Re: PDP-Context support
M U wrote: > I'm using Freeradius-1.1.0-19 on Suse Linux. > I want to know how many pdp-context will be supported on freeradius per > second. What the heck is a pdp-context? > Please give me an advice asap. Uh... right. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and poprelayd - any ideas please
Bill Brunton wrote: > I have been trying to figure out how to add the IP address of each > authenticated user to the popip database maintained by poprelayd. Is the IP assigned via RADIUS? > It is > easy to add an ip address to the popip database with the command: > > /usr/sbin/poprelayd -a > > How do I incorporate that as post processing step, module etc in > freeradius? See rlm_exec. You can execute a program with any arguments you want, including an assigned IP address. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PDP-Context support
Dear all, I'm using Freeradius-1.1.0-19 on Suse Linux. I want to know how many pdp-context will be supported on freeradius per second. It depends on the server's specifiation but is there any reference ? I'm using Pentium4 machine of Dell optiplex. Please give me an advice asap. _ 今話題になってる出来事や有名人をランキングで毎週発表「MSN 気になる言葉」 http://keyword.jp.msn.com/default.aspx- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: safe_characters in freeradius 2.0.3
As I should act, that all worked for me, as well as in 1.1.7? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ivan Kalik Sent: Thursday, March 27, 2008 11:52 PM To: FreeRadius users mailing list Subject: Re: safe_characters in freeradius 2.0.3 >And what is the =22?? ASCII for double quote - ". Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and poprelayd - any ideas please
I also thought about doing a radlast -r and pulling out the IP addresses and adding them to the database every 5 minutes or so, but many sessions are not removed from that list and I end up with 20 times as many sessions there as I have real sessions on line. How can I get freeradius to at least delete an old radlast entry when the user signs in again? On Thu, 27 Mar 2008, Bill Brunton wrote: Date: Thu, 27 Mar 2008 19:20:58 -0500 (CDT) From: Bill Brunton <[EMAIL PROTECTED]> Reply-To: FreeRadius users mailing list To: FreeRadius users mailing list Subject: Re: Freeradius and poprelayd - any ideas please Well - it seems that many customers have trouble with Outlook and Outlook Express.. If they have an email in the outbox, say they compose offline and connect to send it, it tries to send it before checking email... In other words no POP before SMTP. If Outlook does not send successfully - then it does not check for new email either. So I get a lot of "I can't send or receive email" complaints. I have SMTP AUTH set up too but you know how users are - when it does not work they go in and try to fix it before asking for help and SMTP AUTH is found to be disabled or has the wrong info set up. So - if I could have freeradius add the IP to the popip database when they log in, it would make everyone much happier, especially me. I think it should be an easy thing to do... On Fri, 28 Mar 2008, Ivan Kalik wrote: Date: Fri, 28 Mar 2008 01:08:12 +0100 From: Ivan Kalik <[EMAIL PROTECTED]> Reply-To: FreeRadius users mailing list To: FreeRadius users mailing list Subject: Re: Freeradius and poprelayd - any ideas please Do you need freeradius at all? This is normally done with pop before smtp. You contact the pop server, it logs the IP and then you can send. Ivan Kalik Kalik Informatika ISP Dana 27/3/2008, "Bill Brunton" <[EMAIL PROTECTED]> pi?e: > > > I am using Freeradius 1.1.3 on Centos 5. > > I have been trying to figure out how to add the IP address of each > authenticated user to the popip database maintained by poprelayd. It is > easy to add an ip address to the popip database with the command: > > /usr/sbin/poprelayd -a > > How do I incorporate that as post processing step, module etc in > freeradius? > > Any ideas or suggestions? > > Thank you > > -- > Bill > [EMAIL PROTECTED] > http: //www.brunton.net > http: //www.video-records.com > http: //www.icu.net > KA0SEP NNN0HQA/OK > ATP CFII BE200 BE300 BE300F BE1900 BE2000 BE2000S CE500 SIC CE525 HS125 > LR45 LRJET > > The Internet... The place to be! > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Bill [EMAIL PROTECTED] http://www.brunton.net http://www.video-records.com http://www.icu.net KA0SEP NNN0HQA/OK ATP CFII BE200 BE300 BE300F BE1900 BE2000 BE2000S CE500 SIC CE525 HS125 LR45 LRJET The Internet... The place to be! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and poprelayd - any ideas please
