: Proxying request from user username to realm domain
rlm_realm: Adding Realm = domain
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module ntdomain returns noop for request 0
radius_xlat: '/var/log/radius/radacct/130.147.167.9/auth-detail-20041213'
rlm_detail: /var/log
Thank you thor for your help,
but there's still something i don't understand :
The only attributes available in my Radius Packet are
User-Name and User-Password.
Are you mentionning an other Radius attribute or a configuration parameter on
the Radius server ?
From: Thor Spruyt [EMAIL PROTECTED]
Am Fr, den 10.12.2004 schrieb Mathias Röhl um 16:15:
Hi
after restarting freeradius with -X (thx to Alan) I got the message
--
modcall[authorize]: module ldap returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found
[EMAIL PROTECTED] wrote:
The only attributes available in my Radius Packet are
User-Name and User-Password.
Are you mentionning an other Radius attribute or a configuration
parameter on the Radius server ?
I don't understand what you mean.
All attributes sent by the NAS in the Access-Request
On Sun, 12 Dec 2004, Alan DeKok wrote:
Tim Winders [EMAIL PROTECTED] wrote:
Unfortuantely, I can't seem to get PEAP working. The server is
complaining about a client certificate, like I was using EAP/TLS rather
than EAP/PEAP.
Can you post the error message? It might help
I suppose that
Hi Tim,
I believe that MS made changes to the format of the EAP packets in XP
SP2! This breaks PEAP with a number of (but apparently not all) non-MS
RADIUS servers. They have a Hotfix for this. Checkout KB 885453.
I'm not *sure* that this is your problem. However, it *may* be
relevant.
Note
Do you mean give a user a specific IP address from a pool, or assign a
user to a specific pool?
If its the first, I don't believe you can do that. Rlm_ippool is setup
for dynamic assignment. You could just assign that value in the users
file or sql and then in ippool you set this
override = no
Hello all,
Recently I found that omshell can be use to control the dhcpd server
without restarting the server.
So I'm thinking would there be a way to ask the freeradius to Talk to
omshell when a users auth and assign an ip though omshell.
When the users request the ip from dhcpd server,
On Monday 13 December 2004 08:07, Tim Winders wrote:
On Sun, 12 Dec 2004, Alan DeKok wrote:
Tim Winders [EMAIL PROTECTED] wrote:
Unfortuantely, I can't seem to get PEAP working. The server is
complaining about a client certificate, like I was using EAP/TLS rather
than EAP/PEAP.
Mon Dec
Thanks, Guy. I have contacted MS and have applied the hotfix. But, I
still have a problem. Will post the debug to another message.
--
Tim Winders
Associate Dean of Information Technology
South Plains College
Levelland, TX 79336
On Mon, 13 Dec 2004, Guy Davies wrote:
Hi Tim,
I believe that MS
Hi
I tried FR now with EAP/TLS but after starting with -X -A the output is
rlm_eap: Failed to link EAP-Type/tls: rlm_eap_tls.so: cannot open shared
object file: No such file or directory
radiusd.conf[9]: eap: Module instantiation failed.
I installed the debian package for openssl and also
Hi Mathias,
Yep, build from source and configure with the --disable-shared option.
Regards,
Guy
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Mathias Röhl
Sent: 13 December 2004 16:13
To: [EMAIL PROTECTED]
Subject: EAP/TLS Problem
Hi
Hi All,
I am using FreeRADIUS for Hotspot Wireless Internet System.
I would like to have a PIN number(16 Digits) on my Scratch card rather
than username password pair. User will buy scratch card ,use PIN printed
on card to login at hotspot locations.
My question is, How can I make RADIUS Server
Hi Tim,
You can't authenticate to the /etc/passwd file using PEAP/MS-CHAPv2.
Any CHAP based authentication mechanism requires the server to have
access to the *clear text* passwords.
If you want to use PEAP/MS-CHAPv2, then you'll need to create
definitions of your users either in a local (or
I have Cisco Aironet 1100's that I am setting up on a private LAN that
go through a Firewall to get to the internal LAN. The FreeRadius server
is on the internal LAN.
Ok, so what works: I can connect the client (supplicant) to the
Wireless G Aironet that authenticates to the FreeRadius
I am trying to declare a user with EAP/SIM
authentication method.
I had a look to example in src/tests
and try to run radeapclient as described but it does not work.
If someone has a complete example working
with a user configured with EAP/SIM authentication method.
That means
That did it! I did not think that Cisco was still using LEAP. At least
I can run tests now on the infrastructure.
Thank you for your hint.
Dave
On Mon, 2004-12-13 at 10:08, Joe Matuscak wrote:
On 13 Dec 2004, David Howard wrote:
What does not work: The Aironet's use a system called WDS
G. It's always something.
Is there a way to configure a WinXP SP2 client to use EAP-TTLS/PAP?
When I enable TTLS, what default_eap_type do I specify? I would guess
PAP.
I have tried searching through the FAQ and the list archives, but am still
confused. Much of what is there doesn't seem
Tim Winders [EMAIL PROTECTED] wrote:
Is there a way to configure a WinXP SP2 client to use EAP-TTLS/PAP?
http://www.alfa-ariss.com
When I enable TTLS, what default_eap_type do I specify? I would guess
PAP.
No. Please re-read the comments describing that configuration item.
