autthentication error
Hi, I have configurated a freeradius server using MySql authentication. When i run radtest i get a succefull response: rad_recv: Access-Request packet from host 127.0.0.1 port 45562, id=209, length=59 User-Name = sqltest User-Password = testpwd NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = sqltest, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop expand: %{User-Name} - sqltest [sql] sql_set_user escaped user -- 'sqltest' rlm_sql (sql): Reserving sql socket id: 3 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'sqltest' ORDER BY id [sql] User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM radreply WHERE username = 'sqltest' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority - SELECT groupname FROM radusergroup WHERE username = 'sqltest' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password testpwd [pap] Using clear text password testpwd [pap] User authenticated successfully ++[pap] returns ok +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 209 to 127.0.0.1 port 45562 Finished request 20. Going to the next request Now i have configurated a windows supplicant, when i enter the credentials for login from the suplicant pc, the radius server always sends a rejected response in the servers terminal(i have freeradius over debug mode to se all the messages), this is what i get: Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.4 port 3666, id=0, length=139 Cleaning up request 18 ID 0 with timestamp +502 User-Name = sqltest NAS-IP-Address = 192.168.1.4 Called-Station-Id = 00226b81bae1 Calling-Station-Id = 002369764cef NAS-Identifier = 00226b81bae1 NAS-Port = 21 Framed-MTU = 1400 State = 0x5589d8c55588dc92d29bccd07151cb7c NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020100060319 Message-Authenticator = 0xb35d1b6482700c1122714ca033d1e480 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = sqltest, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] EAP packet type response id 1 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop expand: %{User-Name} - sqltest [sql] sql_set_user escaped user -- 'sqltest' rlm_sql (sql): Reserving sql socket id: 4 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'sqltest' ORDER BY id [sql] User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM radreply WHERE username = 'sqltest' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority - SELECT groupname FROM radusergroup WHERE username = 'sqltest' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] NAK asked for unsupported type 25 [eap] No common EAP types found. [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} expand: %{User-Name} - sqltest attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 19 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 19 Sending Access-Reject of id 0 to 192.168.1.4 port 3666 EAP-Message = 0x04010004 Message-Authenticator
Re: autthentication error
shirkavand wrote: As i can see the error is located here: Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] NAK asked for unsupported type 25 [eap] No common EAP types found. [eap] Failed in EAP select Exactly. You need to build the server with SSL support. when the windows suppllicant tryes to access the server found an EAP authentication..that from some reason fails, when i do a radtest the the server tells: radtest doesn't do EAP. The supplicant does. I have configurated the windows client as recomended over in wiki.freeradius.org http://freeradius.org site http://deployingradius.com/ has complete instructions for testing EAP, and building with OpenSSL. Also search the Wiki for OpenSSL. You should see instructions. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
ok, I think the server is reading files on the path: /usr/local/etc/ so, I modified the file /usr/local/etc/raddb/clients.conf by adding: client ipipgw { ipaddr = 192.168.6.201 secret = testing123 shortname = c3725 nastype = cisco login = user password= userpass } and this is the debug output: Ready to process requests. rad_recv: Access-Request packet from host 192.168.6.201 port 1645, id=4, length=84 User-Name = thanh User-Password = -*\333\003D\215\345\\\302\036\251\320:\373ȇ NAS-Port = 98 NAS-Port-Id = tty98 NAS-Port-Type = Virtual Calling-Station-Id = 192.168.6.20 NAS-IP-Address = 192.168.6.201 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = thanh, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - thanh attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 