Le mardi 12 mars 2013 à 18:08 +0100, Staffan Meijer a écrit :
> I uncommented the eth0 line in the configuration file when radtest did
> not work with the original.
>
> Using the original configuration file I get;
> Listening on authentication address * port 1812
>
>
> and
>
>
> linux-vdis:/e
checkout v2.x.x ?
Does a tar cvfj could be OK ?
Best regards ,
Fred MAISON
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi freeradius-user,
Is it possible to use my gmail account to authenticate on the wiki
using openid ?
If yes, howto do it ?
Best regards,
Fred MAISON
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Just a little remark :
CentOS 5.8 has up-to-date freeradius 2.1.12 (binary and sources)
CentOS 6.2 only has freeradius 2.1.10 from upstream (redhat 6.2).
Best regards,
Fred MAISON
Le 6 mars 2012 13:06, Fajar A. Nugraha a écrit :
> On Tue, Mar 6, 2012 at 6:13 PM, Martin Mielke wrote:
>>
, Francois Gaudreault a écrit :
> I just tested using my spec, and it works perfectly (I have the same
> libtool packages).
>
> Did you change something in the spec?
>
> On 11-11-07 3:36 PM, Fred MAISON wrote:
> > Hi,
> > He are my libtool versions :
> > libtool-2.
Hi,
He are my libtool versions :
libtool-2.2.6-15.5.el6.x86_64
libtool-ltdl-2.2.6-15.5.el6.x86_64
libtool-ltdl-devel-2.2.6-15.5.el6.x86_64
regards,
Fred MAISON
Le lundi 07 novembre 2011 à 13:23 -0500, Francois Gaudreault a écrit :
> Hi,
>
> It works for me on CentOS 6, I am using
rror 2
gmake[2]: Leaving directory
`/home/support/rpmbuild/BUILD/freeradius-server-2.1.12/src'
gmake[1]: *** [src] Error 2
gmake[1]: Leaving directory
`/home/support/rpmbuild/BUILD/freeradius-server-2.1.12'
make: *** [all] Error 2
erreur: Mauvais status de sortie pour /var/tmp/rpm-tmp.nHY
declared (note 1°) , the
build reports missing radrelay.conf in
/var/tmp/freeradius-2.2.0./etc/raddb
Any idea ?
note 1° => %attr(640,root,radiusd) %config(noreplace)
/etc/raddb/radrelay.conf
Best regards,
Fred MAISON
2011/10/26 Francois Gaudreault :
> Hi,
>
> See Belo
2011/10/25 Fred :
> Phil,
> Yes, I am sure, but I don't have traces on hand...
> I will try to get some radiusd -X on 2.1.11 ASAP, as I can't do it now
> because I try to find a solution as I have to restart production in
> the next few hours ...
> Anyway, Thank a lot
Hi Francois,
As you did not gave any linl to your SRPM, could you share your spec ?
I still have some trouble with radrelay using my own spec with git
2.1.x, which is not version 2.2.0 ...
Best regards,
Fred
2011/10/25 Francois Gaudreault :
> Hi,
>
> The spec is a bit buggy, I had to
Phil,
Yes, I am sure, but I don't have traces on hand...
I will try to get some radiusd -X on 2.1.11 ASAP, as I can't do it now
because I try to find a solution as I have to restart production in
the next few hours ...
Anyway, Thank a lot for your kind help attempts.
Fred
2011/10/25 P
eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 1024
dh_key_length = 1024
Hi Phil,
Unfortunately, shortening eap module instance name to eap2 seems to
give same result.
Best regards,
Fred
2011/10/25 Phil Mayers :
> On 25/10/11 14:25, Fred wrote:
>>
>> Hi Alan,
>> While waiting for a fix on github, (I will not be able to rebuild my
>> ser
loopback IPs refer to a proxy listen or to
inner-tunnels author and authent listen IPs ?
