Hi,
Not sure about it but I think you might be able to use regex to do that.
It may be something like:
if("%{NAS-Port-Id}" =~ / \b[1-4][0-9]{3}/) { #this to extract the vlan
switch "%{1}" { #this to refer to the matched vlan tag substring
case 1000 {
A_file = ${cadir}/1024ca.pem CA_file = ${cadir}/1280ca.pem CA_file = ${cadir}/1536ca.pem CA_file = ${cadir}/1792ca.pem CA_file = ${cadir}/2048ca.pem CA_file = ${cadir}/4096ca.pem Thanks
A_file = ${cadir}/1792ca.pem
CA_file = ${cadir}/2048ca.pem
CA_file = ${cadir}/4096ca.pem
Thanks,
Kris Armstrong
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi all,
i am using mikrotik hotspot + freeradius , i have weird issue that
radius send Stop Packet but the user still logged in in mikrotik. it
happened in random time. is there any idea what config or issue for this
problem ?
regards,
kris
-
List info/subscribe/unsubscribe? See http
to squeeze something into a space it can't fit.
Ivan Kalik
Kalik Informatika ISP
Dana 11/10/2007, "Kris" <[EMAIL PROTECTED]> piše:
it is not mikrotik issue cause freeradius send incorret values , that
mean i must configure freeradius to support more than 32-bit right ?
[E
it is not mikrotik issue cause freeradius send incorret values , that
mean i must configure freeradius to support more than 32-bit right ?
[EMAIL PROTECTED] wrote:
how much are 32-bit number ?
2 times 2 times 2 times etc. 32 times. If that's the numer of bytes than
4GB.
any possible
how much are 32-bit number ?
any possible way to configure it larger than 32-bit number ?
Alan DeKok wrote:
Kris wrote:
i`m using Mikrotik (Hotspot) + Freeradius + Mysql + perl postscript to
check auth , on perl script i do check quota based on radacct table. if
quota more than xxx Gb then
i`m using Mikrotik (Hotspot) + Freeradius + Mysql + perl postscript to
check auth , on perl script i do check quota based on radacct table. if
quota more than xxx Gb then you cant login.
the problem are like this what the result of accounting different with
value that send to NAS. like this
>> In the tuning guide, where it states "Tune the num_sql_socks to be larger
>> than the
number
>> of simultaneous authentication/accounting requests" does this mean if I have
>> 6700 user
>> accounts, I would want to set the num_sql_socks to be larger than that since
>> it is
>> possible that a
s
inside the tunnel, and your FreeRadius config isn't understanding your
tunnel.
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
f.
The best bet is to use the LDAP "posixgroup" objectclass -- then you can
force certain radius clients to require a specific group membership.
Let me know when you get closer to implementation and I can help you with
some config files.
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analys
FreeRadius users mailing list on
August 16, 2005 at 18:18 -0800 wrote:
>
>Thanks Kris!
>
>Everything appeared to compile, install and run without any errors.
>
>If you have any tips or good links for up to date information on how
>to set freeradius up to talk to a Cisco WAP
oesn't work, let me know and I can help you further -- this is where I
solved my problem. :-)
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
th features of LEAP (e.g. simple username/password),
your best bet is to look at EAP-TTLS/PAP. If you want the hashing
functions (whereby CHAP of some sort is used), PEAP will work, given the
right subtype.
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince
r you'll have to pick
up SecureW2. Both options work quite well.
You don't need client certs with EAP-TTLS.
The MacOS X.2 (or better) with latest patches will do TTLS builtin.
There is a supplicant available for Linux, too -- Xsupplicant, courtesy of
the Open1x project.
Let me kn
me so I finally told them what I really though. :-)
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
t.edu." ?
(note trailing periods, making an FQDN)
Or perhaps if your structure is this:
o=marymount.edu
|
-> o=marymount.edu
should this maybe be "o=marymount.edu,o=marymount.edu" ?
Just a thought... your original looks like a typo, based on the fact that
the two fields are not
umbers every time.
