two separate issues
testing an rpm for mandrake 9.1
issue#1 authenticate fails
[EMAIL PROTECTED] raddb]# finger test
Login: test Name: (null)
Directory: /home/test Shell: /bin/bash
password is testpass
after
radiusd -sfxxyz -l stdout
system load
h but how come when i tail-f the
/usr/local/var/log/radiusd/radacct/client/detail
and when a diaulup user logs, there is a NAS-Port-Id.
> "Charles Nierva" <[EMAIL PROTECTED]> wrote:
>> what could be the cause of this error?
>>
>> rlm_acct_unique: WARNING: Attribute 8 was not found in
On Fri, 21 Feb 2003, Alan DeKok wrote:
> Kristina Pfaff-Harris <[EMAIL PROTECTED]> wrote:
> > Running 'checkrad cisco (etc)' on a certain of our ciscoes came back with
> > "Timeout: No Response from IP address". When called from radiusd, this
> > killed the radius daemon completely.
A little more
Title: Messaggio
Hi at
all,
I have sniffed a
EAP-TLS exchange (from 802.11 access) with Xsupplicant and first Freeradius and
second IAS (win2000).
It's possible that
the server hello in particular the second frame of this message has different
field in the two case ad ex the field Flags i
Thanks.
-Ben
On Thursday 27 February 2003 07:50 am, Alan DeKok wrote:
> Benjamin Smith <[EMAIL PROTECTED]> wrote:
> > What's the easiest way to determine if anybody is online right now?
>
> radwho?
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list
Benjamin Smith <[EMAIL PROTECTED]> wrote:
> What's the easiest way to determine if anybody is online right now?
radwho?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"freeradius" <[EMAIL PROTECTED]> wrote:
> We have a MAX TNT nas and now we have problems with spoofed icmp-echo
> and echo-reply packages.
> To sole the problem we must enable the Ascend-Source-IP-Check VSA reply
> for users authenticated from free radius.
> So I modified the clints.conf file to :
hello.
just try adding radius-auth to "line vty 0 4" as you probably did it for
"line con 0".
did you?
;)
Stevo schrieb:
Hey Guys,
I'm a newbie to freeradius and am having
a problem getting it to work with my Cisco gear. I'm at the stage now where
I can logo
This is my day for questions... has anyone
been able to get FreeRadius to work on a Nortel router?? I have a Nortel
ASN, ARN and AN that I'd like to use radius on.
I'll take any help you guys can give!!
Thanks
--Stevo
Okay so I worked out that the problem lies in the
group authorization command in the AAA config. I got this config right out
of the FAQ on the freeradius.org site so I think I've missed where I setup a
radius group. When I remove the authorization statements I can logon just
fine using tel
Hey Guys,
I'm a newbie to freeradius and am having a problem
getting it to work with my Cisco gear. I'm at the stage now where I can
logon to my Cisco 2611 and authenticate against the freeradius server just fine
IF I'm connected to the console. When I try to connect using telnet I get
a
Dear all
We have a MAX TNT nas and now we have problems with
spoofed icmp-echo and echo-reply packages.
To sole the problem we must enable the
Ascend-Source-IP-Check VSA reply for users authenticated from free
radius.
So I modified the clints.conf file to
:
client A.B.C.D {
secret
Using openLDAP/Freeradius 0.8.1 (should say, setting it up).
What's the easiest way to determine if anybody is online right now?
Optimum would be a "Web-thingy" with little red/green lights, but that may be
asking a bit much!
Searching freshmeat, google and the freeradius website turned up s
<[EMAIL PROTECTED]> wrote:
> We are trying to create a FreeRADIUS system with different FreeRADIUS
> servers.
> One is the main server, and when it receives some requests it will
> deliver to another FreeRADIUS servers to authenticate those users.
> We would like to this "secondary" FreeRADIUS serv
Hello,
i'm a Spanish Telecomunication Engineer, and i'm trying to use FreeRADIUS
for EAP/TLS Authentication with a Wireless AP.
