Hello everybody
A few weeks ago, I seeked advice in this mailinglist.
You were a great help to me and my colleagues.
Now, we finished our small work, to get a 802.1x UPN working with
Enterasys E1 Switches.
You can find the PDF file here:
http://www.allotria.ch/uploads/media/ISEC_8021x.pdf
Vidar Stokke wrote:
Alan DeKok wrote:
Vidar Stokke [EMAIL PROTECTED] wrote:
I'm having some trouble with freeradius-1.0.0-pre3 and TTLS.
...
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_tls: TLS 1.0 Alert [length 0002], fatal access_denied
TLS Alert
Hi!
For all of you, this is a little tool I make some time ago to test
RADIUS servers. It's in Python and it's easy to modify to your specific
needs.
It can read a snoop (solaris) or a tcpdump (linux) output directly
through a pipe or from a dumped file and show the packets and/or resend
them to
I'm reading the RFC2865 for RADIUS. In each radius packet seems to have a
code, an identifier, a length field, an authenticator field and some
attributes.The length field is 16-bit, but is it big-endian or
little-endian? If i receive the two bytes for the length as AB should I use
the value
Hello,
I'm searching for a solution to build a pretty way to
give access-accept, using an LDAP server.
In fact, I've found some way to do this, but, I would
like to use the better one (may be working on other
type of RADIUS server).
What I exactly need is, check some information on the
Hello ,
1. Problem with usage of eap-tls , certificate it is showing err - TLS 'bad
certificate' .
i followed all the steps necessary in last few days, tried all scripts available
to create certificate. hm hm but it gives same bad certificate problem after getting
the request.
2.
On Wed, 7 Jul 2004, [iso-8859-1] jeff x wrote:
Hello,
I'm searching for a solution to build a pretty way to
give access-accept, using an LDAP server.
In fact, I've found some way to do this, but, I would
like to use the better one (may be working on other
type of RADIUS server).
Hello,
I am working with an AP CN300, from Colubris Networks, FreeRadius (2004/03)
and XSupplicant-1.0.
I have the following problem: xsupplicant tries to authenticate, but it is
a little slow. The AP sends the EAP-Request, 10secs after it sends it
again, and other 10secs after
OK. I'm having a little problem confirming DynamicWEP usage on my
systems. I'm running FreeRadius1.0.0-pre2 on FedoraCore 2
Cisco AP352
Client card is the Cisco AIR352 on WinXP.
Everything works and authenticates as expected. However on the client
side the ACU (Aironet Client Utility)
Martin Olsson wrote:
The length field is 16-bit, but is it big-endian or little-endian? If
i receive the two bytes for the length as AB should I use the value
256*A+B or should I use the value A+B*256?
You can just convert your short int from host-byte-order to
network-byte-order using the
Hello,
I would like to set up following configuration:
I am trying to set up prepaid solution for dialup customers.
Some accounts in radius should be allowed to login (total time on line) for
60 minutes.
Some accounts in should be configured to login (total time on line) 30
minutes.
This time
Enabling syslog use with the very last 1.0 version is easy, but there is a small
mistake in the man page. Intead of :
-l logging directory
This defaults to /var/log. Radiusd writes a logfile here called
radius.log. It contains informational and error messages,
Hi all,
I have compiled freeradius-0.9.2.tar.gz with EAP-TLS
support. After configuartion of radius.conf file, when
I start the server it shows an Error message in the
log file .
Error: rlm_eap_tls: conf N ctx stored
I have looked on internet and found that this message
came in other log
It's possible, you'll have to increasing the Max-All-Session time to
recharge.
Otherwise just setup non-rechargable accounts, when exhausted they get
another account.
--- Bartosz Jozwiak [EMAIL PROTECTED] wrote:
Hello,
I would like to set up following configuration:
I am trying to set
It's not an error messsage, just a debugging message that I believe has
been removed from the 1.0.0-pre series releases.
--Mike
On Wed, 2004-07-07 at 09:28, Cool Man wrote:
Hi all,
I have compiled freeradius-0.9.2.tar.gz with EAP-TLS
support. After configuartion of radius.conf file, when
Just downloaded and tried the latest CVS snippet from dialup_admin.
