..
mschapadN
}
}
}
Is this along the lines that others follow? if not how does ntlmauth
handle the AD server being down. Does ntlmauth/winbind handle AD being
down so freeradius does not have to?
Thanks,
Neil
-
List info/subscribe/unsubscribe? See http
Thank you I'll check with the samba people and get a better understanding
of how ntlm_auth works.
On 29 Apr 2013 13:58, Alan DeKok al...@deployingradius.com wrote:
FreeRadius List wrote:
I use redundant-load-balance for ldap user auth to authenticate users to
a pool of active directory
hi all, can anyone show me how to conf VLAN assign,mac-auth-bypass, and
redirect url?thank you very much-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I have posted at
http://www.cardiothink.com/downloads/
a set of patches which, when applied to the latest stable
freeradius-client (version 1.1.6) and to the CVS version,
fixes the problem with PPTP and radiusclient that results
in failure of CHAP authentication with the syslog errors
Using freeradius 2.1.8, I have a sonicwall firewall that
authenticates VPN users against the freeradius server. The VPN
clients are the native MSFT VPN client.
When the client is configured for L2TP, MS-CHAP, the client connects.
When the client is configured for L2TP MSChapv2, the client
At 03:43 PM 10/13/2010, Alan DeKok wrote:
Wed Oct 13 14:50:57 2010 : Debug: Exec-Program output: NT_KEY:
DDE9BB9EA12ED17BE5F358CB53EE6A8F
Change the version of Samba that you're using. 3.5.5 contains a fix
which addresses this issue.
Thanks Alan. That server is running
I'm tinkering with my VPN setup using FreeRadius and AD, and getting
Not possible to verify the identity of the server. Some googling
shows that message can be related to certificates.
Some digging through the FreeRadius docs came up with:
If FreeRADIUS was configured to use OpenSSL
I authenticate VPN users where the VPN Server authenticates against a
LDAP server and FreeRadius 2.1.8 on CentOS. That generally, works
fine. I'm using a user account to authenticate the radius server
against AD for the queries.
What's odd is tho the other user accounts work, I can't
At 04:48 PM 8/24/2010, Rick Steeves wrote:
I authenticate VPN users where the VPN Server authenticates against
a LDAP server and FreeRadius 2.1.8 on CentOS. That generally, works
fine. I'm using a user account to authenticate the radius server
against AD for the queries.
What's odd is tho
We're in the process of upgrading from Windows
2003 to 2008 R2. Our Linux systems are CentOS
5.5. Looks like samba won't auth against 2008 r2.
So we upgraded to samba 3x, but that appears to break freeradius. Hrm.
We're using freeradius to auth VPN users that are
connecting from
At 11:36 AM 7/14/2010, you wrote:
HI,
Wed Jul 14 10:51:16 2010 : Info: [mschap] expand:
--nt-response=%{mschap:NT-Response:-00} -
--nt-response=a3492c6411f5548251a05606aa028964d34b69c58e61c7d5
Wed Jul 14 10:51:16 2010 : Debug: Exec-Program output: winbind
client not authorized to use
At 11:46 AM 7/14/2010, you wrote:
Rather than deal with the never-ending tail-chasing between samba
and Microsoft, I've decided to move toward using FreeRadius as a
proxy for the Windows radius implementation (formerly IAS, now
called NPS). I haven't completed the change, so I'm sorry that I
At 11:47 AM 7/14/2010, you wrote:
Sending Access-Accept of id 225 to 10.4.1.2 port 2452
Reply-Message := Authorized Users Only
MS-CHAP2-Success =
0x01533d39444636303933394145343137463835384143443632443
9374137343844413541313936
MS-MPPE-Recv-Key =
seemed to make a change that caused NT_KEY to be wrong. So just run
an older one. This problem is well described in the list archives
and eap.conf in recent FreeRadius source distros. The latest Samba
distributions should not have the problems.
