Hello all,
Sorry for the bandwidth. but cudn't see a better place to post this query.
I'm using the freeradius server for EAP-TLS based authentication. The setup
is working fine.
However I have a query wrt one of the handshake messages.
In EAP-TLS rfc ,when the server sends the Handshake finish
- Original Message -
From: "Yyc" <[EMAIL PROTECTED]>
To: "Post" <[EMAIL PROTECTED]>
Sent: Friday, July 30, 2004 5:14 AM
Subject: where i can get radius config information?
> hello,
> where i can get some information about how to config freeradius with
special device?
> for example, i wil
On Thu, Jul 29, 2004 at 07:16:49PM -0400, Alan DeKok wrote:
> Dave Mussulman <[EMAIL PROTECTED]> wrote:
> > Okay, I've done that. My authorize section looks like:
> >
> > authorize {
> >
> > preprocess
> > group {
> > files
> > #sql
> > mschap
> >
hello,
where i can get some information about how to config freeradius with special
device?
for example, i will config 2 radius server, one for authentication, the other
for accouting
Regard
Yyc
-
List info/subscribe/unsubscribe? See http://www.freeradi
I did some more poking around and finally found some threads on
using rewrite_attr to rewrite usernames to include a realm.
Unfortunately, this is not scalable enough for our needs. We will
have several thousand users, and I hate to image what the ardiusd.conf
file will look like if most
"Steve Hutchison" <[EMAIL PROTECTED]> wrote:
> I am looking for help on understanding Attribute 26 and how to compile
> and utilize this attribue.
http://www.freeradius.org/rfc/attributes.html
See "Vendor-Specific".
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius
Dave Mussulman <[EMAIL PROTECTED]> wrote:
> Okay, I've done that. My authorize section looks like:
>
> authorize {
>
> preprocess
> group {
> files
> #sql
> mschap
> chap
> }
> eap
The "group" is pretty much meani
hi
actually, the WISPr BP by the Wi-Fi Alliance is not a standard, it's
explicitly marked as non-normative of any kind and called "best practice
for WISP roaming".
since Wi-Fi alliance still considers 802.1X as not wide-spread enough,
they did not include it in their current recommendations but
I am looking for help on understanding Attribute 26 and how to compile and utilize
this attribue.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi
But will PAP be supported by supplicants running on Windows and Mac OS-X ?
If you are going to use EAP-TTLS you must use the SecureW2 client since windows
do not support EAP-TTLS. SecureW2 supports PAP so you should be fine. I have no
idea about MacOS X though since it's a unix flavor maybe Xs
I actually mean roaming between WISPs, like GSM roaming.
I don't understand why they have called AP handover also roaming, it always
confuses people :)
- Original Message -
From: "Adam Shelley" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, July 29, 2004 10:21 PM
Subject: Re:
Thor Spruyt wrote:
Hi all,
Anybody going crazy with WLAN roaming implementations? I am!
do you mean crossing accesspoints without having to reauthenticate?
cisco has a fastreconnect which isn't very well supported. we ended up
setting up access points as repeaters which doesn't give very good ran
Hi all,
Anybody going crazy with WLAN roaming implementations? I am!
The Wispr standard has not been adopted at all... not surprisingly since
it's too limited.
Does anybody know if there's a better WLAN romaing standard under
development?
Regards,
Thor.
-
List info/subscribe/unsubscribe? See
Hi,
I have serveral radius servers that will be receiving only accounting
data from a remote radius server. The remote radius server will
not be sending realm information. I am trying to use attr_rewrite
to add a realm to the username when the accounting data comes from
that specific server.
I
On Wed, Jul 28, 2004 at 06:06:02PM -0400, Alan DeKok wrote:
> Dave Mussulman <[EMAIL PROTECTED]> wrote:
> > Thanks for the pointer. Knock on wood, I think I have things working.
> > This project is really amazing, and it's gotten really easy to setup
> > EAP. That's a big credit to its maintainer
> Apache also dies when it hits the 2GB limit for a log file, so maybe it is
> an unwritten FS limit?
