> Holger Schurig <[EMAIL PROTECTED]> wrote:
>> Is there a technical reason that EAP-TTLS and EAP-PEAP both need EAP-TLS
>> first?
>
> Yes. Why would it be otherwise?
>
> TTLS & PEAP both involve using EAP-TLS, and then tunneling
> additional data in the TLS tunnel. Therefore, they both need
> ./configure --with-openssl-includes=/usr/local/ssl/include/
> --with-openssl-libraries=/usr/local/ssl/lib
This one looks better, --with-openssl-libs is not supported, see the
configure or configure.in file.
> But it still gives me the above error.
>
> Any more suggestions ?
Look at your confi
> Have you tried with pre-proxy and attr_rewrite? I?m trying but
attr_rewrite
> module is not called (/usr/sbin/freeradius -x). I don?t know why.
No I haven't.
use -X instead -x, it'll show lot of things
and have u included that in the preproxy section in radiusd.conf
>
> Sergio.
> > > > > > but
Until I get a working solution, i am using attr_rewrite in preacct. The
attribute is always filtered, not only in requests to be proxied. I do not
know if it suits well for you.
Sergio.
> -Mensaje original-
> De: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] nombre de denz
> Enviado el: m
ot;stag" NAS-IP-Address =
255.255.255.255 NAS-Port =
0modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request
0radius_xlat:
'/var/log/radius/radacct/192.168.0.60/auth-detail-20031210'rlm_detail:
/var/log/radius/
Leandro,
See to it you included sql in authorization and
accounting.
Another helpful information ...
http://www.frontios.com/freeradius.html
=
wilfredo pahilanga apellido jr.
technical support
mactan online
bacolod city, philippines
+63 34 4348311
If you can't hear me, it's because i'm i
hello,
your snapshot version of freeradius isn't the one who is mentioned in the
HOWTO, and the syntax is different on this new version! I had the same
problem like you, and I tested with the snapshot of the HOWTO. If you use
it, you will see that your errors will diseapear and your TLS tunnel will
Hi,
I am using freeradius 0.9.3 on a linux box
I have found the eap_ttls module in the CVS tree
How to install it ???
Can anyone can explain me the interest to use EAP TTLS + LDAP
I dont want to use personnal certificate but only the login and ldap passwd
of the personn
Is TTLS+LDAP it a good
Hello,
I have problem with radrelay (FR 0.9.3).
Sometimes, detail-combined get growing indefinitely on the two servers, and
I can see the same accounting record many time in the two detail combined,
one with the client-ip-address of the other and vice versa.
I have problem with a broken proxy whi
I believe the make install target may strip the objects.
gdb on the executable from the source directory. That works fine. If you
use libtool in the build, gdb on the radiusd hidden in the .libs directory.
Hey! Look what I found in configure generated script.
# Check whether --enable-developer o
On Wed, 10 Dec 2003, Arthur EBEL wrote:
> Hi,
> I am using freeradius 0.9.3 on a linux box
> I have found the eap_ttls module in the CVS tree
> How to install it ???
./configure
make
make install
>
> Can anyone can explain me the interest to use EAP TTLS + LDAP
>
> I dont want to use personnal c
Hello, Collegues!
I'm using freeradius-0.7.1. I'm trying to configure this freeradius
as proxy server to remote.
--
rad_recv: Access-Reject packet from host 195.123.5.10:1288, id=1, length=48
Ignoring request from unknown proxy 195.123.5.10:1288
--
Host 195.123.5.10 was configured in proxy
Hi Alex,
did u check clients.conf ?
Thomas .
Alex Radetsky wrote:
Hello, Collegues!
I'm using freeradius-0.7.1. I'm trying to configure this freeradius
as proxy server to remote.
--
rad_recv: Access-Reject packet from host 195.123.5.10:1288, id=1, length=48
Ignoring request from unknown pr
On Wed, Dec 10, 2003 at 03:56:45PM +0200, Alex Radetsky wrote:
>
> Hello, Collegues!
>
> I'm using freeradius-0.7.1. I'm trying to configure this freeradius
> as proxy server to remote.
