On 1/11/13 2:35 PM, Alan DeKok wrote:
No.
Tell the administrator of the remote server to fix his system.
RADIUS *requires* replies to come from the same IP. Anything else is
broken. All RADIUS servers since 2000 or so should be able to work
correctly when they have multiple IPs.
the IP does not match that of the request. Is there a
way to configure FreeRadius to allow this?
Greg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
it possible to only do this with some RADIUS clients?
Thanks in advance
Greg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ny or
organisation who has implemented it in the way we wish to.
Thanks,
--
Greg Vickers
Phone: +61 7 3138 6902
IT Security Engineer & Project Manager
Queensland University of Technology, CRICOS No. 00213J
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
send it
to it. And the check it in pre-proxy (save yourself a proxy if user/pass
don't match). This should work with pap requests.
Ah, thank you! Apologies for the (to you) obvious problems in my
questions and statements, I've never done any RADIUS or LDAP
configuration before.
Cheer
o the Cisco ASA device
Does this sound right?
Cheers,
--
Greg Vickers
Phone: +61 7 3138 6902
IT Security Engineer & Project Manager
Queensland University of Technology, CRICOS No. 00213J
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
eRADIUS server. Can you elaborate on 'custom auth script', does
this mean that such a script would have to talk directly to our LDAP
directory as well as the SecurID server? I was hoping to have only the
FreeRADIUS server talking to our LDAP and SecurID servers.
Thanks,
--
Greg Vicker
AP directory.) Ideally we
would prompt them for username, password and tokencode at the same time.
Can FreeRADIUS do this (it seems that Access-Challenge is exactly what
we want: http://en.wikipedia.org/wiki/RADIUS#AAA) or a similar thing to
solve our requirement?
Thanks,
--
Greg Vickers
Pho
r 2
I'm looking for JUST the VMPS functionality of freeradius. Anyway to
try disabling all the other functionality and just compile the VMPS
portion of freeradius? I can't seem to find a list of all the options
to disable with the --disabl-"FEATURE" option from ./configure.
on multihomed
servers and it's the only way I found to solve it.
--Greg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Thu, 2008-11-20 at 12:38 -0800, Olavo wrote:
> Does anybody know about any Linux distro 64 bits that Freeradius will work
> for sure ?
I am using it on CentOS 5.2 x86_64. The freeradius package that comes
with CentOS 5 is old though, I compiled freeradius from source.
--Greg
-
Lis
age you need to fix a given error.
Google searches can help here.
--Greg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Whereas installing freeradius from
yum would automatically bring in all the dependencies. The reason I
compiled from source is that the RPM packages do not include the latest
version, and I needed the support for clients with dynamic addresses
which is only available in freeradius 2.1.1 and beyond.
--Greg
d wrote a monitoring script to make
sure everything that's supposed to be running is there.
--Greg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
e the logging capabilities are more fully documented that I just
haven't been able to find?
Thanks,
--Greg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
equal. The developers already put a lot of time into something
that I benefit from, so I would never ask them for this or begrudge them
use of their revision control system of choice, given that waiting for
the next stable release is always an option.
--Greg
-
List info/subscribe
asked me if I would try building the current pre-release. Since some of
the things supposedly fixed were compile problems on systems similar to
mine, I went ahead and went through the extra effort. Hopefully the
feedback provided from that was useful.
--Greg
-
List info/subscribe/unsubscribe? Se
alled, so I don't
really know what's installed on it unless I check. I do know that when
include files are not found, it might mean a -devel package needs to be
installed. I just ran into a couple of unusual problems doing that this
time.
--Greg
-
List info/subscribe/unsubscribe? See http
o the
CentOS box for configure and make. Just a bit more of a pain than
downloading a release tar file.
--Greg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
s build craps out if it tries to link against the i386
version (invalid symbol format), so I actually had to remove the
-devel.i386 packages before the build could happen.
