I connect to the radius over a dialup modem, I add a CHAP user with this line
in the users file:
usuario3 Cleartext-Password := testusuario3
When I connect I use this username and password and the radius don't validate
the request.
Javier.
To: freeradius-users@lists.freeradius.org
When I connect I use this username and password and the radius don't validate
the request.
No. You didn't use username usuario3. Look at the request:
User-Name = chap
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I have this users in the users file:
# Usuarios de prueba
chap Auth-Type := Local, Cleartext-Password := test2007
test Auth-Type := Local, Password := test2007
lock Auth-Type := RejectReply-Message = Cuenta deshabilitada.
steve Cleartext-Password := test
javier Cleartext-Password :=
Can you send the whole debug from the request. I can't see if anything
matched in users file or not.
Ivan Kalik
Kalik Informatika ISP
Dana 26/11/2007, Javier Fernando [EMAIL PROTECTED] piše:
I have this users in the users file:
# Usuarios de prueba
chap Auth-Type := Local,
This is the last log:
Thanks.
Javier.
radiusd -X :
Nothing to do. Sleeping until we see a request.rad_recv: Access-Request packet
from host 10.10.200.252:1645, id=139, length=125Framed-Protocol = PPP
User-Name = bobCHAP-Password =
users: Matched entry DEFAULT at line 173
users: Matched entry DEFAULT at line 185
You have added user entries at the end of users file. You should put user
entries towards the front of the users file. If you need to process some
default entries, user entry should have Fall-Through = Yes at the
Hi,
I use freeradius (1.1.7) to authenticate wireless users (EAP-TTLS/PAP)
with an OpenLDAP backend.
Our first experience with Freeradius on a FreeBSD server was a nightmare
(it seemed to be a thread related problem, the server stopped working
with a lot of unresponsive child error logs).
Christophe Saillard wrote:
Our first experience with Freeradius on a FreeBSD server was a nightmare
(it seemed to be a thread related problem, the server stopped working
with a lot of unresponsive child error logs).
Hmm... the code *did* work well on FreeBSD at one point.
So, we tried on a
there is a lot of documentation missing.
for example, when users are using SSH what's the Login-Service supposed to
be?
setting it to SSH doesn't work.
so many unanswered questions about this.
with SSH we don't want to assign the user an IP address so I just used
Login-IP-Host
and Service-Type
From RFC:
Values for RADIUS Attribute 15, Login-Service:
ValueDescription Reference
---- -
0Telnet
1Rlogin
2TCP Clear
3PortMaster (proprietary)
4
Thanks, i put the users at the top of the users file and connect. I don't read
in any place that the users must be added in the top of the file.
Javier.
To: freeradius-users@lists.freeradius.org Subject: RE: Problem with CHAP
Date: Mon, 26 Nov 2007 16:30:17 +0100 From: [EMAIL PROTECTED]
So what are we supposed to use for SSH then?
TCP Clear? or TCP Clear Quiet?
Dan.
To: freeradius-users@lists.freeradius.org
Subject: RE: local ssh authentication via radius possible?
Date: Mon, 26 Nov 2007 17:02:16 +0100
From: [EMAIL PROTECTED]
From RFC:
Values for RADIUS Attribute 15,
radiusd also complains unknown module files
And that would be the result of you hacking the default radiusd.conf.
Leave it alone, and it will work.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
nope. I didn't touch the default radiusd.conf (out of the package)
I think I need to resolve this Login-Service first. it can't parse the users
file because of it.
so which Login-Service do I use?
To: freeradius-users@lists.freeradius.org
Subject: RE: local ssh authentication via radius
it doesn't like my config, even with TCP Clear-
testing Cleartext-Password := callme
Service-Type = Login-User,
Login-Service = TCP Clear,
Login-IP-Host = testing.mydomain.com
this is frustrating.
and i'm not even sure this is correct for SSH?
To:
Dan Gahlinger wrote:
it doesn't like my config, even with TCP Clear-
testing Cleartext-Password := callme
Service-Type = Login-User,
Login-Service = TCP Clear,
Login-IP-Host = testing.mydomain.com
You have to use the names from the dictionaries. TCP clear is two
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The SSH documentation doesnt say anything about using radius or configuring the
Radius users file.
why would it? that makes no sense.
The pam_radius_auth documentation, while useful, makes no mention of the radius
users file.
I have not been careful to hide or keep anything. I just didn't
Dan Gahlinger wrote:
The SSH documentation doesnt say anything about using radius or
configuring the Radius users file.
why would it? that makes no sense.
Because you haven't said which RADIUS client you're using. Maybe SSH
has a RADIUS plugin...
