Re: FreeRadius Autostart
we should really know your operating system. but on most systems you have to write a small rc script (shell scirpt) with a start and stop command. unter redhat you can hang in the script in your system with the tool chkconfig greets marco Wasif schrieb: Hi all, I have a simple question . I installed FreeRadius without rpm package. I want FreeRadius to start automatically when System boots up. Thanks Wazb - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius Autostart
Hi, > Hi all, > > I have a simple question . I installed FreeRadius without rpm package. I > want FreeRadius to start automatically when System boots up. It'd be far more useful if you could tell us what distribution you are using - heck, even if you are using Linux at all would be a useful bit of information. you running on Tru64/Alpha or Solaris x86?? you could be! we need the basic info! alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: an infamous LDAP-FreeRadius question
"Matt Ashfield" <[EMAIL PROTECTED]> wrote: > What I didn't see (and I apologize if it's there) is if anyone > has a HowTo or something similar on how to configure Freeradius for > authentication against LDAP (not active directory) which has usernames and > password stored on it in cleartext. Presumably I'd be using PEAP for this. The O'Reilly LDAP book has a good chapter on this. Other than that, just configure LDAP. It should read the passwords automatically (see ldap.attrmap). If you can get CHAP to work against LDAP, PEAP should follow immediately. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius Autostart
Hi all, I have a simple question . I installed FreeRadius without rpm package. I want FreeRadius to start automatically when System boots up. Thanks Wazb - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
an infamous LDAP-FreeRadius question
Hi All, I know this has been discussed at length on this list, but it's kinda confusing reading through the archive and making sense of all the threaded discussions. What I didn't see (and I apologize if it's there) is if anyone has a HowTo or something similar on how to configure Freeradius for authentication against LDAP (not active directory) which has usernames and password stored on it in cleartext. Presumably I'd be using PEAP for this. If anyone has this or can give a hand offline from this mailing list, that would be much appreciated. Thanks Matt [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: show logged in users
Fretz Marco wrote: hello anohter question: whats the best way to see which users are logged in? - reading out the pppoe router with snmp for active sessions - search for session ids with start but no stop event i want do the first one. becuase our routers are in isolated management network and i want access the router from our webinterface or some admin hosts can i be 100% sure that a user is logged in if there is no stop event? thanks and kind regards marco fretz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html You are wise to choose the first. It is the only way to know for sure who is logged in. Because the radius protocol uses UDP, the information the radius server has about who is logged in is not 100% trustworthy. If that is ok with you, an easier way to do method #2 would be using radwho which queries radutmp, the database of active users that freeradius keeps. Chris Carver Network Engineer - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Windows XP keeps "verifying identity"
Klaas De Craemer wrote: Do you mean the so-called "xpextensions" (1.3.6.1.5.5.7.3.2 for the client and .1 for the server)? I have used them to generate the certificates... Since the client is stopping, and you say you have the OIDs, you'll have to debug the client. Try: netsh ras set tracing * enabled ...and then look for the relevant logs in c:\windows\whereverthehelltheygo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Windows XP keeps "verifying identity"
Garber, Neal wrote: Sending Access-Challenge of id 15 to 127.0.0.1:1027 rad_recv: Access-Request packet from host 127.0.0.1:1027, id=0, length=159 It's receiving the request from a loopback address. Is the client the same machine as the FreeRadius server? Are you really connecting to an Access Point? If so, what is its IP address? That's the EAP inner request. It's proxied internally to FreeRadius, and 127.0.0.1 is just put in there to fill the IP address in. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
show logged in users
hello anohter question: whats the best way to see which users are logged in? - reading out the pppoe router with snmp for active sessions - search for session ids with start but no stop event i want do the first one. becuase our routers are in isolated management network and i want access the router from our webinterface or some admin hosts can i be 100% sure that a user is logged in if there is no stop event? thanks and kind regards marco fretz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Windows XP keeps "verifying identity"
> Sending Access-Challenge of id 15 to 127.0.0.1:1027 > rad_recv: Access-Request packet from host 127.0.0.1:1027, id=0, length=159 It's receiving the request from a loopback address. Is the client the same machine as the FreeRadius server? Are you really connecting to an Access Point? If so, what is its IP address? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Windows XP keeps "verifying identity"
