Dear All
I followed the documentation 802.1X Port Based Authentication HOWTO and
the related documents. I am using Mac OS X as to run my freeRADIUS 1.0.1.
Everything works fine except for the authentication. The client is Win2K.
Nothing seems to work for me.
radiusd.conf
-
msch
Hi, thanks for the help. The following is the procedure to install in
Solaris 2.6
1.- Install (or check) the following packets:
expat
libiconv
gdbm
openssl
apache
libpcap
tcpdump
libnet
zlib
ncurses
mysql
2.- Run:
./configure
3.- Edit the src/include/autoconf.h file
4.- Comment the following l
>> James,
>>
>> We have gotten LEAP to work with Cisco access points. My last posting
>> on the subject might help if you haven't gotten there yet...
>>
>
>>
>> However, we have not been able to get LEAP for Cisco's WDS worked out.
>> All of the access points in the group authenticate successfully
Hi,
Is it a contract position? Which OS are you running
on?
Thanks.
Kafui Amedzekor.
--- Gaziz Nugmanov <[EMAIL PROTECTED]> wrote:
> Hello freeradius-users,
>
> Sorry for non-technical quick question.
>
> My employer needs to find a reliable company
> that can support mod_auth_radius in o
Dear List,
I'm using freeRadius 0.9.3.
In the default block of users file,
Exec-Program-Wait = "/usr/local/iradius/radplug -t auth"
USR-Framed_IP_Address_Pool_Name = "ippool"
In some cases, my program is returning,
USR-Framed_IP_Address_Pool_Name := "unreg"
The 'man 5 users' says, it will overw
Hello freeradius-users,
Sorry for non-technical quick question.
My employer needs to find a reliable company
that can support mod_auth_radius in our apache 1.3 proxy
environment. We are located in Toronto.
--
Best regards,
Gaziz Nugmanov
-
List info/subscribe/unsubscribe? See http://ww
Title: Proxy requests
Hi all,
I have 3 computers.
Computer 1 - Realm A
Computer 2 - PROXY
Computer 3 - Realm B
What should I place in the proxy.conf of computer 1 and computer 2 ???
The goal is to kick the request to the proxy whenver it's need.
The PROXY is only machine th
Does anyone have the module( or get one like it) listed in this thread?
http://lists.cistron.nl/pipermail/freeradius-devel/2002-October/003675.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello for all!
Right now, I've installed a freeradius with postgres support. I have got
some (5) cisco aironet access points, and want to authenticate the
clients from database, and account their total traffic also to the
postgres. Could anybody help to me with sample configfiles or anything
else,
that might already be answered, but googling hasn't found me the magic.
I have redundant RADIUS server frontend boxes with slaved MySQL databases.
I would like:
Read auth* data from
Write accounting data to
and I can't find the magic yet.
Anyone wanna wack me with a clue?
--
<[EMAIL PROTECTED]> wrote:
> Is there a way to access the value of an integer attribute rather
> than the dictionary (string) translated value ?
Not really. Editing the dictionaries is the simplest way to do that.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
Hi,
What type of do you use ?
-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de
[EMAIL PROTECTED]
Envoyé : vendredi 8 octobre 2004 15:57
À : [EMAIL PROTECTED]
Objet : Problems with counter module
Hi all,
I need help with counter module. I'd like to allo
Hi,
I've read from previous discussions that a module can be used to change
the format of the FreeRADIUS logs. In particular, I'd like to add
replies from 802.1x authenticator switches like HP 2650 which have vlan
id's, port, and other information. I hear this is possible with a
module that can
Hello everyone,
I would like to connect to my private network with ip
address depend on "login/mot_de_passe" by internet
(RTC) with :
1/ The vpn client 4.02 (win2k) with the Group
Authentification "group3000" and pre-shared key
"grouppass"
| client vpn | -> | Router Cisco 837 | ->|
fr
Hello,
does anyone knows how can i change the Reply-Message that i
get with another RAD_REPLY when the user is rejected because
Simultaneous-Use = 1?
thanks.