Well - it seems that many customers have trouble with Outlook and Outlook Express.. If they have an email in the outbox, say they compose offline and connect to send it, it tries to send it before checking email... In other words no POP before SMTP. If Outlook does not send successfully - then it does not check for new email either. So I get a lot of "I can't send or receive email" complaints. I have SMTP AUTH set up too but you know how users are - when it does not work they go in and try to fix it before asking for help and SMTP AUTH is found to be disabled or has the wrong info set up. So - if I could have freeradius add the IP to the popip database when they log in, it would make everyone much happier, especially me. I think it should be an easy thing to do... On Fri, 28 Mar 2008, Ivan Kalik wrote: Date: Fri, 28 Mar 2008 01:08:12 +0100 From: Ivan Kalik <[EMAIL PROTECTED]> Reply-To: FreeRadius users mailing list To: FreeRadius users mailing list Subject: Re: Freeradius and poprelayd - any ideas please Do you need freeradius at all? This is normally done with pop before smtp. You contact the pop server, it logs the IP and then you can send. Ivan Kalik Kalik Informatika ISP Dana 27/3/2008, "Bill Brunton" <[EMAIL PROTECTED]> pi?e: I am using Freeradius 1.1.3 on Centos 5. I have been trying to figure out how to add the IP address of each authenticated user to the popip database maintained by poprelayd. It is easy to add an ip address to the popip database with the command: /usr/sbin/poprelayd -a How do I incorporate that as post processing step, module etc in freeradius? Any ideas or suggestions? Thank you -- Bill [EMAIL PROTECTED] http://www.brunton.net http://www.video-records.com http://www.icu.net KA0SEP NNN0HQA/OK ATP CFII BE200 BE300 BE300F BE1900 BE2000 BE2000S CE500 SIC CE525 HS125 LR45 LRJET The Internet... The place to be! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Bill [EMAIL PROTECTED] http://www.brunton.net http://www.video-records.com http://www.icu.net KA0SEP NNN0HQA/OK ATP CFII BE200 BE300 BE300F BE1900 BE2000 BE2000S CE500 SIC CE525 HS125 LR45 LRJET The Internet... The place to be! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and poprelayd - any ideas please
Do you need freeradius at all? This is normally done with pop before smtp. You contact the pop server, it logs the IP and then you can send. Ivan Kalik Kalik Informatika ISP Dana 27/3/2008, "Bill Brunton" <[EMAIL PROTECTED]> piše: > > >I am using Freeradius 1.1.3 on Centos 5. > >I have been trying to figure out how to add the IP address of each >authenticated user to the popip database maintained by poprelayd. It is >easy to add an ip address to the popip database with the command: > >/usr/sbin/poprelayd -a > >How do I incorporate that as post processing step, module etc in >freeradius? > >Any ideas or suggestions? > >Thank you > >-- >Bill >[EMAIL PROTECTED] >http://www.brunton.net >http://www.video-records.com >http://www.icu.net >KA0SEP NNN0HQA/OK >ATP CFII BE200 BE300 BE300F BE1900 BE2000 BE2000S CE500 SIC CE525 HS125 LR45 >LRJET > >The Internet... The place to be! > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius and poprelayd - any ideas please
I am using Freeradius 1.1.3 on Centos 5. I have been trying to figure out how to add the IP address of each authenticated user to the popip database maintained by poprelayd. It is easy to add an ip address to the popip database with the command: /usr/sbin/poprelayd -a How do I incorporate that as post processing step, module etc in freeradius? Any ideas or suggestions? Thank you -- Bill [EMAIL PROTECTED] http://www.brunton.net http://www.video-records.com http://www.icu.net KA0SEP NNN0HQA/OK ATP CFII BE200 BE300 BE300F BE1900 BE2000 BE2000S CE500 SIC CE525 HS125 LR45 LRJET The Internet... The place to be! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: safe_characters in freeradius 2.0.3
>And what is the =22?? ASCII for double quote - ". Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: safe_characters in freeradius 2.0.3
Why the %{Event-Timestamp} is =22Mar 27 2008 20:59:09 MSK=22.
And what is the =22?? Whence it undertakes?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius web administration
This is an apache problem - nothing to do with freeradius. Just add .php3
to be processed the same way as .php file.
Ivan Kalik
Kalik Informatika ISP
Dana 27/3/2008, "parfait kouassi nda" <[EMAIL PROTECTED]> piše:
>
>
>
>From: [EMAIL PROTECTED]
>To: freeradius-users@lists.freeradius.org
>Subject: RE: freeradius web administration
>Date: Tue, 25 Mar 2008 09:11:00 +
>
>
>
>
>
>
>
>
>Hi,
>
>I've follow the instruction on the link to configure dialup admin. i've a
>problem with the php3 scripts. when i test the configuration in localhost the
>home page appears and on the right top of the screen the scripts .php3 source
>code which appears. apache can't execute these scripts
>
>$auth_user=$HTTP_SERVE_VARS["PHP_AUTH_USER"];
> if($auth_user)[
>if(is_file("../html/buttons/$auth_user/buttons.html.php3))
> include("../html/buttons/$auth_user/buttons.html.php3");
>else (
> if
> (is_file("../html/buttons/defaults/buttons.html.php3"))
>
> include("../html/buttons/default/buttons.html.php3");
> )
> ]
>else (
> if(is_file("../html/buttons/default/buttons.html.php3"))
> include("../html/buttons/default/buttons.html.php3");
>]
>?>
>
>i'm using redhat 9 with php 4.
>please can you help me to find solutions.
>
>> To: freeradius-users@lists.freeradius.org
>> Subject: RE: freeradius web administration
>> Date: Fri, 7 Mar 2008 11:53:24 +0100
>> From: [EMAIL PROTECTED]
>>
>> http://wiki.freeradius.org/Dialup_admin
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>>
>> Dana 7/3/2008, "parfait kouassi nda" <[EMAIL PROTECTED]> pi�e:
>>
>> >
>> >
>> >I'm using my freeradius server like proxy, and i want to administrate it in
>> >web mode page with dialupadmin. what is the files that i must configure?
>> >
>> >
>> >
>> >_
>> >Découvrez Windows Live Spaces et créez votre site Web perso en quelques
>> >clics !
>> >http://spaces.live.com/signup.aspx
>> >
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>Appelez vos amis de PC ŕ PC -- C'EST GRATUIT Téléchargez Messenger, c'est
>gratuit !