I'm not using the http_credentials (#sql_use_http_credentials: yes) to
connect to the
radius database. Instead I use the same mySQL User as before. But dialup
admin does not show
one single record (f.e.: our radacct table has
On Wed, 7 Jul 2004, Stadler Karel wrote:
Just downloaded and tried the latest CVS snippet from dialup_admin.
I'm not using the http_credentials (#sql_use_http_credentials: yes) to
connect to the
radius database. Instead I use the same mySQL User as before. But dialup
admin does not show
=?iso-8859-1?Q?Alejandro_Mart=EDnez_Marcos?= [EMAIL PROTECTED] wrote:
I have the following problem: xsupplicant tries to
authenticate, but it is a little slow. The AP sends the EAP-Request,
10secs after it sends it again, and other 10secs after it sends an
EAP-Failure. When XSupplicant
Hello,
This is my first post to the list. I have looked in the help files, but
either I don't understand my own question properly or it is not listed.
I have installed freeradius-0.8.1 on a Mandrake Linux box. It runs
well. My question is regarding preventing simultaneous use. How do you
Ok I have managed to configure rlm_sqlcounter but I get
fallowing error while login:
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
modcall[authorize]: module noresetcounter returns noop for request 0
How I can fix it ?
I have seen it in
Did you set 'Session-Timeout := ???' for the account?
And did you follow the instructions in doc/rlm_sqlcounter?
--- Bartosz Jozwiak [EMAIL PROTECTED] wrote:
Ok I have managed to configure rlm_sqlcounter but I get
fallowing error while login:
rlm_sqlcounter: Entering module authorize code
Did you set 'Session-Timeout := ???' for the account?
I have tryed it just now with Session-Timeout and I have tryed without.
Still the same problem.
And did you follow the instructions in doc/rlm_sqlcounter?
Yes I have followed instructions from doc/rlm_sqlcounter.
I have searched
I have this setup using the flat files and sql and they both work. I
used 1.0.0pre3 on ReHat 9.0. What version of freeradius do you have?
--- Bartosz Jozwiak [EMAIL PROTECTED] wrote:
Did you set 'Session-Timeout := ???' for the account?
I have tryed it just now with Session-Timeout
Sorry, you don't set the Sessiun-Timeout, you set the Mas-All-Session,
the server calculates the session-timeout.
Do this:
INSERT into radcheck VALUES
('','test0001','Max-All-Session','54000',':=');
Where 'test0001' is the username and '54000' is the number of seconds
of total online time.
@Kostas Kalevras:
sql_debug is enabled. I see dialup admin can connect to mysql radius db.
Sometimes (Show Groups Button) it says. Returning 6 rows. But i don't
see any row returning.
While using the new CVS snippet, the only thing i did not upgrade is to
use the changed mysql scheme's. I saw
Yes I have set Max-All-Session to 60 seconds
in mysql radcheck.
I use 1.0.0pre3 on Debian (Woody)
Please could you provide me your configuration files so I can compare it.
It will be very heplful. Becuase I cannot find anything eals... :(
Bartosz
Sorry, you don't set the Sessiun-Timeout, you
raddb/sqlcounter.conf:
sqlcounter noresetcounter {
counter-name = Max-All-Session-Time
check-name = Max-All-Session
sqlmod-inst = sql
key = User-Name
reset = never
query = SELECT SUM(AcctSessionTime)
Hello Rinaldo-
I tried what you told me, and it did not help.
I'm looking at the log here, and see that it is building the TLS
connection, but it is not going to the next step, whatever that may be.
The XP machine just sits at Attempting to authenticate
If I do a packet dump, then I am able to
Ok I have found the problem.
Under
authorize {
noresetcounter
sql
. }
and it should be in different order
first sql and then noresetcounter.
Thank you very much for your help and time.
Reagrds,
Bartosz
- Original Message -
From: Julius Igugu [EMAIL PROTECTED]
To: [EMAIL
On Wed, 7 Jul 2004, Stadler Karel wrote:
@Kostas Kalevras:
sql_debug is enabled. I see dialup admin can connect to mysql radius db.
Sometimes (Show Groups Button) it says. Returning 6 rows. But i don't
see any row returning.