Kyriaki Gali,IT Applications SpecialistKinetix
Tele.com Support Center,Tel & Fax: +30 2310 256140GSM: +30 6947
723737h
hello,
Is there a way to access the value of an integer attribute rather
than the dictionary (string) translated value ?
I have the following problem:
In the dictionary file I have:
ATTRIBUTE Service-Type6 integer
VALUE Service-TypeSi
> Does this affect the users ability to log in?
No but still I have to reconnect the XP(SP2) PC..
I dont know if is a client problem or maybe Im loosing something on the
radius conf.
Let me know if need more debug log
tnx again 4 help
Vito
-
List info/subscribe/unsubscribe? See http://www.fr
Hi,
Just some suggestions:
1) use plain text mail
2) split up your problem in several parts (e.g. the mysql part and the Cisco
part)
For the Cisco part, reading the Cisco manuals might help
For the Mysql part, reading documentation and configuration files might help
(e.g. /etc/raddb/sql.conf and
Dear list:
This is my first experience with freeradius.
I installed freeradius-1.0.1.tar.gz
into a Red Hat box 7.3 (it is
old but I don´t have other option), however radius server is running OK.
This week I worked with PPP basic authentication and authorization options
working clients and user fl
"Christopher Price" <[EMAIL PROTECTED]> wrote:
> Here is the full output after I uncommented the tls and peap sections in
> eap.conf. I still seems to have a problem
Ok
> Module: Loaded eap
> eap: default_eap_type = md5
So... are you using PEAP or not?
> rlm_eap: processing type m
=?iso-8859-1?Q?=D8ystein_G=E5sdal?= <[EMAIL PROTECTED]> wrote:
> I still can't get this to work...
> After configuring samba, I get ntlm_auth to work manually:
Ok...
> But it still does not work via radius:
Yup.
> I can't figure out what's wrong
Look at the arguments to the two ntlm_auth
Here is the full output after I uncommented the tls and peap sections in eap.conf. I still seems to have a problem
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file:
AJ Grinnell <[EMAIL PROTECTED]> wrote:
> I am still having trouble finding a way to reject users who do not use
> a realm. Googleing and man pages havent shown me anything yet. Any
> ideas?
#---
DEFAULT Realm == NULL, Auth-Type := Reject
#---
That should do it, I think.
Or,
#---
DEFAULT Us
--On Friday, October 08, 2004 10:41:34 -0400 Alan DeKok <[EMAIL PROTECTED]>
wrote:
Josh Howlett <[EMAIL PROTECTED]> wrote:
I've done that too - and there's no record of the incoming RADIUS
transaction, yet the NAS sees it!
Run tcpdump on the network. I'd bet that the packets are going to a
diff
"Christopher Price" <[EMAIL PROTECTED]> wrote:
> I was told to change as little as possible in the configuration files
> and PEAP/MSCHAPv2 using Microsoft's 802.1x client with and LDAP backend
> DB would work fine. This is not the case and I would appreciate any
> suggestions on what to modify to m
I am still having trouble finding a way to reject users who do not use
a realm. Googleing and man pages havent shown me anything yet. Any
ideas?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[EMAIL PROTECTED] wrote:
> Wat I want to achive - I want to have user authentication LDAP server with
> ntpassord/lmpassword for PEAP-MSCHAPv2 and have MD5 userpassword attribute
> in LDAP for all the other authentication services we want to provide (vpn
> dialin , etc ... )
That should work.
>
"atul dhingra" <[EMAIL PROTECTED]> wrote:
> I am facing a segmentation fault error while using following snapshots for
> openssl and freeradius
>
> openssl-0.9.6-stable-SNAP-20041002
Use 0.9.7b or later.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/us
Josh Howlett <[EMAIL PROTECTED]> wrote:
> I've done that too - and there's no record of the incoming RADIUS
> transaction, yet the NAS sees it!
Run tcpdump on the network. I'd bet that the packets are going to a
different IP and/or port.