Best regards,
Fred
2011/10/25 Alan DeKok :
> Phil Mayers wrote:
>> Ugh. OpenSSL really is a horrible, horrible piece of software.
>
> Yup.
>
>
>> I'll roll a patch up for the
Hi all,
I have a configuration with 2 wifi instances :
* default & inner-tunnel for internal users
* partners & partners.inner-eap for partners users.
for internal user, I have an eap.conf for outer and inner.eap.conf for inner
for partners, I have a partners.eap. with eap partners.eap
{...virtual
example at end of authorize section in you config or in
post-auth section :
if ( some condition ) {
$template updateWimax1
}
Fred
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
nlang %{client:my-realm} or
something like that.
so :
if ( "%{client:my-realm}" ) {
But in fact, I don't know how specifying a virtual server in
clients.conf could do a part of the job ...
2011/10/20 Phil Mayers :
> On 10/20/2011 05:10 PM, Fred wrote:
>>
>> Hi all,
>&g
s, each with similar configuration.
It seems this cannot be used in users file ...
Instead, you can use $INCLUDE in radiusd.conf ...
Regards,
Fred
2011/10/20 Krzysztof Grobelak :
> Hello,
>
> I am having some troubles creating templates with wimax attributes for
> users. I created files wi
Hi all,
Is there any way to select proxying or not based on client ip ?
I would like to have
* some nas authenticated locally (in fact via ldap)
* some other nas proxyied to another radius.
Does home_server parameter in clients.conf could help ?
Best regards,
Fred
-
List info/subscribe
regards
2011/10/6 Arran Cudbard-Bell :
>
> On 6 Oct 2011, at 14:15, Fred wrote:
>
>> he all,
>> Here is some possible enhancement on dictionary.trapeze
>
> Shouldn't this be dictionary.juniper now anyway? Can someone to check whether
> the rebranded juniper stuf
Alan,
As you can see, some new attributes are not part of freeradius 2 nor 3
dictionary.trapeze defs.
Best regards,
Fred
# -*- text -*-
#
# dictionary.trapeze
#
# For use with FreeRadius and Trapeze Networks MSS software 1.1
# or greater.
#
# For assistance, email supp
Sorry Alan, I made a cut/paste of another dict format.
I will post the dictionary in freeradius format ASAP...
Best regards,
Fred
2011/10/6 Alan DeKok :
> Fred wrote:
>> he all,
>> Here is some possible enhancement on dictionary.trapeze
>
> Huh The "VENDORATTR&
7 string
+ATTRIBUTE Trapeze-URL 8 string
+
+END-VENDOR Trapeze
Best regards,
Fred MAISON
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
eleted"
or as a list with | separated value :
access_attr_deny_value = "inactive|deleted"
Best regards,
Fred Maison
2011/10/3 Fred :
> Hi all,
>
> This patch is an attempt to have a more generic custom access_attr
> support, by introducing a new ldap module configuration paramete
= inetUserStatus # OID
2.16.840.1.113730.3.1.692
access_attr_deny_value = "inactive"
With this setup, if inetUSerStatus is set to inactive in ldap
directory for a particular user, this user will be rejected early
durin
Ho Phil,
Could you explain the interest of un-named server ?
Best regards,
Fred
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
){
RDEBUG("checking if remote access for %s is
allowed by %s",
request->username->vp_strvalue, inst->access_attr);
if (!strncmp(vals[0],
inst->access_attr_deny_value,
sizeof(inst->access_attr_deny_value)))
No, HOSTNAME is not used in default config, as Alan stated before.
I believe this is a plateform-specific issue and not really a
freeradius issue...
Fred
2011/9/29 Ben Brown :
>> It seems environment passed to freeradius at startup does not have
>> HOSTNAME defined.
>
> Which
(not defined!)
HOSTNAME=`hostname` ./getenv
PWD (/home/support/src/getenv)
PATH (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin)
SHELL (/bin/bash)
SHLVL (2)
HOSTNAME(radius3.nsslab)
Best regards,
Fred
2011/9/29 Ben Brown :
&
erver for an array
attribute which has already been retrieved by server.
