Hi All,
i am new about FreeRadius. I am moving from Cisco ACS Tacacs to FreeRadius.
During LDAP configuration i am getting the follow error :
[ldap] bind as cn=User,ou=people,dc=domain,dc=it/Password to
ldapserver:636
[ldap] waiting for bind result ...
[ldap]
You shouldn't have quotes around your username or domain. You should use
identity = cn=user,ou=people,dc=domain,dc=it
On 19/07/2013 7:05 PM, Marco Aresu marcoar...@gmail.com wrote:
Hi All,
i am new about FreeRadius. I am moving from Cisco ACS Tacacs to
FreeRadius. During LDAP configuration i
On Thu, Jul 18, 2013 at 11:34:56AM -0500, Matt Zagrabelny wrote:
I've got a similar question that dovetails into this discussion.
Suppose I wanted to reject certain users and wanted the Reply-Message
to be customized per user authenticating, but I want to ensure that I
am not leaking the
Hi,
I am trying to configure eap with some customized certificates, I have
configured eap.config correctly.
But I am getting the error of certificate expired. Although i have the
latest certificates.
certificate has expired. FreeRADIUS has no reason to lie.
check the startup
thanx for you reply, but as i said certificates are ok. Please see this log
[tls] -- User-Name = 0026826172C4@test_cpe.com
[tls] -- BUF-Name = wi-tribe Pakistan Certification Authority
[tls] -- subject = /C=PK/ST=Fedral Capital/L=Islamabad/O=wi-tribe Pakistan
limited/OU=Network
Have you opened the certificates you believe to be the latest in something else
(like Windows perhaps) and checked that the expiry dates of these certificates
is correct?
And have you checked that your server's time is correct too?
Stefan
From:
Hi,
I´m wondering, if I miss something or why do Info-Messages about
Invalid-Message-Authenticator not appear
in the default radius.log anymore? Even can´t get it with
update control {
Tmp-String-0 = %{debug:7}
}
in log section of radiusd.conf.
It´s only
Hi,
I´m wondering, if I miss something or why do Info-Messages about
Invalid-Message-Authenticator not appear
in the default radius.log anymore? Even can´t get it with
such messages only appear in debug mode as logging to file could be a DoS
alan
-
List info/subscribe/unsubscribe? See
But it DID appear in earlier versions of freeradius with default settings for
logging.
And I don´t see the difference to something logging Erros like
Error: Ignoring request to authentication address * port 1812 from unknown
client x.x.x.x port 1092
regarding the mentioned DoS problem.
We´re
Hello Everybody,
I am configuring my freeradius to be integrated in the EDUROAM federation.
It works when the VLAN (as configured in the accesspoint) is statically
assigned.
Now I would like to implement a dynamic vlan assignment on a per user basis;
in this case the Macintosh I am using for
Hi,
But it DID appear in earlier versions of freeradius with default settings for
logging.
And I don´t see the difference to something logging Erros like
Error: Ignoring request to authentication address * port 1812 from unknown
client x.x.x.x port 1092
regarding the mentioned DoS
On 19 Jul 2013, at 14:37, Dario Palmisano dario.palmis...@icgeb.org wrote:
Hello Everybody,
I am configuring my freeradius to be integrated in the EDUROAM federation.
It works when the VLAN (as configured in the accesspoint) is statically
assigned.
Now I would like to implement a
Hi,
I am configuring my freeradius to be integrated in the EDUROAM federation.
It works when the VLAN (as configured in the accesspoint) is statically
assigned.
there are hundreds of sites using this sort of configuration for eduroam - so
its perfectly possible and fine (and standard!) so
On Friday 19 July 2013 15:49:55 Arran Cudbard-Bell wrote:
On 19 Jul 2013, at 14:37, Dario Palmisano dario.palmis...@icgeb.org wrote:
Hello Everybody,
I am configuring my freeradius to be integrated in the EDUROAM
federation. It works when the VLAN (as configured in the accesspoint) is
On 19 Jul 2013, at 14:29, Anja Ruckdaeschel
anja.ruckdaesc...@rz.uni-regensburg.de wrote:
But it DID appear in earlier versions of freeradius with default settings for
logging.
Don't know. You're welcome to dig though the source to find out...
And I don´t see the difference to something
You are right, I know!
On Friday 19 July 2013 15:52:43 a.l.m.bu...@lboro.ac.uk wrote:
Hi,
I am configuring my freeradius to be integrated in the EDUROAM
federation. It works when the VLAN (as configured in the accesspoint) is
statically assigned.
there are hundreds of sites using this
On 19 Jul 2013, at 15:10, Dario Palmisano dario.palmis...@icgeb.org wrote:
On Friday 19 July 2013 15:49:55 Arran Cudbard-Bell wrote:
On 19 Jul 2013, at 14:37, Dario Palmisano dario.palmis...@icgeb.org wrote:
Hello Everybody,
I am configuring my freeradius to be integrated in the EDUROAM
Sorry, but I only wanted to know why the behaviour has changed and if there is
any way to do it by configuration or access it with unlang...
