, being used both for the definitions of the
delimiters and of the realms themselves. And while the former is loaded via a
module syntax and can be loaded per-virtual-server (via suffix, ipass, etc.) I
can't find any way to restrict the actual realm definitions to a virtual
server. They are all global
is loaded via a module syntax and can be loaded
per-virtual-server (via suffix, ipass, etc.)
That's like saying the SQL module implements an SQL database,
because it's called SQL.
No, it doesn't work like that. The realm definition is in proxy.conf.
The realm module uses the realm definitions
Vincent Rusilowicz wrote:
I have reloaded the server and started from scratch again. I was able
to authenticate with the default config, when adding client and user
info. In my effort to try and convert each client to use a separate
virtual so separate user files
You still haven't
client correct and files module created right?
For this method I should remove the virtual server I created and add the lines
you suggest to the default file in sites-available in the authorize section?
Thanks for the help.
From: Alan DeKok-2 [via FreeRADIUS]
[mailto:ml-node+s1045715n5720335
: Re: Virtual server setup
Vincent Rusilowicz wrote:
I have reloaded the server and started from scratch again. I was able
to authenticate with the default config, when adding client and user
info. In my effort to try and convert each client to use a separate
virtual so separate user files
{
files_192.168.1.2
section for each additional client correct and files module created right?
Yes.
For this method I should remove the virtual server I created and add the
lines you suggest to the default file in sites-available in the
authorize section?
Yes.
Alan DeKok.
-
List info/subscribe
or example to guide me through
this. I seem to be getting stuck at configuring the virtual server. Thanks in
advance.
Vincent Rusilowicz
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
... that isn't a useful statement. You haven't said what you
tried to do, or what happened when you did tests.
Can anyone provide a lists of steps or example to guide
me through this. I seem to be getting stuck at configuring the virtual
server. Thanks in advance.
See raddb/sites-available/README
Hi All
do we need separated originate-coa in site enable for each NAS ?
Do we need to define coa_server = coa in client.conf for each client?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 10/04/2012 08:07 PM, Jordan Dohms wrote:
Since its EAP-PEAP, the request passes through the outer and
inner-tunnel virtual servers. In my inner-tunnel, I'm doing an IF on
the Realm. That seems to be evaluating properly if I look at the
debug logs. If I do an IF on Virtual-Server it comes
Exactly what I needed, thank you. This worked perfectlyand needs
just one virtual-server.
if (%{outer.request:Packet-Dst-Port} == 1912) {
}
elsif (%{outer.request:Packet-Dst-Port} == 1812) {
}
On Thu, Oct 4, 2012 at 4:21 PM, Matthew Newton m...@leicester.ac.uk wrote:
On Thu, Oct 04, 2012
both
authenticate locally. (working)
- Setup two mschap modules to call ntlm_auth command with the proper
DOMAIN string. (working)
- Depending on the realm provided, call a different mschap module from
the inner-tunnel. (working)
- Depending on the virtual server the request was received through
On Thu, Oct 04, 2012 at 01:07:57PM -0600, Jordan Dohms wrote:
- Depending on the virtual server the request was received through,
call a different mschap module from the inner-tunnel or reject the
request. (not working)
You've gone to the hassle of duplicating RADIUS server configs in
your
Hi,
Is there any way to use virtual servs depending on client VLAN ?
I mean :
If packet arrive with VLAN1 then use virtual server 1
If packet arrive with VLAN2 then use virtual server 2
BR,
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Wed, Aug 29, 2012 at 3:22 PM, BILLOT
emmanuel.bil...@ac-orleans-tours.fr wrote:
Hi,
Is there any way to use virtual servs depending on client VLAN ?
I mean :
If packet arrive with VLAN1 then use virtual server 1
If packet arrive with VLAN2 then use virtual server 2
Depends.
One
Hi,
Thanks for reply.
Depends.
One of the following should be applicable
(1) If the NAS is different (i.e. each VLAN has its own NAS), you can
take a look at raddb/sites-available/dynamic-clients. Basically it can
choose a virtual server based on Packet-Src-IP-Address attribute (i.e.
the NAS
BILLOT wrote:
Is there any way to use virtual servs depending on client VLAN ?
RADIUS is IP based, not VLAN based. Packets don't arrive on different
VLANs. They arrive on different IPs.
