Re: WPA group key exchange -
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 9 Feb 2004 00:58:28 -0500 "Singh, Alok" <[EMAIL PROTECTED]> wrote: >What's the expected flow after this? I believe the STA need to respond back with >anything... After sending one EAPOL-Key (802.1X format) message with a broadcast key >from the AP to the STA, how can I make sure that we have encrypted packets flowing >between AP & STA. Is there any kind of > data do I send to ensure that encryption works.. > You may want to fire up your favorite (packet) sniffer and see what is going on with the frames/packets: I have some old examples using a Linksys-G here: http://oslabs.mikro-net.com/eth/ Hope this helps. Michael Brown -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAJykeyEfMczxaHdsRAr1lAJ9giWQwWv6Mrm/ywQkfqWhVjRtRIACgkalQ pSfV1d4A3lRzmira/n6INjs= =dpvX -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
WPA group key exchange -
Hi, I''m trying to test EAPOL-Key(4-way and group key handshaking) exchange between the AP and the STA (Win XP-SP1-WPA). I'm able to do 4-way hanshake. After that I load the TKIP keys to the AP wireless MAC, but when I send the 1st EAPOL Group Key message from the AP to the STA, the STA doesn't respond back with anything. My queries: Have you been able to perform this handshake successfully using Win XP as STA and using EAPOL-Key (WPA/802.11i format)? I tried sending EAPOL-Key (802.1X format) message with a broadcast(Group) key from the AP to the STA. What's the expected flow after this? I believe the STA need to respond back with anything... After sending one EAPOL-Key (802.1X format) message with a broadcast key from the AP to the STA, how can I make sure that we have encrypted packets flowing between AP & STA. Is there any kind of data do I send to ensure that encryption works.. regards, alok (91) 9848309728 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: preproxy for calledstationid to realm
On Sun, 2004-02-08 at 19:09, Jim wrote: > Is '*' a valid wild card regexp? Umm... "man 7 regex"? No, a * by itself is not a valid regex... try ".*" in its place. Seriously though, if you're not used to using regular expressions, you should really bone up on it, because you can get yourself into a log of trouble with a single errant character. -- --Mike -- Michael Griego Wireless LAN Project Manager The University of Texas at Dallas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mobile IP Support
Hi! I'm studying the components of the CDMA2000 1xEVDO architecture. One of the components in the Packet Data system is the AAA server. I'm making a comparison between the Cisco Access Registrar, Steel Belted Radius and FreeRadius. Does freeradius support Mobile IP or EVDO ? Thanks. Francis Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online
Re: preproxy for calledstationid to realm
On Sat, 7 Feb 2004, Alan DeKok wrote: > im <[EMAIL PROTECTED]> wrote: > > preproxy_users file: > > > > << > > DEFAULT > >Called-Station-ID =~ "*1234", Proxy-To-Realm := "realmname" > > >> > > What do you expect this to do? Perhaps you missed the previous exchange. I can recap, if necessary. > The purpose of the "preproxy_users" file is to massage a request > AFTER you have decided to proxy it, and BEFORE it is sent to the > proxy. Ok, that helps. > If you're trying to set Proxy-to-Realm in that file, and expecting > the request to be proxued, it won't work. You have to decide to proxy > requests during the "authorize" stage, which means the "users" file. Which is why I had the "preproxy_users" file in the 'files' module in the "authorize" stage as I originally had asked. Putting the entry in the "users" file accomplished what we're trying to do, except that Called-Station-ID =~ "*1234" didn't work until we made it Called-Station-ID == "9876541234" Is '*' a valid wild card regexp? > Alan DeKok. thanks, Jim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeRADIUS: Livingston PM
