?
-Mike
On Wed, 15 Sep 2010, Alan Buxey wrote:
2.1.3 is very old now , 2.1.9 is current and has many fixes over that -
check its changelog .. this error message suggests that you've got a
slow backend somewhere - be that ldap, sql or even a bit of perl
- Reply message -
From:
ue to unfinished request 35244
Sep 15 10:07:53 prad02 radiusd[10632]: Discarding duplicate request from
client FHSWLC-1 port 32768 - ID: 205 due to unfinished request 35245
-Mike
<>-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Fri, Aug 6, 2010 at 12:39 AM, Alan DeKok wrote:
> Mike J wrote:
> > I've fixed the x86 module (was using a wrong client config file). So I
> > have x86 working but don't have the ppc module working.
> ..
> > Is this likely the cause of my issue?
>
> Ye
On Tue, Jul 27, 2010 at 1:22 AM, Alan DeKok wrote:
> Mike J wrote:
> > It is a PPC module. However, since I was having problems with it I
> > decided to install the PAM module for my x86 workstation (from the
> > Ubuntu Hardy repository). I'm getting the same results.
to peform the authorization
query. This seperation would give me the abillity to either engage
chap/pap or not based on presence of the attribute, instead of simply
overwriting the attribute values which doesn't address my security
concerns. I'm still looking for a good method to accomplish t
Johan Meiring wrote:
On 2010/07/21 11:00 AM, Alan DeKok wrote:
authorize {
...
if (ADSL-Agent-Circuit-Id&& \
("%{sql: select ...}")) {
update control {
Auth-Type := Accept
}
}
else {
reject
}
}
I disagree with the logic sli
On Fri, Jul 23, 2010 at 4:54 AM, Alan DeKok wrote:
> Mike J wrote:
> > Now obviously is says there's a problem with the secret, but I believe
> > I've setup the secret correctly in the configs I've shown above.
> > Does anybody have any ideas what I'm
Hi,
I'm trying to get the the pam radius module to work.
I've built a test radius server (FreeRADIUS Version 2.1.9) and I've setup a
linux box with the pam radius module (1.3.17)
The server seems to be setup properly to authenticate users:
# radtest testing password 127.0.0.1 0 testing123
Sendi
based on ADSL-Agent-Circuit-Id and not User-Name.
Mike-
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
iting User-Name open up a hole where
if anyone just makes their username the same as a valid circuit ID,
they'd be allowed and really I want to enforce it based on the presence
of the acutal attribute itself.
Mike-
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I read the appropriate section in radiusd.conf, but I don't know what
needs to be in whatever folder I'm pointing the config to.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"bobloblaw"
User-Password = "bobloblaw"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "bobloblaw", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[sql] expand: %{User-Name} -> bobloblaw
[sql] sql_set_user escaped user --> 'bobloblaw'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = '%{SQL-User-Name}' ORDER BY id -> SELECT
id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'bobloblaw'
ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = '%{SQL-User-Name}' ORDER BY id -> SELECT
id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'bobloblaw'
ORDER BY id
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "bobloblaw"
[pap] Using clear text password "bobloblaw"
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
[sql] expand: %{User-Name} -> bobloblaw
[sql] sql_set_user escaped user --> 'bobloblaw'
++[sql] returns noop
++[exec] returns noop
Sending Access-Accept of id 112 to 127.0.0.1 port 59466
Session-Timeout := 6000
CHAP-Challenge := 0x313233
Mikrotik-Group := "email"
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 112 with timestamp +6
Ready to process requests.
--
Mike Wilson
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
running radius in debug mode in the background shouldn't provide
anything useful tho.
just a thought...
On Tue, 11 May 2010 19:36:24
+, dorra aa wrote: I installed on a server machine:
freeradius-server-2.1.8
I wrote in the terminal: radiusd-X ">Mike
Nichols
of
string its very important to utmp detect the username.
Exist something to
fix it?
-
Sua internet grátis até 19x mais rápida.
