Navodit Bhardwaj writes:
> Can someone help me with detail steps for configuring CHAP
This is covered by
wiki.freeradius.org/guide/Basic-configuration-HOWTO
Bjørn
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ondrej Famera writes:
> freeRADIUS server:
> radius.example.com
> - IPv4: 10.0.0.1
> - IPv6: 2001:a:b:c::1
>
> NAS device:
> dev1.example.com
> - IPv4: 10.0.0.2
> - IPv6: 2001:a:b:c::2
>
> RADIUS nas table:
> id | nasname | shortname | type | ports |secret |
> community | de
Henrik Karlsson writes:
> Hi guys,
> I am a quite new user of the Free Radius Server and i have a problem.
> I have an old Dial In system.
> I want to reject all calls from one or more Calling Station ID regardless of
> username or password. I have tried to edit the user file like this
>
> USERN
Arran Cudbard-Bell writes:
> On 30 Oct 2012, at 07:57, Bjørn Mork wrote:
>> Alan DeKok writes:
>>> fknet wrote:
>>>> Hello people!
>>>>
>>>> What's the ideal Hardware (processor+memory) to run FreeRadius+MySQL for
>>>>
Alan DeKok writes:
> fknet wrote:
>> Hello people!
>>
>> What's the ideal Hardware (processor+memory) to run FreeRadius+MySQL for
>> authentication of 3000 PPPoE users?
>
> Any iPhone 4 could handle that traffic.
Yes, but how do I build FR for an iphone?
Bjørn :-)
-
List info/subscribe/unsub
Ben Brown writes:
> On Fri, Aug 17, 2012 at 08:56:37PM +0100, Scott Lambert wrote:
>> +ATTRIBUTE Mikrotik-Delegated-IPV6-Pool22 string
>
> I'd suggest that this should be type 'ipv6prefix'.
I don't think so. It seems this is referring to a pre-configured pool
by pool name.
B
Alan DeKok writes:
> fab junkmail wrote:
>> I have tried filtering out Proxy-State attribute for proxied CoA in
>> pre.proxy section but it does not seem to work for me. Debug mentions
>> the following which makes me think it is not using the DEFAULT section
>> of attrs.pre-proxy:
>
> You can't
alan buxey writes:
> what does 'which radclient' tell you and what does eg 'locate radclient'
> give you?
Or the most obvious one: What does "radclient -v" say?
Bjørn
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan Buxey writes:
>
>> At my new working place I have inherited a FR 1.1.3 running on CentOS 5.6.
>> Beyond being outdated and unsupported, this FR setup is causing a lot of
>> problems so I plan a migration to RHEL5 and FR 2.1.12.
>> I've been searching but I cannot find a procedure describing
"Paul Stewart" writes:
> I'm trying to get an understanding on a FreeRadius installation how to
> enable the unisphere.dictionary. There are specific attributes in that file
> that we need such as "Unisphere-Ingress-Policy-Name". By default, this
> dictionary file is commented out due to "attri
Alan DeKok writes:
> claude.brown wrote:
>
>> - Performance issues on our MySQL backend that we didn't have budget to
>> resolve
>> - Thread lock-up's inside MySQL library yet no MySQL server queries were
>> active
>
> I've seen lots of people running MySQL with 300K+ users, and no
> problems.
Arran Cudbard-Bell writes:
> The wiki does NOT require you to login to view content, that's the
> whole point of the new wiki. You're trying to access a page that
> doesn't exist. If you had even bothered to read the URL you'd have
> seen that it contained the word create, that would have given y
Alan DeKok writes:
> It's a typo. The real message is about "encrypt=3"
Thanks. I'm going to relax again then :-)
Bjørn
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
I just stumbled across this which made me worry a bit:
commit f8f58e4bec03d832ad4480b90e7dd531ae0d787d
Author: Alan T. DeKok
Date: Wed Oct 19 17:20:37 2011 +0200
Only "string" can have "encrypt=2"
diff --git a/src/lib/dict.c b/src/lib/dict.c
index f613664..bdf8065 100644
--- a/src
JennyBlunt writes:
> Sorry, my mistake - I had not added as another row in my radcheck table.
