helloi thnk u need to setup certifictaes for proper
authentication...bcoz ap generally support 802.1X ...if encryption is not
proper then auth doesnt take placecheck the docs on 802.1X at
freeradius...
regards
manish
- Original Message -
From: "Shashidhara S Bapat" <[EMAIL PROTECTE
Hello everyone,
Can someone tell me which Auth-Type i have to use for the following
setup.
Following is my setup:
(Linux) (NAS)(user)
+--+ +--++++-+
+ Internet +<>| Radius | <> | AP-6
>>> 2nd attempt... Please advise. TIA!
I'm getting to following error message using freeradius 0.9.3:
Error: rlm_eap: EAP-Message not found
Radiusd is working fine, so I'm not quite sure what the problem is. I
did some googling, but was not able to fine a solution.
I migrated from an older ver
Alan,
It's working now... thanks..
At first.. it still cannot get the pasword ... but i've uncomment below..
password_attribute = userPassword
and everything settle then
But why before this (PAP, Auth-Type=LDAP) I don't have to uncomment above
and it works??
Just want to understand more..
On Mon, 22 Dec 2003, Cris Boisvert wrote:
> I've got dialup admin setup and it looks like I can add users without any
> errors.. Although when I look at the actual sql databases its only adding
> them to the userinfo table... And not adding any users to the radacct table.
It will never add anythi
Yes.
You can also still use detail file accounting at the same time as well.
Configure sql.conf for your MySQL setup, and create the radacct table
then add sql to the accounting section of your radius.conf. You should
then get the accounting in MySQL and in detail files.
I have setup PostgreSQL +
On Tue, 23 Dec 2003, JianBo Huang wrote:
> Hi,I want to configure a ldap filter in radius.conf.I want to pass the users
> who's attribute myServices=dail and other not passed,How can I configure?
That's really a basic ldap question
something like filter = "(&(myServices=dail)(uid=%{User-Name}))"
On Tue, 23 Dec 2003, Breuer Nicolas - BelCenter.com wrote:
>
> I have the same problem , i run ip pool and when the
> server do post auth, i have error 'Could'nt find pool name'..
You haven't set the Pool-Name attribute as described in radiusd.conf
>
> What can i do ?
>
> Nico
>
> Hi all, I
On Tue, 23 Dec 2003, [iso-8859-1] Andr?s de Barros wrote:
>
>
> dear all,
>
> I got message from my radius (freeradius-0.9.1), RedHat 8.0, like this :
>
> rlm_sqlcounter: coult not find check item value pair.
You haven't provided an attribute that will hold the maximum quota value.
Please read
Quoting Guy Fraser <[EMAIL PROTECTED]>:
> Go look a the specs at :
>
> http://www.dlink.com/products/?model=DWL-900AP%2b
>
> There is no indication that that AP supports authentication.
>
Since Late 2002, the firmware for the DWL-900AP+ does support 802.1x auth, good
luck getting it to work corre
Drew Weaver wrote:
Can you use MySQL for accounting only? And if so is there documentation?
-Drew
Yes, you can do accounting to MySQL and authentication with the users
file, LDAP or whatever else you want to. Documentation can be found
here: http://www.frontios.com/freeradius.html
Keith Yo
Does anyone know what the attrs for v.92 are? I've
looked through the dictionary files and I haven't found any attrs for
modem-on-hold-time and et cetera.
-Drew
Jeremy Davis wrote:
rock on, but doesn't StarOS just use dictionary.microsoft attributes?
Jeremy
Mostly, but there are 4 bandwith shaping attributes that aren't in
Microsoft's.
Keith Yoder
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks Alan
I downloaded the latest SNAPSHOT of openssl and did my configure parameters
to point to it. I now have a working EAP-TLS authenticator.
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 23, 2003 1:55 PM
To: [EMAIL PROTECTED]
Subject: Re:
Keith Yoder <[EMAIL PROTECTED]> wrote:
> I am attaching the dictionary file for Valemount Network's Star-OS - a
> wireless acess point. If someone is interested it could be included
> with the server distribution.
Added, thanks.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://w
rock on, but doesn't StarOS just use dictionary.microsoft attributes?
Jeremy
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Keith
Yoder
Sent: Tuesday, December 23, 2003 2:46 PM
To: [EMAIL PROTECTED]
Subject: Dictionary file for Star-OS
I am attaching the
"Cris Boisvert" <[EMAIL PROTECTED]> wrote:
> Is their a line I need to uncomment to make it use the mysql
> database other than the text file
Read 'radiusd.conf'
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Can you use MySQL for accounting only? And if so is there documentation?