Baixe agora mesmo seu discador e
acelerador POP! É grátis!
www.pop.com.br [1]
--
Mike Nichols
My
Excerpts from Alan DeKok's message of Mon Mar 22 11:48:40 -0500 2010:
> Mike Loosbrock wrote:
>
> > I thought about getting the user's groups by fetching the multi-
> > valued 'memberOf' attribute from AD and then copying it to the
> > control list
hen
make rlm_sql use that attribute in an authorization query (at
least in any sort of useful manner).
One work-around is to periodically export the AD group
membership data and rebuild the usergroup table from it. I'd
really like to avoid this approach if at all possible.
--
Mike Loosb
[8452]: rlm_eap: SSL error
error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
-Mike
<>-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
7;%{Acct-Session-Time}',\
`Acct-Input-Octets` = '%{Acct-Input-Octets}',\
`Acct-Output-Octets` = '%{Acct-Output-Octets}',\
`Acct-Input-Packets` = '%{Acct-Input-Packets}',\
`Acct-Output-Packets` = '
uot;, Auth-Type := Reject
But it doesn't work. What's the best way to do this?
-Mike
<>-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Could someone tell me what the syntax error on the Proxy-To-Realm line is
please?
preacct {
detail
suffix
if ((Proxy-To-Realm = DEFAULT) && (User-Name =~
/@.*.domain.tld$/))
update control {
Proxy-To-Realm := NULL
}
Just checking in on this, I have plenty of patience. I just don't want to
find myself in a situation down the road where a currently-unknown security
issue or bug in 2.1.4 forces an upgrade, since our current configuration
doesn't seem to work with 2.1.8...
-
List info/subscribe/unsubscribe? See h
Alan,
A few days ago I sent you a private email to your deployingradius address. I
attached a bunch of config files and log output so you could see the issues
in my working 2.1.4 vs non-working 2.1.8 installations. I did not scrub the
config files since it was a private email. If you want the conf
with the make
scripts, no?
-Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-tunnel[176]: Errors
parsing authenticate section.
}
I did update the private key password in eap.conf, to match the one I used
in the original signing request. So what did I do wrong?
-Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
10 11:12 PM
To: FreeRadius users mailing list
Subject: Re: STILL Trying to get tunneling to work- resolved, and a question
Mike Bernhardt wrote:
> Just to clarify my questions:
> If one of the servers I'm proxying to is dead, is there a way to reduce
the
> number of times freeradi
do I ensure my
certificate has these extensions? Would a CA signed cert have this?
-Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Sun, 31 Jan 2010, Fajar A. Nugraha wrote:
On Sun, Jan 31, 2010 at 12:09 PM, Mike Diggins wrote:
Why self signed versus CA signed? Ideally I would like my clients to not
be questioned about the certificate at all. Is that even possible with WPA?
If I purchase a CA signed cert, would that
On Sun, 31 Jan 2010, Peter Lambrechtsen wrote:
On 31/01/2010, at 11:59 AM, Mike Diggins
wrote:
I was able to get freeradius 2.1.3 and wireless WPA working, likely
due to the fact that FreeRadius was mostly configured for me
(thanks ;) ). I’m a little confused about the certificate that
purchase a CA signed cert, would that eliminate the requirement
on the client to acknowledge the certificate or import it?
-Mike-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
k with the downstream servers?
-Original Message-----
From: Mike Bernhardt [mailto:bernha...@bart.gov]
Sent: Friday, January 29, 2010 11:36 AM
To: 'freeradius-users@lists.freeradius.org'
Subject: Re: STILL Trying to get tunneling to work- resolved, and a question
I found the major pr
e and
that's it.
Thanks,
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Still waiting for 2.1.8. Any update on a release date?