While this was on CentOS, I expect the same things could bite somebody
using RHEL (or any x86_64 system with yum).
--Greg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
;ve just gotten
lazy since not quoting it works 99% of the time.
--Greg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
cal" instead
of just "/local/freeradius-git". A minor annoyance but I thought others
might want to hear about it. At least the error message was clear enough
that coming up with the workaround was easy.
--Greg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ot to mention
looking like a moron on the list :-)
--Greg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Tue, 2008-09-09 at 19:50 +0200, Alan DeKok wrote:
> Please checkout and build git.freeradius.org.
OK, I got this done. It configures and makes on my system (CentOS
release 5.2 (Final) -- x86_64) with no problems. Now on to some fun with
dynamic clients.
--Greg
-
List info/subscr
hen it's not so blindingly obvious that the problem is a
missing -devel package rather than a configuration/compilation issue.
--Greg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
git on my Fedora 9 workstation (where git
packages do exist), learn to use it, check out the code, copy it to the
CentOS box, etc. All doable if I can find the time.
--Greg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ich is a feature we really need here since many of our
clients are DHCP-configured workstations.
Thanks for the help!
--Greg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
e libltdl subdirectory, so I can probably figure out how to get around
this if I have to.
--Greg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
more or less likely.
I'm a Debian user caught by their licensing trap, and I hateses
compiling and revisioning one-off packages for something so simple.
Thanks for your time.
-Greg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
end server to accomplish that. If I do try to do something
organization-wide, it will probably be better to have some kind of
database (LDAP or SQL) involved.
--Greg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Fri, 2008-08-22 at 20:25 +0200, Alan DeKok wrote:
> Greg Woods wrote:
> I have to find a
> > way to specify in the front end proxy on a per-user basis which back end
> > server should be used.
>
> Use groups, or *something* else.
I can't find any informa
as to the correct way to
accomplish what I want? If so, what is the magic incantation to specify
which users should be in the SKEY realm? If somebody could just point me
down the right path, I'll be happy to read the relevant documentation to
come up with the correct syntax, but I haven't
hich case the client may ignore it. The fix for this is to have the
radius server listen on a single IP, which will cause that IP to be used
as the source and avoid this problem. tcpdump is your friend here too.
--Greg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
systems, if you have a
libblotto package, it only installs the dynamic libraries. If you want
to link statically, then you need libblotto-devel. So you may just need
some -devel packages.
The problems with statically linking have already been pretty well
covered here by someone else.
--Greg
-
Lis
On Wed, 2008-07-02 at 12:33 -0600, Greg Woods wrote:
> On Wed, 2008-07-02 at 17:15 +0100, Ivan Kalik wrote:
>
> > How sure are you that your auth script works?
>
> I'm not using a script. Under 1.1.7 at least, when "otp" is invoked, it
> communicates with ot
te directly with otpd via
the socket, is working fine.
--Greg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ring group authenticate
rlm_otp: otp_pwe_present: password attributes 2, 2
I cannot see from there why the server is not responding. I thought
maybe it was a firewall issue, so I made sure to try again after turning
off iptables, but the result is the same.
--Greg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the
authorize {} and authenticate {} sections. Is there something else
besides that which I might have missed?
--Greg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
in the above error
under 2.0.5) is:
DEFAULT Auth-Type = OTP
Fall-Through = No
Thanks for any pointers; I am pretty much dead in the water in my
migration at this point.
--Greg
FreeRADIUS Version 2.0.5, for host x86_64-unknown-linux-gnu, built on Jun 27
2008 at 13:28:09
Copyright (C) 1999-200
Does it work with PHP4 or should I install 3?
On 1/8/07 1:07 PM, "Greg Hartung" <[EMAIL PROTECTED]> wrote:
> Any ideas where to begin? Is this an apache, php or mysql problem?
>
>
> On 1/5/07 9:14 PM, "Don Schultz" <[EMAIL PROTECTED]> wrote:
>
p page
> if there are users in them.
