You can add
if (%{User-Name} =~ / /) {
reject
}
at the start of the authorize section.
This rule will reject user(s) in case they add blank spaces before or after the
username...
On 18.4.2013 9:47, Wilco Baan Hofman wrote:
On Wed, 2013-04-17 at 22:03 -0500, Andres Gomez Ruiz
As I remmember, Alan mentioned that RADSEC will be implemented in
freeRadius 3...
On 9.4.2013 10:54, Muhammad Nuzaihan bin Kamal Luddin wrote:
Interesting method by using TLS. This is what i had in mind but couldn't
find the answer.
The only method i see is through proxying the requests,
Add
eric@ut3 Calling-Station-Id == 02:1B:9E:D3:0B:F0
inside radcheck table or inside users file
eric@ut3 Cleartext-Password := eric, Simultaneous-Use := 1
Calling-Station-Id == 02:1B:9E:D3:0B:F0
Service-Type = Framed-User,
Qos-Policy-Policing =
Do you plan to read anything or you think we're here in a chat room,
waiting for your questions (the same questions every day...) ?
On 8.4.2013 15:32, Mulindwa wrote:
Thanks Matthew,
Sorry to askm but where is the reply list and where is the check list?
Eric M
You can add what ever you want to the read-only tables.
On 26.12.2012 10:59, Efi merdler wrote:
Hello,
I'm using radius 2.1.12 with postgresql as a backend. I've noticed
that radusergroup does not contain any key column.
There is a complaint on the subject posted back in 2007
columns inside nas table and it all works fine.
Marinko
On 26.12.2012 13:11, Efi merdler wrote:
What do you mean by read-only tables ? As I understand I'm suppose
to add items to it.
On Wed, Dec 26, 2012 at 1:20 PM, Marinko Tarlać mangi...@gmail.com wrote:
You can add what ever you want
It works perfectly almost without any changes inside config files... :)
hint: default_eap_type = peap inside eap.conf
On 20.11.2012 14:24, Alan Buxey wrote:
From my own experience PEAP (aka PEAPv0/mschapv2) is the most common
EAP method in use (probably due to it being supported in most
op should be := and (not ==)
On 16.11.2012 16:45, Dmitry Korzhevin wrote:
Guys, does anybody know something about maximum username length and
user password lengt?
I try to use next login passwords without success (checked with radtest):
http://dpaste.com/832115/
Best Regards,
Dmitry
---
Nice option but please keep in mind that suspended routers can behave
like a brute force attacker and you'll lock them too.
On 14.9.2012 15:36, Phil Mayers wrote:
On 14/09/12 13:57, mr. s wrote:
Hello,
I was reading an article in computer world comparing a few RADIUS
servers.
It said that
You're using FR just for authorization and not for accounting and
session control ?
On 3.9.2012 10:16, Miha wrote:
Hi,
I am using Freeradius for authorization with mysql. In my sql I have
about 15k user entries and there si about 50 active calls all the time
(just for information about
would it make any difference?
It won't help in case you have x trillion records in radacct table and
this table is MyISAM, used for simult. login detection, etc...
On 13.8.2012 15:00, Antonio Modesto wrote:
Hi,
Here in the ISP which I work we have a Freeradius 1.X in production,
and a
I'm not 100% sure but as I know the UBNT equipment has introduced RADIUS
client support in firmw. 5.x which is still active and under development...
RADIUS MAC authentication was introduced in latest firmware (5.5) so I
believe that some things are still not as they should.
On 8.8.2012
If you're using Mikrotik, update to the latest version... I had many
problems with older versions (2.9.x)
On 6.8.2012 15:19, Alan DeKok wrote:
Christopher Manigan wrote:
In my logs I see many entries like the following:
Info: WARNING: Child is hung for request 51651 in component core module
Then AP probably doesn't understand Session-Timeout attribute... (not
implemented for example)
It would be helpful to tell us what are you using as AP
On 26.7.2012 16:08, Klaus Klein wrote:
Hi Folks,
I'm in the process to setup a WPA(2)-Enterprise (IEEE 802.1X)
protected WLAN.
I
I fear the AP is not sending accounting packets at all. The only
thing I can configure at the TP-Link AP is that it can communicate
with the radiusserver at port 1812 for auth packets.
Good to know I had the same problem with TP Link... RADIUS auth works fine
but accounting no-no
On
We're glad to help ... In both cases :)
On 11.5.2012 6:53, Shawky Skaff wrote:
Nevermind,
found the answer
From: Shawky Skaff
Sent: Friday, 11 May 2012 2:51 PM
Next time put something in subject so we can know something about your
problem... :)
On 25.4.2012 15:03, Xbert_badstuber wrote:
We are using the Cisco ACS 5.3 as a RADIUS for database authentication and
authorization. The purpose is to authenticate incoming users based on the
NAS-PORT-ID. The
In nas table in case you're using sql...
On 5.3.2012 16:40, Javier Ruiz Escalante wrote:
Hello,
The secret is set in clients.conf, where has to be se also?
Regards
**
Javier Ruiz Escalante*
*
**Teléfono: *00 34 512 700 524
*
Skype: fruiz002**
Hi
Can you tell me something about performances?
I'm using Mtik as NAS for PPPoE users and 500-600 online users per
server is optimum according to my experiences (Quad core server, 2GB
RAM,...).
ISC DHCP works very well for 6000 users and the same number of cable
modems but I'm not sure is
No No, you didn't understand me...