>
>_
>Téléchargez le nouveau Windows Live Messenger !
>http://get.live.com/messenger/overview
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius web administration
parfait kouassi nda wrote:
From: [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Subject: RE: freeradius web administration
Date: Tue, 25 Mar 2008 09:11:00 +
Hi,
I've follow the instruction on the link to configure dialup admin.
i've a problem with the php3 scripts. when i test the
configuration in localhost the home page appears and on the right
top of the screen the scripts .php3 source code which appears.
apache can't execute these scripts
include("../html/buttons/default/buttons.html.php3");
)
]
else (
if(is_file("../html/buttons/default/buttons.html.php3"))
include("../html/buttons/default/buttons.html.php3");
]
?>
i'm using redhat 9 with php 4.
please can you help me to find solutions.
#
# Enable PHP
#
AddType application/x-httpd-php .php .php3
AddType application/x-httpd-php-source .phps
*sigh*
> To: freeradius-users@lists.freeradius.org
> Subject: RE: freeradius web administration
> Date: Fri, 7 Mar 2008 11:53:24 +0100
> From: [EMAIL PROTECTED]
>
> http://wiki.freeradius.org/Dialup_admin
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 7/3/2008, "parfait kouassi nda" <[EMAIL PROTECTED]> piše:
>
> >
> >
> >I'm using my freeradius server like proxy, and i want to
administrate it in web mode page with dialupadmin. what is the
files that i must configure?
> >
> >
> >
> >_
> >Découvrez Windows Live Spaces et créez votre site Web perso en
quelques clics !
> >http://spaces.live.com/signup.aspx
> >
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Appelez vos amis de PC à PC -- C'EST GRATUIT Téléchargez
Messenger, c'est gratuit !
Téléchargez le nouveau Windows Live Messenger ! Téléchargez Messenger,
c'est gratuit !
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius web administration
From: [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Subject: RE: freeradius web administration Date: Tue, 25 Mar 2008 09:11:00 + Hi, I've follow the instruction on the link to configure dialup admin. i've a problem with the php3 scripts. when i test the configuration in localhost the home page appears and on the right top of the screen the scripts .php3 source code which appears. apache can't execute these scripts i'm using redhat 9 with php 4. please can you help me to find solutions. > To: freeradius-users@lists.freeradius.org > Subject: RE: freeradius web administration > Date: Fri, 7 Mar 2008 11:53:24 +0100 > From: [EMAIL PROTECTED] > > http://wiki.freeradius.org/Dialup_admin > > Ivan Kalik > Kalik Informatika ISP > > > Dana 7/3/2008, "parfait kouassi nda" <[EMAIL PROTECTED]> piše: > > > > > > >I'm using my freeradius server like proxy, and i want to administrate it in > >web mode page with dialupadmin. what is the files that i must configure? > > > > > > > >_ > >Découvrez Windows Live Spaces et créez votre site Web perso en quelques > >clics ! > >http://spaces.live.com/signup.aspx > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Appelez vos amis de PC à PC -- C'EST GRATUIT Téléchargez Messenger, c'est gratuit ! _ Téléchargez le nouveau Windows Live Messenger ! http://get.live.com/messenger/overview- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Compile Error on FreeR 2.0.3
Breuer Nicolas wrote: > I've an error on compilation : ... > ./configure --without-threads --with-mysql-lib-dir=/usr/lib64/ Hmm... the --without-threads option is not what I normally use. > event.c:2305: error: 'argval' undeclared (first use in this function) > event.c:2305: error: (Each undeclared identifier is reported only once > event.c:2305: error: for each function it appears in.) Hmm... just define "argval" as an "int" in that function, and it should work. I'll commit a fix for 2.0.4. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Compile Error on FreeR 2.0.3
I've an error on compilation : MYSQL 4.1 - FC 7 ./configure --without-threads --with-mysql-lib-dir=/usr/lib64/ gcc -g -O2 -Wall -D_GNU_SOURCE -DNDEBUG -I/var/instapp/freeradius- server-2.0.3/src -DHOSTINFO=\"x86_64-unknown-linux-gnu\" - DRADIUSD_VERSION=\"2.0.3\" -DOPENSSL_NO_KRB5 -c xlat.c -o xlat.o >/dev/null 2>&1 /var/instapp/freeradius-server-2.0.3/libtool --mode=compile gcc -g -O2 -Wall -D_GNU_SOURCE -DNDEBUG -I/var/instapp/freeradius-server-2.0.3/src - DHOSTINFO=\"x86_64-unknown-linux-gnu\" - DRADIUSD_VERSION=\"2.0.3\" -DOPENSSL_NO_KRB5 -c event.c gcc -g -O2 -Wall -D_GNU_SOURCE -DNDEBUG -I/var/instapp/freeradius- server-2.0.3/src -DHOSTINFO=\"x86_64-unknown-linux-gnu\" - DRADIUSD_VERSION=\"2.0.3\" -DOPENSSL_NO_KRB5 -c event.c -fPIC - DPIC -o .libs/event.o event.c: In function 'event_socket_handler': event.c:2305: error: 'argval' undeclared (first use in this function) event.c:2305: error: (Each undeclared identifier is reported only once event.c:2305: error: for each function it appears in.) gmake[4]: *** [event.lo] Error 1 gmake[4]: Leaving directory `/var/instapp/freeradius-server-2.0.3/src/main' gmake[3]: *** [common] Error 2 gmake[3]: Leaving directory `/var/instapp/freeradius-server-2.0.3/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/var/instapp/freeradius-server-2.0.3/src' gmake[1]: *** [common] Error 2 gmake[1]: Leaving directory `/var/instapp/freeradius-server-2.0.3' gmake: *** [all] Error 2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
safe_characters in freeradius 2.0.3
Good afternoon! After upgrade from 1.1.7 to 2.0.3 version
i have a problem in sql-queries:
sql.conf:
AcctStopTime = TO_TIMESTAMP_TZ('%{Event-Timestamp}','Mon dd hh24:mi:ss
tzd'), \
radiusd -X (ver 2.0.3)
...
