Thanks Philippe. It works for me as well. I will also let people on
serusers and openser-users mailing lists to know. Without your patch,
AFATK, the password has to be in clear text form if using RADIUS to do
the authentication.
Thanks again.
On 10/12/05, Philippe Sultan [EMAIL PROTECTED]
ok Cheng.
Note that it should be fixed in the CVS version within a few days, without changing the configuration of rlm_digest.
The MD5-Password (present in CVS) fits our need in this case, I will try to bring a fix next week including LDAP password pullout during authorization.
Bye,
Philippe
On
- Original Message
Da: Kostas Kalevras [EMAIL PROTECTED]
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Oggetto: Re: question on dialup_admin
Data: 04/10/05 16:36
On Mon, 3 Oct 2005, [EMAIL
On Thu, 6 Oct 2005, [EMAIL PROTECTED] wrote:
Ok,
I have successfuly stored in mysql the lod data.
But the Calling-Station-Id and Called-Station-Id aren't stored. This
attributes are present in the access_request and access_response packet but
not in the accounting_packet. It's possible to
On Mon, 3 Oct 2005, [EMAIL PROTECTED] wrote:
Hello!
I have a question on dialup_admin:
I have configured freeradius to authorization by LDAP and authentication by
EAP and it works fine.
Now I want to log the activity of my users with dialup_admin,
it's necessary that I use sql for
Nagaraj Venkatapuram [EMAIL PROTECTED] wrote:
what is the configuration required on radius server(freeradius ver1.0.5) to
send challenge messages to the radius client ?
How does Radius server determine when to send challenge messages to the
client ?
The authentication protocol determines
Alan,
Thanks for your reply and sorry for my sluggishness in getting
back to you with more info...
Alan DeKok [EMAIL PROTECTED] wrote:
Yes. The server allows you nearly unlimited control over what to
look for, and what to do when it finds data of interest.
That is good to know :)
Hello,
I thought a second time about it and i guess it is an performance
related decision, because it is most likely that no entry exits.
/ to prevent duplicate entries in the radacct table, shouldn't the
// accounting_start_query be the UPDATE query and the
/
How are you going to UPDATE
Andreas Engler wrote:
So now for me remains in which case won't an Insert work but the
alternate Update, or what for is accounting_start_query_alt.
INSERT may fail if your SQL schema defines a unique index to prevent
insertion of duplicate accounting records.
With MySQL 4.1 you could use the
Jasper Jans [EMAIL PROTECTED] wrote:
My question is - can this authentication be done in different ways
for different groups of users.
Yes. The server allows you nearly unlimited control over what to
look for, and what to do when it finds data of interest.
If someone could be so kind as to
'Session-Timeout'?
--- Ignacio Siles [EMAIL PROTECTED] wrote:
Hi all,
I have a problem with reauthenticacion, because my AP doesn't have the
option to set reauthenticacion interval. Is there any possibility that
freeradius force reauthenticacion?
My system is as follows:
- Gemtek
I tried that, but 802.1X client didn't reauthenticate automatically
after session-timeout, it remainded deauthenticated, so I had to
reauthenticate manually.
Is possible to make that process without manual reauthentication?
Thank you,
Ignacio.
El miƩ, 08-06-2005 a las 16:19, Julius Igugu
Ignacio Siles [EMAIL PROTECTED] wrote:
I tried that, but 802.1X client didn't reauthenticate automatically
after session-timeout, it remainded deauthenticated, so I had to
reauthenticate manually.
Then the supplicant is broken.
Is possible to make that process without manual
Sarkis Gabriel wrote:
Just wondering when i build the RPM with SPEC file, does it enable --with-experimental-
modules? or is there a specific command to make the extra modules?
I have compiled the RPMS no problem there but the modules are not included and if i
compiled from .tar.gz when i run
Sarkis Gabriel [EMAIL PROTECTED] wrote:
Just wondering when i build the RPM with SPEC file, does it enable
--with-experimental-modules?
What does the spec file say? It's just text. Read it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Wolfgang Hottgenroth [EMAIL PROTECTED] wrote:
The ~*, shouldn't that be !* to be in sync with token.h:
Yes. Fixed, thanks.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I'm sorry for not being very exact. This is about 1.0.2. I've checked
CVS, it is there too.