4 to 192.168.6.201 port 1645 Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.6.201 port 1645, id=4, length=84 Sending duplicate reply to client ipipgw port 1645 - ID: 4 Sending Access-Reject of id 4 to 192.168.6.201 port 1645 Waking up in 1.2 seconds. Cleaning up request 0 ID 4 with timestamp +52 Ready to process requests. rad_recv: Access-Request packet from host 192.168.6.201 port 1645, id=4, length=84 User-Name = thanh User-Password = -*\333\003D\215\345\\\302\036\251\320:\373ȇ NAS-Port = 98 NAS-Port-Id = tty98 NAS-Port-Type = Virtual Calling-Station-Id = 192.168.6.20 NAS-IP-Address = 192.168.6.201 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = thanh, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - thanh attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 1 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 1 Sending Access-Reject of id 4 to 192.168.6.201 port 1645 Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.6.201 port 1645, id=4, length=84 Sending duplicate reply to client ipipgw port 1645 - ID: 4 Sending Access-Reject of id 4 to 192.168.6.201 port 1645 Waking up in 1.2 seconds. Cleaning up request 1 ID 4 with timestamp +61 Ready to process requests. plz tell me how to solve this. thank you vrey much - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- htt - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: autthentication error
Hi, I have configurated a freeradius server using MySql authentication. When i run radtest i get a succefull response: built yourself? so, basic SQL works. good. however, your windows client didnt - and this error here: Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] NAK asked for unsupported type 25 [eap] No common EAP types found. [eap] Failed in EAP select ++[eap] returns invalid looks like the method you are trying to use is not known to the server...did you build the server yourself? looks like it doesnt recognise (PEAP). simple search of web and mailing list shows this commonly caused by server not being built with OpenSSL or OpenSSL libraries not installed alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
Hi, User-Password = -*\333\003D\215\345\\\302\036\251\320:\373ȇ note the mess ..then note this warning: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! not sure how much more help the server can give you. you have incorrect shared secret. double check your values...trailing space? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius not recieving username from cisco
Athiqur Rahman wrote: When I open ppp connection to from windows xp laptop to my as5300 it is not sending the login credentials to the FreeRadius. FeeRadius says the username attribute was not found shrug Fix the NAS so that it sends a User-Name. Consult the NAS documentation for how to do this. There's nothing you can do to FreeRADIUS which will make the NAS send a User-Name. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.1.6: \ in %{SQL-User-Name}
Hi, I am using my Freeradius 2.1.6 to do PEAP for Windows XP clients. The usernames are in format 'Domain_name\username' I am using postgresql and my safe-characters in the dialup.conf is set to: My radcheck table looks like: id | username | attribute | op |value 4 | GTCORP\dzhao | Auth-Type | = | ntlm_auth do you care for the windows DOMAiN? you could use the realm/suffix modules and ensure that SQL-user-Name is set correctly. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
Hi, I don't know why the user-password id encrypted, how can I make a cleartext secret...;(( thank in advance On 11 May 2010 14:23, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote: Hi, User-Password = -*\333\003D\215\345\\\302\036\251\320:\373ȇ note the mess ..then note this warning: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! not sure how much more help the server can give you. you have incorrect shared secret. double check your values...trailing space? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- htt - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius 2.1.7 mschap2 depreciated condition