The problem appears to be that samba 3.0.x doesn't
Thanks Alan
the easyhotsort people have leveraged, from what i can see, chillispot
and FreeRADIUS for their solution. as such, they are the ones who are
first in line to fix thingsI dont see why the volunteers in FreeRADIUS
should deal with the random logic and code from a 3rd party solution
Hello,
We just upgraded one of our FreeRadius servers from 1.3 to 2.0 (part of a
debian upgrade from Etch to Lenny).
Anyway one of the problems I'm having is updating the proxy.conf file.
It states that one should move away from the realm entry to the
home_server entry. So I have changed
Is there any way to get timestamps to display when running radiusd -X?
I get them when running as a service, but then I don't get the same
detail in radius.log
Rick
Rick Steeves
http://www.sinister.net
In reality nothing is more damaging to the adventurous spirit within
a man than a
In the release notes for 2.1.8 it says:
Document chase_referrals and rebind in raddb/modules/ldap
Well 2.1.7 says:
# The following two configuration items are for Active Directory
# compatibility. If you see the helpful operations error
# being returned to the LDAP
in rebind. Wat's it do?
It re-sends authentication credentials for referrals.
Active Directory has a habit of referring LDAP clients to a
*different* LDAP server. The client needs to re-authenticate to that
server before it answers queries.
Intereesting. What errors does freeradius thrown when
At 12:43 AM 1/20/2010, freerad...@corwyn.net wrote:
At 08:33 PM 1/14/2010, freerad...@corwyn.net wrote:
The Windows environment works, with one quirk, if no one has logged
in for a while (~15-30 min), the next user gets:
It looks like the only difference (besides MSCHAP strings) between
the
run their servers with that error message being flagged...surely
you read it and think 'WARNING? must check that out and fix it' ?
Sure do!, and posted the question :-) this is from a recent 2.17
install using the associated docs on the freeradius pages. . .
It's the same reason I keep asking
At 04:26 PM 1/24/2010, Alan Buxey wrote:
It's the same reason I keep asking about this error:
[ldap] looking for reply items in directory...
WARNING: No known good password was found in LDAP. Are you sure
that the user is configured correctly?
[ldap] user rsteeves authorized to use remote
At 12:19 PM 1/23/2010, Alan DeKok wrote:
John Morrissey wrote:
WARNING: Deprecated conditional expansion :-. See man unlang
for details
Use %{%{#User-Name}:-0}
Thanks Alan,
I have the same (or very similar issue):
[files] expand: OU=Enterprise,DC=int,DC=invtitle,DC=com -
Did the recent upgrade of freeradius2 add a ntlm_auth module?
I'm now seeing
Exec-Program output: Exec-Program: FAILED to execute
/path/to/ntlm_auth: No such file or directory
Exec-Program-Wait: plaintext: Exec-Program: FAILED to execute
/path/to/ntlm_auth: No such file or directory
I think that breaks most of the current instructions out there, since
the module seems to win out over what I have defined in radiusd.conf.
Heck, it breaks my 2.1.7 ones, and the wiki
If I just remove the exec from radiusd.conf ( and confiure the new
ntlm_auth module) everything should
At 04:49 PM 1/21/2010, Alan Buxey wrote:
you should avoid just lurching your old configs across to new versions.
best to start witha clean slate and then edit/add your logic as required
Perhaps. But having to rebuild everything to go from 2.1.7 to 2.1.8
is excessive.
Rick
-
List
At 02:50 AM 1/20/2010, Alan DeKok wrote:
freerad...@corwyn.net wrote:
But i see this in the log when running with radiusd -X:
[ldap] looking for reply items in directory...
WARNING: No known good password was found in LDAP. Are you sure that
the user is configured correctly?
It means
I've got something odd happening. I'm using freeradius and it's ldap
module to authenticate/ authorize users for a l2tp vpn connection.
Works (mostly) fine, except for some odd timeout issues I'll cover
elsewhere (see following post re: LDAP timeouts).
