Support for WiMAX VSA
Hi All, Is the patch file WiMAX VSA support uploaded in FreeRadius? If Yes, How can I get the file? Thanks Regards, Govardahna K N On 7/19/07, Alan DeKok [EMAIL PROTECTED] wrote: Nitin Naveen wrote: Hi I am Nitin Naveen working with HUGHES SYSTIQUE. We have been working to enhance freeradius to support WiMAX VSA (as per WiMAX NWG forum). WiMAX VSA are not the typical type-length-value rather they have type-length-controlinfo-value. Yes.. We have enhanced the dictionary but we were not able to generate the attributes as per the WiMAX NWG format. For now we have developed our own rlm_hsc_wimax module. We like to contribute to freeradius so that the WiMAX VSA are supported as part of the standard distribution. To this end we can share our code. But before that we would like to follow the correct procedure for releasing the code. Submit a feature request on bugs.freeradius.org. Add the patch as an attachment. Make sure that the code has the GPL license in it. The FreeRADIUS code currently does this. Copyright can remain with you. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- With Regards, Govardhana K N - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help: Adding WiMAX VSA support
Hi, I am using WiMAX supported client, so the attribute format for WiMAX is like Attribute-Type, Length, CONTINUATION, and Value. How can I modify the server to send the attributes in this format? Thanks Regards, Govardhana K N -- With Regards, Govardhana K N - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help: Adding WiMAX VSA support
Thanks Alan, I am working on it. Also some attributes also has sub TLV's how can I add them? Do I have to change any structures? Thanks Regards, Govardhana K N On 7/25/07, Alan DeKok [EMAIL PROTECTED] wrote: Govardhana K N wrote: Hi, I am using WiMAX supported client, so the attribute format for WiMAX is like Attribute-Type, Length, CONTINUATION, and Value. How can I modify the server to send the attributes in this format? Edit src/lib/radius.c. That's the code that does packing / unpacking of all RADIUS attributes. The continuation field will cause additional complications. The TLV's inside of TLV's will also cause additional complications. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- With Regards, Govardhana K N - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help: How to configure attribute based on Access-Challenge in Server?
Hi, Can we configure the attributes based on Access-Code(Access-Challenge/Access-Accept)? i.e If I want to send the Reply-Message only in Access-Challenge but not in Access-Accept, How can I do that? -- With Regards, Govardhana K N - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help: Configuration Doubt in Free Radius Server 1.1.3
Hi All, I have some configuartion doubts in Free Radius, Can anybody help me. 1. How can I configure the server to send more than one Access-Challenge? 2. How can I configure the server to include attributes in Access-Challenge? such that the Attribute-Value pairs in Access-Challenge and Access-Accept should be different. -- With Regards, Govardhana K N - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help(1.1.3): How to enable EAP-TTLS?
Hi, I was able to enable EAP-TTLS in eap.conf file. After sending an Access-Request with EAP-Identity response, using radeapaclient, an Access-Challenge (with EAP-Type = 21) was received from the server. Immediately after receivng the challenge the client is terminating. What configuration should be done so that client (radeapclient) responds to the challenge properly? -- With Regards, Govardhana K N - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help(1.1.3): Access-Reject is sent by server for EAP-MD5 challenge response
modcall[authorize]: module files returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/md5 rlm_eap: processing type md5 rlm_eap_md5: User-Password is required for EAP-MD5 authentication rlm_eap: Handler failed in EAP/md5 rlm_eap: Failed in EAP select modcall[authenticate]: module eap returns invalid for request 1 modcall: leaving group authenticate (returns invalid) for request 1 auth: Failed to validate the user. Login incorrect: [jrc] (from client localhost port 20 cli 1:1:1:1:1:1) Delaying request 1 for 1 seconds Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 127.0.0.1:32825, id=178, length=182 Sending Access-Reject of id 178 to 127.0.0.1 port 32825 EAP-Message = 0x04d30004 Message-Authenticator = 0x --- Walking the entire request list --- Waking up in 3 seconds... -- With Regards, Govardhana K N - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help(1.1.3): Access-Reject is sent by server for EAP-MD5 challengeresponse