>
> Is there a decent online reference for such commands - I find myself wasting
> a lot of time here and looking through other forums...
The Wiki is starting to look very good. Thanks to everyone who
Andrej writes:
> On 26 October 2011 04:48, Bjørn Mork wrote:
>>> If the server is too slow to process requests, the kernel will throw
>>> away the UDP packets. This happens when the server is slow... whether
>>> it's threaded or not.
>
>> But then
Alan DeKok writes:
> Pierre Rondou wrote:
>>>It's possible that you're simply sending packets too fast. If the
>>> server doesn't read them from the socket quickly enough, the kernel will
>>> simply discard them.
>>
>> Well, then, why is this only happening in the multi-thread mode? If it
>>
Energ writes:
> how do i update RAD_REPLY correctly with perl if i want to add addtiotional
> Cisco-AVPair in reply?
> lets say user profile has Cisco-AVPair="something1". I can have multiple of
> those by adding to user profile another pair like this
> Cisco-AVPair+="something1". But how to do t
Dan Fisher | Fluidata writes:
> Hi,
>
> We are using Cisco and Juniper devices as LAC's to terminate DSL
> sessions before sending on via L2TP to customer LNS's. We allow our
> customers to use radius Attribute 67 via our radius servers to specify
> the tunnel-server-endpoint for their sessions.
Alexander Clouter writes:
> Alex rsm wrote:
>>
>> And added the following in src/modules/rlm_perl/example.pl
>>
>> sub authorize {
>>print "This is a TEST\n";
>> .
>> }
>>
>> However, When I send a simple test request I don't see my debug line.
>> I also don't see the message "per
yup. FR 2.1.12 rc working nicely. Release it, and see some more
traffic here
Bjørn
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"Sallee, Stephen (Jake)" writes:
> So! I am trying to replicate the Downloadable IP ACL function that we
> love so much in ACS, into Free RADIUS. It seems that this is done
> through the Cisco AV Pair radius attribute. If anyone has experience
> in this please drop me a line using my included c
Arran Cudbard-Bell writes:
> Ok I revise my statement - Almost no vendors send Acct-Session-ID in
> the Access-Request :).
>
> But really its very very rare for vendors to do this. I've never
> personally seen a product in the wild that does, and i've worked with
> a fair few.
Might be a configu
Arran Cudbard-Bell writes:
> RFC 2866:
>
>When a client is configured to use RADIUS Accounting, at the start of
>service delivery it will generate an Accounting Start packet
>describing the type of service being delivered and the user it is
>being delivered to, and will send that
Arran Cudbard-Bell writes:
> As Alan says your NAS won't generate Accounting-Requests if the RADIUS
> server rejects the user (unless its very broken).
Why would that be broken?
Yes, I do see that you can trigger RADIUS accounting traffic without
authenticating, but the additional load (both
Arran Cudbard-Bell writes:
> Acct-Session-ID isn't inserted into the postauth table, because it's
> generally not available in the Access-Request.
>
> It is theoretically possible to pre-assign an Acct-Session-ID, and its
> supported by the standards, but no NAS vendors do it because it
> require
Alan DeKok writes:
> Bjørn Mork wrote:
>
>> My problem is that the configuration seems a bit clumsy, given that I
>> cannot really change neither IP address nor secret from what's already
>> there in the FreeRADIUS client definition. It would have been ideal to
&
Hello,
I am trying to setup CoA proxying to a number of Juniper MXes. These
are a bit clumsy to configure as CoA servers: The CoA clients cannot be
configured explicitly. Instead they reuse the auth/acct configuration,
including secret, for CoA clients.
So I have a few hundred CoA servers (NASe
Alan DeKok writes:
> Alan Buxey wrote:
>> hmm, command.c and auth.c appears to have been updated but
>> still see no joy with 'radmin' as munin user (who is in radiusd group)
>>
>> Mon Sep 5 15:55:04 2011 : Error: Unauthorized connection to
>> /var/run/radiusd/radiusd.sock from gid 101
>
> My
Been running a week now, and the prerelease still looks good here as
well.
