I'm running freeradius2-2.1.7-7.el5, on CentOS 5.5. I have gotten all of the authentication setup for active directory and I know that the machine is able to pass requests along to our AD server. However it doesn't appear that freeradius is doing the same. I have been looking at the attached radius -x output for about 2 days now and I have done a ton of searching and have come up relatively empty handed.
View 3 RepliesIts 2 weeks i'm trying to configure freeradius2 on centos5 64bit after installed it from yum.all seems working, but i cant authenticate unix users.after digging in many sites its simply cant find user name and password ( ++[unix] returns notfound )Also how can i paste here all the radiusd -X log lines? i can't find any
radius.log file.
I'm currently trying to set up FreeRADIUS with DaloRADIUS and I'm stuck at FreeRADIUS getting clients (as NAS-es) from the MySQL database.
FreeRADIUS will no longer start after uncommenting the following line in my /etc/freeradius/sql.conf (which is supposed to let it use the MySQL database):
Code: Select allreadclients = yes
I have ran "freeradius -X" to find out what's going on with this output:
Code: Select allrlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to radius@localhost:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
[Code] ....
So it seems that the radius user is not authenticated. However I have verified that the login details I entered in my sql.conf are the correct ones (I even tried manually logging in with them and it worked).
how to install freeradius with dialup admin support on CentOS 5. .
View 1 Replies View RelatedI am trying in debian 8.2 but i am not found packet libapache2-mod-auth-radius whereas i have been include dvd1-3 debian and dvd1-2 update debian in my system. Where is that packet stand?
View 1 Replies View RelatedI already have this setup working in a debian server but I would like to setup the same in CentOS 5.3. I just copied all the configuration files to the CentOS server but I'm getting the following errors in messages:
vsftpd: nss_ldap: reconnecting to LDAP server (sleeping 64 seconds)...
vsftpd: nss_ldap: reconnecting to LDAP server (sleeping 64 seconds)...
crond[24483]: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)...
crond[24483]: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)...
crond[24483]: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)...
crond[24483]: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)...
[Code]...
Im having a lot of trouble configuring freeradius for Ubuntu. I have freeradius installed but Im having trouble finding any information on how to edit the configuration files to create users and be able to WPA2 Enterprise. The wireless router that I am using is an Linksys WRT54gl.
View 2 Replies View RelatedI'm try to start certificate authentication from my web site..
vhosts.conf for httpd:
<IfModule mod_ssl.c>
<VirtualHost 127.0.0.1:443>
ServerName ca.asu
[Code].....
I am using Samba on the lastest CentOS 5 64bit however the netlogon for windows authentication isn't working.
View 18 Replies View RelatedHow do I turn winbind authentication off or vsftpd. I keep getting these error messages in the /var/log/ secure:vsftpd: pam_winbind(vsftpd:auth): request failed: No such user, PAM error was User not known to the underlying authentication module (10), NT error was NT_STATUS_NO_SUCH_USER.I already tried remarking out different things in the config files. Is it safe to remark out the winbind stuff in /etc/pam.d/system-auth if we are using the smbclient to connect to a Windows share?Why would you want to to use AD to authenticate users for something simple like FTP is beyond me.I merely want it to authenticate against local system users.
View 3 Replies View Relatedsetting up a freeradius server and coovachilli in my ubuntu9.10.. I want software and hardware system requirments needed to install freeradius,coovachilli,mysql and apache.
View 2 Replies View RelatedI was trying to install and configure freeradius server in centos 5.5 .I installed freeradius 2.1.7. I added a sigle line at the top of the users file like this. bob Cleartext-Password := "hello". when I tried to test using radtest command (radtest bob hello 127.0.0.1 0 testing123).but Igot access-reject mesage from radius server. first I was trying on the same pc with defferent terminal. I serched and tried lot of options but all the time I got the same access reject message. I put debug message in debug site. I can see lot of users posted the same error message in many forums. But I cant find any solutions. I installed ntradping in my laptop and tried but same error. Delaying reject of request 0 for 1 seconds. Going to the next request. Waking up in 0.9 seconds. Sending delayed reject for request 0. Sending Access-Reject of id 16 to 10.10.204.73 port 1619. Waking up in 4.9 seconds. Cleaning up request 0 ID 16 with timestamp +3. Ready to process requests.
View 2 Replies View RelatedI have a radius server with just one NAS. I requires the following.