>
> Second, a white screen suggests a problem. sql_debug does output to the
> browser window, provided php and all that are working correctly.
>
> --
> Don Schultz
>
> Airdial Technologies
> http://www.airdial.net
>
>
> G
gt; Try setting sql_debug..or debug_sql to on in the main config file of
> dialup admin and see if it yields any errors..to check if it is
> workin..just create a users using dialup admin..and then check the
> existance of the user in the mysql tables using phpmyadmin..the
> created u
h no groups. The rest of the
menu items are either a blank white or blank green screen.
I am using Mysql and I have configured user,pwd, dbname, etc. in
admin.conf and I have run the 4 "create table" scripts.
Does it log anywhere?
How do I tell if it's hitting the db?
That was it. Thanks!
Greg
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
us.org] On Behalf Of Alan DeKok
Sent: Wednesday, July 12, 2006 8:54 PM
To: FreeRadius users mailing list
Subject: Re: error unknown host, but it is configured in clients.conf
"Greg Ha
That's what I was wondering too, but I haven't been able to figure
out how to tell. So the only thing I could think of was to mv the
clients.conf file. It didn't show up as an error on restart, so I would
suspect it is not reading it. Why would that be?
Thanks,
Greg
-O
= aaa
}
And I’ve tried both stop/start and kill 1 ‘cat the
pid file’
So… what am I doing wrong?
Thanks!
Greg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I am still trying to get the rlm_x99_token to work. I am now testing
with a SecureNet Key token (A "generic" in the x99passwd file). This
token I know how to manually program, so I can guarantee that I know the
DES key and have entered it properly in the x99passwd file.
The user interface is, I en
reeradius. I have gotten as far as having the special password "resync"
generate a display of the challenge, but without the proper keys for the
cards in the x99passwd file, I can't actually authenticate users with
them.
Thanks,
--Greg
Reporting-MTA: dns; mscan1.ucar.edu
X-Postfix-Q
Marcin Jessa wrote:
Hi.
This can be done with hungroups or realms.
I use RouterOS as my NAS which has a Mikrotik-Realm Attribute.
If user's Mikrotik-Realm stored in radcheck differs from the one configured on the NAS, the user gets rejected.
This way each user can have separate realm value stored
Pedro Amado wrote:
Hi,
does anyone know how can i disable the possibility of a user login 2
times at the same time in diferente places?
I believe there is a default attribute is "Simulatenous-Use", but I know
that I use Ascend-Maximum-Channels for my dialup boxes, but this
requires accounting in
We are running freeradius 0.9.3.1 on RH ES3. CDR accounting records from
a Cisco AS5350 are logged to both a detail file and to Postgres SQL
running on the same box. The issue appears to be the following:
For some calls, our PRI will terminate the call immediately because of
unknown number, b
aha! works like a charm. I was mis-reading the docs on that, but I now
see how it works.
Cheers!
Kostas Kalevras wrote:
On Tue, 19 Apr 2005, Greg Ulyatt wrote:
I'm trying to get a 2 server SQL setup going where all user data is
kept on one system, and the accounting is on another. I have
I'm trying to get a 2 server SQL setup going where all user data is kept
on one system, and the accounting is on another. I have tried several
things (including copying&renaming sql.conf to sqlacct.conf then using
them both... no joy!)
Of course, I could do this with radrelay but that seems to
query manually against
the table to see what results you receive?
What happens when you do what 4.7 of the FAQ recommends?