Valid users with valid passwords
At 08:33 PM 1/14/2010, freerad...@corwyn.net wrote:
The Windows environment works, with one quirk, if no one has logged
in for a while (~15-30 min), the next user gets:
Here's the full log of one of those events (redacted): Two
interesting points are noted with ***. The reconnect takes only
At 02:01 PM 1/18/2010, Eric Swanson wrote:
On Mon, Jan 18, 2010 at 10:51 AM, Bryan Boone
mailto:bryan-bo...@msn.combryan-bo...@msn.com wrote:
For me the simplest solution to solve this would be a windows 2003
server domain controller. Unfortunately due to some corporate
restrictions I cannot
I'm currently using freeradius2-2.1.7-2.el5 on CentOS 5.2 for Cisco
and L2TP VPN user authentication (via a Sonicwall firewall), using
LDAP back to a AD environment, with the Windows built in VPN client.
(for very specific details of that environment see my post of Tue,
Dec 1, 2009 at 6:31
I had everything working fine, and now it's not. (I use the ldap
module to auth)
When I look through the logs, I'm getting a winbindd_privileged error.
I've seen that before, where you apply:
chgrp radiusd /var/cache/samba/winbindd_privileged
chmod g+rw
I see that bugzilla has added Freeradius support. Went looking for
any type of guide, and seems obscured by freeradius using bugzilla
for bug tracking.
Can someone point me to anything that has pointers for using
freeradius to support my bugzilla implementation?
Rick
Rick Steeves
http
At 12:12 AM 12/11/2009, Alex Bahoor wrote:
For someone that claims words are important, you're not listening to
the people trying to tell you you're using words wrong.
random != dynamic for example
client != user would be another example.
The client is not the user. It's the physical
At 12:55 PM 12/5/2009, Alex Bahoor wrote:
Ivan,
I red that. Assigning dynamic ports other than the specific ones, could be
to resolve conflict incase the ports are assigned to different processes.
But that does not make sense, there must be other reasons, otherwise, tftp,
ftp, mail, telnet,
At 02:54 PM 12/5/2009, Alex Bahoor wrote:
Ivan,
Imagine DNS uses dynamic port assignment instead of port 53? Guess
what, no one would be able to use the internet. :-)
Alex
First, I believe you're trying to respond to me.
Second, you're asking questions about which you don't apparently
At 09:32 PM 12/5/2009, Alex Bahoor wrote:
I hope that help,
It helps show you're not worth bothering with. Thanks.
Bye.
Rick
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
At 04:33 AM 12/4/2009, Alan DeKok wrote:
freerad...@corwyn.net wrote:
Note that the configuring of SAMBA, kerberos, and adding to the domain
should already be done as part of the default Linux install, see
h:\is\operating system\Linux\Guide_linux.doc
This file is... ?
Heh, part of our
At 11:00 AM 12/4/2009, Alan DeKok wrote:
freerad...@corwyn.net wrote:
Update max_requests to # users * 256
That isn't necessary. It should be no more than max request/s *
max_request_time.
Well the docs say:
# max_requests: The maximum number of requests which the server keeps
#
At 04:09 PM 12/4/2009, Tim Sylvester wrote:
An alternative would be switching to CentOS which will be easier. You can
move to CentOS and follow the directions on the FreeRADIUS web site on how
to install in a RedHat environment. This would allow you to use the yum
utility which automatically
At 08:44 AM 12/3/2009, char...@copel.com wrote:
My environment is: FreeBSD 6.2 + Samba 3.0.26a + freeradius 1.1.7
How can I do this configuration for more than one NT group ? Any idea ?
See my post from Re: separating users, ~6:30, 12/1/09
I tried your approach (separate ntlm_auth execs
with L2TP against AD for a specific security group (VPN_Users)
Install
The linux site for the rpm download of freeradius2 is:
http://people.redhat.com/jdennis/freeradius-rhel-centos
Create /etc/yum.repos.d/freeradius2.repo:
[freeradius2]
name=Freeradius2
baseurl=http://people.redhat.com/jdennis
At 05:27 PM 12/3/2009, Alan Buxey wrote:
note, there are other packages should you need eg SQL support
Not if you're not using SQL support (which I'm not). You'd them also
need a lot of instructions on setting up SQL :-)
you didnt note if you were SELinux enabled and any issues that
might
Everything is all running well. Currently when a user logs in I get
this in the log:
Wed Dec 2 17:09:32 2009 : Auth: Login OK: [rsteeves] (from client
Cisco port 2 cli 10.20.31.17)
Is it possible to also have freeradius log where I was logging into
in addition to where I logged
but is still at
the plain command prompt. Im sure its
something simple Ive missed and Id be grateful
if you could give me any pointers.
