Re: certificates
hi, its all about being authenticated as a known part. if A knows B as a trusted part and B have issued a certificate for C then A will trust C. the server certificate is issued by the CA ( certificate authority. ) the client needs to have the certificate of the CA ( not the server certificate issued from the CA ) the mschap v2, tls,ttls, are methods of authentication(encryption). the eap-ttls doesnt requires that the client have a certificate on its own.so you need the ca certificate and the server certificate. 2009/3/23 Tomas tomas.rad...@googlemail.com Dear all, I'd appreciate if somebody could please explain me the meaning of certificates. I had a look at certs/README, but some things are still unclear. As far as I know there are 3 types of certificates on FreeRADIUS: * ROOT CA * Server * Client What is the purpose of each of them? I know that ROOT CA is required to allow EAP-TLS, PEAP or EAP-TTLS. Would not having ROOT CA imported on 802.1x supplicant mean that EAP will be just EAP or PEAP etc.? What does ROOT CA do? What is the purpose of server certificate? How is that linked with MSCHAP v2? I remember I could not authenticate xp host with users file without generating certificates first. And lastly Client certificate, would I need to install this on a client PC, what do I get with that? What are the benefits of using certificates? Thanks very much for your help. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: certificates
an overview you can read is located at http://wildbill.nulldevice.net/presentations/sslpreso/ 2009/3/23 orion meshkr...@gmail.com hi, its all about being authenticated as a known part. if A knows B as a trusted part and B have issued a certificate for C then A will trust C. the server certificate is issued by the CA ( certificate authority. ) the client needs to have the certificate of the CA ( not the server certificate issued from the CA ) the mschap v2, tls,ttls, are methods of authentication(encryption). the eap-ttls doesnt requires that the client have a certificate on its own.so you need the ca certificate and the server certificate. 2009/3/23 Tomas tomas.rad...@googlemail.com Dear all, I'd appreciate if somebody could please explain me the meaning of certificates. I had a look at certs/README, but some things are still unclear. As far as I know there are 3 types of certificates on FreeRADIUS: * ROOT CA * Server * Client What is the purpose of each of them? I know that ROOT CA is required to allow EAP-TLS, PEAP or EAP-TTLS. Would not having ROOT CA imported on 802.1x supplicant mean that EAP will be just EAP or PEAP etc.? What does ROOT CA do? What is the purpose of server certificate? How is that linked with MSCHAP v2? I remember I could not authenticate xp host with users file without generating certificates first. And lastly Client certificate, would I need to install this on a client PC, what do I get with that? What are the benefits of using certificates? Thanks very much for your help. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Bandwidth limit
hi, if you want to limit the upload/download speed then you must have an entry on radreply/radgroupreply insert into radreply values('','USERNAME','Mikrotik-Rate-Limit',':=','256K/512K'); in this case the upload is 256Kbps and download is 512Kbps keep in mind that the same USERNAME must be in the radcheck insert into radcheck values('','USERNAME','Cleartext-Password',':=','password1234'); 2009/3/19 t...@kalik.net Thanks Ivan, Actually I've installed Mikrotik Router OS in single pc and Freeradius + Mysql server in other. I want to shape the client bandwidth with mysql database. If you have any idea then please send me. Vendor attributes are just like any other - you put them in radreply or radgroupreply. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and mikrotik auth problem pppoe error 691
i had the same problem when i wanted to authenticate the hotspot`s user with freeradius. the solution was to make a static mapping on IP - HOTSPOT - IP BINDINGS MAC address : THE MAC OF THE SERVER ADDRESS : THE IP ADDRESS OF THE SERVER TO ADDRESS : THE SAME AS ABOVE SERVER : ALL TYPE : REGULAR or BYPASSED and than it worked. it was related since the hotspot connections are passed to the mikrotik`s webproxy ( capture portal/page ) 2009/3/19 Fajar A. Nugraha fa...@fajar.net 2009/3/19 Lazar Cherveniakov laz...@mail.bg: Everything looks fine in IP addresses, but the problem is still the same. Looks like you got exactly the problem I described. See here : Mikrotik debug log 01:33:40 radius,debug sending 53:02 to 192.168.200.2:1812 Mikrotik thinks radius IP is 192.168.200.2 radius server ip`s # ifconfig eth0 Link encap:Ethernet HWaddr 00:19:66:4E:F4:E8 inet addr:192.168.200.3 Bcast:192.168.200.255 Mask:255.255.255.0 eth0:1Link encap:Ethernet HWaddr 00:19:66:4E:F4:E8 inet addr:192.168.200.2 Bcast:192.168.200.255 Mask:255.255.255.0 ... while that IP is secondary IP on the radius server. Do a tcpdump on radius and you should see that radius replies comes from 192.168.200.3 (which mikrotik discards, because it's not the IP it sends the request to). There are several ways to fix this (one of them involves recompiling freeradius with --with-udpfromto, see http://wiki.freeradius.org/index.php/FAQ#Why_does_the_NAS_ignore_the_RADIUS_server.27s_reply.3F ), but the easiest way is simply change mikrotik's config to use 192.168.200.3 as radius IP address. Regards, Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radmanager
