Re: (No subject)
ldconfig -v ?? alan -- Message may be brief as it has been sent from my mobile - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: WildCard/Subject Alternative Names Cert Question
Well I was pounding my head against the wall on this as I couldn't find anything meaningful in the EAP logs. I then spoke to my CA about it and they said they've seen numerous problems with Wildcard certs and RADIUS, and that they normally just give a free normal common name cert for the RADIUS server when customers have this problem, so they gave me one. Seems like Microsoft's client just doesn't like their wildcard certs. When I put the normal cert they gave me into my FreeRADIUS server, it worked fine. Thomas E. Casartello, Jr. Staff Assistant - Wireless/Linux Administrator Information Technology Wilson 105A Westfield State University -Original Message- From: freeradius-users-bounces+tcasartello=wsc.ma@lists.freeradius.org [mailto:freeradius-users-bounces+tcasartello=wsc.ma@lists.freeradius.org] On Behalf Of Casartello, Thomas Sent: Saturday, April 16, 2011 9:58 AM To: freeradius-users@lists.freeradius.org Subject: RE: WildCard/Subject Alternative Names Cert Question Ok thank you. Thomas E. Casartello, Jr. Staff Assistant - Wireless/Linux Administrator Information Technology Wilson 105A Westfield State University -Original Message- From: freeradius-users-bounces+tcasartello=wsc.ma@lists.freeradius.org [mailto:freeradius-users-bounces+tcasartello=wsc.ma@lists.freeradius.org] On Behalf Of Phil Mayers Sent: Saturday, April 16, 2011 5:36 AM To: freeradius-users@lists.freeradius.org Subject: Re: WildCard/Subject Alternative Names Cert Question On 04/16/2011 02:42 AM, Casartello, Thomas wrote: When you say client EAP tracing do you mean on the Microsoft side, or Yes is there something you can do on the freeradius side? When I lookup No eap tracing I get information about generating Microsoft EAP host tracing files, but it's an in unreadable format (.etl) that only Microsoft can decode and I can't seem to find a way to make any sense of it. Do you mean some other kind of tracing? You need to read them on a windows system, obviously. IIRC you need to use the tracerpt utility. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WildCard/Subject Alternative Names Cert Question
On 04/16/2011 02:42 AM, Casartello, Thomas wrote: When you say client EAP tracing do you mean on the Microsoft side, or Yes is there something you can do on the freeradius side? When I lookup No eap tracing I get information about generating Microsoft EAP host tracing files, but it's an in unreadable format (.etl) that only Microsoft can decode and I can't seem to find a way to make any sense of it. Do you mean some other kind of tracing? You need to read them on a windows system, obviously. IIRC you need to use the tracerpt utility. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: WildCard/Subject Alternative Names Cert Question
Ok thank you. Thomas E. Casartello, Jr. Staff Assistant - Wireless/Linux Administrator Information Technology Wilson 105A Westfield State University -Original Message- From: freeradius-users-bounces+tcasartello=wsc.ma@lists.freeradius.org [mailto:freeradius-users-bounces+tcasartello=wsc.ma@lists.freeradius.org] On Behalf Of Phil Mayers Sent: Saturday, April 16, 2011 5:36 AM To: freeradius-users@lists.freeradius.org Subject: Re: WildCard/Subject Alternative Names Cert Question On 04/16/2011 02:42 AM, Casartello, Thomas wrote: When you say client EAP tracing do you mean on the Microsoft side, or Yes is there something you can do on the freeradius side? When I lookup No eap tracing I get information about generating Microsoft EAP host tracing files, but it's an in unreadable format (.etl) that only Microsoft can decode and I can't seem to find a way to make any sense of it. Do you mean some other kind of tracing? You need to read them on a windows system, obviously. IIRC you need to use the tracerpt utility. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WildCard/Subject Alternative Names Cert Question
On 04/15/2011 08:42 PM, Casartello, Thomas wrote: whatnot.) Should this kind of a cert work, or does 802.1x/PEAP/mschapv2 not support validating by subject alternative names. This isn't really a FreeRADIUS question; it's down to the supplicant to permit or deny the cert. Anyway... Section 3.2.7.1 of MS-WSH says: If the isValidateServerNameEnabled is set to TRUE, then verify that the subject name (Section 4.1.2.6 of [RFC5280]) or subject alternative name (section 4.2.1.6 of [RFC5280]) of the server certificate exists in ServerNames. i.e. it should honour subjectAltName. But Microsoft have a habit of ignoring their own standards, so if you're sure your certificate is good, then the only way to be sure is turn on client EAP tracing and dig in the logs to see why it's being refused. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: WildCard/Subject Alternative Names Cert Question
When you say client EAP tracing do you mean on the Microsoft side, or is there something you can do on the freeradius side? When I lookup eap tracing I get information about generating Microsoft EAP host tracing files, but it's an in unreadable format (.etl) that only Microsoft can decode and I can't seem to find a way to make any sense of it. Do you mean some other kind of tracing? Thomas E. Casartello, Jr. Staff Assistant - Wireless/Linux Administrator Information Technology Wilson 105A Westfield State University -Original Message- From: freeradius-users-bounces+tcasartello=wsc.ma@lists.freeradius.org [mailto:freeradius-users-bounces+tcasartello=wsc.ma@lists.freeradius.org] On Behalf Of Phil Mayers Sent: Friday, April 15, 2011 4:14 PM To: freeradius-users@lists.freeradius.org Subject: Re: WildCard/Subject Alternative Names Cert Question On 04/15/2011 08:42 PM, Casartello, Thomas wrote: whatnot.) Should this kind of a cert work, or does 802.1x/PEAP/mschapv2 not support validating by subject alternative names. This isn't really a FreeRADIUS question; it's down to the supplicant to permit or deny the cert. Anyway... Section 3.2.7.1 of MS-WSH says: If the isValidateServerNameEnabled is set to TRUE, then verify that the subject name (Section 4.1.2.6 of [RFC5280]) or subject alternative name (section 4.2.1.6 of [RFC5280]) of the server certificate exists in ServerNames. i.e. it should honour subjectAltName. But Microsoft have a habit of ignoring their own standards, so if you're sure your certificate is good, then the only way to be sure is turn on client EAP tracing and dig in the logs to see why it's being refused. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: (no subject)
