Shankar Ganesh C [EMAIL PROTECTED] wrote:
2) Based on the call back function or any other interface from external
program the free radius should send a Accounting response message back based
on the attributes value retrived from the other function.
No attributes may be sent in an
Hi,
you must be kidding or maybe you confounded the pertinent mailing lists or...
Provided there really is a problem with freeradius, please enlighten
us as to the debugging output of _it_ not just the nice but offtopic
one from hostapd.
regards
K. Hoercher
-
List info/subscribe/unsubscribe?
Hello!If you just want to send reply attributes of type Session-Octets-Limit add this to your dictionaryfile (located probably in /usr/local/share/freeradius):# Limit session traffic
ATTRIBUTE Session-Octets-Limit227 integer# What to assume as limit - 0 in+out, 1 in, 2 out, 3
:[EMAIL PROTECTED]]
Sent: Montag, 29. Mai 2006 10:14
To: [EMAIL PROTECTED];
freeradius-users@lists.freeradius.org
Subject: Re: Help!
Hello!
If you just want to send reply attributes of type Session-Octets-Limit
add this to your dictionary
file (located probably in /usr/local/share/freeradius
From:
Mordor Networks [mailto:[EMAIL PROTECTED]]
Sent: Montag, 29. Mai 2006 10:14
To: [EMAIL PROTECTED];
freeradius-users@lists.freeradius.org
Subject: Re: Help!
Hello!
If you just want to send reply attributes of type Session-Octets-Limit
add this to your dictionary
file
hello Seferovic Edvinim using rp-pppoe as a pppoe server with freeradius and myqsl backend ,how to disconnect a user when reachs his daily or weekly, monthly bandwidth qouta?
thank u .On 5/27/06, Seferovic Edvin
[EMAIL PROTECTED] wrote:Depending on what are you using - this is possible !
El mar, 23-05-2006 a las 17:23 +0800, lee eric escribió:
hello all,
I used freeradius to config my radius server,and now i need a radius
client to communicate with radius server.I search through google and have
not any idea,can someone give any suggestions?
Yes, search in the
Hi Eric,
If you just want a test client, then you can either use the radclient,
which is bundled with freeradius (or radtest which provides a front
end to radclient). Alternatively, if you want to use a windows pc to
test from, there are various options. Just put radius test client
into google
raviprakash sunkara [EMAIL PROTECTED] wrote:
That is .
a) radiusd.conf[1840] unknown Auth-Type digest in authenticate section=
.
Post the debug log, as suggested in the README, FAQ, INSTALL, and
many other places.
b) radclient: Failed to send packet for ID 162: Unknown attribute
Hi,
--
Regards,
Abey Babu Thomas
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
love to help - but if this is all you can send then I cant offer help.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Gordon Yuen [EMAIL PROTECTED] wrote:
So far I had made EAP-PEAP work with the following line in 'users' file:
john Auth-Type := EAP, User-Password == hello
Please read the documentation. Setting Auth-Type is WRONG. The
eap.conf file explains this.
Now I want to add a condition based on
Hi,
john Auth-Type := EAP, User-Password == hello
^
you can start by removing this part. why are people STILL putting this argument
in??
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[EMAIL PROTECTED] wrote:
Hello:
I have this problem, i get this message in the log:
Tue Apr 11 14:43:18 2006 : Auth: Login incorrect (rlm_chap: Clear text
password not available): [adexus/CHAP-Password] (from client 3com port
268443649 cli 0010-a484-6e7a)
I set the users file as follow:
Geoff Silver wrote:
DEFAULT My-Group != known, Auth-Type := Reject
DEFAULT Auth-Type:=Accept, Huntgroup-Name==Office, Hint==Port-1812
Connect-Info=OFFICE_NET
DEFAULT Huntgroup-Name==Office, Hint==Port-1645, Proxy-To-Realm := PROXY_GW
Connect-Info=OFFICE_NET
That will work
Geoff Silver [EMAIL PROTECTED] wrote:
So, right now, for every huntgroup/connect-info pair, I have *two* entries in
the users file. One is for Port-1812, the other for Port-1645. So the
question of the hour is: Is there something nifty I can do to eliminate the
need for *two*
Alan DeKok wrote:
You appear to have two independent requirements:
1) port 1645 versus 1812 checks
2) allowing only known users
The first can be solved by what you have. The second can be solved
by putting all of the known users into a group (see rlm_passwd).
