On 15/05/2012 02:34, 全球无线联盟 wrote:
2. We tried to run multiple radiusd at same server while the second
failed. Can anyone advise how to configure the server to run multiple
radiusd simultaneously?
Why do you need to do this? FreeRADIUS has virtual-server functionality,
so you can create
On 11/05/2012 13:35, Phil Mayers wrote:
On 11/05/12 13:10, sgilmour wrote:
--nt-response=46eb0f981a6121ad65e5726b0ee0e2097d610172204c7f24
Fri May 11 08:08:13 2012 : Debug: Exec-Program output: Access denied
(0xc022)
Fri May 11 08:08:13 2012 : Debug: Exec-Program-Wait: plaintext: Access
Hi All,
FR 2.1.x Git, doing PEAP against AD via ntlm_auth. I thought that with:
allow_retry = yes [in modules/mschap]
and
send_error = yes [in modules/eap]
...FR has the functionality to take the second password attempt, and re-try
it against AD i.e. The scenario outlined in section 9.1.4 of
On 11/04/2012 17:24, James J J Hooper wrote:
Hi All,
FR 2.1.x Git, doing PEAP against AD via ntlm_auth. I thought that with:
allow_retry = yes [in modules/mschap]
and
send_error = yes [in modules/eap]
...FR has the functionality to take the second password attempt, and
re-try it against AD
--- mschap-orig 2012-04-08 00:39:44.0 +0100
+++ mschap-new 2012-04-08 00:41:06.0 +0100
@@ -78,3 +78,3 @@
# ntlm_auth_username = username: %{mschap:User-Name}
-# ntlm_auth_domain = username: %{mschap:NT-Domain}
+# ntlm_auth_domain =
On 24/03/2012 13:13, Alan Buxey wrote:
Hi,
there was never any more on this thread, so just to add some final info
Now, for whatever reason, the Windows box decides to discard some
requests. Unfortunately, the error reporting is pretty weak
(discarding invalid request). Our Windows guys are
On 25/01/2012 20:35, White III, Joe wrote:
I'm running Freeradius 1.0.1 using MySQL as the database backend.
I need to configure the server so that all users are restricted from using
certain access points (i.e. guest network). It appears I need to use a DEFAULT
user definition in the users
On 01/12/2011 22:41, Piotr wrote:
This is debug from l2tp/ipsec connection:
CHAP-Password = 0x01972f0886c4e5e2f30e32053dbcf67504
[chap] login attempt by tom3 with CHAP password
[chap] Cleartext-Password is required for authentication
++[chap] returns invalid
Failed to authenticate the
On 27/10/2011 00:51, Toby wrote:
Hi all,
I apologize in advance if this question has been answered previously
but I have searched extensively and cannot find discussion of this
particular topic.
What I am wanting to setup, at least initially, is a WPA2 enterprise
(802.11i) wireless access
On 23/10/2011 16:02, Andreas Rudat wrote:
Hello,
I understand it correctly, that I can't use peap + mschapv2 with ldap? Im realy
confused atm, what I can realy use, everytime I think its fine, I found another
unsecure thing :/
To use PEAP/MS-CHAPv2, LDAP has to provide FR with either a
On 21/10/2011 20:44, Eric Geier wrote:
Hi, I’m trying to update my server’s cert, but getting errors
after applying it:
Fri Oct 21 12:26:45 2011 : Error: TLS Alert read:fatal:certificate
expired
Fri Oct 21 12:26:45 2011 : Error: TLS_accept:failed in SSLv3
read client certificate A
Fri Oct
On 21/10/2011 22:31, Eric Geier wrote:
Thanks for the reply!
Yes, the clients are set with correct time/date.
That command didn't work. Did you mean openssl verify command? I
ran that and both the old cert (still valid for a few days) and
the new cert (already valid) shows correct domain but
On 15/10/2011 12:14, Ray Scholl wrote:
Good morning:
So, I took all of your advice - example constructs, suggestion to do a little
testing etc. I built a duplicate server and my question still remain.
The construct I have -
if ( clients_ldap-Ldap-Group ==
On 14/10/2011 16:13, Martin Ubank wrote:
Here’s the full output from ‘radiusd –X’:
The bit at the top that tells us what radiusd has read from the config
files is missing.
It's not executing ntlm_auth by the looks of what you posted, so you need
to look at why. The first bit of radiusd -X
On 15/10/2011 01:18, OzSpots - Carl Sawers wrote:
Hi All, I have searched high and low for a Radacct Terminate cause
description for Freeradius, the terminate cause states “Lost-Session” ,
anyone know what it refers too?