While using the new CVS snippet, the only thing i did not upgrade
Hi everybody,
My freeradius operate very well with an openldap directory
All ldap users stored in my basedn=ou=people,ou=personnels,dc=utt,dc=fr
can be authenticated.
I would like to add another basedn=ou=students,ou=personnels,dc=utt,dc=fr
BUT I don't want to give an access to all my tree
Be sure you have added the CA certificate into the trusted root store on
your windows machine. If you haven't, your PEAP conversation will stop
at this point (right after receiving the EAP-Identity response).
--Mike
On Wed, 2004-07-07 at 12:01, Mark Hoffer wrote:
Hello Rinaldo-
I tried
Hi Gary,
Does disabling the linksys wireless manager solve the problem? If so, sounds like the problem is with the supplicant side? Any experience with other supplicant?
I am not using the linksys card, what I have is a cisco 350 wireless card in a IBM T30 notebook.
- Yi
Gary McKinney [EMAIL
On Wed, Jul 07, 2004 at 09:00:00PM +0200, Arthur EBEL wrote:
Hi everybody,
My freeradius operate very well with an openldap directory
All ldap users stored in my basedn=ou=people,ou=personnels,dc=utt,dc=fr
can be authenticated.
I would like to add another
how about setting up 2 ldap modules?
ldap people {
...
}
ldap students {
...
}
Not sure if this would do it, just a suggestion.
On Wed, 7 Jul 2004, Alexander M. Pravking wrote:
On Wed, Jul 07, 2004 at 09:00:00PM +0200, Arthur EBEL wrote:
Hi everybody,
My freeradius operate very
Hi Yi,
When I installed the PCMCIA wireless network card software on my laptop the wireless
network card manager was installed along with the wireless network card drivers. I
had to disable the wireless network card manager so the Funk Software Odyssey
Supplicant would work properly (the
request from user user_1 to realm NULL
rlm_realm: Adding Realm = NULL
rlm_realm: Preparing to proxy authentication request to realm NULL
modcall[authorize]: module suffix returns updated for request 0
radius_xlat: '/var/log/radius//auth-detail-20040707'
rlm_detail: /var/log/radius/%{Client-IP
Htin Hlaing [EMAIL PROTECTED] wrote:
However, the behavior that I see is it first marks the host
from a totally unrelated realm as dead first and then the one that did
not answer as dead.
It's not a totally unrelated realm. It's a realm at the same IP
address and port.
The issue is that
No matter what I seem to try and configure I always get the error message:
Attribute User-Password is required for authentication
I have tried rlm_unix, rlm_pam, rlm_ldap, rlm_eap_leap always with the same
result.
The only thing that does work is if I put a user in the users file
specifying
Tony Sciortino [EMAIL PROTECTED] wrote:
No matter what I seem to try and configure I always get the error message:
Attribute User-Password is required for authentication
I have tried rlm_unix, rlm_pam, rlm_ldap, rlm_eap_leap always with the same
result.
rlm_unix, rlm_pam, and rlm_ldap
Thanks for that info Alan. That makes sense. Also, what I was looking
for is that the second server set up will be tried automatically as the
first one is marked death. But, it returns access-reject and the client
has to initiate authentication again while the first one is marked dead
for the
Hello, i'm Maria Bezaida
and i'm going to implement EAP/TLS with Xsupplicant and Windows XP. What version of FreeRadius and Openssl do you recommend me to a correct implementation.
Can you tell me if there is a good manual or somethig that help me in the implementation?
And how can i
]: module preprocess returns ok for request 39
radius_xlat:
'/home/hhlaing/Install/radius-June-21-configs/log/radius/radacct/192.168.10.118/auth-detail-20040707'
rlm_detail:
/home/hhlaing/Install/radius-June-21-configs/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/home/hhlaing
Mark Coccimiglio wrote:
OK. I'm having a little problem confirming DynamicWEP usage on my
systems. I'm running FreeRadius1.0.0-pre2 on FedoraCore 2
Cisco AP352
Client card is the Cisco AIR352 on WinXP.
Everything works and authenticates as expected. However on the client
side the ACU
44 matches
Mail list logo