Thanks for the link Stefan. I am having a problem with our wireless clients re-authenticating (non-radius issue I believe) anywhere from a few seconds, to four minutes, to a few hours. The client is NOT moving. This is a simple design of Cisco 1231 APs and laptop/desktop clients. Strange. Also, I am under the understanding that EAP-TLS does NOT require a client side cert, and EAP-TTLS DOES require a client side cert. Is this correct or is my thinking backwards. I am only interested in a server side cert. Scott -Original Message- From: Stefan Winter [mailto:[EMAIL PROTECTED] Sent: Friday, December 01, 2006 9:54 AM To: [EMAIL PROTECTED]; FreeRadius users mailing list Subject: Re: (no subject) Hi, Are there any open source wireless clients for Windows based (2000 XP) machines, rather than using what comes with the wireless hardware? Several. My favourite is at http://www.securew2.com. . Stefan -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE : (no subject)
Also, I am under the understanding that EAP-TLS does NOT require a client side cert, and EAP-TTLS DOES require a EAP-TLS requires both server-side and client-side certs. EAP-TTLS requires only a server-side cert. The client-side authentication is performed through an inner TLS tunnel and is usually PAP (but can be any EAP method). Regards, Thibault - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RE : (no subject)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thibault Le Meur wrote: EAP-TTLS requires only a server-side cert. The client-side authentication is performed through an inner TLS tunnel and is usually PAP (but can be any EAP method). Several 801.1x/WPA clients can elect _not_ to verify the server's certificate with EAP-TTLS and EAP-PEAP. This allows Man-in-the-middle attacks. - -- == +--+ Martin Gadbois | Windows might take you from 0 to 60 faster, | S/W Developer | but to go to 100 you need Unix.| Colubris Networks Inc. +--+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFcHE79Y3/iTTCEDkRAmcaAJ4zhaOrgU2eJu+DYjxJ1LeeLj4LRgCgrHfg znf7AG/N0tZsXjiKtEM/XZ4= =Lm4S -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
From: c k To: freeradius-users@lists.freeradius.org Sent: Tuesday, August 08, 2006 6:33 AM Subject: (no subject) I m using EAP-TLS as an authentication protocol.I want to authorize the clients in my network to access only certain protocol traffics.For some users i want to allow only http,while for others http and ftp.How can i create such kind of profiles and perform access control on routers.Sorry friends i m new to radius...plz help me out. You need router that supports that kind of thing. Something like named access lists. Then you use freeradius to send access list name to router. Try to find what attributes your router can receive from radius. Try googling something like "your router name radius attributes". If not, you can use diferent pools for users that have ftp access and user that don't have ftp access. For those pools you setup diferent access lists. After that you just use freeradius to give diferent IP adresses to users that have ftp access and users that don't have ftp access. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Alvarion attributes Re: (no subject)
Alan,Thanks for the info,but can you giude me more on this this patch. i am very newbie in the linux and freebsd world. I am more of a window person. On 7/14/06, Alan DeKok [EMAIL PROTECTED] wrote: Robert Dukes [EMAIL PROTECTED] wrote: This really sucks :) We invested so much into the gear here as our project is funding by caring people. So there is no way to get this done ah Try the patch below, which should work in 1.1.x.No guarantees... it just compiles, and I haven't tested it.You'll also have to create a dictionary, but I leave that part up toyou.Alan DeKok. Index: src/include/libradius.h===RCS file: /source/radiusd/src/include/libradius.h,vretrieving revision 1.76.2.2.2.9diff -u -r1.76.2.2.2.9 libradius.h--- src/include/libradius.h 15 Jun 2006 21:47:14 -1.76.2.2.2.9+++ src/include/libradius.h 13 Jul 2006 21:22:18 -@@ -65,12 +65,13 @@ #define CHAP_VALUE_LENGTH 16 #define MAX_STRING_LEN 254 /* RFC2138: string 0-253 octets */ +#define VENDOR(x)((x 16) 0x)+ #ifdef _LIBRADIUS #define AUTH_HDR_LEN 20 #define VENDORPEC_USR429 #define VENDORPEC_LUCENT 4846 #define VENDORPEC_STARENT8164-#define VENDOR(x)((x 16) 0x) #define DEBUGif (librad_debug) printf #define debug_pair(vp) do { if (librad_debug) { \ putchar('\t'); \Index: src/modules/rlm_preprocess/rlm_preprocess.c===RCS file: /source/radiusd/src/modules/rlm_preprocess/rlm_preprocess.c,v retrieving revision 1.52.2.1.2.1diff -u -r1.52.2.1.2.1 rlm_preprocess.c--- src/modules/rlm_preprocess/rlm_preprocess.c 5 May 2006 17:31:53 - 1.52.2.1.2.1+++ src/modules/rlm_preprocess/rlm_preprocess.c 13 Jul 2006 21:22:18 - @@ -48,6 +48,7 @@int with_ntdomain_hack;int with_specialix_jetstream_hack;int with_cisco_vsa_hack;+ int with_alvarion_vsa_hack; } rlm_preprocess_t; static CONF_PARSER module_config[] = {@@ -69,6 +70,8 @@no },{ with_cisco_vsa_hack,PW_TYPE_BOOLEAN,offsetof(rlm_preprocess_t,with_cisco_vsa_hack), NULL, no }, + { with_alvarion_vsa_hack,PW_TYPE_BOOLEAN,+ offsetof(rlm_preprocess_t,with_alvarion_vsa_hack), NULL, no },{ NULL, -1, 0, NULL, NULL } };@@ -115,7 +118,7 @@ charnewattr[MAX_STRING_LEN];for ( ; vp != NULL; vp = vp-next) {- vendorcode = (vp-attribute 16); /* HACK! */+ vendorcode = VENDOR(vp-attribute); if (!