I can't get Freeradius working with TLS on a Debian Woody box.
- Debian Woody
- Freeradius-0.9.3 tarball
The radius server queries an openldap server. With start_tls = no
everything works perfectly well. With start_tls = yes I get (radiusd
-X):
[..]
ldap_get_conn: Got Id: 0
rlm_ldap: attempting
Anyone have any idea why authentication info would not be going into the
radius.log file?
put ../raddb/radiusd.conf parameters log_auth=yes, log_auth_badpass=yes,
log_auth_goodpass=yes if you need them. This three parameters are no by
default.
This logs are in
Dear
all:
I
had free radius server 0.9.3 running and every thing is going will, and the
Simultaneous-use is working fine, I defined the Simultaneous-use to be 1, but I
want to be allowed to skip simultaneous-use check when the radius request come
from a specific router.
Can
I do
Dear
all:
I
had free radius server 0.9.3 running and every thing is going will, and the
Simultaneous-use is working fine, I defined the Simultaneous-use to be 1, but I
want to be allowed to skip simultaneous-use check when the radius request come
from a specific router.
Can
I do that?
Dear all:
I had free radius server 0.9.3 running and every thing is going will, and
the Simultaneous-use is working fine, I defined the Simultaneous-use to be
1, but I want to be allowed to skip simultaneous-use check when the radius
request come from a specific router.
Can I do that?
Is it
Hello milver, i already test what you said. example for user X has a
session time of 10 hrs (43200 secs). After 1 month he/she update his/her
account then what i did add another 10 hrs, which will 43200 + 43200 =
session timeout. but as i said we have a client with constant username,
adding 10
Hi everybody,
I'm running Freeradius on my RedHat server. Which OUTPUT ports sholud I
leave open for freeradius?
For accounting i leave udp 1812-13 open in INPUT and OUTPUT, I receive
authentication requests but then my auth replies are blocked by firewall.
Any help on this?
thx
Gabriele
-
Original Message
From: Navid Sheik [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, April 26, 2004 10:42 PM
Subject: Re: Log problems
What arguments are you passing to radiusd?
Are you using daemontools to supervise the process? I've seen some
funny behaviour of logging
Original Message
From: Frédéric EVRARD [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, April 27, 2004 3:55 AM
Subject: Re: Log problems
Anyone have any idea why authentication info would not be going into
the radius.log file?
put ../raddb/radiusd.conf parameters log_auth=yes,
Hi everybody,
I'm running Freeradius on my RedHat server. Which OUTPUT ports sholud I
leave open for freeradius?
For accounting i leave udp 1812-13 open in INPUT and OUTPUT, I receive
authentication requests but then my auth replies are blocked by firewall.
Any help on this?
so unblock it,
Thank you for your replay, but I'm sorry to till you that I'm using mysql
for Simultaneous-use check not users file, can you help me with that?
Regards
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Keith
Yoder
Sent: Tuesday, April 27, 2004 12:47 PM
Hi everybody,
I'm running Freeradius on my RedHat server. Which OUTPUT ports sholud I
leave open for freeradius?
For accounting i leave udp 1812-13 open in INPUT and OUTPUT, I receive
authentication requests but then my auth replies are blocked by firewall.
Any help on this?
thx
Gabriele
Actually im using dialup admin for user account management, thanks very much
for reply, i really appreciate it. I have another idea what else if i have 2
database which update user accounting realtime, it is possible? i would
create 2 sql.conf in radius.conf. but i dont know what will be the
My nas is listening on 1812 /13 udp, in fact authentication requests are
received, but the replies are blocked by firewall, though these ports are
opened. When firewall is disabled everything works fine.
Thanks for every kind help
- Original Message -
From: Frédéric EVRARD [EMAIL
1) When the client doesn't respond, the AP will
dissassociate it 30 seconds after and end the
authentication procedure. During this time,
FreeRADIUS
is sleeping So, I would like to know if there is a
sort of garbage collector which frees unfinished
authentications ?
