Hi,
Is it possible to get freeradius to send detail log data to a syslog server?
Thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I have two radius servers one primary and one backup one, on different
ip addresses. They both have a mysql backend which runs on the same
physical machine. I need the sql database and radius configuration
files to be synchronised periodically (probably every 24hours). I guess
this is
Hi,
I have two radius servers one primary and one backup one, on different
ip addresses. They both have a mysql backend which runs on the same
physical machine. I need the sql database and radius configuration
files to be synchronised periodically (probably every 24hours). I guess
this is
:
Maqbool Hashim [EMAIL PROTECTED] wrote:
Is it possible to reference a script from within sql.conf? I'd like to
do some checks and inserts on the sql database just before the
auth_check query in sql.conf. Whats the best way of doing this?
rlm_exec. List it before sql.
Alan DeKok
Hi,
Is it possible to reference a script from within sql.conf? I'd like to
do some checks and inserts on the sql database just before the
auth_check query in sql.conf. Whats the best way of doing this?
Thanks
Maqbool
-
List info/subscribe/unsubscribe? See
authenticate successfully, i.e. the username is the same but he enters
the wrong password. Is this actually possible, as the processing will
stop once it matches the first entry for the user user?
Regards,
Maqbool Hashim
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
Hi,
Is it possible to tell radius to expire logins after a time period?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Is it possible to tell radius to expire logins after a time period?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Peter,
Thats a good way of solving it, especially as there doesn't seem to be
any RADIUS attributes satisfying that requirement. Is the expiry field
just a boolean field you set with a cronjob?
Peter Hicks wrote:
Hi Maq
On Tue, Oct 11, 2005 at 02:29:03PM +0100, Maqbool Hashim wrote
this in the hope that other people have come across this
issue and found a workaround.
Hoping for the best,
Maqbool Hashim
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Is there a way that I can get my proxying radius server to append the
realm for certain users. Basically I'm wondering if theres a way of
having a realm based server where users don't have to type in the realm
as part of their username. I'm wondering if I can get the radius server
to
Hi,
I have downloaded a trial version of the Cryptocard software from the
website. This comes with 10 software tokens. I am trying to get these
tokens to work with the x99 module in freeradius.
Anyone have any ideas on how to extract the key for the Software
tokens? The cryptocard software
that the challenge
response algorithm is weak because it uses DES. The work around
suggested is to us sync mode. Fine.
Is using 3DES to solve the problem not an option here?
Alan DeKok wrote:
Maqbool Hashim [EMAIL PROTECTED] wrote:
I wish to use One Time Passwords with the freeradius server. I'm trying
OK do you mean get the radius server to pass user credentials on to a
OTP server?
[EMAIL PROTECTED] wrote:
Maqbool Hashim schrieb:
Unfortunately there are not many of
the token card manafacturers that support the freeradius
server. At the moment it looks as if Cryptocard are the
best bet
Hi,
I wish to use One Time Passwords with the freeradius server. I'm trying
to find the best way to do this. Unfortunately there are not many of
the token card manafacturers that support the freeradius server. At the
moment it looks as if Cryptocard are the best bet.
I would be very
Hi,
Token card support is based on the now obsolete X9.9 ANSI standard,
correct? From the documentation in freeradius I understand that the
challenge response algorithm is weak because it uses DES. The work
around suggested is to us sync mode. Fine.
Is using 3DES to solve the problem not an
Dustin Doris wrote:
Dustin any input on this one?
Maqbool Hashim wrote:
Hi there,
I've finally come to a decision as to what sort of backend we're going
to use. Thanks for all the discussion it was very helpful in coming
to the final decision. Heres what I'm going to go with:
Use the UNIX
, 13 Apr 2005, Maqbool Hashim wrote:
True. Just coming back to your earlier mail:
Put the front-end on a different machine and have it only run apache.
Put the ldap server on your private network and have the radius server
and webserver with an interface on that network.
The problem I can see
Dustin any input on this one?