If the packets aren't seen in the debug log or in the
"Roberto Belletti" <[EMAIL PROTECTED]> wrote:
> I have an authentication problem with my FreeRadius server running on a
> Linux RedHat 9.0b server.
> I tired with FreeRadius v1.0 and v1.0.1 with the same result.
>
> An authentication request is send from a Cisco AS5350 Router and sometimes
> it fa
"Vito Pascali" <[EMAIL PROTECTED]> wrote:
> Hi all,
> are 2 days that my XP clients after a while disconnect the connection
> (PEAP/TLS) and in the log I have:
>
> Thu Oct 7 19:20:27 2004 : Info: rlm_eap_tls: Length Included
>
> Thu Oct 7 19:20:27 2004 : Error: TLS_accept:error in SSLv3 read clie
Christoph Litauer <[EMAIL PROTECTED]> wrote:
> I want to use realm ntdomin, but had no success so far. Debug output
> always says:
> modcall[authorize]: module "ntdomain" returns noop for request 47
OK
> rlm_realm: Looking up realm "LAPLITAUER" for User-Name =
> "LAPLITAUER\litauer"
"Tarun Bhushan" <[EMAIL PROTECTED]> wrote:
> I see your point. However, how does FR select which instance needs to
> handle this request right at the start of handling the request?
I'm not sure what you mean. The various sections are processed in
order, from top to bottom, so any decision to ma
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of M.Cerqui - PUBLISHERIA
> Sent: Friday, October 08, 2004 8:01 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Freeradius, Cisco Catalyst 2950, Windwos Domain
>
>
> My goal is, that the windows supplicant
I still can't get this to work...
After configuring samba, I get ntlm_auth to work manually:
[EMAIL PROTECTED] raddb]# ntlm_auth --username=og4 --request-nt-key
--domain=AALESUND
password:
NT_STATUS_OK: Success (0x0)
But it still does not work via radius:
Exec-Program: /usr/bin/ntlm_auth --requ
Hi all,
I need help with counter module. I'd like to allow internet connection for
1 hour.
users file:
Pablo Auth-Type := Local, Max-Daily-Session := 3600, User-Password == "Pablo",
NAS-IP-Address = "192.168.0.135"
Service-Type = Framed-User,
Session-Timeout := 3600,
Fram
I was told to change as little as possible in the configuration files and PEAP/MSCHAPv2 using Microsoft's 802.1x client with and LDAP backend DB would work fine. This is not the case and I would appreciate any suggestions on what to modify to make this work. The only portion of th
Here my 2950 configuration:
usts01# configure terminal
<>usts01(config)# aaa new-model
usts01(config)# aaa authentication
dot1x default group radius <>
usts01(config)# dot1x
system-auth-control
<>
usts01(config)# aaa authorization
network default group radius
<>
usts01(config)# interface
On Thu, 7 Oct 2004, EROS wrote:
> Hi,
>
> How changing the Reply-Message when a user reach the max-monthly-limit
> of his account ?
>
>
> now I have this message from the radius :
>
> Sending Access-Reject of id 22 to 192.168.200.101:1482
> Reply-Message = "Your maximum monthly usage time
On Thu, 7 Oct 2004, phorced access wrote:
> How would I go about doing that?
src/modules/rlm_ldap/rlm_ldap.c
>
> On Thu, 7 Oct 2004 09:29:17 +0300 (EEST), Kostas Kalevras
> <[EMAIL PROTECTED]> wrote:
> >
> >
> > On Wed, 6 Oct 2004, phorced access wrote:
> >
> > > Since I have multiple LDAP serve
On Fri, 8 Oct 2004 [EMAIL PROTECTED] wrote:
> Hi all,
>
> I searched archives and most of doc directoy of freeradius, but couldn`t
> find the answer.
>
> Wat I want to achive - I want to have user authentication LDAP server with
> ntpassord/lmpassword for PEAP-MSCHAPv2 and have MD5 userpassword at
Hi all,
I searched archives and most of doc directoy of freeradius, but couldn`t
find the answer.
