Hi All,
I installed freeRADIUS 1.0.5 recently, and configured the server as described
in the documentation files. My operating system is SUSE Linux 9.2. When I run
the 'radiusd -X' from the shell, the last four lines of the output are as
follows.
Listening on authentication
Hi,
Now my problem is, when I try to send an access-request (using the Radius
Test
Utility) from another machine (running Windows XP), which is in the same
network, the server does not says that it receives an access-request.
Does anybody know, where the problem is?
read the
Armin ranjbar wrote:
Is this possible to redirect users to another realm ( just like @realm )
with username perfix ?
for example , redirect any username that start with A1 to a realm
and A2's to another ?
You could try to define the realms in proxy.conf and add something
like this in the
Hi There
I have configured the Freeradius on Fedora core 3 as per the
documentation
[EMAIL PROTECTED] raddb]# ntlm_auth --request-nt-key --domain=INDIA
--username=checkad
password:
NT_STATUS_OK: Success (0x0)
[EMAIL PROTECTED] raddb]#
When I start the the Radius Server using Radius -X command
Hello freeradius-users,
I'm having trouble using long (253 chars) SQL queries in the
users file.
It seems the limitations of attribute size are being applied to
SQL queries even before expanding %{...} variables.
Example:
DEFAULT NAS-Port-Type == 'Wireless-802.11', Service-Type ==
Hi,
can this be done like this ...
in radiusd.conf:
modules {
ippool pool_range1 {
...
}
ippool pool_range2 {
...
}
}
post-auth {
group MULTIPLERANGESPOOL {
pool_range1
pool_range2
}
}
and then, in users file:
Perhaps try the latest version of mysql and stored procedures and / or
triggers.
Regards
Mike
- Original Message -
From: Pedro Ribeiro [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Sent: Tuesday, November 29, 2005 2:12 PM
Subject: Long SQL queries in attributes
Zoltan Ori wrote:
On Monday 28 November 2005 12:32, Christian Poessinger wrote:
rlm_eap_peap: Had sent TLV failure, rejecting.
Use the latest available drivers for your wireless adaptor. I've
encountered many strange connectivity issues that are fixed with new
drivers.
If the supplicant
Madhuraka Godahewa wrote:
Now my problem is, when I try to send an access-request (using the Radius Test
Utility) from another machine (running Windows XP), which is in the same
network, the server does not says that it receives an access-request.
Does anybody know, where the problem is?
On Tuesday 29 November 2005 08:53, Christian Poessinger wrote:
I requested and installed this fix, but I still get the same error message
on the radius server.
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV
Has anyone had any success with integrating Netscreen Group authentication with
FreeRadius? I'm able to authenticate the individual user account, but the
minute I try
to put the users in the various groups, the authentication fails with a
...belongs to a
different group in the RADIUS server
Zoltan Ori wrote:
Are there any other errors in the log? The actual reason for
rejection may come long before that.
Here is the complete log:
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config:
Your problem lies here:
modcall: entering group Auth-Type for request 6
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for USERNAME with NT-Password
rlm_mschap: FAILED:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Christian Poessinger
Sent: Tuesday, November 29, 2005 10:12 AM
To: 'FreeRadius users mailing list'
Subject: RE: WLAN 802.1x FreeRadius with LDAP
auth: type EAP
Processing the authenticate
HI all,
I have a Radius client (not generic but proprietary) that encodes its
vendor-type on *2* octets while the normal and common way is to encode
the vendor-type on 1 octet (0-255).
RFC 2865 says that the actual vendor-type + length + value is a string
field and :
The String field is one or
MINODIER David RD-RESA-LAN [EMAIL PROTECTED] wrote:
I have a Radius client (not generic but proprietary) that encodes its
vendor-type on *2* octets while the normal and common way is to encode
the vendor-type on 1 octet (0-255).
Yeah, some vendors do that.
- Is there an RFC that actually
Many thanks for such a quick answer !
Sub-question: First, i'll definitly have a look at the CVS. Can you just
tell me if (CVS) Freeradius will be able to reply to 1 vendor with a
vendor-type of 2 octets and the other vendors with a vendor-type of 1
octet ?
Again, thanks so much Alan.
- can
MINODIER David RD-RESA-LAN [EMAIL PROTECTED] wrote:
Sub-question: First, i'll definitly have a look at the CVS. Can you just
tell me if (CVS) Freeradius will be able to reply to 1 vendor with a
vendor-type of 2 octets and the other vendors with a vendor-type of 1
octet ?
Yes. The weird VSA
Michelle Lin [EMAIL PROTECTED] wrote:
However, the same certifcate doesn't work with an
older NIC card/NIC software on a different laptop.
It's a software problem. The supplicant is broken.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[EMAIL PROTECTED] wrote:
Hello all!
can anyone help me out with a template for the file hints as well as
huntgroups?
as far as i know those files are not needed if the accounting is done
via sql.
i still have got issues if i try disable the preprocessing for those
files.
anyone got any
Madhuraka Godahewa wrote:
Hi All,
I installed freeRADIUS 1.0.5 recently, and configured the server as described
in the documentation files. My operating system is SUSE Linux 9.2. When I run
the 'radiusd -X' from the shell, the last four lines of the output are as
follows.