Bjørn
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan Buxey writes:
>> Oh, I've experienced lots of them! So many, in fact, that I figured it
>> was a common and well understood occurrence. Let me come up with an
>> easily reproducible example and I'll post the relevant information.
>
> 2.1.11 is out...and 2.1.12 is almost ready for release - d
Dom writes:
> That is why I am so confused. I do have this user in the users file
> and even tested authentication using NTradping and it works fine going
> directly from the Internet to the radius server. However when I try
> to authenticate via the LNS I see this error.
>
> any idea's.
Well,
Dom writes:
> [pap] WARNING! No "known good" password found for the user.
Looks good so far, but you need to tell freeradius the password for this
user...
E.g. by adding something like this to the "users" file:
aew...@domain.com Cleartext-Password := "password"
or configure some database bac
tohaikmeng writes:
> [root@FC-O ~]# radmin -e "del client ipaddr"
> ERROR: Must specify
> [root@FC-O ~]# radmin -e "del client ipaddr 192.168.169.74"
> ERROR: Client 192.168.169.74 was not dynamically defined.
Yes, that looks true even with yesterday's patch, provided ""
actually resolves to a
Arran Cudbard-Bell writes:
> Hi Alex,
>
> I just built from master myself
>
> And it seems to be working fine for me...
>
> radmin> del client ipaddr 192.168.1.1
> ERROR: No such client
> radmin> del client
> del client ipaddr - Delete a dynamically created client
> radmin> del client ipaddr 192
Arran Cudbard-Bell writes:
> On 23 Aug 2011, at 09:52, tohaikmeng wrote:
>>
>> What do you mean by parameter parsing?
>
> This:
>
> radmin> del client ipaddr 192.168.168.111
> ERROR: Must specify
> radmin> del client ipaddr 192.168.168.111
>
> Obviously the first form you used is correct, the fa
Igor Xpinha writes:
> # This is very important ! Without this script will not get the filled hashesh
> from main.
> use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK);
> #use Data::Dumper;
>
> # This is hash wich hold original request from radius
> my %RAD_REQUEST;
> # In this hash you add values th
John Dennis writes:
> * FreeRADIUS has way too much churn for a critical system
> service. Think about other system services, how often do you see
> kerberos, bind, iptables, pam, MySQL, etc. going through significant
> revisions? Are the administrators of those services constantly being
> told t
Arran Cudbard-Bell writes:
> Hi Bjørn,
>
> Could you please resubmit this via GitHub.
>
> http://wiki.freeradius.org/GitHub
Done. Thanks for the excellent instructions.
One question I didn't find the answer to though: Should I rebase patches
like this for all active branches (currently maste
This should make it compatible with JUNOSe version 12.1.1
and JUNOS version 11.2.
Signed-off-by: Bjørn Mork
---
share/dictionary.erx |8
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/share/dictionary.erx b/share/dictionary.erx
index 93584d2..7b84f0c 100644
--- a
JAHANZAIB SYED writes:
> The 'client' refuses to use Linux to share there media ftp server
> because of some of there own reasons. They insist to stick on IIS.
>
> So again I am asking for help , is there any way IIS can get
> authentication from freeradius server. there is a utility called
> RAD
Aurélien Lafranchise writes:
> I don't understand why, because the instant client is a free tool
No, it is not. The license terms are here:
http://www.oracle.com/technetwork/licenses/instant-client-lic-152016.html
As you can see, there are plenty of restrictions on what you can do with
this so
"Fajar A. Nugraha" writes:
> Short version, you need to compile oracle support yourself. There
> won't be any distro ship with freeradius-oracle due to lincense issue
> (well, except Oracle Linux, if they want to).
I don't think they can either. If they did, they would have to change
their lice
Alan DeKok writes:
> Bjørn Mork wrote:
>> Which implies that commit 5a710e98 is completely bogus. We cannot check
>> for existing servers that way. It would be possible to eliminate those
>> with matching file names and line numbers, but that would still fail for
>
Bjørn Mork writes:
> After upgrading to 2.1.11 I've noticed that I always get a
> "Duplicate virtual server" error when HUPing the server. This is
> obviously a result of the change in commit 5a710e98 but I have no idea
> how to fix it.