Is there any other way to check those (already retrieved values)
without making a new ldap call because of Ldap-Group == "xxx"
conditional ?
Best regards,
Fred
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
:
export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" ### this is present in original
export HOSTNAME="`hostname`" ### this has to be added to access $ENV{HOSTNAME}
Please note : other debian base distro as Ubuntu show same issue.
Best regards
Fred
-
List info/subscribe/u
Hello,
Could someone explain difference between a home_server and a virtual_server
in freeradius 2 (2.1.10+) ?
Best regards
Fred
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
: Info: ++[ldap] returns ok
Fri Sep 23 12:54:05 2011 : Info: [files] users: Matched entry user_sps at
line 1
Fri Sep 23 12:54:05 2011 : Info: ++[files] returns ok
Best regards,
Fred MAISON
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
http://wiki.freeradius.org/Clients.conf
2011/9/20, Dagia Dorjsuren :
> Hello all,
>
> How to configure
> multiple NAS (NAS-IP-Address) in freeradius? Which radius database's
> table should I add "NAS-IP-Address" attributes?
>
> Anyone advise me?
>
-
List info/subscribe/unsubscribe? See http
Hi,
Configure freeradius with his ldap module and a ldap server as openldap.
http://wiki.freeradius.org/Rlm_ldap could be a good start.
Fred,
2011/9/20, Rajkumar balaji :
> Hi All,
>
> I just want to store user details like, The user name is "ABC" and the user
> belongs t
cat /usr/share/freeradius/dictionary.juniper
Best regards,
Fred MAISON
2011/7/15, Igor Smitran :
> It is my first time to setup Juniper ERX-1440 with freeradius. All my
> other NAS's are cisco.
> I was trying to setup checkrad to check for simultaneous connections and
> realize
default
settings to /usr/local, but I can't create installable RPMs for
upgrade my CentOS/RedHat servers to 2.1.11
Here is the script i use to create build environment, followed with
errors at the end of the rpmbuild.
Best regards,
Fred
#
#!/bin/sh
#
RPMBUI
0038 rip 0040fde8 rsp
7fff3b994e50 error 4
Unfortunately, I have not been able to find the date of the issue ...
Does this seems to you a known issue ?
If not, what may I do to further investigate ?
Best regards
Fred MAISON
-
List info/subscribe/unsubscribe? See http
under CentOS5.5 x86_64.
Best regards
Fred MAISON
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
I would appreciate to get an account on the wiki.
Best regards,
Fred MAISON
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
son I can rsync configurations between my differents servers, just
excluding local.conf in rsync ...
So, this is not a freeradius problem.
Thanks anyway for you help.
Best regards,
Fred MAISON
Le mercredi 02 juin 2010 à 13:25 -0400, John Dennis a écrit :
> On 06/02/2010 12:54 PM, Fred MAI
regards,
Fred MAISON
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
have to proxy to for a particular real.
Best regards,
Fred MAISON
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
post-auth {
if ( !(Ldap-Group == "wireless" )) {
fail
}
Le mardi 01 juin 2010 à 16:03 +0200, Alan DeKok a écrit :
> Fred MAISON wrote:
> > I surely misunderstand something : in my test :
> > User is found on ldap in group wireless, but (Ldap-Gr
-Group != "wireless") -> TRUE
++? if (Ldap-Group != "wireless") -> TRUE
++- entering if (Ldap-Group != "wireless") {...}
+++[control] returns noop
+++[reject] returns reject
++- if (Ldap-Group != "wireless") returns reject
} # server inner-tunnel
[peap]
Hello all,
I encounter difficulties to check for a radiusgroupname via LDAP by not
using file /etc/raddb/users, as this seems to be difficult to avoid ldap
checks for anonymous identities if default config is modified.