With all due respect, but I'm not that stupid that I would not even look into a configuration file. Take a look at the log I attached in a previous email and you'll see that EAP is enabled and also processes the user "KlaasDC". It only seems that the client does not respond to the access chalenge: Sending Access-Challenge of id 15 to 127.0.0.1:1027 EAP-Message = 0x0116000a0d80 Message-Authenticator = 0x State = 0x1d1065c2554dce6ca1d156d938f7049a This is what happens when WInXP tries to associate (and begins to loop): (At the bottom is "radiusd -X -A" starting up) = rad_recv: Access-Request packet from host 127.0.0.1:1027, id=0, length=159 User-Name = "KlaasDC" NAS-IP-Address = 127.0.0.1 NAS-Port = 1 Called-Station-Id = "00-02-6F-3C-37-D7:soekris4521" Calling-Station-Id = "00-02-6F-3C-37-D8" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0201000c014b6c6161734443 Message-Authenticator = 0xf26a1b4afcdfaf58003784904286014e Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "KlaasDC", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 1 length 12 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry KlaasDC at line 97 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: group authenticate returns handled for request 0 Sending Access-Challenge of id 0 to 127.0.0.1:1027 EAP-Message = 0x010200060d20 Message-Authenticator = 0x State = 0xecd47882c04772432949c86821e23447 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 127.0.0.1:1027, id=1, length=245 User-Name = "KlaasDC" NAS-IP-Address = 127.0.0.1 NAS-Port = 1 Called-Station-Id = "00-02-6F-3C-37-D7:soekris4521" Calling-Station-Id = "00-02-6F-3C-37-D8" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020200500d8000461603010041013d030144b249ff398dc35bbc9f32d603876f313d1cb0ff5bbcdd3c79b38f84c78a08d71600040005000a000900640062000300060013001200630100 State = 0xecd47882c04772432949c86821e23447 Message-Authenticator = 0x72675c13c503b9f653fbaf49f92a1c7e Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "KlaasDC", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 2 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry KlaasDC at line 97 modcall[authorize]: module "files" returns ok for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 057b], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 006d], Certi
accouting over more than one servers
hello there ive got a problem. we are using 2 radius servers to auth our xDSL users quering from a CISCO PPPoE Router. how can i protect a user to dial in from a secound xdsl line if first radius is down and CISCO AAA useses the 2nd radius server? and btw: does anybody know how to setup up AAA on a CISCO IOS to send periodically accounting infos to the radius server? thanks and kind regards marco fretz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Framed-IP-Address accounted in Hex
On 7 Jul 2006, at 17:46, Alan DeKok wrote: Graeme Hinchliffe <[EMAIL PROTECTED]> wrote: these are hex values, not octal, and it seems to be an intermittent thing. Dang. Those bugs are hard to track down. Yup, looking high and low for correlation Are dictionaries loaded each time a child is started? or just once and then kept in memory? The server doesn't start any children. The dictionaries are loaded once, and cached as long as it's running. damn, thats that theory out then :) Looking through the data we have, as it's easy to spot the errored data with the session ID we are logging when it is occuring. We have noticed this occurs mainly when the accounting server is busy. This would also explain why this has suddenly occured in such large numbers as we have recently increased the number of updates from the NASes. This has obvioulsy increased the load on the server. Looking at the backend DB (postgres) there are very few free postgress handles availible (we are using 50 connections from the server to the DB) if any. When FreeRADIUS has no free connection with which to account the packet what does it do? Does the packet sit in RAM and try again? or is it simply discarded? I am suspecting that this may be a cause for what we are seeing as the problem only seems to occur during server backups and high load. Thanks Graeme - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Username in MySQL with regexp
DEFAULT, just like in the "users" file. Alan DeKok. What do i have to set for further reply-item settings in the User-Name column? I have more than one Username which should be checked against a regexp and then should reply individual items. Sorry but i dont understand you answer :-( Christian Meutes systems engineer -- claranet gmbh internet service provider tel +49 (0) 69 - 40 80 18 - 300 email: [EMAIL PROTECTED] http://www.claranet.de/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Hey list, can anybody give me an example for this? cheers, Christian Meutes systems engineer -- claranet gmbh internet service provider tel +49 (0) 69 - 40 80 18 - 300 email: [EMAIL PROTECTED] http://www.claranet.de/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Windows XP keeps "verifying identity"
make appropriate changes in radiusd.conf & eap.conf for the authentication method you want to use Pradeep--Message: 3Date: Sat, 8 Jul 2006 15:27:31 +0200From: "Klaas De Craemer" <[EMAIL PROTECTED]>Subject: Re: Windows XP keeps "verifying identity" To: freeradius-users@lists.freeradius.orgMessage-ID:<[EMAIL PROTECTED] >Content-Type: text/plain; charset=ISO-8859-1; format=flowedOw, I forgot to say that I'm trying to use EAP-TLS...2006/7/8, Klaas De Craemer <[EMAIL PROTECTED] >...---List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htmlEnd of Freeradius-Users Digest, Vol 15, Issue 23 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html