I've configured everything as in 'Howto', but FreeRADIUS craches when a
wireless client is detected:
modcall: entering group authorize
modcall[authorize]: module "pre
We are trying to create a FreeRADIUS system with different FreeRADIUS
servers.
One is the main server, and when it receives some requests it will
deliver to another FreeRADIUS servers to authenticate those users.
We would like to this "secondary" FreeRADIUS server just authenticates
the user, but i
"leaobicalho" <[EMAIL PROTECTED]> wrote:
> Hum, i undestand the documentation,
> but continue without work, i read my
> messages about, and many people dont
> can make worki did try many
> things...you have any sugestion???
There are only a few things that can be happening:
1) You put share
Hum, i undestand the documentation,
but continue without work, i read my
messages about, and many people dont
can make worki did try many
things...you have any sugestion???
-> All files be in correct directory
-> Path is be correct
-> I did try compile with --disable-shared
-> I did try copy al
Hi Kristina:
What exactly did you put in ld.so.conf? Did you run ldconfig after adding
that line?
What I put in the ld.so.conf was this, and I rebooted the server after
adding the line:
/usr/local/freeradius/src/modules/rlm_sql/drivers/rlm_sql_mysql
Ed
From: Kristina Pfaff-Harris <[EMAIL PR
Hi!
I want to run FreeRadius under Tru64 Unix 5.1a with a two
Member Cluster with failover.
This means, I have a script with the funktions start/stop/check.
The cluster software uses this script for start/stop and in
defined intervals to check, if the process is running. If
not, it tries to start
Anyone know of a reason why my customer isn't getting a static IP assigned
when using:
Framed-IP-Address = xxx.xxx.xxx.xxx,
example entry...
sampleuser Auth-Type = System
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 1
Hi!
I have compiled FreeRadius without sia/c2 security, because
with sia/c2 security, all specifications for sepparate passwd,
shadow and group files will be ignored.
Disabling of SIA/C2 security only works when I manualy edit
src/include/autoconf.h after ./configure and unset the
following variab
"Kalle Kul" <[EMAIL PROTECTED]> wrote:
> 1) Will FreeRadius (when acting as a proxy) detect re-transmissions from a
> client. If so, will it re-transmit the message from the same port and with
> the same identifier?
Yes. It's configurable. See 'radiusd.conf'
> 2) Can FreeRadius (when acting
Hi
I am thinking about setting up FreeRadius as proxy. I tried to look up the
correct proxy behaviour in the RADIUS RFCs but found the description to be
rather incomplete. Does anyone know how FreeRadius is implemented:
1) Will FreeRadius (when acting as a proxy) detect re-transmissions from a
As far as I've seen MS supplicant implementation of PEAP it only
supports MS-CHAPv2 over PEAP. That makes it hard (when even not
possible) to authenticate against e.g. an unix passwd-file (or existing
ldap directory) as a backend.
You might be right on that EAP /can/ be transported over PEAP as
Artur Hecker wrote:
An advantage of TTLS I forgot to mention is that when PAP or CHAP is
not the best authentication method, one can always use EAP /over/
TTLS as well, so in fact there are many authentication protocols
supported within TTLS :-) This is nice when it turns out TTLS is not
the w
Hi Sam,
Sam Critchley wrote:
Interesting post (and thread) on TTLS. Sounds like what Surfnet is
doing (along with Twente, Hogeschool Amsterdam and a couple of others
in the NL academic community, right?) is pretty interesting. I hope
TTLS makes it to Freeradius soon
I hope so.
Hey, I won
hi
thanks for infos on supplicants.
An advantage of TTLS I forgot to mention is that when PAP or CHAP is not
the best authentication method, one can always use EAP /over/ TTLS as
well, so in fact there are many authentication protocols supported
within TTLS :-) This is nice when it turns out
Hi,
Artur Hecker wrote:
ok, as 3rd party of course. typically to pay extra. i.e. if benoit
just does some tests, he will probably not pay anything. anyway,
neither peap nor ttls is supported by our backend here so it's a bit
pointless...