Wolfgang
At Wed, 20 Apr 2005 22:36:32 +0200,
Wolfgang Hottgenroth wrote:
Hi,
I see in lib/print.c:
static const char *vp_tokens[] = {
?,/* T_INVALID */
On Fri, 11 Mar 2005, Data Processing Fone Net wrote:
Morning all.
I believe I read not to long ago on the list a thread concerning logging failed
logins and the reasons for the failure so that tech support personnel could
assist customers? I do not recall the eventual outcome and or solution if
On Thu, Mar 10, 2005 at 11:31:48AM -0900, Terry J Fike Jr wrote:
I'm wondering if it is possible to set up an ippool for a single user?
Right now our users are flatfiled in the users file. anyone with a
static has the info with their username, all the rest of the users get
their ip
It all depends on how you get the Pool-Name attribute added to the
user's configuration attribute list. If it's added for one user when
that user comes from a specific NAS, then only that user on that
specific NAS will get an IP from the relevant pool.
Okay, i see in the radiusd.conf where to
On Thu, Mar 10, 2005 at 03:45:24PM -0900, Terry J Fike Jr wrote:
It all depends on how you get the Pool-Name attribute added to the
user's configuration attribute list. If it's added for one user when
that user comes from a specific NAS, then only that user on that
specific NAS will get an
Nicolas Audureau [EMAIL PROTECTED] wrote:
I try to do PEAP-MSChapv2 with an LDAP server (It works quite good).
I want to know if this two methods are equivalent :
First Method : (Works fine)
...
Second Method : (Doesn't seem to work)
Then they're not equivalent.
authorize {
files
Joe Meslovich [EMAIL PROTECTED] wrote:
What should my entry look like in the users file to get this to
authenticate. When I tried running 1.0.1 last night I was getting an error
about Auth-Type of EAP being an unknown Auth-Type.
Hmm... be sure that 1.0.1 is using the dictionaries from 1.0.1,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am Donnerstag, 13. Januar 2005 19:11 schrieb Matt Ashfield:
Hi,
We're looking at implementing 802.1x with FreeRadius. I'm wondering if it's
possible for the Radius server to return a vlanID to the supplicant (in
this case, an edge switch) telling
On Thu, 18 Nov 2004, Wade Kemp wrote:
Am I correct in that checkrad does NOT refer to the sql database on how to
talk to the NAS?
No. And it *would* be nice to find a secure way to pass the community strings
(or telnet login/password) to checkrad instead of having to maintain text files
only
I need assistance configuring my Free Radius
install. Is anyone available to assist me for a small fee?
I would post my questions one by one but I feel it
would take forever and gum up this resource. I have been following the posts
with great interest but I still have some fundamental
=?GB2312?Q?=BD=F0=BA=E9=D0=F1?= [EMAIL PROTECTED] wrote:
can freeradius receive IKE Pre-shared Secret Request(Type:26)
and send Pre-shared secret?
It's in the dictionary (dictionary.3gpp2), but the server doesn't
support it.
If you have code, documentation for how it works, or
Edgars [EMAIL PROTECTED] wrote:
if i'm using readclients=yes (read the clients' information from DB)
then i do not need to restart the radius each time new entry is added.
The server does so many client IP lookups, so often, that it's
difficult to access the information live in an SQL
Anders Karlsson [EMAIL PROTECTED] wrote:
I'm wondering if there's a way to log all the error logs ( like failed
logins and so on ) into a mysql table instead of the standard radius
logfile ?
Not at this time.
As always, patches are welcome.
Alan DeKok.
-
List
Alan Miller wrote:
We are an ISP in Northern Ontario. Our unlimited dialup customers are
only allowed to login ONCE so we set their Simultaneous-Use attribute
in Radius
to 1. This works great.
We just started offering a High Speed Dial-up client (basically it's a
client that communicates
Alan Miller [EMAIL PROTECTED] wrote:
We are an ISP in Northern Ontario.
Mmmm... rock and trees and trees and rocks and rocks and trees...
The problem is that our Unlimited customers are having issues with
it because Radius thinks they are authenticating twice (which they
are) and rejects
Then new version will do ttls/mschapv2
Ron.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, July 14, 2004 2:28 AM
To: [EMAIL PROTECTED]
Subject: question EAP-TTLS/MSCHAPv2
Hello , I have two questions...
Does SecureW2
SecureW2 1.0.9 only supports PAP in inner auth.