Then, in the users
Geoff Silver [EMAIL PROTECTED] wrote:
Additionally, none of these folks have (or can have) /etc/passwd accounts on
this system, so I'm not sure that rlm_passwd will work for me necessarily
Please read the docs man page for rlm_passwd. It does *not* read
/etc/passwd.
That will work for the
Alan DeKok wrote:
Please read the docs man page for rlm_passwd. It does *not* read
/etc/passwd.
I read the doc/rlm_passwd doc, but I'll go over it again and take a look at
the code as well. Being called rlm_passwd, I may have assumed it used
/etc/passwd before I even started reading it,
Alan and all,
I apologize, but I was looking at
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/
My replies/post were not showing up there. Since they did not show up
when I searched, I assumed the did not make the list. I am sure the
problem is I was trying to manually
Walter Reynolds [EMAIL PROTECTED] wrote:
I apologize, but I was looking at
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/
http://lists.freeradius.org/ ?
My replies/post were not showing up there. Since they did not show up
when I searched, I assumed the did not make
Walter Reynolds [EMAIL PROTECTED] wrote:
For some reason my replies are not getting to the list.
No, your replies are getting to the list, see the archives.
I'm not responding to them because I already did, and I don't see
much point in responding to duplicate questions.
Please read the
Charles Blake wrote:
I am not trying to do that.
I just want to authenticate MS-CHAPv2 passwords. My question is:
Where do I have those passwords in my Linux server?
You don't by default have them (at least on any distribution I'm aware of).
-
List info/subscribe/unsubscribe? See
King, Michael wrote:
Does this also apply to MS-CHAPv2?
Yes
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Charles Blake [EMAIL PROTECTED] wrote:
I just want to authenticate MS-CHAPv2 passwords. My question is:
Where do I have those passwords in my Linux server?
I've been trying to say you don't.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Charles Blake [EMAIL PROTECTED] wrote:
I am trying to set up a freeradius-1.1.0 server for authenticating users
using MS-CHAP passwords.
I pretend to authenticate users against shadow.
It's impossible to use /etc/shadow and MS-CHAP. See the FAQ.
Alan DeKok.
-
List
Charles Blake wrote:
I am trying to set up a freeradius-1.1.0 server for authenticating users
using MS-CHAP passwords.
I pretend to authenticate users against shadow.
You can't do that.
MS-CHAP requires the NT hash, the plaintext password from which it can
derive the NT hash, or Samba
@lists.freeradius.org
Sent: Thursday, February 23, 2006 4:40 PM
Subject: Re: Help needed with MS-CHAP
Charles Blake [EMAIL PROTECTED] wrote:
I am trying to set up a freeradius-1.1.0 server for authenticating users
using MS-CHAP passwords.
I pretend to authenticate users against shadow.
It's
Just to further my own knowledge.
-Original Message-
Charles Blake wrote:
I am trying to set up a freeradius-1.1.0 server for authenticating
users using MS-CHAP passwords.
I pretend to authenticate users against shadow.
You can't do that.
MS-CHAP requires the NT
Charles Blake [EMAIL PROTECTED] wrote:
I need now to authenticate MS-CHAPv2 passwords. I have been looking
everywhere, FAQ, googled and I have not found where to against to
authenticate. User file? MySQL?
Anywhere that will give you the clear-text passwords.
And no, you can't convert
@lists.freeradius.org
Sent: Thursday, February 23, 2006 6:34 PM
Subject: Re: Help needed with MS-CHAP
Charles Blake [EMAIL PROTECTED] wrote:
I need now to authenticate MS-CHAPv2 passwords. I have been looking
everywhere, FAQ, googled and I have not found where to against to
authenticate. User file? MySQL
What kind of error you get??
Be more specific.
Im newbie feeradius... error in madake 10.2 pls help my, configur in
linux madrake
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Sat, 14 Jan 2006, trioka.dudi.p wrote:
Im newbie feeradius... error in madake 10.2 pls help my, configur in linux
madrake
This is a joke, right?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
use Acct-Interim-Interval attribute ( maybe you will need to change your
dictionary file ). This also depends on pppoe which is using radclient - I
am not sure if it is supported by your server. I am using Poptop with
freeradius and it works.
Regards,
Edvin
-Original Message-
Ok, I solved the problem. The PEAP of freeRadius 1.0.1 on solaris cannot work correctly.
after I upgraded the server to 1.0.5, it is working.
Jie
On 12/14/05, Jie Yang [EMAIL PROTECTED] wrote:
Hi,
I removed @domain, but still the same error.
