Re: Freeradius 2.0 with Activedirectory Integration Failed
Anders Holm-3 wrote: > > You have two errors to fix... > > This; > /usr/local/etc/raddb/users[1]: Parse error (check) for entry DEFAULT: Unknown value ntlm_auth for attribute Auth-Type > > And this: > Errors reading /usr/local/etc/raddb/users /usr/local/etc/raddb/modules/files[7]: Instantiation failed for module "files" /usr/local/etc/raddb/sites-enabled/inner-tunnel[111]: Failed to find >> module "files". /usr/local/etc/raddb/sites-enabled/inner-tunnel[34]: Errors parsing authorize section. } } Errors initializing modules It seems like it require an external ntlm_auth to execute, rather than one that is embedded in MSCHAP module. >>> >>> Well, yes. You said you were following the instructions in >>> >>> http://deployingradius.com/documents/configuration/active_directory.html >>> >>> That's one of the steps. Just add ntlm_auth to authenticate in both >>> virtual servers (default and inner-tunnel). > > Is this the step you are struggling with? > >> The URL that I was following is using freeradius 1.x > > A lot of the documentation on the site is for 1.x so when you have > figured things out, documenting it is a geeat way to return something > to the project > >> Now, I am using freeradius 2.x, and thus I skipped the creation of >> "exec >> ntlm_auth" >> >> Furthermore, I do not know how to do so... > > If the docs don't give an example, this is your chance to help getting > it updated. > >> I tried to add it to the "exec" file in the module directory, but it >> didn't >> work. >> The error is still reported to be the same. > > Well, yes, as it is still the same problem. > >> Should I fall back to freeradius 1.x instead? > > No. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > Hi Anders, The problems that you have highlighted are the ones that I have having :-) I added "exec ntlm_auth" into the exec file in the modules folder, and as Ivan has recommended, I added a line to the users file. The next step is to make exec ntlm_auth recognized by the radius configuration. Currently, there are some questions that are going on in my head... :confused: 1. Must the ntlm_auth be placed in modules or in radiusd.conf? If the configuration exec ntlm_auth is to be placed in modules, which modules? 2. In the URL, that indicated that I must input ntlm_auth into the authenticate routine in freeradius 1.x, but freeradius 2.x is all separated, any idea which is the one that I should placed into? I will do some trial and error on my end though... And I think that after being successful on this, I will need help from you guys to get this documented, I think that freeradius 2.x has very little documentation, and not many will be willing to take the plunge to 2.x... Thanks! Regards, Andy -- View this message in context: http://www.nabble.com/Freeradius-2.0-with-Activedirectory-Integration-Failed-tp20355701p20415385.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Need help to use 802.1x with WEP and WPA/AES
Hello All, Now, I'm using 802.1x for authenticating wireless user. But unfortunately, I cannot use 802.1x with WEP and WPA(WPA2)/AES. Can anybody help me and tell me why I cannot use 802.1x with methods encryption above. Best Regard, SangLee - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.0 with Activedirectory Integration Failed
You have two errors to fix... This; /usr/local/etc/raddb/users[1]: Parse error (check) for entry DEFAULT: Unknown value ntlm_auth for attribute Auth-Type And this: Errors reading /usr/local/etc/raddb/users /usr/local/etc/raddb/modules/files[7]: Instantiation failed for module "files" /usr/local/etc/raddb/sites-enabled/inner-tunnel[111]: Failed to find module "files". /usr/local/etc/raddb/sites-enabled/inner-tunnel[34]: Errors parsing authorize section. } } Errors initializing modules It seems like it require an external ntlm_auth to execute, rather than one that is embedded in MSCHAP module. Well, yes. You said you were following the instructions in http://deployingradius.com/documents/configuration/active_directory.html That's one of the steps. Just add ntlm_auth to authenticate in both virtual servers (default and inner-tunnel). Is this the step you are struggling with? The URL that I was following is using freeradius 1.x A lot of the documentation on the site is for 1.x so when you have figured things out, documenting it is a geeat way to return something to the project Now, I am using freeradius 2.x, and thus I skipped the creation of "exec ntlm_auth" Furthermore, I do not know how to do so... If the docs don't give an example, this is your chance to help getting it updated. I tried to add it to the "exec" file in the module directory, but it didn't work. The error is still reported to be the same. Well, yes, as it is still the same problem. Should I fall back to freeradius 1.x instead? No. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.0 with Activedirectory Integration Failed
tnt-4 wrote: > >>Firstly, Thanks for taking time to look at the problems I am facing. >> >>I have followed your instructions, and set the following in the users file: >>DEFAULT Auth-Type = ntlm_auth >> >>After doing that, I ran radiusd -X >>The configuration was fine at the beginning, but as it reaches an abrupt >>stop with the following errors in the debug: >>/usr/local/etc/raddb/users[1]: Parse error (check) for entry DEFAULT: >>Unknown value ntlm_auth for attribute Auth-Type >>Errors reading /usr/local/etc/raddb/users >>/usr/local/etc/raddb/modules/files[7]: Instantiation failed for module >>"files" >>/usr/local/etc/raddb/sites-enabled/inner-tunnel[111]: Failed to find module >>"files". >>/usr/local/etc/raddb/sites-enabled/inner-tunnel[34]: Errors parsing >>authorize section. >> } >>} >>Errors initializing modules >> >>It seems like it require an external ntlm_auth to execute, rather than one >>that is embedded in MSCHAP module. >> > > Well, yes. You said you were following the instructions in > > http://deployingradius.com/documents/configuration/active_directory.html > > That's one of the steps. Just add ntlm_auth to authenticate in both > virtual servers (default and inner-tunnel). > > Ivan Kalik > Kalik Informatika ISP > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > The URL that I was following is using freeradius 1.x Now, I am using freeradius 2.x, and thus I skipped the creation of "exec ntlm_auth" Furthermore, I do not know how to do so... I tried to add it to the "exec" file in the module directory, but it didn't work. The error is still reported to be the same. Should I fall back to freeradius 1.x instead? Regards, Andy -- View this message in context: http://www.nabble.com/Freeradius-2.0-with-Activedirectory-Integration-Failed-tp20355701p20413490.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning wrong value?
