RE: framedipaddress

[Santiago Balaguer García]

We worked with Meru as Access Point, but not as NAS.

If you want to autrhenticate users, then it is not the correct device; use 
another one.

Anyway I think there is other better devices in the market at he same cost.
 
> Date: Tue, 11 May 2010 17:16:31 +0200
> From: al...@deployingradius.com
> To: freeradius-users@lists.freeradius.org
> Subject: Re: framedipaddress
> 
> Paweł Pogorzelski wrote:
> > Unfortunately Meru claims that the client IP address is not sent to
> > the radius in any other attribute either.
> 
> Buy a NAS that works.
> 
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
  
_
Diseñar aplicaciones tiene premio. ¡Si eres desarrollador no esperes más!
http://www.imaginemobile.es-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: freeradius-server-2.1.8

[dorra aa]

when i wrote that # radtest dorra mesh 192.168.1.65 1812 testing123
i had this error
r...@pfe-laptop:/home/pfe/freeradius-server-2.1.8/raddb# radtest dorra mesh 
192.168.1.65 1812 testing123
Sending Access-Request of id 224 to 192.168.1.65 port 1812
User-Name = "dorra"
User-Password = "mesh"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
Sending Access-Request of id 224 to 192.168.1.65 port 1812
User-Name = "dorra"
User-Password = "mesh"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
Sending Access-Request of id 224 to 192.168.1.65 port 1812
User-Name = "dorra"
User-Password = "mesh"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
radclient: no response from server for ID 224 socket 3

and ther is nothing in the output of radiusd -X

> Date: Wed, 12 May 2010 01:51:28 +0200
> From: mangi...@gmail.com
> To: m...@myownsoho.net; freeradius-users@lists.freeradius.org
> Subject: Re: freeradius-server-2.1.8
> 
> Maybe the professor wanted to learn him how to work with "&" operator 
> and radiusd -X is just a simple command :)
> 
> now, lets get to work,
> 
> Tell us what you want to achieve then there is a chance to see something 
> usable on this list
> 
> 
> 
> Mike Nichols wrote:
> >
> > running radius in debug mode in the background shouldn't provide 
> > anything useful tho.
> >
> > just a thought...
> >
> > On Tue, 11 May 2010 19:36:24 +, dorra aa  
> > wrote:
> >
> > I installed on a server machine: freeradius-server-2.1.8
> > I wrote in the terminal: radiusd-X &
> > Now I want to test a remote access client with radtest, is what
> > the client must be equipped with He commend
> > freeradius-server-2.1.8 or not? what I should do in the client side
> > 
> > Hotmail: Powerful Free email with security by Microsoft. Get it
> > now. 
> >
> >  
> >
> > --
> >
> > Mike Nichols
> > My Own SOHO
> > m...@myownsoho.net
> > http://myownsoho.com
> > 212 202-2194
> > 
> >
> > -
> > List info/subscribe/unsubscribe? See 
> > http://www.freeradius.org/list/users.html
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
  
_
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
https://signup.live.com/signup.aspx?id=60969-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius-server-2.1.8

[Marinko Tarlac]

Maybe the professor wanted to learn him how to work with "&" operator 
and radiusd -X is just a simple command :)


now, lets get to work,

Tell us what you want to achieve then there is a chance to see something 
usable on this list




Mike Nichols wrote:


running radius in debug mode in the background shouldn't provide 
anything useful tho.


just a thought...

On Tue, 11 May 2010 19:36:24 +, dorra aa  
wrote:


I installed on a server machine: freeradius-server-2.1.8
I wrote in the terminal: radiusd-X &
Now I want to test a remote access client with radtest, is what
the client must be equipped with He commend
freeradius-server-2.1.8 or not? what I should do in the client side

Hotmail: Powerful Free email with security by Microsoft. Get it
now. 