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius users mailing list on
August 10, 2005 at 05:34 -0800 wrote:
>Kris,
>
>Aug 10 07:06:21 2005 : Debug: rlm_ldap: bind as
>uid=sbarnes,ou=people,o=marymount.edu.o=marymount.edu/cortina to
>info.marymount.edu:389
>Wed Aug 10 07:06:21 2005 : Error: rlm_ldap:
>ui
FreeRadius users mailing list on
August 9, 2005 at 19:03 -0800 wrote:
>Kris,
>Thanks for your help.
>
>Do you think that (1) and (2) in my previous message could be the
>reason that freeradius will not authenticate the client?
No, not now. Judging from the message you send OOB
md5(time+pid)
}
printf("Random : %s\n", buf);
}
8< cut---
Compile it like this: gcc random.c -o random -lcrypto
I will generate 32-bit LSB executable named random, try it with ./random.
Move this file to /etc/mycerts/:
mv random /etc/mycerts/.
-kb
--
Kris Benson, CCP, I.S.P.
sh this? Appreciate if you can help me again. Thank you.
You've hit the nail on the head.
Your users file will just need an entry for the guest user... they may
need to install SecureW2 anyways, if you're using TTLS as the EAP
method... though PEAP should work as long as the password you
s
member: uid=kbenson,ou=techstaff,dc=sd57,dc=bc,dc=ca
cn: NetworkAccessWireless
dn: uid=kbenson,ou=techstaff,dc=sd57,dc=bc,dc=ca
sn: Benson
mail: [EMAIL PROTECTED]
cn: Kris Benson
gidNumber: 100
homeDirectory: /home/staff/kbenson
objectClass: inetOrgPerson
objectClass: posixAccount
uidNumber: 3
issues.
Dude! He's trying to install the most recent version: 1.0.4... While I
would agree that FreeBSD is generally a better choice than any Linux
variant, YMMV.
You are right about outdated packages -- the Debian Freeradius package is
v1.0.2... and comes without EAP-TLS and anything that req
s I
>didn't change them between attempts.
Did you do anything differently with your 'random' file and your 'dh' file?
Creating those properly (as opposed to the idiotic directions of "date >
dh; date > random") seemed to solve my dilemma when I
included due to some legal issue.
This includes eap_tls, eap_ttls, eap_peap, etc.
The compile-from-source solution works well -- you just need to apt-get
install these:
libmysqlclient14-dev
libldap2-dev (if you want LDAP support)
libssl-dev
HTH,
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst,
er, with one bound to either a
different set of ports, or one to each IP, you could have separate configs.
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the 'aRadiusAccount' is valid, at least not in the
standard OpenLDAP w/FreeRadius extensions schema that I have.
What if you start by removing that part of the filter and just searching
for the uid?
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School Distr
FreeRadius users mailing list on
August 5, 2005 at 09:58 -0800 wrote:
>
>>This is pretty clear that it cannot connect. What does your ldapsearch
>>command look like? Perhaps, you have the wrong port or ip in your
>config?
>>What does telnet 198.100.0.18 389 show y
to 198.100.0.18:389 failed: Can't
>contact LDAP server
Have you double checked the IP address?
I'm not sure on how descriptive the error messages are -- perhaps double
check that the admin user/password also works -- start by making it the
full dn of the admin user in the 'identi
a personal email and I will send the PDF copy over.
I'd love to see your documentation -- we're in the process of writing our
own now, and anything that might have some more "gotchas" is good.
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hentication interface to the client. This is a bit
of a pain, however.
Hope that helps,
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ttpd.apache.org/docs/howto/auth.html#basicfaq
It sounds to me like the server isn't sending the correct error code for
auth-failed, thus the browser thinks it's OK to use the old credentials.
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
with the tunnel information?
Any help would be appreciated -- thanks in advance.
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
e of things isn't my greatest strength, least of all the
AD/LDAP stuff, but it seems as though this *should* work.