(http://www.freeradius.org/faq/#4.7)
-Greg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jason Frisvold wrote:
On Apr 4, 2005 4:25 PM, Greg Swift <[EMAIL PROTECTED]> wrote:
Sending Access-Accept of id 188 to 64.238.139.2:7016
Reply-Message = "This feature is not enabled for this userid"
Ascend-Maximum-Channels := 0
Finished request 38
This loo
Greg Swift wrote:
Are these the Freeradius RPMs you are using (not from this site
specifically, but the link is incase you want it)
ftp://rpmfind.net/linux/fedora/core/3/i386/os/Fedora/RPMS/freeradius-1.0.1-1.i386.rpm
ftp://rpmfind.net/linux/fedora/core/3/i386/os/Fedora/RPMS/freeradius-mysql
gs this is the default for
interversion communication with mysql:
mysql3client -> mysql4server NO
mysql4client -> mysql3server YES
-Greg
-Greg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jason Frisvold wrote:
On Apr 4, 2005 2:30 PM, Greg Swift <[EMAIL PROTECTED]> wrote:
I was working on my system, and to be honest I had never really tried to
verify if my "disabled" users group worked properly. Then this morning
I shutdown a user that was spamming, and put th
ot)
would be to change "num_sql_socks" in sql.conf down to 1... just to see
if it starts...
-greg
CREATE TABLE `nas` (
`id` int(10) NOT NULL auto_increment,
`nasname` varchar(128) NOT NULL default '',
`shortname` varchar(32) default NULL,
`type` varchar(30) default '
And as me and a co-worker read through the FAQ again he points something
out to me that we both raised our eyebrows at the last line... might
(i'm hoping) need an update.
2.1 Is there a WWW site set up for FreeRADIUS information?
Yes, the FreeRADIUS Server WWW site is at
ht
I was working on my system, and to be honest I had never really tried to
verify if my "disabled" users group worked properly. Then this morning
I shutdown a user that was spamming, and put them in that group, and
they were back online a minute later... I was very confused at this
point. The l
ed is
there any way to pipe the log_file into a program so I can send them to
a central resource, or use a radrelay like program?
Cheers,
Greg Ulyatt
REDNET Systems Administrator
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
gure out how to use radius .. I'd be very interesting
in hearing how.
-greg
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Doug
Lewis
Sent: Tuesday, August 24, 2004 11:14
To: [EMAIL PROTECTED]
Subject: cable modems
Can Freeradius provide authentica
end of
the time period, allowing you to just reprint tickets..
Imho it would be better to use a db setup.. But to each his own.
-greg
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of sarky
Sent: Tuesday, August 17, 2004 7:45
To: [EMAIL PROTECTED]
Subject
dump into MySQL to create your table.
For instance.
I'm looking at the source for freeradius-1.0.0-pre3. In
doc/README-SQL.schema it points me to
src/modules/rlm_sql_drivers/rlm_sql_mysql/db_mysql.sql as the structure
file I can use to create my tables.
-Greg
-Original Message-
Fr
=111.111.111.111 222.222.222.222"
Cisco-AVPair += "ip:route=12.34.56.78 255.255.255.252 12.34.12.34"
I still don't see "ip:route" when using radtest. "ip:dns-servers" now
appears with DOUBLE double-quotes. (""..."")
What do you make
On Fri, 2004-01-30 at 11:00, Rainer Clasen wrote:
> Greg Bolshaw wrote:
> > Cisco-AVPair += ip:dns-servers=111.111.111.111 222.222.222.222
> > Cisco-AVPair += ip:route=12.34.56.78 255.255.255.252 12.34.12.34
> >
> > Any suggests as to what else could cause this?
>
;+="). I can
confirm however that the operator for both AV-Pair lines is set to "+=".
Any suggests as to what else could cause this?
Thanks in anticipation.
--
Kind regards
Greg Bolshaw
Consultant
Linux Technologies
http://www.linuxtechnologies.co.uk/
signature.asc
Description: This is a digitally signed message part
Fabio,
Se voce quiser ajuda em portugues, pode mandar um e-mail direto pra
[EMAIL PROTECTED]
Eu nao falo muito portugues, mas eu entendo o suficiente para te ajudar.
-Greg
for those who don't speak portuguese
If you want help in portuguese, you can send an e-mail dire
69 matches
Mail list logo