I also run an AEGIS v.2.0.5 (a very old version
Jie Yang wrote:
Hi, All,
When I tried to develop PEAP at client side, i found I am always rejected by
the server. The following is the log. what might be wrong?
You almost certainly need to strip the @domain off the username before
mschap sees it - the username is used in calculating the
Hi,
I removed @domain, but still the same error.
I also run an AEGIS v.2.0.5 (a very old version though) with same supplicant configuration, which also gave me the same error. It seems to me there might be something wrong at the server side. But I don't know where. my freeradius version is
hi
i have the same problem with peap/mschapv2 authentication... its missing
the User-Password attribute... but i dont know why... look at your error
rlm_eap: processing type md5
rlm_eap_md5: User-Password is required for EAP-MD5 authentication
bye
Konne
-
List info/subscribe/unsubscribe?
hi
the following line seems to be principally correct (don't use
explicit Auth-Type):
a User-Password == a
the eap module fails in authentication because it can't find the User-
Password for the user. Make sure that the files module is used in
authorize i.e. that the users file
PROTECTED]
Reply-To: [EMAIL PROTECTED],FreeRadius users mailing
listfreeradius-users@lists.freeradius.org
To: [EMAIL PROTECTED], freeradius-users@lists.freeradius.org
Subject: RE: help with EAP MD5 wired authentication
Date: Tue, 22 Nov 2005 21:11:22 +
Thanks for responding.
I tried
Since you're using EAP-MD5, you should have in your users file:
Xxx Auth-Type := EAP, User-Password == whatever
David.
-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la
part de Anup Parkhi
Envoyé : mardi 22 novembre 2005 01:54
À :
Luca Corti wrote:
I've compiled freeradius using --enable-developer, set allow_core_dumps
= yes in radiusd.conf and used ulimit to remove coredump filesize limit
from my shell, but it seems freeradius still doesn't dump core.
If there is no coredump to be found, you could try to run
hi
I've installed freeradius 1.1.0 from cvs and I'm doing EAP-PEAP using
ntlm_auth for authentication. freeradius segfaults while sending the
access-accept packet.
In my first post someone instructed me to enable coredumps in
freeradius
and post the result.
just a thought - wouldn't it
Luca Corti wrote:
Hello,
I've been banging my head against this for a few days.
I've installed freeradius 1.1.0 from cvs and I'm doing EAP-PEAP using
ntlm_auth for authentication. freeradius segfaults while sending the
access-accept packet.
In my first post someone instructed me to enable
Artur Hecker wrote:
hi
I've installed freeradius 1.1.0 from cvs and I'm doing EAP-PEAP using
ntlm_auth for authentication. freeradius segfaults while sending the
access-accept packet.
In my first post someone instructed me to enable coredumps in
freeradius
and post the result.
just a
Hello Michael,
as you have found the solution of how to make machine authentication
work against AD using freeradius and samba:
As long as there seems to be a problem with the actual cvs version of
freeradius in that area, would it be possible for you, to supply a diff
against 1.0.5, so that
On Tue, 2005-11-22 at 14:49 +0100, Norbert Wegener wrote:
Managed to run freeradius under gdb, same happening here.
modcall: leaving group authenticate (returns ok) for request 8
Sending Access-Accept of id 9 to 1.2.3.4 port 1025
MS-MPPE-Recv-Key =
users mailing list
freeradius-users@lists.freeradius.org
Subject: RE: help with EAP MD5 wired authentication
Date: Tue, 22 Nov 2005 09:31:29 +0100
Since you're using EAP-MD5, you should have in your users file:
Xxx Auth-Type := EAP, User-Password == whatever
David.
-Message d'origine
MCG ZHANG Yuna [EMAIL PROTECTED] wrote:
Currently we try to use the freeradius to simulate AAA server in our
lab, we had succeeded in using the EAP-TTLS V0 before. Now we want to
introduce the EAP-TTLS V1 in the next step, but I didn't find any new
information from the web.
There should be
Michael Wang [EMAIL PROTECTED] wrote:
qa Auth-Type := EAP, User-Password == qa
Don't set Auth-Type := EAP. See the long explanation why at the
top of the eap.conf file.
Also, use := for the User-Password. See the man users page for
details. If there's no User-Password in the packet, then
If you mean for proxying the radius request - the answer is YES
Regards
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of achan
awungshi
Sent: Dienstag, 25. Oktober 2005 23:13
To: freeradius-users@lists.freeradius.org
Subject: help newbie here
Hello
I got it... Selinux was running .. Not letting the normal process connect to
the ldap server
Sorry ..