I must service eap-peap and eap-ttls with mschapv2.
How can i make checks on l
ftp://ftp.freeradius.org/pub/radius/
Le mardi 25 mai 2010 à 10:43 +0200, Bjørn Mork a écrit :
> Hmm, this release doesn't seem to be tagged in the v2.1.x branch on
> git://git.freeradius.org/freeradius-server.git
>
> Am I looking at the wrong repository (again)?
>
>
> Bjørn
>
> -
> List info/s
> Fred MAISON wrote:
> > Yes, JUAC is an inner EAP protocol, inside ttls or peap.
>
> Then you should be able to proxy it by just proxying the inner tunnel
> data.
>
Yes, how can I do that ? May I activate proxy-inner-tunnel site along
with inner-tunnel site ?
EAP-JUAC
Pull update spec files, etc. from RedHat into the redhat/ directory.
Does this mean freeradius 2.1.9 can now been rebuild again from your
standard 2.1.9 source tree, thus making Freeradius RedHat FAQ a bit
obsolete ?
Best regards,
Fred MAISON
-
List info/subscribe/unsubscribe? See http
Le lundi 24 mai 2010 à 11:49 +0200, Alan DeKok a écrit :
> Fred MAISON wrote:
> > Is there any way to proxy freeradius unsupported eap-type to an external
> > radius ?
>
> EAP does not allow this.
>
> By the time EAP has decided on an EAP type, the EAP conv
Software) tunneled to a
Juniper UAC device.
I try to avoid my actual proxy setup where a specific real is tunneled
to UAC. The problem is that end-users can bypass UAC proxying by simply
changing their domain identity ...
Best regards
Fred MAISON
-
List info/subscribe/unsubscribe? See http
Great !
Thanks, Alan.
Le jeudi 20 mai 2010 à 13:39 +0200, Alan DeKok a écrit :
> Fred MAISON wrote:
> > Is there any way to reference hostname (in fact hostname -s) in
> > configuration files, in order to have identical configuration files tree
> > on both a normal and a ba
port = 1813
ipaddr = 10.1.1.2
}
.
best regards,
Fred
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Le lundi 03 mai 2010 à 18:29 +0100, Alexander Clouter a écrit :
> Fred MAISON wrote:
> >
> > [snipped[
> >
> > For example :
> > dictionnary :
> > ATTRIBUTE My-Nas-Type 3000string
> >
> > clients.conf :
> >
> > cli
Hello freeradius-users,
In many cases, when there is no attributes in request to differenciate
the kind of NAS and if we need to build a reply with NAS-Dependant
(AVPAIR) attributes, the only solution is to affect the huntgroup by
checking again the NAS-IP-Address in preprocessing.
I would like t
Le lundi 03 mai 2010 à 16:58 +0200, Alan DeKok a écrit :
> Fred MAISON wrote:
> > With this setup, access-accept are logged, but access-reject does not
> > seems to be logged.
> >
> > Is this the normal behaviour ?
>
> Yes. See Post-Auth-Type Reject. Th
logged as well as access-accept ?
Best regards,
Fred MAISON
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(anonymous
or other fancy id encoutered in customer's freeradius v1 production
auth_logs ...)
I have eapol_test log and freeradius -X available.
Would you have some guideline to achieve this ?
Best regards
Fred
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Le vendredi 12 mars 2010 à 10:30 -0500, John Dennis a écrit :
> On 03/12/2010 09:12 AM, Fred MAISON wrote:
> > OK, Alan, It's clear.
> > Unfortunately, logrotate version on last RedHat/CentOS does not support
> > MMDD dateext function I can find on Debian ...
>
OK, Alan, It's clear.
Unfortunately, logrotate version on last RedHat/CentOS does not support
MMDD dateext function I can find on Debian ...
I will have to write a postrotate script to do it.
Thanks a lot.
Fred
> Date: Fri, 12 Mar 2010 14:04:03 +0100
> From: Alan DeKok
&g
instead
of /var/log/radius/c4france.20100312...