Thanks,
mike
-Original Message-
From: Alan DeKok [mailto:al...@deployingradius.com]
Sent: Monday, December 21, 2009 11:09 AM
To: FreeRadius users mailing list
Subject: Re: STILL Trying to get tunneling to work
Mike Bernhardt wrote
>From: t...@kalik.net [mailto:t...@kalik.net]
>Sent: Thursday, December 10, 2009 5:05 PM
>To: FreeRadius users mailing list
>Subject: Re: Trying to get tunneling to work
>
>> I am trying to set up freeradius to proxy requests 802.11 MSCHAPv2 to an
>> IAS
>> server. The IAS requests are authenticat
rom: Alan DeKok [mailto:al...@deployingradius.com]
Sent: Thursday, December 17, 2009 2:07 PM
To: FreeRadius users mailing list
Subject: Re: Trying to get tunneling to work
Mike Bernhardt wrote:
> Is that related to my problem, or did you just notice am unrelated bug?
Umm... did I respond to yo
Is that related to my problem, or did you just notice am unrelated bug?
-Original Message-
From: Alan DeKok [mailto:al...@deployingradius.com]
Sent: Wednesday, December 16, 2009 1:45 PM
To: FreeRadius users mailing list
Subject: Re: Trying to get tunneling to work
Mike Bernhardt wrote
ng to work
Mike Bernhardt wrote:
> I am trying to set up freeradius to proxy requests 802.11 MSCHAPv2 to an
> IAS server. The IAS requests are authenticated by a Safeword server,
> which doesn't support 802.11. So the idea is that freeradius takes the
> request, proxies it to IA
-Original Message-
From: t...@kalik.net [mailto:t...@kalik.net]
Sent: Thursday, December 10, 2009 5:05 PM
To: FreeRadius users mailing list
Subject: Re: Trying to get tunneling to work
> I am trying to set up freeradius to proxy requests 802.11 MSCHAPv2 to an
> IAS
> server. The IAS reque
I am trying to set up freeradius to proxy requests 802.11 MSCHAPv2 to an IAS
server. The IAS requests are authenticated by a Safeword server, which
doesn't support 802.11. So the idea is that freeradius takes the request,
proxies it to IAS as if it was a non-802.11 client, IAS passes it to the
inte
on Debian
radiusPassword
script for users to selfservice RADIUS password stored in postgresql database
You will find them on our git repository: http://projects.oshean.org
Mike Marseglia, OSHEAN
w. 401-886-0887 x208
c. 401-248-4867
e. m...@oshean.org
-
List info/subscribe/unsubscribe? See
us to provide authentication to users and we have come across to drop the session if the user's account suspended but we have no luck to make it work. Currently we try to put this attribute in radreply table and it doesn't work for us. Looking for your kind information in this matter.
Thanks i
: %{control:Packet-Type} ->
? Evaluating (control:Packet-Type == "Access-Accept") -> FALSE
++? if (control:Packet-Type == "Access-Accept") -> FALSE
.
Could version 2.1.4 have a bug in this area ?
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Guys
How would I match for the packet type ie 'Access-Accept' in unlang
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
question about unlang I'll ask in a new email
Cheers
Mike
Mike O'Connor wrote:
> Hi Guys
>
> This email tries to ask my question in a different way, to last time.
>
> I need to Rewrite the User-Name of individual accounts to add a realm,
> this would need to reliabl
John Morrissey wrote:
> On Thu, Aug 27, 2009 at 10:57:47PM +0930, Mike O'Connor wrote:
>
>> I need to Rewrite the User-Name of individual accounts to add a realm,
>> this would need to reliable up to at least 1 users.
>>
>> Does any one have any ideas
out restarting Freeradius ?
We do have some python code running in this proxy which might be able to
help.
Thanks
Mike O'Connor
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alexander Clouter wrote:
> Mike O'Connor wrote:
>
>> Using freeradius 2.1.4 the following works if I user the hints file.
>>
>> DEFAULT Called-Station-Id == "splns357"
>>User-Name := "%{user-na...@mb.webshield.net.a
plns357"
Service-Type = Framed-User
NAS-IP-Address = 118.67.208.51
Proxy-State = 0x31
Going to the next request
Waking up in 0.9 seconds.
Waking up in 13.0 seconds.
rad_recv: Access-Reject packet from host 118.67.209.21 port 1812,
id=250, length=23
Proxy-State = 0x31
Thanks All
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Nicolas Goutte schrieb:
Am 03.07.2009 um 12:24 schrieb Mike:
Dear list,
after 4 days of work and lots of google searches I?m really in the
need for some help!