AcctStopTime = TO_TIMESTAMP_TZ('=22Mar 27 2008 18:35:25 MSK=22'
...
rlm_sql_oracle: execute query failed in sql_query: ORA-01843: not a valid
month
rlm_sql_oracle: OCI_SERVER_NORMAL
rlm_sql (sqlacct): Couldn't update SQL accounting STOP record - ORA-01843:
not a valid month
rlm_sql (sqlacct): Released sql socket id: 2
and radiusd -X (ver 1.1.7):
AcctStopTime = TO_TIMESTAMP_TZ('Mar 27 2008 18:35:25 MSK'
sql.conf on both servers is same file
/usr/local/sbin/radiusd -X | grep safe (1.1.7)
sql: safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
sql: safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
sql_log: safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
и на 2.0.3:
/usr/local/sbin/radiusd -X | grep safe (2.0.3)
safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: vmps documentation?
bmccorkle wrote: > Can someone point me to documentation on how to use vmps in freeradius 2? Er... Documentation? > I've googled for documents but only find a few discussions on the topic > (mostly from this forum). I get the part on adding the listen section in > radiusd.conf so the server listens for vmps requests. However, I'm having > trouble understanding the actual coding to do the comparison of the mac > address in the request against the mac address list. You can do it any way you want! Yes, that's not very helpful... more examples and documentation would be very useful. > Also, the one or two > examples I have seen seem to use a mysql database to store the mac > addresses. Can freeradius use a simple text file to store the mac addresses > for comparison or do they need to be stored in a database? It can use a text file. You can store MAC addresses in a text file (man rlm_passwd), and then check membership of that text file at run time. If you have an example that works, please send it over, and we'll include it in the next release. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: vmps documentation?
Yes, you can use users file. Ivan Kalik Kalik Informatika ISP Dana 27/3/2008, "bmccorkle" <[EMAIL PROTECTED]> piše: > >Can someone point me to documentation on how to use vmps in freeradius 2? >I've googled for documents but only find a few discussions on the topic >(mostly from this forum). I get the part on adding the listen section in >radiusd.conf so the server listens for vmps requests. However, I'm having >trouble understanding the actual coding to do the comparison of the mac >address in the request against the mac address list. Also, the one or two >examples I have seen seem to use a mysql database to store the mac >addresses. Can freeradius use a simple text file to store the mac addresses >for comparison or do they need to be stored in a database? > >-- >View this message in context: >http://www.nabble.com/vmps-documentation--tp16315996p16315996.html >Sent from the FreeRadius - User mailing list archive at Nabble.com. > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap - freeradius
http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ#It_says_.22Could_not_link_..._file_not_found.22.2C_what_do_I_do.3F
Ivan Kalik
Kalik Informatika ISP
Dana 27/3/2008, "antoine vallée" <[EMAIL PROTECTED]> piše:
>
>Hi,
>
>I'm trying to to dynamic vlans assignment with freeradius (eap-md5 and chap),
>a ldap directory, and a HP switch procurve 2650.
>I have added the following attributes in the ldap.attrmap as well as on the
>ldap users account.
>And I've a (or more^^) mistake when I start freeradius. I've read a lot of
>doc, but i don't see what's wrong with my configuration.
>The problem seems to come from the ldap module: maybe because of the password,
>its in sha in the ldap directory:
>
>the debug:
>
>debian:~# freeradius -s -X
>Starting - reading configuration files ...
>reread_config: reading radiusd.conf
>Config: including file: /etc/freeradius/proxy.conf
>Config: including file: /etc/freeradius/clients.conf
>Config: including file: /etc/freeradius/snmp.conf
>Config: including file: /etc/freeradius/eap.conf
>Config: including file: /etc/freeradius/sql.conf
> main: prefix = "/usr"
> main: localstatedir = "/var"
> main: logdir = "/var/log/freeradius"
> main: libdir = "/usr/lib/freeradius"
> main: radacctdir = "/var/log/freeradius/radacct"
> main: hostname_lookups = no
> main: max_request_time = 30
> main: cleanup_delay = 5
> main: max_requests = 1024
> main: delete_blocked_requests = 0
> main: port = 0
> main: allow_core_dumps = no
> main: log_stripped_names = no
> main: log_file = "/var/log/freeradius/radius.log"
> main: log_auth = no
> main: log_auth_badpass = no
> main: log_auth_goodpass = no
> main: pidfile = "/var/run/freeradius/freeradius.pid"
> main: user = "freerad"
> main: group = "freerad"
> main: usercollide = no
> main: lower_user = "no"
> main: lower_pass = "no"
> main: nospace_user = "no"
> main: nospace_pass = "no"
> main: checkrad = "/usr/sbin/checkrad"
> main: proxy_requests = yes
> proxy: retry_delay = 5
> proxy: retry_count = 3
> proxy: synchronous = no
> proxy: default_fallback = yes
> proxy: dead_time = 120
> proxy: post_proxy_authorize = no
> proxy: wake_all_if_all_dead = no
> security: max_attributes = 200
> security: reject_delay = 1
> security: status_server = no
> main: debug_level = 0
>read_config_files: reading dictionary
>read_config_files: reading naslist
>Using deprecated naslist file. Support for this will go away soon.
