Configuration Doubt
I have recently configured freeradius for mac authentication I have a successful login from client . But when trying to connect to server again from client after disconnecting the server is sending a access-reject packet. But when restarted the os and again connecting there is no problem . But when trying to reconnect there exits the earlier mentioned problem. Is this caused due to switch or client os I have also found that for some case the switch is not for warding the request . i am using a DWL-3200 dlink switch why this is happening ? Hope some one will respond . - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP address assignment for the authenticated users in Free
Alan Thanks for the quick reply. I would like to have one more clarification. Can we use IP addrss as Attribute value pair so that the RADIUS server throws IPs dynamically to users after authentication. Regards Anoop Anoop C wrote: > Hi > We are running EAP-TLS authentication for office users using WiFi > network. This is a certificate based authentication and we are using Free > RADIUS. > I would like to know whether we can assign IP address dynamically to the > users through FREE RADIUS server ie RADIUS server works as DHCP server. For WiFi authentication, you need a DHCP server. Sending IP addresses to the NAS in a RADIUS packet won't work. > So > after successful authentication Server should through an IP address which is > configured against that particular MAC of the user in the server. No. You need a DHCP server. You can configure FreeRADIUS to be a DHCP server, but that involves creating a DHCP configuration, not a RADIUS configuration. Alan DeKok. Get your world in your inbox! Mail, widgets, documents, spreadsheets, organizer and much more with your Sifymail WIYI id! Log on to http://www.sify.com ** DISCLAIMER ** Information contained and transmitted by this E-MAIL is proprietary to Sify Limited and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If this is a forwarded message, the content of this E-MAIL may not have been sent with the authority of the Company. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the named recipient, you are notified that any use, distribution, transmission, printing, copying or dissemination of this information in any way or in any manner is strictly prohibited. If you have received this communication in error, please delete this mail & notify us immediately at ad...@sifycorp.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
IP address assignment for the authenticated users in Free radius
Hi We are running EAP-TLS authentication for office users using WiFi network. This is a certificate based authentication and we are using Free RADIUS. I would like to know whether we can assign IP address dynamically to the users through FREE RADIUS server ie RADIUS server works as DHCP server. So after successful authentication Server should through an IP address which is configured against that particular MAC of the user in the server. Regards Anoop C Get your world in your inbox! Mail, widgets, documents, spreadsheets, organizer and much more with your Sifymail WIYI id! Log on to http://www.sify.com ** DISCLAIMER ** Information contained and transmitted by this E-MAIL is proprietary to Sify Limited and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If this is a forwarded message, the content of this E-MAIL may not have been sent with the authority of the Company. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the named recipient, you are notified that any use, distribution, transmission, printing, copying or dissemination of this information in any way or in any manner is strictly prohibited. If you have received this communication in error, please delete this mail & notify us immediately at ad...@sifycorp.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Re: Free radius 2.1.4 Installation