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Borrame Deleteme [EMAIL PROTECTED] wrote:
This server is used by an application that come with instrucctions about how
to config a dictonary in Radius server, and this is the instrucctions. The
program is called Walabi:
1.- Added the following 4 lines in vendor.ini
FreeRADIUS doesn't
You should browse to http://www.freeradius.org. There you will find the
documents.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Liew Toh
Seng
Sent: Thursday, July 28, 2005 17:29 PM
To: freeradius-users@lists.freeradius.org
Subject: help
Hi,
Is
On Thu, 28 Jul 2005 22:29:04 +0800
Liew Toh Seng [EMAIL PROTECTED] wrote:
Hi,
Is there any documentation for freeradius ? How and where to start ?
Thanks.
--
Best Regards,
Liew Toh Seng
System Consultant, RedHat Certified
Greetings,
Am Sonntag, 26. Juni 2005 03:12 schrieb Jaspreet Brar:
/freeradius-1.0.4# make
make: make not found *
Install make (gnumake) from the gnutools (cd / package or whatever it's called
now) and make sure it is executed by calling make (perhaps you have to to
link make - gmake)
Keep
I was having same message (rlm_eap_tls: Requiring client certificate)
because there was a mistake in eap.conf.
Look at default_eap_type = ttls line under eap { or tls { (not sur
efor the right place because I've a similar problem to your now)
eap {
default_eap_type = ttls
Hi,
Thanks to David for you answer; Changing tls by ttls in the eap module
don't change the rlm_eap message:
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned
If I change tls par ttls in the tls module the mac OSX ask for
We are doing EAP-TTLS/PAP and have seen this on two different occasions.
We were having this problem with our OSX machines that had upgraded to
Tiger. Something seems to get messed up with the certs during the
upgrade. Once we cleared the CA, and server certs everything worked
fine.
All of our
Hello,
Thanks for your advice. Effectively I'd upgraded to
tiger. After deleting the old certifcate (server and certification authority)
everything works fine.
bets regards
Maurice
certificate
Subject: Re: help for using eap and TTLS
X-BeenThere: freeradius-users@lists.freeradius.org
arun [EMAIL PROTECTED] wrote:
I have successfully used Freeradius1.0.1 to authenticate my clients
using EAP-MD5 and EAP-TLS.
But i am not able to get EAP -TTLS working.
The supplicant you're using is doing something bad:
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown
Hi,
configure --disable-shared
--with-openssl-includes=/usr/local/openssl097g/include \
--with-openssl-libraries=/usr/local/openssl097g/lib \
--prefix=/usr/local/radius
For static SSL libraries, this simply doesn't work, see the mailing
list archive for build problems on Solaris
On Wed, 11 May 2005 13:39:01 +0200
zze-BEN SAID Mehdi RD-CORE-ISS [EMAIL PROTECTED] wrote:
Hi;
I'm student and I'm new to freeRadius, actually I'm new to Radius!
Hi. I used to be student and new to FreeRadius, then I started to read the docs
and man pages.
Then came google to make my life
: www.qnet.com.pe-
Original Message -
From:
Marcin Jessa
To: freeradius-users@lists.freeradius.org
Cc: [EMAIL PROTECTED]
Sent: Wednesday, May 11, 2005 8:11
AM
Subject: Re: help
On Wed, 11 May 2005 13:39:01 +0200"zze-BEN SAID Mehdi
RD-CORE-ISS" [EMAIL PROTECTED
]
Sent: Wednesday, May 11, 2005 8:11 AM
Subject: Re: help
On Wed, 11 May 2005 13:39:01 +0200
zze-BEN SAID Mehdi RD-CORE-ISS [EMAIL PROTECTED] wrote:
Hi;
I'm student and I'm new to freeRadius, actually I'm new to Radius!
Hi. I used to be student and new to FreeRadius, then I
This is a good book for general RADIUS protocol information and some good
freeradius specifics:
http://www.oreilly.com/catalog/radius/index.html
If you are running into a specific problem you need help with, then ask a
specific question.
-Chris
Quoting zze-BEN SAID Mehdi RD-CORE-ISS [EMAIL
is there anyone you know that can help me setup a network step by step from scratch? thx.
Hello! My name is Paulo. I would like to set up a network using at least two different operating systems. My main choices are SUSE Linux and Windows XP (not Windows 2K). I am planning to set up a network
why dont you try this
modules {
...
# '[EMAIL PROTECTED]'
#
realm suffix {
format = suffix
delimiter = @
}
}
and then
authorize {
preprocess
...
suffix
...