Maqbool Hashim wrote:
Hi there,
I've finally come to a decision as to what sort of backend we're going
to use. Thanks for all the discussion it was very helpful in coming
to the final decision. Heres what I'm going to go with:
Use the UNIX password file
Hi there,
After some trouble I have managed to get freeradius to compile on
openbsd! Now I have a question about the backend database to use with
freeradius. Requirements:
1) Users can access the database and change their own password.
2) Users cannot see or change any other users passwords.
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Maqbool Hashim
Sent: Wednesday, April 13, 2005 8:57 AM
To: freeradius-users@lists.freeradius.org
Subject: deployment question
Hi there,
After some trouble I have managed to get freeradius to compile on
openbsd! Now I have
sort. That would certainly make that a moot point.
... Miles Mawyer -=- Webmaster . Centralva.net ...
... [EMAIL PROTECTED] ...
... 434.385.5053 ...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Maqbool Hashim
Sent: Wednesday, April 13, 2005 9:09 AM
-=- Webmaster . Centralva.net ...
... [EMAIL PROTECTED] ...
... 434.385.5053 ...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Maqbool Hashim
Sent: Wednesday, April 13, 2005 9:22 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: deployment question
sorry
, and looks for a matching record in the user table
for username / old password, compares, voila!
... Miles Mawyer -=- Webmaster . Centralva.net ...
... [EMAIL PROTECTED] ...
... 434.385.5053 ...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Maqbool Hashim
complex, yes, but its not too bad. Less secure? Anytime you want to
add functionality, such as password changes, you will open security. But
this setup should be pretty secure.
On Wed, 13 Apr 2005, Maqbool Hashim wrote:
I'm with you. Thank you kindly. Now sorry to keep going on about
Great, thanks to everyone who made suggestions, I'm going to go ahead
and implement according to Alan's suggestion because of the amount of
seperation that it gives and it seems the best way of acheiving this.
One other point, if we are using a an sql backend then the radiusd
process would
ajdustments on
the user auth side, you'd need to add explicit schema support.
On Wed, 25 Aug 2004, Maqbool Hashim wrote:
I'd like to know if it is possible to allow external customers limited
access to add users to our RADIUS configuration. We manage many
firewalls for different customers. VPN
Alan DeKok wrote:
You would be better of having the customers manage their own RADIUS
servers, and having you just proxy to those servers.
If the customers don't want to manage their own servers, you can
still have a server locally, per-customer. That way, you can give
each customer limited
I'd like to know if it is possible to allow external customers limited
access to add users to our RADIUS configuration. We manage many
firewalls for different customers. VPN users on the firewalls can be
authenticated via our Freeradius server. So when another VPN needs to
be setup on the
Anson Rinesmith wrote:
Run radius in debug mode (radiusd -X) and see if you can figure out what is
happening.
-Original Message-
From: [EMAIL PROTECTED] [mailto:freeradius-
[EMAIL PROTECTED] On Behalf Of Maqbool Hashim
Sent: Wednesday, June 30, 2004 11:24 AM
To: [EMAIL PROTECTED
Anson Rinesmith wrote:
Run radius in debug mode (radiusd -X) and see if you can figure out
what is
happening.
-Original Message-
From: [EMAIL PROTECTED] [mailto:freeradius-
[EMAIL PROTECTED] On Behalf Of Maqbool Hashim
Sent: Wednesday, June 30, 2004 11:24 AM
To: [EMAIL PROTECTED
Gary McKinney wrote:
Are you sure the NAS is sending accounting packets
gm...
H... I'll check that out using ethereal, thanks. However I am
seeing the following being logged to files:
modcall: entering group post-auth for request 2
radius_xlat:
Hi,
I've been looking at the radius attributes page and I think the tunnel
attributes may be useful for something I'm trying to achieve with
radius. I'll describe an example scenario below.
I have a firewall which is connected to an internal network and the
Internet. A freeradius server sits
understand that what I pasted below is authentication logs, but
still I have to ask the question: Is there a way to get to stick that
logging
into sql database as well as the files?