My Setup:
A Centos 5.2 x86_64 box, running source installations of postfix 2.5.x
and Dovecot Imap with domain and users stored in
e747416
Finished request 6
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 5 ID 111 with timestamp 4a4dcc9d
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 6 ID 112 with timestamp 4a4dcca2
Nothing to do. Sleeping until we see a request.
I?m really at the end of my knowledge, please help,
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radiusd_test.py running ok:
>> > *** instantiate ***
>> > None
>> But authenticate just hang.
>>
>> Any other suggestions?
IK> There is no authenticate subroutine in radiusd_test.py.
IK> Ivan Kalik
IK> Kalik Informatika ISP
--
Mike Tkachuk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
t be a
problem, but I checked that also - added
> user = root
> group = wheel
I see that instatination code in radiusd_test.py running ok:
> *** instantiate ***
> None
But authenticate just hang.
Any other suggestions?
--
Mike Tkachuk
-
List info/subscribe/unsubscribe? See http://
e?
Thanks.
--
Mike Tkachuk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
If not, only attributes for the highest priority
(first) group are applied: http://wiki.freeradius.org/Rlm_sql
Mike Loosbrock
Bethel University Network Services
651-638-6723
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ssword} -> --password=
Exec-Program output: NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc06a)
Exec-Program-Wait: plaintext: NT_STATUS_WRONG_PASSWORD: Wrong Password
(0xc06a)
Exec-Program: returned: 1
++[ntlm_auth] returns reject
Using Post-Auth-Type Reject
+- entering group REJECT {...
about
enabling extending acls's on the file system to work around this
issue. I'd be interested to know what you ended up doing.
Just add the freerad user to the winbindd_priv group.
Mike Loosbrock
Bethel University Network Services
651-638-6723
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Apr 8, 2009, at 10:07 AM, Mike Loosbrock wrote:
We run Debian, and we currently have our samba packages pinned at
version 2:3.0.30-3 due to this issue:
http://lists.freeradius.org/pipermail/freeradius-users/2009-February/msg00289.html
List,
I'd be willing to report this bug to the
ar issue just yet. I say that
because your EAP exchange never progresses to the point where
ntlm_auth is executed by FreeRADIUS. Things seem to be hanging right
after the outer TLS tunnel is established, which may point to a
certificate problem. Are you sure your server certificate is OK?
M
Hi Hristo
Could you supply a quick example ?
Its always good to get working example after a problem is resolved (even
if the person is resolved by the questioner)
Mike
Hristo Trendev wrote:
> The examples in src/modules/rlm_python gave me some hints and I
> figured it out. Thanks
can duplicated with FreeRadius?
It works in freeradius by default. You have disabled mppe in mschap
module (raddb/modules/mschap).
Doh! That was it. Thanks once again.
-Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ng
I can duplicated with FreeRadius?
-Mike
mon-pptp-NOT-working.pcap
Description: Binary data
mon-pptp-working.pcap
Description: Binary data
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ng
I can duplicated with FreeRadius?
-Mike
mon-pptp-NOT-working.pcap
Description: Binary data
mon-pptp-working.pcap
Description: Binary data
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
That's the conversation between NAS and the client, not NAS and radius
server.
Right. I guess I captured the wrong end of the conversation. I'll have to
capture that tomorrow, and hope that wireshark can provide the full radius
response as Alan mentioned.
Thanks.
-Mike
-
List info/subscribe/u
On Sat, 28 Mar 2009, Alan DeKok wrote:
Mike Diggins wrote:
I have a cisco vpn3030 concentrator with both IPSec and PPTP clients.
IPSec clients can successfully connect using my FreeRadius 2.1.3 server.
