Hi,
Novell is working towards making FreeRADIUS work with eDirectory.
This will allow eDirectory users to authenticate via FreeRADIUS.
regards
Sayantan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Thu, Sep 09, 2004 at 05:09:48PM +0200, [EMAIL PROTECTED] wrote:
Well, this exactly what I'd like to do: to build a one and to get it
working... But I need some help from developers. So who wants cooperate ?
Any help/hints are welcome
http://bugs.freeradius.org/show_bug.cgi?id=42
I was
hi there.
is there a freeradius script that gets statistics from a NAS besides from
radwho?
i would like create a script that gets whos connected on E1 #1 and E1 #2, is
that possible?
pls advise.
thanks,
milver nisay
-
List info/subscribe/unsubscribe? See
Hi guys,
Could you please check what is wrong with the eam or
eap sim?
I try to authenticate EAP SIM user, and wrore a
rlm_sim_map to replace rlm_sim_file.
I got the 3 triplets and add pair for 3 triplets.
But when I use eap_client with 802.1x AP, it fail
to authenticate my connection.
The
Hi group,
Is it possible to get FreeRadius to log Access-Reject
in the radpostauth sql table? Any hints are welcome.
\raymond
Dear Alan,
I defined the Class attribute as a string because when I store it in
mysql it does not store its ASCII representation.
Below there is the output generated by freeradius (debug mode) from
startup until it receives the Accounting Request containing the Class
attribute. (See at the bottom
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ol
On Thursday 09 September 2004 19:06, Hugo Sousa wrote:
My Windows 2000 domain is office.netsystems.pt. The user I'm using is
administrator.
Is this wrong?
ldap {
server = 192.168.2.1
identity =
sure, nothing is impossible. my sql.conf looks something like this:
# Allow for storing data after authentication
postauth_table = radpostauth
postauth_query = INSERT into ${postauth_table} (id, user, pass,
reply, date) values ('', '%{User-Name}',
Hi Michael + group,
Tanks! It works great now. I properly just need another cup of coffee...
\raymond
-Original Message-
From: Michael Markstaller [mailto:[EMAIL PROTECTED]
Sent: 10. september 2004 11:41
To: [EMAIL PROTECTED]
Subject: RE: Logging Access-Reject in SQL
sure, nothing is
On Fri, 10 Sep 2004, Paul Hampson wrote:
On Thu, Sep 09, 2004 at 05:09:48PM +0200, [EMAIL PROTECTED] wrote:
Well, this exactly what I'd like to do: to build a one and to get it
working... But I need some help from developers. So who wants cooperate ?
Any help/hints are welcome
Alan,
I searched and found the parameter Port-Limit, but
I'd say your NAS has problems, then.
I'll check the NAS and also the Access-Request packets.
Thank you for your help!
Markus
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sayantan Bhowmick [EMAIL PROTECTED] wrote:
Novell is working towards making FreeRADIUS work with eDirectory.
This will allow eDirectory users to authenticate via FreeRADIUS.
Does eDirectory do CHAP, MS-CHAP, or EAP?
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Title: dialupAccess attribute - access denied by default
Does anyone know why does this message dialupAccess attribute - access denied by default appears?
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in
Install windows 2000 support tools, if you don't have them installed
already. You'll have to check your server CDs or microsoft's website to
find them.
Once you have Windows 2000 Support Tools installed login to the AD machine
as the administrator. Then go to Control Panel, Administrative
Milver S. Nisay [EMAIL PROTECTED] wrote:
is there a freeradius script that gets statistics from a NAS besides from
radwho?
radwho doesn't get statistics from the NAS. It gets the statistics
from the radutmp file.
To query the NAS, see checkrad.
Alan DeKok.