 


--

Mike Nichols
My Own SOHO
m...@myownsoho.net
http://myownsoho.com
212 202-2194


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius-server-2.1.8

[Mike Nichols]

running radius in debug mode in the background shouldn't provide
anything useful tho. 

just a thought... 

On Tue, 11 May 2010 19:36:24
+, dorra aa  wrote:  I installed on a server machine:
freeradius-server-2.1.8
I wrote in the terminal: radiusd-X ">Mike
Nichols
My Own SOHO
m...@myownsoho.net
http://myownsoho.com
212 202-2194



Links:
--
[1] https://signup.live.com/signup.aspx?id=60969
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius-server-2.1.8

[Arran Cudbard-Bell]

On May 11, 2010, at 1:25 PM, John Dennis wrote:

> On 05/11/2010 04:17 PM, dorra aa wrote:
>> this is not my idea.it's the idea of my professor. i have no idea about
>> the radius and he wants me to work in it just in 2 weeks.
> 
> You want us to do your course assignments for you?

Kids these days, tsk tsk.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius-server-2.1.8

[John Dennis]

On 05/11/2010 04:17 PM, dorra aa wrote:

this is not my idea.it's the idea of my professor. i have no idea about
the radius and he wants me to work in it just in 2 weeks.


You want us to do your course assignments for you?

--
John Dennis 

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: freeradius-server-2.1.8

[dorra aa]

 this is not my idea.it's the idea of my professor. i have no idea about the 
radius and he wants me to work in it just in 2 weeks.I'm shearching in many 
forum but i don't understand because of many errorsnow i want to test with 
radtest name password 192.168.1.12 1812 secretshould i write it in the terminal 
of server?Please help me in the first stages. :(((

> Date: Tue, 11 May 2010 21:45:19 +0200
> From: al...@deployingradius.com
> To: freeradius-users@lists.freeradius.org
> Subject: Re: freeradius-server-2.1.8
> 
> dorra aa wrote:
> > I installed on a server machine: freeradius-server-2.1.8
> > I wrote in the terminal: radiusd-X &
> 
>   Why would you do that?
> 
>   Nothing in *any* documentation says that's a good idea.
> 
> > Now I want to test a remote access client with radtest, is what the
> > client must be equipped with He commend freeradius-server-2.1.8 or
> > not? what I should do in the client side
> 
>   The client needs a radius client... like radtest.
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
  
_
Hotmail: Powerful Free email with security by Microsoft.
https://signup.live.com/signup.aspx?id=60969-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius-server-2.1.8

[Alan DeKok]

dorra aa wrote:
> I installed on a server machine: freeradius-server-2.1.8
> I wrote in the terminal: radiusd-X &

  Why would you do that?

  Nothing in *any* documentation says that's a good idea.

> Now I want to test a remote access client with radtest, is what the
> client must be equipped with He commend freeradius-server-2.1.8 or
> not? what I should do in the client side

  The client needs a radius client... like radtest.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius-server-2.1.8

[dorra aa]

I installed on a server machine: freeradius-server-2.1.8
I wrote in the terminal: radiusd-X &
Now I want to test a remote access client with radtest, is what the client must 
be equipped with He commend freeradius-server-2.1.8 or not? what I should do in 
the client side   
_
Hotmail: Powerful Free email with security by Microsoft.
https://signup.live.com/signup.aspx?id=60969-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

How to demonize 'radiusd -s'

[Коньков Евгений]

Hi, FreeRadius.

Is this posible to demonize 'radiusd -s' ?

-- 
Eugen Konkov  mailto:kes-...@yandex.ru

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: framedipaddress

[Alan DeKok]

Paweł Pogorzelski wrote:
> Unfortunately Meru claims that  the client IP address is not sent to
> the radius in any other attribute either.

  Buy a NAS that works.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: framedipaddress

[Paweł Pogorzelski]

Unfortunately Meru claims that  the client IP address is not sent to
the radius in any other attribute either.