Please set a subject when posting to a mailing list.
before it
goes to ntlm_auth against your AD).
Regards,
James
--
James J J Hooper
Senior Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 13/10/2011 21:35, James J J Hooper wrote:
On 13/10/2011 21:16, Kevin Chan wrote:
Hi all,
hopefully i got to the right group of people.
We are trying to use Freeradius to do PEAP/MSCHAPv2
authentication against Active Directory (2003). Our realm is
abc.acme.edu, but since Eduroam doesn't
Hi Alan et al,
I'm having trouble getting FR by git (was previously working):
$ grep url .git/config
url = git://git.freeradius.org/freeradius-server.git
$ git pull origin v2.1.x:v2.1.x
fatal: The remote end hung up unexpectedly
Is there an issue with git.freeradius.org? (Is anyone
On 20/09/2011 11:38, denizaydin wrote:
I can not see its giving this error while starting. Do I have to change
installation directory or the library dirctory in the radiusd.conf?
[10:15:39.9] gmake[11]: Entering directory
On 17/09/2011 01:56, Alan DeKok wrote:
James J J Hooper wrote:
Above won't work since:
https://github.com/alandekok/freeradius-server/commit/1a00da32c13fb979e11748250da469c7ac4474a8
-James
https://github.com/alandekok/freeradius-server/commit/1a00da
In fact this dictionary change breaks
On 16/09/2011 17:24, Phil Mayers wrote:
On 16/09/11 16:59, denizaydin wrote:
Hi,
I am using Version 2.1.11 for broadband PPP authentication. I want to put
the unauthenticated users to a default service. I have to revert the
access-reject message to access-accept because once CISCO ISG get a
Don't do that.
Instead, don't reject the in the first place. For example:
authorize {
...
sql
if (notfound) {
update control {
Auth-Type := Accept
}
}
}
Above won't work since:
https://github.com/alandekok/freeradius-server/commit/1a00da32c13fb979e11748250da469c7ac4474a8
-James
On 06/09/2011 00:36, Rob Turner wrote:
Default in modules/acct_unique:
acct_unique {
key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port
}
The man page for rlm_acct_unique shows:
acct_unique {
key = User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Port
}
Anyone know
On 29/08/2011 15:13, Alan DeKok wrote:
I've put some pre releases of 2.1.12 on the web site:
http://git.freeradius.org/pre/
Please let me know if there are any problems. If not, this can become
2.1.12.
All seems good so far.
-James
radmin show version
FreeRADIUS Version 2.1.12, for
Total denied auths: 0
Total lost auths: 0
...so it seems you need User-Name, Calling-Station-Id and Service-Type.
-James
--
James J J Hooper
Senior Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http
on how you are
generating the CoA this may be problematic, but is easily solved with a
line in your iptables config:
*nat
-A POSTROUTING -p udp --dport 3799 -d NAS-IP -j SNAT --to-source
radius-server-IP:radius-listening-port
COMMIT
-James
--
James J J Hooper
Senior Network Specialist
On 05/08/2011 17:00, John Dunning wrote:
Greetings all,
We've been running freeradius 1.x on Debian Lenny for some time with great
success authenticating against Novell eDirectory/LDAP.
Our Linux guru has moved on to exciting new opportunities and while the rest of
us are decent at linux
On 01/08/2011 22:08, d.tom.schm...@l-3com.com wrote:
Currently running 1.1.3 on CentOS 5.x.
Upgrade
I am currently using the flat file option and it works just fine as long
as the permissions on the file are:
664 RW-RW-R—
Record in the file looks like:
Tom tab Auth-Type := Local,
On 12/07/2011 02:50, Nick Kartsioukas wrote:
I've been looking through the wiki and staring at the config files and
I'm...confused.
I've successfully gotten our Cisco WLC to authenticate against
ActiveDirectory as well as a Sun LDAP server (just one at a time) via
FreeRADIUS for a single test
On 19/05/2011 21:00, Garber, Neal wrote:
I found a similar user in an old thread who submitted a patch:
(http://freeradius.1045715.n5.nabble.com/Capturing-ntlm-auth-failure-
reasons-in-rlm-mschap-td2791760.html)
And it appears that this patch made it into the rlm_mschap.c module code:
I
On 17/05/2011 22:28, Frank Dornheim wrote:
Dear FreeRADIUS users,
i try to migrate my radius setup to LDAP.
