Hi,
I am using FreeRADIUS to authenticate the XSupplicant using EAP-TLS. The
certificates are being generated using the script CA.all. For the Server
certificate, the TLS Web Server OID used is 1.3.6.1.5.5.7.3.1.
Now what the FreeRADIUS Server is actually sending out to the Client
On Fri, 19 Nov 2004, Joyce Choong wrote:
Hi All,
I am currently using freeradius version 0.8.1. I have been getting this
strange record in my radacct table. I am using a Wireless Subscriber
Gateway.
Kindly refer to the sample log below.
+
| AcctSessionId| UserName |
Works well (on debug). But I've juste two more questions:
1. I would like to have a catch all definition if suppannaffectation
gives a non existing pool-name
I put this in users:
DEFAULT Service-Type == Framed-User, Pool-Name := "DEF_pool"
Framed-MTU = 1500,
Fall-Through = Yes
but didn't
On Fri, 19 Nov 2004, LALOT Dominique wrote:
Works well (on debug). But I've juste two more questions:
1. I would like to have a catch all definition if suppannaffectation gives a
non existing pool-name
I put this in users:
DEFAULT Service-Type == Framed-User, Pool-Name := DEF_pool
At 15.15 17/11/2004, you wrote:
Hi,
I would like to set up a max bandwidth over my cisco 1200AP (ios v12).
My question is : what attribute I should use in radius to set the max
download and upload for the client ?
First you MUST use the virtual template feature of Cisco
After that you can send via
It does not work either, may be I should avoid pools for default IP
settings?.
I put a value toto in supannaffectation which does not exist as a pool name
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess
On Fri, 19 Nov 2004, LALOT Dominique wrote:
It does not work either, may be I should avoid pools for default IP
settings?.
I put a value toto in supannaffectation which does not exist as a pool name
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
Hi all,
I am currently working on RADIUS authentication.
I need a clarification regarding one of my
requirement, where our customers
use any flavour of RADIUS server with PAP, CHAP
authentication to authenticate user who use our
product.
I should be able to provide a flexibility to
I used to have an error in compilation with mysql components, so I thought
of changing machine (SUN Fire 280R) and begin from scratch.
So I installed mysql 2.0.21 and openssl as recommended by Sun.
And then I had the following error in bold upon compilation.
However, this file is there !
I
I still can't solve this problem.
To all people who have successfully configured EAP/TLS and FreeRadius, how did you generate the cert ? Through certificate authority in windows ? or openssl in linux ?
Is it necessary for the windows XP supplicant tobe able to contactthe domain of the cert ?
I
Eva,
I had the same problem couple of days
before and got it fixed. Disable rlm_x99_token when using configure command.
It would help to get rid of this error.
Regards,
Janakan Rajendran
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eva Kolega
Sent:
If the radius servers are writing to the
same database then the accounting packet will be sent to one radius server
only and written to the database only once.
I hope this helps
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Stuart Harris
Sent: Thursday,
Tried on two FreeBSD 4.x box
#gmake
gmake[1]: Entering directory `/root/src/radiusd'
Making all in libltdl...
gmake[2]: Entering directory `/root/src/radiusd/libltdl'
gmake[2]: *** No rule to make target `all'. Stop.
gmake[2]: Leaving directory `/root/src/radiusd/libltdl'
gmake[1]: *** [common]
Hi All,
I use freeradius-1.0.1 on linux and WindowXP+Dlink-120E Supplicant.
I use cert.sh for generating certificats and HOWTO: EAP/TLS Setup
for freeradius and WindowXP Supplicant (http://freeradius.org/doc/EAPTLS.pdf)
for setup wireless connection.
After setup and start freeradius, when I try
Service [EMAIL PROTECTED] wrote:
Fri Nov 19 17:26:55 2004 : Error: TLS_accept:error in SSLv3 read client
certificate A
...
How to solve this problem?
The debug log you posted shows that the server sends an
Access-Accept. So the error isn't critical, and isn't affecting
anything.
Mike O'Connor [EMAIL PROTECTED] wrote:
There are 30 address in the pool and at this time 13 of these are listed
as active but the radacct record show that the users using these
address's have logged off.
Maybe the ippool module isn't getting the information it needs to
release the address.