-- 
Pozdrawiam/Best regards
Paweł Pogorzelski
e-mail: ppogorzel...@gmail.com

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Adding a signed certificate from a signing authority

[Alan Buxey]

Hi,

> I have found and carried out the steps on the wiki site around using “snake 
> oil” certificates and then creating your own producution certificates. But I 
> now would like to add the externally signed certificate for added security.

surejust put the relevant files into the right place...and edit
the eap.conf accordingly. you will need the server cert and the CA..
if the CA is a chained cert, then you'll need the CA and its next up
9and its next up and its next up etc) concatenated in the same single
file.  theres nothing magical about using real certs...these days
it seems some real world certs are just as work-causing/onerous as
'snake oil' certs.   personally, I fall into the 'closed loop' camp
which believes that using your own CA is more secure than some random
external CA that anyone can get a cert fromnoone else but your users
will authenticate against your RADIUS server (external visitors get proxied
and only have to trust their home RADIUS)and, as previously mentioned,
lots of current external 3rd parties require you to update/change/install
certs on the client (take the recent TERENA SSLs served by JANET for 
example.)

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Simultneous-Use + SQL + Checkrad

[Galatóczki István]

Hi All!

I use  Freeradius 2.0.4(deb pack) with Mysql 5.0.51.

The online users check not work in the NAS with checkrad script my network.
I read the list and forums but not founded solution.
Question: working the checkrad script without radutmp?

my config:

radcheck- Simultaneous-Use: =1

accounting (
 sql
 sqlippool
)

session (
 sql
)

uncomment: 
simul_count_query... in dialup.conf
include: sql.conf  etc.. in the radiusd.conf

Best Regards

Steve

ps: sorry my english
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: framedipaddress

[Paweł Pogorzelski]

Than You sunhualing for advice. I'm waiting for answer  from Meru.

-- 
Pozdrawiam/Best regards
Paweł Pogorzelski
e-mail: ppogorzel...@gmail.com

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Adding a signed certificate from a signing authority

[Iain Grant]

Apologies I seem to be hogging this today.

My radius server is working fine, so now I want to add a signed
certificate from a certificate authority.
Are there any pointers on how to do this.

I have found and carried out the steps on the wiki site around using
"snake oil" certificates and then creating your own producution
certificates. But I now would like to add the externally signed
certificate for added security.

Thanks again 

Iain


__
SCRI, Invergowrie, Dundee, DD2 5DA.  
The Scottish Crop Research Institute is a charitable company limited by 
guarantee. 
Registered in Scotland No: SC 29367.
Recognised by the Inland Revenue as a Scottish Charity No: SC 006662.


DISCLAIMER:

This email is from the Scottish Crop Research Institute, but the views 
expressed by the sender are not necessarily the views of SCRI and its 
subsidiaries.  This email and any files transmitted with it are confidential to 
the intended recipient at the e-mail address to which it has been addressed.  
It may not be disclosed or used by any other than that addressee.
If you are not the intended recipient you are requested to preserve this 
confidentiality and you must not use, disclose, copy, print or rely on this 
e-mail in any way. Please notify postmas...@scri.ac.uk quoting the name of the 
sender and delete the email from your system.

Although SCRI has taken reasonable precautions to ensure no viruses are present 
in this email, neither the Institute nor the sender accepts any responsibility 
for any viruses, and it is your responsibility to scan the email and the 
attachments (if any).
__-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius 2.1.7 mschap2 depreciated condition

[Alan Buxey]

Hi,

> The problem is %{Stripped-User-Name} does not seem to be working properly.

further to this, the stripped-user-name doesnt exist - which is why its not 
being
usedif this is the case then you are not running required module that
understands the realm part or do not have scri.ac.uk as a defined realm in
the proxy.conf  - check that you are running the required modules
(preprocess, suffix and ntdomain are usual friends)

check the debug startup output of the old server and of the new server
ad , if similar architecture (eg both 2.1.x) you can also diff
the config files. very handy.