>read_config_files: reading clients
>read_config_files: reading realms
>radiusd: entering modules setup
>Module: Library search path is /usr/lib/freeradius
>Module: Loaded exec
> exec: wait = yes
> exec: program = "(null)"
> exec: input_pairs = "request"
> exec: output_pairs = "(null)"
> exec: packet_type = "(null)"
>rlm_exec: Wait=yes but no output defined. Did you mean output=none?
>Module: Instantiated exec (exec)
>Module: Loaded expr
>Module: Instantiated expr (expr)
>Module: Loaded PAP
> pap: encryption_scheme = "crypt"
>Module: Instantiated pap (pap)
>Module: Loaded CHAP
>Module: Instantiated chap (chap)
>Module: Loaded MS-CHAP
> mschap: use_mppe = yes
> mschap: require_encryption = no
> mschap: require_strong = no
> mschap: with_ntdomain_hack = no
> mschap: passwd = "(null)"
> mschap: ntlm_auth = "(null)"
>Module: Instantiated mschap (mschap)
>Module: Loaded eap
> eap: default_eap_type = "md5"
> eap: timer_expire = 60
> eap: ignore_unknown_eap_types = no
> eap: cisco_accounting_username_bug = no
>rlm_eap: Loaded and initialized type md5
>rlm_eap: Loaded and initialized type leap
> gtc: challenge = "Password: "
> gtc: auth_type = "PAP"
>rlm_eap: Loaded and initialized type gtc
> mschapv2: with_ntdomain_hack = no
>rlm_eap: Loaded and initialized type mschapv2
>Module: Instantiated eap (eap)
>Module: Loaded preprocess
> preprocess: huntgroups = "/etc/freeradius/huntgroups"
> preprocess: hints = "/etc/freeradius/hints"
> preprocess: with_ascend_hack = no
> preprocess: ascend_channels_per_line = 23
> preprocess: with_ntdomain_hack = no
> preprocess: with_specialix_jetstream_hack = no
> preprocess: with_cisco_vsa_hack = no
> preprocess: with_alvarion_vsa_hack = no
>Module: Instantiated preprocess (preprocess)
>Module: Loaded realm
> realm: format = "suffix"
> realm: delimiter = "@"
> realm: ignore_default = no
> realm: ignore_null = no
>Module: Instantiated realm (suffix)
>Module: Loaded files
> files: usersfile = "/etc/freeradius/users"
> files: acctusersfile = "/etc/freeradius/acct_users"
> files: preproxy_usersfile = "/etc/freeradius/preproxy_users"
> files: compat = "no"
>Module: Instantiated files (files)
>radiusd.conf[736] Failed to link to module 'rlm_ldap': rlm_ldap.so: cannot
>open shared object file: No such file or directory
>radiusd.conf[1855] Unknown module "ldap".
>radiusd.conf[1773] Failed to parse authorize section.
>debian:~#
>
>
>
>radiusd.conf:
>
> ldap {
>server = "ip address"
>identity = "cn=*** **,ou=legris,dc=legris_industries"
>password = "password"
>basedn =
vmps documentation?
Can someone point me to documentation on how to use vmps in freeradius 2? I've googled for documents but only find a few discussions on the topic (mostly from this forum). I get the part on adding the listen section in radiusd.conf so the server listens for vmps requests. However, I'm having trouble understanding the actual coding to do the comparison of the mac address in the request against the mac address list. Also, the one or two examples I have seen seem to use a mysql database to store the mac addresses. Can freeradius use a simple text file to store the mac addresses for comparison or do they need to be stored in a database? -- View this message in context: http://www.nabble.com/vmps-documentation--tp16315996p16315996.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius.log behaviour change v1 -> v2
Hi, when doing tunneled EAP methods, the logging behaviour is different between v1 and v2. v1 used to be: inner request = localhost, outer request = real client, like below: Wed Dec 5 21:11:11 2007 : Auth: Login OK: [EMAIL PROTECTED] (from client localhost port 0) Wed Dec 5 21:11:11 2007 : Auth: Login OK: [EMAIL PROTECTED] (from client radius-1 port 1 cli 00-13-ce-c2-b1-86) v2 format is: both are logged as coming from real client, like: > Thu Mar 27 11:00:00 2008 : Auth: Login incorrect: [EMAIL PROTECTED] (from > client WLC-Walferdange2 port 0) > Thu Mar 27 11:00:00 2008 : Auth: Login incorrect: [EMAIL PROTECTED] (from > client WLC-Walferdange2 port 29 cli 00-1C-BF-73-E6-0A) That makes parsing the log file more difficult, if the number of authentications happening is to be taken out of the radius.log file. If a NAS doesn't send Calling-Station-Id, the two are almost not correlatable, except for the timestamp and a possibly different port (both seem whacky ways of doing it). Was this change advertantly? Can I get the old behaviour back? Or at least, add "-inner" to the client name for inner requests? Greetings, Stefan Winter -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 signature.asc Description: This is a digitally signed message part. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ldap - freeradius
Hi,
I'm trying to to dynamic vlans assignment with freeradius (eap-md5 and chap), a
ldap directory, and a HP switch procurve 2650.