-Drew
-Original Message-
From: Keith Yoder [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 23, 2003 2:40 PM
To: [EMAIL PROTECTED]
Subject: Re: Quick question about accounting.
If you were using mysql for account
"Huebel, Tony" <[EMAIL PROTECTED]> wrote:
> I read the howto's ...I have been reading them for the past 2 weeks! The
> only thing I see that I need to do to configure EAP-TLS is to edit the
> radiusd/src/modules/rlm_eap/types/rlm_eap_tls/Makefile .
Don't.
Grab the latest CVS snapshot, and do:
I have free radius running with the text base user file...
I'm trying to get it to recognise Mysql database for the users?
I have created the database and all the tables that freeradius requires and
put in the correct database config info in the sql.conf... Although it still
reads from the users
I am attaching the dictionary file for Valemount Network's Star-OS - a
wireless acess point. If someone is interested it could be included
with the server distribution.
Thanks,
Keith Yoder
#
# Valemount Networks Corporation specific radius attributes
# [EMAIL PROTECTED]
#
# Ve
I read the howto's ...I have been reading them for the past 2 weeks! The
only thing I see that I need to do to configure EAP-TLS is to edit the
radiusd/src/modules/rlm_eap/types/rlm_eap_tls/Makefile . I have done that
and it is pointing to my /usr/local/openssl dir. Beyond that I do not know.
I hav
If you were using mysql for accounting you could use the following query
to find the accounting record:
SELECT * FROM radius.radacct
WHERE FramedIPAddress = "xxx.xxx.xxx.xxx"
AND "2003-12-12 06:00:00" BETWEEN AcctStartTime AND AcctStartTime
Keith Yoder
Drew Weaver wrote:
Right but I need to be
Drew Weaver <[EMAIL PROTECTED]> wrote:
> Right but I need to be able to do this when an abuse report crosses my desk
> from a week ago that says Johnny-jackhole decided to spam 900 people on
> one of my dial-ups and I need to figure out who it was so I can throttle
> them.
SQL, or detail f
"Huebel, Tony" <[EMAIL PROTECTED]> wrote:
> I'm sorry but I am not sure what you mean build and install rlm_eap_tls
It's something the server needs to do EAP-TLS.
> What would the output have told me?
It would have told you that it's not building the module.
Read the EAP-TLS HOWTO's.
Alan DeKok wrote:
Brian Clarkson <[EMAIL PROTECTED]> wrote:
the EAP module returns 'updated', then the server tries to authenticate
via the 'Local' method,
then it looks like my solution is to remove ( or change ) these entries
in my database:
mysql> select * from radgroupcheck;
++-
Right but I need to be able to do this when an abuse report crosses my desk
from a week ago that says Johnny-jackhole decided to spam 900 people on
one of my dial-ups and I need to figure out who it was so I can throttle
them.
-Drew
-Original Message-
From: Alan DeKok [mailto:[EMAIL
I'm sorry but I am not sure what you mean build and install rlm_eap_tls
What would the output have told me? There is so much text that scrolls down
when running make and make install I only read if I see errors.
Tony
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent:
Drew Weaver <[EMAIL PROTECTED]> wrote:
> Hi, I'm authenticating from System and accounting to text files.
> Is there a way (a php script?) for me to find out what user was using an IP
> address at a specific time?
radwho, to see who's logged on, and then grep for the IP.
Alan DeKo
"Huebel, Tony" <[EMAIL PROTECTED]> wrote:
> rlm_eap: Loaded and initialized type leap
> rlm_eap: Failed to link EAP-Type/tls: file not found
> radiusd.conf[600]: eap: Module instantiation failed.
>
> I guess this is a radiusd.conf problem? I am not sure where to look for
> this.
So build & inst
Brian Clarkson <[EMAIL PROTECTED]> wrote:
> the EAP module returns 'updated', then the server tries to authenticate
> via the 'Local' method,
Which is what you told it to do. Don't tell it to do that.
I really don't understand what the problem is. The default
"radiusd.conf" shipped with th
I ran ./check-radiusd-config and got the following error that I assume is
the cause of all of these problems (I hope):
Module: Loaded eap
eap: default_eap_type = "tls"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initiali
Thank you for the reply Alan.
I did as you said with the ./configure parameters into a clean(empty)
/usr/local/radius directory. Now when I run my batch that looks like this:
#!/bin/sh -x
LD_LIBRARY_PATH=/usr/local/openssl/lib
LD_PRELOAD=/usr/local/openssl/lib/libcrypto.so
export LD_LIBRARY_PA
Alan DeKok wrote:
Brian Clarkson <[EMAIL PROTECTED]> wrote:
i'm still doing something wrong, as the client won't authenticate.