I am trying to build a radius server on a Licencesed RedHat ES 5.5 with the stock Freeradius 2.1.7 rpms. The problem is %{Stripped-User-Name} does not seem to be working properly. If I run radius -X I can see the following [mschapv2] +- entering group MS-CHAP {...} [mschap] Told to do MS-CHAPv2 for ouru...@scri.ac.uk with NT-Password [mschap]expand: %{Stripped-User-Name} - [mschap] WARNING: Deprecated conditional expansion :-. See man unlang for details [mschap]expand: %{User-Name:-None} - ouru...@scri.ac.uk [mschap]expand: --username=%{%{Stripped-User-Name}:-%{User-Name:-None}} - --username=ouru...@scri.ac.uk [mschap] No NT-Domain was found in the User-Name. [mschap]expand: %{mschap:NT-Domain} - [mschap]expand: --domain=%{%{mschap:NT-Domain}:-OURDOMAIN} - --domain=OURDOMAIN [mschap] mschap2: 04 [mschap]expand: --challenge=%{mschap:Challenge:-00} - --challenge=13b2ecc29de42369 [mschap]expand: --nt-response=%{mschap:NT-Response:-00} - --nt-response=f55853d43f231f154755ce89ca3136f13929f36d728dbfd9 Exec-Program output: Logon failure (0xc06d) Exec-Program-Wait: plaintext: Logon failure (0xc06d) Note : I've changed the username and domain name in the above. Is this fixable with a configuration file ? I have already got a working Centos 5.5 server using freereadius 2.1.8, but I want to move it to RedHat too match all the other infrastructure servers. Also I'm writing a build document for the system so that someone else has a document to follow in the future. Thanks iain Iain Grant Linux System Administrator Scottish Crop Research Institute Invergowrie Dundee DD2 5DA Tel : 01382 562731 x 2605 __ SCRI, Invergowrie, Dundee, DD2 5DA. The Scottish Crop Research Institute is a charitable company limited by guarantee. Registered in Scotland No: SC 29367. Recognised by the Inland Revenue as a Scottish Charity No: SC 006662. DISCLAIMER: This email is from the Scottish Crop Research Institute, but the views expressed by the sender are not necessarily the views of SCRI and its subsidiaries. This email and any files transmitted with it are confidential to the intended recipient at the e-mail address to which it has been addressed. It may not be disclosed or used by any other than that addressee. If you are not the intended recipient you are requested to preserve this confidentiality and you must not use, disclose, copy, print or rely on this e-mail in any way. Please notify postmas...@scri.ac.uk quoting the name of the sender and delete the email from your system. Although SCRI has taken reasonable precautions to ensure no viruses are present in this email, neither the Institute nor the sender accepts any responsibility for any viruses, and it is your responsibility to scan the email and the attachments (if any). __- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
Le 11/05/2010 10:09, htt thanh a écrit : Hi, I don't know why the user-password id encrypted, how can I make a cleartext secret...;(( The pb is with your client shared secret: the secret you set in /etc/raddb/clients.conf and in your NAS configuration. It seems that you haven't set the same secret in your FR configuration and in your NAS so that the password sent to FR is not correctly decrypted. Thibaukt thank in advance On 11 May 2010 14:23, Alan Buxey a.l.m.bu...@lboro.ac.uk mailto:a.l.m.bu...@lboro.ac.uk wrote: Hi, User-Password = -*\333\003D\215\345\\\302\036\251\320:\373ȇ note the mess ..then note this warning: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! not sure how much more help the server can give you. you have incorrect shared secret. double check your values...trailing space? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- htt - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.1.7 mschap2 depreciated condition
Hi, The problem is %{Stripped-User-Name} does not seem to be working properly. here was a chhange to conditional expansions some time backthe output you see is just a warningif you 'man unlang' you can see how such a condition should be written.the default config that ships with 2.1.8 should have this fixedbut just check your modules/* files for where this is used... mschapv2 or ntlm_auth from memory alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: framedipaddress
Then,which attribute they support? framedipaddress is the popular one,if they don't support ,you can ask which attribute(describe the user's IP address) they support and add this attribute to the radacct schema . that's ok. freeradius is easy to add new attributes 2010/5/10 Paweł Pogorzelski ppogorzel...@gmail.com Meru Networks Support replied me that ...Framed-IP-Address is not one of the attributes that we support. Is there anything that I can do? -- Best regards Paweł Pogorzelski e-mail: ppogorzel...@gmail.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd: segmentation fault