Thanks for the help Stefan. On 7/19/07, Stefan Winter [EMAIL PROTECTED] wrote: I am trying to send an Access-Request with EAP-Identity response. The Request was successful and Server sent an Access-Challenge in response (MD5 challenge), the response to this challenge is failing (receiving Access-Reject from Server), the Error message was rlm_eap_md5: User-Password is required for EAP-MD5 authentication. I have the User-Password attribute in Access-Request. Below is the Access-Request packet attributes, You don't quite understand how EAP-MD5 works. There is not supposed to be a User-Password in the request - instead, a response to the MD5-Challenge the server sent out earlier. The *server* needs to know the user's password to verify this response. So putting the attribute User-Password in the request won't gain you anything, other than violating RFCs. The server will not look there. With EAP-MD5, the user's password is *never* on the wire. You want to configure the user's password in the server, for example in the users file. In 1.16 and later, you will want to use the name Cleartext-Password instead of User-Password for that - it reduces confusion. Stefan -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- With Regards, Govardhana K N - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem in EAP-TLS Authentication
: delimiter = @ realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = /etc/freeradius/users files: acctusersfile = /etc/freeradius/acct_users files: preproxy_usersfile = /etc/freeradius/preproxy_users files: compat = no Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = /var/log/freeradius/radutmp radutmp: username = %{User-Name} radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication 127.0.0.1:1812 Listening on accounting 127.0.0.1:1813 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:32823, id=217, length=95 User-Name = jrc NAS-Identifier = jrcnas NAS-Port-Type = Ethernet CUI = 0 Service-Type = Framed-User Framed-MTU = 1400 Calling-Station-Id = 1:1:1:1:1:1 Message-Authenticator = 0x2568987af6f31763f9199f8067fafee1 EAP-Message = 0x02d20008016a7263 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 Segmentation fault cheux301:/etc/freeradius# - -- Thanks Regards, Govardhana K N - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help: Does FreeRadius 1.1.3 support any encryption algorithm specified in RFC 2868.
Alan, Thanks for the help. I have got how to configure the ecnryption support. I need one more help, I tried to include microsoft attributes (MS-MPPE-Send-Key, MS-MPPE-Recv-Key) for which the encryption type is already set to 2, but the attribute values are not getting encrypted in Access-Accept? how can i slove this problem? Thanks Regards, Govardhana K N On 7/16/07, Alan DeKok [EMAIL PROTECTED] wrote: Govardhana K N wrote: Is the support for this encryption is already present in FreeRadius 1.1.3? If yes, How can I add attibutes to use that encryption algorithm? $ man dictionary Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- With Regards, Govardhana K N - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help: Does FreeRadius 1.1.3 support any encryption algorithm specified in RFC 2868.
DHCP-RK = jrcdhcprk DHCP-RK-KEY-ID = jrcdhcpkey DHCP-RK-LIFETIME = 20 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 173 with timestamp 469b7797 Nothing to do. Sleeping until we see a request. -- As I am new to Radius, based on the study I configured these parameters. Is there any thing else need to be configured? I also made sure that the option encrypt=2 is present for Microsoft keys. After studying man page for dictionary. I configured some attributes (MN-HA-MIP4-KEY, MN-HA-MIP4-SPI) with encrypt=2 option in the corresponding dictionary file (dictinary.wimax). these attributes are getting encrypted as you can see in debug log, but Microsoft keys are still not encrypted. Thanks Regards, Govardhana K N On 7/16/07, Alan DeKok [EMAIL PROTECTED] wrote: Govardhana K N wrote: I need one more help, I tried to include microsoft attributes (MS-MPPE-Send-Key, MS-MPPE-Recv-Key) for which the encryption type is already set to 2, but the attribute values are not getting encrypted in Access-Accept? how can i slove this problem? Post the debug log, as suggested in the FAQ, README, INSTALL, and many other places. Are you *sure* the attributes are not being encrypted? Or maybe it's just you're not familiar with the process? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- With Regards, Govardhana K N - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to configure EAP Identity in 1.1.3