((vendorcode == 9) || (vendorcode == 6618))) continue; /* not a Cisco or Quintum VSA, continue */if (vp-type != PW_TYPE_STRING) continue;@@ -170,6 +173,26 @@} }++/*+ * Don't even ask what this is doing...+ */+static void alvarion_vsa_hack(VALUE_PAIR *vp)+{+ int vendorcode;+ int number = 1;+ + for ( ; vp != NULL; vp = vp-next) {+ vendorcode = VENDOR(vp-attribute);+ if (vendorcode != 12394) continue;+ if (vp-type != PW_TYPE_STRING) continue; ++ vp-attribute = number | (12394 16);+ snprintf(vp-name, sizeof(vp-name),+Breezecom-Attr%d, number++);+ } +}+ /** Mangle username if needed, IN PLACE.*/@@ -515,6 +538,14 @@cisco_vsa_hack(request-packet-vps);}+ if (data-with_alvarion_vsa_hack) { + /*+*We need to run this hack because the Alvarion+*people are crazy.+*/+ alvarion_vsa_hack(request-packet-vps); + }+/* *Note that we add the Request-Src-IP-Address to the request *structure BEFORE checking huntgroup access.This allows-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-- Robert Dukes - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
Robert Dukes [EMAIL PROTECTED] wrote: Has anyone used Freeradius with Alvarion Breezeaccess to do accounting ? I am having a big issue get the the radius to understand the rodios Attribs. Could you be more specific? I have a problem, how do I fix it? doesn't let anyone help you. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
Sorry, Ok I use Alvarion Su radios that has radius accountingoption.buttheradiossendsomeVSAthatisnotreconizableintheradius. Breezenet/Breezecom/Alvarion VSA's. These NASs sendEthernet port data in VSAs (up to 11 per accounting request) but unfortunately dont use the same attribute numbers each time. Instead,the attribute number increments each time, then wraps at 256. Radiatorautomatically maps the fist one in a packet to Breezecom-Attr1, the second to Breezecom-Attr2 etc through to Breezecom-Attr11.I can send a dump log if you wantOn 7/13/06, Alan DeKok [EMAIL PROTECTED] wrote: Robert Dukes [EMAIL PROTECTED] wrote: Has anyone used Freeradius with Alvarion Breezeaccess to do accounting ? I am having a big issue get the the radius to understand the rodios Attribs.Could you be more specific?I have a problem, how do I fix it?doesn't let anyone help you.Alan DeKok. -List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-- Robert Dukes - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
How about adding a dictionary will all 256 numbers? - Original Message - From: Robert Dukes To: FreeRadius users mailing list Sent: Thursday, July 13, 2006 9:26 PM Subject: Re: (no subject) Sorry, Ok I use Alvarion Su radios that has radius accounting option. but the radios send some VSA that is not reconizable in the radius. Breezenet/Breezecom/Alvarion VSA's. These NASs send Ethernet port data in VSAs (up to 11 per accounting request) but unfortunately dont use the same attribute numbers each time. Instead, the attribute number increments each time, then wraps at 256. Radiator automatically maps the fist one in a packet to Breezecom-Attr1, the second to Breezecom-Attr2 etc through to Breezecom-Attr11. I can send a dump log if you want - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Alvarion attributes Re: (no subject)
This really sucks :) We invested so much into the gear here as our project is funding by caring people. So there is no way to get this done ah On 7/14/06, Alan DeKok [EMAIL PROTECTED] wrote: Robert Dukes [EMAIL PROTECTED] wrote: Breezenet/Breezecom/Alvarion VSA's. These NASs send Ethernet port data in VSAs (up to 11 per accounting request) but unfortunately dont use the same attribute numbers each time. Instead, the attribute number increments each time, then wraps at 256. Radiator automatically maps the fist one in a packet to Breezecom-Attr1, the second to Breezecom-Attr2 etc through to Breezecom-Attr11.Ah.*That* vendor.My suggestion is to throw away their equipmentand buy equipment that works.Barring that, file a bug with them, and tell them their product is retarded.If you *have* to use their equipment, write a module to do thatre-mapping.It should be 30-40 lines of Perl, or about 200 lines of C.Alan DeKok.-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-- Robert Dukes - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Alvarion attributes Re: (no subject)
Robert Dukes [EMAIL PROTECTED] wrote: This really sucks :) We invested so much into the gear here as our project is funding by caring people. So there is no way to get this done ah Try the patch below, which should work in 1.1.x. No guarantees... it just compiles, and I haven't tested it. You'll also have to create a dictionary, but I leave that part up to you. Alan DeKok. Index: src/include/libradius.h === RCS file: /source/radiusd/src/include/libradius.h,v retrieving revision 1.76.2.2.2.9 diff -u -r1.76.2.2.2.9 libradius.h --- src/include/libradius.h 15 Jun 2006 21:47:14 - 1.76.2.2.2.9 +++ src/include/libradius.h 13 Jul 2006 21:22:18 - @@ -65,12 +65,13 @@ #define CHAP_VALUE_LENGTH 16 #define MAX_STRING_LEN 254 /* RFC2138: string 0-253 octets */ +# define VENDOR(x)((x 16) 0x) + #ifdef _LIBRADIUS # define AUTH_HDR_LEN 20 # define VENDORPEC_USR429 #define VENDORPEC_LUCENT 4846 #define VENDORPEC_STARENT 8164 -# define VENDOR(x)((x 16) 0x) # define DEBUGif (librad_debug) printf # define debug_pair(vp) do { if (librad_debug) { \ putchar('\t'); \ Index: src/modules/rlm_preprocess/rlm_preprocess.c === RCS file: /source/radiusd/src/modules/rlm_preprocess/rlm_preprocess.c,v retrieving revision 1.52.2.1.2.1 diff -u -r1.52.2.1.2.1 rlm_preprocess.c --- src/modules/rlm_preprocess/rlm_preprocess.c 5 May 2006 17:31:53 - 1.52.2.1.2.1 +++ src/modules/rlm_preprocess/rlm_preprocess.c 13 Jul 2006 21:22:18 - @@ -48,6 +48,7 @@ int with_ntdomain_hack; int with_specialix_jetstream_hack; int with_cisco_vsa_hack; + int with_alvarion_vsa_hack; } rlm_preprocess_t; static CONF_PARSER module_config[] = { @@ -69,6 +70,8 @@ no }, { with_cisco_vsa_hack,PW_TYPE_BOOLEAN, offsetof(rlm_preprocess_t,with_cisco_vsa_hack), NULL, no }, + { with_alvarion_vsa_hack,PW_TYPE_BOOLEAN, + offsetof(rlm_preprocess_t,with_alvarion_vsa_hack), NULL, no }, { NULL, -1, 0, NULL, NULL } }; @@ -115,7 +118,7 @@ charnewattr[MAX_STRING_LEN]; for ( ; vp != NULL; vp = vp-next) { - vendorcode = (vp-attribute 16); /* HACK! */ + vendorcode = VENDOR(vp-attribute); if (!