Hi,
I am using FreeRADIUS to authenticate the XSupplicant using EAP-TLS. The
certificates are being generated using the script CA.all. For the Server
certificate, the TLS Web Server OID used is 1.3.6.1.5.5.7.3.1.
Now what the FreeRADIUS Server is actually sending out to the Client
(XSupplicant)
On Thu, 18 Nov 2004, Silvestre Malta wrote:
Hi.
Sorry for disturbing.
I'm Using FreeRadius 0.9.3 and I've two question I can't solve by myself.
1) When Using Radwho It is not used short name of Nas. The output display the
IP addresses.
I've the clients.conf well configured has also the naslist fil
On Fri, 19 Nov 2004, Joyce Choong wrote:
Hi All,
I am currently using freeradius version 0.8.1. I have been getting this
strange record in my radacct table. I am using a Wireless Subscriber
Gateway.
Kindly refer to the sample log below.
+
| AcctSessionId| UserName | AcctSta
Works well (on debug). But I've juste two more questions:
1. I would like to have a catch all definition if suppannaffectation
gives a non existing pool-name
ÂÂ I put this in users:
ÂÂ DEFAULT Service-Type == Framed-User, Pool-Name := "DEF_pool"
ÂÂÂ Framed-MTU = 1500,
ÂÂÂ Fall-Through =
On Fri, 19 Nov 2004, LALOT Dominique wrote:
Works well (on debug). But I've juste two more questions:
1. I would like to have a catch all definition if suppannaffectation gives a
non existing pool-name
I put this in users:
DEFAULT Service-Type == Framed-User, Pool-Name := "DEF_pool"
Framed
At 15.15 17/11/2004, you wrote:
Hi,
I would like to set up a max bandwidth over my cisco 1200AP (ios v12).
My question is : what attribute I should use in radius to set the max
download and upload for the client ?
First you MUST use the virtual template feature of Cisco
After that you can send via
It does not work either, may be I should avoid pools for default IP
settings?.
I put a value toto in supannaffectation which does not exist as a pool name
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" ret
On Fri, 19 Nov 2004, LALOT Dominique wrote:
It does not work either, may be I should avoid pools for default IP
settings?.
I put a value toto in supannaffectation which does not exist as a pool name
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
m
> Do you have reverse lookup dns configured for these IP's? I think it
should work
> (but through DNS, not clients.conf).
Yes. I've Reverse DNS configured for this IPs. That's why I'm not
understanding why
the output of radwho only displays the IP addresses.
I've talked about the file clients.con
Hi all,
I am currently working on RADIUS authentication.
I need a clarification regarding one of my
requirement, where our customers
use any flavour of RADIUS server with PAP, CHAP
authentication to authenticate user who use our
product.
I should be able to provide a flexibility to connec
I used to have an error in compilation with mysql components, so I thought
of changing machine (SUN Fire 280R) and begin from scratch.
So I installed mysql 2.0.21 and openssl as recommended by Sun.
And then I had the following error in bold upon compilation.
However, this file is there !
I h
I still can't solve this problem.
To all people who have successfully configured EAP/TLS and FreeRadius, how did you generate the cert ? Through certificate authority in windows ? or openssl in linux ?
Is it necessary for the windows XP supplicant to be able to contact the domain of the cert ?
I
Eva,
I had the same problem couple of days
before and got it fixed. Disable rlm_x99_token when using configure command.
It would help to get rid of this error.
Regards,
Janakan Rajendran
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eva Kolega
Sent: Fr
If the radius servers are writing to the
same database then the accounting packet will be sent to one radius server
only and written to the database only once.
I hope this helps
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Stuart Harris
Sent: Thursday, Nov
Tried on two FreeBSD 4.x box
#gmake
gmake[1]: Entering directory `/root/src/radiusd'
Making all in libltdl...
gmake[2]: Entering directory `/root/src/radiusd/libltdl'
gmake[2]: *** No rule to make target `all'. Stop.
gmake[2]: Leaving directory `/root/src/radiusd/libltdl'
gmake[1]: *** [common]
Hi All,
I use freeradius-1.0.1 on linux and WindowXP+Dlink-120E Supplicant.
I use cert.sh for generating certificats and "HOWTO: EAP/TLS" Setup
for freeradius and WindowXP Supplicant" (http://freeradius.org/doc/EAPTLS.pdf)
for setup wireless connection.
After setup and start freeradius, when I t
Service <[EMAIL PROTECTED]> wrote:
> Fri Nov 19 17:26:55 2004 : Error: TLS_accept:error in SSLv3 read client
> certificate A
...
> How to solve this problem?
The debug log you posted shows that the server sends an
Access-Accept. So the error isn't critical, and isn't affecting
anything.