. rad_recv: Access-Request packet from host 127.0.0.1:32813, id=179, length=95 User-Name = jrc NAS-Identifier = jrcnas NAS-Port-Type = Ethernet CUI = 0 Service-Type = Framed-User Framed-MTU = 1400 Calling-Station-Id = 1:1:1:1:1:1 EAP-Message = 0x0118016a7263 Message-Authenticator = 0x64c5851b699cd2c027877bbb94fe7f8b Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: No '@' in User-Name = jrc, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 0 rlm_eap: EAP packet type request id 16 length 8 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 0 users: Matched entry DEFAULT at line 152 users: Matched entry jrc at line 178 modcall[authorize]: module files returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: Identity Unknown, authentication failed rlm_eap: Failed in handler modcall[authenticate]: module eap returns invalid for request 0 modcall: leaving group authenticate (returns invalid) for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 179 to 127.0.0.1 port 32813 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 179 with timestamp 469b9233 Nothing to do. Sleeping until we see a request. debug log from Client: - cheux301:/home/govardhana# radeapclient -x localhost auth jrcsecret access-request +++ About to send encoded packet: User-Name = jrc NAS-Identifier = jrcnas NAS-Port-Type = Ethernet CUI = 0 Service-Type = Framed-User Framed-MTU = 1400 Calling-Station-Id = 1:1:1:1:1:1 EAP-Message = 0x0118016a7263 Message-Authenticator = 0x00 Sending Access-Request of id 179 to 127.0.0.1 port 1812 User-Name = jrc NAS-Identifier = jrcnas NAS-Port-Type = Ethernet CUI = 0 Service-Type = Framed-User Framed-MTU = 1400 Calling-Station-Id = 1:1:1:1:1:1 EAP-Message = 0x0118016a7263 Message-Authenticator = 0x rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=179, length=20 rlm_eap: EAP-Message not found +++ EAP decoded packet: Thanks Regards, Govardhana K N -- With Regards, Govardhana K N - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to configure EAP Identity in 1.1.3
I changed it but the same error is still coming. On 7/16/07, Eshun Benjamin [EMAIL PROTECTED] wrote: You have misconfigured the Nas-Identifier govardhana Nas-Identifier == nas, Nas-Port-Type == 15 You haveNAS-Identifier = jrcnas == Benjamin K. Eshun - Message d'origine De : Govardhana K N [EMAIL PROTECTED] À : FreeRadius freeradius-users@lists.freeradius.org Envoyé le : Lundi, 16 Juillet 2007, 12h24mn 09s Objet : How to configure EAP Identity in 1.1.3 Hi, I was trying to configure FreeRadius server with EAP authentication. AS mentioned in eap.conf, I didn't change the Auth-Type, but I was sending a EAP message, and Message-Authenticator attributes in Access-Request. When i tried sending an Access-Request with EAP-Message, I got the following error rlm_eap: Identity Unknown, authentication failed. How to configure the Identity for EAP? debug log from server: - Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/freeradius/proxy.conf Config: including file: /etc/freeradius/clients.conf Config: including file: /etc/freeradius/snmp.conf Config: including file: /etc/freeradius/eap.conf Config: including file: /etc/freeradius/sql.conf main: prefix = /usr main: localstatedir = /var main: logdir = /var/log/freeradius main: libdir = /usr/lib/freeradius main: radacctdir = /var/log/freeradius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1812 main: allow_core_dumps = no main: log_stripped_names = yes main: log_file = /var/log/freeradius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /var/run/freeradius/freeradius.pid main: bind_address = 127.0.0.1 IP address [127.0.0.1] main: user = freerad main: group = freerad main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/sbin/checkrad main: proxy_requests = no proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded exec exec: wait = no exec: program = (null) exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null) Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = (null) mschap: ntlm_auth = (null) Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = /etc/passwd unix: shadow = /etc/shadow unix: group = /etc/group unix: radwtmp = /var/log/freeradius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = md5 eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = Password: gtc: auth_type = PAP rlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = /etc/freeradius/huntgroups preprocess: hints = /etc/freeradius/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = suffix realm: delimiter = @ realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = /etc/freeradius/users files: acctusersfile = /etc/freeradius/acct_users files: preproxy_usersfile = /etc/freeradius/preproxy_users files: compat = no Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port
Re: Help: Does FreeRadius 1.1.3 support any encryption algorithm specified in RFC 2868.