I have added the following attributes in the ldap.attrmap as well as on the
ldap users account.
And I've a (or more^^) mistake when I start freeradius. I've read a lot of doc,
but i don't see what's wrong with my configuration.
The problem seems to come from the ldap module: maybe because of the password,
its in sha in the ldap directory:
the debug:
debian:~# freeradius -s -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/freeradius/proxy.conf
Config: including file: /etc/freeradius/clients.conf
Config: including file: /etc/freeradius/snmp.conf
Config: including file: /etc/freeradius/eap.conf
Config: including file: /etc/freeradius/sql.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/freeradius"
main: libdir = "/usr/lib/freeradius"
main: radacctdir = "/var/log/freeradius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/freeradius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/freeradius/freeradius.pid"
main: user = "freerad"
main: group = "freerad"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/freeradius/huntgroups"
preprocess: hints = "/etc/freeradius/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/etc/freeradius/users"
files: acctusersfile = "/etc/freeradius/acct_users"
files: preproxy_usersfile = "/etc/freeradius/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
radiusd.conf[736] Failed to link to module 'rlm_ldap': rlm_ldap.so: cannot open
shared object file: No such file or directory
radiusd.conf[1855] Unknown module "ldap".
radiusd.conf[1773] Failed to parse authorize section.
debian:~#
radiusd.conf:
ldap {
server = "ip address"
identity = "cn=*** **,ou=legris,dc=legris_industries"
password = "password"
basedn = "dc=uid,ou=legris,dc=legris_industries"
# filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" #
# base_filter = "(objectclass=radiusprofile)"
start_tls = no
access_attr = "dialupAccess"
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
Re: Cisco AP, mysql, either MSCHAP or Auth-Type problem i think
Will look into that ... but I could auth with the radtest local on the machine, and then I asumed it was using mysql to lookup the user. But as you say, it seem logical :-) I will try and see if I can figure out where the error might be .. or else I will return to the list :-) // ouT On Thu, Mar 27, 2008 at 1:38 PM, Alan DeKok <[EMAIL PROTECTED]> wrote: > Mikael Syska wrote: > > > Thanks, that seemed to get me a bit further to the end now I got this: > > ++--+++---+ > > | id | username | attribute | op | value | > > ++--+++---+ > > | 2 | 44 | Cleartext-Password | := | | > > ++--+++---+ > > So... you have user information in SQL. > > > > Here is where its failing: > > ++[eap] returns updated > > ++[files] returns noop > > ++[expiration] returns noop > > ++[logintime] returns noop > > ++[pap] returns noop > > And... no SQL module being called. > > If you don't tell the server to look in SQL, it won't look in SQL. > > > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco AP, mysql, either MSCHAP or Auth-Type problem i think
It looks like you haven't configured sql (and password is in the database). Ivan Kalik Kalik Informatika ISP Dana 27/3/2008, "Mikael Syska" <[EMAIL PROTECTED]> piše: >Hi, > >Thanks, that seemed to get me a bit further to the end now I got this: >++--+++---+ >| id | username | attribute | op | value | >++--+++---+ >| 2 | 44 | Cleartext-Password | := | | >++--+++---+ > >Here is where its failing: >++[eap] returns updated >++[files] returns noop >++[expiration] returns noop >++[logintime] returns noop >++[pap] returns noop > WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm! >Cancelling invalid proxy request. > rad_check_password: Found Auth-Type EAP >auth: type "EAP" >+- entering group authenticate > rlm_eap: Request found, released from the list > rlm_eap: EAP/mschapv2 > rlm_eap: processing type mschapv2 >+- entering group MS-CHAP > rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. > rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password. > rlm_mschap: Told to do MS-CHAPv2 for 44 with NT-Password > rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. > rlm_mschap: FAILED: MS-CHAP2-Response is incorrect >++[mschap] returns reject > rlm_eap: Freeing handler >++[eap] returns reject >auth: Failed to validate the user. >Login incorrect: [44/] (from client ap30 port 0) > PEAP: Tunneled authentication was rejected. > rlm_eap_peap: FAILURE >++[eap] returns handled >EAP-Message = >0x010b002b190017030100206f04599b56f9940737b9c497b35f5f64e78bceb46ce824932fe2d58d5d3850de >Message-Authenticator = 0x >State = 0x5856f36f505dea9c1496d5ca0872b221 >Finished request 20. >Going to the next request >Waking up in 3.9 seconds. > >So ... what do I need to set ... I'm not sure were I can read about >this, so this mailing list is my only hope ... :-) Maybe its something >about what Alan wrote: > >>hi, >> >>trying to authenticate Vista against a plain password? PEAP doesnt >>work like this. you could put an NThash into the database instead.. >>or try using SecureW2 or other asupplicant that does EAP-TTLS/PAP >>alan > >But I'm not sure ... its still all very new to me ... > >If you need more information, just say so ... and I will get it. > >best regards >Mikael Syska > >On Thu, Mar 27, 2008 at 6:38 AM, Alan DeKok <[EMAIL PROTECTED]> wrote: >> Mikael Syska wrote: >> > I'm using default setup, only uncomment the sql in the default >> "sites-enabled" >> > >> > Running version: 2.0.3 >> >> I think you have to copy "sites-available/inner-tunnel" from the tar >> file to /etc/raddb. It isn't installed by default in 2.0.3, but it *is* >> referenced. Sorry... >> >> This is fixed in CVS head. >> >> Alan DeKok. >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/usershtml >> >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco AP, mysql, either MSCHAP or Auth-Type problem i think