hi there here is a link for radmanager http://www.dmasoftlab.com/cont/home anyway its not free and i cant see a link for a demo/trial version 2009/2/3 Gunza gunza_...@yahoo.com Anybody have Radius Manager copy of download link. If you have please send me. Thanks, Gunza --- On *Mon, 2/2/09, Mike Strider mstri...@atmc.net* wrote: From: Mike Strider mstri...@atmc.net Subject: radmanager To: 'FreeRadius users mailing list' freeradius-users@lists.freeradius.org Date: Monday, February 2, 2009, 11:30 AM Orion, do you have a link to radmanager? Thanks .. Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius web managment
for me daloradius , if you can spend some monety you may go with radmanager ( ~ 99eur ) 2009/2/2 Mr Little Crazzy litlle_cra...@hotmail.com Someone has installed dialup admin or daloradius ?? I have installed diaul up admin , but my problem is that not list the user conecct. Which is the best ?? and someone has an install guide for install each of one -- ¡Tienes 25 GB gratis para usar en Fotos de Windows Live! Estas vacaciones diviértete sacando fotos. http://photos.live.com/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.1.1 has been released
tried to install the 2.1.1 on debian etch changing/without changing the debian/patches/01-radiusd-to-freeradius.dpatch -#user = nobody -#group = nobody to -#user = radius -#group = radius and then fakeroot dpkg-buildpackage -b -uc but still the error occur Error applying patch 01-radiusd-to-freeradius to ./ ... failed. make: *** [patch-stamp] Error 1 2008/9/25 Alan DeKok [EMAIL PROTECTED]: Dario Palmisano wrote: I downloaded the 2.1.1 just released and after few (name) changes to the package, I tried to produce the corresponding rpm on a system running Red Hat Enterprise Linux Server v., but the compilation stopped with the following lines. You're building it on a system that has *both* 32-bit and 64-bit libraries. You will need to find out how to make your system link to the appropriate libraries. Or, just delete the references to readline from Make.inc src/include/autoconf.h. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.1.1 has been released
isnt there a way to fix it ? :) 2008/9/25 Alan DeKok [EMAIL PROTECTED]: orion wrote: and then fakeroot dpkg-buildpackage -b -uc but still the error occur Then delete the patch. Or, wait for an official debian release. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.1.1 has been released
about the official debian release they are far behind ( security , testing proccess ) 2008/9/25 orion [EMAIL PROTECTED]: isnt there a way to fix it ? :) 2008/9/25 Alan DeKok [EMAIL PROTECTED]: orion wrote: and then fakeroot dpkg-buildpackage -b -uc but still the error occur Then delete the patch. Or, wait for an official debian release. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
any firewall ? try with ntradping ( free tool to test radius ) 2008/9/25 Martin Silvero [EMAIL PROTECTED]: Good morning! I am with a new problem, I feel like I'm close. My problem now is that set in a notebook the connection to authenticate with tls but not connecting, I am not showing any error, just does not connect, you run into the radius with -x and is waiting for requests. Why is this wrong? Do you ever step on someone? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.1.1 has been released
i deleted the patch 01 line from the 00 file. but freeradius doesnt starts in normal mode.no errors,no open UDP,TCP port ( netstat -ntlp and netstat -nulp dont show nothing like 1812 ,1813 ) , but in debug mode it`s ok. 2008/9/25 Alan DeKok [EMAIL PROTECTED]: orion wrote: and then fakeroot dpkg-buildpackage -b -uc but still the error occur Then delete the patch. Or, wait for an official debian release. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.1.1 has been released
i`ve tried in a test environment with root uid/gid and no probs with read/write conf/log files. so it works ok in debug mode ( tested from another pc with ntradping ) . 2008/9/25 [EMAIL PROTECTED]: Hi, i deleted the patch 01 line from the 00 file. but freeradius doesnt starts in normal mode.no errors,no open UDP,TCP port ( netstat -ntlp and netstat -nulp dont show nothing like 1812 ,1813 ) , but in debug mode it`s ok. its unable to read config files or unable to write to the logfile or write the PID file etc. what does radiusd -x (small x, partial debug) say? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.1.1 has been released
the patch that rgreiner supplied worked , so i dont have that installation anymore and cannot test for the -x. 2008/9/25 [EMAIL PROTECTED]: Hi, i`ve tried in a test environment with root uid/gid and no probs with read/write conf/log files. so it works ok in debug mode ( tested from another pc with ntradping ) . yes, i dont care about successful test with root in a test environment - what fails in the real environment? eg what UID/GID do you usually use? once again, what happens when you run 'radiusd -x' of 'radiusd -f' ? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
maybe its a hotspot issue , i had one with some Mikrotik Hotspot and had to do an IP - Hotspot - IP Binding. theorically its a NAT issue 2008/9/25 [EMAIL PROTECTED]: Can you ping the radius server from the access point. This is a networking issue - nothing to do with radius. Ivan Kalik Kalik Informatika ISP Dana 25/9/2008, Martin Silvero [EMAIL PROTECTED] piše: in fact this IP (10.0.42.250) is another network which is connected to the notebook, which I have done now is to disconnect from the network and try to connect to the radius of the outcome this time is that in the radius server does not There is movement and the tool NTRadPing I get: no response from server (time out), new attemp - could not receive a response from the server the IP i add to raddb/clients.conf is the access point client = 10.0.31.40 the IP 10.0.42.250 as other networks but i disconect thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting Reporting Tools