I have put the configuration details inline. I am using the Radius server for Testing purpose, I want to receive WiMAX attributes in the Access-Accept, so i have configured those in dictionary file and users file. Thanks Regards, Govardhana K N On 7/16/07, Alan DeKok [EMAIL PROTECTED] wrote: Govardhana K N wrote: 1. created and configured the vendor attributes (MN-HA-MIP4-KEY, MN-HA-MIP4-SPI) in dictionary.wimax, with option encrypt=2, the values are getting encrypted. Can you post that here? I'm not sure the server will understand the WiMAX attributes, as multiple WiMAX attributes are packed into one WiMAX VSA. [Govardhana:] I have put the configuration in dictionary.wimax ATTRIBUTE MSK5 string encrypt=2 ATTRIBUTE HA-IP-MIP4 6 string ATTRIBUTE DHCPv4-Server 8 string ATTRIBUTE MN-HA-MIP4-KEY 10 string encrypt=2 ATTRIBUTE MN-HA-MIP4-SPI 11 string encrypt=2 ATTRIBUTE DHCP-RK40 string ATTRIBUTE DHCP-RK-KEY-ID41 string ATTRIBUTE DHCP-RK-LIFETIME 42 string ... MS-MPPE-Send-Key = 0x6a72636d736b MS-MPPE-Recv-Key = 0x6a7263726563766d736b That came across just fine. MN-HA-MIP4-KEY = \225~\035\235\354\363\203\316Z\377\327\2174\360\330r\30 MN-HA-MIP4-SPI = \234V.\326\014_\363fn\253_K\355-([\326\020 That didn't. You're running a configuraton that no one has seen before. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- With Regards, Govardhana K N - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to configure EAP Identity in 1.1.3
Waking up in 6 seconds... rad_recv: Access-Request packet from host 127.0.0.1:32825, id=61, length=155 Sending Access-Reject of id 61 to 127.0.0.1 port 32825 Thanks Regards, Govardhana K N On 7/16/07, Gaonkar, Kedar [EMAIL PROTECTED] wrote: Why is the Code field of the EAP message 01? Isn't that a REQUEST message? Please correct me if I am wrong, but I thought the RADIUS server should get a Response packet with Code 2 and Type should be 1 (EAP Resp/Identity packet). May be it didnt get the Identity packet, and hence it cannot verify the Identity. Regards - Kedar Gaonkar Date: Mon, 16 Jul 2007 15:58:57 + (GMT) From: Eshun Benjamin [EMAIL PROTECTED] Subject: Re : How to configure EAP Identity in 1.1.3 To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 Check on your AP, client.conf and naslist == Benjamin K. Eshun - Message d'origine De : Govardhana K N [EMAIL PROTECTED] ? : FreeRadius users mailing list freeradius-users@lists.freeradius.org Envoy? le : Lundi, 16 Juillet 2007, 13h28mn 28s Objet : How to configure EAP Identity in 1.1.3 I changed it but the same error is still coming. On 7/16/07, Eshun Benjamin [EMAIL PROTECTED] wrote: You have misconfigured the Nas-Identifier govardhana Nas-Identifier == nas, Nas-Port-Type == 15 You haveNAS-Identifier = jrcnas == Benjamin K. Eshun - Message d'origine De : Govardhana K N [EMAIL PROTECTED] ? : FreeRadius freeradius-users@lists.freeradius.org Envoy? le : Lundi, 16 Juillet 2007, 12h24mn 09s Objet : How to configure EAP Identity in 1.1.3 Hi, I was trying to configure FreeRadius server with EAP authentication. AS mentioned in eap.conf, I didn't change the Auth-Type, but I was sending a EAP message, and Message-Authenticator attributes in Access-Request. When i tried sending an Access-Request with EAP-Message, I got the following error rlm_eap: Identity Unknown, authentication failed. How to configure the Identity for EAP? debug log from server: - Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/freeradius/proxy.conf Config: including file: /etc/freeradius/clients.conf Config: including file: /etc/freeradius/snmp.conf Config: including file: /etc/freeradius/eap.conf Config: including file: /etc/freeradius/sql.conf main: prefix = /usr main: localstatedir = /var main: logdir = /var/log/freeradius main: libdir = /usr/lib/freeradius main: radacctdir = /var/log/freeradius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1812 main: allow_core_dumps = no main: log_stripped_names = yes main: log_file = /var/log/freeradius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /var/run/freeradius/freeradius.pid main: bind_address = 127.0.0.1 IP address [127.0.0.1] main: user = freerad main: group = freerad main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/sbin/checkrad main: proxy_requests = no proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded exec exec: wait = no exec: program = (null) exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null) Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = (null) mschap: ntlm_auth = (null) Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = /etc/passwd unix: shadow = /etc/shadow unix: group = /etc/group unix: radwtmp = /var/log/freeradius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type
Re: How to configure EAP Identity in 1.1.3
If that is the case, How can I add the WiMAX support in Free Radius? What are the changes I should make in order to have WiMAX support? On 7/17/07, Alan DeKok [EMAIL PROTECTED] wrote: Govardhana K N wrote I have got an Access-Challenge response from the server, and the Access-Request sent in response to this challenge is failing (Access-Reject is sent by the server). Below i have given the debug log from the server, Are you writing a 802.1x supplicant? It looks like it. Also, note that the server does NOT support WiMAX attributes. You can create a WiMAX dictionary, but the attributes in the packet will NOT be in the WiMAX format. Also, many of the WiMAX attributes have sub-attributes, and those are definitely not supported. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- With Regards, Govardhana K N - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help: Configuring attributes in Access-Request in 1.1.3