I mean :
If packet arrive with VLAN1 then use virtual server 1
If packet arrive with VLAN2 then use
On 29 Aug 2012, at 09:22, BILLOT emmanuel.bil...@ac-orleans-tours.fr wrote:
Hi,
Is there any way to use virtual servs depending on client VLAN ?
I mean :
If packet arrive with VLAN1 then use virtual server 1
If packet arrive with VLAN2 then use virtual server 2
Yes, bind the virtual
Le 29/08/2012 10:36, Fajar A. Nugraha a écrit :
(3) use the same virtual server, but do selective processing (with
unlang) based on some attributes that the NAS sends. e.g. if an
attribute has value A, call module sql1, while if the value is B, call
module sql2.
Actually i'm not sure that all
that can be
configured with several Radius servers.
I mean :
If packet arrive with VLAN1 then use virtual server 1
If packet arrive with VLAN2 then use virtual server 2
The server will have a different IP on each VLAN. You can configure
different virtual servers per listen section. See
raddb
On Wed, Aug 29, 2012 at 3:46 PM, BILLOT
emmanuel.bil...@ac-orleans-tours.fr wrote:
(2) If the request is plain PAP/MSCHAP, you should be able to tell the
default virtual server to proxy it to another virtual server using
unlang and Proxy-To-Realm
It is. (EAP/TTLS with PAP) I can't see what
On Wed, Aug 29, 2012 at 3:22 PM, BILLOT
emmanuel.bil...@ac-orleans-tours.fr wrote:
Hi,
Is there any way to use virtual servs depending on client VLAN ?
I mean :
If packet arrive with VLAN1 then use virtual server 1
If packet arrive with VLAN2 then use virtual server 2
Just to clarify
Le 29/08/2012 11:16, Fajar A. Nugraha a écrit :
On Wed, Aug 29, 2012 at 3:22 PM, BILLOT
emmanuel.bil...@ac-orleans-tours.fr wrote:
Hi,
Is there any way to use virtual servs depending on client VLAN ?
I mean :
If packet arrive with VLAN1 then use virtual server 1
If packet arrive with VLAN2
:
If packet arrive with VLAN1 then use virtual server 1
If packet arrive with VLAN2 then use virtual server 2
Just to clarify: by client here do you mean NAS, or end user
device (e.g. laptop)?
End user device.
NAS is on one particular VLAN, directly connected to radius, clients are
behind
a different config (complete) so a different
server (virtual server, i have only one radius)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
for this? Any pointer
as to what can cause the system call from within my Perl module's post auth
function to hang?
Thanks,
Manny
-
Test.
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Virtual-Server-Pool-Problem-tp5713617p5713829.html
Sent from the FreeRadius - User
on the call.
Thanks,
Manny
-
Test.
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Virtual-Server-Pool-Problem-tp5713617p5713831.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
manny wrote:
I got it working, but rlm_perl accesses a web service that could possibly be
unavailable. How can I declare the virtual server to be dead within
rlm_perl. In simple terms, how can I do the equivalent of the following with
unlang.
radmin set home_server state IP PORT dead
You
Call radmin with correct arguments from PERL with a system call?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
Test.
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Virtual-Server-Pool-Problem-tp5713617p5713784.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
manny wrote:
Also would manually declaring a home_server dead be of best practices?
Pros/Cons?
Best practices ? It's permitted because it's useful.
Con: the home server is marked dead.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I got it working, but rlm_perl accesses a web service that could possibly be
unavailable. How can I declare the virtual server to be dead within
rlm_perl. In simple terms, how can I do the equivalent of the following with
unlang.
radmin set home_server state IP PORT dead
-
Test.
--
View
this message in context:
http://freeradius.1045715.n5.nabble.com/Virtual-Server-Pool-Problem-tp5713617.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
So what I want to do is the following:
Have two virtual servers listening on one IP and port (e.g. 192.168.100.251
1812) so that when the primary server fails or is down, the requests are
proxied to the secondary virtual server. Is this possible? I want to be able
to point to only one IP port
On 01/03/2012 10:14 AM, Phil Mayers wrote:
On 01/03/2012 07:40 AM, Arnaud Loonstra wrote:
However it only executes the authorize section of the nas-auth virtual
server.
Yes. That is how that feature works.