-
List
Lopez, A. [EMAIL PROTECTED] wrote:
As I said, if I edit the file /etc/freeradius/dictionary with the line:
ATTRIBUTE Class 25 string
the Class attribute does not appear in the request as:
Class =3D 'whatever_string'
But instead:=20
/usr/lib (Unknown Type 779252325)
However, when I edit
On Fri, 10 Sep 2004, Hugo Sousa wrote:
Does anyone know why does this message dialupAccess attribute - access
denied by default appears?
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=office,dc=netsystems,dc=PT, with filter
Timolthy Keithy [EMAIL PROTECTED] wrote:
Are there any instruction, step-by-step on how to
build the RADIUS server for WPA and WPA2
(802.11a/b/g).
http://www.freeradius.org/doc/
And would there be possible to install the RADIUS
server separate from DHCP server? if yes, how to?
Problem solved. I downloaded LDAP browser from SOFTerra and saw all the info
that I need.
The correct is: CN=Administrator,CN=Users,DC=office,DC=netsystems,DC=pt
Regards,
Hugo Sousa
SysAdmin / NetworkAdmin
http://www.netsystems.pt
Portugal
-Original Message-
From: [EMAIL
On Fri, 10 Sep 2004 15:52:39 +0100
Hugo Sousa [EMAIL PROTECTED] wrote:
Does anyone know why does this message dialupAccess attribute - access
denied by default appears?
comment the line in radiusd.conf with access_attr
restart freeradius and see the message appears again.
Tiago Fernandes
ver. freeradius-0.7.1
I have been researching for a week or two and have come up blank.
I would like to create a group in /etc/group that the radius server will
recognize. This is for our VPN. The purpose being that if a user is in the
group they are allowed access to the VPN if not they can
Michael Gleissner [EMAIL PROTECTED] wrote:
ver. freeradius-0.7.1
Hmm... I suggest upgrading to 1.0.0.
I would like to create a group in /etc/group that the radius server will
recognize. This is for our VPN. The purpose being that if a user is in the
group they are allowed access to the
Title: rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
Continuing my quest to integrate freeradius with Active Directory here goes another problem!
Did anyone already had this problem?
rlm_ldap: - authorize
rlm_ldap: performing user authorization for hugo.sousa
radius_xlat:
[EMAIL PROTECTED] 9/9/2004 10:59:31 PM
Hi,
Novell is working towards making FreeRADIUS work with eDirectory.
This will allow eDirectory users to authenticate via FreeRADIUS.
regards
Sayantan
Hmm... We can do that already. Just use EAP-TTLS/PAP and have
freeradius authenticate via an LDAP
For the type of configuration you're trying to use (PEAP/EAP-MSCHAPv2
with Active Directory), you'll need to use the ntlm_auth hooks in the
mschap module.
--Mike
On Fri, 2004-09-10 at 11:12, Hugo Sousa wrote:
Continuing my quest to integrate freeradius with Active Directory
here goes another
Are you talking about this:
#ntlm_auth = /path/to/ntlm_auth --request-nt-key
--username=%{Stripped-User-Name:-%{User-Name:-None}}
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}
There is no other way to perform authentication on the Domain Controller ?
Hi,
I notice that in 1.0.0 the safe-characters configuration item in
postgresql.conf doesn't do anything. Or maybe I'm doing something wrong.
I added a comma, but the comma in the value of Wispr-Location-Name is
substituted by =2C in the radacct table.
This is what I have added in
On Fri, 10 Sep 2004, Thor Spruyt wrote:
Hi,
I notice that in 1.0.0 the safe-characters configuration item in
postgresql.conf doesn't do anything. Or maybe I'm doing something wrong.
I added a comma, but the comma in the value of Wispr-Location-Name is
substituted by =2C in the radacct
All,
I may have solved the problem below, but I
now think it has caused another.
When I first installed FreeRadius,
I noticed that my AP2000 units did not send the Account-Session-Time variable
back in the stop packets. I assume
that this is just a feature of the Orinoco APs to not
Kostas Kalevras wrote:
It should work in 1.0.0. What do you see in debug mode for the
safe-characters value?