>
> Steps to recreate fr
After upgrading to 2.1.11 I've noticed that I always get a
"Duplicate virtual server" error when HUPing the server. This is
obviously a result of the change in commit 5a710e98 but I have no idea
how to fix it.
Steps to recreate from a fresh and default FreeRADIUS 2.1.11
installation:
1) start
"Brent Wilkinson" writes:
> I unfortunately have a large amount of hotspots that are behind dynamic
> ip's. We have tried to get as many of them onto statics as possible but are
> having issues with that. After having read through a few dozen different
> threads and readmes does freeradius have s
Pierre Durand writes:
>> Pierre Durand wrote:
>>
>>> But how sending also detailed logs
>>> (/var/log/freeradius/radacct/IP/detail-* i need?
>>>
>>raddb/sites-available/copy-acct-to-home-server
>>
>
> Sorry, the purpose is to send detailled logs to a centralization logs
> se
John Dennis writes:
> So why does this group think PKI doesn't work?
PKI works. gnupg is an example of that.
SSL doesn't work. Faulty design: Single trust anchor, black or white
trust only, and large commercial interests are all reasons for that.
Bjørn
-
List info/subscribe/unsubscribe? S
Alan DeKok writes:
> Alexander Shikoff wrote:
>> if take a look on line 358 of share/dictionary.dhcp you may notice '=':
>>
>> VALUE DHCP-Parameter-Request-List DHCP-Keep-Alive-Interval 38
>> VALUE DHCP-Parameter-Request-List DHCP-Keep=Alive-Garbage 39
>>
>> Is it possible typo?
>
>
Brian Carpio writes:
> I have a production environment which is running freeradiusd 2.1.8 and
> last night in the logs I see the following message
>
> Sat Jan 1 20:11:24 2011 : Error: Mon Jan 10 17:04:58 2011 : Info: Exiting
> normally.
>
> No one was on the box doing anything... I was looking
Josip Rodin writes:
> As usual, it would have helped if all parties would have steered away from
> snappy remarks. Rather than do that, it's often simpler and eminently more
> productive to keep silent.
You are of course correct. I apologise for my unnecessary comment. I
will try to avoid such
Fabien COMBERNOUS writes:
> In a complex environment to change a piece of software can have
> unexpected consequences. And so to change it, it demands long testing
> procedures for several teams. I already worked in this kind of
> environment. And you have to give good reasons enough to make a
>
Phil Pierotti writes:
> k, so is there *any* way to make "re-read the config" actually reread *all*
> the config as opposed to "only some arbitrary portion of said config which
> might possibly meet your needs, or maybe not"?
Just add "re-read the config" support to *all* modules. I'm sure
patc
Alan DeKok writes:
> Josip Rodin wrote:
>> Just ran across this IRL:
>>
>> Calling-Station-Id: GigabitEthernet 1/0/3.2045:2045#587202578###pppoe
>> c0:d0:44:e4:cf:3b#
>
> Arg. That's a *stupid* thing to do.
>
> It would have been saner to define VSAs to hold all of this
> information,
Michele Petrazzo writes:
> Only for curiosity, these chars are hard-coded inside the sources or
> in other place and loaded at startup?
defined like any other module option default in
src/modules/rlm_sql/rlm_sql.c :
static const CONF_PARSER module_config[] = {
/* .. */
{"safe-cha
Michele Petrazzo writes:
> today I discover a strange behaviour with FR and the PG backend: if
> the authorize_group_check_query query returns a value that has a plus
> sign (+) inside the groupname, FR thread that value as unicode. I
> think this because into the next authorize_group_reply_query
Murray Long writes:
> Would it be possible to control which realm freeradius proxies to,
> from within the rlm_perl module?
$RAD_CHECK{'Proxy-To-Realm'} = 'foo';
Bjørn
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ichiro tanaka writes:
> Proxy-Server recognition was repaired, if proxy-server did not include
> "dictionary.ascend".
