran wrote:
Received DHCP-Discover of id 08f11b15 from 10.21.192.1:67 to 0.0.0.0:67
Parse error Parse error or name in attributein attributein ode
Dropping packet without response.
Going to the next request
Waking up in 0.9 seconds.
My bad, sorry everyone, i
Oliver Warda wrote:
Is it possible to use the realm instead and should this be placed
within the users file?
Use the example I gave you, and search for @realm instead of @.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
1. In sqlippool.conf is stated:
#
# WARNING: MySQL has certain limitations that means it can
# hand out the same IP address to 2 different users.
#
# We suggest using an SQL DB with proper transaction
#
steff...@gmx.de wrote:
These are versions 2.1.9 and 2.2.0.
It may happen from time to time that a zombie child appears. But they
will get cleaned up when the server receives more packets.
If you get *many* zombies, it's a problem. But one for 2-3 seconds
isn't an issue.
Alan DeKok.
-
Original-Nachricht
Datum: Thu, 21 Feb 2013 09:39:30 -0500
Von: Alan DeKok al...@deployingradius.com
An: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Betreff: Re: echo module creating zombies
steff...@gmx.de wrote:
These are versions 2.1.9 and
Hello All,
I would like to get help with the following.
There is a freeradius server that is proxying every mschapv2 request to a
homeserver using the DEFAULT realm.
The same server is also handling EAP requests and then proxying the inner
request through the DEFAULT realm.
Is is possible to
Hi Phil,
I have now a working config.
authorize section :
...
# auth_log
# Caching module will allow to log twice with the same OTP.
# Cached entry will be removed after second login or at
# the end of TTL (value set in modules/cache)
cache
if (ok) {
# entry found in cache; set
Hi.
I'm trying to manage Huntgroup checking into radgroupcheck table, but doesn't
seem to work.
Given the following properties:
radcheck:
F01 MD5-Password := somemd5hash
radusergroup
F01 HuntGroup01
radgroupcheck
F01 Huntgroup-Name =~ nas04|nas05
the user is always authenticated,
I had a bit of code cause a segfault in 3.0.0.
Post-Auth-Type REJECT {
attr_filter.access_reject
update reply {
EAP-Message = 0x04040004
Message-Authenticator = %{Message-Authenticator}
David Peterson wrote:
I had a bit of code cause a segfault in 3.0.0.
See doc/bugs.
Message-Authenticator = %{Message-Authenticator}
Don't do that. Message-Authebnticator is calculated automatically.
Just do:
Message-Authenticator = 0x00
Is there any reason I
steff...@gmx.de wrote:
Ok... I'm somewhere in between many and short time zombies with version 2.2.0
- there is one zombie that stays until the next request and gets then
replaced by the next zombie.
Well, that's what I said they will get cleaned up when the server
receives more packets.
OK sounds good. Unfortunately this is a production system so I can't
implement the full debug. I will try to recreate this in the lab.
David
-Original Message-
From:
freeradius-users-bounces+david.peterson=acc-corp@lists.freeradius.org
Original-Nachricht
Datum: Thu, 21 Feb 2013 12:12:59 -0500
Von: Alan DeKok al...@deployingradius.com
An: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Betreff: Re: echo module creating zombies
steff...@gmx.de wrote:
Ok... I'm somewhere in between
Post the debug output, as suggested in the FAQ, man page, web
pages, and daily on this list.
I posted the freeradius -X output into the linked file... Aren't you referring
to that?
Given the following properties:
radcheck:
F01 MD5-Password := somemd5hash
radusergroup
Lorenzo Milesi wrote:
I'm trying to manage Huntgroup checking into radgroupcheck table, but doesn't
seem to work.
Post the debug output, as suggested in the FAQ, man page, web pages,
and daily on this list.
Given the following properties:
radcheck:
F01 MD5-Password := somemd5hash
David Peterson wrote:
Does this help at all or am I going about this wrong:
It helps.
Exiting normally.
==10285== Invalid read of size 8
==10285==at 0x40DA08: cf_section_parse_free (conffile.c:344)
==10285==by 0x7889C50: eaptype_free (mem.c:253)
Do a git pull. The master
David Peterson wrote:
I just put this together yesterday but just in case:
From git://git.freeradius.org/freeradius-server
f822263..99fedbc master - origin/master
* [new branch] talloc3- origin/talloc3
Already up-to-date.
Well, there's no call to cf_section_parse_free()
Does this help at all or am I going about this wrong:
Exiting normally.
==10285== Invalid read of size 8
==10285==at 0x40DA08: cf_section_parse_free (conffile.c:344)
==10285==by 0x7889C50: eaptype_free (mem.c:253)
==10285==by 0x788759E: eap_detach (rlm_eap.c:69)
==10285==by
Igor Smitran wrote:
Does this mean that only thing needed is to create innodb tables? Module
will use transactions automaticaly?
Yes.
2. Is freeradius ready to work as dhcp server for IPv6? Would it be
enough to insert some new words into dictionary and change configuration
appropriately?
Bertalan Voros wrote:
There is a freeradius server that is proxying every mschapv2 request to
a homeserver using the DEFAULT realm.
The same server is also handling EAP requests and then proxying the
inner request through the DEFAULT realm.
Is is possible to set up fail-over using two
OK it still shows the cf_section_parse_free()
Should I do something other than:
make clean
./configure
make
make install
David
-Original Message-
From: Alan DeKok [mailto:al...@deployingradius.com]
Sent: Thursday, February 21, 2013 1:45 PM
To: David
I just put this together yesterday but just in case:
From git://git.freeradius.org/freeradius-server
f822263..99fedbc master - origin/master
* [new branch] talloc3- origin/talloc3
Already up-to-date.
-Original Message-
From: Alan DeKok [mailto:al...@deployingradius.com]
Lorenzo Milesi wrote:
Post the debug output, as suggested in the FAQ, man page, web
pages, and daily on this list.
I posted the freeradius -X output into the linked file... Aren't you
referring to that?
The debug output should be posted here. There's no reason put a
zipped version
The debug output should be posted here. There's no reason put a
zipped version on a separate web site.
I just wanted to write a more clean email. Here it is...
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
EHLO list!
We're running into a strange issue here and would like the input of the
FreeRADIUS community.
Using rlm_perl with our own perl module for post_auth, everything is
running smoothly until, for an unknown reason, it looks like the
RAD_REQUEST hash is becoming empty.
Here's a snippet
Hi,
OK it still shows the cf_section_parse_free()
IIRC there was a small issue with GIT commmits
yesterdayso either force the pull (talloc wasnt
the last stuff...theres been quite a few things since then)
or just blow away the current freeradius-server
source directory and do a fresh clone
hi,
quick query with some outout I see when radiusd starts uo
(this is 3.x HEAD).
I see the following message when attr_filter modules are being
loaded up:
reading pairlist file /etc/raddb/attrs
[/etc/raddb/attrs]:134 WARNING! Check item Local-Priv-Level found in filter
list for realm
Hi freeradiusers,
In purpose to implementing eap-sim supplicant i created the following
virtual infrastructure :
supplicant -- NAS (Access Point)
- freeradius server
10.0.0.1 Ethernet
38 matches
Mail list logo