I could create realms for the virtual servers and proxy to them by
using Proxy
Hi All,
I'm trying to get into the unlang world since it seems really powerful
but I can't get my hands around a simple virtual server switching scenario.
I basically want to switch to a virtual server based on some attributes,
Service-Type for instance. This is because on some network
On 01/03/2012 07:40 AM, Arnaud Loonstra wrote:
However it only executes the authorize section of the nas-auth virtual
server.
Yes. That is how that feature works.
I could create realms for the virtual servers and proxy to them by
using Proxy-To-Realm := mac-auth instead of the server
-Only
Calling-Station-Id = 192.168.0.1
server NULL {
No such virtual server NULL
Invalid user: [myuser] (from client NAS-SHORTNAME port 26680 cli
192.168.0.1)
} # server NULL
Using Post-Auth-Type Reject
No such virtual server NULL
Delaying reject of request 2 for 1 seconds
Going
Vincent, Fabien wrote:
What is this message ? No such virtual server NULL
Why this works for existing configuration and adding a new NAS to sql
database is giving this result ?
Because you added the NAS in SQL, with the virtual server column
containing the string NULL.
Don't do
: No such virtual server NULL
Vincent, Fabien wrote:
What is this message ? No such virtual server NULL
Why this works for existing configuration and adding a new NAS to sql
database is giving this result ?
Because you added the NAS in SQL, with the virtual server column
containing the string
server listening on port 1818 that
simply proxies ALL AUTH requests to radius1.gatech.edu port 1812. I am
used to the virtual-server configuration as I have multiple radius based
services running on different ports, but am not sure how to only proxy
those entries on that particular virtual server
this.
Basically wanting to create a virtual server listening on port 1818 that
simply proxies ALL AUTH requests to radius1.gatech.edu port 1812. I am used
to the virtual-server configuration as I have multiple radius based services
running on different ports, but am not sure how to only
John Douglass wrote:
Basically wanting to create a virtual server listening on port 1818 that
simply proxies ALL AUTH requests to radius1.gatech.edu port 1812.
Read raddb/sites-available/README
It explains virtual servers in detail.
At a first read/glance,
it looks like the proxy
cannot check
for existing servers that way. It would be possible to eliminate those
with matching file names and line numbers, but that would still fail for
no good reason if you modified the virtual server configuration and
HUPed the server.
Try this patch. It should work.
Sure does
, but that would still fail for
no good reason if you modified the virtual server configuration and
HUPed the server.
Try this patch. It should work.
Sure does. Thanks
Bjørn
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe
to eliminate those
with matching file names and line numbers, but that would still fail for
no good reason if you modified the virtual server configuration and
HUPed the server.
Try this patch. It should work.
Sure does. Thanks
Bjørn
-
List info/subscribe/unsubscribe? See http
After upgrading to 2.1.11 I've noticed that I always get a
Duplicate virtual server error when HUPing the server. This is
obviously a result of the change in commit 5a710e98 but I have no idea
how to fix it.
Steps to recreate from a fresh and default FreeRADIUS 2.1.11
installation:
1) start
Bjørn Mork bj...@mork.no writes:
After upgrading to 2.1.11 I've noticed that I always get a
Duplicate virtual server error when HUPing the server. This is
obviously a result of the change in commit 5a710e98 but I have no idea
how to fix it.
Steps to recreate from a fresh and default
, but that would still fail for
no good reason if you modified the virtual server configuration and
HUPed the server.
The solution is to use cf_top_section(). If the two virtual servers
share the same top-level CONF_SECTION, then they're duplicates.
Otherwise, they're from different HUPs.
Alan DeKok
Bjørn Mork wrote:
Which implies that commit 5a710e98 is completely bogus. We cannot check
for existing servers that way. It would be possible to eliminate those
with matching file names and line numbers, but that would still fail for
no good reason if you modified the virtual server
reason if you modified the virtual server configuration and
HUPed the server.
Try this patch. It should work.