Yes.
Well,
Actually im using dialup admin for user account management, thanks very
much
for reply, i really appreciate it. I have another idea what else if i have
2
database which update user accounting realtime, it is possible? i would
create 2 sql.conf in radius.conf. but i dont know what will be the
My nas is listening on 1812 /13 udp, in fact authentication requests are
received, but the replies are blocked by firewall, though these ports are
opened. When firewall is disabled everything works fine.
you need to read firewall configuration to solve your problem.
reading the logs would
Hi
I have a requirement to use special characters in the username field.
When the user tries to log in with a * in the username it gets converted to
=2A before going off to the mysql database to check the username and then
obviously gets rejected as no such user. If I add another user with =2A
Hi everybody,
I'm running Freeradius on my RedHat server. Which OUTPUT
ports sholud I
leave open for freeradius?
Your _NAS_ picks the *source* port number for the request from the NAS to the RADIUS
server. There is no requirement that NAS's use 1812 as the *source* port for RADIUS
My nas is listening on 1812 /13 udp, in fact authentication
requests are
received,
Careful here. You are mixing up the NAS and the RADIUS server. The NAS is not
listening on 1812/1813, it is *sending* packets to UDP 1812/1813. The RADIUS server
*listens* on those ports for
On Tue, Apr 27, 2004 at 02:43:35PM +0100, Brent Geach wrote:
Hi
I have a requirement to use special characters in the username field.
When the user tries to log in with a * in the username it gets converted to
=2A before going off to the mysql database to check the username and then
obviously
Hi,
What firewall are you using?
I know with a linux firewall you could tell it to allow incomming traffic on ports 1812 1813 and related or established connections. This way replies to requests from your NAS are let through whatever port they come from.Julius IguguSouthWork Co. Ltd.234 (802)
Nick Marino [EMAIL PROTECTED] wrote:
Yes I have all those entries and always have along with -fyz -lstderr for
the command line of radiusd.
Don't pass command-line options to the server. The interaction of
command-line options with configuration file options is awkward.
Almost all
Hi I'm using CVS branch of freeradius for 802.1X(TTLS and PEAP) authentification.
I've successfully tested the 20040303 version (got somme troubles with
Ms-windows native client), bu I have segmentation fault with 20040426
and 20040427 version while binding my ldap server. the logs attached
[EMAIL PROTECTED] wrote:
Well, I would like to have further details:
See the source code.
The AP doesn't signal to the FreeRADIUS server that an
authentication has failed. Is there a timer which is
armed when a session is created ?
Yes.
And more generally,
how this garbage collector
Well, maybe tou are wrong. I just tried the new stateful configuration and
seems to work fine :)
- Original Message -
From: Alan DeKok [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, April 27, 2004 4:44 PM
Subject: Re: Open ports over firewall
Julius Igugu [EMAIL PROTECTED]
Hi guys.
Could anyone send me a working config for FreeRADIUS servrer
authenticating WinXP clients
with EAP-PEAP/EAP-MSCHAPv2.
Thanx
Paul
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[EMAIL PROTECTED] wrote:
http://perso.rd.francetelecom.fr/bersani/EAP_PSK/EAP-PSK.htm
We intend to publish the first EAP-PSK implementation
in the next weeks.
PLEASE fix the protocol. PLEASE PLEASE fix the protocol.
--
0 1 2 3
Hi
Thanks that works a treat by allowing the * as a safe char.
I would suggest it as a config option as this almost made me turn to gnu
radius as this has it already as an option.
Thanks again
Brent
On Tue, Apr 27, 2004 at 02:43:35PM +0100, Brent Geach wrote:
Hi
I have a requirement to use
[EMAIL PROTECTED] (Paul Hampson) wrote:
Hmm. Now I think about it, we could solve this problem finally by adding
a 'safe-chars' configuration variable to rlm_sql, and trust the local
admin to only have characters in the list that are locally safe...