Ive looked through the mailing-list archive,
and although one question is exactly the same
Freeradius and Cisco (cisco-avpair =
shell:priv-lvl=15 doesn't
At 05:29 PM 12/2/2009, t...@kalik.net wrote:
Client is where user is logging into, cli is where user is logging from.
Give more distinctive shortnames to clients.
Hmm. I was using a client group for a subnet.
client Cisco {
ipaddr = 10.100.0.0
netmask = 16
secret =
At 02:39 AM 12/1/2009, Alan DeKok wrote:
Because you've forced the ntlm_auth module to be run. That module
ONLY checks clear-text passwords, and there is NO clear-text password in
the request.
Change the line having
... Auth-Type := ntlm_auth, ...
to
... Auth-Type =
At 01:03 PM 12/1/2009, t...@kalik.net wrote:
Use unlang for better control of what happens:
if(Huntrgroup-Name == VPN_Huntgroup) {
if(Ldap-Group == VPN_Users) {
if(!control:Auth-Type) {
update control {
Auth-Type = ntlm_auth
}
me up 100%.
(Now to go write up all the docs for my own paper trail, and get them
in shape to go somewhere in the freeradius doc realm)
Rick
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The linux site for the rpm download of freeradius2 is:
http://people.redhat.com/jdennis/freeradius-rhel-centos
Create /etc/yum.repos.d/freeradius2.repo:
[freeradius2]
name=Freeradius2
baseurl=http://people.redhat.com/jdennis/freeradius-rhel-centos
enabled=1
gpgenabled=0
Install freeradius2:
yum
At 11:13 PM 11/29/2009, freerad...@corwyn.net wrote:
A resummary:
Goal: Authenticate and Authorize users that telnet into the switches
in Groups A and/or B based on their inclusion in a specific AD
security group for A B .
Environment:
CentOS 5.2 (IP 10.10.0.1)
freeradius2-2.1.7-2.el5
== Group2
Service-Type=NAS-Prompt-User,cisco-avpair=shell:priv-lvl=15
where I'm trying to authorize users in Group1 for one set of
switches, and users in Group2 for another set of switches, how does
freeradius know which is which?
Rick
Rick Steeves
http://www.sinister.net
At 11:21 AM 11/30/2009, freerad...@corwyn.net wrote:
Add to top of ./raddb/users:
DEFAULT Ldap-Group == UserGroup,Service-Type =
NAS-Prompt-User,cisco-avpair = shell:priv-lvl=15
DEFAULT Auth-Type = ntlm_auth
Hmm, it looks like
DEFAULT Ldap-Group == UserGroup,Service-Type =
At 03:27 PM 11/30/2009, David Mitchell wrote:
1) Don't specify the Auth-Type. You still want to check the password I
assume. I think your config will let in any user who is in group
Group1 irrespective of the supplied password.
Sigh. Here I was all excited that I had everything working, and
At 06:12 PM 11/30/2009, t...@kalik.net wrote:
You need to set fall-through so that you still do per user processing.
This is documented in the raddb/users file and you should also read
doc/processing_users_file
Or just add Auth-Type := ntlm_auth to the first line (ie. instead of
Accept).
At 09:41 PM 11/30/2009, you wrote:
Yes, if that DEFAULT entry doesn't match - it will get ignored. If you
want authentication to fail if such conditions are not met you need to add
Auth-Type to it. If there is no Fall-Through to DEFAULT forcing ntlm_auth,
Auth-Type won't be set and
At 06:24 PM 11/25/2009, Ivan Kalik wrote:
Configure AD as ldap server in ldap module (.raddb/modules/ldap).