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Freeradius 2.1.7 mschap2 depreciated condition

[Iain Grant]

Solved it,

I had not added my realms to the bottom of proxy.conf.
Once changed everything is working.

Thanks

iain

__
SCRI, Invergowrie, Dundee, DD2 5DA.  
The Scottish Crop Research Institute is a charitable company limited by 
guarantee. 
Registered in Scotland No: SC 29367.
Recognised by the Inland Revenue as a Scottish Charity No: SC 006662.


DISCLAIMER:

This email is from the Scottish Crop Research Institute, but the views 
expressed by the sender are not necessarily the views of SCRI and its 
subsidiaries.  This email and any files transmitted with it are confidential to 
the intended recipient at the e-mail address to which it has been addressed.  
It may not be disclosed or used by any other than that addressee.
If you are not the intended recipient you are requested to preserve this 
confidentiality and you must not use, disclose, copy, print or rely on this 
e-mail in any way. Please notify postmas...@scri.ac.uk quoting the name of the 
sender and delete the email from your system.

Although SCRI has taken reasonable precautions to ensure no viruses are present 
in this email, neither the Institute nor the sender accepts any responsibility 
for any viruses, and it is your responsibility to scan the email and the 
attachments (if any).
__

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius-Users Digest, Vol 61, Issue 37

[Alan Buxey]

Hi,

> In fact I even cut and pasted the ntlm line from the working radius to
> the redhat radius server.
> 
> Has someone else built a RedHat radius 2.1.7 server to point to an
> Windows ADS ??

yes...thats what we currently hve. you do not have a problem...the config
definition will work...its just deprecated...the expansion method has changed..
you need to change it to eg (from top of head!)

%{Stripped-User-Name:-%{User-Name:-none}}

becomes

%{Stripped-User-Name:-%{%{User-Name}:-%{none}}}


as said, its documented in the 'unlang' man pageand i really thought
all old deprecated calls in the default config had been wiped away - they
really need to be for the 2.1.9 and 2.2.x releases as they just complicate
issues!

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Freeradius-Users Digest, Vol 61, Issue 37

[Iain Grant]

>> The problem is %{Stripped-User-Name} does not seem to be working
properly.

>here was a chhange to conditional expansions some time backthe
output you see is just a warningif you 'man >unlang' you can see how
such a condition should be written.the default config that ships
with 2.1.8 should have >this fixedbut just check your modules/*
files for where this is used... mschapv2 or ntlm_auth from memory

This is strange as I have compared the modules/mschap files on both
systems ( radius 2.1.8 on centos and radius 2.1.7 on RH ES 5.5 ) and
they are identical !!!

In fact I even cut and pasted the ntlm line from the working radius to
the redhat radius server.

Has someone else built a RedHat radius 2.1.7 server to point to an
Windows ADS ??

Thanks

Iain



__
SCRI, Invergowrie, Dundee, DD2 5DA.  
The Scottish Crop Research Institute is a charitable company limited by 
guarantee. 
Registered in Scotland No: SC 29367.
Recognised by the Inland Revenue as a Scottish Charity No: SC 006662.


DISCLAIMER:

This email is from the Scottish Crop Research Institute, but the views 
expressed by the sender are not necessarily the views of SCRI and its 
subsidiaries.  This email and any files transmitted with it are confidential to 
the intended recipient at the e-mail address to which it has been addressed.  
It may not be disclosed or used by any other than that addressee.
If you are not the intended recipient you are requested to preserve this 
confidentiality and you must not use, disclose, copy, print or rely on this 
e-mail in any way. Please notify postmas...@scri.ac.uk quoting the name of the 
sender and delete the email from your system.

Although SCRI has taken reasonable precautions to ensure no viruses are present 
in this email, neither the Institute nor the sender accepts any responsibility 
for any viruses, and it is your responsibility to scan the email and the 
attachments (if any).
__

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: free NAS ?