Mikael Syska wrote: > Thanks, that seemed to get me a bit further to the end now I got this: > ++--+++---+ > | id | username | attribute | op | value | > ++--+++---+ > | 2 | 44 | Cleartext-Password | := | | > ++--+++---+ So... you have user information in SQL. > Here is where its failing: > ++[eap] returns updated > ++[files] returns noop > ++[expiration] returns noop > ++[logintime] returns noop > ++[pap] returns noop And... no SQL module being called. If you don't tell the server to look in SQL, it won't look in SQL. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco AP, mysql, either MSCHAP or Auth-Type problem i think
Hi, Thanks, that seemed to get me a bit further to the end now I got this: ++--+++---+ | id | username | attribute | op | value | ++--+++---+ | 2 | 44 | Cleartext-Password | := | | ++--+++---+ Here is where its failing: ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm! Cancelling invalid proxy request. rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 +- entering group MS-CHAP rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for 44 with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject rlm_eap: Freeing handler ++[eap] returns reject auth: Failed to validate the user. Login incorrect: [44/] (from client ap30 port 0) PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE ++[eap] returns handled EAP-Message = 0x010b002b190017030100206f04599b56f9940737b9c497b35f5f64e78bceb46ce824932fe2d58d5d3850de Message-Authenticator = 0x State = 0x5856f36f505dea9c1496d5ca0872b221 Finished request 20. Going to the next request Waking up in 3.9 seconds. So ... what do I need to set ... I'm not sure were I can read about this, so this mailing list is my only hope ... :-) Maybe its something about what Alan wrote: >hi, > >trying to authenticate Vista against a plain password? PEAP doesnt >work like this. you could put an NThash into the database instead.. >or try using SecureW2 or other asupplicant that does EAP-TTLS/PAP >alan But I'm not sure ... its still all very new to me ... If you need more information, just say so ... and I will get it. best regards Mikael Syska On Thu, Mar 27, 2008 at 6:38 AM, Alan DeKok <[EMAIL PROTECTED]> wrote: > Mikael Syska wrote: > > I'm using default setup, only uncomment the sql in the default > "sites-enabled" > > > > Running version: 2.0.3 > > I think you have to copy "sites-available/inner-tunnel" from the tar > file to /etc/raddb. It isn't installed by default in 2.0.3, but it *is* > referenced. Sorry... > > This is fixed in CVS head. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius authentication
Charnjit Sidhu wrote: > Have downloaded and installed Authen:: Radius module from cpan without any > problems, I know get no errors in my log files but it still does not > authenticate, I already have a auth_radius.pl script which is run to > authenticate which looks like this: Sorry, but this is not the place to learn Perl. > I thought this should pass all the relevant radius parametres to the module. > Do I need to add the radius server and secret anywhere else in the perl > module? (never used perl module before). We didn't write that module. Go ask the author how it works. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius authentication
Hi, > > use Authen::Radius; > > my $username = shift; > my $password = shift; > > my $r = new Authen::Radius(Host => 'myserver', Secret => 'mysecret'); > my $result = $r->check_pwd($username, $password); > > exit ($result == 1) ? 0 : 1; > > I thought this should pass all the relevant radius parametres to the module. > Do I need to add the radius server and secret anywhere else in the perl > module? (never used perl module before). what do the logs from the RADIUS server say and show? WHY is it failing? this is only one half of the equation alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius authentication
Hi, Have downloaded and installed Authen:: Radius module from cpan without any problems, I know get no errors in my log files but it still does not authenticate, I already have a auth_radius.pl script which is run to authenticate which looks like this: #!/usr/bin/perl use Authen::Radius; my $username = shift; my $password = shift; my $r = new Authen::Radius(Host => 'myserver', Secret => 'mysecret'); my $result = $r->check_pwd($username, $password); exit ($result == 1) ? 0 : 1; I thought this should pass all the relevant radius parametres to the module. Do I need to add the radius server and secret anywhere else in the perl module? (never used perl module before). Charnjit From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED] Sent: Thu 3/27/2008 9:55 AM To: FreeRadius users mailing list Subject: Re: Radius authentication Hi, > I recieve an error in my log file of a missing Authen/Radius.pm file. I > think this is a radius client perl module, does any one know where I can > download this from, or wether there is a better solution, or I am doing > somethin wrong, I am new to all this Radius authentication. as per other recent mailing list - either check your systems package manager for perl-radius packages, use CPAN to install Authen::RADIUS or get the pacakge direct http://search.cpan.org/~manowar/RadiusPerl-0.12/Radius.pm alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html <>- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco AP, mysql, either MSCHAP or Auth-Type problem i think
hi, trying to authenticate Vista against a plain password? PEAP doesnt work like this. you could put an NThash into the database instead.. or try using SecureW2 or other asupplicant that does EAP-TTLS/PAP alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
proxy.conf and virtual_server
Hello,
I have two virtual server which listen on the same IP.