Then add to users file:
Hmm, is there supposed to be a ldap module by default? Because I
don't have that.
Rick
-
List info/subscribe/unsubscribe? See
At 05:58 PM 11/29/2009, t...@kalik.net wrote:
Hmm, is there supposed to be a ldap module by default? Because I
don't have that.
Yes, in 2.x.
Nope. Brand new clean install of the RPM
freeradius2-libs-2.1.7-2.el5
freeradius2-2.1.7-2.el5
freeradius2-utils-2.1.7-2.el5
at least does not
At 06:26 PM 11/29/2009, freerad...@corwyn.net wrote:
at least does not include ./raddb/modules/ldap
Default startup even gives:
Module: Checking authenticate {...} for more modules to load
/etc/raddb/sites-enabled/default[287]: Failed to find module eap.
Ah, you need to install freeradius2-ldap then.
Yeah, that would do it.
OK, so since I have two different groups I'm trying to authenticate,
given previous advice, I'm going to need to copy the ldap module to,
say, ldap_a and ldap_b, and then in each copied module make a change
from ldap
At 06:24 PM 11/25/2009, Ivan Kalik wrote:
Configure AD as ldap server in ldap module (.raddb/modules/ldap).
Then add to users file:
DEFAULT Ldap-Group == max_priv_level or whatever is your group called
Service-Type = NAS-Prompt-User,
cisco-avpair =
Hi!
Forgive me for by bad English.
I've some problem with acctuniqueid. I use two freeradius server with
two node mysql cluster.
My freeradius version is 2.0.5. On both server threre is the same config.
The modules/acct_unique content on both server is set to default:
acct_unique
Alan DeKok on Thu, 26 Nov 2009 09:08:37 -0800 Wrote:
Odds are
because the Client-IP-Address is different. Everything else
in the packet
looks to be the same.
You are right!!! It 'was my mistake. It said
Client-IP-Address but I was reading Framed-IP-Address and did not
understand why hash
At 02:54 PM 11/25/2009, you wrote:
Just make it anothe file in the modules directory (like all the others).
Any file placed in that directory is authomatically included as a module.
Can you provide an example of that file?
Also, on the web page for AD config it has:
ntlm_auth =
+ server, I can log in successfully, so my problem
is somewhere in the authorization process, which isn't really (to
me) in that document.
Yet the results from the log show freeradius sending back
Sending Access-Accept of id 121 to 10.100.0.8 port 1812
rad_recv: Access-Request packet from host
At 05:04 PM 11/25/2009, t...@kalik.net wrote:
At 02:54 PM 11/25/2009, you wrote:
Just make it anothe file in the modules directory (like all the others).
Any file placed in that directory is authomatically included as a module.
Can you provide an example of that file?
Example for exec
At 05:57 PM 11/25/2009, Rick Steeves wrote:
I have the cisco configured per that guide already . However, I
don't want to put user / password info in the users file, because
that would defeat part of the model of centralized authentication to
AD. So I want that to feed authentication back to
At 06:24 PM 11/25/2009, you wrote:
Configure AD as ldap server in ldap module (.raddb/modules/ldap).
Then add to users file:
DEFAULT Ldap-Group == max_priv_level or whatever is your group called
Service-Type = NAS-Prompt-User,
cisco-avpair =
At 06:15 PM 11/25/2009, you wrote:
There are dozens of them there. Just save what is quoted in the
guide (with adjusted text) as a file into raddb/modules directory.
Yeah, and in tinkering with module files I clearly haven't had success.
so you're saying create a (adjusted for my environment)
ensure transactional consistency. This is the job of a
database.
Yes, very true - so it is conveivably possible that authorize_reply_query is
completed before my authorize_check_query has updated or inserted records.
I'm sure that there is a definitive answer to this question Does freeradius
wait
to this discussion with the assumption that the two queries we are
talking about might be executed synchronously by freeradius: as in both
functions are called at the same time, and the radius reply packet is
constructed from the joint results of both.