I believe it is time to revisit the Ascend dictionary fixup. This was
done once, and then reverted for between 2.1.7 and 2.1.8:
commit e23e4754f755e6fe82a28e53ccc1b9ffcaf53fda
Alan DeKok writes:
> Thanks to everyone for being patient. Version 2.1.10 has just been
> released.
Great!
Just a minor web bug you might want to fix. There are spurious colons
after the server name in the download links on
http://freeradius.org/download.html
Version 2.1.10.: ftp://ftp
RCS keywords don't make sense with git, so use the RADIUSD_VERSION
macro instead, like the server and radmin already do.
Signed-off-by: Bjørn Mork
---
src/main/radclient.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/main/radclient.c b/src/main/radclient.c
Alan DeKok writes:
> I've put some preliminary tar files on:
>
> http://git.freeradius.org/pre/
>
> If there are any issues, let me know now. Otherwise we'll release
> 2.1.10 on Monday.
A little late into the game, but I just noticed this:
bj...@nemi:~$ radclient -v
radclient: $Id$ built
John Horne writes:
> Running Freeradius 2.1.10 on CentOS 5.5 I have been taking a quick look
> at the radmin 'hup' command. However, I am having a problem getting it
> to work:
>
> radmin -e hup
> ERROR: You do not have write permission. See "mode = rw"
> in /var/run/radiusd/radiusd.sock
"JUND, Aurélien" writes:
> example.pl:
>
> sub authorize {
> if ($RAD_REQUEST{'Service-Type'} = "Framed-User"){
This isn't a perl boolean expression...
>$RAD_CHECK{'Cleartext-Password'} = "1";
>$RAD_REPLY{'Callback-Number'} = "Number";
>
> return RLM_MODULE_
Alexander Kubatkin writes:
> this is with $RAD_REPLY{'DHCP-Domain-Name-Server'} = ["$ns1","$ns2"] ;
[..]
> rlm_perl: Added pair DHCP-Domain-Name-Server = NS1_ip
> rlm_perl: Added pair DHCP-Domain-Name-Server = NS2_ip
So, this works as expected.
> Sending DHCP-Ack of id ef3e6917 from DHCP-Server
Boian Jordanov writes:
> On Aug 22, 2010, at 3:06 PM, Alexander Kubatkin wrote:
>
>> В сообщении от Воскресенье 22 августа 2010 10:48:56 автор Alan DeKok написал:
>>> Alexander Kubatkin wrote:
This isn't working, i'm trying to put 2 dns-servers in dhcp configuration
like this:
$RAD_
"JUND, Aurélien" writes:
> 3 hashes are given to the module and filled with value-pairs (Attribute
> names and values):
>
> # %RAD_CHECK Read-only Check items
> # %RAD_REQUEST Read-only Attributes from the request
> # %RAD_REPLY
Alan DeKok writes:
> Bjørn Mork wrote:
>> I don't have any issues with the code, but I have one with the
>> repository: Could you please tag the 2.1.9 release (and of course the
>> 2.1.10 as well when it is released)? It's so much easier to look for
>> smal
Alan DeKok writes:
> Version 2.1.10 should be released soon. If there are any pressing
> issues people would like to get addressed, now is the time to speak up.
I don't have any issues with the code, but I have one with the
repository: Could you please tag the 2.1.9 release (and of course the
"Erick de A. Fabbio" writes:
> *radusergroup*
> idrevenda: 1
> username: "john"
> groupname: "office"
> priority: 1
Nope, I don't think so.
> [sql] expand: SELECT ug.groupname FROM radusergroup ug
> WHERE ug.username = '%{SQL-User-Name}' and ug.idrevenda =
> (SELECT dist
Alan DeKok writes:
> John Horne wrote:
>> Hmm. Given that the servers are lightly loaded, I guess we are looking
>> at packet loss over the network?
>
> Yes. Many packets lost. The NAS re-transmits, FR re-transmits, and
> the home server doesn't respond.
>
> The default timeout before marki
John Horne writes:
> On Thu, 2010-06-17 at 17:54 +0200, Alan DeKok wrote:
>> John Horne wrote:
>> > Why does it think it looks like it is dead?