Hi I have installed the python package python-2.2.3-26.i386.rpm with redhat linux 9 Regards Anoop -Original Message- From: anoop c [mailto:anoop.cherilth...@sifycorp.com] Sent: Tuesday, May 12, 2009 10:52 AM To: 'freeradius-users@lists.freeradius.org' Subject: Re: Free radius 2.1.4 Installation Hi Thanks for the response. I have installed Python-3.1a1 in redhat linux 9. Which version I should install for FREERADIUS or which file I should look for? Thanks in advance Anoop Get your world in your inbox! Mail, widgets, documents, spreadsheets, organizer and much more with your Sifymail WIYI id! Log on to http://www.sify.com ** DISCLAIMER ** Information contained and transmitted by this E-MAIL is proprietary to Sify Limited and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If this is a forwarded message, the content of this E-MAIL may not have been sent with the authority of the Company. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the named recipient, you are notified that any use, distribution, transmission, printing, copying or dissemination of this information in any way or in any manner is strictly prohibited. If you have received this communication in error, please delete this mail & notify us immediately at ad...@sifycorp.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Free radius 2.1.4 Installation
Hi Thanks for the response. I have installed Python-3.1a1 in redhat linux 9. Which version I should install for FREERADIUS or which file I should look for? Thanks in advance Anoop Get your world in your inbox! Mail, widgets, documents, spreadsheets, organizer and much more with your Sifymail WIYI id! Log on to http://www.sify.com ** DISCLAIMER ** Information contained and transmitted by this E-MAIL is proprietary to Sify Limited and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If this is a forwarded message, the content of this E-MAIL may not have been sent with the authority of the Company. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the named recipient, you are notified that any use, distribution, transmission, printing, copying or dissemination of this information in any way or in any manner is strictly prohibited. If you have received this communication in error, please delete this mail & notify us immediately at ad...@sifycorp.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FREE RADIUS INSTALLTION WITH 2.1.4
Hi I am getting the following error while installing FREERADIUS 2.1.4.Kindly find the error messages while doing the make. n.c:361: `gstate' undeclared (first use in this function) rlm_python.c:361: warning: implicit declaration of function `PyGILState_Ensure' rlm_python.c: In function `python_load_function': rlm_python.c:470: `PyGILState_STATE' undeclared (first use in this function) rlm_python.c:470: parse error before "gstate" rlm_python.c:472: `gstate' undeclared (first use in this function) rlm_python.c: In function `python_objclear': rlm_python.c:508: `PyGILState_STATE' undeclared (first use in this function) rlm_python.c:508: parse error before "__gstate" rlm_python.c:510: `__gstate' undeclared (first use in this function) gmake[6]: *** [rlm_python.lo] Error 1 gmake[6]: Leaving directory `/home/freeradius-server-2.1.4/src/modules/rlm_python' gmake[5]: *** [common] Error 2 gmake[5]: Leaving directory `/home/freeradius-server-2.1.4/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/home/freeradius-server-2.1.4/src/modules' gmake[3]: *** [common] Error 2 gmake[3]: Leaving directory `/home/freeradius-server-2.1.4/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/home/freeradius-server-2.1.4/src' gmake[1]: *** [common] Error 2 gmake[1]: Leaving directory `/home/freeradius-server-2.1.4' make: *** [all] Error 2 [r...@radius freeradius-server-2.1.4]# Regards Anoop -Original Message- From: freeradius-users-bounces+anoop_c=sifycorp@lists.freeradius.org [mailto:freeradius-users-bounces+anoop_c=sifycorp@lists.freeradius.org] On Behalf Of freeradius-users-requ...@lists.freeradius.org Sent: Monday, May 11, 2009 4:34 PM To: freeradius-users@lists.freeradius.org Subject: Freeradius-Users Digest, Vol 49, Issue 30 Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to freeradius-users-requ...@lists.freeradius.org You can reach the person managing the list at freeradius-users-ow...@lists.freeradius.org When replying, please edit your Subject line so it is more specific than "Re: Contents of Freeradius-Users digest..." Today's Topics: 1. check-item NAS-IP-ADdress & Calling-Station-ID with openldap (Fran?ois Mehault) -- Message: 1 Date: Mon, 11 May 2009 13:03:31 +0200 From: Fran?ois Mehault Subject: check-item NAS-IP-ADdress & Calling-Station-ID with openldap To: "freeradius-users@lists.freeradius.org" Message-ID: <88a1fb305b58da419d0f2cfdbb95b2d812af0fc...