((vendorcode == 9) || (vendorcode == 6618))) continue; /* not a Cisco or Quintum VSA, continue */ if (vp-type != PW_TYPE_STRING) continue; @@ -170,6 +173,26 @@ } } + +/* + * Don't even ask what this is doing... + */ +static void alvarion_vsa_hack(VALUE_PAIR *vp) +{ + int vendorcode; + int number = 1; + + for ( ; vp != NULL; vp = vp-next) { + vendorcode = VENDOR(vp-attribute); + if (vendorcode != 12394) continue; + if (vp-type != PW_TYPE_STRING) continue; + + vp-attribute = number | (12394 16); + snprintf(vp-name, sizeof(vp-name), +Breezecom-Attr%d, number++); + } +} + /* * Mangle username if needed, IN PLACE. */ @@ -515,6 +538,14 @@ cisco_vsa_hack(request-packet-vps); } + if (data-with_alvarion_vsa_hack) { + /* +* We need to run this hack because the Alvarion +* people are crazy. +*/ + alvarion_vsa_hack(request-packet-vps); + } + /* * Note that we add the Request-Src-IP-Address to the request * structure BEFORE checking huntgroup access. This allows - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
Yasir Elhaggaz wrote: Hello all, i have allready freeradius installed and working well, but i can see resentlly its became very slow to replay the DataBase wich is MySQL, could any one send me the formal configuration file for one freeradius witch is allreay running well and acting good with MySql Database? If it is working, there isn't much you can do to FreeRADIUS to make it work faster, the slowdown is coming from MySQL. If your tables are large, change them from MyISAM to InnoDB (table vs. row locking makes all the difference). Also make sure they are properly indexed. We also have a replication setup and do this in authorize: redundant { sql-slave sql-master } and this in accounting: sql-master to separate the reads and writes. Be aware that changing the engine on mysql tables, causes them to lock and large tables take a long time to change, so you will be unable to write to them during that time. Reads will also be quite slow (if it responds at all). I took our radius servers offline during the change at like 4am. Archiving old accounting data will help too. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: (no subject)
Hi, 1. modify your pppoe-server to send accouting updates every hour or less 2. modify sql.conf to write an entry to sql for each accouting-update packet 3. based on session start time and update time you can calculate and see the hourly transfer. Regards, Edvin PS: I am planing to use such system to detect misuse ;) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of [EMAIL PROTECTED] Sent: Samstag, 01. April 2006 11:06 To: freeradius-users@lists.freeradius.org Subject: (no subject) hi, i have freeradius + mysql + cisco + pppoe clients. the pppoe client is 3 day online. the radius have 1 line with input/output octets the statistic for the users must to every hours the input/output octets have you a idea? best regrds harald -- Feel free - 10 GB Mailbox, 100 FreeSMS/Monat ... Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
Walter Reynolds [EMAIL PROTECTED] wrote: Currently we have two files that appear to be accounting data to me. Following are what we get (I have removed IP info for safty sake) These two lines are from logfile.20060220 Mon Feb 20 13:07:12 2006: Received-Authentication: 63/62890 'waltr' from XXX.XXX.XXX.XXX port 9126 PPP That's not accounting data. That's just logging information. You can update FreeRADIUS to log that, too. See src/main/auth.c Mon Feb 20 13:07:12 2006: Authentication: 63/62890 'waltr' from XXX.XXX.XXX.XXX port 9126 PPP - OK -- total 0, holding 0 'total 0, holding 0'? What does that mean? I've never understood Merit's logs. No, what is more important to me os from the session.20060220.las file (mainly the first line) This is strange though as because Pre-Auth the accounting data is sent to the merit radius then forwarded to a freeradius and back. I have no idea what that means. NA NA 1140458855 20 20 waltr@ NA 'PROFILE' NA NA XXX.XXX.XXX.XXX/9126NA NA Framed/PPP/XXX.XXX.XXX.XXX ## User-Name:0='waltr' Calling-Station-Id:0='XXX.XXX.XXX.XXX' Acct-Status-Type:1=Stop I have no idea what that log file format is. The ':0' and ':1' stuff looks like nonsense to me. I'd suggest re-phrasing your requirements as what information do you need to have logged, and ignore the existing format. Then, write a Perl script that reads the detail file, and produces whatever data you want. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: (no subject)
I have changed this Result: tls: private_key_file = /usr/local/etc/raddb/certs/cert-srv.pem tls: certificate_file = /usr/local/etc/raddb/certs/cert-srv.pem tls: CA_file = /usr/local/etc/raddb/certs/demoCA/cacert.pem tls: private_key_password = SecretKeyPass77 tls: dh_file = /usr/local/etc/raddb/certs/dh tls: random_file = /usr/local/etc/raddb/certs/random tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = (null) rlm_eap_tls: Loading the certificate file as a chain 20988:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expec ting: CERTIFICATE 20988:error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypt:evp_ enc.c:438: 20988:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:421: 20988:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c: 707: rlm_eap_tls: Error reading private key file rlm_eap: Failed to initialize type tls radiusd.conf[10]: eap: Module instantiation failed. radiusd.conf[1902] Unknown module eap. radiusd.conf[1849] Failed to parse authenticate section. Greeting, Herman -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Phil Mayers Verzonden: dinsdag 14 februari 2006 20:51 Aan: FreeRadius users mailing list Onderwerp: Re: (no subject) Herman Swensson wrote: tls: private_key_file = /usr/local/etc/raddb/certs/cert-srv.pem tls: certificate_file = (null) Note this, then: rlm_eap_tls: Loading the certificate file as a chain 20360:error:0200100E:system library:fopen:Bad address:bss_file.c:259:fopen('','r') Set certificate_file in eap.conf correctly. It's empty, so it's failing. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.15.8/260 - Release Date: 14-2-2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.15.9/261 - Release Date: 15-2-2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