I use mainly the informations from Frank Ranner
(http://lists.cistron.nl/pipermail/freeradius-users/2007-September/msg00205.html).
Today i have a problem to understand the xlat statement
On 09/05/2011 12:22, Alan DeKok wrote:
Alexander Clouter wrote:
Updating to git's v2.1.x to go on a post-Easter bughunt and found the
following accounting packet[1] seems to segfault freeradius:
...
#1 0x403075d8 in fnmatch () from /lib/libc.so.6
#2 0x409da598 in do_detail
= 448
ASSERT FAILED xlat.c[1048]: outlen 0
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk
--
Config bits:
server eduroamlocal-soh {
authorize {
if (SoH-Supported == no) {
update config {
Auth-Type
On 04/05/2011 11:24, Phil Mayers wrote:
On 04/05/11 10:42, James J J Hooper wrote:
[updated] returns updated
+++- if ((Calling-Station-Id) %{Calling-Station-Id} =~
/^%{config:policy.mac-addr}$/i) returns updated
+++ ... skipping else for request 750: Preceding if was taken
++- policy
On 04/05/2011 11:37, Phil Mayers wrote:
On 04/05/11 10:42, James J J Hooper wrote:
Hi All,
Sorry for the sketchy details
We got an
ASSERT FAILED xlat.c[1048]: outlen 0
with a PEAP user. The bit of the -X I have is as below, and the soh
virtual server config is attached. I have no further
On 10/04/2011 07:03, Alan DeKok wrote:
James J J Hooper wrote:
I've may have mis-understood the code, but I think the EAP MS-CHAP-v2
Failure packet, should be an EAP *request* (currently it's EAP failure)??
Yes, thanks.
Also, args to pairmove2 are wrong way around, as attached.
-James
On 10/04/2011 12:16, James J J Hooper wrote:
On 10/04/2011 07:03, Alan DeKok wrote:
James J J Hooper wrote:
I've may have mis-understood the code, but I think the EAP MS-CHAP-v2
Failure packet, should be an EAP *request* (currently it's EAP failure)??
Yes, thanks.
Also, args to pairmove2
On 10/04/2011 12:39, James J J Hooper wrote:
On 10/04/2011 12:16, James J J Hooper wrote:
On 10/04/2011 07:03, Alan DeKok wrote:
James J J Hooper wrote:
I've may have mis-understood the code, but I think the EAP MS-CHAP-v2
Failure packet, should be an EAP *request* (currently it's EAP failure
On 10/04/2011 12:57, James J J Hooper wrote:
On 10/04/2011 12:39, James J J Hooper wrote:
On 10/04/2011 12:16, James J J Hooper wrote:
On 10/04/2011 07:03, Alan DeKok wrote:
James J J Hooper wrote:
I've may have mis-understood the code, but I think the EAP MS-CHAP-v2
Failure packet, should
On 08/04/2011 08:54, Alan DeKok wrote:
Phil Mayers wrote:
+1 - In my experience it's necessary to cater for windows' weirdness
*first*. Most other clients have sane behaviours. I'm concerned about
the we didn't do much windows testing line...
Yup.
I've just pushed some changes to the
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
index c512018..3f3fc46 100644
--- a/src/modules/rlm_mschap/rlm_mschap.c
+++ b/src/modules/rlm_mschap/rlm_mschap.c
@@ -1239,9 +1239,21 @@ static int mschap_authenticate
--On Thursday, April 07, 2011 13:33:33 +0100 James J J Hooper
jjj.hoo...@bristol.ac.uk wrote:
Attached are the two 'git diff' that I ended up with.
gzipped so they don't get messed up.
-James
p1.txt.gz
Description: Binary data
p2.txt.gz
Description: Binary data
-
List info/subscribe
On 07/04/2011 13:33, James J J Hooper wrote:
--On Wednesday, April 06, 2011 15:42:11 -0500 john.hayw...@wheaton.edu wrote:
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
I don't know if this should be sent to the developers list instead.
=== Background
On 02/04/2011 18:29, ziko wrote:
Hello.
I am using Freeradius 2 with openldap 2.3.43 on my CentOS 5.
My OPenldap works grate without freeradius, and freeradius works without ldap.
But i cant connect ldap and freeradius.
my ldapsearch output:
ldapsearch -x
# extended LDIF
#
# LDAPv3
# base
On 30/03/2011 22:59, Robert Roll wrote:
Freeradius Version 2.1.10
I'm trying to return a vendor attribute, but I don't seem to be seeing it in
the access-accept ?