Perhaps this is just a plain dumb idea, but that has
Thanks Padam! That's just what I was hoping to hear :-)
Regards, Mike.
From: freeradius-users-bounces+freeradius=duxtel@lists.freeradius.org
[mailto:freeradius-users-bounces+freeradius=duxtel@lists.freeradius.org]
On Behalf Of Padam J Singh
Sent: Monday, 23 November 2009 8:57 PM
freeradius2-2.1.7-2.el5
freeradius2-utils-2.1.7-2.el5
freeradius2-libs-2.1.7-2.el5
CentOS 5.2
I'm trying to get freeradius to authenticate with an AD server, using
the instructions at
http://deployingradius.com/documents/configuration/active_directory.html
The initial confirmation
At 10:24 AM 11/23/2009, freerad...@corwyn.net wrote:
to confirm, and it looks like it's working.
Hmm. I have two sets of authentication I care about, VPN Users, and
Cisco switches. I'd like to be able to control access to each of
those separately (different AD Security Groups, and different
At 02:33 PM 11/23/2009, Paul Ryszka wrote:
On Mon, 2009-11-23 at 13:35 -0500, freerad...@corwyn.net wrote:
Am I going to have to do something like create different modules
(ntlm_auth and ntlm_auth2) radiusd.conf in the module section?
You need to create two separate entries in modules having
Hi Folks!
I have a working freeRadius with Postgresql database behind it, and looking
at developing some additional functionality for a public access wireless
service requested by one of our customers.
The deal is that they want to allow limited access (by time/download etc) to
first-time
CentOS 5.2
installing freeradius from the default base repository
freeradius-1.1.3-1.5.el5_4
If I add, to the top of /etc/raddb/users:
bob Cleartext-Password := hello
Then when I attempt to start freeradius I get:
/etc/raddb/users[1]: Parse error (check) for entry bob: Unknown
At 01:17 PM 11/20/2009, t...@kalik.net wrote:
http://wiki.freeradius.org/Red_Hat_FAQ#Current_Pre-built_RPM.27s_for_RHEL_5_and_CentOS_5
Just what I needed - thanks!
Rick
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
I've just been assigned a task regarding a problem with freeradius.
Bear with me if my understanding of freeradius terminology is a bit
weak, as I have just started familiarizing myself with this software
today.
The situation is that we have a freeradius instance running as a
proxy
New to freeradius samba - and first post here.
Rather long post so to cut to the heart of the question:
Can freeradius be configured to authenticate users against an AD Forest
(multi-domain) using universal principal name (UPN) and if so...how?
I'm posting here because our only need for samba
Have some error in freeradius log:
Fri Jan 30 03:32:55 2009 : Info: rlm_sql (sql): There are no DB handles
to use! skipped 0, tried to connect 0
Fri Jan 30 03:32:55 2009 : Info: rlm_sql (sql): There are no DB handles
to use! skipped 0, tried to connect 0
Fri Jan 30 03:32:55 2009 : Info
Freeradius Mail List пишет:
Have some error in freeradius log:
Fri Jan 30 03:32:55 2009 : Info: rlm_sql (sql): There are no DB
handles to use! skipped 0, tried to connect 0
Fri Jan 30 03:32:55 2009 : Info: rlm_sql (sql): There are no DB
handles to use! skipped 0, tried to connect 0
Fri Jan 30
Hello,
have trouble with freeradius and snmp.
Freeradius log in debug mode:
...
SMUX connect try 1
SMUX SMUX open oid: 1.3.6.1.4.1.11344.1.1.1
SMUX open progname: radiusd
SMUX open password: x
SMUX SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1
SMUX register priority: -1
SMUX register operation: 1
unsubscribe
CompuLab - Consult
Robert Schuster
Am Karmelkloster 16
53229 Bonn
mailto: robert.schus...@compulab-consult.de
Tel. +49 228 97604-0
Fax. +49 228 97604-25
mobil +49 175 1606254
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
About this mailing:
You are receiving this e-mail because you subscribed to MSN
Thought I would let you know about the Fashion Footwear SPRING Sale!