@sylvaner.netis.priv> Content-Type: text/plain; charset="iso-8859-1" Hi All, I want to use FreeRadius to administer network equipement. I use also OpenLDAP to stock information about users. FreeRADIUS and OpenLDAP are installed on the same server FreeBSD 7.0. I contact a Network equipement (like catalyst cisco 2950 v12.1) with putty (ssh/telnet). To resume : Windows XP -> ssh or telnet -> Cisco 2950 (client radius/authenticator/NAS) -> EAPoRadius (I suppose) -> FreeRADIUS & OpenLDAP For the moment, I don't install/configure supplicant on the Windows XP, I don't know if it's require because I don't want to use FreeRADIUS to auhtenticate my Windows session. I have an active directory to do this. I configure slapd.conf, radius.conf, clients.conf, module ldap etc ... and it's works. And now I would like to add some check-item like NAS-IP-Address and Caliing-Station-ID. But I don't succeed :s, I use checkval to do this. I have 2 questions : - Why my calling-station-id in the request is a IP and not a MAC ? - When I authenticate on the cisco 2950, I have in my log ? rlm_checkval: Item Name: NAS-IP-Address, Value: ?? ? instead of 192.168.0.50, what is the problem ??? I think I have numerous problem, If you see one of them, could you inform me ? I am a novice with freeradius (and openldap also :s ). I could give you all information you need to help me to fix my problem. Thanks for your help, Regards Franc?ois MEHAULT On my cisco 2950 : aaa new-model aaa authentication login default local group radius aaa authorization exec default group radius local aaa authorization network default group radius My ldap.attrmap : checkItem Calling-Station-Id radiusCallingStationId checkItem NAS-IP-Address radiusNASIpAddress Extract of my openldap : dn: cn=Francois MEHAULT,ou=Utilisateurs,dc=netplus,dc=fr givenName:: RnJhbsOnb2lz sn: MEHAULT uid: fmehault cn: Francois MEHAULT homeDirectory: /home/admins/fmehault
Free radius 2.1.4 Installation
Hi Kindly find the error messages shown below. n.c:361: `gstate' undeclared (first use in this function) rlm_python.c:361: warning: implicit declaration of function `PyGILState_Ensure' rlm_python.c: In function `python_load_function': rlm_python.c:470: `PyGILState_STATE' undeclared (first use in this function) rlm_python.c:470: parse error before "gstate" rlm_python.c:472: `gstate' undeclared (first use in this function) rlm_python.c: In function `python_objclear': rlm_python.c:508: `PyGILState_STATE' undeclared (first use in this function) rlm_python.c:508: parse error before "__gstate" rlm_python.c:510: `__gstate' undeclared (first use in this function) gmake[6]: *** [rlm_python.lo] Error 1 gmake[6]: Leaving directory `/home/freeradius-server-2.1.4/src/modules/rlm_python' gmake[5]: *** [common] Error 2 gmake[5]: Leaving directory `/home/freeradius-server-2.1.4/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/home/freeradius-server-2.1.4/src/modules' gmake[3]: *** [common] Error 2 gmake[3]: Leaving directory `/home/freeradius-server-2.1.4/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/home/freeradius-server-2.1.4/src' gmake[1]: *** [common] Error 2 gmake[1]: Leaving directory `/home/freeradius-server-2.1.4' make: *** [all] Error 2 [r...@radius freeradius-server-2.1.4]# Regards Anoop -Original Message- From: freeradius-users-bounces+anoop.cherilthody=sifycorp@lists.freeradius.org [mailto:freeradius-users-bounces+anoop.cherilthody=sifycorp@lists.freera dius.org] On Behalf Of freeradius-users-requ...@lists.freeradius.org Sent: Monday, May 11, 2009 1:21 PM To: freeradius-users@lists.freeradius.org Subject: Freeradius-Users Digest, Vol 49, Issue 27 Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to freeradius-users-requ...@lists.freeradius.org You can reach the person managing the list at freeradius-users-ow...@lists.freeradius.org When replying, please edit your Subject line so it is more specific than "Re: Contents of Freeradius-Users digest..." Today's Topics: 1. Re: checking authorization in the duration of connection (Nyamul Hassan) 2. Re: Fair usage package implementation (Ming-Ching Tiew) 3. Outer identity being used for LDAP group lookup in users file (Paul Dealy) 4. Free radius 2.1.4 Installation (anoop c) -- Message: 1 Date: Sun, 10 May 2009 22:38:01 +0600 From: "Nyamul Hassan" Subject: Re: checking authorization in the duration of connection To: "FreeRadius users mailing list" Message-ID: <4fe512a198c84c929c304f31fcc1f...