Is there anyway to have freeRadius trim off the @mydomain.com from the
username when the user attempts to authenticate? I have a number of users
that still try to use there full email address for there username and it
could save me some tech support.
Matt
-
List info/subscribe/unsubscribe
Hi,
Was wondering if free radius has the ability to run Microsoft SQL
stored proccedures and do something depending on the result? Or to
get attributes from a stored proccedure?
~ Matt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
What do I need to do to get freeradius to access Microsoft SQL server?
Someone else in the list here said they use it to do stored
procedures and the like, but I'm not showing freeradius shipping with
Microsoft SQL support.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/lis
Hi,
Can anyone explain to me why I'm getting the error I am and the
aborted compile? I'm compling on a fedora core 1 system.
rlm_exec.c: In function `exec_xlat':
rlm_exec.c:124: warning: unused parameter `func'
rlm_exec.c: In function `exec_detach':
rlm_exec.c:162: warning: passing arg 2 of `xlat
I could use yum.. may actually ... I just usually like to compile from
source... checking out the oreily book now.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
First, I am new to the RADIUS protocol, and appreciate your
help. I’m working with a python web-interface and a remote server
running freeradius-current. Using the web-interface, I’m trying to
get the client to print very verbose information about the transaction with the
serve
.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: Wednesday, November 03, 2004 10:45 PM
To: [EMAIL PROTECTED]
Subject: Re: access-challenge question
"Matt" <[EMAIL PROTECTED]> wrote:
> First, I am new to the R
Does anyone have a script that could be run in cron.hourly that would check
if freeRadius is running and if not start it?
Matt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I use this simple old script to restart freeRadius once our dialup person
has edited the users file with a file editor on our server. What I want is
for it to email a specific email address in the case of a typo being made in
the users file and freeRadius could not be restarted.
Can anyone tel
We have the exact same configuration working on another system, but
have been unable to get it to work correctly on this Fedora Core 3
system. We are using rlm_sql to have FreeRadius talk to our MSSQL
2000 database. That works.
The odd part is on the Fedora Core 3 system it seems to be having
i
For anyone else having this problem. We had to roll back our FREETDS
install from 0.63 to 0.62.3. I'm not sure why the new version of
FREETDS has an issue, but I know I was advised of this with asterisk
as well.
On 11/15/05, Matt <[EMAIL PROTECTED]> wrote:
> We have
Hi,
We have this radius-reply-attribute in our radius configuration (free-radius):
ip in forward tcp est
However, when someone dials up to our as5800 it generates this error:
> rlm_sql: Failed to create the pair: failed to parse Ascend binary
> attribute: Unknown string "est " in IP data filter
We are running FR version 1.0.5
And no, it doesn't seem to work in the users file syntax.
On 11/23/05, Chris Parker <[EMAIL PROTECTED]> wrote:
> Cisco has an option to accept the non-standard Ascend attributes ( note,
> NOT the VSA's but the early Ascend attempt to use higher numbered
> standard
Hrmm yeah.. see that " " after est? as in "est " not "est" ?
Yeah apparently there were a /n and a /r after it, which the database
didn't show... ugh.
On 11/23/05, Matt <[EMAIL PROTECTED]> wrote:
> Hi,
> We have this radius-reply-attribute in
Does anyone have experience with FreeRadius and Interim packets?
Does it work ok? Any problems? How do you enable it?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I have the server installed I haven't yet tried it. Ok that's
what I was looking for.
On 12/1/05, Alan DeKok <[EMAIL PROTECTED]> wrote:
> Matt <[EMAIL PROTECTED]> wrote:
> > Does anyone have experience with FreeRadius and Interim packets?
> > Does it
n 12/1/05, Alan DeKok <[EMAIL PROTECTED]> wrote:
> Matt <[EMAIL PROTECTED]> wrote:
> > Does anyone have experience with FreeRadius and Interim packets?
> > Does it work ok? Any problems? How do you enable it?
>
> Yes. It works. You enable it by installing the
oogeling for it, that's why I'm asking these questions.
On 12/5/05, Joe Maimon <[EMAIL PROTECTED]> wrote:
>
>
> Matt wrote:
>
> > Ok, well now hold on a second. It's not simply the
> > sending/receiving/logging of interim packets that determines whet
Hi two questions.
#1 Is there a way to log only incorrect logins in radius.log and to
ignore correct logins (so as to not fill up the log file)?