Hi All, I am new to FreeRadius. I am using Free Radius 1.1.3. I want to configure the vendor attribtes in format as below, +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |RADIUS TYPE 26 | Length| Vendor-ID +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Vendor-ID (cont) | Vendor TYPE | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Continuation | Sub-Type | Sub-Type-Len | Sub-Type-Val | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ how can i configure this? Also i want to configure the same in Access-Accept. Can anyone guide me how to configure these. thanks in advance. -- With Regards, Govardhana K N - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help: Configuring attributes in Access-Request in 1.1.3
Ivan, Thanks for the information. As I am totaly new to FreeRadius, Can u also tell me, in which file should i update to reflect the attributes in Access-Accept. is it in sql.conf? Thanks Regards, Govardhana K N On 7/9/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Are you sure? You would need to be a vendor making equipment in order to configure new ones. If you just want to add a new vendor attribute that is not in the dictionary.vendorName in that (older) version of Freeradius you can add new attributes by editing that vendors dictionary file. Just follow the template for the existing entries. Once it is in the dictionary add that VSA to the reply items just like any other attribute and it will be passed in the Access-Accept packet. Ivan Kalik Kalik Informatika ISP Dana 9/7/2007, Govardhana K N [EMAIL PROTECTED] piše: Hi All, I am new to FreeRadius. I am using Free Radius 1.1.3. I want to configure the vendor attribtes in format as below, +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |RADIUS TYPE 26 | Length| Vendor-ID +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Vendor-ID (cont) | Vendor TYPE | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Continuation | Sub-Type | Sub-Type-Len | Sub-Type-Val | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ how can i configure this? Also i want to configure the same in Access-Accept. Can anyone guide me how to configure these. thanks in advance. -- With Regards, Govardhana K N - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- With Regards, Govardhana K N - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help: Configuring attributes in Access-Request in 1.1.3
I tried configuring the same but it there were no attributes present in Access-Accept. the command I used to create the Access-Request is given below: [EMAIL PROTECTED]:~$] radclient -x 127.0.0.1 auth testing123 user-name=govardhana user-password=govardhana nas-identifier=jrcnas nas-port-type=15 Sending Access-Request of id 219 to 127.0.0.1 port 1812 User-Name = govardhana User-Password = govardhana NAS-Identifier = jrcnas NAS-Port-Type = Ethernet rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=219, length=20 How can i configure any attribute in Access-Accept packet. Thanks Regards, Govardhana K N On 7/9/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Since you are mentioning file, not database, Ldap or such, it's users file (should be at /usr/local/etc/raddb/users). Read the examples and make something like that for your user. You will see what you should check for and what should go in the reply. Format is: user check1, check2, , checklast reply1, reply2, ... replylast All check items go in the first line, all reply items go indented one below another. Items are separated by commas, no comma after last (check/reply) item. Dana 9/7/2007, Govardhana K N [EMAIL PROTECTED] piše: Ivan, Thanks for the information. As I am totaly new to FreeRadius, Can u also tell me, in which file should i update to reflect the attributes in Access-Accept. is it in sql.conf? Thanks Regards, Govardhana K N On 7/9/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Are you sure? You would need to be a vendor making equipment in order to configure new ones. If you just want to add a new vendor attribute that is not in the dictionary.vendorName in that (older) version of Freeradius you can add new attributes by editing that vendors dictionary file. Just follow the template for the existing entries. Once it is in the dictionary add that VSA to the reply items just like any other attribute and it will be passed in the Access-Accept packet. Ivan Kalik Kalik Informatika ISP Dana 9/7/2007, Govardhana K N [EMAIL PROTECTED] pi e: Hi All, I am new to FreeRadius. I am using Free Radius 1.1.3. I want to configure the vendor attribtes in format as below, +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |RADIUS TYPE 26 | Length| Vendor-ID +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Vendor-ID (cont) | Vendor TYPE | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Continuation | Sub-Type | Sub-Type-Len | Sub-Type-Val | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ how can i configure this? Also i want to configure the same in Access-Accept. Can anyone guide me how to configure these. thanks in advance. -- With Regards, Govardhana K N - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- With Regards, Govardhana K N - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- With Regards, Govardhana K N - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How do I configure new attributes in FreeRadius 1.1.6
Hi, Can anybody please tell me how can I configure specific Radius attributes and Vendor attributes in FreeRadius 1.1.6. -- With Regards, Govardhana K N - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html