you can use daloradius or dialupadmin wich comes with freeradius. 2008/9/3 Marinko Tarlac [EMAIL PROTECTED]: I made my own tool. Sturgis, Grant wrote: Greetings List, I am curious what people have done to report on the RADIUS accounting files. Are there packages out there that read and report on radacct files? Connections, denies attempts, etc? Thanks in advance, Grant -- Pardon this rubbish: This electronic message transmission is a PRIVATE communication which contains information which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. Please notify the sender of the delivery error by replying to this message, or notify us by telephone (877-633-2436, ext. 0), and then delete it from your system. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RADIUS Administration interface
seems a good idea. 2008/9/3 Alan DeKok [EMAIL PROTECTED]: I've added a RADIUS administration interface to the latest git tree. It's experimental (i.e. VERY), and has little authentication or authorization. It's purpose is to test the concepts, and to see if it's what users want. Server configuration: raddb/sites-available/control-socket Client: radmin You get a prompt, and not much else. Typing help gets you some information: radmin help hup [module] - sends a HUP signal to the server, or optionally to one module terminate - terminates the server, and causes it to exit show command - do sub-command of show set command - do sub-command of set You can HUP the server, ask it to stop, see the configuration of a module, show the list of loaded modules. As an interesting note, you can also *change* parts of the configuration of a running system. And then hup *just* one module, rather than the whole server. And then maybe the server crashes. :) Don't use this in production. Once it's a little more developed, we'll add features like authentication of the users on the administration interface. And command authorization. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RADIUS Administration interface
maybe you can add a debug function/sub-command so we dont have to start the server in debug mode ( freeradius -X ) but to see the debugs on console ( radmin debug server ). 2008/9/8 orion [EMAIL PROTECTED]: seems a good idea. 2008/9/3 Alan DeKok [EMAIL PROTECTED]: I've added a RADIUS administration interface to the latest git tree. It's experimental (i.e. VERY), and has little authentication or authorization. It's purpose is to test the concepts, and to see if it's what users want. Server configuration: raddb/sites-available/control-socket Client: radmin You get a prompt, and not much else. Typing help gets you some information: radmin help hup [module] - sends a HUP signal to the server, or optionally to one module terminate - terminates the server, and causes it to exit show command - do sub-command of show set command - do sub-command of set You can HUP the server, ask it to stop, see the configuration of a module, show the list of loaded modules. As an interesting note, you can also *change* parts of the configuration of a running system. And then hup *just* one module, rather than the whole server. And then maybe the server crashes. :) Don't use this in production. Once it's a little more developed, we'll add features like authentication of the users on the administration interface. And command authorization. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius Basic Authentication Problem
do not use *Auth-Type :=System,* dont use Auth-Type at all. 2008/8/22 Syed Anwarul Hasan [EMAIL PROTECTED] FreeRADIUS Version 2.0.5, for host i686-pc-linux-gnu, built on Jul 21 2008 at 15:35:42 Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including configuration file /usr/local/etc/raddb/snmp.conf including files in directory /usr/local/etc/raddb/modules/ including configuration file /usr/local/etc/raddb/modules/policy including configuration file /usr/local/etc/raddb/modules/acct_unique including configuration file /usr/local/etc/raddb/modules/unix including configuration file /usr/local/etc/raddb/modules/chap including configuration file /usr/local/etc/raddb/modules/preprocess including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/mac2vlan including configuration file /usr/local/etc/raddb/modules/mschap including configuration file /usr/local/etc/raddb/modules/ippool including configuration file /usr/local/etc/raddb/modules/files including configuration file /usr/local/etc/raddb/modules/krb5 including configuration file /usr/local/etc/raddb/modules/passwd including configuration file /usr/local/etc/raddb/modules/radutmp including configuration file /usr/local/etc/raddb/modules/attr_rewrite including configuration file /usr/local/etc/raddb/modules/echo including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/realm including configuration file /usr/local/etc/raddb/modules/pam including configuration file /usr/local/etc/raddb/modules/always including configuration file /usr/local/etc/raddb/modules/exec including configuration file /usr/local/etc/raddb/modules/logintime including configuration file /usr/local/etc/raddb/modules/sql_log including configuration file /usr/local/etc/raddb/modules/smbpasswd including configuration file /usr/local/etc/raddb/modules/sradutmp including configuration file /usr/local/etc/raddb/modules/counter including configuration file /usr/local/etc/raddb/modules/ldap including configuration file /usr/local/etc/raddb/modules/expr including configuration file /usr/local/etc/raddb/modules/attr_filter including configuration file /usr/local/etc/raddb/modules/checkval including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/detail.log