>>
>> Because the home server didn't respond to *another* request.
>>
>> Each request has a timer. If the home server doesn't respond within
>> tha
Jakob Hirsch writes:
> Hi,
>
> Alan DeKok, 2010-05-24 12:28:
>> * re-open log file after HUP. Closes bug #63.
>
> Since the update to 2.1.9 a new log file is _only_ opened on HUP. Is
> this behaviour intended?
> Previously we just let logrotate rename the old logfile and freeradius
> created a
f0rud writes:
> So Mikrotik accept this (and then I can say shared secret is OK),
Sure? Did you try deliberately using a wrong secret to verify that the
NAS validates the request?
> but
> radclient report this as failed. how its possible? in this case server
> is NAS and accept the request , w
lixo lixao writes:
> How it should be?
Removed. I.e. don't set Auth-Type at all. The server will either
figure it out or tell you why it can't. Which will help you debug
further.
Bjørn
> 2010/6/8 Bjørn Mork
>
>> lixo lixao writes:
>>
>> > Aut
lixo lixao writes:
> Auth-Type := CHAP
This will always be wrong.
Bjørn
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Andreas Hartmann writes:
> Fri Jun 4 11:22:48 2010 : Info: [tls] WARNING: No information in
> ^
> cached session!
> ^^^
>
> Fri Jun 4 11:22:48 2010 : Info: [eap] Freeing handler
> Fri Jun 4 11:22:48 2010 : Info: ++[eap]
Bjørn Mork writes:
> while updating the outer.reply list gave:
>
> Thu Jun 3 17:00:07 2010 : Info: [ttls] Got tunneled Access-Accept
> Thu Jun 3 17:00:07 2010 : Info: [ttls] Saving response in the cache
But it still doesn't seem to work:
Fri Jun 4 07:09:03 2
Bjørn Mork writes:
> Alexander Clouter writes:
>
>> The 'No information to cache' means you do not have anything useful
>> (for example 'User-Name') in the reply packet.
>
> Makes sense.
>
>> In the post-auth of my inner-
Alexander Clouter writes:
> The 'No information to cache' means you do not have anything useful
> (for example 'User-Name') in the reply packet.
Makes sense.
> In the post-auth of my inner-eap virtual server I have added:
>
> post-auth {
> ...
> # needed for TTLS cache
> update repl
Andreas Hartmann writes:
> Yes, you're right - I meant option eap -> tls -> cache -> enable is
> switched _on_ and fast_reauth is on too on the supplicant. My wrong :-(.
>
> You can see it at this log entry at the initial login:
> Wed Jun 2 20:29:14 2010 : Info: [tls] Adding user data to cached
I thought I might share a configuration part that has proven useful for
us...
Based on the howto at http://wiki.freeradius.org/SQL_Huntgroup_HOWTO ,
we found that we might as well add the huntgroup name to the NAS table
when adding new NASes. No need to maintain two separate tables with the
NAS i
Rameshbabu Ragothaman writes:
> Is this fix available now ? (freeradius server to read the change in
> nas-table without restart)
Looks like I've expired the rest of this thread so this might have been
brought up before, but did you check out the
raddb/sites-available/dynamic-clients
example?
Jan Zacharias writes:
> Hey Bjørn,
>
> thank you very much! The output is:
>
> perl version: v5.10.1
>
> So it's clear that libperl and perl version do match.
>
> However if I add a "use IO::Socket::INET" in the myfile,
> I still get "freeradius: symbol lookup error:
> /usr/lib/perl/5.1
Nicolas Goutte writes:
> Am 25.05.2010 um 15:12 schrieb Jan Zacharias:
>
>> Isn't there a way to find out the perl version? I thought of "print
>> $1" but this does not
>> work as intended.