Nothing I can help. Maybe you can check the dynamic shared library,they may conflict with radiusd, 2010/5/7 kes-...@yandex.ru Здравствуйте, Коньков. Вы писали 6 мая 2010 г., 23:58:44: КЕ Help pls to resolve problem why radiusd segfault КЕ or give clue КЕ kes# radiusd -v КЕ radiusd: FreeRADIUS Version 2.1.3, for host КЕ i386-portbld-freebsd7.1, built on Jan 6 2009 at 10:52:08 КЕ Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. КЕ There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A КЕ PARTICULAR PURPOSE. КЕ You may redistribute copies of FreeRADIUS under the terms of the КЕ GNU General Public License. КЕ For more information about these matters, see the file named COPYRIGHT. КЕ kes# uname -a КЕ FreeBSD kes.net.ua 7.1-RELEASE FreeBSD 7.1-RELEASE #0: Sat Jan 3 01:15:39 EET 2009 КЕ k...@in.lan:/usr/obj/usr/src/sys/KES_KERN_v7 i386 КЕ I did not find any radiusd.core files in the system =( КЕ if any other infomation may usefull I can send КЕ Thank you vpn_shadow# radiusd -v radiusd: FreeRADIUS Version 2.1.8, for host amd64-portbld-freebsd7.2, built on May 3 2010 at 13:08:56 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. For more information about these matters, see the file named COPYRIGHT. vpn_shadow# uname -a FreeBSD vpn_shadow.in 7.2-RELEASE FreeBSD 7.2-RELEASE #1: Fri Nov 13 12:33:55 EET 2009 d...@vpn_shadow.in:/usr/obj/usr/src/sys/vpn amd64 On this machine same result -- С уважением, Kes-kes mailto:kes-...@yandex.ru - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: free NAS ?
any other function do you need? On Sat, May 8, 2010 at 3:46 AM, VU VAN HUNG vanhung2...@gmail.com wrote: sunhualing wrote: hostapd as a NAS, authenticator wpa-supplicant as a supplicant On Fri, May 7, 2010 at 1:31 AM, Jeff Voskamp javos...@uwaterloo.camailto: javos...@uwaterloo.ca wrote: On 05/06/2010 01:27 PM, John McDonnell wrote: On May 6th, 2010 at 1:09 PM, Randal Carpenter wrote: Try openfiler, at http://www.openfiler.com/, it emulates both SAN and NAS equipment. On Thu, May 6, 2010 at 5:56 AM, VU VAN HUNGvanhung2...@gmail.com mailto:vanhung2...@gmail.com wrote: Hi all, I just wonder that are there any open source software that have same functionalities like Network Access Server ? Because I see that there's Asterisk, which 's like a PBX. Best, Hung, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html There's always FreeNAS as well... http://freenas.org/freenas Wrong NAS - those ones are Network Attached Storage, not Network Access Server. Dang TLA overload. Jeff - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html hostapd only for authentication, I have tried to google but found nothing. I want to find a free NAS supporting accounting for radius server. Just found this one. Check it out ! https://www.rahunas.org/trac/ Hung, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius-Users Digest, Vol 61, Issue 37
The problem is %{Stripped-User-Name} does not seem to be working properly. here was a chhange to conditional expansions some time backthe output you see is just a warningif you 'man unlang' you can see how such a condition should be written.the default config that ships with 2.1.8 should have this fixedbut just check your modules/* files for where this is used... mschapv2 or ntlm_auth from memory This is strange as I have compared the modules/mschap files on both systems ( radius 2.1.8 on centos and radius 2.1.7 on RH ES 5.5 ) and they are identical !!! In fact I even cut and pasted the ntlm line from the working radius to the redhat radius server. Has someone else built a RedHat radius 2.1.7 server to point to an Windows ADS ?? Thanks Iain __ SCRI, Invergowrie, Dundee, DD2 5DA. The Scottish Crop Research Institute is a charitable company limited by guarantee. Registered in Scotland No: SC 29367. Recognised by the Inland Revenue as a Scottish Charity No: SC 006662. DISCLAIMER: This email is from the Scottish Crop Research Institute, but the views expressed by the sender are not necessarily the views of SCRI and its subsidiaries. This email and any files transmitted with it are confidential to the intended recipient at the e-mail address to which it has been addressed. It may not be disclosed or used by any other than that addressee. If you are not the intended recipient you are requested to preserve this confidentiality and you must not use, disclose, copy, print or rely on this e-mail in any way. Please notify postmas...@scri.ac.uk quoting the name of the sender and delete the email from your system. Although SCRI has taken reasonable precautions to ensure no viruses are present in this email, neither the Institute nor the sender accepts any responsibility for any viruses, and it is your responsibility to scan the email and the attachments (if any). __ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius-Users Digest, Vol 61, Issue 37