#2 When I do get a login incorrect right now I get:
Auth: Login incorrect (rlm_chap: Clear text password not available):
[EMAIL PROTECTED]/] (from clien
I have freeradius running on a machine with 2 IPs. I have it binding
to all available IPs.
xxx.xxx.xxx.44 is the main IP of the machine
xxx.xxx.xxx.26 is the secondary IP. (eth0:1)
When a request comes in on .26 freeradius processes it and THEN sends
the reply out .44! Is this the way it is
AHHHA! I did *not* use with-udpfromto... DOH!
On 6/15/06, Kevin Bonner <[EMAIL PROTECTED]> wrote:
On Thursday 15 June 2006 13:20, Matt wrote:
> I have freeradius running on a machine with 2 IPs. I have it binding
> to all available IPs.
>
> xxx.xxx.xxx.44 is the main
Hi,
We use FreeRadius with unixODBC and the rlm_sql to connect to a
Microsoft SQL database. All works great... except if the SQL database
goes down, firewall has the translate table, someone trips over a
network cable anything that causes the connection between the
radius and SQL to be distur
Ok,
Well with no answer to this question let me ask it another way...
In the event of database (via ODBC) failure... is there a way I can
make the radius server go into "failsafe" mode, and just authenticate
anything?
On 6/15/06, Matt <[EMAIL PROTECTED]> wrote:
Hi,
We use
d be
called 'foolsafe' :) If your database is down you're out of business.
There are much better 'failsafe' methods - search for fail-over in the
FreeRadius documentation.
Matt wrote:
> Ok,
> Well with no answer to this question let me ask it another way...
>
> In
rs file and the auth
works :
DEFAULT Auth-Type := digest, Digest-HA1 :=
"409e2df0ac3a755199a8a91817bb87b8"
But it's works of course only for my login. How to do this for different
login?
Thank you for your help and sorry for my English!
Sincerely,
Matt
--
View this message in con
Original Message
> From: freeradius-users@lists.freeradius.org
> To: freeradius-users@lists.freeradius.org
>
> Subject: SQL Stored Proc?
> Date: 07/10/04 20:08
>
> >
> > Hi,
> > Was wondering if free radius has the ability to run Microsoft SQL
> > stored p
What exactly does freeradius expect back?
For instance:
authenticate_query = "SELECT Value,Attribute FROM
${authcheck_table} WHERE UserName = '%{User-Name}' AND ( Attribute =
'User-Password' OR Attribute = 'Password' OR Attribute =
'Crypt-Password' ) ORDER BY Attribute DESC"
Or if I were
Below is how I have my users file setup. What am I doing
wrong? I am sure its simple.
Matt
DEFAULT Simultaneous-Use := 1
Auth-Type := Local,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Routing = Broadcast-Listen,
Idle-Timeout = 1800,
any ideas?
Matt
#!/usr/bin/perl
#online-check.pl
my $count = () = `radwho`;
my $total = $count - 1;
print "$total\n";
print "0\n";
print "N/A\n";
print "Dialup\n";
#
# Usage example on .cfg file:
#
Workdir: /home/sites/www.mydomain.net/web//port
I
line. Anyone have any ideas?
>
> Matt
>
> #!/usr/bin/perl
> #online-check.pl
> my $count = () = `radwho`;
>>Does "radwho" exist, and is that command producing any output?
Of course. Its produces a list of all users connected. The perl script
uses it and counts th
We have duplicate logon rejection working on our Portmaster 3's. Will this
also work on the Patton 29xx series of RAS servers? If so how?
Matt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I want to merge a bunch of detail files into one big file so I can run
radiusreport on it. Anyone tell me how to do that?
Matt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sergio Belkin wrote:
> I can't compile freeradius-2.0.2 on Centos 5.1 x86_64. It outputs:
> /usr/lib/libltdl.so: could not read symbols: File in wrong format
> collect2: ld returned 1 exit status
You might try using your system's own libtool. Try these
configure options:
--with-system-l
1 14:34:02 2008 : Error: Discarding duplicate request from client
hh2380:20001 - ID: 200 due to unfinished request
1428
Any help is greatly appreciated.
Thanks
Matt A
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I can't seem to get to deployingradius.com website. Anyone know if this is
down?
