Hi All
I am trying to set up 802.1x with EAP PEAP/TTLS method by using intel PROSset
client tool with the PC.
Sometimes authentication success but mostly it fail.
Log attached could someone give me some direction?thanks a lot.
Best Regards
Gary
login as: root
root@192.168.21.30's password:
Last
Det Det wrote:
how to find out whether the attribute is a check/reply attribute?
Read the documentation for the module. *It* is the one which decided
which attributes go where.
So it's wrong to ask if an *attribute* is a check/reply attribute.
Attributes are (mostly) just attributes.
gary wrote:
Hi All
I am trying to set up 802.1x with EAP PEAP/TTLS method by using intel
PROSset client tool with the PC.
*Sometimes authentication success but mostly it fail.*
Log attached could someone give me some direction?thanks a lot.
Read it.
WARNING:
Thank you. Does it mean one attribute can exist (as both or in both)
radcheck/radreply tables? Like for example, NAS-Port-Type?
The reason I asked is because dialupadmin segregates the attribute to a
check/reply attribute.
Then I happen to check NAS-Port-Type, the RFC says below... Does it
Det Det wrote:
Thank you. Does it mean one attribute can exist (as both or in both)
radcheck/radreply tables? Like for example, NAS-Port-Type?
That's what I said.
The reason I asked is because dialupadmin segregates the attribute to a
check/reply attribute.
Yes. So? Do you understand
Hi,
After that to modify the configuration files, when I lunch freeradius -X I
get this output:
FreeRADIUS Version 2.1.10, for host i486-pc-linux-gnu, built on Nov 14 2010
at 20:41:03
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for
Even the subject is clearly of topic... sorry about that :)
We are in the process of changing our billing system. As far as I can
tell most vendors of billingware (such sage highdeal etc...), et least
the one we have met, now prefer using diameter interfaces over radius.
It seems even more
tonimanel wrote:
After that to modify the configuration files, when I lunch freeradius -X I
get this output:
...
Module: Checking accounting {...} for more modules to load
/etc/freeradius/sites-enabled/default[365]: Failed to load module
radrelay-detail.
Alexandre Chapellon wrote:
We are in the process of changing our billing system. As far as I can
tell most vendors of billingware (such sage highdeal etc...), et least
the one we have met, now prefer using diameter interfaces over radius.
It seems even more true when it comes to telco
On 10/13/2011 09:23 AM, siguillaume wrote:
Hi, We have installed a new freeradius with four servers: 02 for
authentification and 02 for Accounting. This plateform is for worked
interactively with three Alcaltel BAS. After configuration, we try with
one BAS, and it's work very well. But, when we
On 13 Oct 2011, at 10:23, siguillaume wrote:
Hi, We have installed a new freeradius with four servers: 02 for
authentification and 02 for Accounting. This plateform is for worked
interactively with three Alcaltel BAS. After configuration, we try with one
BAS, and it's work very well. But,
On 10/13/2011 09:31 AM, tonimanel wrote:
Thanks for your answer Alan.
I haver in modules directory radrelay-detail file with this code:
No you don't
# -*- text -*-
#
# $Id$
# Write a detailed log of all accounting records received.
#
detail {
This is a module called detail
Did you
On Thu, Oct 13, 2011 at 3:31 PM, tonimanel
antoniofernan...@fabergames.com wrote:
Thanks for your answer Alan.
I haver in modules directory radrelay-detail file with this code:
File name doesn't really matter. Instance name does.
# -*- text -*-
#
# $Id$
# Write a detailed log of all
Yes, I have copied detail file with radrelay-detail name. This is wrong? So,
how I have to define this module? I thought that this was enough.
I should to undo this change, ok?
Thanks for your answer.
--
View this message in context:
Ok, Thanks.
We use mysql as database. Each server has his own database server.
The protocols of authentification which are activated: chap, mschap and eap.
But, we are in a test step, so we least all requests to be accepted by radius.
Date: Thu, 13 Oct 2011 02:13:17 -0700
From:
Ok, Thanks.
We use mysql as database. Each server has his own database server.