>
> Try using
>
> perl -V
Or if you want to check the version of the embedded perl interpreter FR
is using:
Jan Zacharias writes:
> I'm trying to get the freenac check_mac perl script running and get this
> error:
>
> freeradius: symbol lookup error: /usr/lib/perl/5.10/auto/Fcntl/Fcntl.so:
> undefined symbol: Perl_Istack_sp_ptr
See e.g.
http://lists.freeradius.org/mailman/htdig/freeradius-users/201
Hmm, this release doesn't seem to be tagged in the v2.1.x branch on
git://git.freeradius.org/freeradius-server.git
Am I looking at the wrong repository (again)?
Bjørn
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
VU VAN HUNG writes:
> Do anyones know why Diameter support faster roaming than RADIUS ?
Higher marketing budgets
> I've read some references but I dont understand.
In my experience, that often means that the claim just is not true.
Anyway, I believe you'd better ask whoever made that claim.
piston writes:
> Due some limitation, my partner is using two different server to
> handle different auth-type (PAP / EAP), said server1 only take PAP
> cannot handle EAP, server 2 take EAP cannot handle PAP.
>
> But their user (realm xyz.com), login at my location maybe
> authenticate by PAP or
"Tevfik Ceydeliler" writes:
> ##Users conf:
> Tevfikceydeliler Proxy-To-Realm := SecOvid, Pool-Name := "STATICPOOL"
> Service-Type := Framed-User,
> Framed-Protocol == PPP,
> Framed-MTU = 576,
> Framed-IP
"Mark Smith" writes:
> I have a Centos 5.3 server running the latest version of FreeRadius.
"latest" as in the latest included with Centos? If so, then upgrade.
> As you can see, the last two Cisco-AVPair lines, that have the attribute of
> '+=', appear twice in the returned values. If I chang
Satyam Mathura writes:
> Line 204 in my users file is the following:
> DEFAULT Auth-Type := Reject
You don't want that. It removes the server's ability to figure it out
by itself.
> my radgroupcheck config:
> ++--++++
> | id | groupnam
James Nedila writes:
> I have a rlm_perl script where i'd like to return multiple Cisco-AVPair
> attributes in an Access-Accept response.
>
> Since rlm_perl is passed hashes for RAD_REQUEST, RAD_CHECK, and RAD_REPLY,
> is there a way to pass an array as the value for the Cisco-AVPair hash key?
>
Alan DeKok writes:
> Palmer J.D.F. wrote:
>> We migrated to 2.1.8 (from 2.1.7) last week while things were quiet, as
>> the users have re-appeared after the holiday we've started to receive a
>> few reports from users stating that they have been getting lots of
>> prompts for credentials.
>
> Th
Osmany writes:
> On Thu, 2010-01-07 at 09:06 -0500, Osmany wrote:
>> On Thu, 2010-01-07 at 08:42 -0500, Michel Bulgado wrote:
>> > Bjørn Mork wrote:
>> > > Michel Bulgado writes:
>> > >
>> > >
>> > >> Try this way, remembe
Alan DeKok writes:
> Maybe something like:
>
> if (*Cisco-AVpair =~ /^client-mac-address=(.+)$/) {
>
> i.e. "*" means "any one matches"
Is it ever useful to match on a single one? You'll always have a hard
time knowing the order and number of attributes.
I believe you could just as
"Ben Wiechman" writes:
> Try removing the radreply entry with auth-type := accept. Won't that
> allow the user in regardless of the check items?
It should not be in the radreply table in any case so that should
certainly be removed.
But I don't think it makes any difference. The radcheck looku
Alan DeKok writes:
> Bjørn Mork wrote:
>> Just stumbled across a semi-related issue (all accounting modules
>> returned "noop" for a request) which made me wonder if not the recently
>> added documentation for handling noop accounting requests should be
>
Osmany writes:
> This time I used:
>
> |298|t...@internet.quimefa.cu|MD5-Password | := | password
> |313|t...@internet.quimefa.cu|Calling-Station-Id | =~ | 6480342|55
>
> and it still accepts the user from regardless of the phone number it's using.
> this is what comes up
> in the debu
Just stumbled across a semi-related issue (all accounting modules
returned "noop" for a request) which made me wonder if not the recently
added documentation for handling noop accounting requests should be
promoted to "enabled by default"? It does not make much sense to ignore
valid accounting req
1 - 100 of 199 matches
Mail list logo