The debug logs SHOULD tell you what's going wrong.
all i have out of the debug log is the failed Local Auth.
the EAP module returns 'updated', then the server trie
Brian Clarkson <[EMAIL PROTECTED]> wrote:
> i'm still doing something wrong, as the client won't authenticate.
The debug logs SHOULD tell you what's going wrong.
> even the initial output from the RADIUS server says that 'no EAP Start'
> found. i just fired up the server fresh and powered up
Hi, I'm authenticating from System and accounting
to text files. Is there a way (a php script?) for me to find out what user was
using an IP address at a specific time?
Thanks,
-Drew
"Huebel, Tony" <[EMAIL PROTECTED]> wrote:
> I am trying to get EAP_TLS to run on my freeradius server and seem to be
> running into problems at every turn. I have RH 8.0. I installed openssl
> 0.9.7c into /usr/local/openssl
And you've got an older version of OpenSSL installed somewhere.
> and t
Thanks for the reply. I'll give that a try.
Is it possible to utilize Simultaneous-Use on this to limit the amount
of connections based on DNIS. Or is Simultaneous-Use dependent on
username alone?
> > Is it possible to proxy based on more than one DNIS?
>
> Yes. There's nothing special about
I sincerely hope
someone can help me out here because this is driving me
nuts.
I am trying to get
EAP_TLS to run on my freeradius server and seem to be running into problems at
every turn. I have RH 8.0. I installed openssl 0.9.7c into /usr/local/openssl
and then downloaded and installed
Alan DeKok wrote:
Brian Clarkson <[EMAIL PROTECTED]> wrote:
so either the WinXP supplicant isn't sending it *or* the NAS is
stripping it out for some reason? ( if i'm understanding correctly ).
I don't understand what you're getting at. The message the server
prints means nothing more than
Brian Clarkson <[EMAIL PROTECTED]> wrote:
> so either the WinXP supplicant isn't sending it *or* the NAS is
> stripping it out for some reason? ( if i'm understanding correctly ).
I don't understand what you're getting at. The message the server
prints means nothing more than it's in the midd
Alan DeKok wrote:
Brian Clarkson <[EMAIL PROTECTED]> wrote:
i didn't think it would be in the middle of the conversation. i just
was unclear as to which part of the conversation sent it. and why is
FreeRAD expecting to see it if it's not added by the AP/ NAS but
initiated by the client?
Be
Brian Clarkson <[EMAIL PROTECTED]> wrote:
> i didn't think it would be in the middle of the conversation. i just
> was unclear as to which part of the conversation sent it. and why is
> FreeRAD expecting to see it if it's not added by the AP/ NAS but
> initiated by the client?
Because the N
Jean-Paul Chapalain <[EMAIL PROTECTED]> wrote:
> I want authenticate a machine on Lan (Switch Cisco 2950).
> My radius server and my supplicant are linux box (redhat 7.3).
>
> The authentication is reject by radiusd.
The supplicant is doing something strange.
> Sending Access-Challenge of id 9
"Nathan Littlepage" <[EMAIL PROTECTED]> wrote:
> Is it possible to proxy based on more than one DNIS?
Yes. There's nothing special about DNIS.
> I've added the following as an example from my users file.
...
> DEFAULT Called-Station-Id == "1115550001", Proxy-To-Realm := "realm1"
> DEFAULT Call
Go look a the specs at :
http://www.dlink.com/products/?model=DWL-900AP%2b
There is no indication that that AP supports authentication.
Check out the DWL-7000AP :
http://www.dlink.com/products/?pid=14
It does support 802.1x {EAP} authentication, but is about USD $200 more
expensive.
You will
Alan DeKok wrote:
Brian Clarkson <[EMAIL PROTECTED]> wrote:
shouldn't the Access Point add the 'EAP-Start' to the message encoding?
No. The EAP Start is used only to signal the start of an EAP
conversation. It's not used in the middle of a conversation.
i didn't think it would be in the midd
"matt morris" <[EMAIL PROTECTED]> wrote:
> Hi, did anyone use Dlink DWL-900+ and have it working with Freeradius?
I don't see why not.
> I have Freeradius running fine (Tested with radtest and NTradPing), but
> Freeradius is not picking up any access-request from the Dlink DWL-900+ AP.