There are always trial versions available for testing pu
"leaobicalho" <[EMAIL PROTECTED]> wrote:
> When i start radius server, show this
> message, but all files about
> sql_postgres be in directory, why
> this??
So the documentation on how to fix this, in the FAQ, radiusd.conf,
and weekly on this list isn't enough. Do you have any suggestions for
d
hi paul
TTLS IS available for XP as 3rd party product (there are a few available
I know of, meetinghouse, funk, alfa & ariss (developed for
SURFnet),...). There is even TTLS support for Linux and there is a beta
for Pocket PC.
ok, as 3rd party of course. typically to pay extra. i.e. if benoit j
When i start radius server, show this
message, but all files about
sql_postgres be in directory, why
this?? What i need make
Module: Loaded SQL
rlm_sql (sql): Could not link driver
rlm_sql_postgresql: file not found
rlm_sql (sql): Make sure it (and all
its dependent libraries!) are in the
search p
"Charles Nierva" <[EMAIL PROTECTED]> wrote:
> what could be the cause of this error?
>
> rlm_acct_unique: WARNING: Attribute 8 was not found in request, unique ID
> MAY be inconsistent
What do you think that message means?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freer
"Adrian Griffin" <[EMAIL PROTECTED]> wrote:
> I copied a few files from another RADIUS server over to try and use my
> existing config (in the belief that they should be the same, all
> following the rfc)
Absolutely not. The RFC defines the protocol, not the format of the
configuration files.
Hi Arthur,
TTLS IS available for XP as 3rd party product (there are a few available
I know of, meetinghouse, funk, alfa & ariss (developed for
SURFnet),...). There is even TTLS support for Linux and there is a beta
for Pocket PC.
I think TTLS is better dan MS's PEAP, and I'm not alone. I'm work
hi paul
all this is great (especially this peap termination!), however TTLS is
not available in windows xp and probably never will be since it is a
concurrent draft to peap. if they wanted to use ttls they wouldn't have
submitted their own draft on the exactly same idea one year after ttls
or
On Thu, Feb 27, 2003 at 09:04:59PM +0800, Charles Nierva wrote:
> what could be the cause of this error?
>
> rlm_acct_unique: WARNING: Attribute 8 was not found in request, unique ID
> MAY be inconsistent
> rlm_acct_unique: WARNING: Attribute 87 was not found in request, unique ID
> MAY be inconsi
Hi,
MD5 isn't secure (it's e.g. possible to do man in the middle attack),
and the PEAP you mention IS secure, however I don't like the PEAP
implementation when I compare it with TTLS. Using PEAP the Radius server
that is connected to the authenticator MUST be able to terminate PEAP,
even if it
in uses files
for one default password
DEFAULT PASSWORD=youpassword
or
without password
DEFAULT Auth-Type=Accept
> Hello,
>
> this is my first post to the plist, i have solaris 2.7/Sparc + freeradius
> 0.8 and we want to known how can i permit access without login and
> password
what could be the cause of this error?
rlm_acct_unique: WARNING: Attribute 8 was not found in request, unique ID
MAY be inconsistent
rlm_acct_unique: WARNING: Attribute 87 was not found in request, unique ID
MAY be inconsistent
#
hi
it's a point of view. the certificate can belong to the user or to the
machine in the same manner. windows xp explicitly distinguishes that and
allows you to use machine credentials when no user info is available or
guest credentials when no machine info is available, etc.
if you want to auth
I don't succeed to install eap-md5 with windows xp, but I succeed with
eap-tls!
But, I can just authenticate the computer with the certificate and I
would like to authenticate the user with a login and a password with LDAP!
If you have any suggestions to help me
Thanks!
Beno
-
List info
42 matches
Mail list logo