Re: issue with mysql accounting
Peap also has use_tunneled_reply. Alan DeKok. Tyvm. It is working. I'm still using old eap.conf from 2 years ago and this option was before only in TTLS section ;-) S pozdravom -- Bc. Jan 'EIS' Satko Slovak University of Agriculture network system managerTr. A. Hlinku 2 Tel: +421 37 7412 616 949 76 Nitra Slovakia - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem compiling mysql module
[freeradius-1.0.0-pre3]# ./configure --prefix=/usr/local/radius/ --with-mysql-dir=/usr/local/mysql/bin/ Try this without /bin/. --with-mysql-lib-dir=/usr/local/mysql/lib/ --with-mysql-include-dir=/usr/local/mysql/include/ I don't type any --with-mysql-* parameters and configure script automatically find my mysql_config. I have rh9.0 checking for mysql_config... (cached) no -- Bc. Jan 'EIS' Satko Slovak University of Agriculture network system managerTr. A. Hlinku 2 Tel: +421 37 7412 616 949 76 Nitra Slovakia - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: force set EAP-Type
So i make change to users. Now it is.. wds-ap Auth-Type := EAP, EAP-Type := LEAP BlahPEAP is working again.. With your setup, that should force LEAP. What version are you running? Alan DeKok. 1.0.0-pre3. -- Bc. Jan 'EIS' Satko Slovak University of Agriculture network system managerTr. A. Hlinku 2 Tel: +421 37 7412 616 949 76 Nitra Slovakia - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: force set EAP-Type
1) You're not following my directions. It doesn't matter if you're using MySQL, test it with the users file first, to be sure that it works as I described. 2) You need to read the debug output of the server. That tells you what's going on, and why. I don't think so. I already do this. I try set up files with users files. username Auth-Type: Reject It works. Reject username. username EAP-Type: LEAP Nothing happens (preffered peap still working). So i try set this with mysql insert into radgroupcheck set groupname='ap',attribute='Auth-Type',op=':=',value='Reject'; it works. group ap is rejecting insert into radgroupcheck set groupname='apcka',attribute='EAP-Type',op=':=',value='LEAP'; Nothing happens (preffered peap still working). Maybe i'm wrong but it seems to me that attribute EAP-Type is ignored or is replaced by preferred_eap_type. -- Bc. Jan 'EIS' Satko Slovak University of Agriculture network system managerTr. A. Hlinku 2 Tel: +421 37 7412 616 949 76 Nitra Slovakia - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: force set EAP-Type
Is that any way howto set EAP-Type (maybe in radgroupcheck ?) to leap for some group when default_eap_type is peap ? Sure. DEFAULT Group == foo, EAP-Type := LEAP You'll have to ensure that this is done *before* the EAP module is called. This may mean creating another instance of the files module, nad having a pre-eap-users file. I'm using mysql backend. I try insert username,groupname into usergroup table, than groupname,variable=EAP-Type with op=:= and with value=LEAP into radgroupcheck, but id didn't work. Where I'm making mistake ? -- Bc. Jan 'EIS' Satko Slovak University of Agriculture network system managerTr. A. Hlinku 2 Tel: +421 37 7412 616 949 76 Nitra Slovakia - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
force set EAP-Type
Hi. Is that any way howto set EAP-Type (maybe in radgroupcheck ?) to leap for some group when default_eap_type is peap ? Freeradius send EAP-TLS and don't have any response. modcall[authorize]: module sql returns ok for request 124 modcall: group authorize returns updated for request 124 rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 124 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module eap returns handled for request 124 modcall: group authenticate returns handled for request 124 Sending Access-Challenge of id 113 to 194.160.88.15:21648 EAP-Message = 0x010300061920 Message-Authenticator = 0x State = 0x99e497c6d3928555ad0fa2d6a6aa3762 Finished request 124 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... Thanks. -- Bc. Jan 'EIS' Satko Slovak University of Agriculture network system managerTr. A. Hlinku 2 Tel: +421 37 7412 616 949 76 Nitra Slovakia - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dynamic IP address through Cisco AP
Hi. I'm running freeradius 1.0.0-pre3 od RH9.0. I have configured freeradius (with realm and IP pool) with PEAP support on mysql backend. NAS is Cisco 1100 and client is CB21AG (Cisco) pcmcia adapter. Authorization and authentification works ok. But my problem is that my winXP didn't recieved IP address from the pool. But Freeradius send it ! rlm_ippool: Searching for an entry for nas/port: x.x.x.x/264 rlm_ippool: Allocating ip to nas/port: x.x.x.x/264 rlm_ippool: num: 1 rlm_ippool: Allocated ip x.x.x.x to client on nas x.x.x.x,port 264 modcall[post-auth]: module ip_users returns ok for request 10 modcall: group post-auth returns ok for request 10 Sending Access-Accept of id 22 to x.x.x.x:21645 MS-MPPE-Recv-Key = 0xbd26e075c1307e8cd870088a20f6ae673eaac040ec91cf18fae1106b251bc2a4 MS-MPPE-Send-Key = 0xb1f2feddb2d416232f90277a1edee44b31041b85270c15b91077e6c2a9cef1c5 EAP-Message = 0x030a0004 Message-Authenticator = 0x User-Name = jansat01 Framed-IP-Address = x.x.x.x Framed-IP-Netmask = 255.255.255.0 Finished request 10 When I shutdown the winXP client Freeradius release IP address. rlm_ippool: Searching for an entry for nas/port: x.x.x.x/264 rlm_ippool: Deallocated entry for ip/port: x.x.x.x/264 rlm_ippool: num: 0 modcall[accounting]: module ip_users returns ok for request 12 Cisco 1100 (AP) recieve RADIUS message about Framed-IP-address (debug dhcp show it). Where is the problem ? I have more APs so DHCP on each AP isn't good for me. I hoped that Freeradius IP pool solved this problem for me. Thanks. -- Bc. Jan 'EIS' Satko Slovak University of Agriculture network system managerTr. A. Hlinku 2 Tel: +421 37 7412 616 949 76 Nitra Slovakia - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: dynamic IP address through Cisco AP
You're trying to use a PPP mechanism over an ethernet media. Wireless clients use DHCP for the acquisition of IP addresses (and other parameters), not Framed-IP-Address. Remove the IP-pool info from your RADIUS server (unless you're also using dialup NASes) and put it onto a server running DHCP and all should be well :) Understood. But I want some logs of: which user get which IP address in which time. Will be this information in radius acct_log ? -- Bc. Jan 'EIS' Satko Slovak University of Agriculture network system managerTr. A. Hlinku 2 Tel: +421 37 7412 616 949 76 Nitra Slovakia - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dynamic IP address through Cisco AP
Wireless authentication CANNOT assign IP addresses. You have to use RADIUS to authenticte the wireless user, and DHCP to assign the user an IP address. So if I understand: - user wireless user authentification and client IP address are two independent problems. - RADIUS logs contain MAC address and DHCP logs contain pair of MAC address and IP address. Thanks a lot. -- Bc. Jan 'EIS' Satko Slovak University of Agriculture network system managerTr. A. Hlinku 2 Tel: +421 37 7412 616 949 76 Nitra Slovakia - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html