@carteslap> Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Phew... thanks for relieving me. Mikrotik does have their problems, indeed. With each new update, sometimes new bugs are added. But, having used it for some time now, and extensively, we've had to learn how to adapt our requirements to Mikrotik's abilities. The biggest benefit that we find is, it uses Linux's powerful iptables and related TCP / IP software, and provides a very nice GUI, which is easy to teach to my techies for monitoring / basic config. Regards HASSAN - Original Message - From: "Ivan Kalik" To: "FreeRadius users mailing list" Sent: Saturday, May 09, 2009 20:58 Subject: Re: checking authorization in the duration of connection >> Sorry for barging into the thread, but something just caught my >> attention. We use Mikrotik throughout our network, and have found them >> quite useful and with the right hardware, it performs pretty well in >> our setup. >> >> But, there are guys in this forum who are quite frankly, way ahead >> than myself in terms of both knowledge and experience. So, could you >> please elaborate why you rate Mikrotik as dumb? Perhaps I am already >> in trouble! > > And plenty other people find it buggy and quirky. It has claims to support > many things which then turns out to be half-baked. But with realistic > demands - it's great value for money. > > Ivan Kalik > Kalik Informatika ISP > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Message: 2 Date: Sun, 10 May 2009 17:51:13 -0700 (PDT) From: Ming-Ching Tiew Subject: Re: Fair usage package implementation To: FreeRadius users mailing list Message-ID: <158542.11592...@web31506.ma
RE: Adding vendor specefic attributes
Hi Thanks for the response. I am using free RADIUS version 1.1.7.I just require MAC authentication alone. Is anything wrong in the 'users' file NAS will support the VSA in this case. Vendor has given the following details Network Access Server Vendor- (Code for the specific vendor) Vendor Assigned Attribute number-1 (for Input/Uplink) 2 (for Output/Downlink) Attribute format decimal Attribute value-(Desired Input/Output bandwidth) How I can configure this attribte? Thanks and regards Anoop -Original Message- From: freeradius-users-bounces+anoop_c=sifycorp@lists.freeradius.org [mailto:freeradius-users-bounces+anoop_c=sifycorp@lists.freeradius.org] On Behalf Of freeradius-users-requ...@lists.freeradius.org Sent: Monday, April 27, 2009 10:57 PM To: freeradius-users@lists.freeradius.org Subject: Freeradius-Users Digest, Vol 48, Issue 114 Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to freeradius-users-requ...@lists.freeradius.org You can reach the person managing the list at freeradius-users-ow...@lists.freeradius.org When replying, please edit your Subject line so it is more specific than "Re: Contents of Freeradius-Users digest..." Today's Topics: 1. Re: %RADIUS-4-RADIUS_ALIVE | %RADIUS-4-RADIUS_DEAD help (a.l.m.bu...@lboro.ac.uk) 2. Re: [Wimax TTLS with Alcatel - Lucent ASN GW] (Ivan Kalik) 3. RE: Adding vendor specefic attributes (Ivan Kalik) 4. Re: %RADIUS-4-RADIUS_ALIVE | %RADIUS-4-RADIUS_DEAD help (Borislav Dimitrov) 5. freeradius with active directory (David N'DAKPAZE) 6. Re: radpostauth sql logging of bad passwords (Guy Fraser) 7. Re: freeradius with active directory (bastardinho69) 8. Re: radpostauth sql logging of bad passwords (Alan DeKok) -- Message: 1 Date: Mon, 27 Apr 2009 13:41:38 +0100 From: a.l.m.bu...@lboro.ac.uk Subject: Re: %RADIUS-4-RADIUS_ALIVE | %RADIUS-4-RADIUS_DEAD help To: FreeRadius users mailing list Message-ID: <20090427124138.gc7...@lboro.ac.uk> Content-Type: text/plain; charset=us-ascii Hi, > Same box. and you do live accounting database insertions? This sounds to me very much like the classic 'tables have now grown just too big' - everything works fine then barfs one day. the request isnt getting serviced in time therefore its marking as dead..check your query times...remove wrong/unused indexes or move to 'out of band' accounting inserts - very easy with 2.1.x alan -- Message: 2 Date: Mon, 27 Apr 2009 14:36:54 +0100 (BST) From: "Ivan Kalik" Subject: Re: [Wimax TTLS with Alcatel - Lucent ASN GW] To: "FreeRadius users mailing list" Message-ID: <57087.194.176.105.43.1240839414.squir...