clients linux to freeradius
Hello. How do I do for that my clients linux (fedora core 4) soliciten autenticarse ante el servidor freeradius antes de conectarse a la red. Should I install an additional program for my client lunix asking for authentication?. Or is only necessary in some file modoficacion sde linux, as I did in Windows. Liset Vizcardo This message was sent using IMP, the Internet Messaging Program. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: issue with mysql accounting
> Peap also has "use_tunneled_reply". > Alan DeKok. Tyvm. It is working. I'm still using old eap.conf from 2 years ago and this option was before only in TTLS section ;-) S pozdravom -- Bc. Jan 'EIS' Satko Slovak University of Agriculture network & system managerTr. A. Hlinku 2 Tel: +421 37 7412 616 949 76 Nitra Slovakia - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: issue with mysql accounting
Jan Satko wrote: > So it looks like (for me) that AP is sending "outer" information for > accounting. Maybe there is some option howto force AP to show inner > username ? Send the inner user name back in the Access-Accept. Set "use_tunneled_reply", and it should work. > I noticed that TTLS has some options in eap.conf about tunneled-reply or > variables. But i have dozen of users(usually students) which have only > XP/Vista with PEAP plugin. Cannot force them to install TTLS (if TTLS > will works). Peap also has "use_tunneled_reply". Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
issue with mysql accounting
Hi. I have WIFI network based on Cisco Aironet 1130 with WPA/TKIP - EAP-PEAP. Radius server is freeradius (just upgraded to 1.1.7) with mysql backend (users,accounting). Everything worked fine for maybe 2 years. Just atm i have a new problem. Some APs got new IOS and i noticed that now is not sending User-Name like [EMAIL PROTECTED] but is sending MAC address as Username. This "MAC address" username i got also as system enviroment variables. On other APs with old IOS i got also problem. Some users got some new software for connecting to the network(suplicant) where they can set some "fake" outer username. Ofc users can authenticate against radius without problems. I think its because inner authentication variables (MS-CHAPv2 login name?) which freeradus use for authentication. So it looks like (for me) that AP is sending "outer" information for accounting. Maybe there is some option howto force AP to show inner username ? Back to MYSQL. Mysql atm is logging "fake usernames" or MAC addresses as UserName into radacc table. BUT mysql is logging correct username (inner) into radpostauth. Any chance howto solve this problem ? I want to log username like for radpostauth. Also want this username as system enviroment variable so i can make some start/stop scripts where i can use it. I noticed that TTLS has some options in eap.conf about tunneled-reply or variables. But i have dozen of users(usually students) which have only XP/Vista with PEAP plugin. Cannot force them to install TTLS (if TTLS will works). Tyvm for help. S pozdravom -- Bc. Jan 'EIS' Satko Slovak University of Agriculture network & system managerTr. A. Hlinku 2 Tel: +421 37 7412 616 949 76 Nitra Slovakia - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius logging w/syslog
[EMAIL PROTECTED] wrote: > I've upgraded to FreeRADIUS Version 1.1.7 now and logging seems to be > working but I'd like to be able to get more usable data. > I nthe /etc/syslog.conf file I have this entry: ... > From the syslog server I see this data: > Oct 17 19:11:16 radius radiusd(pam_unix)[15776]: authentication failure; > logname= uid=95 euid=95 tty= ruser= rhost= The pam_unix module is creating that log message. See it's documentation for how to log more data. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: accounting update
On 10/17/07, Daann <[EMAIL PROTECTED]> wrote: > > > > but I'd like to have some more detailed instructions on what to do. > > Thanks in advance > > Set this in the users file and accounting will get updated every 300 sec # Sent Chillispot Interim Accounting interval in every reply packet DEFAULT Acct-Interim-Interval = 300 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radcheck & NAS-identifier
Hi, FR + mysql auth&acct. Sometimes I need to restrict users or groups to acces a certain NAS. I use the nas-identifier attribute to recognize the nas To accomplish this I just add an entry to radcheck or radgroupcheck like this NAS-identifier != nas-name This works fine but, sometimes I use radtest directly on the server to test accounts if someone claims he/she is unable to login. Now for every user/group I've set the above entry in the database, radcheck on the server always returns an acces-reject for some reason. Though, users can login the nas's they are allowed to and get rejected on the certain nas I've specified, so the setup itself is working. But I've kind of lost my "account testing utitlity" :-) I don't understand why radcheck fails on these accounts. I understand radcheck doesn't send any nas-identifier, but I used operator ' ! = ' and not ' ==' so shouldn't the radius accept radtest requests on localhost? I 'm sure there is a good explanation why radtest returns an Acces-reject, but I'd like to know why and, if possible, if there is a solution/work-around for this. Many tnx, Y. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html