including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/eap.conf including configuration file /usr/local/etc/raddb/sql.conf including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf including configuration file /usr/local/etc/raddb/sql/mysql/counter.conf including configuration file /usr/local/etc/raddb/policy.conf including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/default including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel including dictionary file /usr/local/etc/raddb/dictionary main { prefix = /usr/local localstatedir = /usr/local/var logdir = /usr/local/var/log/radius libdir = /usr/local/lib radacctdir = /usr/local/var/log/radius/radacct hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 allow_core_dumps = no pidfile = /usr/local/var/run/radiusd/radiusd.pid checkrad = /usr/local/sbin/checkrad debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } } client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = testing123 shortname = localhost nastype = other } radiusd: Loading Realms and Home Servers proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = auth secret = testing123 response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = status-server ping_check =
Re: I've started to put the book online
at least a RFC with a book. 2008/8/20 Do Nguyen Ha [EMAIL PROTECTED]: its good news for everyone who love FreeRadius :) Date: Tue, 19 Aug 2008 09:23:06 +0200 From: Alan DeKok [EMAIL PROTECTED] Subject: I've started to put the book online To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1 http://deployingradius.com/book/ Only parts of the first chapter are online. It covers the basic concepts behind RADIUS, and should hopefully address a number of common misunderstandings about how it all works. Keep checking the site. More will be coming later. Alan DeKok. -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html End of Freeradius-Users Digest, Vol 40, Issue 81 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: question
it seems to me like a certificate`s password problem. take a look at server.cnf ca.cnf and clients.cnf. or read the document that came with the package how to remove all certificates and create the 3some ( :) ) of them. 2008/8/5 Martin Silvero [EMAIL PROTECTED]: Hello my name is martin and I'm from Argentina. I'm trying to configure for use with FreeRADIUS eap + tls and ldap, but recently started doing this and I am wrong in the first configurations, what I did was set a cleinte which is a AP's and when I run radiusd-X -x strip me this mistake even if the PATH're ok. Can someone could give me a hand please? Tue Aug 5 11:00:31 2008 : Error: rlm_eap: SSL error error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt Tue Aug 5 11:00:31 2008 : Error: rlm_eap_tls: Error reading private key file /usr/local/etc/raddb/certs/ server.pem Tue Aug 5 11:00:31 2008 : Error: rlm_eap: Failed to initialize type tls Tue Aug 5 11:00:31 2008 : Error: /usr/local/etc/raddb/eap.conf[17]: Instantiation failed for module eap Tue Aug 5 11:00:31 2008 : Error: /usr/local/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module eap. Tue Aug 5 11:00:31 2008 : Error: /usr/local/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section. Tue Aug 5 11:00:31 2008 : Debug: } Tue Aug 5 11:00:31 2008 : Debug: } Tue Aug 5 11:00:31 2008 : Error: Errors initializing modules thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Server not responding to requests
take a look at client file. there you can specify which clients ( IP addresses ) are allowed . add the public ip of your outside clients/nas. 2008/8/5 Yoho, Cindy [EMAIL PROTECTED]: Hi All, I have freeradius 1.1.7 running on RHEL 5. radtest works with a local user setup, and also with authentication via Active Directory. However, anything outside the radius server host does not get a reply. I have configured a Multitech MA820 and also tried ntradping, and both get the same results - Could not receive a response from server is the message when I use ntradping, and Server did not respond in a timely manner is the response when I try to connect from the Multitech. Is there some setting I need to check to make sure external access is enabled? Thanks in advance ~ Cindy Yoho Systems Engineer United Methodist Publishing House Nashville, TN - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius resources
and we as users of freeradius waiting for that . :) 2008/6/14 Alan DeKok [EMAIL PROTECTED]: Rogelio wrote: Hi all, just started delving into RADIUS and have begun to take the plunge with FreeRADIUS. Any suggested books on the subject? I see quite a few on the subject: The O'Reilly book is good if you know absolutely nothing about RADIUS. But 1/3 is from the RFC's (paraphrased), and another 1/3 is from the FreeRADIUS documentation. The Wiley book has about 30 pages on RADIUS, the rest is about technologies that you don't use. And the RADIUS stuff is not that useful. Then, there's my book. It's at about 200 pages, and has been at that level for over a year. I'm trying to find time to either finish it, or to clean it up, and put it on the web. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS 2.0.5 Debian dpkg-buildpackage error