@webmail.kalik.net> Content-Type: text/plain;charset=utf-8 > Anyway If I may reask a new question about adding multiple attribute to > reply on the radius that proxy. > > The solution you gave me, (eg use users file and match the Realm > Attribute, > DEFAULT Realm == whatever) is ok for a "ISP" radius (eg end radius), not > for a "Wholesale" radius (eg radius that proxy). > According to what I saw in debug, Realm attribute is only use in the > request (eg add by the proxy radius), but even if I force it in the reply > of the end radius, it won't be consider in the reply by the proxy radius. > > So that I can not add the wanted attribute as I would like too. > > For now what I do, is use the attrs file for first attribute, then use > unlang in post auth to add the second attribute. > Files module supports use of files in post-auth and post-proxy. Add this to raddb/modules/files: postproxy_usersfile = ${confdir}/postproxy_users Then create postproxy_users in raddb directory (where other users files are) and list that DEAFAULT entry there. Ivan Kalik Kalik Informatika ISP -- Message: 3 Date: Mon, 27 Apr 2009 14:43:25 +0100 (BST) From: "Ivan Kalik" Subject: RE: Adding vendor specefic attributes To: "FreeRadius users mailing list" Message-ID: <64565.194.176.105.44.1240839805.squir...@webmail.kalik.net> Content-Type: text/plain;charset=utf-8 >Is it possible to configure vendor specific attributes in Free RADIUS. > Please guide where can I edit the configuration. Nowhere. > I am using MAC authentication by editing the user file shown below. > > '020a6-5a7fd9 Auth-Type:=Local,User-Password=="secret" > There is so much wron
RE: Adding vendor specefic attributes
Hi Is it possible to configure vendor specific attributes in Free RADIUS. Please guide where can I edit the configuration. I am using MAC authentication by editing the user file shown below. '020a6-5a7fd9 Auth-Type:=Local,User-Password=="secret" MAC authentication is working and I would like to add a vendor specific attribute. Regards Anoop Get your world in your inbox! Mail, widgets, documents, spreadsheets, organizer and much more with your Sifymail WIYI id! Log on to http://www.sify.com ** DISCLAIMER ** Information contained and transmitted by this E-MAIL is proprietary to Sify Limited and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If this is a forwarded message, the content of this E-MAIL may not have been sent with the authority of the Company. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the named recipient, you are notified that any use, distribution, transmission, printing, copying or dissemination of this information in any way or in any manner is strictly prohibited. If you have received this communication in error, please delete this mail & notify us immediately at ad...@sifycorp.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Number of requests for Free radius
Hi I am using free radisu 1.1.7 and eap tls authentication.I would like to know the maximum number of users/ authentication requests that it can handle? Regards Anoop -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Thursday, October 25, 2007 11:02 AM To: freeradius-users@lists.freeradius.org Subject: Freeradius-Users Digest, Vol 30, Issue 91 Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of Freeradius-Users digest..." Today's Topics: 1. Access-Reject in a php script (manIP) 2. FR-2.0.0-pre2 - virtual server configuration problem - how to use client and listen (Tomasz Zieleniewski) 3. Re: Access-Reject in a php script (Alan DeKok) 4. FR-2.0.0-pre2 - doubled sql accounting (Tomasz Zieleniewski) 5. Re: FR-2.0.0-pre2 - virtual server configuration problem - how touse client and listen (Alan DeKok) 6. Re: Access-Reject in a php script ([EMAIL PROTECTED]) 7. Re: AW: AW: Newbie Question o.O (Sebastian Wild) 8. Re: AW: AW: Newbie Question o.O (Andy Billington) 9. Fw: FreeRadius Server: Installation problem (j v) -- Message: 1 Date: Wed, 24 Oct 2007 17:34:09 +0200 From: manIP <[EMAIL PROTECTED]> Subject: Access-Reject in a php script To: freeradius-users@lists.freeradius.org Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" Hi all! I am using a script for the authentication and it is working well. I can send a list of attributes without any problem. Now I want to send an "Access-Reject" if the authentication fails but I do not know how...I would be very grateful if someone could tell me how to do so. herein is a test script: #!