I am inner tunneling to Peap, and you can see the attribute is there...
Airespace-Interface-Name = wifi-chem-uconnect
a CN to match, so using a
self-signed cert, and setting the client just to trust that CA mitigates
the public CA vector.
-James
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
On 07/03/2011 22:18, Arran Cudbard-Bell wrote:
On Mar 7, 2011, at 4:05 PM, James J J Hooper wrote:
On 07/03/2011 21:42, John Dennis wrote:
I changed default_eap_type=md5 to default_eap_type=ttls and now the
Macs are able to authenticate without Certs or any configuration on their
side
/credential stealing attacks etc. This may be
acceptable in your environment, but if not, you'll still need to actively
configure the client.
-James
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http
.
That could be fixed for 2.1.11, I guess. If someone can test it...
Yes please, and will do.
-James
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--On Friday, March 04, 2011 11:49:50 +0100 Alan DeKok
al...@deployingradius.com wrote:
James J J Hooper wrote:
That could be fixed for 2.1.11, I guess. If someone can test it...
Yes please, and will do.
Try this patch. You should see MSCHAP Failure in the debug log,
where
--On Friday, March 04, 2011 12:04:51 + James J J Hooper
jjj.hoo...@bristol.ac.uk wrote:
--On Friday, March 04, 2011 11:49:50 +0100 Alan DeKok
al...@deployingradius.com wrote:
James J J Hooper wrote:
That could be fixed for 2.1.11, I guess. If someone can test it...
Yes please
--On Friday, March 04, 2011 13:32:35 +0100 Alan DeKok
al...@deployingradius.com wrote:
Alan DeKok wrote:
James J J Hooper wrote:
rlm_eap_mschapv2.c: In function `mschapv2_authenticate':
rlm_eap_mschapv2.c:658: error: called object is not a function
rlm_eap_mschapv2.c:658: error: too few
by 40% by doing this. N.B Resumed
sessions will not touch your inner-tunnel config, so you have to make sure
that you pay attention when (re-)assigning VLANs / other returned
attributes based on username.
-James
--
James J J Hooper
Network Specialist, University of Bristol
http
will take
host\\computer.domain.name and turn it in to computer$ automatically).
-James
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
the given IP from an accounting packet though. Use a
DB to match things up.
Regards,
James
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
...and then testing it:
echo 'User-Name = 現年快樂' | radclient -x 137.222.253.91:16010 auth
SECRET
Sending Access-Request of id 161 to 137.222.253.91 port 16010
User-Name = 現年快樂
rad_recv: Access-Accept packet from host 137.222.253.91 port 16010, id=161,
length=20
Regards,
James
--
James J J Hooper
it though.
Hi Brett,
It sounds like the linelog module may do what you need, in conjunction
with unlang for the conditionals:
https://github.com/alandekok/freeradius-server/blob/v2.1.x/raddb/modules/linelog
Regards,
James
--
James J J Hooper
Network Specialist
Information Services
University
-freeradius-case-study.pdf
Regards,
James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 11/10/2010 22:14, James J J Hooper wrote:
On 11/10/2010 12:37, Phil Mayers wrote:
On 09/10/10 15:01, Garber, Neal wrote:
Thanks to a lot of work by Phil Mayers, the server now has support for
Microsoft SoH in PEAP, normal RADIUS (MS VPN gateway), and in DHCP.
Wow! That *must* have been
On 07/11/2010 10:32, mic...@casa.co.cu wrote:
Hello
Gentlemen, there are problems on the list and everyone is on vacation or
just moved to see activity on the list?
I repeat my previous message, only this time I'm more brief
The silence was your answer:
You would like FreeRADIUS to return
;
home-zombie_period_start.tv_sec = home-last_packet;
home-zombie_period_start.tv_sec = USEC / 2;
{Apologies if I'm totally going in the wrong direction}
Regards,
James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk
!= PW_AUTHENTICATION_ACK) {
RDEBUG2(SoH was rejected);
-James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
-
List info/subscribe/unsubscribe? See http
]
... Therefore patch attached {confd-by= format only a suggestion}.
-James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
--- soh.c-orig 2010-10-11 20:54:28.0 +
+++ soh.c-new1 2010-10-11 21
On 11/10/2010 22:14, James J J Hooper wrote:
On 11/10/2010 12:37, Phil Mayers wrote:
On 09/10/10 15:01, Garber, Neal wrote:
Thanks to a lot of work by Phil Mayers, the server now has support for
Microsoft SoH in PEAP, normal RADIUS (MS VPN gateway), and in DHCP.
