s, rather than a specific one, so you could reach
that socket via the loopback interface, one of the ethernet interfaces,
a ppp interface, whatever. Whatever other ports you have listening on
the box will probably look similar.
- --
James Wakefield,
Unix Administrator, Information Technology
indicates this.
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227 8866
E-mail: [EMAIL PROTECTED]
this or knows
what is wrong?
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
G'day Mike,
Fire up wireshark or tcpdump and have a look what's actually in the packets.
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Dea
oup to the authorize { } section further down in radiusd.conf.
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227 8
/var/log/messages?
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227 8866
E-mail: [EMAIL PROTECTED]
Webs
can get
a better AP that does, I guess you could periodically run a script from
cron to log into the AP's web interface and grab the list of MAC
addresses and compare against what your accounting database thinks are
open sessions...
--
James Wakefield,
Unix Administrator, Information Tec
t
configurable on the NAS for this?
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227 8866
E-mail: [EMAIL PRO
Francisco
Hi Francisco,
The users file is used for specifying attribute/value pairs send to the
client, and the dictionary file is used for mapping attribute names to
numbers and types.
Was that the info you were after?
Cheers,
--
James Wakefield,
Unix Administrator, Information
normalboy wrote:
Hello,
is there a free Radius server running somewhere on the internet which i
could use? I need to create just 2 accounts, but it has to be a Radius
server, and i do not have machine 24/7 on the internet.
How about http://radiuz.net ?
--
James Wakefield,
Unix
your users file, or whatever you happen to use.
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227 8866
E-mail
Auth-Type := REJECT, Calling-Station-Id !~
"008012323244|002938475473|"
Is there any reason you shouldn't have a separate stanza accepting each
valid MAC address, then implicitly reject all other MAC addresses?
--
James Wakefield,
Unix Administrator, Information Technology Se
Hani
Hi Elie,
I suppose it's possible if your NAS supports it, but don't your modems
automatically negotiate that?
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International:
f the ldap module, one to search
one ou and the other to search the other ou, then invoke them one after
the other wherever you currently invoke the single ldap instance.
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Vic
what
other equipment you may have you may be able to use another method to
provide accounting. Chillispot (http://www.chillispot.org/) might do
what you want. You might even be able to use the iptables byte counters
on your Linux server and route traffic through it if you have no other
o
used on the NAS)
Depends on your NAS...what do you have?
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227 8866
E
its
scope. PHP's NIS/YP functions are pretty easy to use, you'd be better
off using those.
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03
Ariel VIVES wrote:
James Wakefield wrote:
Ariel VIVES wrote:
Hello the list,
I'm starting with freeradius.
Authentication works fine !
But the informations I get is only the username (le login name in
/etc/passwd).
How do I get the Fullname ? Or others informations (like mail,
er - is that it?
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227 8866
E-mail: [EMAIL PROTECTED]
Website: http://ww
sn't work either.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax:
er attribute we have that may apply is "max-acct-age". I am
pretty new to this, so any detail is most appreciated.
The NAS should support Session-Timeout, which is the most common method
of time-limiting sessions. If not, hit the vendor with a big cluebat,
as it's in
e 3 second (default) timeout?
Yes, we tried that. The access-accept packets aren't arriving at all!
Does it work if you temporarily disable the Simultaneous-Use check?
No, that doesn't work either.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
second (default) timeout?
Does it work if you temporarily disable the Simultaneous-Use check?
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227
-australia
(mailto:[EMAIL PROTECTED]) in the hope that your
posting is brought to the attention of clueful Comindico people.
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 Internatio
important to you, then you're
pretty much all set.
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227 8866
E
lds up. People will make corrections where they
need to be made, if you're not sure of something, check it to the best
of your ability, ask the list, etc. Other people will contribute their
knowledge, too.
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin Univ
igure sql.conf so that
freeradius can connect to your MySQL server (username, password,
database name) and so that the accounting queries match the schema on
your billing server.
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria
e, or a capture of that data at a particular instance, or
something similar. If you have usage meters or other such software,
you'd have those querying the accounting table.
Did that help, or am I way off?
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Serv
Ali Jawad wrote:
Hi
How can I limit one connection per username..I.e. I do not want to
allow multiple users to login using the same username password
combination.
Hi Ali,
Your NAS will have to support it, but the Simultaneous-Use attribute may
allow you to do this.
Cheers,
--
James
== | netmaster |
| 6 | 3072BY256 | Huntgroup-Name | == | wireless |
| 7 | 3072BY256 | Auth-Type | += | local |
| 9 | netmaster | Auth-Type | += | local |
Any reason you're setting values for Auth-Type?
--
James Wakefield,
Unix Administrator, Information Technology Serv
turn to mysql, it failles... ?!
dunno is there some bug, or incomplete code, for the mysql backend ?
G'day Collen,
Can you post any and all SQL queries you see in the output of radiusd -X?