Men and Women Designer Shoes, Heels, Sandals and Boots, All Half-OFF,
Buy Direct, Forget Department Store Prices, Get Exclusive 2008 Gucci
Prada Chanel, Christian Dior, Dsquared, Versace DG, Uggs and More!
They Ship International
Hi All Again
I have not fixed it, with all the playing around with FreeRadius
versions I had not got rlm_python loading when I believed I had fixed it.
Mike :(
Mike O'Connor wrote:
Hi All
I'm happy to say I have fixed this issue.
I'm not totally happy with the way I did it because it would
Hi All,
Ok, after reviewing all the information that was received, I've setup my
FreeRadius
as following:
1. The authorize and authenticate sections are setup to activate digest and
perl.
2. My rlm_perl script utilizes the following lines in order to return the
unencrypted
user password
Hi all,
Please disregard, I've solved the thing ;-) Silly typo in the return.
Z2L
- Original Message -
From: FreeRadius-ML [EMAIL PROTECTED]
To: freeradius-users freeradius-users@lists.freeradius.org
Sent: Thursday, July 26, 2007 6:41:21 PM (GMT+0200) Asia/Jerusalem
Subject: Fwd
section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module preprocess returns ok for request 8
radius_xlat:
'/usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070720'
rlm_detail:
/usr/local/freeradius/var/log/radius/radacct/%{Client-IP
Ok,
What I'm trying to do is have FreeRadius perform its AAA functions again a
PERL based
backend, which reads the user information from a proprietary system - via a TCP
interface.
The authorization section and the authenticate section both have PERL enabled
in them.
(I removed
Hi Peter,
Thanks, that was the missing part for me - I think. Just let me verify that I
got you correctly:
1. My OpenSER will send a request to FreeRadius including the full digest
information.
2. Once the request in intercepted by FreeRadius, my rlm_perl will simply
need to ask
Thanks, that makes everything much clearer now :-)
Cheers,
Z2L
- Original Message -
From: Peter Nixon [EMAIL PROTECTED]
To: [EMAIL PROTECTED], FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Sent: Wednesday, July 25, 2007 6:17:14 PM (GMT+0200) Asia/Jerusalem
by
FreeRadius will
be performed in accordance to the main program loop? For example, I will open a
socket in the
main loop, make sure it stays open, and the various functions will utilize the
socket that
was opened in the main loop - is that possible, or am I misunderstanding
something here
Thanks, that helps a bunch.
Another question, may be non related. Anyone has an idea how does OpenSER and
FreeRadius
calculate the Digest response for rlm_digest?
According to the output of my rlm_perl RAD_REQUEST, I'm getting the following
request from
the OpenSER server:
rlm_perl
, the Digest here is different, so I'm surely missing something
here.
Regards,
Z2L
- Original Message -
From: Peter Nixon [EMAIL PROTECTED]
To: [EMAIL PROTECTED], FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Sent: Tuesday, July 24, 2007 11:30:25 AM (GMT+0200) Asia
unable to access
the nonce field
from rlm_perl, unless, I'm missing something.
Regards,
Z2L
- Original Message -
From: FreeRadius-ML [EMAIL PROTECTED]
To: freeradius-users freeradius-users@lists.freeradius.org
Sent: Tuesday, July 24, 2007 11:43:19 AM (GMT+0200) Asia/Jerusalem
Subject
information about these, as I would like to get more information
on this, as there may be a possibility that I would be required to calculate
this externally.
Regards,
Z2L
- Original Message -
From: Phil Mayers [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users
Hi Phil,
I would agree, however, it kind of negates the purpose of using rlm_perl,
doesn't it?
Z2L
- Original Message -
From: Phil Mayers [EMAIL PROTECTED]
To: [EMAIL PROTECTED], FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Sent: Tuesday, July 24, 2007 2:07
preprocess returns ok for request 3
radius_xlat:
'/usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070719'
rlm_detail:
/usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/freeradius/var/log/radius/radacct/192.168.2.80
1 - 100 of 197 matches
Mail list logo