The
protocols of authentification which are activated: chap, mschap and
eap. But, we are in a test step, so we least all requests to be
accepted by radius.
From: a.cudba...@freeradius.org
Subject: Re: Workload in
Hi,
Yes, I have copied detail file with radrelay-detail name. This is wrong? So,
how I have to define this module? I thought that this was enough.
freeradius doesnt care about the NAME of the file. it cares about the
instance name configured in the file
eg
file = mschap
mschap {
}
file =
On 13/10/11 10:20, siguillaume wrote:
Ok, Thanks.
We use mysql as database. Each server has his own database server.
The protocols of authentification which are activated: chap, mschap and
eap. But, we are in a test step, so we least all requests to be accepted
by radius.
Again: WHAT is going
Ok. Thank you for your answer. Now the service running ok when I execute
freeradius -X. I am going to check the replication. I would like to get
authentication and accounting replication because I want to have two
identical servers with data replicated.
Please, if you know about this, tell me if
All,
We recently upgraded to 2.1.12 and I have at the same time enabled SSL
fast session resumption; in the last 6 days, FreeRADIUS on the server
that is currently handling most of our auth has consumed 27% of the RAM.
Is anyone else running fast session resumption and seeing these
Ok, the service running ok. The authentication and accounting it's ok only in
one server, in the other server not appears nothing about accounting, so the
synchronization not function correct.
What can to be happening?
I have in radrelay.conf a home_server such as radrelay with this code:
Hi,
We recently upgraded to 2.1.12 and I have at the same time enabled SSL
fast session resumption; in the last 6 days, FreeRADIUS on the server
that is currently handling most of our auth has consumed 27% of the RAM.
Is anyone else running fast session resumption and seeing these
Hi,
Ok, the service running ok. The authentication and accounting it's ok only in
one server, in the other server not appears nothing about accounting, so the
synchronization not function correct.
can the servers talk to each other? your config has port 1812 ...is that meant
to be?
alan
-
tonimanel wrote:
Thanks for your answer Alan.
I haver in modules directory radrelay-detail file with this code:
There was an example posted here earlier. Use it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
tonimanel wrote:
Ok, the service running ok. The authentication and accounting it's ok only in
one server, in the other server not appears nothing about accounting, so the
synchronization not function correct.
What can to be happening?
No idea.
What does debug mode say? Have you
Phil Mayers wrote:
All,
We recently upgraded to 2.1.12 and I have at the same time enabled SSL
fast session resumption; in the last 6 days, FreeRADIUS on the server
that is currently handling most of our auth has consumed 27% of the RAM.
Is anyone else running fast session resumption and
On Wed, 5 Oct 2011, Arran Cudbard-Bell wrote:
Thanks for your suggestion. Do I drop this into my existing
..sites-available/default file? Does this add to what's there already, or do I
replace what's there with this (and does the order matter)? Sorry, I have a
very basic configuration and
Mike Diggins wrote:
Tried this today but got an error. I'm running 2.1.3.
Upgrade.
Module: Checking accounting {...} for more modules to load
/usr/local/freeradius/etc/raddb/sites-enabled/default[339]: Failed to
find module replicate.
On 13/10/11 13:31, Alan DeKok wrote:
Phil Mayers wrote:
All,
We recently upgraded to 2.1.12 and I have at the same time enabled SSL
fast session resumption; in the last 6 days, FreeRADIUS on the server
that is currently handling most of our auth has consumed 27% of the RAM.
Is anyone else
Phil Mayers wrote:
I am wondering if it's actually unrelated to fast session resumption;
the CPU use has jumped alarmingly too, and doesn't drop back when I
disable session resumption.
Hmm... I don't recall any new use tons of CPU code in 2.1.12.
Alan DeKok.
-
List
On 13/10/11 14:49, Alan DeKok wrote:
Phil Mayers wrote:
I am wondering if it's actually unrelated to fast session resumption;
the CPU use has jumped alarmingly too, and doesn't drop back when I
disable session resumption.
Hmm... I don't recall any new use tons of CPU code in 2.1.12.
Do you know if I must to configure two servers or only one is necessary?