The pam_radius_auth documentation, while
the client software I'm using is SecureCRT (windows - from vandyke) its a
windows SSH client.
I don't understand most of what you said here. Hence my problem.
I did configure pam_radius with debug option.
there is no output created. It's impossible to tell if things are working the
way they
Dan Gahlinger wrote:
I don't understand most of what you said here. Hence my problem.
The problem is that you're trying to configure 4-5 separate things at
the same time, without understanding how most of them work. As a
result, you're frustrated, and not making progress.
Mon Nov 26
Login-Service is set to TCP-Clear now,
Leave just username and password. Delete all the rest for that user. You
don't need that.
and the log file produces only this:
Mon Nov 26 12:43:45 2007 : Info: rlm_exec: Wait=yes but no output defined. Did
you mean output=none?
Mon Nov 26 12:43:45 2007 :
Greetings,
I am having some issues with mod_auth_radius causing httpd to segfault
when set_cookie is called.
The server in question is CentOS 4.5, with httpd-2.0.52-32.3 and
apr-0.9.4-24.5.c4.2 RPMs installed.
I downloaded mod_auth_radius from
I'm not fighting you at all.
All of your answers previously were read the documentation, it's there.
well, it's not. definitely not.
the pam_radius_auth link you gave me states:
In the per-application configuration add:
authsufficient /lib/security/pam_radius_auth.so
AFTER
auth
if I do that, I get this:
radtest testing callme 127.0.0.1 10 testing123
Sending Access-Request of id 196 to 127.0.0.1 port 1812
User-Name = testing
User-Password = callme
NAS-IP-Address = 255.255.255.255
NAS-Port = 10
Re-sending Access-Request of id 196 to
Dan Gahlinger wrote:
I'm not fighting you at all.
shrug Having answered questions on this list for nearly a decade, I
see patterns.
All of your answers previously were read the documentation, it's there.
well, it's not. definitely not.
The parts I was pointing you to were documented.
Brandon Ewing wrote:
I am having some issues with mod_auth_radius causing httpd to segfault
when set_cookie is called.
Try grabbing the latest version from CVS
(http://freeradius.org/development.html)
That may have a fix. If so, I'll release another version.
Alan DeKok.
-
List
the pam_radius_auth documentation says to email YOU and refers to the radius
mailing list,
which is where I am. you are the author of that as well.
There's no useful documentation on pam on the system, man pages are useless.
I'll try to find a PAM mailing list.
yes, I guess after decades you
Run server in debug mode and post the output. Open one session for
radtest and another for radiusd -X.
Ivan Kalik
Kalik Informatika ISP
Dana 26/11/2007, Dan Gahlinger [EMAIL PROTECTED] piše:
if I do that, I get this:
radtest testing callme 127.0.0.1 10 testing123
Sending Access-Request of id
I am a newbie at using FreeRADIUS. After I run ./configure, I run make
and get the following errors:
usr/home/jose/freeradius-1.1.7/src/modules/rlm_sql/rlm_sql.h:68: error:
syntax error before lt_dlhandle
rlm_sqlippool.c: In function `sqlippool_postauth':
rlm_sqlippool.c:526: warning: unused
Hi,
Eap-fast introduction from cisco said freeradius support eap-fast. Is it
right?
http://www.t11.org/ftp/t11/pub/fc/sp-2/07-595v0.pdf
John
-
雅虎邮箱,终生伙伴! -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Hi,
Eap-fast introduction from cisco said freeradius support eap-fast. Is it
right?
http://www.t11.org/ftp/t11/pub/fc/sp-2/07-595v0.pdf
iirc, there was a small patch submitted to the devel list a few weeks
back...but it needed some formatting changes etc and a re-posting.
alan
-
Dan Gahlinger wrote:
the pam_radius_auth documentation says to email YOU and refers to the
radius mailing list,
which is where I am. you are the author of that as well.
And I'm not the author of the PAM system. If you can get PAM to call
the module, ask questions here. If not, ask
Hangjun He wrote:
Eap-fast introduction from cisco said freeradius support eap-fast. Is it
right?
No.
This came up on the EAP standards list:
http://permalink.gmane.org/gmane.ietf.emu/597
http://www.t11.org/ftp/t11/pub/fc/sp-2/07-595v0.pdf
A simple look on freeradius.org would
[EMAIL PROTECTED] wrote:
I am a newbie at using FreeRADIUS. After I run ./configure, I run make
and get the following errors:
This will be fixed in the next release.
Until then, if you're not using that module, just delete that directory.
Alan DeKok.
-
List info/subscribe/unsubscribe?
35 matches
Mail list logo