Listening on
On Tuesday 29 November 2005 11:07, Christian Poessinger wrote:
You didn't configure a password for the user.
Yes, I did. I have a userPassword atribute in my LDAP backend, also
it contains a clear text password. I can fully use this account in
the backend for ftp/ssh/http but not with
Zoltan Ori wrote:
You have ntlm_auth in your mschap configuration. You don't want that
for LDAP.
You don't need anything NT in that module. The default configuration
had everything commented out but authtype = MS-CHAP. Start with that
and then add what you need.
Nope, there is everything
-Original Message-
Zoltan Ori wrote:
You have ntlm_auth in your mschap configuration. You don't want that
for LDAP.
You don't need anything NT in that module. The default configuration
had everything commented out but authtype = MS-CHAP. Start with that
and then add what you
On Tuesday 29 November 2005 13:56, Christian Poessinger wrote:
Nope, there is everything uncommented. I also tried to add this to the
ldap.attrmap file:
That's the problem everything is uncommented. Comment out ntlm_auth and
with_ntdomain_hack. If you have plain text passwords, you aren't
King, Michael wrote:
Christian, That is what he is saying your problem is, everything is
uncommented
Sorry, with uncommented i ment that all is commented out. Sorry my fault.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- Original Message -
From: Christopher Carver [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Tuesday, November 29, 2005 11:04 AM
Subject: Re: Configuring RADIUS Users
Madhuraka Godahewa wrote:
Hi All, I installed freeRADIUS 1.0.5
Hi all,
I was wondering what everyone uses for an account objectClass? Right
now I'm using Person, which makes the dn:
cn=user,ou=Radius,dc=mydomain,dc=net
However, indexing the cn would index the CN of other OU's as well ...
.
I'm just wondering what people use. I know Account could also
Hi,
Here is what I found in your log:
[...]
Exec-Program output: winbind client not authorized to use
winbindd_pam_auth_crap. Ensure permissions on
/var/cache/samba/winbindd_privileged are set correctly. (0xc022)
Exec-Program-Wait: plaintext: winbind client not authorized to use
Hello all,
I've done a radiusd -X to do some testing and was rather shocked by what
happened when I'm attempting to make some changes to make one specific NAS (our
DSL group) to have no timeouts. Here's a snippet of my config:
DEFAULT Auth-Type = System, NAS-IP-Address == ip.add.re.ss,
Curt LeCaptain [EMAIL PROTECTED] wrote:
From what I understand, if people come from the NAS-IP-Address of
ip.add.re.ss, it should be stopping everything, giving them their IP
and not continuing on due to the Fall-Through = No. Perhaps I'm
getting this wrong, but I'm trying to make it so that
As always, run it in debugging mode. You would see the answer.
In this case, NAS-IP-Address is an attribute in the RADIUS packet.
So if the NAS doesn't send it, it doesn't match that entry.
Okay, so I'm looking at my radiusd -X output and here's what I get on a
access-request:
rad_recv:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Dusty Doris
Sent: November 25, 2005 9:43 AM
To: FreeRadius users mailing list
Subject: RE: Freeradius How to integrate Active
Directory[ADIntegrationWindowsXP NTLM Tutorial]
So, the
My environment is
FreeRadius: 1.0.5 on RedHat
Funk Odyssey supplicant. (Tried with XP supplicant also)
Authenticator: HP procurve switch
EAP: EAP-MD5
Directory: Active directory as LDAP server
I am getting the following error while authenticating users in Active
directory. Any help is
Make sure the password has double-quotes around it.
I had to do that to get it working.
Have you tried using ldapsearch first to make sure that you are feeding
it the correct parameters?
Try something like
ldapsearch -LLL -h 10.1.1.1 -x -b 'dc=corp,dc=van,dc=com'
Thanks charles schwartz
Your documentation and responses really helped. The radius Server is
working now properly for all users in LDAP.
I need to give access to specific users in a group call RadiusUsers in
Windows 2003 LDAP. How can I go about it.
The Group is at location:
HI list
I am using free radius with EAP-TLS for wireless authentication then I
add Samba-LDAP for primary domain controller. Both radius and Samba
LDAP are working . Now when I login from my windows xp to the domain I
have to connect via wired first then install the certificate to make my
radius
Hi All,
I installed freeRADIUS 1.0.5 recently, and configured the server as described
in the documentation files. Using 'radtest' I can locally send an access
request to the 'radiusd' process and get the access-accept message.
Then, in the 'clients.conf', I added a new client entry as
Does anybody know, where can the problem lie?.
Run the server in debug mode (radiusd -X) and it will tell you why.
If you still can't work it out, post the output back here and someone
will help you.
cheers,
Mike
-
List info/subscribe/unsubscribe? See
Hello
Freeradius version is 1.0.4
I am using plain text users file. I have implemented counters for each
user - the counter should reset at the end of each month. I tested the
counter a while ago for a particular user and it worked.
I have just implemented counter usage for the rest of the
40 matches
Mail list logo