Thanks again.
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Problems-with-my-radrelay-configuration-tp4876089p4899608.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
I think that I have a mistake. In proxy.conf file I have defined
home_server's, Have I to remove it from radrelay.conf?
I should to start the configuration with files without modifications, but to
do this I should to know very well what files I have to modify.
What suggest me to do?
--
View
Good afternoon:
I was hoping to see if anyone could provide the best syntax to concatenate two
strings being used in a comparison (policy.conf).
Synopsis:
We intend to compare an LDAP group name to a Freeradius shortname, but we want
the shortname to be shortname ++ otp.
The existing syntax
What is going slow?
Answer: The response of BAS's requests by freeradius.
Date: Thu, 13 Oct 2011 11:56:35 +0100
From: p.may...@imperial.ac.uk
To: freeradius-users@lists.freeradius.org
Subject: Re: Workload in freeradius platform
On 13/10/11 10:20, siguillaume wrote:
Ok, Thanks.
We
On 13 Oct 2011, at 19:15, Ray Scholl wrote:
Good afternoon:
I was hoping to see if anyone could provide the best syntax to concatenate
two strings being used in a comparison (policy.conf).
if(%{My-Var1}%{My-Var2} == %{My-Var3}){
}
Left operand can be attribute ref or string, right
Hi,
I remember that this problem indicates that I should to define something in
modules (radiusd.conf). I think that I have done it and the result is the
same.
Inside of modules directive I have written this:
detail detail-relay{
}
I hope you've written more than that in that
Freeradius threat the requests of BAS slowly after adding a second BAS.
From: gsi...@live.fr
To: freeradius-users@lists.freeradius.org
Subject: RE: Workload in freeradius platform
Date: Thu, 13 Oct 2011 17:29:25 +
What is going slow?
Answer: The response of BAS's requests by
Thank you -
You refer to them as variables - so I am assuming it cannot be a constant? I
must declare a variable and assign 'otp'?
sOTP := 'otp'
if ( %{FreeRadius-Client-Shortname}%{sOTP} == %{clients_ldap-Ldap-Group} )
{
Am I correct? Again, thanks in advance.
Ray
From:
On 13/10/11 18:29, Guillaume Sigui wrote:
What is going slow?
Answer: The response of BAS's requests by freeradius.
Are you deliberately trying to be difficult?
Please give more information. Be specific.
What is a BAS?
What requests is it making? Authentication or accounting?
What
On Tue, 4 Oct 2011, Mike Diggins wrote:
I'm running FreeRadius 2.1.3 on RedHat Enterprise Linux configured as an
Eduroam Radius proxy server. My Cisco Wireless Lan Controllers are constantly
failing over the Accounting Servers, due to lack of response from the Home
Servers, or so says the
2011/10/12 Alan Buxey a.l.m.bu...@lboro.ac.uk:
Hi,
Ssh users are suffering of broken pipe when NASes use the WPA
Enterprise schema. I wonder is I have something misconfigured that is
causing nosense reconnection or thinks alike. Please could could you
help me and take a look to my config
On 13 Oct 2011, at 19:41, Phil Mayers wrote:
On 13/10/11 18:29, Guillaume Sigui wrote:
What is going slow?
Answer: The response of BAS's requests by freeradius.
Are you deliberately trying to be difficult?
Mmm I think we have a cronic case of assholeitus.
Arran Cudbard-Bell
On 13 Oct 2011, at 19:40, Ray Scholl wrote:
Thank you –
You refer to them as variables – so I am assuming it cannot be a constant? I
must declare a variable and assign ‘otp’?
No. I said they could be attributes references or strings. You can use string
constants. Like most languages
On 13 Oct 2011, at 19:47, Mike Diggins wrote:
On Tue, 4 Oct 2011, Mike Diggins wrote:
I'm running FreeRadius 2.1.3 on RedHat Enterprise Linux configured as an
Eduroam Radius proxy server. My Cisco Wireless Lan Controllers are
constantly failing over the Accounting Servers, due to
Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
We recently upgraded to 2.1.12 and I have at the same time enabled SSL
fast session resumption; in the last 6 days, FreeRADIUS on the server
that is currently handling most of our auth has consumed 27% of the RAM.