Is the any way to achieve this setup ?
Best regards
Fred
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks a lot, Alan,
Do you have any readmap infos available or any idea of 2.2
availability (some month, this year ) ?
Best regards,
Fred
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
gistering ldap_groupcmp for Ldap-Group
rlm_ldap: Creating new attribute ldap2-Ldap-Group
Best regards,
Fred MAISON
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks, Alan, I will check.
Bye.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
before
sites instanciation, I found no way to dedicate huntgroup and users
file to each server instance, as done previously for clients...
Is there any way to achieve this without having to launch many radiusd
in differents location ?
Best regards,
Fred MAISON
-
List info/subscribe/unsubscribe? See
Hi James,
Thank you for your reply!
I tried many aaa configurations but it does not solve the problem for me
Using 'debug radius' and 'debug isakmp error' on the CISCO, I can see that
it complains about "Unknown attr 0x4E24, 0x4E25, ..." and then ISAKMP also
complains with the same attributes CON
.
I am also wanting to know how the calculate the new specs for the new
servers.
Many thanks in advance.
Regards
Fred
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I have just discovered that if I just proceed and do a "sudo make
install" it obviously fails. But I then go back and do a "make" and it
has no errors, then I do the "sudo make install" again and it works.
Have I still done something wrong and can I trust the
Error 2
make[1]: Leaving directory `/home/fredz/freeradius-1.1.7'
make: *** [all] Error 2
I have no idea what to look for or where to look.
Any comments would be helpful
Regards
Fred
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
client can logout. The small web window also shows information
about the current session, ie. Time online, data in/out and the like.
It is this information I am refering to.
I hope this is clear.
Regards
Fred
-Original Message-
From: Alan DeKok <[EMAIL PROTECTED]>
To: [EMAIL PRO
updated as expected,
only thye clock cycles over.
This is a hotcakes install.
I have no idea on what to look for.
Any comments would be most helpfull
Regards
Fred
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ne:
--with-rlm-sqlcounter-include-dir=/usr/include/sqlcounter \
But again this doesn't exist on the build machine.
I look forward to your comments.
Regards
Fred
-Original Message-
From: Matt Garretson <[EMAIL PROTECTED]>
To: FreeRadius users mailing list
Date: Wed, 15 Au
Nothing is wrong.
If you are installing freeradius from RPM on Fedora and you want to use
an SQL backend then you need both freeradius and freeradius-mysql
(complete with dependencies).
Regards
Fred
-Original Message-
From: zahra bahar <[EMAIL PROTECTED]>
To: FreeRadius users m
eeradius-1.1.7.tar.gz freeradius-1.1.7/redhat/freeradius.spec
$ cp freeradius-1.1.7/redhat/freeradius.spec ~/rpmbuild/SPECS/
$ cd ~/rpmbuild/RPMS/i386
$ rpm -Uvh freeradius-1.1.7-0.i386.rpm
No mods to the spec file (information required).
Regards
Fred
-
List info/subscribe/unsubscribe? See http
Fred
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The FramedIPAddress
are showing up in my accounting file (the detail-date file) but it's not
showing up in the radacct table in mysql. At first I thought it was an
issue with the NASes but the IPs are always showing up in the flat file
(after an Accounting Stop action) so I doubt the NASes ar
I'm running Fedora (FC4) with the Oracle Instantclient 10g rpms
(basic,devel,sqlplus,jdbc) and I'm trying to compile freeradius 1.1.0
with oracle support but the oracle module doesn't compile at all. It
seem like the rlm_sql_oracle configure and makefile are buggy as hell or
they only support a
been working on this for 3 weeks now,
searched gallaxies far away for info, god is now refusing to take my
calls, and my wife has threatened to lock me in my room so she doesn't
have to put up with me. I have also learned some very colorful words.
Someone please save me.
Fred
-
List i
78 matches
Mail list logo