Wat I want to achive - I want to have user authentication LDAP server with
ntpassord/lmpassword for PEAP-MSCHAPv2 and have MD5 userpassword attribute
in LDAP for all the other authentication services
The WindowsXP supplicant works for
me...kinda.
It sends requests via my 2950, but i still can't logon, but
I guess that has something to do with the configuration on the radius
server.
In Network Connections -> ->
Authentication, it says something like this.
Enable IEEE 802.1x etc. is m
Title: Message
sorry, but i send yesterday a mail that informed the list that
i have problem again..
Anyway, in radgroupcheck table i have a line
group-Simultaneous-Use- := 1
and in sql.conf i have changed the simul_count_query
query to see groups and no users..
Try it and tell me if go
Hi All,
I am facing a segmentation fault error while using following snapshots for
openssl and freeradius
openssl-0.9.6-stable-SNAP-20041002
freeradius-snapshot-20041006
Attched is the logs in debug mode of freeradius
Thanks much in advance
AD
Hi Øystein
Thanks for your help. I have the Calatlyst already configured like this
and even when I turn on the "debug radius" option on the catalyst there
is no output before a successful login :-( I now have tried the Aegis
Client as Supplicant on Windows and with this supplicant authenticati
If nothing shows in the radius debug, my guess is that you haven't
configured the 2950 properly, i.e you have the wrong ip adress to the radius
server.
The configuration should look like this:
aaa new-model
aaa authentication dot1x default group radius
radius-server host auth-port 1812 acct-port
--On Thursday, October 07, 2004 16:27:10 -0400 Dustin Doris
<[EMAIL PROTECTED]> wrote:
I have FR set up to auth/acct against MySQL. It appears to work fine in
a high load environment, most of the time.
Very, very occasionally FR appears to mis-process requests from the
NASes.
Even running FR in
Øystein Gåsdal schrieb:
What is realm used for anyway? Is it just for proxying?
Do we even need to configure that to use ntlm authentication?
Yes, I want to use ntlm_auth with the stripped username (username
without nt domain).
--
Regards
Christoph
Hello,
I have an authentication problem with my FreeRadius server running on a
Linux RedHat 9.0b server.
I tired with FreeRadius v1.0 and v1.0.1 with the same result.
An authentication request is send from a Cisco AS5350 Router and sometimes
it fail.
The log messages from the Radius Server is:
T
What is realm used for anyway? Is it just for proxying?
Do we even need to configure that to use ntlm authentication?
Regards,
Øystein Gåsdal
> -Original Message-
> From: Christoph Litauer [mailto:[EMAIL PROTECTED]
> Sent: 8. oktober 2004 09:26
> To: [EMAIL PROTECTED]
> Subject: Re: us
Hi all,
are 2 days that my XP clients after a while disconnect the connection
(PEAP/TLS) and in the log I have:
Thu Oct 7 19:20:27 2004 : Info: rlm_eap_tls: Length Included
Thu Oct 7 19:20:27 2004 : Error: TLS_accept:error in SSLv3 read client
certificate A
Thu Oct 7 19:20:27 2004 : Info: rlm_ea
On Fri, Oct 08, 2004 at 06:28:17AM +, atul dhingra wrote:
[Some HTML stuff]
Please don't post HTML-only.
Anyway, try OpenSSL 0.9.7... From memory it's required by
something in there.
Otherwise, after reading the mailing list rules, there's a
document (bugs.txt?) which describes how to report
Hi All!
I'd like to do accounting of calls passing through voip "Aqua"
gatekeeper. So the problem is in inserting accounting fields into
database. Aqua sends to freeradius params like
h323-disconnect-time = "h323-disconnect-time=07:09:27.327 UTC Fri Oct 08 2004"
so when freeradius trying to insert
Hi,
I want to use realm ntdomin, but had no success so far. Debug output
always says:
modcall[authorize]: module "ntdomain" returns noop for request 47
What am I doing wrong? Please help ...
Many thansk in advance!
radius.conf is attached. The relevant part of my debug log is:
rad_recv: Access-Re
55 matches
Mail list logo