Herman Swensson wrote: tls: private_key_file = /usr/local/etc/raddb/certs/cert-srv.pem tls: certificate_file = (null) Note this, then: rlm_eap_tls: Loading the certificate file as a chain 20360:error:0200100E:system library:fopen:Bad address:bss_file.c:259:fopen('','r') Set certificate_file in eap.conf correctly. It's empty, so it's failing. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: (no subject)
yes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of debik Sent: Wednesday, December 14, 2005 1:15 AM To: FreeRadius users mailing list Subject: (no subject) Isit posible to authenicate users on LAN with freeradius, without any Access Point ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: (no subject)
Yes (using 802.1x or some other protocol) Chad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of debik Sent: Tuesday, December 13, 2005 6:15 PM To: FreeRadius users mailing list Subject: (no subject) Isit posible to authenicate users on LAN with freeradius, without any Access Point ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
Hi, Josh. the following describes the 'group lock' feature, considering a Cisco VPN 3000 concentrator and a RADIUS server (check the RADIUS Class attribute) : http://www.cisco.com/en/US/customer/tech/tk59/technologies_configuration_example09186a00800946a2.shtml It is mentioned hereafter that the Cisco PIX Security Appliance supports RADIUS group locking : http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_data_sheet0900aecd801a9de9.html It looks like your RADIUS client is actually a Cisco PIX SA (beware of Cisco's terminology though), so I hope this can help you solve your problem. Regards, Philippe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
Nope. josh. nagaraj wrote: Hi, Has any body had any experience implementing CHAP-PASSWORD to authenticate http clients against a radius server ? I read a document that says The CHAP-Challenge and CHAP-PASSWORD attributes are not suitable since the CHAP algorithm is not compatible with HTTP digest. If that is the case, Please let me know if there is a work around. Regards, Nagaraj - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
Matt morris wrote: So how do I setup freeradius to use rlm_perl then? Some pointers will be greatly appreciated. Thank you. rlm_perl is still experimental That means that you'll need to compile freeradius with the --with-experimental-modules option. The configuration is in etc/raddb/experimental.conf rlm_exec is stable, so your freeradius will support it already. The configuration is in etc/raddb/radiusd.conf You can use any executable script (which *can* be a perl script). Look in CVS, there's a lot of information added about rlm_exec! -- Groeten, Regards, Salutations, Thor Spruyt M: +32 (0)475 67 22 65 E: [EMAIL PROTECTED] W: www.thor-spruyt.com www.salesguide.be www.telenethotspot.be - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
On Fri, 17 Jun 2005, Graham, Robert wrote: Dustin, Thanks for the response. I was kind of wondering if the location of the group in Active Directory was an issue. But that brings up another question. Doesn't a ldapsearch use the basedn as a starting point? If instance, I have the basedn set as follows in radiusd.conf: basedn = ou=mem users,dc=mem-ins,dc=com And the structure of our AD is: MEM-INS.COM | | |_MEM Users | | | | Where are the groups at? Are they under ou=mem users? If so, you are correct, you should be able to find it in your search. And why is it that it can find the user rgraham but not the group. Either the ldap search query you have setup in radiusd.conf is incorrect, or perhaps the user you are binding with doesn't have permissions to search the groups? Can you post an example, of what a group member would look like in AD? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: (no subject)
The user is in the /etc/passwd file. I uncommented out the passwd, shadow and group files in radiusd.conf. Is there away to check to see if the program is reading the passwd file. John Riggs 619-313-2213 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Alan DeKok Sent: Friday, May 20, 2005 1:55 PM To: freeradius-users@lists.freeradius.org Subject: Re: (no subject) John Riggs [EMAIL PROTECTED] wrote: A local user can log on but a user using the default system password file can not log on. I've look at the debug but I'm not sure I understand the problem and how to correct it. I believe this is the problem; modcall: entering group authenticate, modcall[authenticate]: module unix returns notfound, The user wasn't found in /etc/passwd? Why would he be able to authenticate? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
John Riggs [EMAIL PROTECTED] wrote: The user is in the /etc/passwd file. shrug The error message is definitive. I uncommented out the passwd, shadow and group files in radiusd.conf. Is there away to check to see if the program is reading the passwd file. Don't uncomment those lines. It should work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: (no subject)