Alan DeKok wrote:
Maqbool Hashim [EMAIL PROTECTED] wrote:
modcall[post-auth]: module reply_log returns ok
Hi,
I have radius set up to get authentication information from a mysql
database. I want it to log accounting information to the radacct table
in my
mysql database. I have set up the accounting section in my radiusd.conf
file as follows:
accounting {
acct_unique
Hi,
I've just started using dialup admin and I have a couple of
problems/queries:
When adding users with the crypt option in the config file set to md5,
users are not being authenticated. I take it that this is because the
encrypted
string in the radcheck table doesn't match the password that
I wish to implement the following using Freeradius:
We provide a customer with a managed firewall. We set up a dialup vpn
pool on the firewall. We wish to authenticate
dialup users via our radius server. The firewall obviously has an entry
in our clients file. Now what we would like is for
Thanks for the suggestion I have actually tried that
Amedzekor Kafui wrote:
Try changing the attribute from User-password to
Crypt-Password
--- Maqbool Hashim [EMAIL PROTECTED]
wrote:
Hi,
I've just started using dialup admin and I have a
couple of
problems/queries:
When adding users
into the firewall, will only have to add
these users on the radius server and we won't have to do anything on the
firewall.
Any suggestions would be very welcome.
Regards,
Maqbool Hashim
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
Is this possible? Is there groups or different levels of admin for the
freeradius server?
Regards,
Maqbool Hashim
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I am trying to get the dialup_admin script to work. I'm using
dialup_admin that was bundled with Freeradius 1.0.0 prerelease 3.
The steps I've taken so far:
1) Set up mysql server and have it running on localhost.
2) Used radclient to check that Radius could authenticate users via
mysql
oops,
me being silly, I have added the link with a higher privelege than the
apache server is running. thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Are there any web frontends for Freeradius? There is a link to Chris
Shenton's frontend, but there is not documentation for it as it was
written for an internal project. Has anyone used his frontend with
success? Or even found any other web frontends for freeradius?
Thanks
-
List
Is it possible to get a Windows Domain Controller to authenticate via
radius? Has anyone got this working?
I think what I'm asking is: Is there a radclient for Windows Domain
Controllers?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks,
I suppose could just use LDAP to authenticate Windows Domain
Controllers. I am not actually asking this question for Domain
Controllers which I personally run, but for clients who might have these
things and I would like to be able to authenticate these windows
machines via our radius
Is it possible to get a Windows Domain Controller to authenticate via
radius? Has anyone got this working?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Still having problems with radwho and utmp type logging, can someone
give me a clue?
Maqbool Hashim wrote:
Hi,
I'm having problems getting utmp accounting to work properly on
FreeRadius (latest version). When the NAS sends an account-request
packet to radius, everything seems ok except
Hi,
Where can I find a dictionary file for a HP 6108 router? not on the
website or included in the latest freeradius tarball.
Thanks in advance.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I'm having problems getting utmp accounting to work properly on
FreeRadius (latest version). When the NAS sends an account-request
packet to radius, everything seems ok except for the following line seen
in the debug window:
rlm_radutmp: No NAS-Port seen. Cannot do anything.
I am trying to get radius to work with netscreen firewall. I have the
netscreen dictionary and have included it in the master dictionary file.
Can I now use the attributes in the netscreen dictionary file to
specify attributes in the users file???
Thanks
-
List info/subscribe/unsubscribe?
Please can someone tell me where I can find more information on the
netscreen attributes defined in the dictionary file produced by
netscreen. I have tried the vendor site, with no success. At present I
am stabbing in the dark. I would very much appreciate some help from
someone who has
FreeRadius version: 0.9.3
Redhat Linux 9.0
I have installed FreeRadius on my system and to get familiar with it I
am attempting to the Unix login program to authenticate using the radius
server.In order to this I am using the radius pam module
pam_radius_auth. So PAM is the radius
Y ou just ahve to put Auth-Type := pam in the users file
=
Déborah Malka
Thanks for the reply Deborah, unfortunately the suggestion you made
below doesn't seem to work. When I change auth-type from system to
pam... this is what happens:
When I run login it behaves very
53 matches
Mail list logo