hi there. download freeradius as a non-root user. untar the archive. chmod +x -R the untared folder cd to the folder issue dpkg-buildpackage -b -uc as a non-root user. then su and install the deb packages created one directory up. 2008/6/13 Giovanni Lovato [EMAIL PROTECTED]: # dpkg-buildpackage -b -uc dpkg-buildpackage: source package is freeradius dpkg-buildpackage: source version is 2.0.5-0 dpkg-buildpackage: source changed by Alan DeKok [EMAIL PROTECTED] dpkg-buildpackage: host architecture i386 dpkg-buildpackage: source version without epoch 2.0.5-0 debian/rules clean dpatch deapply-all 02-dialupadmin-help not applied to ./ . 01-radiusd-to-freeradius not applied to ./ . rm -rf patch-stamp patch-stampT debian/patched dh_testdir dh_clean rm -f build-arch-stamp build-indep-stamp libltdl/stamp-h1 rm -f install-arch-stamp install-indep-stamp configure-stamp [ -f Make.inc ] make distclean || true # The make clean forgets to remove this build directory [ -d src/modules/lib ] rm -fr src/modules/lib || true # Put the original autotools files back in place [ -f config.sub.dist ] rm config.sub mv config.sub.dist config.sub || true [ -f config.guess.dist ] rm config.guess mv config.guess.dist config.guess || true debian/rules build test -d debian/patched || install -d debian/patched dpatch apply-all applying patch 01-radiusd-to-freeradius to ./ ... failed. make: *** [patch-stamp] Error 1 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: simple web interface
vittore zen. daloradius is ok for your needs. search for it at sourceforge . 2008/6/3 Sascha Kiefer [EMAIL PROTECTED]: I use daloradius But it sucks also. Looks nicer and a little bit easier to use. I'm working on my own ... Regards, Sascha -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Vittore Zen Sent: Dienstag, 3. Juni 2008 14:26 To: freeradius-users@lists.freeradius.org Subject: simple web interface Hi, anyone have a simple php web mysql users interface? More more more simple that dialup admin. The manager will do: 1. insert/modify a user account 2. give a password 3. setup start-end life (time) of account 4. setup a detail (name) Any? v. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Saludos lista
buscar google. 2008/6/2 Yurkis Isaac Ortiz (R) [EMAIL PROTECTED]: Saludos lista. Soy nuevo y necesito saber configurar mi freeradius quiero usar freeradius+portslave+ppp Estoy usando debian etch - Yurkis Isaac Ortiz (R) Administrador de Red Oficina Territorial de Normalización Stgo de Cuba e_mail: [EMAIL PROTECTED] Linux User: 446188 Tel: 641406, 642008, 642044 Ext 136 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius book
Hi alan. Whats up with your book? When will comes out?- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: trouble seting up freeradius :((
the certificate`s password in the eap.conf is wrong. On 30/01/2008, SnahaD00 [EMAIL PROTECTED] wrote: Hi, I really (desperatelly) need freeradius to work on my schools network - it's urgent. I've got server on Ubuntu 7.04. I setup freeradius accoring to some howtoos and tutorials, but with no luck. What I did was: - made deb package with tls support - installed deb freeradius package - did setup freeradius as told here http://ubuntuforums.org/showthread.php?t=478804highlight=freeradius+openssl - problems... When I issue command freeradius -x i got this: rlm_eap_tls: Loading the certificate file as a chain rlm_eap: SSL error error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt rlm_eap_tls: Error reading private key file rlm_eap: Failed to initialize type tls radiusd.conf[10]: eap: Module instantiation failed. radiusd.conf[1944] Unknown module eap. radiusd.conf[1891] Failed to parse authenticate section. Any idea ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fixed time single use logins? (mailing list submission)
you can use Max-All-Session := 3600 3600 are the seconds = 1hr. On 28/01/2008, michalp [EMAIL PROTECTED] wrote: (I apologise for duplicates) Hi, Is it possible to configure a set of temporary accounts supporting the scenario, where a user gets login, allowing him to be authorised for a fixed amount of time? I mean here of a service, (wireless access) where one buys a $5 card for 1hr of access. No matter how many times he logins to the network, he is allowed until 1 hr from first login with this particular login/password. After 1 hr he will be disconnected... Thanks, Michal -- View this message in context: http://www.nabble.com/Fixed-time-%22single-use%22-logins--%28mailing-list-submission%29-tp15131741p15131741.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: certificates in FR 2.0.1 on windows doesnt works
im using standart windows mmc. after import of the CA and Server certificates the server certificate links to the ca certificate ok CA certificate |- server certificate but when i import the client.p12 certificate the linkage is CA certificate |- server certificate |- client certificate in that moment the server part tells ( it not allow to issue certificate for others). So the server certifiace is not allowed to issue certificate ( in this case to issue the certificate for the server. ). 1)Its necessary to import the server certificate + ca certificate + client certificate ? 2)or only ca certificate + client certificate ? the second case the linkage between the ca and client doesnt exist ( as you said is the server the issuer of the client`s certificate ). On 25/01/2008, Alan DeKok [EMAIL PROTECTED] wrote: orion wrote: the import of client.p12 is ok but it doesnt have a valid link it is ca-server-client What does that mean? and the details of the server certificate tells that is not authorized to issue certificates . Where does it say that? Which certificate tool are you using to look at the certificates? the client certificates tells that is issued by the server not by the ca. Yes, that is supposed to happen. the question is : the client certificate should be issued by the server or by the ca? Server. in fact after modified the Makefile and client.cnf and re-importing them in xp then the linkage is ok. ( ca-client ) That's not how it's supposed to work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: certificates in FR 2.0.1 on windows doesnt works