A local user can log on but a user using the default system password file can not log on. I've look at the debug but I'm not sure I understand the problem and how to correct it. I believe this is the problem; modcall: entering group authenticate, modcall[authenticate]: module unix returns notfound, modcall: group authenticate returns notfound. John Riggs 619-313-2213 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Alan DeKok Sent: Thursday, May 19, 2005 3:05 PM To: freeradius-users@lists.freeradius.org Subject: Re: (no subject) John Riggs [EMAIL PROTECTED] wrote: The connect type is a PPP connection. I hope this is enough info this is my first time configuring a radius server. Thanks Run the server in debugging mode, as suggested in the README, INSTALL, and FAQ. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html debug520.rtf Description: MS-Word document
Re: (no subject)
John Riggs [EMAIL PROTECTED] wrote: A local user can log on but a user using the default system password file can not log on. I've look at the debug but I'm not sure I understand the problem and how to correct it. I believe this is the problem; modcall: entering group authenticate, modcall[authenticate]: module unix returns notfound, The user wasn't found in /etc/passwd? Why would he be able to authenticate? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
John Riggs [EMAIL PROTECTED] wrote: The connect type is a PPP connection. I hope this is enough info this is my first time configuring a radius server. Thanks Run the server in debugging mode, as suggested in the README, INSTALL, and FAQ. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
On 5/8/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hello, I have a problem and I hope that You can help me, please!? version: 1.0.0 I want use (Free)RADIUS for AAA on IPv6. Only one router, one RADIUS server and one user. User(IPv6 address) connect with Telnet to Router(IPv6 address) Questions: Can RADIUS solve this problem? Can be RADIUS on Linux with IPv6 address?(problem with: radius-server host 192.168.2.2 auth-port 1812 acct-port 1813 - there is not IPv6 address) if yes, I need configuration of RADIUS if no, and it is on IPv4 address, need configuration of RADIUS Example: If all addresses are IPv4) Conf. on router: Router(config)# aaa new-model Router(config)# radius-server host 192.168.2.2 auth-port 1812 acct-port 1813 Router(config)# radius-server retransmit 1 Router(config)# radius-server key radius Router(config)# aaa authentication login default group radius Router(config)# aaa authorization exec default group radius Conf. of RADIUS: clients.conf: client 192.168.2.1 { secret = radius shortname = ethernet nastype= cisco } users: test Auth-Type := Local, User-Password == test I read RFC 3162 but it didn't help me... best solution for me is: Router(config)# aaa new-model Router(config)# radius-server host !!different!! 2001::2/64(IPv6) auth-port 1812 acct-port 1813 Router(config)# radius-server retransmit 1 Router(config)# radius-server key radius Router(config)# aaa authentication login default group radius Router(config)# aaa authorization exec default group radius Conf. of RADIUS: clients.conf: client !!different!!2001:1::/64(Ipv6) { secret = radius shortname = ethernet nastype= cisco !!different!! and there something like : Login-IPv6-Host NAS-IPv6-Address } users: test Auth-Type := Local, User-Password == test but this in not possible:) PLEASE HELP! Try the latest CVS and try your IPv6 client configuration For now, I guess, Login-IPv6-Host NAS-IPv6-Address are not supported. -Raghu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
On Fri, 6 May 2005, Alan DeKok wrote: Babar Shafiq [EMAIL PROTECTED] wrote: I know i can see the reject cause while running in debug mode but I want to store the reject causes in database or logs it. so it will be helpful in future for support people,customer support etc, so they can inform users what is the exact cause of the rejection !! Then always run the server in debugging mode. Or, write scripts to log reasons for failure. log_badlogins from the dialupadmin package will do what you want. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
Babar Shafiq [EMAIL PROTECTED] wrote: I know i can see the reject cause while running in debug mode but I want to store the reject causes in database or logs it. so it will be helpful in future for support people,customer support etc, so they can inform users what is the exact cause of the rejection !! Then always run the server in debugging mode. Or, write scripts to log reasons for failure. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
HI Can you run the server in debug mode and post the messages that you get. -Sayantan.[EMAIL PROTECTED] 04/19/05 5:52 pm HiI have a very strange problem.I authenticate a user agains a Novell 6 Server which is not theproblem.But I need some Attributes from the authentication brought back to theNASI put these in the users file and it worked with another server:Users complete-DEFAULT Auth-Type :=LDAP Ldap-Group == CN=WGRASO=FKELReply-Message = Welcome you are allowed to have dialupaccessFramed-Filter-Id = std.pppFall-Through = 0--The Ldap portion of the radiusd.conf comments removedldapserver = 170.56.185.59identity = anonymousbasedn = OU=AbteilungenO=FKELfilter = uid=Stripped-User-Name:-User-Namestart_tls = nodictionary_mapping = raddbdir/ldap.attrmapldap_connections_number = 5groupmembership_attribute = radiusGroupNametimeout = 20timelimit = 20net_timeout = 10Strangely the binds need a very long time up to 8 seconds each - butwhat has this to do with the not transmitting the Attributes As I said the authentication works but the Attributes are missing -Any Ideas RegardsAndre-List info/subscribe/unsubscribe See http://www.freeradius.org/list/users.html
Re: (no subject)
It's really obvious... - Info: rlm_sql (sql): There are no DB handles to use! skipped 0, tried to connect 0. ^^ Increase your DB Handles to a higher value. - Info: Using deprecated naslist file. Support for this will go away soon. ^^ I'd suggest fixing and using clients.conf as well. - Error: rlm_sql (sql): Could not link driver rlm_sql_oracle: file not found ^ There's your biggest problem IMHO. Just my 2c. -- Chris. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