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin Univ
thing to
match the IPs and timestamps in the netflow data against the timestamps,
IPs and usernames in your radius accounting.
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International:
ot correct there, then there's something you've missed in your
freeradius config. Is there any chance the subnet mask is specified on
your NAS and it's overriding what you send it?
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin Univ
file?
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227 8866
E-mail: [EMAIL PROTECTED]
Website:
ap callin
!
ip local pool DSLCustomer 192.168.172.51 192.168.172.125
Original message
Date: Mon, 02 Oct 2006 09:18:59 +1000
From: James Wakefield <[EMAIL PROTECTED]>
Subject: Re: only work with 5 users or clients
To: [EMAIL PROTECTED], FreeRadius users maili
Yes, it is additional. Typically you wouldn't check User-Password in
the group checks. radcheck is for user-specific checks (like
User-Password).
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
James Wakefield wrote:
isidoros wrote:
Thanks James for your answer,
I'm fairly new to freeradius I know the package only 14 days. (or
radius in general for that matter)
The group configuration is a mystery to me. It is unclear for me how
this separates the users. This is how I thi
at it doesn't behave
in the future. I would recommend spending the time getting groups and
group checks to work, then reverting any SQL queries you've altered back
to their defaults. It'll be much less painful in the long run.
Cheers,
--
James Wakefield,
Unix
he SQL queries
in sql.conf.
http://wiki.freeradius.org/Rlm_sql should provide the info you need to
do the above.
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax:
tes with the access-accept for the same user
when things seem to be going wrong to when they're going right, I think
you're missing some attributes or your NAS is misconfigured or both.
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin Uni
its there but doesn't die.
Howdy Jason,
Might you get any useful info by running radiusd with strace?
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3
uot;12345", Calling-Station-Id == "00166f980e78"
Reply-Item = "value"
Other-Reply-Item = "other value"
testcase1 User-Password == "12345", Calling-Station-Id == "00166f97d99d"
Reply-Item = "value"
running on suse 10.1-x86_64 and apache is compiled from source.Any
suggestions? Help?
G'day William,
What do you get when you run ldd
/usr/local/apache/modules/mod_auth_radius-2.0.so ?
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin Unive
DEFAULT Huntgroup-Name == "t1", Pool-Name := Pool-t1
Fall-Through = No
should work.
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Michael Messner wrote:
Here are my new configs, it looks like they are working, but I'm not sure
if this is really the correct way:
-- snip (see previous post) --
is this the correct way?
It looks pretty right to me. Can't see any better way to do it.
--
James Wakef
://www.freeradius.org/list/users.html
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227 8866
E-mail: [EMAIL PROTECTED
value of seconds, eg: Session-Timeout=600 for a 10
minute timeout.
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227
n
acceptable way to do it? Store the users and passwords in SQL and have the
Users file supply the rest?
If the check and reply items needed for your setup don't result in a
users file that's unmanageable, it's acceptable.
--
James Wakefield,
Unix Administrator, Information
10 Dialin Reply-Message = Access
Hi Elie,
Try putting rows with ids 1, 6, 8, and 9 in radgroupcheck rather than
radgroupreply.
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone
g" returns ok for request 2
>
>
> Thanks
> Elie
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Pho
freeradius.org/index.php/Radiusd.conf
look for the listen { } section.
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 52
defined for your radacct table? If I recall correctly, MySQL by
default doesn't, are you using MySQL?
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 869
uration or
steps of configuration of free radius over linux
and really i'll appreciate u.
thanks
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227
l
zeros is the default value for that column.
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227 8866
E-mail: [
Elie Hani wrote:
Hi James;
The folder db.ippool does not exist in /etc/raddb.
And I can't locate it using the " locate db.ippool" in the root directory.
Thanks
Can you post your radiusd.conf?
--
James Wakefield,
Unix Administrator, Information Technology Services Division
De
Elie Hani wrote:
Rlm_ippool: Failed to open file /etc/raddb/db.ippool/db.ippool:
permission denied
Hi Elie,
What does ls -l /etc/raddb/db.ippool/db.ippool say?
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217
lains of an unknown xlat function or non-existent attribute.
Has anyone managed to do this? If so, what is the correct syntax to use
these in SQL accounting statements?
Cheers,
--
James Wakefield
Systems Administrator
+61 03 5227 6888
We have now moved head office to 8-12 Pakington Stree
072501 ; serial number YYMMDDNN
60 ; Refresh
60 ; Retry
60 ; Expire
60 ; Min TTL
)
; Authoritive Nameservers [NS]
NS walled-garden-server-hostname
IN A aaa.bbb.ccc.ddd
* IN A aaa.bbb.ccc.ddd
------
Hope that helped,
derate concern
in our situation.
You could also do a similar thing with email by setting up a mailserver
on the wildcarded IP and bouncing everything with your walled garden
message. Personally, I think sending your customers an email and then
putting in the web-based walled garden is enough.
58 matches
Mail list logo
