Alan (and all),
I believe that I have found a bug related to Access-Reject and the
reject_delay and max_session_time configuration settings. I am running FR
1.0.0.
When I run radiusd -X, all behaves as expected. The Access-Reject is sent
after the delay time indicated by the reject_delay settin
ice=system-auth
sessionrequired /lib/security/pam_limits.so
sessionoptional /lib/security/pam_console.so
The above configuration works without any problems on RH7.2. I am at a
loss as to what is going on, so any help would be gratefully received.
Best Regards,
Mike Bickham.
&qu
gs at all. I type the user name at the
prompt and the name just disappears.
The results of radtest show that freeRadius is working, the issue
appears to be with pam_radius_auth. Am I on the right list? Can anyone
help as this is causing some major headaches :(
Best Regards,
Mike Bickham
T
comes from the nas, NAS-IP-Address is an IP.
On Tue, 27 Jul 2004, Alan DeKok wrote:
Mike Sturdee <[EMAIL PROTECTED]> wrote:
I am trying to use sql for the Simultaneous-Use check. I am seeing that
the NAS-IP-Address is being resolved in some places, and used as IP in
others. (I am thinking it
Solved. I changed the ifdef line in misc.c
Mike
--- Mike <[EMAIL PROTECTED]> wrote:
> I am using solaris 7 with gcc. When I try to
> compile
> it dies at line 381 in misc.c. I have the 1.0.0
> pre3
> source code and here is my error message
>
&g
erver?
Any help you have is great, sample conf files, or
links to howtos, etc...
Thanks,
Mike
__
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail
-
List info/subscribe/unsubscribe? See
radius-1.0.0-pre3'
make: *** [all] Error 2
bash-2.05#
Mike
__
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius-1.0.0-pre3'
make: *** [all] Error 2
bash-2.05#
Mike
__
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi List,
I know this is probbly more a pppd question, but I figure you
folks using radius probbly have the same problem I do, so here goes:
I've got pppoe servers out in the field that run linux/pppd v2.4.2
with radius authentication to a server running freeradius. What I'd like
the config, the NAS-IP-Address is an IP address,
and in other places it is a hostname.
I do have hostname_lookups = yes, but this should still not affect an IP
variable (ie: remote_addr vs. remote_host).
Having hostname_lookups on in 0.9.3 does not produce this result.
-Mike
-
List inf
>> Is it possible to make radius tell the dial equipemnt to send the
>> password in clear text if it can't authenticate a CHAP password?
> No.
> In many cases, the NAS can't even control it. The client uses
> CHAP, and there's no way for the NAS to tell it to use PAP.
We had a case of a service
nski wrote:
Hello all,
has anybody a script at hand for feeding some (old) freeradius accounting log
files into a mySQL db?
I know I read somewhere about such a script...
Thanks for any hints
Stephan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.
ure this is totally correct so you should test it yourself.)
Then you can safely use basedn="ou=personnels,dc=utt,dc=fr" for radius.
--
Fduch M. Pravking
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-Mike
==
Network Engineer
Is it possible to have mysql accounting log the query statement (yes i
know this part is possible) but NOT connect to the sql server? I need to
take the mysql box down for maint and was thinking this would be the best
possible way to not lose any records.
-Mike
-
List info/subscribe
Taking this a step further, is it possible to authenticate based soley
on MAC address? Meaning completely ignoring what is being sent for
username/password.
>>> [EMAIL PROTECTED] 6/22/2004 9:38:14 AM >>>
yes. It depends on what the switch sends in the
authentication-request.
if your auth-detail h
The old version of the list, when it was hosted at cistron.nl, can be
searched from here:
http://www.mail-archive.com/[EMAIL PROTECTED]/
Cheers,
Mike
- Original Message -
Message: 14
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Forum for
, I would like to use
the proper variable name.
Can anyone tell me what name I should use?
Thanks,
Mike Lampson
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
contradict you. What probably very
obvious thing am I missing?
--
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
tored procedures was added in version 5.0, and support for
triggers will be added in version 5.1."
Cheers,
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Tue, 2004-05-18 at 11:48, Graeme Hinchliffe wrote:
> Postgres does support triggers and is very flexible. Plus you only need
> to enter them once and then update as time goes on.
Moving OT :\
Does it support replication now?