Anderson Alves de Albuquerque schrieb: After I need that RADIUS use crypt or DES to have password in clean txt. It's impossible. Once you have the password crypted, you cannot get the clear text from it anymore. It's like making an omelette. You can make one from eggs, but you can't get the eggs back from the omelette. How could I tell RADIUS use crypt or DES to have clean TXT? How can you tell your cook to turn the omelette back into eggs? If RADIUS know like have original password is stored in LDAP the RADIUS could done the HASH. Then RADIUS could know if this hash is like of the hash that RADIUS receive of the [aplication]. No. If you create two hashes from the same password, they are different. Just looking at the two, nobody can tell if they were created from the same password or not. HTH, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
What platform are you running it on? Easiest way is to use rpm or yum/apt etc to install (on Linux). Have a look at http://www.frontios.com/freeradius.html and also search the list archives - the notes are also included in all the conf files which are pretty handy [EMAIL PROTECTED] 21/01/2005 10:59:59 Hi all! I am new in freeradius. I use debian testing. How i install and config freeradius, freeradius-dialupadmin? Please help me guys Sincerely, Tulga.G Lead Programist of Netsoft LLC - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
Tnx for your reply! My kernel is 2.6.8-1-686. OS is Debian testing. I install: apt-get install freeradius and apt-get install freeradius-dialupadmin. Installation is successfully finished. So i cannot config freeradius and cannot use dialup-admin. My installed dialupadmin hasn't sql, and more folders. Neil Craig writes: What platform are you running it on? Easiest way is to use rpm or yum/apt etc to install (on Linux). Have a look at http://www.frontios.com/freeradius.html and also search the list archives - the notes are also included in all the conf files which are pretty handy [EMAIL PROTECTED] 21/01/2005 10:59:59 Hi all! I am new in freeradius. I use debian testing. How i install and config freeradius, freeradius-dialupadmin? Please help me guys Sincerely, Tulga.G Lead Programist of Netsoft LLC - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Sincerely, Tulga.G Lead Programist of Netsoft LLC - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
Use apt to install freeradius-sql.. [EMAIL PROTECTED] 21/01/2005 11:27:06 Tnx for your reply! My kernel is 2.6.8-1-686. OS is Debian testing. I install: apt-get install freeradius and apt-get install freeradius-dialupadmin. Installation is successfully finished. So i cannot config freeradius and cannot use dialup-admin. My installed dialupadmin hasn't sql, and more folders. Neil Craig writes: What platform are you running it on? Easiest way is to use rpm or yum/apt etc to install (on Linux). Have a look at http://www.frontios.com/freeradius.html and also search the list archives - the notes are also included in all the conf files which are pretty handy [EMAIL PROTECTED] 21/01/2005 10:59:59 Hi all! I am new in freeradius. I use debian testing. How i install and config freeradius, freeradius-dialupadmin? Please help me guys Sincerely, Tulga.G Lead Programist of Netsoft LLC - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Sincerely, Tulga.G Lead Programist of Netsoft LLC - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: (no subject)
Hi, Check out this link http://www.multitech.com/SUPPORT/Families/CommPlete4000/software.asp Regards, Janakan Rajendran -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Jessa Sent: Thursday, January 13, 2005 1:02 PM To: freeradius-users@lists.freeradius.org Subject: Re: (no subject) I checked their website and there was nothing about that server. Do you happen to know where to download it? On Tue, 11 Jan 2005 22:04:43 -0500 Janakan Rajendran [EMAIL PROTECTED] wrote: Try Multi-tech Radius server _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Zhao Yu,SCNB RD NNA(BJ) Sent: Tuesday, January 11, 2005 5:27 AM To: freeradius-users@lists.freeradius.org Subject: (no subject) Is there any opensource radius server than runs well on Windows 2000. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
I checked their website and there was nothing about that server. Do you happen to know where to download it? On Tue, 11 Jan 2005 22:04:43 -0500 Janakan Rajendran [EMAIL PROTECTED] wrote: Try Multi-tech Radius server _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Zhao Yu,SCNB RD NNA(BJ) Sent: Tuesday, January 11, 2005 5:27 AM To: freeradius-users@lists.freeradius.org Subject: (no subject) Is there any opensource radius server than runs well on Windows 2000. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: (no subject)
Try Google search for radius200.exe Cheers Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Jessa Sent: 13 January 2005 18:02 To: freeradius-users@lists.freeradius.org Subject: Re: (no subject) I checked their website and there was nothing about that server. Do you happen to know where to download it? On Tue, 11 Jan 2005 22:04:43 -0500 Janakan Rajendran [EMAIL PROTECTED] wrote: Try Multi-tech Radius server _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Zhao Yu,SCNB RD NNA(BJ) Sent: Tuesday, January 11, 2005 5:27 AM To: freeradius-users@lists.freeradius.org Subject: (no subject) Is there any opensource radius server than runs well on Windows 2000. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: (no subject)
Try Multi-tech Radius server From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Zhao Yu,SCNB RD NNA(BJ) Sent: Tuesday, January 11, 2005 5:27 AM To: freeradius-users@lists.freeradius.org Subject: (no subject) Is there any opensource radius server than runs well on Windows 2000.