Sure does. Thanks
Bjørn
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sallee, Stephen (Jake) wrote:
I am trying to follow the excellent instructions in the proxy.conf file
for setting up a virtual server using realms, however I keep getting an
error when I try to start radisud –X telling me that the regex is
invalid… here is my realm decleration, what am I doing
@lists.freeradius.org
[mailto:freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org] On
Behalf Of Alan DeKok
Sent: Tuesday, May 17, 2011 9:48 AM
To: FreeRadius users mailing list
Subject: Re: Correct RegEX format for virtual server in proxy.conf
Sallee, Stephen (Jake) wrote:
I am trying
Michael Arndt wrote:
i try to get a better grip in understanding the virtual server for inner eap
tunnel.
The TLS-based EAP methods involve setting up a TLS tunnel between the
client PC and the RADIUS server. Processing of the TLS tunnel is done
by the default virtual server. Just the same
Hi *,
i try to get a better grip in understanding the virtual server for inner eap
tunnel.
Please forgive if any of the following statements represents misunderstanding
of concepts from my side.
Which of the following statements describe the inner tunnel virtual server
for EAP wrong / correct
Thomas Fagart wrote:
I've tried 2.1.x. (2.1.11)
Seems to work well but after an hour of working
I've got the following
Apr 10 22:20:50 vma-prdaut-08 radiusd[65766]: Exiting due to internal
error: Failed in select: Invalid argument
Apr 10 22:20:50 vma-prdaut-08 radiusd[65766]: Exiting
Thomas Fagart wrote:
Then I would wait for 2.1.11, or do you thing it's ok to use git
release in Production
Yes. Use the v2.1.x branch from git. It's fine.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I've tried 2.1.x. (2.1.11)
Seems to work well but after an hour of working
I've got the following
Apr 10 22:20:50 vma-prdaut-08 radiusd[65766]: Exiting due to internal
error: Failed in select: Invalid argument
Apr 10 22:20:50 vma-prdaut-08 radiusd[65766]: Exiting due to internal
error:
Thomas Fagart wrote:
The server where it is located has two IP interfaces and even worse on
one of the interface we're using IP aliasing :-)
I've notice that freeradius always use the same IP to proxy from inner
tunnel.
I know that I could use the listen directive in radiusd.conf (and
Thomas Fagart wrote:
The server where it is located has two IP interfaces and even worse on
one of the interface we're using IP aliasing :-)
I've notice that freeradius always use the same IP to proxy from inner
tunnel.
I know that I could use the listen directive in radiusd.conf (and that's
Hello,
We're using freeradius 2.1.6 as a proxy server.
It receives authentication/accounting from Wimax NAS/ASN Gateway,
(EAP/TTLS), send it to inner tunnel, and then proxy to customer home
server.
The server where it is located has two IP interfaces and even worse on
one of the interface
Dear All,
I know a little about dynamic client, it may be used in virtual server;
But just as the mentioned subject,
is it possible to write client information into database other than
clients.conf in default virtual server?
thx all
WeiJingPeng
-
List info/subscribe/unsubscribe? See http
魏景鹏 wrote:
is it possible to write client information into database other than
clients.conf in default virtual server?
Yes. Read raddb/sql.conf. Look for client. And see the NAS schema
shipped with the server.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
using LDAP as a
backend.
My users will be divided into groups, each group has its own realm, each
realm and forwards the authentication to a virtual server.
If my users try to authenticate without entering the realm, it works OK.
If users try to authenticate other institutions stating the realm
Thanks Phil. That worked great.
On Mar 10, 2011 10:53 AM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 10/03/11 16:46, Rob Yamry wrote:
Im running FreeRadius 2.1.8 to allow wireless access and that is working
great. I now want to have the vpn auth against the freeradius server for
access, but
using LDAP as a
backend.
My users will be divided into groups, each group has its own realm, each
realm and forwards the authentication to a virtual server.
If my users try to authenticate without entering the realm, it works OK.
If users try to authenticate other institutions stating the realm
Im running FreeRadius 2.1.8 to allow wireless access and that is working
great. I now want to have the vpn auth against the freeradius server for
access, but checking for a different ldap attribute on the user. I read the
virtual servers wiki and it says that all modules are global across virtual
On 10/03/11 16:46, Rob Yamry wrote:
Im running FreeRadius 2.1.8 to allow wireless access and that is working
great. I now want to have the vpn auth against the freeradius server for
access, but checking for a different ldap attribute on the user. I read
the virtual servers wiki and it says that
Hi All,
I am running 2.1.6.
