Platform is Ubuntu Linux 6.06 server i386 with kernel version 2.6.15-23.
Software is Freeradius 1.1.3 and MySQL 4.1.21. The problem is that the
Freeradius configure script will not detect the existance of the mysqlclient_r
library and subsequently fails to build the rlm_sql_mysql driver despite m
Quoting Christopher Carver <[EMAIL PROTECTED]>:
> Quoting Michael Mitchell <[EMAIL PROTECTED]>:
>
> > Hi Chris,
> >
> > Christopher Carver wrote:
> > >
> > > Thanks for the reply, Kevin. You got me on the right track, but I still
> > do
Quoting Michael Mitchell <[EMAIL PROTECTED]>:
> Hi Chris,
>
> Christopher Carver wrote:
> >
> > Thanks for the reply, Kevin. You got me on the right track, but I still
> don't
> > quite have it right. It seems as though the users file can only manipu
Quoting Kevin Bonner <[EMAIL PROTECTED]>:
> On Monday 13 November 2006 22:24, Christopher Carver wrote:
> > Hello,
> >
> > How do I rewrite the value of the User-Name attribute based on
> > Called-Station-Id? I need to do a series of these logical decisions
Hello,
How do I rewrite the value of the User-Name attribute based on
Called-Station-Id? I need to do a series of these logical decisions and
replace the username with username@ based on what the value of
Called-Station-Id is.
rlm_attr_rewrite seems the obvious choice, but I can't figure out how
Quoting [EMAIL PROTECTED]:
>
> Excuse me if this has been asked before but I am having a hard time finding
> it in the archives. I have a script that builds a radius users file out of
> a htpasswd file, the password entries are encrypted. This worked great on
> a Redhat Enterprise AS 3 server ru
Patrick Daley wrote:
I am having a pretty big problem that you all should be able to fix
fairly quickly, but I can’t seem to figure out how. I am using 2 Cisco
Aironet 1130AG’s with a freeRADIUS server I have all the users in it
and setup, but I seem to get this error every 30seconds on the A
vertito wrote:
vertito wrote:
My question is :
- What can a malicious user can do with the secret? Can it alter
accounting and other things? (chillispot uses chap auth-type)
one is spell it out and try rumble it so he forms a new word from it
Is it a real security problem? I wi
Correct, but you don't want to run it in a heavy production environment
for very long. While I don't have proof, it would HAVE to be less
efficient because it isn't using threads and its taking the time to
print everything. A little trick I use when I need to test something in
production is to ki
arver
Pennswoods.Net
Network Engineer
Mike Jakubik wrote:
Christopher Carver wrote:
In the users file you could have a line...
DEFAULT Called-Station-ID == 111222, Auth-Type := Reject
As i mentioned, i need to do this in the sql database and for each
group. Adding the Called-Station-
If the radius server in debugging mode isn't showing any sort of
access-request coming from the client, then the requests simply aren't
reach the server. This could be due to firewalling, your client looking
at the wrong host/port, or a variety of other things. I'd suggest using
tcpdump to se
In the users file you could have a line...
DEFAULT Called-Station-ID == 111222, Auth-Type := Reject
Chris Carver
Pennswoods.Net
Network Engineer
Mike Jakubik wrote:
Hello,
I need help restricting users based on the number they called. I am
using Freeradius 1.1.1 and a MySQL backend. I tr
Jeremy,
You need to make sure mysql (and mysql development headers/libraries)
installed on the server and then configure --with-mysql. When you
compile you should see the rlm_sql files in the lib dir of freeradius.
Watch the configure output and make sure it says that its configuring
mysql
I appreciate the dialogue we have here. I have been interested in doing
this as well, and have been tinkering with some code outside of
Freeradius to insert logins into a seperate table by reading the
radius.log file. I've been doing it this way because I didn't know it
was within Freeradius'
Mr. Linsalata,
Your offer is interesting. I have been administrating a freeradius server that
authenticates a customer base of 40,000 for the past 5 years. I'm interested
in the terms of your offer. I believe what you're trying to do is well within
my capabilities.
Chris Carver
Pennswoods.Net
Someone on the list can correct me if I'm wrong. But I always thought this
message meant that the radius server didn't respond as fast as the NAS had
expected, so, the NAS re-sent the request. Then the radius server ended up
with 2 identical requests. Its discarding the one, and acting upon the
Shawn Hamman wrote:
Ok, I am going insane.
This is the story:
I have two IDENTICAL servers, HP DL320, Intel P4
I have Fedora Core 5 installed on both with IDENTICAL packages.
I downloaded, extracted the freeradius-1.1.1.tar.gz and proceeded to
configure with the exact same configure statemen
Configure probably isn't finding the mysql libraries and/or header files
and isn't compiling the rlm_sql module properly. I'm not sure why this
is happening if everything is identical like you say, but its my bet.
Look in your freeradius-1.1.1/lib/ directory for the rlm_sql module
files. If
If you want to use rlm_sql you do this with the tables radius.usergroup
and radius.radgroupcheck. In radius.radgroupcheck you'd have something
like this:
++---+---+++
| id | GroupName | Attribute | op | Value |
++---+---++---
Make sure you handle the Digest problem first. This error means you are
selecting an auth-type of 'digest' for the user's authentication request
but you don't have the rlm_digest module configured. Look in
doc/rlm_digest in the source tree on how to configure this module, what
it does, etc...