That's the best thing.
The
Maybe u r right. Sometimes it works, sometimes it doesn't :-(
I'll try a static configuration again.
- Original Message -
From: Alan DeKok [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, April 27, 2004 4:44 PM
Subject: Re: Open ports over firewall
Julius Igugu [EMAIL PROTECTED]
Hi folks,
Currently I have a Cisco BAS terminating broadband customers. Most of
our customers would have their PPP connection terminate on the BAS, but
I would like to forward customers who specify a specific realm onto
another BAS for another ISP. My customers are authenitcated using
CHAP off
The NAS has the fake response off, so it is sending the packages. How
do I check if it is sending them? I want to have another reference.
Other thing. I put the sqlcounter stuff but I don't have any
sqlcounter.so or something like that on my lib. What do I have to do
to download it and put it
Thomas Bridge [EMAIL PROTECTED] wrote:
Currently I have a Cisco BAS terminating broadband customers. Most of
our customers would have their PPP connection terminate on the BAS, but
I would like to forward customers who specify a specific realm onto
another BAS for another ISP. My customers
Hi Alan,
Many thanks for your remark, I have transfered it to
the EAP-PSK design team and they should come back to
you by tomorrow after having studied the TTLS design
you suggest.
However, when you say If you want to convince people
to use your system, re-using existing code design is
[EMAIL PROTECTED] wrote:
Many thanks for your remark, I have transfered it to
the EAP-PSK design team and they should come back to
you by tomorrow after having studied the TTLS design
you suggest.
*Please* use the TTLS format. It's actually the Diameter format,
which has been around for ~6
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 27 Apr 2004 13:15:24 +0200
Gabriele D'Andrea - TNET S.p.A. [EMAIL PROTECTED] wrote:
Hi everybody,
I'm running Freeradius on my RedHat server. Which OUTPUT ports sholud I
leave open for freeradius?
For accounting i leave udp 1812-13 open
Original Message
From: Alan DeKok [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, April 27, 2004 9:52 AM
Subject: Re: Log problems
Nick Marino [EMAIL PROTECTED] wrote:
Yes I have all those entries and always have along with -fyz
-lstderr for the command line of radiusd.
Hi!
I've installed freeradius-snapshot-20040419 and I can't get past this problem:
Had sent TLV failure, rejecting
Bellow is the 'radiusd -X' log.
Thanks
--
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process
On Tue, 27 Apr 2004 10:47:58 -0400 , Alan DeKok writes:
Doug Hardie [EMAIL PROTECTED] wrote:
Why? What's so problematic about the Access-Rejects?
Because the NAS will not switch over to the alternate radius server
which is probably working properly.
Ok... so does the proxying
Alan DeKok wrote:
You're looking at the end of the debug log. The rest of the
information in it is useful, too. The error means a PREVIOUS part of
the conversation caused the reject.
The section of the log that shows the real error:
rlm_eap: processing type mschapv2
rlm_eap_mschapv2:
Has anyone successfully tested the new
mschap ntlm_auth code with EAP yet?
Steve
No, but I will be doing some testing real soon now... maybe tonight if
I feel up to it.
On Tue, 2004-04-27 at 17:09, Steve OBrien wrote:
Has anyone successfully tested the new mschap ntlm_auth code with EAP
yet?
Steve
--
--Mike
---
Michael Griego
Wireless
Original Message
From: Alan DeKok [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, April 27, 2004 9:52 AM
Subject: Re: Log problems
Nick Marino [EMAIL PROTECTED] wrote:
Yes I have all those entries and always have along with -fyz
-lstderr for the command line of radiusd.
Dear all:
Has any one try what I'm asking for, untill now I can't make it to work, any
one has any idea about this issue?
Regards
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of issa
rabba'
Sent: Tuesday, April 27, 2004 4:10 PM
To: [EMAIL PROTECTED]
45 matches
Mail list logo