}
It should work onthe whay that DN
It will break inside the EAP code, since the EAP code does a sanity
check to make sure the EAP Identity matches the User-Name sent by the NAS.
--Mike
---
Michael Griego
Wireless LAN Project Manager
The University of Texas at Dallas
Luis Daniel Lucio Quiroz wrote:
I will put the test server UP, then I send the configurations files.
Thanks for help me.
Michael Griego wrote:
It will break inside the EAP code, since the EAP code does a sanity
check to make sure the EAP Identity matches the User-Name sent by the NAS.
--Mike
Talk to your NAS vendor. That's completely insane for a NAS to rewrite
the User-Name, not to mention a violation of RFC 3579.
--Mike
Israel Fabio Alves wrote:
Hi,
I need help to solve a problem.
My configuration work 100% with Switch Cisco 2950.
Now I need use Switch from Extreme Networks
Hi Michael,
I will see this with Extreme Networks (Brazil).
Thanks for your help.
Michael Griego wrote:
Talk to your NAS vendor. That's completely insane for a NAS to rewrite
the User-Name, not to mention a violation of RFC 3579.
--Mike
Israel Fabio Alves wrote:
Hi,
I need help to solve a
David Manchado [EMAIL PROTECTED] wrote:
I'm trying to rewrite User-Name attribute with attr_rewrite with no success.
It's a bug in attr_rewrite. The CVS snapshot from tomorrow has the
fix.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Perhaps you would put the files section after ldap and have a DEFAULT
for allow in the users file?
Matthew Crocker wrote:
I need to configure FreeRADIUS to authenticate/authorize off LDAP (I
have this working). And if that fails (incorrect password, user
unknown) to send an Accept packet
I'm trying to merge two user databases with overlapping usernames. One
database is stored in OpenLDAP with Freeradius doing the auth. The
other is stored in MS-SQL/Platypus with Radiator. Ideally I would like
to run everything through a single FreeRADIUS server which would hit my
LDAP
Matthew Crocker [EMAIL PROTECTED] wrote:
As a short term measure I would like to
configure something like
authentication {
ldap {
fail = 1
}
accept-everyone
}
See the always module. You want to use always OK
e.g.
authenticate {
Auth-Type foo {
See the always module. You want to use always OK
e.g.
authenticate {
Auth-Type foo {
ldap {
fail = 1
}
ok
}
}
Will that work on the authorization section as well?
-Matt
-
Matthew Crocker [EMAIL PROTECTED] wrote:
Will that work on the authorization section as well?
Read doc/configurable_failover
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Someone have idea about this problem??
Thanks for help me,
Israel.
Israel Fabio Alves wrote:
Hi,
If I do tests without domain, the authentication run OK.
If I do tests with user + password + domain, occur the information bellow:
tcpdump -n -i eth0 -vv -s 0 -X udp and \( port 1812 or port 1813
On Mon, Mar 14, 2005, Israel Fabio Alves wrote:
rlm_realm: Looking up realm TESTE for User-Name = [EMAIL PROTECTED]
rlm_realm: Found realm TESTE
rlm_realm: Adding Stripped-User-Name = israel
rlm_realm: Proxying request from user israel to realm TESTE
rlm_realm: Adding
Hi,
I need help to configure Freeradius to authenticate Windows XP users
with PEAP + MSCHAPV2.
I need authenticate users using the username + password + domain.
There is someone that run this that can help me??
Very thanks,
Israel.
-
List info/subscribe/unsubscribe? See
Hi,
If I do tests without domain, the authentication run OK.
If I do tests with user + password + domain, occur the information bellow:
tcpdump -n -i eth0 -vv -s 0 -X udp and \( port 1812 or port 1813 \)
19:41:06.403013 172.22.2.32.2064 172.22.2.150.1812: [udp sum ok]
rad-access-req 98 [id 99]
Johnny Chavez [EMAIL PROTECTED] wrote:
Hello I am new to this list and I wondering if a topic has been
touched on yet or if anyone can help with a question. Has anyone
setup radiator
Huh? You are subscribed to the wrong list.
Thank you for your help on this topic. If I am missing
Same here...