I have modules/perl_resnet like perl perl_resnet {...} for virtual
server resnet, which will put mac-address in sandbox vlan if not in
database.
and I have modules/perl_foosecure perl perl_foosecure{...} for virtual
server auth used as inner-tunnel for eap, which
Hello,
On Mon, Jan 31, 2011 at 02:54:44PM +0200, Boian Jordanov wrote:
Check if your perl is build with MULTIPLICITY - perl -V
Boian, thank you very much.
It was a reason of an issue.
--
MINO-RIPE
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Check if your perl is build with MULTIPLICITY - perl -V
On Jan 30, 2011, at 2:44 PM, Alexander Shikoff wrote:
On Sun, Jan 30, 2011 at 08:47:17AM +0100, Alan DeKok wrote:
Alexander Shikoff wrote:
Now radiusd receives a DHCP packet and:
Received DHCP-Discover of id fcb1c6c0 from
On Sun, Jan 30, 2011 at 08:47:17AM +0100, Alan DeKok wrote:
Alexander Shikoff wrote:
Now radiusd receives a DHCP packet and:
Received DHCP-Discover of id fcb1c6c0 from 193.200.84.232:67 to
193.200.85.245:67
[...]
server dhcp {
Trying sub-section dhcp DHCP-Discover {...}
+-
Hello,
I have two virtual servers and I need to process events in these servers
with different perl scripts. Is there a way to configure separate
rlm_perl instances for each virtual server? Thanks.
--
MINO-RIPE
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alexander Shikoff wrote:
I have two virtual servers and I need to process events in these servers
with different perl scripts. Is there a way to configure separate
rlm_perl instances for each virtual server? Thanks.
raddb/modules/perl1:
perl perl1
On Sat, Jan 29, 2011 at 03:18:18PM +0100, Alan DeKok wrote:
Alexander Shikoff wrote:
I have two virtual servers and I need to process events in these servers
with different perl scripts. Is there a way to configure separate
rlm_perl instances for each virtual server? Thanks.
raddb
separate
rlm_perl instances for each virtual server? Thanks.
raddb/modules/perl1:
perl perl1 {
...
}
raddb/modules/perl2:
perl perl2 {
...
}
And then use perl1 and perl2 instead of perl.
Alan DeKok.
Ok, I tried
Alexander Shikoff wrote:
Now radiusd receives a DHCP packet and:
Received DHCP-Discover of id fcb1c6c0 from 193.200.84.232:67 to
193.200.85.245:67
[...]
server dhcp {
Trying sub-section dhcp DHCP-Discover {...}
+- entering group DHCP-Discover {...}
rlm_perl: -authorization.pl- :
Got the whole setup working. So basically if users sign on with
usern...@foo.edu with eap, they will be sent to ldap w/ ntpassword
authorization. If users sign on with username only with eap, they will
be sent to active directory w/ ntlm authentication.
configuration changes are the following:
,
# and the mschap module will do the authentication itself,
# without calling ntlm_auth.
#
# Be VERY careful when editing the following line!
Is there any way to have a virtual server(1812/1813) for
mschapv2-ntlm_auth-AD and another virtual server(1814/1815) for
mschapv2
schilling wrote:
We got ntlm_auth against AD working for PEAP, we also got separate
server for PEAP against ldap ntPassword hash.
...
Is there any way to have a virtual server(1812/1813) for
mschapv2-ntlm_auth-AD and another virtual server(1814/1815) for
mschapv2-ldap ntPassword hash
wrote:
We got ntlm_auth against AD working for PEAP, we also got separate
server for PEAP against ldap ntPassword hash.
...
Is there any way to have a virtual server(1812/1813) for
mschapv2-ntlm_auth-AD and another virtual server(1814/1815) for
mschapv2-ldap ntPassword hash?
Yes. But I
schilling wrote:
Just to be sure. Both user(username and usern...@foo.edu) will use
eap, mschapv2 to authenticate. But there is only one mschap module in
etc/raddb/modules/?
So... configure another mschap module.
See raddb/modules/files for examples of configuring two instances of
the
) {
sql_foo
}
elsif (Realm == bar) {
sql_bar
}
}
###
Setting up virtual servers for each *local* realm is not useful.