This feature is independent of sql driver.
Huh... I was editing the configuration file of a server that doesn't do sql
accounting.
I now edited the correct configuration file and it
hi
Are there any instruction, step-by-step on how to
build the RADIUS server for WPA and WPA2
(802.11a/b/g).
yes, there are. today, it should work out of the box (well, there is
no box, but still).
the good news from the pov of the radius server is that all these things
you mentioned are
I apologize for asking this question but I havent been able to find
the answer in the FAQ's or anything on Freeradius. I am looking to
implement this for my college because the microsoft solution is kinda
ugly. I have two domains on my network, one for faculty/staff and the
other for students.
Brian Sumpter [EMAIL PROTECTED] wrote:
So I guess my question is now how do I get Account-Session-Times
when my NAS devices do not report this variable?
In general, if the NAS doesn't send information, you can't log it.
In this case, the server does have the time when it received the
start
Hugo Sousa [EMAIL PROTECTED] wrote:
Are you talking about this:
#ntlm_auth = /path/to/ntlm_auth --request-nt-key
--username=%{Stripped-User-Name:-%{User-Name:-None}}
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}
Yes.
There is no other way to perform
But if the domain controller uses LDAP, why do we have to use LDAP and after
that ntlm_auth ???
I just want to understand why.
Btw.. (I'm already compiling Samba to have nmbd, etc)
Regards,
Hugo Sousa
SysAdmin / NetworkAdmin
http://www.netsystems.pt
Portugal
-Original Message-
Ugur GUNCER [EMAIL PROTECTED] wrote:
I tried to get called number from Cisco-AVPair attribute
with
, '%{Cisco-AVPair}',
There are multiple Cisco-AVPair attributes in the packet, and 1.0.0
can only look at the first. In the current CVS snapshots, see
'doc/variables.txt' for how to refer
Hugo Sousa [EMAIL PROTECTED] wrote:
But if the domain controller uses LDAP, why do we have to use LDAP and after
that ntlm_auth ???
Because Active Directory isn't LDAP in the same way that other LDAP
servers are LDAP.
You can't get NT-Passwords from AD, you can get it from other LDAP
Ronald I. Nutter [EMAIL PROTECTED] wrote:
Is there a way I can have Freeradius authenticate
against one domain and if it fails, try the other ?
Not really. But you CAN see if a user exists in one domain, and if
not, check the other domain. Once you know the user exists, and what
his
Alan:
Thanks for the reply. Where can I found out more details on how to do
this ? Didn't see that much with the FAQ or readmes on the freeradius
web site.
Ron
Ron Nutter [EMAIL PROTECTED]
Network
I ended up using the huntgroups file to do this (i.e.):
Juniper-M-SeriesNAS-IP-Address == 10.1.1.20
User-Name = sally
Then in my users file:
DEFAULT Huntgroup-Name == Juniper-M-Series
Auth-Type := LDAP,
Fall-Through = No
Does that mean that I don't need to use the LDAP modules on FreeRadius and
use only the ntlm_auth? Is is enough?
Regards,
Hugo Sousa
SysAdmin / NetworkAdmin
http://www.netsystems.pt
Portugal
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan
Hugo Sousa [EMAIL PROTECTED] wrote:
Does that mean that I don't need to use the LDAP modules on FreeRadius and
use only the ntlm_auth? Is is enough?
That depends on what you're trying to do.
If you're not storing user information in LDAP, you don't need to
run LDAP.
Alan DeKok.
-
Ronald I. Nutter [EMAIL PROTECTED] wrote:
Thanks for the reply. Where can I found out more details on how to do
this ? Didn't see that much with the FAQ or readmes on the freeradius
web site.
There's no documentation describing how to configure the server for
your site. Instead, there's
I'm storing user information on the Windowze Active Directory, ONLY.
So, LDAP doesn't apply, right ???