Cheers,
Mike
-
List info/subscribe/unsubscribe? Se
7;m using Session-Timeout to handle the 4
hour limit. I guess the tough part would be dumping data into this
second table. A cron job or the like could get very (cpu/io)
expensive--especially as the table grows--and the RDBMS I'm currently
using doesn't support triggers.
Cheers,
Mi
On Tue, 2004-05-18 at 09:37, Graeme Hinchliffe wrote:
> Perhaps use the accounting information to trigger a flag on their
> account if they hit the 4 hour limit.
Any suggestions on where to start on that?
Cheers,
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.or
pened to overlook?
Cheers,
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> If you want it to have huntgroups based on the source IP of the
> RADIUS packet, edit the huntgroups file, and change "NAS-IP-Address"
> to "Client-IP-Address".
Thanks. I missed that attribute when looking through the various examples.
Cheers,
_Mike
-
List info/subscribe/unsubscribe? See
NAT'ed by our firewall and shows up at the
FreeRADIUS server with a public address that is correctly verified in the
clients.conf file. However FreeRADIUS then looks for a Huntgroup match
using the private IP address.
Is this behavior by design or is it a bug?
Thanks,
Mike
-
List
> do you know the trick of stripping the realm before trying to
> authenticate?
read /raddb/proxy.conf
--
__
Mike Ockenga, CCNP [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.or
uot; to your passwd filer, it doesn't match "[EMAIL
PROTECTED]" because they're not the same. And that would explain the "notfound"
message.
--
__
Mike Ockenga, CCNP [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
t;
Yep.
> Thanks for every kind help
>
You're welcome.
--
__
Mike Ockenga, CCNP [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
since the NAS picks the source port for the request, you'll have to work
that angle.
--
__
Mike Ockenga, CCNP [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
not see any instructions
> regarding how to configure or use it. Any and all help would
> be very much appreciated. Thank you in advance.
>
The server and the site have plenty of documentation. Read that and then post
specific questions, please.
--
_____
If you're using PPP encapsulation, the component B-channels show up as tty lines on
the NAS.
Do a "show user" to find which tty lines the user is on. One or more "clear line xx"
will disconnect the ISDN caller.
--
_____
On Tue, 13 Apr 2004, Alan DeKok wrote:
aland> Mike Newell <[EMAIL PROTECTED]> wrote:
aland> > The error says that it fails to load "ttls", not "tls". When I look at
aland> > the modules in the modules directory I see that "mschapv2", "peap&
e has them
in it they don't appear to exist in the source tree. Do you know where
they should be or where they come from?
Thanks!
Mike
On Mon, 12 Apr 2004, Alan DeKok wrote:
aland> Mike Newell <[EMAIL PROTECTED]> wrote:
aland> > How do you build a static server? I tried th
ot being ablt to find the
"rlm_eap_tls.la" file.
./configure ... --with-static-modules="eap"
Builds, installs, fails as above.
./configure ... --with-static-modules="eap_tls"
Doesn't build as above.
Advice?
Thanks!
Mike
On Sun, 11 Apr 2004, Alan DeKok
t;.
Still no success. Anyone have any hints?
Thanks,
Mike
PS - I did not bild this from ports; the port is broken and won't compile.
I did the standard "./configure ; make ; make install" thang...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> The URL you had given bellow does not sate anything.
>
Yes, actually, it does.
--
__
Mike Ockenga, CCNP [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
__
Mike Ockenga, CCNP [EMAIL PROTECTED]
Network Engineer IIVoice: 952/230-4673
Onvoy Inc.
300 North Highway 169Minneapolis, MN 55441
_
> 1) W
What is the best way to append '@realm' to a username before the log entry
is made in radius.log?
Thanks
-Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 3/27/04 12:26 AM, [EMAIL PROTECTED] (Alan DeKok) wrote:
>> Do you want to remove only the "after" option (the real hack) or the
>> entire command?
>
> Both. The "after" thing runs the packet through the server twice,
> which is problematic. The "lower_pass" thing can be done in a module.
I
ect reply OK if off
> topic.
Are you having problems authenticating users with longer than 8
characters?
I never had that problem in all the years I ran PM3s at my $dayjob
(there were 16 of them in the primary pool).