Re: (no subject)
[EMAIL PROTECTED] 03/12/2004 17:37:45 I am testing my freeradius using NTRadPing Utility. I am running radius in debugger mode and I get this: rad_recv: Access-Request packet from host 10.192.1.11:3628, id=1, length=44 Ignoring request from unknown client 10.192.1.11:3628 In clients.conf I have this entry: client 10.192.1.11/16 { secret = testing123 shortname = mbasso } Have you tried just having the single IP in clients.conf? client 10.192.1.11 { secret = testing123 shortname = mbasso } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: (no subject)
radtest and radclient come together with the freeradius Server enter man radtest or man radclient for more information depending on your configuration radclient ist installed in /opt/gnu/bin/radclient -Original Message-From: rajesh [mailto:[EMAIL PROTECTED]Sent: Mittwoch, 27. Oktober 2004 12:05To: [EMAIL PROTECTED]Subject: (no subject) Hi, Where can i get a RADIUS client like RADTEST,RADCLIENT to test with RADIUS server I have to test MY RADIUS server with another machine (client).For that i need this client application. More over both my machiens r Linux machines. Thanks Regards Rajesh.Ch
Re: (no subject)
kill -HUP `cat /var/run/radius/radius.pid` - Original Message - From: jh vg [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, July 28, 2004 11:46 AM Subject: (no subject) Hi I want to develop a project that supports WLAN roaming. I need the realms to be configured dynamic from a database. As far as i have seen the only way to configure realms is from proxy.conf or realms file. What must i do when i want to add a new realm without restarting the server? Is there a way for the server to read realms from a database? Another solution is to write new realms to proxy.conf and then force the server to read the file again. Can this be done? I have little experience with radius and i would appreciate your help _ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
On Thu, 2004-06-17 at 16:33, Maqbool Hashim wrote: Is it possible to get a Windows Domain Controller to authenticate via radius? Has anyone got this working? Could you please expand on what you requirements are. I have users authenticating against a Windows BDC via radius if that is what you require advise on. Dave IMPORTANT - this email and the information in it may be confidential, legally privileged and/or protected by law. It is intended solely for the use of the person to whom it is addressed. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Please also delete all copies of this email and any attachments from your system. We cannot guarantee the security or confidentiality of email communications. We do not accept any liability for losses or damages that you may suffer as a result of your receipt of this email including but not limited to computer service or system failure, access delays or interruption, data non-delivery or mis-delivery, computer viruses or other harmful components. Copyright in this email and any attachments belong to Compass Group. Should you communicate with anyone at Compass Group by email, you consent to us monitoring and reading any such correspondence. Nothing in this email shall be taken or read as suggesting, proposing or relating to any agreement concerted practice or other practice that could infringe UK or EC competition legislation. Compass Group, UK and Ireland Limited is a company registered in England and Wales (Company number 02272248) whose registered office is at Parklands Court, 24 Parklands, Birmingham Great Park, Rubery, Birmingham, West Midlands, B45 9PZ. Compass Group UK Ireland Limited is a wholly owned subsidiary of Compass Group PLC, registered in England and Wales (Company number 4083914) whose registered office is at Compass House, Guildford Street, Chertsey, Surrey, KT16 9BQ. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
Steve OBrien [EMAIL PROTECTED] wrote: So they're different. If you want to know exactly what they are, add debug statements to print them out. would that be debug_eap = 0x in eap.conf? Huh? There's no such configuration line in eap.conf. I was suggesting to edit the source code. Hmm... it may be that the \ is the cause of the problem. Should I use the NT domain hack or realms or what? Until you edit the source code to see exactly which strings are being compared, it would be premature to talk about a solution. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject) - Is: Segmentation Fault in CVS-Snapshot 20040328
Dont hit me, i forgot the Subject :/ Sorry! -- +++ NEU bei GMX und erstmalig in Deutschland: TÜV-geprüfter Virenschutz +++ 100% Virenerkennung nach Wildlist. Infos: http://www.gmx.net/virenschutz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting attributes (was Re: (no subject) )
[EMAIL PROTECTED] wrote: But there isnt Acct-Termination-Cause attribute - why ? See the FAQ. The server can't log what it doesn't get. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
Hiya I want to log all Level 15 commands on the switches or routers back to the freeradius box via accounting. On the Cisco router i have: I was under the impression that this functionality was only availible if using TACAS+ ? If it is possible with RADIUS I would be interested in this also. Graeme -- - Graeme Hinchliffe (BSc) Core Team Member Zen Internet (http://www.zen.co.uk) ICQ 3842605 (link) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday 25 February 2004 18:05, Clinton J Wooton wrote: I believe that the [1636] refers to the actual line in the file. I looked at this exact spot using gedit and found that it is the last line of the file and it has nothing in it. I would make sure that all { have a matching } in the file. If that doesn't help, copy your current configuration out of the way, then copy the default radiusd.conf in place and attempt your config changes again. Kevin Bonner -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAPS94/9i/ml3OBYMRAm2wAJ4ok0DCBuLhV2mMUrsN1I61sciggACbBKqA 3Uocqna8iVqZuOyMd77tm1I= =wvOc -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: (no subject)
I thought this list was going to be subscriber post only. :-) Any progress toward that? - Brian J. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tarun SinghalSent: Wednesday, January 14, 2004 11:26 PMTo: [EMAIL PROTECTED]Subject: (no subject) Largest Matrimonial Portal For Agarwal We have the largest collection of Agarwal Bride Groom Agarwal Matrimonial - http://www.agarwaltoagarwal.org We Have the largest data base of well educated Agarwalbrides grooms from all over India and othercountries including US, UK, Canada, Australia etc. Thedata base includes bio-data of Agarwal boys and girlsfrom various fields of life i.e. Medicos, Engineers,IT Professionals, Software Engineers, Professors,Teachers, Entrepreneurs, Industrialist, Businessmen,Self Employed, Employees in private public sectorsetc. It also includes bio-data of well-educated homelygirls. Note: We have the largest collection of Manglik Agarwal. We have largest collection of profile from different Agarwal culture E.g.: Haryana, Rajasthani, Delhi, Uttar Pradesh, etc. http://www.agarwaltoagarwal.org