Matt
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
In our company, we do have certificates signed by multiple Certificate
Authorities...but there is a hierarchy. So, some users come in from Domain
A (root CA) some come in from Domain B (intermediate CA). So then it's
easyjust maintain the CA_path containing the root and any necessary
interme
I'm happy to be wrong about this, but in my experience, this parameter:
-CApath ca.pem
Needs to be an actual path, not a PEM CA file, where you have performed
these steps:
download certificate authority cert in PEM format
run c_rehash . (openssl script)
On Thu, May 15, 2008 at 10:37 AM, Avinash
ending delayed reject for request 0
Sending Access-Reject of id 97 to 127.0.0.1 port 32769
Tue Jun 10 10:07:35 2008 : Debug: Waking up in 4.9 seconds.
Tue Jun 10 10:07:40 2008 : Debug: Cleaning up request 0 ID 97 with timestamp
+17
Tue Jun 10 10:07:40 2008 : Debug: Ready to process requests.
A
-Through = no
And in huntgroups I have this. Although I am unsure if this is correct.
UNBFWSS NAS-IP-Address == 127.0.0.1
Matt
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Ivan Kalik
Sent: Tuesday, June 10, 2008 10:36 AM
To
I'd like to test this with PEAP/MSCHAP requests if possible. Is there a
howto? Clearly I'm down the wrong path here.
Matt
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Ivan Kalik
Sent: Tuesday, June 10, 2008 11:02 AM
To:
Wed Jun 11 09:42:08 2008 : Debug: Cleaning up request 1 ID 3 with timestamp +355
Wed Jun 11 09:42:08 2008 : Debug: Ready to process requests.
Matt
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ivan Kalik
Sent: Tuesday, June 10
case in your
configuration, you should be able to see that from the config files in your
$raddb directory. You can post the config if you have questions.
Matt
On Wed, Jun 11, 2008 at 6:44 PM, Newall, Bryce <[EMAIL PROTECTED]> wrote:
>
> > -Original Message-
> > F
Exciting stuff!
On Fri, Jun 20, 2008 at 2:48 PM, Alan DeKok <[EMAIL PROTECTED]>
wrote:
> I've commited some code (~1K LoC) to CVS head that will go into 2.0.6.
> In short, there's no point in using SNMP any more. The good news is
> that the Status-Server packet is overloaded to get all sorts o
e_mppe is not set to no mschap will
# add MS-CHAP-MPPE-Keys for MS-CHAPv1 and
# MS-MPPE-Recv-Key/MS-MPPE-Send-Key for MS-CHAPv2
#
#use_mppe = no
use_mppe = no
Thoughts?
Matt Ashfield
[EMAIL PROTECTED]
-Original
Alan DeKok wrote:
> Slava wrote:
>> Could anyone tell me if there exists a solution to integrate FR with a
>> POP3 server
> Look for patches to let cucipop do RADIUS authentication. If there
> are none, maybe cucipop does PAM authentication. You could then use the
> PAM RADIUS module.
FWIW, Q
On Thu, Jul 17, 2008 at 7:49 AM, Alan DeKok <[EMAIL PROTECTED]>
wrote:
> [EMAIL PROTECTED] wrote:
> > I've enabled "detail auth_log" and "detail reply_log" (it'd be great
> > if there was a way to tie auths and replies together from the
> > different log files somehow) and FreeRadius is creating n
?vlan=student1
So I'd need to parse the value as well to pull out the vlan name, in this
case "student1".
I'm unsure how to get around these two issues. Any suggestions are welcome.
Thanks
Matt
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http:
=~ ".*staff1", Autz-Type := Ldap1, Auth-Type := Ldap1
Where unbldap-Ldap-Group gets set via
groupmembership_attribute = eduPersonPrimaryAffiliation
and eduPersonEntitlement: urn:mace:uni.ca:wireless?vlan=staff1 in LDAP
Thanks
Matt Ashfield
[EMAIL PROTECTED]
From: [EMAIL
That's what I was afraid of. Any suggestions to getting around this?
Thanks
Matt Ashfield
[EMAIL PROTECTED]
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Monday, July 28, 2008 3:23 PM
To: [EMAIL PROTECTED]; FreeRadius users mailing list
Subjec
Hmmm...welll I was hoping for another way to assign vlans based on ldap
attributes, but I don't figure on rewriting rlm_ldap.
Thanks
Matt
[EMAIL PROTECTED]
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 30, 2008 3:49 PM
To: [EMAIL PROT
Is there a way to regexp checking on the group_membership field instead?