No, your Apache is not compiled with large files support (LSB). If you
compile your own Apache ./configure it like this (if I remember corectly):
CFLAGS='-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=6
On Thu, 29 Jul 2004, Willey Kurt D wrote:
> >>On Wed, 28 Jul 2004, Willey Kurt D wrote:
> >> I have FreeRADIUS (1.0.0-pre2) doing user authentication with W2K AD
> >> (peap, mschap, ldap, ntlm_auth); thanks to the archived posts for the
> >> help!!
> >>
> >> I want to use user authentication for n
On Tue, 27 Jul 2004, Edgars wrote:
> Hi!
>
> i wan to put in a specific PostgreSQL table the NAS-IP-Address when some
> user are trying to connect to it. How to do it? Should i change
> authorize_reply_query or should i write a new one in postgresql.conf file?
> Thanx in advance!
You could use th
Kostas Kalevras wrote:
On Wed, 28 Jul 2004, Ken A wrote:
Edgars wrote:
i am writing my own program to get them in human-readable form:)
Edgars
Yep. I made some changes that make it easier for me to start from
scratch with a language I'm more familiar with (perl) than to modify
dialupadmin to do
Hello,
What format of the date is accepted in "expiration" date of the account?
Is it only for example: 5 Jun 2004 ? Or is something else allowed?
bartosz
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Thu, 29 Jul 2004, Christophe Boyanique wrote:
> Hello,
>
> I want to secure a wireless network (operated with Cisco Aironet 1200
> aps) via freeradius connected to an OpenLDAP server; with clients
> running Windows 2000, Windows XP and Mac OS-X (>= 10.2).
>
> I saw that EAP-MD5 is no recommende
Hello,
I want to secure a wireless network (operated with Cisco Aironet 1200
aps) via freeradius connected to an OpenLDAP server; with clients
running Windows 2000, Windows XP and Mac OS-X (>= 10.2).
I saw that EAP-MD5 is no recommended (and not supported by Windows XP
since SP1).
EAP-TLS is not a
>>On Wed, 28 Jul 2004, Willey Kurt D wrote:
>> I have FreeRADIUS (1.0.0-pre2) doing user authentication with W2K AD
>> (peap, mschap, ldap, ntlm_auth); thanks to the archived posts for the
>> help!!
>>
>> I want to use user authentication for non-domain machines (students,
>> home laptops, etc - do
Karina <[EMAIL PROTECTED]> wrote:
> Hi, i want to restrict users to just one session, but i have this problem..
>
> When i debug the requests of the NAS to the radius server i find this:
>
> rlm_radutmp: No NAS-Port seen. Cannot do anything.
> rlm_radutmp: WARNING: checkrad will probably not work
Kostas Kalevras <[EMAIL PROTECTED]> wrote:
> You could use the expr module to calculate the correct value for
> Acct-Input-Octets and Acct-Output-Octets. Probably something like:
>
> %{expr: %{Acct-Input-Octets} + 1024*1024*1024*4*%{Acct-Input-Gigawords:-0}}
rlm_expr handles 32-bit numbers only
Yes, the Simtaneous-Use attribute isn't set actually. I actually fixed this
by switching the way the sessions are stored from radutmp to sql .. Works
fine now incidentally. Not sure if that's just because the session table is
clear tho
Russell.
On Thu, 29 Jul 2004, Russell Brenner wrote:
>
Kostas wrote:
>
>Recompile freeradius. In configure pass the option --with-large-files (by
>default it's not set).
>
I got hand rolled and Debian package freeradius servers , so I could
do that. Though for maintainability reasons I prefer packages whenever
possible. And in the end a silent deat
On Thu, 29 Jul 2004, Christian Balzer wrote:
>
> Hello,
>
> the subject says it all and pretty much also sums up how I searched
> the archive to see if this was previously reported. If it escaped
> my search, sorry.
>
> This is Debian Sarge, thus freeradius 0.9.3.
>
> When the radwtmp file reaches
Apache also dies when it hits the 2GB limit for a log file, so maybe it is
an unwritten FS limit?
-Drew
-Original Message-
From: Christian Balzer [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 29, 2004 9:11 AM
To: [EMAIL PROTECTED]
Subject: radwtmp 2GB file size limit
Hello,
the subje
Hello,
the subject says it all and pretty much also sums up how I searched
the archive to see if this was previously reported. If it escaped
my search, sorry.