>
> --
> rad_recv: Access-Reject packet from host 195.123.5.10:1288, id=1, length=48
> Ignoring request f
On Wed, Dec 10, 2003 at 03:11:42PM +0100, Thomas MARCHESSEAU wrote:
> Hi Alex,
>
> did u check clients.conf ?
>
>
[EMAIL PROTECTED] bin]# grep "195.123.5.10" /usr/local/radius-proxy/etc/raddb/*
clients: 195.123.5.10 123
clients.conf: client 195.123.5.10 {
proxy.conf: authho
On Wed, Dec 10, 2003 at 04:18:30PM +0200, Alexey Balabushevich wrote:
> >
> > I'm using freeradius-0.7.1. I'm trying to configure this freeradius
> > as proxy server to remote.
> >
> > --
> > rad_recv: Access-Reject packet from host 195.123.5.10:1288, id=1, length=48
> > Ignoring request from
Hello!
I found this in files.c :
--
REALM *cl;
/*
* Note that we do NOT check for inactive realms!
*
* If we get a packet from an end server, then we mark it
* as active, and return the realm.
*/
for(cl = real
On Tuesday 09 December 2003 17:25, Chris Parker wrote:
> At 05:18 PM 12/9/2003, Michael Shanafelt wrote:
> >I actually already tried that, but still got the same error.
> >
> >Do I need to change the owner of "radiusd" to the user I want to run it
> >as?
>
> What *is* the error message you get. Po
The FreeRadius default config file is pretty much complete and working
right out of the box. It's only that for some more advanced features the
admin *must* make some local changes.
I've noticed that a lot of questions asked here are due to people not
having the patience to read the config file in
Please read the FAQ before posting again.
Turn off your Graphic and html.
Leandro Sant'ana wrote:
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I have noticed you have configured naslist, clients and clients.conf.
The clients.conf file is all you need, and should probably move or remove
the clients and naslist files since the are deprecated and may conflict.
I have not looked into the source to find out what happens when you have
both se
I am giving tickets in a kiosk-environment, and would like to block an
account as soon as it is used. So the username and password can only be
used once; that's it.
What is the easiest way?
I am using SQL.
Z.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Kostas Kalevras <[EMAIL PROTECTED]> wrote:
> > I am using freeradius 0.9.3 on a linux box
> > I have found the eap_ttls module in the CVS tree
> > How to install it ???
>
> ./configure
> make
> make install
And watch the server dies as soon as it receives an EAP-TTLS request.
Alan DeKok.
-
"Nikolas Geyer" <[EMAIL PROTECTED]> wrote:
> ERROR: Cannot find a configuration entry for module "expr".
>
> In my radiusd.conf I have the following;
>
> expr {
> }
Where? The location of that configuration entry matters.
See the default 'radiusd.conf' for examples of where that
configurat
Holger Schurig <[EMAIL PROTECTED]> wrote:
> I thought TLS is where both the server and the clients have certificates.
> And TTLS is where only the client has a certificate (of the server).
Yes. If you're unsure, read the RFC's. They're included with the
server.
> Therefore, TTLS and PEAP need
"Leandro Sant'ana" <[EMAIL PROTECTED]> wrote:
> I commented that's lines in file /etc/raddb/users
...
> #DEFAULT Auth-Type =3D System
> #Fall-Through =3D 1
>
> To force Auth-Type in databases
No.
Uncommenting that line means you forced it to NOT use System
authentication. But you d
Hello FreeRADIUS Users,
I am using FreeRADIUS Version 0.9.2.
Does anyone have an example that demonstrates how to encrypt an
individual access reply attribute?
I was going to encrypt the attribute using a custom Exec-Program-Wait
function but I could not figure out how to to obtain and pass the
Tom Stoll <[EMAIL PROTECTED]> wrote:
> Does anyone have an example that demonstrates how to encrypt an
> individual access reply attribute?
You shouldn't have to. See the dictionary files, and look for
"encrypt=". If you're going to use the standard User-Password
encryption, then create a dict
Alex Radetsky <[EMAIL PROTECTED]> wrote:
> I'm using freeradius-0.7.1. I'm trying to configure this freeradius
> as proxy server to remote.
Upgrade to 0.9.3. Please.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi all
I have freeradius 0.9.3 set up on a linux box with (presumably) mysql
compiled in as well. I have the mysql-devel files installed before
configure/make/make installing.