Thanks
Matt Ashfield
[EMAIL PROTECTED]
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Monday, July 28, 2008 3:23 PM
To: [EMAIL PROTECTED]; FreeRadius users mailing list
Subject: Re
Would it make more sense then to use a Perl program instead for the
authorization and then have that program:
- verify credentials against ldap.
- do the regexp matching on the entitlement field?
Thanks,
Matt
[EMAIL PROTECTED]
-Original Message-
From: Alan DeKok [mailto:[EMAIL
AP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] Found NT-Password
[mschap] Told to do MS-CHAPv2 for [EMAIL PROTECTED] with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[dcs-inner-eap] returns handled
So.. I hope thi
On Oct 15 Alan DeKok wrote:
Matt Bernstein wrote:
So saith FreeRADIUS 2.1.1, but I wasn't trying to do multiple levels of
TLS nesting. I'm trying to use virtual servers so that a single radiusd
can terminate TTLS/PEAP for multiple subrealms, _and_ use the
inner-tunnel trick, k
At 14:19 +0200 Alan DeKok wrote:
Matt Bernstein wrote:
We will have multiple server certificates; our departments are rather
independent here.
Ugh. There's not really any good reason for this. If the
departmental certs are signed by a university CA, then you can still get
away wit
se Id: 0
${confdir}/dcs/inner/server references ${confdir}/dcs/inner/ldap.common
which contains
identity = "cn=radiusd,ou=Infrastructure,dc=dcs,dc=qmul,dc=ac,dc=uk"
basedn = "dc=dcs,dc=qmul,dc=ac,dc=uk"
etc. whereas ${confdir}/maths/inner/server references
${confdi
ll: leaving group authenticate
(returns reject) for request 7
Thu May 24 15:56:47 2007 : Debug: auth: Failed to validate the user.
Any advice is appreciated.
Matt
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ISP
Dana 20/6/2007, "Matt Cobb" <[EMAIL PROTECTED]> piše:
>I have freeradius 1.1.4 setup as a proxy to an upstream radius server
>which works. I also want to put guests in a local users file and use
>MSCHAPV2 on them, but didn't get it to work. I was able t
Alan,
I believe you that is can work - I just want to know how to configure it
so it does :-)
Here is the output:
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Conf
Tried that already.
cobb Cleartext-Password := "secret"
It just spits out an error that says I didn't use User-Password and
fails:
Thread 1 handling request 0, (1 handled so far)
NAS-Identifier = "localhost"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Hello,
>> thats why. you cant use a plain password.
>>alan
[Cobb] What should I use? I have tried User-Password==,
Cleartext-Password:=, Cleartext-Password==,
NT-Password=="0x0123456789abcdef...",
NT-Password=="0123456789abcdef.."
All complain that the NT Response is invalid and all but Us
Same thing basically:
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: Found NT-Password
rlm_mschap: Told to do MS-CHAPv2 for [EMAIL PROTECTED] with NT-Password
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" retur
usd.conf files. Full gdb output from a
segfault case follows.
So, this isn't a bug report... i'm just hoping for tips on how to
proceed... thanks in advance for any clues.
-Matt
### begin complete users file ###
DEFAULT Auth-Type:=Kerberos
### end complete users file ###
### begin par
Alan. Just a quick update... upon looking deeper, it looks
like it might be an autoconf/libtool issue with x86_64 under Fedora 7.
If I come up with any potentially useful info, I'll post it here.
Sorry for the noise.
-Matt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ile from scratch. The current version in Fedora 7
is 1.1.6, and 1.1.7 is available in the development repo. (I am
running 1.1.7 built from the devel source RPM.)
-Matt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
her packages,
which you can easily snip out if you don't actually need to build/use the
stuff which depends on them.)
> But /usr/include/mysql doesn't exist on the machine.
I'm guessing none of the MySQL packages are installed. Try:
"yum install mysql mysql-devel"
Any advice is appreciated.
Matt
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi...
Matt Ashfield wrote:
> We're running FR to authenticate users on our wireless network. It appears
> that radius is randomly stopping/crashing. I have checked logs, but have
> been unable to locate the problem and am wondering if someone could point me
For what it's
>version of FR? modules or backend auth system used?