Regards,
Hugo Sousa
SysAdmin / NetworkAdmin
http://www.netsystems.pt
Portugal
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent:
I'm installing FreeRadius version 1.0.0 and I've only used 0.9.3 with sql.
The new version has an additional table called nas. From what I read,
this can be used in place of the clients file (or clients.conf).
However, the table doesn't reference IP/DNS name of the client at all.
How does it
I know Alan responded to this already, but I'll inject some notes as
well.
On Fri, 2004-09-10 at 12:07, Brian Sumpter wrote:
When I first installed FreeRadius, I noticed that my AP2000 units did
not send the Account-Session-Time variable back in the stop packets.
I assume that this is just a
To simply answer your question, if you're not storing any sort of Access
Allowed/Denied attribute in AD (iow, all your users are allowed to auth
to RADIUS), and you're not pulling any supplemental check/reply RADIUS
attributes from LDAP, then no, you don't need the LDAP module. For what
you're
Michael Griego wrote:
This is indeed true of the screwed up RADIUS implementation on the
AP-2000s. They do not report session time with the
Account-Session-Time attribute. They expect you to calculate it
after-the-fact based on the Start and Stop packet times. Oh well,
it's doable.
This
Luckily I don't use this device :)
Yes, you are lucky.
You might consider reporting your issues to the manufacturer.
I've hounded them on actual problems in their RADIUS implementation
(Session-Timeout not working as advertised, etc) as well as other
problems with their products on numerous
I installed freeradius-0.9.1 to work with SER.
They gave a test example to add a user in users file
with following contents:
testAuth-Type := Digest, User-Password ==
test
Reply-Message = Hello, test with
digest
But when I run radius with radiusd -X, it gives
I see that in Oracle database tables, the nas table has ipaddr as a
field, but not in MySQL. Does this mean that MySQL's nas table is not
yet support in FreeRadius?
Dickon...
Dickon Newman wrote:
I'm installing FreeRadius version 1.0.0 and I've only used 0.9.3 with
sql.
The new version has
Michael Griego [EMAIL PROTECTED] wrote:
Anyway, any more discussion on this should be taken off list. I'd be
happy to talk to anyone about the specifics if they want to email me
directly.
File a bug report on bugs.freeradius.org. Include a short
description of features that have to be
jawad bokhari [EMAIL PROTECTED] wrote:
They gave a test example to add a user in users file
with following contents:
testAuth-Type := Digest, User-Password ==
test
Reply-Message = Hello, test with
digest
But when I run radius with radiusd -X, it gives
Sorry to bother everyone, but I think I've found a solution.
I added a field called ipaddr after shortname and radius debugging
said it loaded the client from the tables, but set the secret to be the
field port. So I removed the field type thus shifting all the
others up...and now the
Hi am trying to excecute a program before autentification so I could deny access if it
is on a callingstationnumber ban list on mysql..
But Script is not being Excecuting.. what seems the problem?
radiud.conf
exec test{
wait = yes
program = /usr/local/bin/php -f
All,
I appreciate the help everyone has provided on this. At least now I
know it isn't just me! I've been banging my head against a wall on this
one for a week and come to find out it's a problem with the AP's
themselves. Good stuff to know. :)
I've altered the accounting_stop_query in
On Fri, 2004-09-10 at 15:34, Brian Sumpter wrote:
Currently, I have the Authorization Lifetime set to 0 (disable), and the
Accounting Inactivity Timer set to 60 minutes. I'm not sure what would
be best for these settings. What do others find the most useful here?
See docs/misc-nas. If
Greetings,
I have a problem with FR1.0.0 and chap/pap.
Knowns:
FreeBSD 4.7-RELEASE
FreeRadius 1.0.0 (downloaded today, not CVS)
National dialup provider sending both PAP CHAP requests.
Problem:
I have 2 types of authentication... those in the users file (for chap and
locl
58 matches
Mail list logo