My company tried to do the same thing awhile back. We had to use return
attributes to tell the NAS to give the user a specific IP pool. Then on
the NAS we had rules to redirect all traffic on that IP pool to the
webserver displaying the particular web address.
Nick Marino wrote:
Is there a w
Lewis Bergman wrote:
Christopher Carver wrote:
Hello,
I'd like to append @domain.com to every username before the
authentication step. I have been trying to use attr_rewrite to do
this but I've been unsuccessful. Is this the proper module to use?
Has anyone done this before?
I
Hello,
I'd like to append @domain.com to every username before the
authentication step. I have been trying to use attr_rewrite to do this
but I've been unsuccessful. Is this the proper module to use? Has
anyone done this before?
Thanks in advance,
Chris Carver
-
List info/subscribe/unsu
Alan DeKok wrote:
Christopher Carver <[EMAIL PROTECTED]> wrote:
I'm having some trouble getting all the Ascend-Data-Filter attributes I
set in the users file returned in an access-accept packet. Its strange
because some of the filters get returned, but others do not.
Th
Hi,
I'm having some trouble getting all the Ascend-Data-Filter attributes I
set in the users file returned in an access-accept packet. Its strange
because some of the filters get returned, but others do not. Its
creating a real problem for me. Here is the stanza where I match and
attach th
Madhuraka Godahewa wrote:
Hi All,
I installed freeRADIUS 1.0.5 recently, and configured the server as described
in the documentation files. My operating system is SUSE Linux 9.2. When I run
the 'radiusd -X' from the shell, the last four lines of the output are as
follows.
<
Listening on a
[EMAIL PROTECTED] wrote:
Hello all!
can anyone help me out with a template for the file hints as well as
huntgroups?
as far as i know those files are not needed if the accounting is done
via sql.
i still have got issues if i try disable the preprocessing for those
files.
anyone got any su
Radius wrote:
When I put the := system first and := local second in the user file,
it started working.
DEFAULT Auth-Type := System
Fall-Though = Yes
DEFAULT Auth-Type := Local
Fall-Though = Yes
It's working for both PAP and CHAP login's.
I heard this is not
[EMAIL PROTECTED] wrote:
I have tried to hire someone to help with my Radius over the last 6 month's
but have not been able to get it
working correctly.
As much as I would like to take your money, its probably not necessary.
:-) This is usually a very simple thing to get working.
I see
Andrej Sirk wrote:
You get the point, this is what I want. Where can I find a how-to.
thanks.
On 11/24/05, *Christopher Carver* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Andrej Sirk wrote:
> Hello,
>
> is possible to recive an radius pack
Andrej Sirk wrote:
Hello,
is possible to recive an radius packet in digest mode and then
transform it one another packet and use an different method.
thanks,
-
List info/subscribe/unsubscribe? See http://www.freerad
Mathias Dörr wrote:
Hello,
I have version 1.0.4 installed and trying know to make authorization/
authentication by the remote ip address, instead of username and password.
In the main distribution authorization/ authentication is based on username
/password. Where is the starting point to get th
Jorge Pomoro wrote:
Hi
I want to know how to limit the number of connections with a certain user
(Radius). I do not talk about simultaneous connections. That is to say, to
create a user and that can do login, for example, 5 times, after that, the
user is automatically rejected .
Is there an att
Quoting TK Lew <[EMAIL PROTECTED]>:
> hi Chris ::
>
> Thanks for the reply. Yes indeed my situation is a bit dodgy.
>
> I will explore the SQL option as session database.
>
> Thanks again.
>
> BR
>
> On 11/18/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > Quoting TK Lew <[EMAIL PROTECTED]>:
ndled
}
...
}
Give it a go, have a mess with it, and see what happens.
Hope that helps.
Mike
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Christopher Carver
Sent: Tuesday, 15 November 2005 1:51 PM
To: FreeRadius users mailing list
Subject: detail
Several NAS's we lease, whose configurations we cannot change,
authenticate through our freeradius server. The Alive packets we are
receiving from these machines are filling up our hard drive. Is there
any way to deny just these Alive type packets and continue to accept
Start and Stop packets
You need to be using the += operator. man 5 users in the operators section.
Ascend-Data-Filter += "ip in forward tcp dstip 2xx.2xx.4x.x/32 dstport =
25",
Ascend-Data-Filter += "ip in forward tcp dstip 2xx.2xx.4x.x/32 dstport =
25",
Ascend-Data-Filter += "ip in forward tcp
The scenario is complicated. I will try to keep this as short and
simple as possible. We are experiencing odd and different behavior when
we modify just the order of the huntgroups being built in
raddb/huntgroups. Nothing else is changed, just the ordering. FreeBSD
5.3-RELEASE w/ Freeradius
Hello,
Thanks everyone for the great product that I've relying on for the past
several years. I am now seeing a problem I hope someone can help with.
I'm using Freeradius-0.9.3 on FreeBSD 5.2.1-REALEASE. We have
Freeradius doing strictly dialup authentication. Some of the NAS's
querying t
39 matches
Mail list logo