Using FR 1.1.5 and using mod_auth_ldap for auth
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
client
hh2380:20006 - ID: 133 due to unfinished request 922
After the error it crashed. Not sure why I'm seeing this. Any thoughts are
welcome!?
thanks
Matt
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt
Ashfield
Sent: Tu
What kind of error messages are you getting in your log when it blows up?
Quoting Phil Mayers <[EMAIL PROTECTED]>:
> On Mon, 2007-09-24 at 15:39 -0400, Nathan Hay wrote:
> > I am a newbie, running 3 (for redundancy) FreeRadius servers (1.1.7)
> > on SUSE 10 SP1 (32-bit) to authenticate our wirele
I have a freeradius server configured to do both EAP-TLS and LDAP auth. It
works great so far. If I have a cert. configured, then I'm authenticated
with the cert. If I don't have a cert then I get prompted for my un/pw on
my NAS's Captive Portal page, which then passes my username/password on to
Alan T DeKok wrote:
> January 10, 2007 - Version 2.0.0 has been released.
Congratulations, and thanks for all your hard work on FreeRADIUS!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The nas table definition can be found at the bottom of this page
http://wiki.freeradius.org/MySQL_DDL_script
make sure to set:
readclients = yes (probably at the bottom of sql.conf)
the column names in the nas table are pretty self-explanatory after you
have that set up. Just be sure to re-sta
I have a setup with four Linksys E4200 wireless routers all sharing the same
SSID. All are configured to authenticate against the same freeradius server via
WPA 2 enterprise. I have freeradius (2.1.7) setup to authenticate against
activedirectory using ntlm_auth via TTLS and mschap. Android and
Hi All,
having trouble setting up my RADIUS(FreeRADIUS Version 2.1.7) to
auth to my openldap server (openldap-2.3.43-12.el5_6.7) on CentOS 5.5.
i am trying to configure EAP-TLS and think i am pretty close. I am
currently wondering if possibly i have an incorrect mapping in the
ldap.attrs file (
configure jradius.conf to point to my JRadius server, and add jradius to
> the accounting section of sites-enabled.
> "radiusd -X" gives:
> /usr/local/etc/raddb/sites-enabled/default[443]: Failed to load module
> "jradius".
> /usr/local/etc/raddb/sites-enable
please let me know. One thing I was thinking about
trying it going back a few versions of ntlm_auth and tring again. Its
interesting how I don't seem to be able to find any information relating
to this on the Internet.
Thanks,
Matt.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 06/12/12 15:20, Alan DeKok wrote:
> Matt Richards wrote:
>> Hello,
>>
>> I have got radius setup to authenticate wireless clients using MS-CHAP
>> and everything works correctly if the entered user / pass is correct.
>>
>> If the password is wrong, how
On 06/13/12 13:04, alan buxey wrote:
> Hi,
>
>> I did have a retry_msg which was left as the default value of
>>
>> retry_msg = "Re-enter (or reset) the password"
>>
>> After I commented out this line the problem went away.
>>
>> Thanks for your help. I'm guessing this shouldn't crash with the exa
On Wed, Nov 21, 2012 at 9:18 AM, David Gethings wrote:
> Hi All,
>
> It appears that the Debian package for freeradius 2.1.10 does not install
> the configuration files. At least that is what is happening on my system. As
> I try to resolve this is it possible to get a copy of the config files fro
On Tue, Feb 12, 2013 at 3:50 PM, T W wrote:
>
> All,
>
> I got this working at the end of last year, but now I've having trouble.
> I'm setting up SSH access using RADIUS auth on a Ubuntu 12.10 system. Im
> using the latest version of libpam-radius-auth (1.3.17-0ubuntu4) and have
> followed the
be in
/etc/freeradius (default Debian config dir) due to the second
instance? Is it worth it, just to have a single system have all of
your RADIUS servers or should I just stand up another virtual server
and use that instead?
Thanks for any help or hints!
-matt zagrabelny
-
List info/s
On Mon, Mar 4, 2013 at 3:27 PM, Olivier Beytrison wrote:
> On 04.03.2013 22:17, Olivier Beytrison wrote:
>>
>> On 04.03.2013 21:56, Matt Zagrabelny wrote:
>>>
>>> Greetings,
>>>
>>> I am configuring a general purpose RADIUS server that any numbe
On Mon, Mar 4, 2013 at 4:28 PM, Arran Cudbard-Bell
wrote:
>
> You know SQL supports groups right? and that a group matching can be
> conditional on attributes in the request? and that you can add aditional
> config items to client definitions to mark them as a special devices?