At 05:15 PM 2/8/2004, Richard Bradley wrote: Does anyone have suggestions why freeRADIUS is not picking up the Livingston PM3? freeRADIUS starts and I set the AUTH and ACCCOUNTING toward the freeRADIUS server and it never picks it up. I'll take someone fishing if they figure it out:-) http://www.lagooner.com What ports is freeRADIUS listening on, and what ports is the PM3 sending to? One is likely set to 1645/1646, and the other set to 1812/1813. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeRADIUS: Livingston PM
Does anyone have suggestions why freeRADIUS is not picking up the Livingston PM3? freeRADIUS starts and I set the AUTH and ACCCOUNTING toward the freeRADIUS server and it never picks it up. I'll take someone fishing if they figure it out:-) http://www.lagooner.com Capt. Richard Bradley IGFA Certified Guide/Lagooner, Inc. P.O. Box 1920 Cape Canaveral, FL 32920 Instant Messenger: lagoonr [EMAIL PROTECTED] (321) 868-4953 BEGIN:VCARD VERSION:3.0 N:Bradley;Richard;;; FN:Richard Bradley ORG:Lagooner\,Inc.; TITLE:Captain EMAIL;type=HOME;type=pref:[EMAIL PROTECTED] EMAIL;type=WORK:[EMAIL PROTECTED] EMAIL;type=WORK:321-543-3806 EMAIL;type=INTERNET:[EMAIL PROTECTED] TEL;type=HOME;type=pref:321-868-4953 TEL;type=WORK:321-868-4953 TEL;type=PAGER:321-680-4330 ADR;type=HOME;type=pref:;;204 Garfield Avenue;Cocoa Beach;FL;32931;United States NOTE:[Birthday] Mar 30\,1962 (40)\n[Web Site] http://www.lagooner.com URL:http://www.lagooner.com X-AIM;type=HOME;type=pref:lagoonr END:VCARD
Re: FREERADIUS AND MYSQL DOC ( FRENCH )
Perhaps I'll do it when I will have more time :-) Or you can learn french to use it :-)) Le lun 09/02/2004 à 03:32, Fábio Viração a écrit : > And in English ??? :-) Do you have ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FREERADIUS AND MYSQL DOC ( FRENCH )
And in English ??? :-) Do you have ? - Original Message - From: "Laurent RAYSSIGUIER" <[EMAIL PROTECTED]> To: "FREERADIUS" <[EMAIL PROTECTED]> Sent: Sunday, February 08, 2004 12:22 PM Subject: FREERADIUS AND MYSQL DOC ( FRENCH ) Bonjour, Je viens de créer une doc pour installer freeradius 0.9.3 sur redhat 8.0 FR en utilisant la base de données mysql. Cette doc est disponoble sur le site de LINUX TARN dans la rubrique documentation ( logique non ? ;-) ) http://www.linux-tarn.org/documentation/freeradius/install_fr_freeradius.rtf A plus, Hello, For those who speak french, i had made an quick install guide for freeradius with mysql on redhat 8.0. If your're interested, you can find it on : http://www.linux-tarn.org/documentation/freeradius/install_fr_freeradius.rtf Best regards Laurent RAYSSIGUIER - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Double Logins
Can anyone tell me all the files that need edited so my customers can not double log in. I have gone through and setup what I thougt would work but I am still seeing double log ins Thank You in Advance Byron
FREERADIUS AND MYSQL DOC ( FRENCH )
Bonjour, Je viens de créer une doc pour installer freeradius 0.9.3 sur redhat 8.0 FR en utilisant la base de données mysql. Cette doc est disponoble sur le site de LINUX TARN dans la rubrique documentation ( logique non ? ;-) ) http://www.linux-tarn.org/documentation/freeradius/install_fr_freeradius.rtf A plus, Hello, For those who speak french, i had made an quick install guide for freeradius with mysql on redhat 8.0. If your're interested, you can find it on : http://www.linux-tarn.org/documentation/freeradius/install_fr_freeradius.rtf Best regards Laurent RAYSSIGUIER - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Customers Login on Twice with same username
Hello all Yes the simltaneous-login is set to 1 :) but i am having a problem with the same username but different STYLE of typing it . for example: username: sarky loges in and another machine can log on with username: SARKY same password so it looks like by changing the case of the word it works. Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
better LDAP or MYSQL ?
what is better to use to have the best performance, security and flexibility... LDAP or MYSQL ? byez CioloWeb - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Failure on AIX 4.3.3/5.2: rlm_exec not found
I have a strange problem with Freeradius 0.9.3 on AIX (both 4.3.3 and 5.2).