They use PAP, I believe. My PPTP clients are failing to connect. Every
indication on the
:17 macvpn-inside 13886216 03/27/2009 15:08:17.790 SEV=5
PPP/49 RPT=33002 76.64.100.68 User [test26] IPCP assigned IP Address
172.26.94.7
Mar 27 15:08:17 macvpn-inside 13886217 03/27/2009 15:08:17.790 SEV=4
AUTH/22 RPT=354231 76.64.100.68 User [test26] Group [Base Group]
connected, Session Typ
On Wed, 18 Mar 2009, Alan DeKok wrote:
Mike Diggins wrote:
I've made no progress in finding a solution to my MSCHAP problem. To
summarize, Winbind and FreeRadius authenticate via PAP fine on both
servers (RedHat V5), but MSCHAP fails on one of the two (see below). I
tried tar'
ange the configuration on this file on either system, and both
are identical.
-Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
m_auth line is still
commented out there. It's enabled on the second server.
No, it's there and uncommented on both. In fact I blew away the entire
/etc/raddb directory on the failing server, and replaced it with the
contents of /etc/raddb from the working one, so the configs have to
er machine, but it still fails. I also rejoined the Windows domain, but
nothing is working. Does MSCHAP have any other dependency on the system,
that PAP doesn't? I don't know where else to look.
-Mike
On Mon, 16 Mar 2009, Mike Diggins wrote:
I configured what I thought were two
192.168.2.15 port 2358
MS-CHAP2-Success =
0x78533d4145363132463539313034453537313236413341423437433946383541453538384142453943
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 5 ID 115 with timestamp +1773
Ready to process requests.
-Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ly to stop it? It seems to
be a purely cosmetic issue, but I'd still like to find a solution.
-Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
t file.
Or, update the rules to add the Reply-Message in the "post-auth" section.
Use unlang in Post-Auth-Type REJECT.
update reply {
Reply-Message := whatever
}
That was easy ;)
Thanks,
-Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Sun, 4 Jan 2009, Alan DeKok wrote:
Mike Diggins wrote:
How do I stop it from sending the same Reply message when the user
enters a incorrect password. Right now the Reject responds like this:
Sending Access-Reject of id 22 to 192.168.2.2 port 1025
Reply-Message = "Group=NetWo
On Mon, 9 Mar 2009, Alan DeKok wrote:
Mike Diggins wrote:
Just as a quick example, I added this line to radius.conf:
$INCLUDE dsdfsdf/# bogus line
radiusd -C doesn't complain:
[r...@rad01 raddb]# /usr/local/freeradius/sbin/radiusd -C
[r...@rad01 raddb]#
Err.. try "echo
adius will
start, in case I mangle something in the config.
-Mike
On Mon, 9 Mar 2009, Alan DeKok wrote:
a.l.m.bu...@lboro.ac.uk wrote:
much as thought. is it also the case that it only checks
stuff that can be 'HUP'd' ?
Yes.
Alan DeKok.
-
List info/subscribe/u
-C
check still returns nothing. What am I missing?
-Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
p://code.google.com/p/yubico-pam/wiki/YubikeyAndRadiusViaPAM
Cheers
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
fy the domain
with '--domain=%{mschap:NT-Domain}'.
Mike Loosbrock
Bethel University Network Services
651-638-6723
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
use my Windows logon name and password (and domain if
any)'
Mike Loosbrock
Bethel University Network Services
651-638-6723
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
d OSX) to bail. There's apparently something wrong with the
NT_KEY returned by ntlm_auth...
Mike Loosbrock
Bethel University Network Services
651-638-6723
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
in the authorize section (such as files or eap) set Auth-Type.
See 'man unlang' for more details.
Mike Loosbrock
Bethel University Network Services
651-638-6723
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Orion, do you have a link to radmanager?
Thanks
.. Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
m.mloosbro/password] (from client monitor port 1)
+- entering group post-auth
++[noop] returns noop
Sending Access-Accept of id 27 to 127.0.0.1 port 4030
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 4030, id=27,
length=76
Sending duplicate reply to client monitor port 4030 - ID: 27
Sending Access-Accept of id 27 to 127.0.0.1 port 4030
Waking up in 4.9 seconds.
Cleaning up request 0 ID 27 with timestamp +3
Ready to process requests.
