Hi,
by not working I mean that if I authenticate on a 4MB line but set the
speed to 384k I still get 4MB. Thanks for all the other replies, though.
I must admit that dealing with Telkom is a formidable task. I will try
to get hold of their dictionary, though.
On 20/05/2013 14:03, Phil Mayers
Franks Andy (RLZ) IT Systems Engineer wrote:
> Thanks for the help.
> Anecdotally, before I get into serious discovery, I've been running
> the freeradius process in extra debugging mode -xx. I'd read somewhere
> that -X makes it run single threaded, but along those lines of thinking
> I wondered
Thanks for the help.
Anecdotally, before I get into serious discovery, I've been running
the freeradius process in extra debugging mode -xx. I'd read somewhere
that -X makes it run single threaded, but along those lines of thinking
I wondered if -xx and the extra debug was causing any performance
Vincent Rusilowicz wrote:
> Hi, I am new to FreeRadius and am having some difficulty setting it up.
Why? The default configuration works. You should be able to make
minor changes to it for things like IP assignment.
> My goal is to have requests from separate IP addresses authenticate to
> se
Roberto Carna wrote:
> Dear, my chief ask me to choose between Tacacs+ and Radius for switches
> and Linux SSH user authentication.
Linux authentication doesn't really use TACACS+ or RADIUS.
> I see radius is universally supported for every device and OS, but I
> can't tell soo much about Tacac
> Roberto Carna wrote:
> Sent: Monday, May 20, 2013 3:43 PM
> To: FreeRadius users mailing list
> Subject: Radius vs Tacacs+
>
> Dear, my chief ask me to choose between Tacacs+ and Radius for switches
> and Linux SSH user authentication.
This depends primarily on your cryptographic needs, and se
Many thanks Phil, all sorted.
Wrapping the sql:" statement with an update control fixed the Unknown Action
error. Haven't checked that I'm returning the correct stuff yet, but I'm past
this particular problem
Rgds
Alex
On 20 May 2013, at 17:16, Phil Mayers wrote:
> On 20/05/13 16:55, Alex Sha
On 20 May 2013, at 17:16, Phil Mayers wrote:
> On 20/05/13 16:55, Alex Sharaz wrote:
>
>> In this case I've got
>>
>> Tmp-String-0 := "%{sql:call
>> get_vlan_id('%{NAS-IP-Address}','%{User-Name}')}"
>>
>> get_vlan_id accepts two varchar arguments.
>>
>> Which, when I run radiusd -X -d
Hi, I am new to FreeRadius and am having some difficulty setting it up.
My goal is to have requests from separate IP addresses authenticate to separate
user files.
I have read through documentation and see this is possible but I can not get it
to work. Can anyone provide a lists of steps or ex
The reply should be Mikrotik-Rate-Limit += 512k/1024k. See
http://wiki.mikrotik.com/wiki/Manual:RADIUS_Client for all options and
double check spelling.
Thanks
Brent
>
> Hi all,
>
> How can one limit the ADSL speed on a per customer basis using
> freeradius? I have been trying a
> radiusReplyIt
On Mon, May 20, 2013 at 12:58 PM, Roberto Carna
wrote:
> Dear, I have:
>
> (A) One Freeradius server on Debian 6: freeradius installation and
> client.conf configuration
> (B) Another Debian 6 box with sshd: libpam-radius-auth installation
> (C) Several Windows and Linux ssh clients
>
> In (A) fre
On 20/05/13 16:55, Alex Sharaz wrote:
In this case I've got
Tmp-String-0 := "%{sql:call
get_vlan_id('%{NAS-IP-Address}','%{User-Name}')}"
get_vlan_id accepts two varchar arguments.
Which, when I run radiusd -X -d /etc/freeradius gives me
/etc/freeradius/sites-enabled/default[248]: U
Hi,
I've written a mysql stored procedure that accepts 2 arguments, the nas-ip
address of one of our (HP) switches and the calling station Id of a network
client ( it's a MAC auth so the User-Name=Calling-Station-Id below). The
procedure then queries various back end database tables to figure
*You can of course mandate something like the outer identity must
equal the inner identity, or require anonymous@..., which would make
the identity spoofing issue one of anonymisation alone.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
When you are using a traditional EAP type, the identity seen in the
EAPOL exchange is authoritative and can be trusted.