Mike O'Connor <[EMAIL PROTECTED]> wrote:
> There are 30 address in the pool and at this time 13 of these are listed
> as active but the radacct record show that the users using these
> address's have logged off.
Maybe the ippool module isn't getting the information it needs to
release the addr
"Bilal Shahid" <[EMAIL PROTECTED]> wrote:
> Now I might be totally off the track here in this analysis but I just wanted
> to make sure that the Server is indeed sending out what it is supposed to
> send out to the Client. Is it alright that the OID being sent to the Client
> has its first 2 byt
"Silvestre Malta" <[EMAIL PROTECTED]> wrote:
> I've also another question I can't solve.
> My Log of radius is displaying some errors like:
> "Error: Dropping conflicting packet from client nas2:5 - ID: 234 due to
> unfinished request 2831"
Either your NAS is re-sending packets very quickly,
jagadish gowda <[EMAIL PROTECTED]> wrote:
> Apart from the RADIUS server name/IP, port and shared
> secret key, is there any other mandatory
> information which should be configured for RADIUS
> authentication.
That depends what kind of authentication the users are doing.
> Are there any situa
On Fri, 2004-11-19 at 07:33, Lara Adianto wrote:
> I feel that the following lines (taken from the above log) indicate
> that something's not rightbut I'm not sure what they mean...maybe
> somebody can help me ?
>
> [3092] 12:43:31:912: ElKeyReceiveRC4: Signature in Key Desc does not
> match
Stuart Harris wrote:
MySQL Supports read-only (one way) replication, we replicate all our
live databases (customer hosting, internal, etc...) to a single
backup DB which has a 'live' copy, it doesn't normally have writes to
it, but it can quickly be used to build up a replacement DB that is
current
Hi masters.
I am looking for a tutorial/how-to to set up a radius server
using freeradius and Mysql and MD5 passwords.
Actually I have a Livingston Portmaster 3 authenticating users on
my linux server. The authentication is based on MD5 passwords
stored in /etc/shadow, for example
$1$u5C6uZb/$FX
I wanted freeradius to run on startup. In etc/rc.d/rc.local I entered
/usr/local/sbin/radiusd.
When I run 'top' to see all processes running is see 7 instances of radiusd.
Is this correct?
Michael Basso
What you see from 'top' is technically correct. However, what you have
done to start radiusd could be somewhat better.
Nevertheless, the reason for seeing seven prosesses will become clear if
you issue 'ps afx' - this will show you parent and children processes.
You should see that there is a '
> What you see from 'top' is technically correct. However, what
> you have
> done to start radiusd could be somewhat better.
Can you expand on "somewhat better"?
>
> Nevertheless, the reason for seeing seven prosesses will
> become clear if
> you issue 'ps afx' - this will show you parent and
Michael Basso wrote:
What you see from 'top' is technically correct. However, what
you have
done to start radiusd could be somewhat better.
Can you expand on "somewhat better"?
Using the rc.radiusd script in your init.d directory.
Using chkconfig.
All this is general Linux stuff, so maybe you migh
Alan,
When a radius reply come back from a proxy server
Can/does FreeRadius know if it was a bad password/bad login
or
A timeout of the proxy server ? is there an error code or ID
that
Is set ? or an attribute that says why the reply was
rejected ?
Ron.
Thank you all for your help.
Andrea
--
Andrea G. Forte
On Thu, 18 Nov 2004, Joe Matuscak wrote:
> On Thu, 18 Nov 2004, Andrea G. Forte wrote:
>
> > The assumption made here is that the authenticator is the AP. I believe
> > things would be much easier and still safe if one authenticator would
Hi Alan
Thanks for you comments, I used you suggestion as a biases and have
found that the accounting stop records do not always have the same port
id. This means it does not match correctly and does not release the port.
I do not see any way of fixing this from the nas end, so I plan to write
"Ron Wahler" <[EMAIL PROTECTED]> wrote:
> When a radius reply come back from a proxy server
> Can/does FreeRadius know if it was a bad password/bad login or
> A timeout of the proxy server ? is there an error code or ID that
> Is set ? or an attribute that says why the reply was rejected ?
There
Paul Hampson wrote:
On Thu, Nov 18, 2004 at 05:14:47PM -0800, Jev wrote:
Ok, great Paul, thank you!
Is it this patch:
http://lists.freeradius.org/archives/freeradius-users/2004/09/frm00132.html
that you plan to apply? Is the patch in that post the most recent? I ask
because I may attempt to app
Alan DeKok wrote:
There's nothing in the server right now to do something different if
the home server returned Access-Reject, or simply failed to respond.
If the home server sends a Reply-Message along, then there's a difference
--
Regards,
Thor Spruyt
E: [EMAIL PROTECTED]
W: www.thor-spruyt.com
34 matches
Mail list logo