Mtik is installed on the server (HP ML3xx series) and the optimum is
500-600 online PPPoE users... I achieved 1100 online PPPoE users per
Mikrotik but the CPU load was always to high and the packet loss was to
high (1-2%). The problem is visible because the
radutmp file became to large...
But to be sure, check you radius in debug mode...
/usr/local/var/log/radius/radutmp
On 20.2.2012 13:25, dorje2...@seznam.cz wrote:
Hi
after more then year my freeradius 2.1.9 stopped to work
in log I have a lot of the following info:
Feb 20 13:11:55
Hi Fajar
Thank you very much for your time.
I'm using CentOS so I'll try with the latest 2.1.x from git
The problem which bothers me is that I need more than classic ip-mac
pairing. Beside the IP address I need to return a few other parameters
to cable modems/MTA.
For example ISC DHCP
If it isn't secret, where is the DHCP functionality on the priority list ?
On 1/4/2012 3:49 PM, Alan DeKok wrote:
The hope is that I can do some small changes for 3.0 which will
finalize the internal state machine. That will make it easier to
separate the RADIUS, DHCP, and VMPS
The same thing happens with Mikrotik.
If you send the pool name then assigned ip address is ignored...
On 1/3/2012 3:19 PM, Alan DeKok wrote:
Azfar Hashmi wrote:
I have assigned static ip to some users but users still getting ip
addresses from openvpn server pool. what I am missing?
If
And what was the problem ?
On 1/4/2012 6:55 AM, Azfar Hashmi wrote:
Solved, problem was in openvpn.
On 1/3/2012 3:30 PM, Azfar Hashmi wrote:
I have assigned static ip to some users but users still getting ip
addresses from openvpn server pool. what I am missing?
-
List
I don't understand even single word but when I see Simultaneous-Use...
On 12/15/2011 2:23 PM, Caio wrote:
Bom dia pessoal.
Uso ubuntu-server 10.10.
Tenho freeradius 2.1.9 + Postgres 8.2 integrados a mikrotik.
Situação:
Toda vez que preciso reiniciar o meu mikrotik com aproximadamente 600
I'm not sure why the Simultaneus-use is so hard to setup...
1. turn on sql inside accounting section
2. turn on sql inside session section
3. be sure that NAS works properly (sending Interim-Updates)
4. insert Simultaneus-Use := X (where X is number you want to allow)
inside radcheck table..
parameter inside
database.
*From:* Marinko Tarlać mangi...@gmail.com
*To:* freeradius-users@lists.freeradius.org
*Sent:* Tuesday, December 6, 2011 1:33 PM
*Subject:* Re: Expiration email
If you're asking me, I wouldn't mess
If you're asking me, I wouldn't mess with freeradius.
Maybe the better idea is to create a small cron script which can read
the database and send email according to the date and the time diff you
want (1, 2, 3 etc days before the expiration)
On 12/6/2011 3:54 AM, john decot wrote:
Hi,
Alan please do not forget to add this fix to changelog so it will be
easier for a new FR users...
Best regards
On 9/16/2011 8:45 AM, Fajar A. Nugraha wrote:
On Fri, Sep 16, 2011 at 1:22 PM, Alan DeKokal...@deployingradius.com wrote:
old:
for each new request
clear
Of course we don't need to do anything but if this small change inside code
is announced in changelog, more people will upgrade to 2.1.12 and they
will stop bothering us on this list with the same questions, over and
over again :)
On 9/16/2011 9:59 AM, Alan DeKok wrote:
Marinko Tarlać
You broke the server... somehow...
On 9/2/2011 11:36 AM, cktan wrote:
I've conducted another test at another machine, the result is same,
whenever User-Password the OP is :=, the password would not be check.
Changed to == then OK.. By the way, my FR is running on 2.1.7-7
CK
On
Please search before asking...
I wrote at least 10 times about this problem
On 8/8/2011 12:22 PM, Paolo Di Francesco wrote:
Hi radius gurus,
I am still having issues with this configuration. In few words I am
still cleaning by hand some users but I would love that would be done
by radius
If you're using Mikrotik, you can use Mikrotik API for this...
It works very good...
Especially if you need to disconnect all users
On 8/3/2011 8:50 AM, Marius Pesé wrote:
I didn't even know there were Radius functions in PHP...
Anyway, I did do my POD with PHP:
First get all the
One of the servers I maintain has 18 qps average and the load is
0.62,0.54,0.63 (1min, 5min, 15min)
Beside the database and radius, that server is used for hundred other
things and it works perfectly (1GB of RAM, dual core CPU)
The point is not how much queries per second do you have. You can
Check this link and the described tools
http://www.serveradminblog.com/2011/03/tuning-mysql-performance-howto-part-1/
Turn the slow query log ON so you can see the slow queries.
Also, check the disk(s). Is write cache enabled?
Do you have any external scripts for auth/acc ? They can be the
Simultaneous-Use op should be := and not =
On 05/24/2011 10:32 AM, Fajar A. Nugraha wrote:
On Tue, May 24, 2011 at 3:20 PM, john decotjohnde...@yahoo.com wrote:
SELECT id, username, attribute, value, op FROM radcheck
WHERE username = BINARY 'bob' ORDER BY id;
I'm not a magician and I don't have a crystal ball, but I suppose you
have a problem with stalled sessions.
Why ?
I don't know. Maybe you have a bad connection between radius server and
NAS, maybe your DB is overloaded and accounting updates and stop packets
aren't executed so your users
38 matches
Mail list logo