its not a problem that windows says about the client certificate : the issuer of this certificate cannot be found ? can the certificate be used in this case ? On 25/01/2008, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: 2)or only ca certificate + client certificate ? the second case the linkage between the ca and client doesnt exist ( as you said is the server the issuer of the client`s certificate ). Link is not needed. Server checks the client certificate to see if it's issued by the server (certificate). Client checks server certificate to see if it's issued by a *known and trusted CA. Nothing checks client certificate against the CA. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
certificates in FR 2.0.1 on windows doesnt works
hi to all. created the certificates with the default config files in FR 2.0.1 with ./bootstrap created the client certificate with make client the import of the ca.pem and server.crt in winxp is OK. they link with each-other ok ( ca-server ) the import of client.p12 is ok but it doesnt have a valid link it is ca-server-client and the details of the server certificate tells that is not authorized to issue certificates . the client certificates tells that is issued by the server not by the ca. the question is : the client certificate should be issued by the server or by the ca? if its to be issued by the ca then the Makefile in cert dirs have to be modified. in fact after modified the Makefile and client.cnf and re-importing them in xp then the linkage is ok. ( ca-client ) is this a prob ? or what ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Novice user. Authenticate against Radius Server
wiki.freeradius.org a little bit slow actualy. On 24/01/2008, German Anguiano Bayardo [EMAIL PROTECTED] wrote: Hi guys. I'm a beginner with the Radius protocol. I've been using Linux for a while now, so I hope it doesn't take me too long to catch the idea. Sorry in advance if a make some stupid questions. Ok, here I go. I'm in a new job. My boss told me that they attempted to setup a Hotspot for free public access. But they want the users to register with us (this is a government office) for usage statistics, accounting, etc. They say the only missing part is a Radius Server where to authenticate the users. The steps are as follows: 1.- The user uses his laptop to access Internet, open the web browser and get a Welcome Page, where they have to login 2-. When they give user an password, the access point verifies it against a Radius Server, just for access statistics purposes. 3.- If it's a valid user, he/she can have access to Internet. Some sort of that is the idea. Nothing sophisticated, only that users must be registered. Can anyone point me to the right path ?? Thanks in advance... German Anguiano B. _ ¡Actúa tu película favorita y gana fabulosos premios! http://cine.prodigymsn.com/nanometraje - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Version 2.0.1 has been released.
compliments alan and guys . keep it up. On 22/01/2008, Alan T DeKok [EMAIL PROTECTED] wrote: Version 2.0.0 was released less than two weeks ago, and has proven to be very stable and bug-free. A few issues have recently been found and fixed, and unlang has has some minor changes which result in much simpler policies. As a result, we are releasing 2.0.1 today. See http://freeradius.org for the announcement and download links. Feature improvements * unlang has been expanded to do less run-time expansion, and to have better handling of typed data. See man unlang for documentation and new examples. Bug fixes * The 'acct_unique' module has been updated to understand the deprecated (but still used) Client-IP-Address attribute. * The EAP-MSCHAPv2 module no longer leaks MS-CHAP2-Success in packets. * Fixed crash in rlm_dbm. * Fixed parsing of syslog configuration. The changes in unlang simplify references to attributes, and add type-specific checking: if (Framed-IP-Address) { # was %{Framed-Ip-Address} in 2.0.0 ... # not possible in 2.0.0 if ((Framed-IP-Address 192.168.0.1) (Framed-IP-Address 192.168.0.4)) { ... # refer to VALUEs by name: if (Service-Type == Login-User) { ... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: NAS list with MySQL
the script nas.sql has the mysql table schema. the file sql.conf at the end you can see : # Set to 'yes' to read radius clients from the database ('nas' table) # Clients will ONLY be read on server startup. For performance # and security reasons, finding clients via SQL queries CANNOT # be done live while the server is running. # #readclients = yes # Table to keep radius client info nas_table = nas As you can see the default table name is nas ( can you imagine :-) ). Uncoment readclients = yes Make configuration changes at radiusd.conf and enable sql module. On 19/01/2008, Pawel Cieplinski [EMAIL PROTECTED] wrote: Hi there... i am new to free radius. I already successfully installed freeradius 1.1.7 with mysql5.1. The point is NAS's IPs and secrets are configured in clients.conf. I cannot find anything how to put those data to SQL database. Sql.conf doesn't describe any table or value for clients, can anyone give any clue how to store those data in SQL database Pawel Cieplinski - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Rlm_sql in freeradius-1.1.7