[sunhualing]

any other function do you need?

On Sat, May 8, 2010 at 3:46 AM, VU VAN HUNG  wrote:

> sunhualing wrote:
>
>> hostapd as a NAS, authenticator
>> wpa-supplicant as a supplicant
>>
>>
>> On Fri, May 7, 2010 at 1:31 AM, Jeff Voskamp > javos...@uwaterloo.ca>> wrote:
>>
>>On 05/06/2010 01:27 PM, John McDonnell wrote:
>>
>>On May 6th, 2010 at 1:09 PM, Randal Carpenter wrote:
>>Try openfiler, at http://www.openfiler.com/, it emulates both
>>SAN and NAS
>>equipment.
>>
>>
>>
>>
>>
>>On Thu, May 6, 2010 at 5:56 AM, VU VAN
>>HUNGmailto:vanhung2...@gmail.com>>  wrote:
>>
>>
>>
>>   Hi all,
>>   I just wonder that are there any open source software
>>that have same
>>functionalities like Network Access Server ?
>>   Because I see that there's Asterisk, which 's like a PBX.
>>   Best,
>>   Hung,
>>   -
>>   List info/subscribe/unsubscribe? See
>>http://www.freeradius.org/list/users.html
>>
>>
>>There's always FreeNAS as well... http://freenas.org/freenas
>>
>>
>>Wrong NAS - those ones are Network Attached Storage, not Network
>>Access Server.
>>
>>Dang TLA overload.
>>
>>Jeff
>>
>>-
>>List info/subscribe/unsubscribe? See
>>http://www.freeradius.org/list/users.html
>>
>>
>> 
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
> hostapd only for authentication, I have tried to google but found nothing.
> I want to find a  free NAS supporting accounting for radius server. Just
> found this one. Check it out !
> https://www.rahunas.org/trac/
>
> Hung,
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radiusd: segmentation fault

[sunhualing]

Nothing I can help.
Maybe you can check the dynamic shared library,they may conflict with
radiusd,

2010/5/7 

> Здравствуйте, Коньков.
>
> Вы писали 6 мая 2010 г., 23:58:44:
>
>
> КЕ> Help pls to resolve problem why radiusd segfault
> КЕ> or give clue
>
> КЕ> kes# radiusd -v
> КЕ> radiusd: FreeRADIUS Version 2.1.3, for host
> КЕ> i386-portbld-freebsd7.1, built on Jan  6 2009 at 10:52:08
> КЕ> Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
> КЕ> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> КЕ> PARTICULAR PURPOSE.
> КЕ> You may redistribute copies of FreeRADIUS under the terms of the
> КЕ> GNU General Public License.
> КЕ> For more information about these matters, see the file named COPYRIGHT.
>
> КЕ> kes# uname -a
> КЕ> FreeBSD kes.net.ua 7.1-RELEASE FreeBSD 7.1-RELEASE #0: Sat Jan  3
> 01:15:39 EET 2009
> КЕ>  k...@in.lan:/usr/obj/usr/src/sys/KES_KERN_v7  i386
>
> КЕ> I did not find any radiusd.core files in the system =(
>
> КЕ> if any other infomation may usefull I can send
>
> КЕ> Thank you
>
>
> vpn_shadow# radiusd -v
> radiusd: FreeRADIUS Version 2.1.8, for host amd64-portbld-freebsd7.2, built
> on May  3 2010 at 13:08:56
> Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> PARTICULAR PURPOSE.
> You may redistribute copies of FreeRADIUS under the terms of the
> GNU General Public License.
> For more information about these matters, see the file named COPYRIGHT.
>
> vpn_shadow# uname -a
> FreeBSD vpn_shadow.in 7.2-RELEASE FreeBSD 7.2-RELEASE #1: Fri Nov 13
> 12:33:55 EET 2009 d...@vpn_shadow.in:/usr/obj/usr/src/sys/vpn  amd64
>
> On this machine same result
> --
> С уважением,
>  Kes-kes  mailto:kes-...@yandex.ru
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: framedipaddress

