I ran into an issue where proxy.conf was globally readable for some reason,
freeradius wouldn't start because of this and this wasn't picked up by
radiusd -C. Can this check be added?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
* globally writable I mean
On Tue, Nov 27, 2012 at 8:55 AM, James Devine fxmul...@gmail.com wrote:
I ran into an issue where proxy.conf was globally readable for some
reason, freeradius wouldn't start because of this and this wasn't picked up
by radiusd -C. Can this check be added?
-
List
radiusd -XC seems to produce what I was looking for, thanks.
On Tue, Nov 27, 2012 at 9:10 AM, Alan DeKok al...@deployingradius.comwrote:
James Devine wrote:
* globally writable I mean
It already checks that.
$ chmod a+w raddb/proxy.con
$ radiusd -XC
...
Configuration file ./raddb
I have a freeradius server which has multiple IPs aliased on the same
interface. This works if I specify each IP explicitly in its own listen {
} section but if I try to listen on * all responses are sent from the same
IP regardless of which IP the request was received on.
-
List
On Fri, Nov 9, 2012 at 12:47 PM, Phil Mayers p.may...@imperial.ac.ukwrote:
James Devine fxmul...@gmail.com wrote:
I have a freeradius server which has multiple IPs aliased on the same
interface. This works if I specify each IP explicitly in its own
listen {
} section but if I try to listen
Does anyone know if there is a built in mechanism of retaining some
sort of state information between auth and acct packets without using
external means?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Is there a way to enable full debugging while still having it write to
the log file and not push into the foreground? We are seeing radius
packets coming in that I can locate via tcpdump but not via the logs.
We have a custom module which dumps the radius packet almost
immediately to logs which
al...@deployingradius.com wrote:
James Devine wrote:
I'm trying to setup a freeradius server on freebsd7 to authenticate
against the local passwd file and seem to be running into some
problems.
and /etc/pam.d/radiusd setup such as:
Err... why?
You don't need to use PAM to authenticate
I'm assuming you're referring to the shadow group? That wouldn't work
on freebsd though, I tried setting group to wheel with no success.
On Thu, Feb 4, 2010 at 8:52 AM, Alan DeKok al...@deployingradius.com wrote:
James Devine wrote:
the problem seems to be that getpwnam in rlm_unix is getting
of 0, the encrypted
password will be returned, otherwise, the password field of the returned
structure will point to the string `*'.
On Thu, Feb 4, 2010 at 9:23 AM, Alan DeKok al...@deployingradius.com wrote:
James Devine wrote:
I'm assuming you're referring to the shadow group
I'm trying to setup a freeradius server on freebsd7 to authenticate
against the local passwd file and seem to be running into some
problems.
in sites-available/default I setup authorize/authenticate such as:
authorize {
preprocess
chap
mschap
suffix
unix
files
expiration
logintime
pap
}
If a packet is received that contains an incorrect shared secret,
should something be logged? Looking through the logs, it looks like
freeradius still tries to process the request, the password is
mangled, but no mention of incorrect shared secret as far as I get
tell.
-
List
I have a custom module that I am having problems getting loaded. It
works fine on a freebsd machine, I just built 2.1.6 on an ubuntu
machine, which appears to put the modules in /usr/local/lib, so I
built the custom module and added it to /usr/local/lib and it cannot
find it:
Fri Sep 18 14:15:30
Well, in debugging mode, it doesn't log anything to the file, but the
debug output shows it being rejected. When I am not running in debug,
I only get 'Login OK: [zdls02/p2182111] (from client allowed_clients
port 536936642)' logged by the radius server, I am logging my own
simultaneous use
The authentication portion of the module returns ok, the session
portion returns reject, as it should.
On Wed, Jun 17, 2009 at 9:18 AM, Ivan Kalikt...@kalik.net wrote:
Well, in debugging mode, it doesn't log anything to the file, but the
debug output shows it being rejected. When I am not
Ah yes, I was doing that wrong, that seems to work much better now. Thank you.
On Wed, Jun 17, 2009 at 10:28 AM, Alan DeKokal...@deployingradius.com wrote:
James Devine wrote:
The authentication portion of the module returns ok, the session
portion returns reject, as it should
I have setup a custom module to do auth and acct. In debug mode
everything appears correct, and responses appear correct. When I
don't have radius running in debug mode, responses still appear
correct, but if auth fails due to simultaneous use, radius is logging
'Auth: Login OK'. Authentication
Is it possible for me to spin off my own thread to do background work
separate from individual requests in a module? I am trying to start a
thread from the instantiate call and then rejoin on the detach, this seems
to work when I run radius -X, but something is happening when radius is not
in
DeKok al...@deployingradius.comwrote:
James Devine wrote:
Is it possible for me to spin off my own thread to do background work
separate from individual requests in a module?
No.
Why would you do that? The OS already supports multiple processes.
Just run another process.
The RADIUS
I am looking at request information in a C module I am working on, and there
are various value_pairs such as Framed-Protocol who's type is
PW_TYPE_INTEGER but the content is actually a string. It does have a value
in the dictionary and I am guessing it is being mapped from this, but then
This mapping is working correctly. When looking at the VALUE_PAIR struct
for the Framed-Protocol attribute, how do I determine that the contents of
VALUE_PAIR_DATA data; are actually a string and not an integer without prior
knowledge?
On Mon, May 11, 2009 at 1:32 PM, Ivan Kalik t...@kalik.net
vp_prints_value did the trick, thanks
On Mon, May 11, 2009 at 1:48 PM, Alan DeKok al...@deployingradius.comwrote:
James Devine wrote:
This mapping is working correctly. When looking at the VALUE_PAIR
struct for the Framed-Protocol attribute, how do I determine that the
contents
Being able to verify the mac against the ldap database is the best scenario,
the mysql database we are using for accounting only. I added:
DEFAULT User-Name =~ ([0-9a-fA-F]{2}:){5}[0-9a-fA-F]
Auth-Type := Accept
to the users file, but I am still see it setting auth type to ldap after
-bounces+tnt=kalik@lists.freeradius.org[mailto:
freeradius-users-bounces+tnt freeradius-users-bounces%2Btnt=kalik.net@
lists.freeradius.org] *On Behalf Of *James Devine
*Sent:* 14 April 2009 17:09
*To:* freeradius-users@lists.freeradius.org
*Subject:* Dynamically set password_attribute
The user does have a password set in userPassword, but the request doesn't
have this password, I am only getting the mac address in the request to
authenticate the user.
On Wed, Apr 15, 2009 at 2:38 PM, Ivan Kalik t...@kalik.net wrote:
...
Wed Apr 15 13:43:45 2009 : Info: [ldap] looking for
Is it possible to dynamically set the password_attribute ldap module
option? I tried setting it to %{Ldap-Pass-Attr}, but it doesn't seem to
expand this.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
26 matches
Mail list logo