Answers before questions? Novel idea. "limited to 4GB" Sent from my iPhone On 9 Nov 2008, at 14:00, "liran tal" <[EMAIL PROTECTED]> wrote: On Sun, Nov 9, 2008 at 6:00 AM, Venkatesh K <[EMAIL PROTECTED]> wrote: Hi Liran, On Sun, Nov 9, 2008 at 4:16 AM, liran tal <[EMAIL PROTECTED]> wrote: > Hey Venkatesh, > > On Fri, Oct 31, 2008 at 2:26 AM, Venkatesh K <[EMAIL PROTECTED]> wrote: >> >> rlm_sqlcounter has one more limitation. In version 1.1.7, the maximum >> counter value was limited to <2G whereas in 2.1.1 it seems to be <4G. >> This imposes an artificial limitation of maximum of 4GB of downloads. >> I had a workaround where I patched rlm_sqlcounter to limit the per >> session downloads to 4GB if allowed usage exceeds 4GB. > > Sorry for the late reply. > I applied your patch and now data counters work as expected with a minor > exception, the 2Gb limit > as you have stated previously. Possibly you could also post the patch for > the 2Gb/4Gb limit? > I'm hoping it's compatible with FR 1.1.7 as well. > It is ok. I am happy to know it works for you. I will email you a patch for 1.1.7 in couple of days. The patch is going to impose certain limitations on you. The maximum return value should be less than unsigned integer(32bit). The maximum reply value for data will be limited to 4GB even if actual value is more than 4GB. So, there will be a per session limit of 4GB though user is authorized to transfer more data. So the check value of the attribute remains a number bigger than 4GB, for example an 8GB limit but the reply attribute that is sent will contain a value of <= 4GB due to the limit? Thanks, Liran. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning wrong value?
On Sun, Nov 9, 2008 at 6:00 AM, Venkatesh K <[EMAIL PROTECTED]> wrote: > Hi Liran, > > On Sun, Nov 9, 2008 at 4:16 AM, liran tal <[EMAIL PROTECTED]> wrote: > > Hey Venkatesh, > > > > On Fri, Oct 31, 2008 at 2:26 AM, Venkatesh K <[EMAIL PROTECTED]> wrote: > >> > >> rlm_sqlcounter has one more limitation. In version 1.1.7, the maximum > >> counter value was limited to <2G whereas in 2.1.1 it seems to be <4G. > >> This imposes an artificial limitation of maximum of 4GB of downloads. > >> I had a workaround where I patched rlm_sqlcounter to limit the per > >> session downloads to 4GB if allowed usage exceeds 4GB. > > > > Sorry for the late reply. > > I applied your patch and now data counters work as expected with a minor > > exception, the 2Gb limit > > as you have stated previously. Possibly you could also post the patch for > > the 2Gb/4Gb limit? > > I'm hoping it's compatible with FR 1.1.7 as well. > > > It is ok. I am happy to know it works for you. I will email you a > patch for 1.1.7 in couple of days. The patch is going to impose > certain limitations on you. The maximum return value should be less > than unsigned integer(32bit). The maximum reply value for data will be > limited to 4GB even if actual value is more than 4GB. So, there will > be a per session limit of 4GB though user is authorized to transfer > more data. > So the check value of the attribute remains a number bigger than 4GB, for example an 8GB limit but the reply attribute that is sent will contain a value of <= 4GB due to the limit? Thanks, Liran. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