I wasn't using Freeradius at that time, though, but the PM3s support
Is it possible to have a NAS client update data in a sql
DB backend on theradius serverby pushing data to it using accounting
packets.For example..The backend DB contains TimeRemaining for a client
end node.The client end node connects and the NAS reads how much
TimeRemaining toallow the node
ing and case and the username and password.
Mike
> Hi everyone
> I am new to freeRADIUS, generally new to RADIUS in general. I have a
> very simple setup and i cant seem to figure out why i cant
authenticate
> my user. I am using a GGSN and a fedora core linux server with the
> freeRA
ing and case and the username and password.
Mike
> Hi everyone
> I am new to freeRADIUS, generally new to RADIUS in general. I have a
> very simple setup and i cant seem to figure out why i cant
authenticate
> my user. I am using a GGSN and a fedora core linux server with the
> freeRA
to the clients.conf file
client 11.11.11.1/24 {
secret = bubbalou
shortname = ggsn
}
And thats about it... Is there something else that i have to configure
to authenticate a user against the /etc/password file?
Thanks
Mike
---
rad_
to the clients.conf file
client 11.11.11.1/24 {
secret = bubbalou
shortname = ggsn
}
And thats about it... Is there something else that i have to configure
to authenticate a user against the /etc/password file?
Thanks
Mike
---
rad_
to the clients.conf file
client 11.11.11.1/24 {
secret = bubbalou
shortname = ggsn
}
And thats about it... Is there something else that i have to configure
to authenticate a user against the /etc/password file?
Thanks
Mike
---
rad_
to the clients.conf file
client 11.11.11.1/24 {
secret = bubbalou
shortname = ggsn
}
And thats about it... Is there something else that i have to configure
to authenticate a user against the /etc/password file?
Thanks
Mike
---
rad_
to the clients.conf file
client 11.11.11.1/24 {
secret = bubbalou
shortname = ggsn
}
And thats about it... Is there something else that i have to configure
to authenticate a user against the /etc/password file?
Thanks
Mike
---
rad_
of queries,
radius will freeze until the query is sql complete, resulting in any auth
requests essentially to be rejected.
FreeRadius 0.9.3
MySQL Server 4.0.17 (MyISAM tables)
What might be causing this, or what could I do to resolve this?
Thanks,
-Mike
-
List info/subscribe/unsubscribe
ute is not
supplied, they default to 255.255.255.255, however I would like to
remove this attribute from the request as we are actually routing a
range of IP addresses to the end user, but this is being dealt with via
a Cisco-AVPair attribute.
Thanks,
Mike Bartling
-
List info/subscribe/unsubs
On Thu, 2004-02-19 at 11:33, Mike Cathey wrote:
> Here's my config:
Ah, figured it out. I needed a "NULL LOCAL" in my realms file.
Cheers,
Mike
signature.asc
Description: This is a digitally signed message part
to get it to work in 0.9.x?
> The SQL module doesn't do authentication. That's probably what the
> change is.
I only have the sql declaration in the authorize section. That's the
only place I had it in 0.5 as well.
Suggestions?
I appreciate the help.
Cheers,
Mike
si
that login with @realm
can't authenticate.
Cheers,
Mike
signature.asc
Description: This is a digitally signed message part
#username 'fred' is
banned, reject the authorization to do this...
return RLM_MODULE_REJECT;
}
return RLM_MODULE_OK;
}
There are other subroutines in the perl module, see 'example.pl' in the
src/modules/rlm_perl directory.
BTW All this knowledge, thanks to "aaa.t
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.255.255.255,
Framed-Compression = Van-Jacobson-TCP-IP
P.S. I've successfully tested this with both MD5 and
n' (or is it System ?) list of authentication methods, then it works...
ie this:
authenticate {
authtype perl_1 {
perl
}
files
}
What is the keyword 'files' doing to radiusd, that now makes radiusd look to my authentication type 'perl_1'
d appreciate any ideas anyone has on the use of MD5 encoded passwords.
Thanks,
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Feb 16 09:56:31 2004 : Debug: Thread 1 waiting to be assigned a request
(test NAS is NTRadPing)
Any ideas how to sort out the 'Auth-Type' to make freeradius use the
targeted perl module? Do I need to look to a later version of rlm_perl
and the copy in CVS?
Is it a setting in
ok for request 1
rad_check_password: Found Auth-Type PAP
auth: type Crypt
auth: Failed to validate the user.
I am using NTRadPing to generate the request.
Any suggestions appreciated.