1. After authenticating User1 User2 & User 3 can connect to 192.168.1.0 network but rest users User4 User5 User6 wont be able to connect 192.168.1.0
2. User4 User5 User6 will be denied connecting to network 192.168.2.0 after authenticating but rest users which are not specified can connect.
These User1, User2... User6 are system users of the machine.
I am trying to install openssh server with public key authentication on CentOS.
But i am getting following error message: Disconnected: No supported authentication method available Server refused keys
My sshd_conf file is as follows:
I have Windows 2008R2 Server acting as Domain Controller for Windows7/XP clients. and CentOS 5.3 Installed configured as Samba Server, I want to make it as ADS member server so any user to login to any machine, and be able to access their Samba share.
View 3 Replies View RelatedI am administrating a server with CentOS installed. It came with qmail and courier-imap preinstalled, and Plesk.I need to manually add email accounts outside of Plesk, because my 1-domain Plesk license only allows the creation of one email address (yes, it sucks).
When I say add email account I mean creating a new email address, have email for that address be stored in its maildir, and have a corresponding imap (and hipefully also pop3) account that will be able to read that mail. All this with virtual domains.I've already found out how to create the new email addresses for qmail, so that email for the new email address is being delivered correctly. Now I need to create the imap/pop3 accounts for courier.
For the qmail part, I create a folder in in /var/qmail/mailnames/virtualdomain.org/username and a maildir called Maildir inside it. This is how the first mail address was created by Plesk and i'd like to maintain the same structure. As I've said, the qmail part is already working, I need to get the courier-imap part to work. Ideally, it should accept login with both short (i.e. myuser) and long (i.e. myuser@virtualdomain.org) user names.
Currently the only authentication module that is enabled in courier-imap is authpsa, which is Plesk's authentication module.in order to add more authentication modules, do I just need to add them to the authentication module list in /etc/courierimap/imapd, or do I need to reinstall courier-imap with support for such authentication modules? I thought I would only need to add them to the list, but I've noticed that the /usr/lib/courier-imap/authlib/ folder only contains a binary called "authpsa". Does that mean that other authentication modules are not even installed? If so, can I install them without reinstalling courier?
The second question is, what would be the most recommended authentication module that would make it easiest to create new email addresses/accounts from the command line? I need to be able to write a shell scripts capable of creating a new email address with all that is needed, and I'd like to keep this script as simple as possible, so for example I'd avoid mysql-based authentication as it sounds rather complicated. And the last question is, if I do need to reinstall courier-imap, how can I install a package without recompiling it? Will my one existing mailbox keep working?
I've configured the RADIUS to use a PostgreSQL DB for accounting. Everything works fine if the connection from the RAD to the SQL is OK. If the PostgreSQL service dead, the RAD will skip the failed connection and continue to work. That's OK, too. But if I shutdown the network interface of the SQL (simulating a connection lost - timeout problem), the RAD thread which processes accounting request will be hung up, remains as active and unresponsive forever. So the RAD will not return anything to accounting client (my NAS).
As more accounting requests come, spare threads for processing the requests will reduce and be used up eventually. I've debugged for a while and found it's the problem of PQexec() function. The function blocks the thread eternally till if the connection lost. I know the RAD version is a little outdated, but I cannot replace it right now. I wonder if there's a way to make the RAD reply to the NAS even when the connection between the RAD and the SQL lost.
i have a small issue, to make our network more secure, i now require outgoing email to require authentication. Now the problem..i have a automated mailer that does not have the option to authenticate. is there a way to allow a certain email address or the local network to send out without authentication? If i cannot do this for a single email user to allow them through with authentication, how would i remove the authentication paramaters in the postfix smtp..
View 2 Replies View Relatedi want to authenticate user (client) via switch to the radius server(CentOS)Can anyone tell me the authentication/authorization configuration that should be made in the switch (huawei) and the radius server(centos).Esp. the main files under /etc/raddb/ in the Server& the configuration to be made under the radius server template "test"( as of my case)...
View 1 Replies View RelatedI have a problem with ldap client authentication in ubuntu. I am using rhel5 as openldap server and I configured ubuntu as client, when I am trying to login the following message is coming."su: Authentication service cannot retrieve authentication info. Sorry"
But when I do search through "ldapsearch" command output is coming without any errors, Can anybody explain what would be problem.
I have a network and am using squid proxy with authentication I want to create another subnet without authentication.