pershendetje/Hi dashamir. sorry for my english , not my mother language. i use the same scenario at our isp but we check the MAC address of the NAS where the client comes from. In mysql we have: ++--+++--+ | id | username | attribute | op | value| ++--+++--+ | 1 | orion| Calling-Station-Id | == | 001bd136e285 | | 2 | orioni | Cleartext-Password | := | test| | 3 | orioni| Simultaneous-Use | := | 2| ++--+++--+ shnet e pare / bye. On 17/01/2008, Dashamir Hoxha [EMAIL PROTECTED] wrote: Hi, Actually, what I am trying to do is this: I have several access points that have hotspot and use radius for AAA. I would like to register users in radius so that they are able to login using some of the access points, and not able to login using the others. The way that I was trying to do it is like this: Suppose that there are the access points A1, A2, A3 and the user 'test' should be able to access the internet only from A1 and A3. The data in radius that would make this scenario work, could be like this: radcheck: +--+--+--++---+ | id | UserName | Attribute| op | Value | +--+--+--++---+ | 5272 | test | User-Password| := | test | | 5262 | test | Simultaneous-Use | := | 5 | +--+--+--++---+ radreply: ++--+---++--+ | id | UserName | Attribute | op | Value| ++--+---++--+ | 42 | test | Auth-Type | := | Reject | | 43 | test | Fall-Through | := | Yes | ++--+---++--+ usergroup: +--+---+--+ | UserName | GroupName | priority | +--+---+--+ | test | A1|1 | | test | A2|1 | | test | A3|1 | +--+---+--+ radgroupcheck: ++---+++---+ | id | GroupName | Attribute | op | Value | ++---+++---+ | 42 | A1| NAS-Identifier | == | ID-A1 | | 43 | A2| NAS-Identifier | == | ID-A2 | | 44 | A2| NAS-Identifier | == | ID-A3 | ++---+++---+ radgroupreply: ++---+---+++ | id | GroupName | Attribute | op | Value | ++---+---+++ | 52 | A1| Auth-Type | := | Accept | | 53 | A1| Fall-Through | := | No | | 54 | A2| Auth-Type | := | Reject | | 55 | A2| Fall-Through | := | Yes| | 56 | A3| Auth-Type | := | Accept | | 57 | A3| Fall-Through | := | No | ++---+---+++ However, if the radius does not follow the algorithm described in http://wiki.freeradius.org/Rlm_sql, then this setup should not work. Do you have any suggestion or idea on how to make the scenario above work? Regards, Dashamir Dashamir Hoxha wrote: I have installed freeradius-1.1.7 in fedora8. However I find that the module rlm_sql does not work as described in this page: http://wiki.freeradius.org/Rlm_sql - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Rlm_sql in freeradius-1.1.7
sorry for mistakes at first example of mysql table. ( missed a 'i' and 'calling' istead of 'called' ) the correct one is this : ---++--+++--+- | id | username | attribute | op | value| ++--+++--+ | 1 | orioni| Called-Station-Id | == | 001bd136e285 | | 2 | orioni | Cleartext-Password | := | test| | 3 | orioni| Simultaneous-Use | := | 2| ++--+++--+ . you can put to record for 'Called-Station-Id' with the mac addresses of the Access Points from wich the client is allowed to login. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: alan's book, or anything new on the horizon
then dont keep it under 400. more info is better. ( and real examples too ) thanx. On 16/01/2008, Alan DeKok [EMAIL PROTECTED] wrote: orion wrote: alan , can we have the TOC of the book ? It's still in development, and I'm re-arranging it occasionally. At a high level: Introduction Concepts Participants and their roles User Devices NAS RADIUS Servers Databases AAA Overview Authentication Authorization Accounting Auditing Conversations Protocol overview Message contents Dictionaries Security Participants in more detail User devices NAS RADIUS Servers Databases Authentication The basics PAP CHAP MS-CHAP Digest Managing passwords hashes protocol compatibility EAP EAP-GTC EAP-MD5 EAP-MSCHAPv2 LEAP EAP and password storage EAP-TLS Methods EAP-TLS Microsoft Windows requirements PEAP EAP-TTLS Wireless and wired security with EAP Other authentication protocols Authorizations Principles for policy creating Logging Role-based authorization Policy maintenance Chained policies Examples Accounting Interaction with authorization Generation of data Logging of data Relaying of packets Simultaneous-Use RADIUS Server implementations ACS OAS Juniper OCS Radiator FreeRADIUS Others Recommendations - And now we get into FreeRADIUS-specific text. :) Basic deployments Installing FreeRADIUS Configuration files radiusd.conf clients.conf proxy.conf virtual servers Starting the server Debugging Tracking configuration changes Test methodology radiusd.conf Layout Processing of requests authentication accounting proxying Modules Multiple instances of a module Redundant and load-balanced modules simple flow control unlang Introduction Interaction with modules Examples clients.conf proxy.conf virtual servers users file format sample entries Dictionaries ATTRIBUTE definitions VALUE definitions VENDOR definitions Loading other dictionary files Creating a dictionary file Special considerations Debugging a deployment Tools Test methods and procedures EAP testing with eapol_test Databases LDAP Active Directory considerations SQL MySQL Postgresql Common deployment issues Windows AP implementations RADIUS Servers LDAP Servers Security Network security Physical security Configuration security Methods for policy creation RADIUS protocol reference Attributes Data types VSA's Packet types Module overview rlm_chap rlm_digest ... If you've read this far, I'm impressed. With each topic on a single line like that, it starts to look silly after a while. The intent, though, is to be the *definitive* reference for not only FreeRADIUS, but also for the protocol, and common use cases. Where other books say things like Access-Request packets contain requests for access, this one says that, and more. Like common problems people see, common mistakes vendors make, common misunderstandings and how to correct them, and how to work around various issues in practice. I'm going to try to keep it under 400 pages, but I do think there's enough material to make 400 pages. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: probs with accounting Attribute Client-IP-Address was not