SecureW2 2.x.x suports PAP plus EAP (whatever EAP you have registered on
your system - EAP-MSCHAPv2 is one of them)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of [EMAIL PROTECTED]
Sent: Wednesday,
Hello Alan, David.
David, you realy should ask Alfa Ariss about their product details,
not the FreeRADIUS developers.
Alan DeKok pravi:
[EMAIL PROTECTED] wrote:
Does SecureW2 (1.0.9) support only PAP ?
AFAIK: Yes. 2.x supports EAP and Windows EAP module (EAP-TTLS-EAP-xxx)
It is possible to do
[EMAIL PROTECTED] wrote:
Does SecureW2 (1.0.9) support only PAP ?
It is possible to do authentication with EAP-TTLS/MSCHAPv2
or EAP-TTLS/MD5 (not EAP-TTLS/EAP-MSCHAPV2 ...) with
SecureW2 as client ?
Do they have a web page, describing the features of the product?
Alan DeKok.
-
On Wed, 7 Jul 2004, Arthur EBEL wrote:
Hi everybody,
My freeradius operate very well with an openldap directory
All ldap users stored in my basedn=ou=people,ou=personnels,dc=utt,dc=fr
can be authenticated.
I would like to add another basedn=ou=students,ou=personnels,dc=utt,dc=fr
BUT I
On Wed, Jul 07, 2004 at 09:00:00PM +0200, Arthur EBEL wrote:
Hi everybody,
My freeradius operate very well with an openldap directory
All ldap users stored in my basedn=ou=people,ou=personnels,dc=utt,dc=fr
can be authenticated.
I would like to add another
how about setting up 2 ldap modules?
ldap people {
...
}
ldap students {
...
}
Not sure if this would do it, just a suggestion.
On Wed, 7 Jul 2004, Alexander M. Pravking wrote:
On Wed, Jul 07, 2004 at 09:00:00PM +0200, Arthur EBEL wrote:
Hi everybody,
My freeradius operate very
Hi Chelsea,
Instead of doing it the tedious way, try installing the mysql-development
package that comes with your mysql source version. For example, on my machine I
have all these installed:
MySQL-3.23.58-1
MySQL-devel-3.23.58-1
MySQL-client-3.23.58-1
Depending on what version of MySQL
thanks so much!
Turns out I didnt have the devel installed, and no wonder, I didnt
install mysql , it came with the os (Im assuming it was a rpm)
Anyways, Thanks!
I remember having a test application that would test your server. Sound
familiar?
Thanks again.
Chelsea
On 12/31/1969, Shannon
Daniel W. Halverson [EMAIL PROTECTED] wrote:
Thanks for the quick response. With failover, would you be able to
detect if a user exists in the users file, but the password doesn't
match?
Not entirely. See doc/aaa.txt
The users file can return notfound, if the username isn't listed
Daniel W. Halverson [EMAIL PROTECTED] wrote:
I'm currently using a DEFAULT entry to fill out our standard reply
items. I would like to have a different default entry to be used when
the username exists, but the password is incorrect, and a third to be
used when the username doesn't exist.
Thanks for the quick response. With failover, would you be able to
detect if a user exists in the users file, but the password doesn't
match? I'll grab the CVS tonight and check it out.
Thanks again.
Dan
Alan DeKok wrote:
Daniel W. Halverson [EMAIL PROTECTED] wrote:
Alex Wang [EMAIL PROTECTED] wrote:
pam_pass: using pamauth string radiusd-fcums1.dat for pam.conf lookup
pam_pass: function pam_authenticate FAILED for guest28. Reason: Module is
unknown
That should be fairly clear. Read the PAM docs.
Is anybody kindly can help me figure out where the
On Fri, 30 Jan 2004 10:49:50 -0500
David Lomax [EMAIL PROTECTED] wrote:
All,
New to this list so please forgive any stupid questions.
I have set up FreeRadius 0.9.3 with MySQL 4.0 I currently have this up and
working correctly. However when my NAS tries to update the accounting
I don't believe so, however let me check this.
Thanks
Dave
-Original Message-
From: Graeme Hinchliffe [mailto:[EMAIL PROTECTED]
Sent: Friday, January 30, 2004 11:11 AM
To: [EMAIL PROTECTED]
Subject: Re: Question regarding radius accounting.
On Fri, 30 Jan 2004 10:49:50 -0500
David
301 - 346 of 346 matches
Mail list logo