According to realm in proxy.conf, I wich to proxy on virtual1 or
virtual2.
Is it possible to write this in proxy.conf ?
realm toto {
"proxy to virtual_server" = virtual1
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RADIUS ports
Hi, > > Hi, > > Recently I have just configured another RADIUS server and I use > /etc/services for radius service ports. > I use auth port 1645 and acct port 1646. But, are these ports better than > auth port 1812 and act port 1813 ? What ports are more standart ? RFC ports - 1812, 1813 alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius authentication
Hi, > I recieve an error in my log file of a missing Authen/Radius.pm file. I > think this is a radius client perl module, does any one know where I can > download this from, or wether there is a better solution, or I am doing > somethin wrong, I am new to all this Radius authentication. as per other recent mailing list - either check your systems package manager for perl-radius packages, use CPAN to install Authen::RADIUS or get the pacakge direct http://search.cpan.org/~manowar/RadiusPerl-0.12/Radius.pm alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmantation Fault on -HUP
Dmitry A. Sysoev wrote: > Thanks for answer. And I must upgrade > the oracle database on upgrade 1.1.7 to 2.0.x? No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius authentication
Hi, My Radius client is working fine with the Radius Server, however I would also like to use this authentication on this same web server on a free resource calender application I have downloaded, to authenticate, I have created a Auth_radius.pl file with the following parameteres, as recommended by the developers, however they have not used radius authentication before. #!/usr/bin/perl use Authen::Radius; my $username = shift; my $password = shift; my $r = new Authen::Radius(Host => 'myserver', Secret => 'mysecret'); my $result = $r->check_pwd($username, $password); exit ($result == 1) ? 0 : 1; I recieve an error in my log file of a missing Authen/Radius.pm file. I think this is a radius client perl module, does any one know where I can download this from, or wether there is a better solution, or I am doing somethin wrong, I am new to all this Radius authentication. Charnjit - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Segmantation Fault on -HUP
Thanks for answer. And I must upgrade the oracle database on upgrade 1.1.7 to 2.0.x? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RADIUS ports
Santiago Balaguer García wrote: > Hi, > > Recently I have just configured another RADIUS server and I use > /etc/services for radius service ports. > I use auth port 1645 and acct port 1646. But, are these ports better > than auth port 1812 and act port 1813 ? What ports are more standart ? 1812 and 1813 are standard. You can use both at the same time, however. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius, Cisco SSC, eDirectory, EAP/(T)TLS Problem
Sven 'Darkman' Michels wrote: > ...The > only problem i had was "where to force the client cert when using > eap/tls" EAP-TLS *always* uses a client cert. > which seems to work except that the cisco client simply don't offer a > cert when using ttls. As far as i know, this requirement is not often > met at any client (you posted some note about a while ago...) Yes. > so we're > calling cisco today to clearify how we can do maschine and user > authentification with forced clientcert (i can only do ttls for > maschine AND user/pw auth and not doing like tls for maschine and ttls > for user/pw - their client doesn't support that - the new client just > crashes when the server requires a cert, horray ;). Nice! > Thanks for your help so far - the main issue was the old freeradius as > it seems... Yes. Upgrading is usually a good idea. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RADIUS ports
Hi, Recently I have just configured another RADIUS server and I use /etc/services for radius service ports. I use auth port 1645 and acct port 1646. But, are these ports better than auth port 1812 and act port 1813 ? What ports are more standart ? Santiago _ Tecnología, moda, motor, viajes,…suscríbete a nuestros boletines para estar siempre a la última http://newsletters.msn.com/hm/maintenanceeses.asp?L=ES&C=ES&P=WCMaintenance&Brand=WL&RU=http%3a%2f%2fmail.live.com- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius, Cisco SSC, eDirectory, EAP/(T)TLS Problem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Alan DeKok wrote:
> Sven 'Darkman' Michels wrote:
>> But this works only on freeradius 2.x, doesn't it? Actually i have 1.1.0
>> from SLES10...
>
> Download the binary Suse packages: http://freeradius.org/download.html
>
> 1.1.0 is *very* old.
i noticed that, too :/ I upgraded last night to 2.0.2 and migrated the
config. Now it looks a bit better. My default server does the tls
tunneling and my inner-tunnel server is handling the ldap stuff. The
only problem i had was "where to force the client cert when using
eap/tls" - for now i just put it into the the authorize {} block:
authorize {
...
eap {
ok = return
}
update control {
EAP-TLS-Require-Client-Cert = yes
}
...
}
which seems to work except that the cisco client simply don't offer a
cert when using ttls. As far as i know, this requirement is not often
met at any client (you posted some note about a while ago...) so we're
calling cisco today to clearify how we can do maschine and user
authentification with forced clientcert (i can only do ttls for
maschine AND user/pw auth and not doing like tls for maschine and ttls
for user/pw - their client doesn't support that - the new client just
crashes when the server requires a cert, horray ;).
Thanks for your help so far - the main issue was the old freeradius as
it seems...
Regards,
Sven
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH61KRQoCguWUBzBwRAllMAJ9jP+KGH/6TboRMcUYAgi/SZN2aLgCfVw61
tQaYYdl4J63YABGefKO2q8s=
=xS2p
-END PGP SIGNATURE-
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