/usr/bin/php Thanks a lot for your assistance Khalid :) -- next part -- An HTML attachment was scrubbed... URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/2007102 4/ce894a23/attachment-0001.html> -- Message: 2 Date: Wed, 24 Oct 2007 16:37:54 +0200 From: "Tomasz Zieleniewski" <[EMAIL PROTECTED]> Subject: FR-2.0.0-pre2 - virtual server configuration problem - how to use client and listen To: "FreeRadius users mailing list" Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" Hi, I have some doubts about the rules of applying client and listen blocks in comparison to virtual server setting. Is it this way that both client and listen blocks can appear in the main radiusd.conf file so that they will behave like default global setting for all defined virtual servers?? If yes then any of this section put inside the virtual server block overrides the global settings? Do I have to specify the virtual_server item in the client or listen block? What if I don't in neither of them, will it point to some default "null" server? For instance this one which doesn't have a name specified: server { } Waiting for your feedback Thanks in advance Tomasz -- next part -- An HTML attachment was scrubbed... URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/2007102 4/5eb2cadd/attachment-0001.html> -- Message: 3 Date: Wed, 24 Oct 2007 17:48:25 +0200 From: Alan DeKok <[EMAIL PROTECTED]> Subject: Re: Access-Reject in a php script To: FreeRadius users mailing list Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1 manIP wrote: > I am using a script for the authentication and it is working well. I can > send a list of attributes without any problem. > Now I want to send an "Access-Reject" if the authentication fails but I > do not know how...I would be very grateful if someone could tell me how > to do so. > herein is a test script: > > #!/usr/bin/php > $argv = $_SERVER['argv']; > if ( $argv[1] == "toto") >echo " Session-Timeout:=100"; > else >echo " Access-Reject"; //NOT WORKING!! It's not documented as doing that. Have the script return an error, and no output. Alan DeKok. -- Message: 4 Date: Wed, 24 Oct 2007 18:19:01 +0200 From: "Tomasz Zieleniewski" <[EMAIL PROTECTED]> Subject: FR-2.0.0-pre2 - doubled sql accou
EAP-TLS certificate based authentication in linux
Hi I have certificate based EAP_TLS authentication working with windows xp clients.Does the same set up works for linux also.For xp clinets i am using p12 and root.der certificates. Regards Anoop ** DISCLAIMER ** Information contained and transmitted by this E-MAIL is proprietary to Sify Limited and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If this is a forwarded message, the content of this E-MAIL may not have been sent with the authority of the Company. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the named recipient, you are notified that any use, distribution, transmission, printing, copying or dissemination of this information in any way or in any manner is strictly prohibited. If you have received this communication in error, please delete this mail & notify us immediately at [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: log file for free radius 1.1.6 eap-tls authentication