(Returning a User-Name AVP in an Access-Accept is unnecessary in this
case unless it needs to be normalised or customised, and is optional
as part of the RADIUS RFCs.)
When you a
Tom,
When you receive radius packets, you can pretty much tell what it is from the
headers them selves.
Usually there are some hints in the attribute or the way they format stuff.
Can you post one of the packets with all attributes NAS is sending you? Maybe I
can guess what it is.
But for sure mi
The real username in an EAP conversation is inside the encrypted EAP packets,
i.e. inside an EAP-TLS tunnel. The one in plain-text is a throw-away one (often
just @realm or anonymous@realm).
I can only surmise that the update reply in this case wants to ensure that no
User-Name attribute exists
Hmmm...strange. Actually that code was in the post-auth reject sections and
this is in the post-auth section:
update reply {
User-Name !* 0x00 #removes the User-name from the
Access-acc
ept
}
Any thoughts as to why they would add these?
David
-Original Message--
On 20 May 2013, at 09:34, "David Peterson"
wrote:
> I am fighting a buggy NAS and was told to add to the /sites-enabled/default
> file in the post-auth section this code:
>
> EAP-Message = "0x04040004"
> User-Name !* 0x00
>
I am fighting a buggy NAS and was told to add to the /sites-enabled/default
file in the post-auth section this code:
EAP-Message = "0x04040004"
User-Name !* 0x00
Message-Authenticator = "%{Message-Authenticator}"
Can
Hi Tom,
Would it be useful to ask Telkom SA and Broadband Infraco for the models of the
NASes they use and possibly their dictionaries? Although from what I understand
from a GLUG post, that information is... well... difficult to get hold of (even
when you're a big fish like Internet Solutions)
Franks Andy (RLZ) IT Systems Engineer wrote:
> Thanks Alan,
> It takes literary a second or so for a single client auth, but
> problems arise with multiple clients. I'll reset a card on the switch
> and capture the logs and see what's happening. Nothing as far as I
> remember pointed towards the
Hi Tom,
You need to contact Telkom and ask them for their dictionaries.
They have some rather "unique" attributes.
On 20 May 2013 15:26, "Cooper, Tom" wrote:
> We are in South Africa and using the local telco company's NAS'es. They
> have a mixture of them. Problem is that we have in excess of 4
Nasser Heidari wrote:
> I've already tried and it doesn't work.
That's a fairly useless response.
> for example I want to check for
> existence of a custom check-item in user profiles with unlang, I try this:
>
> If(control:custom_check_item) {
> ...
> }
>
> This always returns true in my cas
Cooper, Tom wrote:
We are in South Africa and using the local telco company's NAS'es. They
have a mixture of them. Problem is that we have in excess of 450 000 users.
Does the telco filter attributes you're sending back? Some wholesalers
protect their networks by limiting the attributes they
Cooper, Tom wrote:
> We are in South Africa and using the local telco company's NAS'es. They
> have a mixture of them.
The rate-limiting attributes are vendor-specific. And some vendors
have *no* rate-limiting attributes.
> Problem is that we have in excess of 450 000 users.
That makes it
I've already tried and it doesn't work. for example I want to check for
existence of a custom check-item in user profiles with unlang, I try this:
If(control:custom_check_item) {
...
}
This always returns true in my case , doesn't matter if a user have
custom_check_item in his profile or not.
--
Issues is each NAS vender needs different commands.
Cisco is av-pair rate limit
You already have mikro tick so you need to know what you are dealing with.
Regards,
Jonathan Bastin
- Reply message -
From: "Cooper, Tom"
To: "freeradius-users@lists.freeradius.org"
Subject: Limit ADSL
We are in South Africa and using the local telco company's NAS'es. They
have a mixture of them. Problem is that we have in excess of 450 000 users.