See
Roy Wills <[EMAIL PROTECTED]> wrote:
> I can see pam IS using pam_radius_auth to authenticate and DOES look
> to send info to the radius server. However I do not see any request
> come in to the radius server
See the FAQ.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freerad
Arindam Roy <[EMAIL PROTECTED]> wrote:
> Tell me another thing: Suppose I give "./configure --disable-shared "
> and all modules are linked static.
> In this scenario, when the macro " LTDL_SET_PRELOADED_SYMBOLS()" is
> called, all the symbols
> from the modules will be loaded in a specific arra
Brian Clarkson <[EMAIL PROTECTED]> wrote:
> -- this is the part that worries me:
>
>rlm_eap: EAP packet type response id 1 length 16
>rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
...
> shouldn't the Access Point add the 'EAP-Start' to the message encoding?
No. The
Hi, did anyone use Dlink DWL-900+ and have it working with Freeradius? I
have Freeradius running fine (Tested with radtest and NTradPing), but
Freeradius is not picking up any access-request from the Dlink DWL-900+ AP.
Are there anything special I need to setup in Freeradius and/or DWL-900+ to
I've posted recently a mail for "problems with EAP-MD5".
I've realized new tests with lastest version of xsupplicant, freeradius
and openssl :
xsupplicant version : 0.8b
freeradius version : 0.9.3
openssl version : 0.9.7c
I want authenticate a machine on Lan (Switch Cisco 2950).
My radiu
Is it possible to proxy based on more than one DNIS? I've added the
following as an example from my users file.
DEFAULT Called-Station-Id == "1115550001", Proxy-To-Realm := "realm1"
DEFAULT Called-Station-Id == "1115550002", Proxy-To-Realm := "realm2"
The first entry will authenticate correctly,
"Rohaizam Abu Bakar" <[EMAIL PROTECTED]> wrote:
> > why are you setting your auth type to LDAP when you want
> > CHAP authentication ?
>
> All user's info in LDAP.. that's why i set in DEFAULT entry
>
> DEFAULT Auth-Type := LDAP, Simultaneous-Use := 5
You are misunderstanding how the server wo
dear all,
I got message from my radius (freeradius-0.9.1), RedHat 8.0, like this :
rlm_sqlcounter: coult not find check item value pair.
any suggest for this case ?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dear all,
I got message from my radius (freeradius-0.9.1), RedHat 8.0, like this :
rlm_sqlcounter: coult not find check item value pair.
any suggest for this case ?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I'm running a Debian system, stable release, selectively upgraded
to some 'unstable' packages. Does anyone have prebuilt debs for
stable, so I don't have to load up all the dev packages to build
it from scratch?
Thanks,
Tim
--
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear Subscribers,
this questions is perhaps a little bit off-topic, but perhaps
someone can give me an answer. I am just pissed
of searching google (i searched for hours) and Lucent
Documents couldt give me the answer.
I am trying to mange callbacks
OK, i have setup pam_radius_auth on my freeBSD 5.X gateway to look at my freeradius
server. I can see pam IS using pam_radius_auth to
authenticate and DOES look to send info to the radius server. However I do not see any
request come in to the radius server and the
pam_radius_auth says that ALL
Error when i run IpPool..
Output debug
modcall[authenticate]: module "chap" returns ok for request 2
modcall: group Auth-Type returns ok for request 2
modcall: entering group post-auth for request 2
rlm_ippool: Could not find Pool-Name attribute.
modcall[post-auth]: module "main_pool" ret
--- Alan DeKok <[EMAIL PROTECTED]> wrote: >
=?iso-8859-1?q?Kiran?= <[EMAIL PROTECTED]> wrote:
> > I am using the following query for authorization
> and I
> > am getting the error 1064 from MySql (PARSE
> ERROR).
> > But when I am giving the same query replacing the
> > variables with values, I am
I have the same problem , i run ip pool and when the
server do post auth, i have error 'Could'nt find pool name'..
What can i do ?
Nico
Hi all, I have installed the Freeradius Server 0.9.3 with MySQL
on Redhat Linux 9. When I run the radiusd -XX, I am getting
below these errors. 1. MySQL
I'm trying to make a comparison between the behaviour of Linux Suse and
WindowsXP clients connected to the Freeradius Linux Redhat through a Cisco
3550 switch. What software I must download (for the two clients)?
Thanks!!!
(sorry for the English level)
Albert
-
List info/
I am tring to define a rule for example: jack can log in from RAS_A & RAS_B,
except for RAS_C.
and mary can only login from RAS_A. Can anyone help to figure out on how to
do ? Thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
65 matches
Mail list logo