This is Debian Sarge, thus freeradius 0.9.3.
When the radwtmp file reaches 2GB freeradius dies w/o any trace in
the logs, so it took me
On Thu, 29 Jul 2004, Costas Christonis wrote:
> Hi to all,
> we use freeradius 0.9 running on a linux box.
>
> After a system crash (the one with the mysql database) we have problem
> with the accounting. When we start the raedius it connects on the
> database but we have no record and in the log
On Wed, 28 Jul 2004, Edgars wrote:
> i am writing my own program to get them in human-readable form:)
>
> Edgars
>
> Ken A wrote:
>
> > Those of you that use mysql with freeradius, can anyone recommend some
> > software for linux to process mysql radacct table logs?
dialupadmin has a user statist
On Wed, 28 Jul 2004, Willey Kurt D wrote:
> I have FreeRADIUS (1.0.0-pre2) doing user authentication with W2K AD
> (peap, mschap, ldap, ntlm_auth); thanks to the archived posts for the
> help!!
>
> I want to use user authentication for non-domain machines (students,
> home laptops, etc - done) and
On Thu, 29 Jul 2004, Russell Brenner wrote:
> Hi guys,
>
> Having an odd problem, I don't have simultaneous use integrated yet but when
> a user already has a active session (not neccessairly and active L2TP
> session, but freeradius just doesn't have a stop record for them) and they
> are using a
On Wed, 28 Jul 2004, Jorge Cuevas wrote:
> Hello,
>
> I have accounting of aprox. 5000 concurrent calls, and I am storing only
> stop accounting packets in Mysql.
> Does anybody have any good recommendations on the tuning of mysql and
> freeradius?
See doc/tuning_guide
Make sure that the queries
On Wed, 28 Jul 2004, Nikolas Geyer wrote:
> Add this to your Cisco config
>
> aaa accounting update periodic 5
>
> And that should send updates every 5 minutes. Also make sure you enable
> gigawords or else any usage over 4GB will reset to 0 and wont count
> properly. We had to make a small modifi
On Thu, 29 Jul 2004, Motovilov A.V. wrote:
> furlfo> Message: 10
> furlfo> From: "Alan DeKok" <[EMAIL PROTECTED]>
> furlfo> To: [EMAIL PROTECTED]
> furlfo> Subject: Re: Realms & FreeRadius & Callback.
> furlfo> Date: Wed, 28 Jul 2004 12:54:54 -0400
> furlfo> Reply-To: [EMAIL PROTECTED]
> furlfo>
>
On Wed, 28 Jul 2004, Ken A wrote:
>
>
> Edgars wrote:
> > i am writing my own program to get them in human-readable form:)
> >
> > Edgars
>
>
> Yep. I made some changes that make it easier for me to start from
> scratch with a language I'm more familiar with (perl) than to modify
> dialupadmin to
> Hello,
>
> It's not specially a question about freeradius but for
> for experts like you in 802.1x ;)
>
> I read this document http://www.cs.umd.edu/~waa/1x.pdf
> It said that 802.1x has a flaw : man in the middle attack
> Does it true or is the document deprecated ?
>
> I have another question :
http://www.missl.cs.umd.edu/wireless/eaptls/
http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm
http://www.freeradius.org/doc/EAPTLS.pdf
Try google search, there's many other HOWTO
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
this is the output of the debug mode...
rlm_sql_mysql: MYSQL check_error: 1062 received
rlm_sql: Couldn't insert SQL accounting STOP record - Duplicate entry '2336002' for
key 1
rlm_sql (sql): Released sql socket id: 3
modcall[accounting]: module "sql" returns fail
modcall: group accounting re
CC> Hi to all,
CC> we use freeradius 0.9 running on a linux box.
CC> After a system crash (the one with the mysql database) we have problem
CC> with the accounting. When we start the raedius it connects on the
CC> database but we have no record and in the log file we have always
CC> these errors:
Hi to all,
we use freeradius 0.9 running on a linux box.
After a system crash (the one with the mysql database) we have problem
with the accounting. When we start the raedius it connects on the
database but we have no record and in the log file we have always
these errors:
Error: rlm_sql (sql):
43 matches
Mail list logo