The software builds and installs just fine, but when I try to run radiusd, I get the
following error message:
> radiusd: entering modules setup
> Module: Library search path is /usr/local/lib
> radiusd.conf[1186] Failed to link to module 'rlm_expr': A file or directory in the
> path name does not exist.
The library exists and is located in /usr/local/lib. Access rights are 755, so there
should also be no problem. I ran a truss of the radiusd and got
> radiusd: entering modules setup
> Module: Library search path is /usr/local/lib
> open("/usr/local/lib/rlm_expr.la", O_RDONLY)= 3
> open("/usr/lib/nls/msg/en_US/execerr.cat", O_RDONLY) = 3
> open("/usr/lib/nls/msg/en_US/libc.cat", O_RDONLY) = 4
> open("/usr/lib/nls/msg/en_US/libc.cat", O_RDONLY) = 4
> radiusd.conf[1186] Failed to link to module 'rlm_expr': A file or directory in the
> path name does not exist.
Any ideas for further investigation? I'm kind of stuck here ...
Regards,
Peter.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco SIP Proxy Server accounting to Freeradius
Lasse Kim Christiansen <[EMAIL PROTECTED]> wrote: > I'm in the process of setting up a cisco sip proxy server CSPS. It > can only do accounting to a Radius and therefore i installed > Freeradius 0.9.3 on the redhat 7.3 running the CSPS Server. My > problem is that the accounting is rejected as follows: > > eceived Accounting-Request packet from 127.0.0.1 with invalid signature! > (Shared secret is incorrect.) > > And i cannot seem to find out why that is ? Your shared secret is incorrect. Fix it. Nothing else will solve the problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: exec module: where are my added request attributes?
Zoilo <[EMAIL PROTECTED]> wrote:
> Since the exec-module provides all request-attributes as environment
> variables, I would expect my attribute to show up in the environment of
> the script, but this does not happen. If I explicitely pass it as a
> parameter (/usr/local/bin/myscript %{Session-Timeout}) then it is being
> passed as $1, so it is in fact available.
>
> Why is this?
In 0.9.3, there's a bug in the server, that the *last* attribute is
not passed to to an exec'd program. This is fixed in the latest CVS
snapshot.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to add Access-Accept Attributes
"Deramus, Chris" <[EMAIL PROTECTED]> wrote: > I am curious as to how you add attributes for incoming access accept packets > other than the default ones that are included. There are no "default" attributes, there are just the ones that the NAS sent to the server. > I have looked into the users file and that only seems to enable you > to specify pre-determined AV pairs with corresponding values. No... the "users" file is about matching a request, and adding attributes to the reply. > I do not want static values, I just want to add Connect-Info to > incoming packets to see detailed connection information on their > connection. If the NAS doesn't send this attribute, how are you going to create it on the RADIUS server? > These seem to be the default values which FreeRADIUS receives No. Absolutely not. They are the attributes sent by the NAS. The concept is VERY different. They are not "default" attributes. > How would I want to add 2-3 more values which are located in the > default dictionary file? Do you mean that you want the NAS to send more attributes? If so, the answer is "see the NAS documentation". The FAQ makes this clear. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_passwd + Exec-Program
Zoilo <[EMAIL PROTECTED]> wrote: > The nicest way to do this I think is if I can inject some > 'Exec'-attributes into the reply chain, but they should always be > executed on the *Local* Server, never on the Remote Server. In this way > I could just attach e.g. Exec-Program=S2 and Exec-Program=P2 to the > reply chain on the remote server. There are no such attributes which can go into a RADIUS packet. > Unfortunately, this doesn't work, because an Exec-Program attribute > attached by the Remote Server gets executed on the Remote Server, and > not on the Local Server. Exactly. You're better off having the remote server return a RADIUS attribute, and to have the proxy key off of that attribute, and execute the scripts. Allowing a remote server to control which programs get executed on the proxy is a bad idea. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