I followed through the how-to found at
http://www.frontios.com/freeradius.html, but, that is a set of how-to
for a somewh
Alex Radetsky <[EMAIL PROTECTED]> wrote:
> So, if radius got packet from remote server with configured source_ip and
> port, radiusd marks it as active.
>
> But in my case, radius got packet from configured source_ip, but another
> port.
>
> What does it mean?
It means that the server
"Justin Williams" <[EMAIL PROTECTED]> wrote:
> At any rate, with the user "test" in the users file, it authenticates
> just fine. When I comment that out and add the user to the mysql table,
> usergroups, it does not authenticate, and I don't notice any reference
> to mysql in the rejection notice
"Arthur EBEL" <[EMAIL PROTECTED]> wrote:
> I am using freeradius 0.9.3 on a linux box
> I have found the eap_ttls module in the CVS tree
> How to install it ???
You install a snapshot. You can't use EAP-TTLS with 0.9.3.
> I dont want to use personnal certificate but only the login and ldap pa
Damjan <[EMAIL PROTECTED]> wrote:
> The FreeRadius default config file is pretty much complete and working
> right out of the box. It's only that for some more advanced features the
> admin *must* make some local changes.
Yup.
> I've noticed that a lot of questions asked here are due to people
Already running in debugging mode, but, too ignorant of what it all
means. If there is a reference you recommend that would help me learn
more about radius, in general, I'll be happy to go hunting in there too.
I added sql to the accounting section in radius.conf, but I did not add
it into the au
Bingo... That worked... I was missing the sql entry in the authorize
section...
Would still love to go read up on radius, though!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Justin
Williams
Sent: Wednesday, December 10, 2003 1:43 PM
To: [EMAIL PROTE
"Justin Williams" <[EMAIL PROTECTED]> wrote:
> Bingo... That worked... I was missing the sql entry in the authorize
> section...
That's good to hear.
> Would still love to go read up on radius, though!
Buy the RADIUS book. See the web site for details.
Alan DeKok.
-
List info/subscri
Thank you!
By the way, I did not see a command in the man pages to restart radiusd
after making config changes. Is there such?
Thanks again!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: Wednesday, December 10, 2003 1:48 PM
To: [EMAIL
"Justin Williams" <[EMAIL PROTECTED]> wrote:
> By the way, I did not see a command in the man pages to restart radiusd
> after making config changes. Is there such?
Huh? It's a normal program. You just kill it, and re-start it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://ww
Dear WHO'S WHO Candidate,
On behalf of International WHO'S WHO of Professionals, I am pleased to inform
you that you have been selected as a potential candidate. We congratulate you.
Nomination to WHO'S WHO is an honor in itself. WHO'S WHO has over 20,000 members
in 154 countries. It is the
On Wed, 2003-12-10 at 12:26, Alan DeKok wrote:
> Tom Stoll <[EMAIL PROTECTED]> wrote:
> > Does anyone have an example that demonstrates how to encrypt an
> > individual access reply attribute?
>
> You shouldn't have to. See the dictionary files, and look for
> "encrypt=". If you're going to us
Thanks! Was thinking in terms of daemons like httpd, which have their
own start/stop commands.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: Wednesday, December 10, 2003 1:57 PM
To: [EMAIL PROTECTED]
Subject: Re: Freeradius 0.9.3 with m
Hi,
I was using an old snap version of freeradius, compiled with an old snap
version of OpenSSL, it was working fine with EAP-TLS, but I wanted to try
the TTLS, so I tried to set the OpenSSL to the latest stable version
0.9.7c and use the SNAPSHOT version of Freeradius to get the TTLS.
Now I'm g
freeradius version: 0.9.3
So i'm trying to rewrite an attribute Event-Timestamp, which has a type
of date, according to the dictionary file.
This is a new attribute, and i'm adding this to requests that I proxy.
This attr_rewrite module works great if I change the type of
Event-Timestamp to int
James Nedila <[EMAIL PROTECTED]> wrote:
> Within pairmake(), if the type of an attribute is 'date', the method
> gettime() is called on it to apparently parse out a valid time_t
> structure from a specifically formatted date (day \t month \t year \t).