Is anyone else running fast
I am running freeradius 2.1.10 on Debian 6.0.3.
What startup script in Debian starts freeradius? I would like to add the
-X option to it.
My first problem is I can't get radtest to work. The only thing I have
modified is the User file. I searched the FAQs and maillist archives to no
avail.
Hi all,
hopefully i got to the right group of people.
We are trying to use Freeradius to do PEAP/MSCHAPv2
authentication against Active Directory (2003). Our realm is
abc.acme.edu, but since Eduroam doesn't allow subdomain, end user has
to use b...@acme.edu instead b...@abc.acme.edu as
On 13/10/2011 21:16, Kevin Chan wrote:
Hi all,
hopefully i got to the right group of people.
We are trying to use Freeradius to do PEAP/MSCHAPv2
authentication against Active Directory (2003). Our realm is
abc.acme.edu, but since Eduroam doesn't allow subdomain, end user has
to use
On 13/10/2011 21:35, James J J Hooper wrote:
On 13/10/2011 21:16, Kevin Chan wrote:
Hi all,
hopefully i got to the right group of people.
We are trying to use Freeradius to do PEAP/MSCHAPv2
authentication against Active Directory (2003). Our realm is
abc.acme.edu, but since Eduroam doesn't
Hi,
We are trying to use Freeradius to do PEAP/MSCHAPv2
authentication against Active Directory (2003). Our realm is
abc.acme.edu, but since Eduroam doesn't allow subdomain, end user has
to use b...@acme.edu instead b...@abc.acme.edu as username.
you shouldnt send your own sub domains
Hi,
What startup script in Debian starts freeradius? I would like to add
the -X option to it.
why? just run 'radiusd -X' - as the main service script isnt designed
to be run in foreground (it would be a standard backgrounded daemon
My first problem is I can't get radtest
Hi,
well, due to the way the log files and logrotate clash, our servers
have a daily restart right now so this masks any such issue so
cant say :-|
I probably asked this already but why not syslog-ng and mmdd.log as
an output?
because the system should be as vanilla as
Hi All,
I am using the latest freeradius and coovachilli and am having a
terminate session problem. Some user sessions are not stopping, the
session time shown in the DB stops but the user does not logout and
there is also no reason given in the DB for termination...
The user can also go over
Guillaume Sigui wrote:
What is going slow?
Answer: The response of BAS's requests by freeradius.
My tolerance for this kind of nonsense has reached it's limit.
He's been unsubscribed.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ray Scholl wrote:
You refer to them as variables – so I am assuming it cannot be a
constant? I must declare a variable and assign ‘otp’?
They're just strings. If you've done any kind of computer
programming, string expansion should be familiar.
(1) take the string ...
(2) Expand
Mike Diggins wrote:
Accounting feature on the WLAN controllers (for now), I noticed that a
similar failure is a happening on the Authentication side. Some
authentication requests proxied to other radius servers (via Eduroam)
are either failing or taking a long time to respond, which also
OzSpots - Carl Sawers wrote:
The user can also go over the ChilliSpot-Max-Total-Octets quota and the
Idle-Timeout does not appear to work.
Then it's a chillispot problem. It has nothing to do with FreeRADIUS.
How does radius send a stop session command to the coovachilli router,
perhaps
OzSpots - Carl Sawers wrote:
The user can also go over the ChilliSpot-Max-Total-Octets quota and
the Idle-Timeout does not appear to work.
Then it's a chillispot problem. It has nothing to do with FreeRADIUS.
How does radius send a stop session command to the coovachilli router,
perhaps
On Fri, Oct 14, 2011 at 9:57 AM, OzSpots - Carl Sawers
c...@ozspots.com.au wrote:
OzSpots - Carl Sawers wrote:
The user can also go over the ChilliSpot-Max-Total-Octets quota and
the Idle-Timeout does not appear to work.
Then it's a chillispot problem. It has nothing to do with FreeRADIUS.
60 matches
Mail list logo