View 1 Replies View RelatedI got a problem with my CentOS server. Somebody told me OpenVPN Requires different changes inside my firewall settings. That could be the problem why openvpn wont load..I receive this error on my CentOS panel when im trying to connect into the centos openvpn (with my winxp pc):
Thu Sep 17 20:31:36 2009 TLS Error: incoming packet authentication failed from 84.xx.62.122:2622
Thu Sep 17 20:31:38 2009 Authenticate/Decrypt packet error: packet HMAC authentication failed
Thu Sep 17 20:31:38 2009 TLS Error: incoming packet authentication failed from 84.xx.62.122:2622
[code]....
i'm programming a small tcp client, but i need that the server knows the source ip. My client receives a external connection and forwards, but the ip seen by the server, of course, is the client ip. I would like, change this ip to original source ip.
I don't know how to do this. I tried with the connect and select function.
I am having an issue with pureftpd and the way it handles passive mode. Here is a link to a discussion on filezilla.
[URL]
Basically the problem I have is that the Ubuntu Server is not passing the right IP address. It passes the internal "unrecognized IP address"
How do I set up Ubuntu to know it external IP address and pas it during a passive mode FTP connection?
I am doing this project for our school. Basically we want to pipe all incoming emails to a script which filters out certain messages (not only spam but duplicates, large messages, etc). If they fail certain criteria, the script simply does nothing.If they pass , then the script should pass the entire message (headers and body) back on to qmail to send. The piping part is not a problem, but I am stuck with the next part. Is there a way to pass the headers and body back to qmail for it to process and send, as if it received it the first time?Some details:A catchall email account is created via Plesk control panel on linux (centos).THe .qmail file in /var/qmail/mailnames/domain.com/catchall/ is edited to include the line:-|/path/to/pipe/handler.phpThe handler.php file simply reads the entire message (headers and body) and they are then parsed and analysed.
View 2 Replies View RelatedOn our server we have a certain directory, say /storage, that contains many large files. They are all compressed (gzip). Many of our users are not computer-savvy, and so when one of these files is needed, they will copy it to their own directory. Consequently, we have multiple terabytes of duplicate data. I'd like to enforce an alias whereby if someone tries to use cp on a file from /storage, they will instead create a symbolic link. My idea was something like:
alias cp='cp.storage'
File cp.storage:#!/bin/sh
truePath=$(readlink -f "$1")
[code]....
The conditional checks whether the file being copied begins with "/storage". The problem with this is that if someone wanted to use cp with any options on a file not in /storage, those options would be obliterated. Can someone guide me as to a good way to accomplish this? Either a way to get the options from cp into cp.storage, or another approach not using alias this way. Everyone will be using bash.
I've given a bit of support using Mod_rewrite to use magical urls to redirect to scripts, but when I migrated to Ubuntu's Apache2... I'm lost. I basically want to rewrite like this:
Code: RewriteRule ^artist/(.+)/$ artist.php?artname=$1 But I noticed that it wasn't passing the artist=$1 to the server GET vars. Then I noticed that if I changed the name of the file in both the rule and the file system to artists.php, typing artist/blah/ no longer was found. So then I realized that if I removed the rewrite rule artist/hello/ would still resolve to artist.php without any parameters my htaccess is like so:
[Code]...
I am very new to shell scripting.How does one pass a command-line parameter to a shell script?for the below program
#/bin/bash
mount -t cifs -o user=ramkannan,password=Linux123@ //10.200.1.125/ramkannan /MT
cd /MT/test
date=`/bin/date "+\%Y-\%m-\%d-\%H-\%M-\%S"`
mysqldump -uroot -pram2@ employeedb > $date.sql
gzip $date.sql
I want to pass parameter for everything,i tried in google and did but iam getting error while passing parameter to all
#/bin/bash
mount -t cifs -o user=$1,password=$2 //10.200.1.125/ramkannan /MT
cd /MT/test
date=`/bin/date "+\%Y-\%m-\%d-\%H-\%M-\%S"`
mysqldump -uroot -pram2@ employeedb > $date.sql
gzip $date.sql
i was getting error while passing parameter to all.
I am trying to play with /etc/pam.d/samba on Centos 5.6 (2.6.18-238.19.1.el5) but it seems that Samba is ignoring this file.
Example:
And samba authentication is still possible afterwards.
Default samba packages:
The package seems to be compiled with PAM enabled:
I am not able to connect samba server from other linux pc giving error: NT Authentication Failure
But am able to access through anonymous login from linux Same is working fine will all smb users through windows. I am using rhel 5.