### END DEBUG OUTPUT ###
Mike Loosbrock
Bethel University Network Services
651-638-6723
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Sat, 3 Jan 2009, Alan DeKok wrote:
Mike Diggins wrote:
After getting NTLM_AUTH working using PAP, I decided to try the MS-CHAP2
as well and that appears to work, but I had to remove the line "DEFAULT
Auth-Type := ntlm_auth" from my users file.
Use "=", not ":=&q
On Fri, 2 Jan 2009, Alok Vimawala wrote:
Hi Mike,
Are you trying to have the radius server send an access-reject when the user
is not in the group?
Or are you trying to send a list of groups to the VPN device?
I couldn't figure out how to have the client (in this case a cisco AS
, some of which support
MS-CHAP2, but some do not. How can I use both together? My users will be
connecting to both services, so defining a specific AUTH-TYPE for each
user won't work.
-Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
t;CSLIP"
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "SLIP"
Framed-Protocol = SLIP
-Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
x27;m wondering though, if I have users with multiple group
membership, should I create a string of group names such as
"group1,group2, group3" for each user, and return that as the
Reply-Message? Is that a sensible way to do it, or is there a better way?
-Mike
Dana 31/12/2008, "
the VPN side, with the group X on the radius side. I'm not even
sure how (or where) to create such a group with freeRadius. Can anyone
point me in the right direction?
-Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I'm using the NTLM_AUTH authenticator currently, if that helps.
-Mike
On Wed, 26 Nov 2008, Mike Diggins wrote:
I would like to not only authenticate my users via FreeRadius, but also
authorize them by creating some local groups, and running a program to do the
authorization check,
even possible using the latest FreeRadius software? I'm not sure where to
start looking.
-Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I added this to the top of the users file:
userAuth-Type := ntlm_auth
Any idea what is causing that? I think I followed the instructions
correctly.
-Mike
On Tue, 18 Nov 2008, [EMAIL PROTECTED] wrote:
Updated manual:
http://deployingradius.com/documents/configuration/active_
I should have mentioned it's FreeRadius 2.1.1.
-Mike
On Tue, 18 Nov 2008, Mike Diggins wrote:
Folks, I have freeradius running on a fedora linux box. I want to use it for
authentication from an Apache web server using the radius interface. That
part is working, and I'
meone point me in the right direction please.
-Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
complain about wildcards that _don't_ match a file
by adding
shopt -s failglob
to your .bashrc.
Of course, that can leave you surprised later if you are expecting that
non-default behavior and start to work with a login that doesn't set it.
And setting it could make it harder to use scripts th
hi
how can i reject a user if his datavolume is reached? (some attribute in
radreplay?)
all users are stored in mysql.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok wrote:
mike wrote:
we have a little network with some cable modems. all modems use
freeradius for authenticating and all useres use a pppoe session against
freeradius to connect with the router. this works. now we want a
bandwidth limitation for each modem.
is this possible with
hi folk,
we have a little network with some cable modems. all modems use
freeradius for authenticating and all useres use a pppoe session against
freeradius to connect with the router. this works. now we want a
bandwidth limitation for each modem.
is this possible with freeradius? or how can w
rk. Can anybody give me a some advise how to
get this to work
see below a screen dump of the freeradius server.
rad_recv: Access-Request packet from host 192.168.100.5:2689, id=3,
length=1660
Message-Authenticator = 0x9a0b07611fd6b83251839c544b3552e6
Service-Type = Framed-User
reply_query = "SELECT id,UserName,Attribute,Value,op FROM RADREPLY
WHERE Username = '%{SQL-User-Name}' UNION SELECT
0,'%{SQL-User-Name}','Session-Timeout',sess_time('%{WISPr-Location-ID}'),
'%{SQL-User-Name}'),'==' from dual"
Sess_tim
ved a radius packet is going to be a good idea. I would instead
create a very small shim which calls a python daemon via a unix socket.
Cheers
Mike
[EMAIL PROTECTED] wrote:
>From the subject, you can probably guess that its just barely a Freeradius
problem :) Anyway...
Using the Bui
101 - 200 of 474 matches
Mail list logo