On 20/05/2013 13:57, Jonathan Bastin wrote:
> What routers are you using for this.
>
> Regards,
>
>
> Jonathan Bastin
>
>
> - Reply message ---
On 20/05/13 12:47, Cooper, Tom wrote:
Hi all,
How can one limit the ADSL speed on a per customer basis using
freeradius? I have been trying a
radiusReplyItem: Microtik-Rate-Limit += 512k/1024k, which people
recommend, but it does not look like it is working.
Ok, and what does that mean. "It is
On 20/05/13 10:59, stefan.pae...@diamond.ac.uk wrote:
Ahhh.
According to this conversation:
That's a really old conversation. See instead the link I posted in my
other email.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Mon, May 20, 2013 at 6:47 PM, Cooper, Tom wrote:
> Hi all,
>
> How can one limit the ADSL speed on a per customer basis using
> freeradius?
Look at your NAS (i.e. BRAS hardware, rp-pppoe, whatever)
documentation (or ask the vendor) to see what attributes it recognize
to limit speed.
> I have
What routers are you using for this.
Regards,
Jonathan Bastin
- Reply message -
From: "Cooper, Tom"
To: "freeradius-users@lists.freeradius.org"
Subject: Limit ADSL speed using radius?
Date: Mon, May 20, 2013 12:50
Hi all,
How can one limit the ADSL speed on a per customer basis
Hi all,
How can one limit the ADSL speed on a per customer basis using
freeradius? I have been trying a
radiusReplyItem: Microtik-Rate-Limit += 512k/1024k, which people
recommend, but it does not look like it is working. I have been surfing
the freeradius wiki for days now but no luck. I am usi
On 20 May 2013, at 03:03, Nasser Heidari wrote:
> Hi All,
>
> How can I reference to check items using unlang? When I use perl script ,
> simply reference it by $RAD_CHECK. For example I want to check if there is a
> check item in sql user profile , then do some actions using unlang and if
> n
Ahhh.
According to this conversation:
http://freeradius.1045715.n5.nabble.com/PEAP-EAP-TLS-with-client-and-server-certificate-td2760634.html
- FR does support PEAP-EAP-TLS :-)
Stefan
-Original Message-
From: freeradius-users-bounces+stefan.paetow=diamond.ac...@lists.freeradius.org
[
On 20/05/13 09:02, Robert wrote:
Hi
I use freeradius v2.1.10 in Debian Squeeze 6.0.1.
I want to know if freeradius supports the following methods :
See here:
http://notes.asd.me.uk/2012/01/20/freeradius-with-peap-eap-tls-for-microsoft-soh/
-
List info/subscribe/unsubscribe? See http://www.fr
On 20/05/13 10:25, stefan.pae...@diamond.ac.uk wrote:
It supports EAP with TTLS, TLS and PEAP, yes. Look at EAP.conf – you can
configure all supported options in there.
Not sure you've understood what he's asking there; he wants to know if
you can to PEAP with EAP-TLS as an inner.
The main a
It supports EAP with TTLS, TLS and PEAP, yes. Look at EAP.conf - you can
configure all supported options in there.
Regards
Stefan
From: freeradius-users-bounces+stefan.paetow=diamond.ac...@lists.freeradius.org
[mailto:freeradius-users-bounces+stefan.paetow=diamond.ac...@lists.freeradius.org]
Hi
I use freeradius v2.1.10 in Debian Squeeze 6.0.1.
I want to know if freeradius supports the following methods :
l EAP PEAP/TLS
l EAP PEAP/EAP-TLS
?
The client I use is wpa_supplicant v0.6.9.
Regards,
Robert
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/l
Hi All,
How can I reference to check items using unlang? When I use perl script ,
simply reference it by $RAD_CHECK. For example I want to check if there is a
check item in sql user profile , then do some actions using unlang and if
not then ignore it.
By the way I know that I can do that by quer
41 matches
Mail list logo