1. RE: Gigaword support ([EMAIL PROTECTED]) 2. Re : Multiple server certificates in EAP-TLS or EAP-TTLS (Eshun Benjamin) 3. Re: log file for free radius 1.1.6 eap-tls authentication ([EMAIL PROTECTED]) 4. problem in autehtication with EAP-MD5 (shantanu choudhary) Hi 2 I am getting the following message in log first it satatrts (radiud -X) [EMAIL PROTECTED] radius]# cat radius.log Wed May 30 11:24:14 2007 : Info: Using deprecated naslist file. Support for this will go away soon. Wed May 30 11:24:14 2007 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Wed May 30 11:24:14 2007 : Info: rlm_eap_tls: Loading the certificate file as a chain Wed May 30 11:24:14 2007 : Info: Ready to process requests. But if again start the server no logs and nothing other than this is coming in the log. regarding users file in navisradius i uesd to do that in EAP_TLS thats why i asked. Regards Anoop -- > > Message: 5 > Date: Tue, 29 May 2007 09:42:52 +0100 > From: <[EMAIL PROTECTED]> > Subject: Re: log file for free radius 1.1.6 eap-tls authentication > To: \"FreeRadius users mailing list\" > > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=ISO-8859-2 > > 1. That\'s not how certificates work. You add those that you want to > PREVENT from connecting (for whatever reason) to Certificate Revocation > List (CRL). You suposedly do have control over who are certificates > issued to. If you have no control over CA then you shouldn\'t be using > them. > > 2. Is anything (reading config files etc.) written to the log when you > restart the server? > > Ivan Kalik > Kalik Informatika ISP > > > Dana 29/5/2007, \"[EMAIL PROTECTED]" <[EMAIL PROTECTED]> pi?e: > > >Hi > > 1 I know its eap-tls and certificate based. > >Earlier i was using Navis radius .In that for eap-tls we have to add > certificate name to a specific user file. > > Like that here also user file is there can i make use of the user > file so that only that user get authenticated, > > > > 2 Logs are not happening.In config changes required to get the same? > >Regards > >Anoop > > > >> > >> > >> Message: 2 > >> Date: Mon, 28 May 2007 15:07:06 +0100 > >> From: <[EMAIL PROTECTED]> > >> Subject: Re: log file for free radius 1.1.6 eap-tls authentication > >> To: \"FreeRadius users mailing list\" > >> > >> Message-ID: <[EMAIL PROTECTED]> > >> Content-Type: text/plain; charset=ISO-8859-2 > >> > >> This is EAP-TLS. This user has a valid user certificate and is > >> accepted. > >> If you don\'t want to go via certificates but use user/password, use > >> EAP-TTLS with MS-CHAPv2 (or PAP or any other auth protocol). > >> > >> Ivan Kalik > >> Kalik Informatika ISP -- Message: 4 Date: Wed, 30 May 2007 09:23:21 +0100 (BST) From: shantanu choudhary <[EMAIL PROTECTED]> Subject: problem in autehtication with EAP-MD5 To: freeradius-users@lists.freeradius.org Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" hi all, i am trying to get autheticated by radius server using EAP-MD5 but i always get FAILURE and i m not able to figure out the problem, can anyone help me out! my client side shows out put like this:- EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=17): 01 00 00 0d 02 00 00 0d 01 74 65 73 74 75 73 65 72 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=26): 01 00 00 16 01 01 00 16 04 10 e5 b2 63 cb 4e 4f e7 d1 b1 4f 30 95 6c 21 cd a9 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected CTRL_IFACE monitor send - hexdump(len=22): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 31 36 32 37 35 2d 31 00 EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): e5 b2 63 cb 4e 4f e7 d1 b1 4f 30 95 6c 21 cd a9 EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): 4a f8 0b fc 31 7e 27 47 ac 95 4c 77 56 30 bf c6 EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=26): 01 00 00 16 02 01 00 16 04 10 4a f8 0b fc 31 7e 27 47 ac 95 4c 77 56 30 bf c6 EAPOL: SUPP_BE entering state RECEIVE RX ctrl_iface -
log file for free radius 1.1.6 eap-tls authentication
Hi I am using free raidus 1.1.6 with eap-tls authentication.The whole set up is working fine. But i am not getting any logs .like user login ok..login filef etc Pls giude me How will i get logs and wat configurtion i need to do in the configuration files. Regards Anoop ** DISCLAIMER ** Information contained and transmitted by this E-MAIL is proprietary to Sify Limited and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If this is a forwarded message, the content of this E-MAIL may not have been sent with the authority of the Company. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the named recipient, you are notified that any use, distribution, transmission, printing, copying or dissemination of this information in any way or in any manner is strictly prohibited. If you have received this communication in error, please delete this mail & notify us immediately at [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html