Wow! That *must* have been
/unsubscribe? See
http://www.freeradius.org/list/users.html
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--On Tuesday, September 28, 2010 16:19:46 +0100 James J J Hooper
jjj.hoo...@bristol.ac.uk wrote:
Hi Alan,
I'm getting a make error. I tried ./configure --without-radsniff but
still the same... Is there a switch to disable building radsniff or do I
have to get the PCAP libraries
--On Tuesday, September 28, 2010 17:48:39 +0200 Alan DeKok
al...@deployingradius.com wrote:
James J J Hooper wrote:
Hi Alan,
I'm getting a make error. I tried ./configure --without-radsniff but
still the same... Is there a switch to disable building radsniff or do I
have to get the PCAP
On 15/09/2010 19:43, John Dennis wrote:
On 09/15/2010 02:21 PM, Alan Buxey wrote:
Hi,
seems okay
For certificate, do we need a server certificate for both radius1 and
radius2 if we want supplicant to verify the server certificate?
you can use the same server certificate - so that the
,
James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--On 14 September 2010 08:15 +0100 James J J Hooper
jjj.hoo...@bristol.ac.uk wrote:
--On 14 September 2010 17:01 +1000 Strong, Mark mstr...@tnsi.com
wrote:
Hi Guys,
I have free radius 2.1.6, and it has quite a chunk of memory inuse at
the moment, are there any known issues
}
}
reject = return
}
}
...
}
-James
--
James J J Hooper
University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, you need to click the Advanced-settings
button, change to the EAP page, select 'Use manual user name' and enter
whatever you want in the box.
(
http://www.wireless.bris.ac.uk/getconnected/services/eduroam/go-anything/#anomalies
)
Regards,
James
--
James J J Hooper
Network Specialist
HI,
Wed Jul 14 10:51:16 2010 : Info: [mschap] expand:
--nt-response=%{mschap:NT-Response:-00} -
--nt-response=a3492c6411f5548251a05606aa028964d34b69c58e61c7d5
Wed Jul 14 10:51:16 2010 : Debug: Exec-Program output: winbind client not
authorized to use winbindd_pam_auth_crap. Ensure
http://www.google.co.uk/search?q=freeradius+commercial+supportbtnI=1
??
On 16/06/2010 23:03, Jackal Admin wrote:
Even if you aren't able to provide support, I'd be interested in any
suggestions for where to get support from.
Jackal Admin wrote:
We have a a hotspot authentication system
--On Thursday, June 10, 2010 10:10:05 +0200 Alan DeKok
al...@deployingradius.com wrote:
James J J Hooper wrote:
OK - GDB log attached. This is from git branch v2.1.x, up to and
including 0e9ae1698ba55b16b149 (Cleaned up debug output to be readable -
about 7 hours ago
On 10/06/2010 22:20, Alan Buxey wrote:
Hi,
OK. I fixed both problems. Thanks for tracking it down, it made the
fix much simpler.
Do a 'git pull' for the v2.1.x branch, and re-build. It should now be
OK.
hmm, this is interesting...James, do you use COA at all? we dont but
this code
On 10/06/2010 22:42, James J J Hooper wrote:
On 10/06/2010 22:20, Alan Buxey wrote:
Hi,
OK. I fixed both problems. Thanks for tracking it down, it made the
fix much simpler.
Do a 'git pull' for the v2.1.x branch, and re-build. It should now be
OK.
hmm, this is interesting...James, do you
On 09/06/2010 17:56, James J J Hooper wrote:
Hi Alan, All,
Since upgrading to 2.1.9, FR is segfaulting frequently (every 20 minutes
with load, every ~8 hours with less load).
Attached -X at startup, and the last 100 lines before segfault.
If someone can explain how to drive GDB (or any other
On 09/06/2010 21:17, James J J Hooper wrote:
On 09/06/2010 17:56, James J J Hooper wrote:
Hi Alan, All,
Since upgrading to 2.1.9, FR is segfaulting frequently (every 20 minutes
with load, every ~8 hours with less load).
Attached -X at startup, and the last 100 lines before segfault
On 25/05/2010 06:30, Robert Wilkinson wrote:
I feel defeated. I was able to get an access-accept result. During my
attempt to use MySQL it appears that I broke my configuration.
I am using freeradius 2.1.8 on ubuntu 10.4 server.
Here is my freeradius -X debug output:
WARNING: Empty section.
