Hi Federico!
Check default radiusd.conf and search for "realm" and "suffix". It
looks like you're not calling rlm_realm in authorize.
th.
On 7/11/07, Federico Giannici <[EMAIL PROTECTED]> wrote:
> We have a working FreeRADIUS 1.1.4 running since a lot of months.
> Now we have to proxy the requ
Hi Alan!
On 7/6/07, Alan DeKok <[EMAIL PROTECTED]> wrote:
> > Isn't "authorize" better place for that? Even name suggests
> > authorization should be done there... ;)
>
> No. "authorize" is run before authentication for historical reasons.
Yes I do understand authorize is run before authentic
On 7/6/07, George Beitis <[EMAIL PROTECTED]> wrote:
> for proxied ones would the last 2 remain the same?
No.
authorize
pre-proxy
post-proxy
post-auth
th.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 7/6/07, George Beitis <[EMAIL PROTECTED]> wrote:
> you actually made a very good point :) I didn't realize there was an
> authorize part in the work flow of freeradius. That would be before
> postauth, are there any other steps after "authorize" and before post auth?
For (non-proxied) authent
Hi Alan!
On 7/5/07, Alan DeKok <[EMAIL PROTECTED]> wrote:
> George Beitis wrote:
> > ... I will use a policy engine to do that
> > and i want to overwrite the final decision if the user is not authorized
> > based on my policy.
> >
> > Is postauth the right place to do this?
>
> Yes.
>
> But
On 6/22/07, Stefan Winter <[EMAIL PROTECTED]> wrote:
> attempting to kill a running radsql with ^C doesn't do anything, and kill'ing
> it with TERM doesn't impress it either on my system. I had to send KILL to
> get rid of it. Is this intentional?
I remember hitting similar problem, when experimen
On 6/20/07, Andrew Long <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] SPECS]# rpmbuild -bb freeradius.spec
> error: Failed build dependencies:
> libtool-ltdl-devel is needed by freeradius-1.1.6-0.i386
>
> On Cent 4.4 there is no libtool-ltdl or devel package.
Edit .spec file and remove 'B
On 6/12/07, lisa laam <[EMAIL PROTECTED]> wrote:
> *** Warning: Linking the shared library rlm_perl.la against the
> *** static library
> /usr/lib/perl/5.8/auto/DynaLoader/DynaLoader.a is not
> portable!
> gcc -shared .libs/rlm_perl.o -Wl,--rpath
> -Wl,/home/ouahiba/download/freeradius- 1.1.6/src
HI Alan!
On 5/27/07, Alan Dekok <[EMAIL PROTECTED]> wrote:
>That's not what the documentation says. It says that a request will
> be rejected once it has timed out. If the home server is marked dead
> while the request is still alive, AND the NAS retransmits, then the
> request will be sent
Hi!
I have a question regarding proxy failover in FreeRadius 1.x. Proxy
code chooses first active home server for realm and send packet to
that one. If no reply is received after configured number of retries,
request is rejected, other servers are *not* tried. Does version 2.0
have the same be
On 5/22/07, Ashraf Al-Basti <[EMAIL PROTECTED]> wrote:
>
> Dear All,
> this is what i have,
>
> rlm_sql (sql): Could not link driver rlm_sql_oracle: rlm_sql_oracle.so:
> cannot open shared object file: No such file or directory
> rlm_sql (sql): Make sure it (and all its dependent libraries!) ar
> What I need is proof positive that mysql / postgresql is at least as
> good as oracle for a radius DB.
Besides raw performance, there may be other aspects to consider when
choosing DB for FreeRadius. It seems that most FR users use either
PostgreSQL or MySQL. Those DBs seems to have more matur
On 4/19/07, John Butala <[EMAIL PROTECTED]> wrote:
> We would like to use FreeRADIUS (acting as a proxy server) to set the
> Primary-DNS-Server and Secondary-DNS-server attributes in the auth
> response to the RADIUS client only if these attributes are not provied
> by the end RADIUS server (which
On 3/18/07, Markus Krause <[EMAIL PROTECTED]> wrote:
> i am writing a perl script to authorize and authenticate users.
> authorization works (so the script itself works and seems to be used
> by freeradius as expected) but as i do not know how to define the
> Auth-Type with the perl script i get th
On 3/15/07, Chris Moody <[EMAIL PROTECTED]> wrote:
> Greetings all,
>
> I am trying to create an RPM of Freeradius 1.1.5 for a Fedora Core 6
> install, and following the instructions in the Wiki, the build process
> dies with this at the end:
>
> c/include -Ilibeap -c rlm_eap.c -fPIC -DPIC -o .lib
On 3/15/07, Paul Goodman <[EMAIL PROTECTED]> wrote:
> I am trying to compile the pam_radius-1.3.16 modules on a Solaris 10 system,
> but when I run make, I get the following error:
>
> gcc -Wall -fPIC -c pam_radius_auth.c -o pam_radius_auth.o
> In file included from pam_radius_auth.h:23,
>
On Mon, Feb 19, 2007 at 02:01:53PM -0500, Kevin Bonner wrote:
> On Monday 19 February 2007 13:13, Andrew Long wrote:
> > freeradius 1.4 on CentOS 4.4
> > How can I verify the number of threads? I only see one process with
> >
> > > ps aux | grep radiusd
> >
> > I could have sworn I used to see each
Hi all!
I've come across an issue with verification of {SSHA} encrypted passwords
in FreeRadius 1.1.4. Verification fails for correct passwords. I've
managed to track problem through normify() to base64_decode() function in
rlm_pap.c. This seems to be a culprit:
if (src[length] != '=') retur
On Sun, Feb 04, 2007 at 01:20:17PM +0100, Federico Giannici wrote:
> Unfortunately it works with PAP only!
> With CHAP it gives me "rlm_chap: Clear text password not available"...
>
> Any suggestion?
You may try to stick with User-Password for now, it's still recognized by
rlm_pap. CVS version o
Hi Alan!
Thanks for reply.
On Wed, Jan 10, 2007 at 09:32:37AM -0500, Alan DeKok wrote:
> Could you check the code in the CVS head? It was updated
> significantly, to clarify some of these issues. I think it may work a
> little better.
I have not tried latest CVS code yet, but I have read it.
On Wed, Jan 10, 2007 at 05:49:59PM +0100, [EMAIL PROTECTED] wrote:
> > > i'm using freeradius 1.0.1 from Red Hat entreprise 4.
> >
> > You SHOULD upgrade:
> >
> > http://freeradius.org/security.html
> does not Red Hat supply any security patch with the OS support ?
Yes, they do. Release 1.0.1-3
Hi all!
Default attrs file used by rlm_attr_filter contains following DEFAULT
section:
DEFAULT
Service-Type == Framed-User,
Service-Type == Login-User,
Login-Service == Telnet,
Login-Service == Rlogin,
Login-Service == TCP-Clear,
[ ... ]
Framed-Protocol == PPP,
Fra
On Thu, Jan 01, 1970 at 12:00:00AM +, Alan DeKok wrote:
> Version 1.1.4 has been released, with a few notable improvements.
Is there good reason for not updating rlm_perl? Version in 1.1.4 is
"1.13.4.7 2006/04/27" (same as in 1.1.3 and 1.1.2), even though CVS
contains version "1.45 2006/12/
23 matches
Mail list logo