Hi, In fact I even cut and pasted the ntlm line from the working radius to the redhat radius server. Has someone else built a RedHat radius 2.1.7 server to point to an Windows ADS ?? yes...thats what we currently hve. you do not have a problem...the config definition will work...its just deprecated...the expansion method has changed.. you need to change it to eg (from top of head!) %{Stripped-User-Name:-%{User-Name:-none}} becomes %{Stripped-User-Name:-%{%{User-Name}:-%{none}}} as said, its documented in the 'unlang' man pageand i really thought all old deprecated calls in the default config had been wiped away - they really need to be for the 2.1.9 and 2.2.x releases as they just complicate issues! alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius 2.1.7 mschap2 depreciated condition
Solved it, I had not added my realms to the bottom of proxy.conf. Once changed everything is working. Thanks iain __ SCRI, Invergowrie, Dundee, DD2 5DA. The Scottish Crop Research Institute is a charitable company limited by guarantee. Registered in Scotland No: SC 29367. Recognised by the Inland Revenue as a Scottish Charity No: SC 006662. DISCLAIMER: This email is from the Scottish Crop Research Institute, but the views expressed by the sender are not necessarily the views of SCRI and its subsidiaries. This email and any files transmitted with it are confidential to the intended recipient at the e-mail address to which it has been addressed. It may not be disclosed or used by any other than that addressee. If you are not the intended recipient you are requested to preserve this confidentiality and you must not use, disclose, copy, print or rely on this e-mail in any way. Please notify postmas...@scri.ac.uk quoting the name of the sender and delete the email from your system. Although SCRI has taken reasonable precautions to ensure no viruses are present in this email, neither the Institute nor the sender accepts any responsibility for any viruses, and it is your responsibility to scan the email and the attachments (if any). __ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.1.7 mschap2 depreciated condition
Hi, The problem is %{Stripped-User-Name} does not seem to be working properly. further to this, the stripped-user-name doesnt exist - which is why its not being usedif this is the case then you are not running required module that understands the realm part or do not have scri.ac.uk as a defined realm in the proxy.conf - check that you are running the required modules (preprocess, suffix and ntdomain are usual friends) check the debug startup output of the old server and of the new server ad , if similar architecture (eg both 2.1.x) you can also diff the config files. very handy. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Adding a signed certificate from a signing authority
Apologies I seem to be hogging this today. My radius server is working fine, so now I want to add a signed certificate from a certificate authority. Are there any pointers on how to do this. I have found and carried out the steps on the wiki site around using snake oil certificates and then creating your own producution certificates. But I now would like to add the externally signed certificate for added security. Thanks again Iain __ SCRI, Invergowrie, Dundee, DD2 5DA. The Scottish Crop Research Institute is a charitable company limited by guarantee. Registered in Scotland No: SC 29367. Recognised by the Inland Revenue as a Scottish Charity No: SC 006662. DISCLAIMER: This email is from the Scottish Crop Research Institute, but the views expressed by the sender are not necessarily the views of SCRI and its subsidiaries. This email and any files transmitted with it are confidential to the intended recipient at the e-mail address to which it has been addressed. It may not be disclosed or used by any other than that addressee. If you are not the intended recipient you are requested to preserve this confidentiality and you must not use, disclose, copy, print or rely on this e-mail in any way. Please notify postmas...@scri.ac.uk quoting the name of the sender and delete the email from your system. Although SCRI has taken reasonable precautions to ensure no viruses are present in this email, neither the Institute nor the sender accepts any responsibility for any viruses, and it is your responsibility to scan the email and the attachments (if any). __- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: framedipaddress