[sunhualing]

Then,which attribute they support?
framedipaddress is the popular one,if they don't support ,you can ask which
attribute(describe the user's IP address) they support
and add this attribute to the radacct schema .
that's ok. freeradius is easy to add new attributes

2010/5/10 Paweł Pogorzelski 

> Meru Networks Support replied me that  "...Framed-IP-Address is not
> one of the attributes that we support."
>
> Is there anything that I can do?
> --
> Best regards
> Paweł Pogorzelski
> e-mail: ppogorzel...@gmail.com
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius 2.1.7 mschap2 depreciated condition

[Alan Buxey]

Hi,

> The problem is %{Stripped-User-Name} does not seem to be working properly.

here was a chhange to conditional expansions some time backthe
output you see is just a warningif you 'man unlang' you can see
how such a condition should be written.the default config that ships
with 2.1.8 should have this fixedbut just check your modules/*
files for where this is used... mschapv2 or ntlm_auth from memory

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: The client does not connect _*_*_*_

[Thibault Le Meur]

Le 11/05/2010 10:09, htt thanh a écrit :
Hi, I don't know why the user-password id encrypted, how can I make a 
cleartext secret...;((


The pb is with your client shared secret: the secret you set in 
/etc/raddb/clients.conf and in your NAS configuration.


It seems that you haven't set the same secret in your FR configuration 
and in your NAS so that the password sent to FR is not correctly decrypted.


Thibaukt




thank in advance

On 11 May 2010 14:23, Alan Buxey > wrote:


Hi,

> User-Password = "-*\333\003D\215\345\\\302\036\251\320:\373ȇ"

note the mess

..then note this warning:

>   WARNING: Unprintable characters in the password.  
Double-check the shared secret on the server and the NAS!


not sure how much more help the server can give you. you have
incorrect shared secret. double check your values...trailing space?

alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




--
htt


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Freeradius 2.1.7 mschap2 depreciated condition

[Iain Grant]

I am trying to build a radius server on a Licencesed RedHat ES 5.5 with
the stock Freeradius 2.1.7 rpms.

The problem is %{Stripped-User-Name} does not seem to be working
properly. 

If I run radius -X I can see the  following

[mschapv2] +- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for ouru...@scri.ac.uk with NT-Password
[mschap]expand: %{Stripped-User-Name} ->
[mschap] WARNING: Deprecated conditional expansion ":-".  See "man
unlang" for details
[mschap]expand: %{User-Name:-None} -> ouru...@scri.ac.uk
[mschap]expand:
--username=%{%{Stripped-User-Name}:-%{User-Name:-None}} ->
--username=ouru...@scri.ac.uk
[mschap] No NT-Domain was found in the User-Name.
[mschap]expand: %{mschap:NT-Domain} ->
[mschap]expand: --domain=%{%{mschap:NT-Domain}:-OURDOMAIN} ->
--domain=OURDOMAIN
[mschap]  mschap2: 04
[mschap]expand: --challenge=%{mschap:Challenge:-00} ->
--challenge=13b2ecc29de42369
[mschap]expand: --nt-response=%{mschap:NT-Response:-00} ->
--nt-response=f55853d43f231f154755ce89ca3136f13929f36d728dbfd9
Exec-Program output: Logon failure (0xc06d)
Exec-Program-Wait: plaintext: Logon failure (0xc06d)

Note : I've changed the username and domain name in the above.

Is this fixable with a configuration file ?

I have already got a working Centos 5.5 server using freereadius 2.1.8,
but I want to move it to RedHat too match all the other infrastructure
servers.
Also I'm writing a build document for the system so that someone else
has a document to follow in the future.