:-)
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- I haven't seen this documented officially,
however I have seen other instructions that *broke* our certificate use.
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"melvin" <[EMAIL PROTECTED]> on July 24, 2005 at 02:47 -0800 wrote:
>Hi Kris,
>Thanks for your reply. I will be very grateful if you could post your
>config
>entries to me. Many tks.
Hi Melvin,
Please see attached.
I have included the certs, passwords, etc. as they
word to LDAP.
I have successfully integrated FreeRadius & LDAP -- I can get you my
config entries if you would like. It worked with OpenLDAP practically
out-of-the-box.
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>"Kris Benson" <[EMAIL PROTECTED]> wrote:
>>> I have self-compiled the EAP module on Debian due to the binary
>>> distribution restrictions, and the error I'm getting is:
>>>
>>> module "eap" returns noop for request [num
>"Kris Benson" <[EMAIL PROTECTED]> wrote:
>> I have self-compiled the EAP module on Debian due to the binary
>> distribution restrictions, and the error I'm getting is:
>>
>> module "eap" returns noop for request [number]
>
> And
e-mail it to me! :-)
I'm not sure if this is a Windows issue or a FreeRadius issue at this
point -- the "noop" seems odd, but perhaps it's what is being sent that is
causing it.
If someone could offer some suggestions, it would be greatly appreciated.
Kindest regards,
>When I run this script I get
>
>[EMAIL PROTECTED] bin]# ./log_badlogins
>Could not open file none
>[EMAIL PROTECTED] bin]#
>
>What can I do to fix this?
You must specify the location of the radius.log to get the bad login
information from.
-
List info/subscribe/unsubscribe? See http://www.
Novell/SuSE development has an updated package in testing that fixed my
problem. I would assume it will be available shortly.
While I do not have a continuing support package with them yet, they took
care of this problem promptly. Consider me one satisfied user.
--Kris
-Original Message
and try
it. I hope this could help. BTW - I spent over 2 weeks looking for this
crapy error.
Regards,
Edvin Seferovic
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kris
Sent: Dienstag, 24. Mai 2005 17:59
To: freeradius-users@lists.freeradius.org
Subj
So sorry, I'm using SLES 9 for x86_64
--Kris
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Seferovic
Edvin
Sent: Tuesday, May 24, 2005 10:50 AM
To: freeradius-users@lists.freeradius.org
Subject: RE: shared secret problem
Hi,
can you tell us
with the md5 hash on the
server and not anything with Freeradius. Is that correct?
Thanks,
Kris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I'm having issues with getting SLES 9 build (0.9.3) of Freeradius to
authorize.
I've configured freeradius to use users file and mysql to authorize users.
Radtesting works locally for both a file account and a SQL account, but when
I attempt radtest from another server, I get failures such as th
Or can you do something clever in the sql.conf file?
Thanks again,
Kris
Nicolas Baradakis <[EMAIL PROTECTED]> wrote:
Kris Efland wrote:> Packet-Type = Access-Request> Sat Mar 5 15:04:02 2005> User-Name = "user"> User-Password = "password"> NAS-IP-Add
ng requests to the server. See the FAQ.
The information is already at my disposal, hence the log file. I dont want to rely on the NAS to send the request or have to manage that in any way. Can I force the logging to SQL? I want to log ALL authentication requests to SQL, this seems like a pretty primitive feature. Thanks for the help.
Kris
Guy,
Thanks for the response. But, according to the sql.conf...
"authcheck_table = 'radcheck' "
I am simply trying to log who is trying to auth against the rad server, valid or not. Right now only postauth is being logged to sql and I'm trying to rectify that. I would assume that someone t
any insert statements into the radcheck sql table. Do I have to write these myself? or is it more simplistic than that? Can you do this when seperating the authentication mechanism from sql? Thanks in advance.
Kris
the postgres driver? I've gotten configure to see mysql, iodbc, unixodbc but I want (need) a native postgres driver. Any help would be _greatly_ appreciated.
Thanks in advance,
Kris
52 matches
Mail list logo