Ray
- Original Message -
From: Carl [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, December 04, 2004 4:33 AM
Subject: Re: Help with Cisco 1200 AP and FreeRadius
There are no packets being passed to the Radius Server
Thor Spruyt wrote:
Carl wrote:
I'm using
Works well (on debug). But I've juste two more questions:
1. I would like to have a catch all definition if suppannaffectation
gives a non existing pool-name
I put this in users:
DEFAULT Service-Type == Framed-User, Pool-Name := "DEF_pool"
Framed-MTU = 1500,
Fall-Through = Yes
but didn't
On Fri, 19 Nov 2004, LALOT Dominique wrote:
Works well (on debug). But I've juste two more questions:
1. I would like to have a catch all definition if suppannaffectation gives a
non existing pool-name
I put this in users:
DEFAULT Service-Type == Framed-User, Pool-Name := DEF_pool
It does not work either, may be I should avoid pools for default IP
settings?.
I put a value toto in supannaffectation which does not exist as a pool name
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess
On Fri, 19 Nov 2004, LALOT Dominique wrote:
It does not work either, may be I should avoid pools for default IP
settings?.
I put a value toto in supannaffectation which does not exist as a pool name
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
jagadish gowda [EMAIL PROTECTED] wrote:
Apart from the RADIUS server name/IP, port and shared
secret key, is there any other mandatory
information which should be configured for RADIUS
authentication.
That depends what kind of authentication the users are doing.
Are there any situations
Just some words:
It's starting to work, but I found that this is case sensitive:
DEFAULT Ldap-Group == SCEco, Pool-Name := ScEco_pool
So If the user get a group ScEco, it won't work..
Am I obliged to activate regular expression and do:
LDAP-Group =~ /sceco/i
?.
Or is there a more efficient way?.
Thanks for all, because it's starting to work.
But: I noticed that I call ldap for each group before founding the right
one. An for me the group name is just an ldap attr to read.
Then when finding the group, for the IP pool, I have to read all the
pools even when it return ok.
Hopefully, I
What happens if you do this.
Add the following to ldap.attrmap
checkItem Pool-Name supannaffectation
Then remove all those users file entries with Ldap-Group, so it just does
an LDAP lookup, not specifically matching on groups.
This should pool the supannafecction attribute
Hello all,
I've spent quite a long time trying to understand how freeradius works
and trying to get everything I want working.
I am using Openldap since 2001 and I've no problems to understand LDAP
as I wrote many programs around LDAP. In fact I don't understand how
groups are working under
Thanks,
I have to leave, but the quick and last test I did with your advice,
gave me bad results. See tomorrow..
Using radtest, I don't get any IP, and there is very little doc about
ippool and the way it works.
I suppose that the NAS is completely relying on radius for IP delivery.
I'm
You'll still need to configure the ippool modules and include those in the
accounting section and post-auth section. Forgot to include that in the
last email. A radiusd -X will show you exactly what is going on. If it
doesn't work, please post that to the list will all output.
ie:
accounting
V.Kukushkin [EMAIL PROTECTED] wrote:
What kind of request should be used from client to server to get some
accounting info for client ?
See the FAQ. The client sends data, and the server logs it. The
client controls what data is sent, and why.
I tried to use request
To answer my own question, I found out that if I:
1) set with_cisco_vsa_hack = yes in radiusd.conf
2) add the attributes I want to have stripped from the AVPair fields to
cisco.dictionary in /usr/local/share/freeradius, freeradius will create new
attributes with these names.
- Original
look at docs/billing for Peter Nixon's way of doing it
--- Mikel Beck [EMAIL PROTECTED] wrote:
I've got accounting data coming into my freeradius
from a bunch of Cisco
1200AP Wireless access points. I'd like to log the
data included in the
Cisco-AVPair attributes.
I changed the 1200's
]
To: [EMAIL PROTECTED]
Sent: Friday, October 22, 2004 2:53 PM
Subject: Re: Help with Cisco AVPair Attributes
look at docs/billing for Peter Nixon's way of doing it
--- Mikel Beck [EMAIL PROTECTED] wrote:
I've got accounting data coming into my freeradius
from a bunch of Cisco
1200AP Wireless access points
in radacct table inserts an AcctStartTime and an AcctStopTime, when execute
an accounting_start and an accounting_stop packet. You can use these.
Kyriaki Gali,
IT Applications Specialist
Kinetix Tele.com Support Center,
Tel Fax: +30 2310 256140
GSM: +30 6947 723737
http://www.kinetix.gr
e-mail:
Omer Adhia [EMAIL PROTECTED] wrote:
if in the sample script given ,to test the radius server, I change the
digest-method to REGISTER , the server doesnt authenticate
The digest algorithm uses the digest method to calculate the digest
response. If you change the digest method without
601 - 700 of 769 matches
Mail list logo