>
> The problem I have with this, is the dat
Ivan Barrera <[EMAIL PROTECTED]> wrote:
> version of OpenSSL, it was working fine with EAP-TLS, but I wanted to try
> the TTLS, so I tried to set the OpenSSL to the latest stable version
> 0.9.7c and use the SNAPSHOT version of Freeradius to get the TTLS.
That should work.
> Now I'm getting the
Hi,
I was using an old snap version of freeradius, compiled with an old snap
version of OpenSSL, it was working fine with EAP-TLS, but I wanted to try
the TTLS, so I tried to set the OpenSSL to the latest stable version
0.9.7c and use the SNAPSHOT version of Freeradius to get the TTLS.
Now I'm g
Ivan Dario Barrera <[EMAIL PROTECTED]> wrote:
...
You do READ the list, don't you?
http://lists.cistron.nl/pipermail/freeradius-users/2003-December/026413.html
> Is there any way to check what are the versions I'm trying to use?
ldd. See the FAQ.
Alan DeKok.
-
List info/subscribe/unsu
So sorry, looks like the page was cached, and I never saw my message
posted!, thanks I will check on that.
Ivan D. Barrera
Ivan Dario Barrera <[EMAIL PROTECTED]> wrote:
...
You do READ the list, don't you?
http://lists.cistron.nl/pipermail/freeradius-users/2003-December/026413.html
> Is th
Alan DeKok wrote:
Damjan <[EMAIL PROTECTED]> wrote:
The FreeRadius default config file is pretty much complete and working
right out of the box. It's only that for some more advanced features the
admin *must* make some local changes.
Yup.
I've noticed that a lot of questions asked here are d
The init command will depend on the distribution you are using.
On RH, as root it should be somthing like :
/sbin/service radiusd restart
On Debian :
/etc/init.d/freeradius restart
On Suse:
/etc/init.d/radiusd restart
On FreeBSD :-)
/usr/local/etc/rc.d/radiusd.sh restart
Good luck.
Justin
In Mandrake (very similar to redhat in most respects), service radiusd
restart returned the error that radiusd was not registered as a
service...
For the moment, kill works... ;-)
Thanks!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Guy Fraser
Sent
Hello everybody,
Yesterday I ran into deep problems trying to configure freeradius 0.9.0
for so called authenticated switch access (asa) which is a feature of
alcatel (formerly xylan) lan switches enabling them to query a radius
server for user authentication.
My users file looks like:
...
user2
At 05:02 PM 12/10/2003, [EMAIL PROTECTED] wrote:
Hello everybody,
Yesterday I ran into deep problems trying to configure freeradius 0.9.0
for so called authenticated switch access (asa) which is a feature of
alcatel (formerly xylan) lan switches enabling them to query a radius
server for user auth
Any recommendation on implementing "walled garden"
with freeRadius and cisco 1100 APs. The "walled
garden" allows wireless user to access some
pre-defined websites even BEFORE they login.
Has anyone done this before? The idea is to allow
user visit our sign-up website and download the
certificat
I am climbing a learning curve at the moment, and intend to provide this
sort of functionality.
I am looking at setting up a regional wireless ISP. I am planning on
allowing everyone to associate with the wireless APs. When they open up a
web browser and try to hit a page, I am going to use squid
Check out "Mikrotik" (www.mikrotik.com) -- a linux-based router with
"Hotspot" functionality.
I am using it to do this exact sort of thing. Mikrotik has a built-in
radius client and it works flawlessly (so far) with FreeRadius on the
backend. Users are redirected to a sign-in page and once th
It might be possible to do this using mac address access lists.
You could redirect all traffic from 'unknown' mac addresses to a
'captive' site, and
allow 'known' mac addresses to be routed normaly.
I don't know how you would do this with the equipment you have, but it
may give
you an idea.
[E
Hi All,
I installed the FreeRadius 0.9.3 on Redhat 8.0 and
did some tests with the Cisco AS5400 for authenticating the dial-up users. From
the server side, everything was OK and it sent the Access-Accept back. But
unfortunately I got the following error message on AS5400.
Dec 11 00:13:19
59 matches
Mail list logo