after replacing the rlm_acct_unique.c my debug tells : rad_recv: Accounting-Request packet from host 192.168.2.225 port 1025, id=94, length=137 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 48 NAS-Port-Type = Ethernet User-Name = user Calling-Station-Id = 00:D0:59:D9:13:61 Called-Station-Id = service1 NAS-Port-Id = ether3 Acct-Session-Id = 8100 Framed-IP-Address = 10.254.254.254 Acct-Authentic = RADIUS Acct-Status-Type = Start NAS-Identifier = MikroTik NAS-IP-Address = 192.168.2.225 Acct-Delay-Time = 0 +- entering group preacct ++[preprocess] returns ok rlm_acct_unique: Hashing 'NAS-Port = 48,Client-IP-Address INVALID-TOKEN 192.168.2.225,NAS-IP-Address = 192.168.2.225,Acct-Session-Id = 8100,User-Name = user' now it says INVALID-TOKEN. should i replace only that file or are other files ( maybe entire package ) to be replaced ?! thanx On 12/01/2008, Alan DeKok [EMAIL PROTECTED] wrote: orion wrote: hi to all. im using FR 2.0.0 with default config. in debug mode i get *rlm_acct_unique*: *WARNING*: *Attribute* *Client *-*IP*-*Address* was not found in request, unique ID MAY be inconsistent Good point. The way that attribute is handled was changed in 2.0. I've committed a fix that should enable your existing configuration to work in 2.0. You can grab CVS head, and replace the rlm_acct_unique.c file in 2.0.0 with the version from CVS. Re-build, re-install, and it should now work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: probs with accounting Attribute Client-IP-Address was not
grabed the latest and installed. now it says rlm_acct_unique: Hashing 'NAS-Port = 9,Client-IP-Address = 192.168.2.225,NAS-IP-Address = 192.168.2.225,Acct-Session-Id = 8160,User-Name = orioni' rlm_acct_unique: Acct-Unique-Session-ID = 59cf7442060b83a6. the Client-IP-Address is the same as NAS-IP-Address. in my clients.conf i have client 192.168.2.0/24 { secret = sekret shortname = private } it this a bug or it should be like that ( Client-IP-Address same as NAS-IP-Address. ) ? On 12/01/2008, Alan DeKok [EMAIL PROTECTED] wrote: orion wrote: after replacing the rlm_acct_unique.c my debug tells : rad_recv: Accounting-Request packet from host 192.168.2.225 ...Client-IP-Address INVALID-TOKEN now it says INVALID-TOKEN. OK. Grab the latest version from CVS. I've fixed a typo. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: probs with accounting Attribute Client-IP-Address was not
here the debug rad_recv: Accounting-Request packet from host 192.168.2.225 port 1025, id=89, length=137 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 44 NAS-Port-Type = Ethernet User-Name = user Calling-Station-Id = 00:D0:59:D9:13:61 Called-Station-Id = service1 NAS-Port-Id = ether3 Acct-Session-Id = 81d1 Framed-IP-Address = 10.254.254.254 Acct-Authentic = RADIUS Acct-Status-Type = Start NAS-Identifier = MikroTik NAS-IP-Address = 192.168.2.225 Acct-Delay-Time = 0 +- entering group preacct ++[preprocess] returns ok rlm_acct_unique: WARNING: Attribute Client-IP-Address was not found in request, unique ID MAY be inconsistent rlm_acct_unique: Hashing 'NAS-Port = 44,,NAS-IP-Address = 192.168.2.225,Acct-Session-Id = 81d1,User-Name = user' rlm_acct_unique: Acct-Unique-Session-ID = 8efabb6c466d821d. On 11/01/2008, orion [EMAIL PROTECTED] wrote: hi to all. im using FR 2.0.0 with default config. in debug mode i get *rlm_acct_unique*: *WARNING*: *Attribute* *Client *-*IP*-*Address* was not found in request, unique ID MAY be inconsistent in 1.1.7 was ok. My nas is the same ( mikrotik routerboard ) with the same config that was with 1.1.7 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
probs with accounting Attribute Client-IP-Address was not
hi to all. im using FR 2.0.0 with default config. in debug mode i get *rlm_acct_unique*: *WARNING*: *Attribute* *Client*-*IP*-*Address* was not found in request, unique ID MAY be inconsistent in 1.1.7 was ok. My nas is the same ( mikrotik routerboard ) with the same config that was with 1.1.7 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: probs with accounting Attribute Client-IP-Address was not
so your saying me to put anything that is being sent on that empty slot ? On 11/01/2008, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi, FR 2.0.0 is more fussy - there is no Client-IP-Address in the accounting request. therefore it cannot use it in the hash (you will see the blank entry on the line following 44 (,,) simply change the rlm_acct_uniq has to use something that IS being sent...eg Framed-IP-Address alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Version 2.0.0 has been released
congrats guys. On 10/01/2008, Matt Garretson [EMAIL PROTECTED] wrote: Alan T DeKok wrote: January 10, 2007 - Version 2.0.0 has been released. Congratulations, and thanks for all your hard work on FreeRADIUS! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to Make Digital Certificates in Radius
Never mind. thanx anyway. On 09/01/2008, orion [EMAIL PROTECTED] wrote: isnt there a way to browse by web the cvs archives on cvs.freeradius.orgwithout opting to use the cvs build , `cause i have a working server but dont want to mess it up. after all ,all i need are the docs of the new releases. On 09/01/2008, Alan DeKok [EMAIL PROTECTED] wrote: niel m wrote: I have already read the README file under this directory ( /etc/raddb/certs ) No. I said to grab the CVS head. The NEW version of that README contains additional information. You are looking at the OLD version of that README. Following PART of the instructions will get you PART of the solution. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html