Thanks

iain


Iain Grant
Linux System Administrator
Scottish Crop Research Institute
Invergowrie
Dundee DD2 5DA
Tel : 01382 562731 x 2605



__
SCRI, Invergowrie, Dundee, DD2 5DA.  
The Scottish Crop Research Institute is a charitable company limited by 
guarantee. 
Registered in Scotland No: SC 29367.
Recognised by the Inland Revenue as a Scottish Charity No: SC 006662.


DISCLAIMER:

This email is from the Scottish Crop Research Institute, but the views 
expressed by the sender are not necessarily the views of SCRI and its 
subsidiaries.  This email and any files transmitted with it are confidential to 
the intended recipient at the e-mail address to which it has been addressed.  
It may not be disclosed or used by any other than that addressee.
If you are not the intended recipient you are requested to preserve this 
confidentiality and you must not use, disclose, copy, print or rely on this 
e-mail in any way. Please notify postmas...@scri.ac.uk quoting the name of the 
sender and delete the email from your system.

Although SCRI has taken reasonable precautions to ensure no viruses are present 
in this email, neither the Institute nor the sender accepts any responsibility 
for any viruses, and it is your responsibility to scan the email and the 
attachments (if any).
__-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: The client does not connect _*_*_*_

[htt thanh]

Hi, I don't know why the user-password id encrypted, how can I make a
cleartext secret...;((
thank in advance

On 11 May 2010 14:23, Alan Buxey  wrote:

> Hi,
>
> > User-Password = "-*\333\003D\215\345\\\302\036\251\320:\373ȇ"
>
> note the mess
>
> ..then note this warning:
>
> >   WARNING: Unprintable characters in the password.   Double-check the
> shared secret on the server and the NAS!
>
> not sure how much more help the server can give you. you have
> incorrect shared secret. double check your values...trailing space?
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>



-- 
htt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius 2.1.6: "\" in %{SQL-User-Name}

[Alan Buxey]

Hi,

> I am using my Freeradius 2.1.6 to do PEAP for Windows XP clients. The
> usernames are in format '\'
> 
> I am using postgresql and my "safe-characters" in the dialup.conf is set
> to:
> 
> My radcheck table looks like:
>  id |   username   | attribute  | op |value
>   4 | GTCORP\dzhao | Auth-Type  | =  | ntlm_auth

do you care for the windows DOMAiN?  you could use the realm/suffix
modules and ensure that SQL-user-Name is set correctly.

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius not recieving username from cisco

[Alan DeKok]

Athiqur Rahman wrote:
> When I open ppp connection to from windows xp laptop to my as5300 it is
> not sending the login credentials to the FreeRadius. FeeRadius says the
> username attribute was not found

Fix the NAS so that it sends a User-Name.

  Consult the NAS documentation for how to do this.

  There's nothing you can do to FreeRADIUS which will make the NAS send
a User-Name.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: The client does not connect _*_*_*_

[Alan Buxey]

Hi,

> User-Password = "-*\333\003D\215\345\\\302\036\251\320:\373ȇ"

note the mess

..then note this warning:

>   WARNING: Unprintable characters in the password.   Double-check the 
> shared secret on the server and the NAS!

not sure how much more help the server can give you. you have
incorrect shared secret. double check your values...trailing space?

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: autthentication error

[Alan Buxey]

Hi,

> I have configurated a freeradius server using MySql authentication. When i 
> run "radtest" i get a succefull response:

built yourself?

so, basic SQL works. good. however, your windows client didnt - and this error 
here:

> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP NAK
> [eap] NAK asked for unsupported type 25
> [eap] No common EAP types found.
> [eap] Failed in EAP select
> ++[eap] returns invalid

looks like the method you are trying to use is not known to the server...did you
build the server yourself? looks like it doesnt recognise (PEAP).

simple search of web and mailing list shows this commonly caused
by server not being built with OpenSSL or OpenSSL libraries not
installed


alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html