BTW:
If I remove the client completely, log in normal mode says):
Fri Jul 19 16:32:29 2013 : Error: Ignoring request to authentication address *
port 1812
Hi,
The specific configuration works fine I remove the following line from users
file:
Tunnel-Type := VLAN, Tunnel-Medium-Type := IEEE-802, Tunnel-Private-
Group-ID := 218
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID = 218
Hi,
Here you can download the (almost complete) debug log. Near the end I added a
text to make evident when I disconnected.
http://webshare.icgeb.org//data/public/ce2e2ee9fbd84c362fd49b10805b36c8.php?lang=en
please dont ask me to visit random web sites that require to to click on things
If I add the client and use a wrong secret, log says:
Fri Jul 19 16:33:09 2013 : Auth: Login incorrect: [radtestuser] (from client
port 0)
It´s a kind of misleading information, because it has nothing do do with users
login, but with a wrong shared secret on the NAS.
Did the
On Friday 19 July 2013 16:29:57 Arran Cudbard-Bell wrote:
On 19 Jul 2013, at 15:10, Dario Palmisano dario.palmis...@icgeb.org wrote:
On Friday 19 July 2013 15:49:55 Arran Cudbard-Bell wrote:
On 19 Jul 2013, at 14:37, Dario Palmisano dario.palmis...@icgeb.org
wrote:
Hello Everybody,
I
On Friday 19 July 2013 16:54:13 a.l.m.bu...@lboro.ac.uk wrote:
Hi,
The specific configuration works fine I remove the following line from
users file:
Tunnel-Type := VLAN, Tunnel-Medium-Type := IEEE-802, Tunnel-Private-
Group-ID := 218
Tunnel-Type = VLAN,
On Fri, Jul 19, 2013 at 04:20:51PM +0200, Dario Palmisano wrote:
is this a 'fat/autonomous' AP? if so, then only latest firmware can handle
multiple VLANS per 802.1X SSID with multiple BSSIDs present.
This could be the problem, I found something in the Cisco documentation but
was unsure
Dear Arran,
Sorry, about the typo with debug
I looked at the invalid packet counters. Only shows the requests with wrong
shared secrets in rejects-Counter ... Same thing
stats client auth x.x.x.x
requests5
responses 5
accepts 1
rejects
No. It didn´t inlcude a Message-Authneticator attrib...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
At the end, thanks to the list suggestions I found in the cisco docs the
sentence:
Keep these guidelines in mind when configuring multiple BSSIDs:
RADIUS-assigned VLANs are not supported when you enable multiple BSSIDs.
So it seems not to be related to the IOS version, is it?
Is there any
On 19 Jul 2013, at 16:32, Anja Ruckdaeschel
anja.ruckdaesc...@rz.uni-regensburg.de wrote:
Dear Arran,
Sorry, about the typo with debug
I looked at the invalid packet counters. Only shows the requests with wrong
shared secrets in rejects-Counter ... Same thing
The RADIUS server
I'm sure there was some late in the day ios updates for 1130 series AP this
stuff works with capwap/lwapp 1131 anyway, if MBSSID is not supported with
dynamic vlan assignment so don't use mbssid, use guest mode instead.
alan
-
List info/subscribe/unsubscribe? See
On 15/07/13 23:21, Daniel Pocock wrote:
On 15/07/13 21:51, Alan DeKok wrote:
Daniel Pocock wrote:
I just opened this report against radiusclient-ng in Debian (see below),
can anybody else comment on the situation, in particular, for
compatibility? Is there any urgency for Debian to
On 15/07/13 21:53, Alan DeKok wrote:
Daniel Pocock wrote:
Can anybody comment on which client code should be used for long
extended attributes?
I see that the freeradius-client project predates RFC 6929.
By a LONG ways.
There's no client code for the extended attributes. The RFC
List,
I'm bumping this odd issue with Simultaneous-Use:
When I have a session that didn't get expired in a SQL database, and the
user tries to connect then freeradius correctly checks the nas using the
checkrad script *UNLESS* the nas is no longer defined in the clients.
If the nas is missing,
On 19 Jul 2013, at 23:17, John Dennis jden...@redhat.com wrote:
I've built on Fedora and the unreleased RHEL-7
On RHEL-7 I built on the following architectures:
ppc, s390, x86_64, ppc64, i686, s390x
All of those built successfully but when I run one of our analysis tools
it reports
33 matches
Mail list logo