Than You sunhualing for advice. I'm waiting for answer from Meru. -- Pozdrawiam/Best regards Paweł Pogorzelski e-mail: ppogorzel...@gmail.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Simultneous-Use + SQL + Checkrad
Hi All! I use Freeradius 2.0.4(deb pack) with Mysql 5.0.51. The online users check not work in the NAS with checkrad script my network. I read the list and forums but not founded solution. Question: working the checkrad script without radutmp? my config: radcheck- Simultaneous-Use: =1 accounting ( sql sqlippool ) session ( sql ) uncomment: simul_count_query... in dialup.conf include: sql.conf etc.. in the radiusd.conf Best Regards Steve ps: sorry my english - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Adding a signed certificate from a signing authority
Hi, I have found and carried out the steps on the wiki site around using “snake oil” certificates and then creating your own producution certificates. But I now would like to add the externally signed certificate for added security. surejust put the relevant files into the right place...and edit the eap.conf accordingly. you will need the server cert and the CA.. if the CA is a chained cert, then you'll need the CA and its next up 9and its next up and its next up etc) concatenated in the same single file. theres nothing magical about using real certs...these days it seems some real world certs are just as work-causing/onerous as 'snake oil' certs. personally, I fall into the 'closed loop' camp which believes that using your own CA is more secure than some random external CA that anyone can get a cert fromnoone else but your users will authenticate against your RADIUS server (external visitors get proxied and only have to trust their home RADIUS)and, as previously mentioned, lots of current external 3rd parties require you to update/change/install certs on the client (take the recent TERENA SSLs served by JANET for example.) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: framedipaddress
Unfortunately Meru claims that the client IP address is not sent to the radius in any other attribute either. -- Pozdrawiam/Best regards Paweł Pogorzelski e-mail: ppogorzel...@gmail.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: framedipaddress
Paweł Pogorzelski wrote: Unfortunately Meru claims that the client IP address is not sent to the radius in any other attribute either. Buy a NAS that works. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to demonize 'radiusd -s'
Hi, FreeRadius. Is this posible to demonize 'radiusd -s' ? -- Eugen Konkov mailto:kes-...@yandex.ru - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius-server-2.1.8
I installed on a server machine: freeradius-server-2.1.8 I wrote in the terminal: radiusd-X Now I want to test a remote access client with radtest, is what the client must be equipped with He commend freeradius-server-2.1.8 or not? what I should do in the client side _ Hotmail: Powerful Free email with security by Microsoft. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius-server-2.1.8
dorra aa wrote: I installed on a server machine: freeradius-server-2.1.8 I wrote in the terminal: radiusd-X Why would you do that? Nothing in *any* documentation says that's a good idea. Now I want to test a remote access client with radtest, is what the client must be equipped with He commend freeradius-server-2.1.8 or not? what I should do in the client side The client needs a radius client... like radtest. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius-server-2.1.8