On 16/05/2010 10:26, John Raja wrote:
Hi,
I have installed freeradius server in centos. I am trying to test with
below mentioned command i am getting the error output as given below ,
Please help me out...
I have created the username in the user file bobCleartext-Password
:= hello
_Command_
,
direct replies (COA or otherwise) won't work.
-James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
As seen, there is no any data in %{Realm}.
Refer to man rlm_realm
...realms have to be defined in proxy.conf for suffix to recognise them:
realm un {
...
}
Alternatively, use a regex in unlang to split the username as you wish.
-James
--
James J J Hooper
Network Specialist
Information
...
if (control:Auth-Type == EAP) {
update control {
Proxy-To-Realm := xyz.com
}
}
-James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
-
List info/subscribe/unsubscribe? See http
--On Wednesday, January 27, 2010 05:11:26 PM + Mark Smith
mark.sm...@abelalarm.co.uk wrote:
Please see attached radiusd -X dump file as requested.
Mark Smith
Systems Engineer
-Original Message-
From: Alan Buxey [mailto:a.l.m.bu...@lboro.ac.uk]
Sent: 27 January 2010 14:39
To:
On 20/01/2010 23:36, Arran Cudbard-Bell wrote:
On 1/17/2010 8:37 AM, Alexander Clouter wrote:
James J J Hooperjjj.hoo...@bristol.ac.uk wrote:
In order to also return e.g. VLAN IDs (that could be computed from the
inner User-Name in a non-session-resumption enabled config), I can move
the
--On Thursday, January 21, 2010 10:05:36 AM + Alexander Clouter
a...@digriz.org.uk wrote:
James J J Hooper jjj.hoo...@bristol.ac.uk wrote:
How did you get around the my policy rejects you now, but i've already
sent a tunneled success TLV in the TLS tunnel and you're now ignoring my
On 20/01/2010 21:08, Коньков Евгений wrote:
Hi
If program runned from cron run another process like:
curl or wget or anithign else located at PATH
it says: can not find curl etc.
NOTICE: when programm is runned from cron there is no PATH environment
variable
Does any know how to pass
1
Apologies if I have misunderstood the code.
-James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi All,
When a client does session resumption:
cache { enable = yes} in eap.conf
The session User-Name (from previous access-accept) is restored from the
cache e.g:
[ttls] Skipping Phase2 due to session resumption
[ttls] Adding cached attributes to the reply:
User-Name = ab1234
On 17/01/2010 20:22, Alan Buxey wrote:
Hi,
One thing to remember, is for *your* users roaming at other universities
to remember to remove the reply:User-Name attribute to protect the
guilty. :)
the best thing to do for this is to create a new virtual server - eg 'eduroam' -
which is
Attribute Go=Service1
BUT IF;
A request comes with User-Name: XXX, Password: YYY and Attribute
A = Go2
The Access-Accept should include Attribute Go=Service2
Is this possible?
It is.
http://freeradius.org/radiusd/man/unlang.html
-James
--
James J J Hooper
Network Specialist
Information Services
/winbindd_privileged
say on your system?? Perhaps you have lost the execute bit on your
directory permissions?
-James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
-
List info
--On 08 January 2010 22:24 + James J J Hooper
jjj.hoo...@bristol.ac.uk wrote:
--On 08 January 2010 17:14 -0500 freerad...@corwyn.net wrote:
I had everything working fine, and now it's not. (I use the ldap module
to auth)
When I look through the logs, I'm getting
...
}
... you could use unlang to wrap it in an if statement if you wanted to be
selective about when to apply it.
-James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
-
List
On 22 Sep 2006, at 20:26, Alan DeKok wrote:
http://deployingradius.com/documents/configuration/
active_directory.html
It describes a minimal set of steps to take to get authentication
working against Active Directory. It works in my limited tests, but
if anyone runs into problems, please
). Don't know about a patch, but the
source comes with instructions for building a debian package.
Regards,
James
--
James J J Hooper
Information Services
University of Bristol
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
DeKok.
ps -efL | grep radius
... will show your 5 threads, if it only shows one, then one you only
have!
Regards,
James
--
James J J Hooper
Information Services
University of Bristol
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Signature
Going here:
ftp://ftp.freeradius.org/pub/radius/
1.1.3 is there 1.1.2 seems to be in
ftp://ftp.freeradius.org/pub/radius/old/
a new release ! ... Just appears the webpage hasn't been tweaked quite yet.
Regards,
James
--
James J J Hooper,
Information Services
University of Bristol
1 - 100 of 115 matches
Mail list logo