Bilal Shahid [EMAIL PROTECTED] wrote:
Now I might be totally off the track here in this analysis but I just wanted
to make sure that the Server is indeed sending out what it is supposed to
send out to the Client. Is it alright that the OID being sent to the Client
has its first 2 bytes
Silvestre Malta [EMAIL PROTECTED] wrote:
I've also another question I can't solve.
My Log of radius is displaying some errors like:
Error: Dropping conflicting packet from client nas2:5 - ID: 234 due to
unfinished request 2831
Either your NAS is re-sending packets very quickly, or your
jagadish gowda [EMAIL PROTECTED] wrote:
Apart from the RADIUS server name/IP, port and shared
secret key, is there any other mandatory
information which should be configured for RADIUS
authentication.
That depends what kind of authentication the users are doing.
Are there any situations
On Fri, 2004-11-19 at 07:33, Lara Adianto wrote:
I feel that the following lines (taken from the above log) indicate
that something's not rightbut I'm not sure what they mean...maybe
somebody can help me ?
[3092] 12:43:31:912: ElKeyReceiveRC4: Signature in Key Desc does not
match
Stuart Harris wrote:
MySQL Supports read-only (one way) replication, we replicate all our
live databases (customer hosting, internal, etc...) to a single
backup DB which has a 'live' copy, it doesn't normally have writes to
it, but it can quickly be used to build up a replacement DB that is
Hi masters.
I am looking for a tutorial/how-to to set up a radius server
using freeradius and Mysql and MD5 passwords.
Actually I have a Livingston Portmaster 3 authenticating users on
my linux server. The authentication is based on MD5 passwords
stored in /etc/shadow, for example
I wanted freeradius to run on startup. In etc/rc.d/rc.local I entered
/usr/local/sbin/radiusd.
When I run 'top' to see all processes running is see 7 instances of radiusd.
Is this correct?
Michael Basso
What you see from 'top' is technically correct. However, what you have
done to start radiusd could be somewhat better.
Nevertheless, the reason for seeing seven prosesses will become clear if
you issue 'ps afx' - this will show you parent and children processes.
You should see that there is a
What you see from 'top' is technically correct. However, what
you have
done to start radiusd could be somewhat better.
Can you expand on somewhat better?
Nevertheless, the reason for seeing seven prosesses will
become clear if
you issue 'ps afx' - this will show you parent and children
Michael Basso wrote:
What you see from 'top' is technically correct. However, what
you have
done to start radiusd could be somewhat better.
Can you expand on somewhat better?
Using the rc.radiusd script in your init.d directory.
Using chkconfig.
All this is general Linux stuff, so maybe you might
Alan,
When a radius reply come back from a proxy server
Can/does FreeRadius know if it was a bad password/bad login
or
A timeout of the proxy server ? is there an error code or ID
that
Is set ? or an attribute that says why the reply was
rejected ?
Ron.
Thank you all for your help.
Andrea
--
Andrea G. Forte
On Thu, 18 Nov 2004, Joe Matuscak wrote:
On Thu, 18 Nov 2004, Andrea G. Forte wrote:
The assumption made here is that the authenticator is the AP. I believe
things would be much easier and still safe if one authenticator would
Hi Alan
Thanks for you comments, I used you suggestion as a biases and have
found that the accounting stop records do not always have the same port
id. This means it does not match correctly and does not release the port.
I do not see any way of fixing this from the nas end, so I plan to write
Ron Wahler [EMAIL PROTECTED] wrote:
When a radius reply come back from a proxy server
Can/does FreeRadius know if it was a bad password/bad login or
A timeout of the proxy server ? is there an error code or ID that
Is set ? or an attribute that says why the reply was rejected ?
There's
Paul Hampson wrote:
On Thu, Nov 18, 2004 at 05:14:47PM -0800, Jev wrote:
Ok, great Paul, thank you!
Is it this patch:
http://lists.freeradius.org/archives/freeradius-users/2004/09/frm00132.html
that you plan to apply? Is the patch in that post the most recent? I ask
because I may attempt to
Alan DeKok wrote:
There's nothing in the server right now to do something different if
the home server returned Access-Reject, or simply failed to respond.
If the home server sends a Reply-Message along, then there's a difference
--
Regards,
Thor Spruyt
E: [EMAIL PROTECTED]
W: www.thor-spruyt.com
32 matches
Mail list logo