this is not my idea.it's the idea of my professor. i have no idea about the radius and he wants me to work in it just in 2 weeks.I'm shearching in many forum but i don't understand because of many errorsnow i want to test with radtest name password 192.168.1.12 1812 secretshould i write it in the terminal of server?Please help me in the first stages. :((( Date: Tue, 11 May 2010 21:45:19 +0200 From: al...@deployingradius.com To: freeradius-users@lists.freeradius.org Subject: Re: freeradius-server-2.1.8 dorra aa wrote: I installed on a server machine: freeradius-server-2.1.8 I wrote in the terminal: radiusd-X Why would you do that? Nothing in *any* documentation says that's a good idea. Now I want to test a remote access client with radtest, is what the client must be equipped with He commend freeradius-server-2.1.8 or not? what I should do in the client side The client needs a radius client... like radtest. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Hotmail: Powerful Free email with security by Microsoft. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius-server-2.1.8
On 05/11/2010 04:17 PM, dorra aa wrote: this is not my idea.it's the idea of my professor. i have no idea about the radius and he wants me to work in it just in 2 weeks. You want us to do your course assignments for you? -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius-server-2.1.8
On May 11, 2010, at 1:25 PM, John Dennis wrote: On 05/11/2010 04:17 PM, dorra aa wrote: this is not my idea.it's the idea of my professor. i have no idea about the radius and he wants me to work in it just in 2 weeks. You want us to do your course assignments for you? Kids these days, tsk tsk. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius-server-2.1.8
running radius in debug mode in the background shouldn't provide anything useful tho. just a thought... On Tue, 11 May 2010 19:36:24 +, dorra aa wrote: I installed on a server machine: freeradius-server-2.1.8 I wrote in the terminal: radiusd-X Mike Nichols My Own SOHO m...@myownsoho.net http://myownsoho.com 212 202-2194 Links: -- [1] https://signup.live.com/signup.aspx?id=60969 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius-server-2.1.8
Maybe the professor wanted to learn him how to work with operator and radiusd -X is just a simple command :) now, lets get to work, Tell us what you want to achieve then there is a chance to see something usable on this list Mike Nichols wrote: running radius in debug mode in the background shouldn't provide anything useful tho. just a thought... On Tue, 11 May 2010 19:36:24 +, dorra aa dj_dido2...@hotmail.com wrote: I installed on a server machine: freeradius-server-2.1.8 I wrote in the terminal: radiusd-X Now I want to test a remote access client with radtest, is what the client must be equipped with He commend freeradius-server-2.1.8 or not? what I should do in the client side Hotmail: Powerful Free email with security by Microsoft. Get it now. https://signup.live.com/signup.aspx?id=60969 -- Mike Nichols My Own SOHO m...@myownsoho.net http://myownsoho.com 212 202-2194 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius-server-2.1.8
when i wrote that # radtest dorra mesh 192.168.1.65 1812 testing123 i had this error r...@pfe-laptop:/home/pfe/freeradius-server-2.1.8/raddb# radtest dorra mesh 192.168.1.65 1812 testing123 Sending Access-Request of id 224 to 192.168.1.65 port 1812 User-Name = dorra User-Password = mesh NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 Sending Access-Request of id 224 to 192.168.1.65 port 1812 User-Name = dorra User-Password = mesh NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 Sending Access-Request of id 224 to 192.168.1.65 port 1812 User-Name = dorra User-Password = mesh NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 radclient: no response from server for ID 224 socket 3 and ther is nothing in the output of radiusd -X Date: Wed, 12 May 2010 01:51:28 +0200 From: mangi...@gmail.com To: m...@myownsoho.net; freeradius-users@lists.freeradius.org Subject: Re: freeradius-server-2.1.8 Maybe the professor wanted to learn him how to work with operator and radiusd -X is just a simple command :) now, lets get to work, Tell us what you want to achieve then there is a chance to see something usable on this list Mike Nichols wrote: running radius in debug mode in the background shouldn't provide anything useful tho. just a thought... On Tue, 11 May 2010 19:36:24 +, dorra aa dj_dido2...@hotmail.com wrote: I installed on a server machine: freeradius-server-2.1.8 I wrote in the terminal: radiusd-X Now I want to test a remote access client with radtest, is what the client must be equipped with He commend freeradius-server-2.1.8 or not? what I should do in the client side Hotmail: Powerful Free email with security by Microsoft. Get it now. https://signup.live.com/signup.aspx?id=60969 -- Mike Nichols My Own SOHO m...@myownsoho.net http://myownsoho.com 212 202-2194 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html