Hi Arran,
Thank
On Tue, Mar 5, 2013 at 9:17 PM, Arran Cudbard-Bell
wrote:
>
> On 5 Mar 2013, at 18:03, Matt Zagrabelny wrote:
>
>> On Mon, Mar 4, 2013 at 4:28 PM, Arran Cudbard-Bell
>> wrote:
>>
>>>
>>> You know SQL supports groups right? and that a group matching
On Wed, May 8, 2013 at 3:26 PM, Roberto Carna wrote:
> Dear, I'm new at Freeredius as an AAA sever in a Linux box and I need to
> authenticate Allied switches and Debian/Centos boxes.
>
> What package/module do I have to install in adition to freeradius ???
For the Debian clients you might want:
On Mon, May 20, 2013 at 12:58 PM, Roberto Carna
wrote:
> Dear, I have:
>
> (A) One Freeradius server on Debian 6: freeradius installation and
> client.conf configuration
> (B) Another Debian 6 box with sshd: libpam-radius-auth installation
> (C) Several Windows and Linux ssh clients
>
> In (A) fre
On Wed, Jun 26, 2013 at 9:27 AM, Alan DeKok wrote:
> Mihajlo Joksimovic wrote:
>> i have an uptodate Debian derivate with samba4.
>> The base_filter rule in the modules/ldap file is not accepted. There i
>> gave sambaacctflags but nothing happens. still all users get accepted.
>> in Base_filter I
Greetings,
I am using a Pg datastore to hold authentication data and using the Pg
module for FR to hook into it.
I am using a basic view for the radius_check table:
# SELECT * from radius_check_users where username = 'mzagrabe';
id | username | attribute| op | value
On Mon, Jul 1, 2013 at 3:30 PM, Arran Cudbard-Bell
wrote:
>
> On 1 Jul 2013, at 17:59, Matt Zagrabelny wrote:
>
>> Greetings,
>>
>> I am using a Pg datastore to hold authentication data and using the Pg
>> module for FR to hook into it.
>>
>> I am
Greetings!
Our Cisco VPN concentrator is sending some RADIUS attributes in the
request packet and if certain values appear, then I'd like to only
allow a subset of users to login.
I've looked at:
http://wiki.freeradius.org/SQL-Huntgroup-HOWTO/dbeef165862fe9ba7ef6f7d011889d1f7212cf9b
the SQL Hun
On Thu, Jul 18, 2013 at 10:46 AM, Alan DeKok wrote:
> Navodit Bhardwaj wrote:
>> For each Access-Request recieved and authenticated successfully I want
>> to do following:
>>
>> 1. Verify if Access-Request contains a parameter i.e IMEI of mobile
>> 2. If Not, send Access-Reject. Else,
>> 3. com
the user is configured correctly?
..but this is OK, since with "mschap" before "ldap" in your authorize{}
block, FreeRADIUS will handle the challenge-response stuff correctly for
MSCHAPv2 using the NT hash from OpenLDAP. Make sure you bind to OpenLDAP
with sufficient privile
.
Thoughts?
--
Matt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
These will be in a
dozen remote locations so I need to build a solution enabling rapid
provisioning of the devices with minimal local technical oversight.
--
Matt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
intermediate CA certificate in the chain.
When you think you are done - you can test the validity of your new
certificate like this:
openssl verify -crl_check -CApath
/path/to/certificate-file/server.pem.cert
Hope this helps. Give it a go and let us know if you have any problems.
--
Matt
On Fri, Feb
>>
>>> Are you planing improve CRL support in version 2.0 in some near future?
>>
What do you mean by better support? Are you asking for a way to
update CRLs without a bounce of freeradius?
--
Matt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hows a query for
username:'=24enab15=24'. mysql says that there is no matching
username, and radiusd rejects the request. I tried adding the user
$enab15$ and =24enab=24 into the database, but to no avail. Anyone
have a suggestion? Thanks very much!
Matt.
-
List info/subscribe/unsubscribe?
On Fri, 23 Jul 2004 08:31:16 +1000, Paul Hampson <[EMAIL PROTECTED]> wrote:
> Add =24enabl15=24 as a user, or add $ to the list of safe characters in
> your SQL configuration file and add $enabl15$ as a user.
Thank you. I had tried adding =24enab15=24 as a user, but it still
didn't act right.
1 - 100 of 231 matches
Mail list logo