I obviously misunderstood the virtual server purpose. I'm basically just trying
to separate each realm (actually *partners*, who can have multiple realms
On Wed, Oct 27, 2010 at 10:06:30AM +0100, Frank Bollet wrote:
Is there a way to separate the configuration for each partner, or should I
just
put everything in sites-available/default because it's how it's supposed to
work?
Hmm, isn't it possible to use $INCLUDE in there, too, so the
Frank Bollet wrote:
So, the best practice here is to put specific accounting in
sites-available/default ?
Isn't that what I already said?
I obviously misunderstood the virtual server purpose. I'm basically just
trying
to separate each realm (actually *partners*, who can have multiple
Alan DeKok wrote:
Yes, you can. But you then need to proxy (i.e. route) the packets to
the correct destination virtual server. You weren't doing that.
And how could I do that ?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
for this purpose, but I have a few issues
with
the configuration.
I defined realms, home server pools and home server.
For locally managed realms, I defined a virtual server for each realm (in
sites-available/) and the home server refers to that virtual server. Here is an
example for the realm
Frank Bollet wrote:
If I define home servers and a virtual server in a home server pool, the
virtual
server is only used for pre/post proxy. accounting {} is used from
sites-enabled/default.
Yes. That's the way it works.
How could I define a specific accounting for a given realm
Hi All,
Can I have one virtual server listening on 1812/1813 for
authenticating with ms-chapv2 against AD, and then another virtual
server listening on 1814/1815 authenticating with ms-chapv2 against
LDAP with ntpassword hash?
We are able to get a instance running for against AD, but not able
Cory Johnson wrote:
Great, this is just what I was looking for.
2.1.10 will have updated examples docs in raddb/modules/files
I hope that helps.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Is there a way to have seperate users files per virtual server? The
location of the users file appears to be specified in modules/files. I
can only seem to load modules from the global radiusd.conf, so each
server uses the same users file. My goal is to use a different users
file based
On Aug 6, 2010, at 4:14 PM, Cory Johnson wrote:
Is there a way to have seperate users files per virtual server? The
location of the users file appears to be specified in modules/files. I can
only seem to load modules from the global radiusd.conf, so each server uses
the same users file
On 08/06/2010 04:41 PM, Arran Cudbard-Bell wrote:
On Aug 6, 2010, at 4:14 PM, Cory Johnson wrote:
Is there a way to have seperate users files per virtual server? The location
of the users file appears to be specified in modules/files. I can only seem to load
modules from the global
I get the output:
/etc/freeradius/sites-enabled/noc[153]: Failed to find module files.
/etc/freeradius/sites-enabled/noc[63]: Errors parsing authorize section.
Also tried stating files noc in the authorize section. After doing this I
don't even get any debug output.
The instance of the
security for different SSID through
one freeradius with virtual server feature.
My first question is, if it's possible to have different FR server
configuration per SSID on single Access Point? AP have its IP address
from specific managemenet VLAN (different from any SSID X VLAN). I know
On 2010/07/16 12:34 AM, Michal Bruncko wrote:
Hello list
SSID 1 \
SSID 2 --- AP -- Trunk -- Ruter - FreeRadius
SSID 3 /
My goal is to configure different security for different SSID through
one freeradius with virtual server feature.
This is possible, but with ONE virtual server.
My
freeradius with virtual server feature.
My first question is, if it's possible to have different FR server
configuration per SSID on single Access Point? AP have its IP address
from specific managemenet VLAN (different from any SSID X VLAN). I know,
that on freeradius side can be configuration
Hello list
I am using FR with WPA2-Enterprise autentification in Wifi environment
with this scheme:
SSID 1 \
SSID 2 --- AP -- Trunk -- Ruter - FreeRadius
SSID 3 /
My goal is to configure different security for different SSID through
one freeradius with virtual server feature.
My first
Ben Wiechman wrote:
The originate-coa virtual server includes a switch condition using the
Response-Packet-Type attribute in the post-proxy section. However this
attribute is not populated for responses to coa or disconnect requests. The
Packet-Type attribute is populated in the proxy-reply
Is the lack of information in the Response-Packet-Type attribute
expected in
a response to a coa or disconnect request and the switch should be
updated
to use %{proxy-reply:Packet-Type} (this does work) or should the
Response-Packet-Type attribute be populated for a response to a coa
or
1 - 100 of 199 matches
Mail list logo