Thanks,
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan,
It works as I want it.
Thanks!
-Mike
On Wed, 28 Jan 2004, Alan DeKok wrote:
> Mike Sturdee <[EMAIL PROTECTED]> wrote:
> > I am doing:
> >
> > # match number ending in 123
> > DEFAULT Called-Station-Id =~ "^.*123$"
>
> You don
I am doing:
# match number ending in 123
DEFAULT Called-Station-Id =~ "^.*123$"
Realm = "realm1"
# otherwise make it realm2
DEFAULT
Realm = "realm2"
And _ALL_ are being assigned "realm1"
-Mike
On Tue, 27 Jan 2004, Alan DeKok wrote:
I am trying to set the Realm attribute based on the Called-Station-Id.
Doesn't look to work in users (not done soon enough). Does the hints file
support regex comparisons? I am needing the realm set before radiusd
reaches the authentication / authorization modules.
thanks
-Mike
-
List
Has anything come of this yet?
On Wed, 14 Jan 2004, Alan DeKok wrote:
> Chris Parker <[EMAIL PROTECTED]> wrote:
> > > I'm open to suggestions for what to do with the "authorize" section
> > >and Autz-Type. I don't want to break older configurations, so that's
> > >a bit of a constraint.
> >
>
that every time:
"There is no option that you can configure in Windows XP to prevent the
operating system from storing your credentials."
I guess you could cludge it so that the cache is removed every time the
machine boots. Or use Linux ;)
Cheers,
Mike
On Sat, Jan 17, 2004 at 09:54:1
The file is in src/modules/rlm_eap/types/rlm_eap_peap
Just change line 267 as shown :)
Mike
On Fri, Jan 16, 2004 at 09:32:22AM +0100, [EMAIL PROTECTED] wrote:
> hi!
> I would like to test your patch but I don't know where I must put it!
> Should I have to create a file and put you
x27;s something weird in
my setup, I'm too tired to care right now ;)
Cheers,
Mike
On Thu, Jan 15, 2004 at 09:37:57AM -0500, matt morris wrote:
> I read a post from a user named Mike Saywell, stating a similar situation
> with you:
>
> >From the RASTLS.log in WinXP:
> "
okup in module instance ldap1. when radiusd is in debug mode, it shows
the LDAP1 users going through both the ldap1 and ldap2 module instances..
Am I right in thinking it should only go through one or the other when
Auth-Type is set as such?
-Mike
#radiusd.
entry.
If it is not a c/p, then nevermind.
-- Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hes and the access
point is a DLink DWL-900AP+
Hopefully somebody can spot what is probably a silly mis-configuration
on my part!
Thanks in advance,
Mike Saywell
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Tue, Dec 30, 2003 at 07:24:08PM -0500, Alan DeKok wrote:
> Mike Horwath <[EMAIL PROTECTED]> wrote:
> > Thanks, I'll just go back to lurking since it is obvious you don't
> > want to answer the question with any details.
>
> Mike, the answers to your qu
On Tue, Dec 30, 2003 at 05:49:42PM -0600, Chris Parker wrote:
> At 05:11 PM 12/30/2003, Mike Horwath wrote:
> >On Mon, Dec 29, 2003 at 11:05:51AM -0600, Chris Parker wrote:
> >> Tell me what your experiences are. Hint, one will run, one won't.
> >> Which, is le
bvious you don't
want to answer the question with any details.
And please, do not go looking at the problem with the dynamic linking
issues either, that would be difficult I bet.
And libtool? Ack. But whatever.
Back to lurking (after I am done with this thread).
--
Mike Horwath
On Mon, Dec 29, 2003 at 10:26:09AM -0600, Chris Parker wrote:
> At 10:23 AM 12/29/2003, Mike Horwath wrote:
> >On Mon, Dec 29, 2003 at 10:19:56AM -0600, Chris Parker wrote:
> >> Dynamic linking on OS X is problematic. Rebuild/rerun configure with
> >> --disable-shared
On Mon, Dec 29, 2003 at 10:19:56AM -0600, Chris Parker wrote:
> Dynamic linking on OS X is problematic. Rebuild/rerun configure with
> --disable-shared.
I have never heard of such a thing with 10.3...
Care to pass out some pointers to your conclusions?
--
Mike Horwath IRC: Dr
401 - 474 of 474 matches
Mail list logo