PAP is
Hi Tim,
EAP-TTLS is not supported by default by the MS 802.1x supplicant.
*However*, you can get a copy of SecureW2 at http://www.securew2.com/,
which behaves as a plugin to the MS 802.1x supplicant to provide support
for EAP-TTLS. If you want to use a third party complete supplicant, I'd
Mike, Alan,
This policy module sounds interesting. Where can I find out more? Is it
only in CVS?
josh.
Michael Griego wrote:
Thor,
You might want to take a look at the new policy module Alan has been
working on. You could possibly set up different instances of the
rlm_attr_filter for each realm
Josh Howlett [EMAIL PROTECTED] wrote:
This policy module sounds interesting. Where can I find out more? Is it
only in CVS?
Yes. See raddb/policy.txt, and man rlm_policy
It's simple, but very, very, powerful.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Alan DeKok wrote:
Josh Howlett [EMAIL PROTECTED] wrote:
This policy module sounds interesting. Where can I find out more? Is it
only in CVS?
Yes. See raddb/policy.txt, and man rlm_policy
It's simple, but very, very, powerful.
Sweet. I can see this being very useful. Thanks!
josh.
-
List
Hi,
I have noticed that the preproxy_users file is not used anywhere in
radiusd.conf
Am I right to say that the preproxy_users file should be used be the
rlm_attr_filter module in the pre-proxy section, just like the attrs file in
the post-proxy section?
If so, I can make some documentation
Thor Spruyt [EMAIL PROTECTED] wrote:
I have noticed that the preproxy_users file is not used anywhere in
radiusd.conf
It's part of the files module.
I'd like to replace much of this in 1.1.x and following with the new
policy module. It's a *lot* more powerful, and can be much easier to
Thor Spruyt [EMAIL PROTECTED] wrote:
raddb/policy.txt is Chinese to me :(
man rlm_policy
Then still, there's the problem of how to remove an attribute before
proxying?
man users. You can use preproxy_users to delete attributes.
When the policy module is a little more complete, you
My setup: Running FreeRADIUS 1.0.1 on Debian sarge
server2 (secondary) - detail-relay/radrelay - server1 (primary) -
mysql
The servers are far away from being under (dual Xeon 2,8, 1GB, SCSI 15k
etc)
As long as the primary runs and is reachable, everything is fine but
whenever the secondary
Hi Kostas,
I was thinking about it and I see that changing the order will not do
much good.
I have serveral groups defined and typically a user has
a groupmembership_attribute set to one value. When radius checks groups it
tries all groups form the config, one by one. If the user does not
Try change all occurances of u_int32_t to uint32_t
it works with me in solaris 8
Silves
On Mon, 13 Dec 2004 14:47:15 -0800, Stevo wrote
Hi Team,
I've been using the pam_radius module on FreeBSD and Redhat Linux
now for a while quite successfully. I am, however, having problems
getting
The AP must support 802.11i. For Enterprise 802.11i, you must use
802.1x, which FreeRADIUS supports.
--Mike
On Mon, 2004-12-13 at 22:46, Bilal Shahid wrote:
Hi,
Does FreeRADIUS support 802.11i?
On a more general level; in the wireless environment, does the RADIUS Server
(any RADIUS
I would like to monitor my users(wireless) and I try writing a system and
I'm using table radacct. But value for Calling-Station-Id is not recorded
and we are using DHCP server.All user can get ip address from dhcp but my
radius server doesn't record it. Can anyone help me how to grab
http://www.freeradius.org/rfc/rfc2865.html#Framed-Route
On Mon, 13 Dec 2004, Nirmal wrote:
Hi,
I am using FR-0.9 and MySQL as backend. how can i add
single framed-route for a user ? e.g. i just want to
forward /30 to a user.
what is the exact format for framed-route attribute ?
what i
On Tue, 14 Dec 2004, Michael Markstaller wrote:
My setup: Running FreeRADIUS 1.0.1 on Debian sarge
server2 (secondary) - detail-relay/radrelay - server1 (primary) -
mysql
The servers are far away from being under (dual Xeon 2,8, 1GB, SCSI 15k
etc)
As long as the primary runs and is reachable,
Hi,
I just started using free radius. I was trying to run the test cases, to
check if the configuration done
by me is correct.
I have the following error information, Kindly help me.
I am getting the following messages for the radiusd -X started.
I am unable to locate what went wrong?
zack musa wrote:
HI
there is something that confused me. In sql.conf. the
server field should be any IP of a server running
Mysql. Is it? When i try using localhost, the radius
running properly (from the debug mode) but when i used
the IP addr of which the same mechine i run radius
server using
Hello all,
Recently I found that omshell can be use to control the dhcpd server
without restarting the server.
So I'm thinking would there be a way to ask the freeradius to Talk to
omshell when a users auth and assign an ip though omshell.
When the users request the ip from dhcpd server, he will
Hi,
Maybe I have overlooked, but I can't seem to find documentation on how to
remove or modify attributes per realm before proxying.
If someone can point me out where I have to look, that would be great.
I'm willing to write some documentation after I have managed to do this.
--
Regards,
Thor
Thor,
You might want to take a look at the new policy module Alan has been
working on. You could possibly set up different instances of the
rlm_attr_filter for each realm and then use the policy module to control
which instance gets called based on which realm the request is for.
--Mike
On
On Mon, 13 Dec 2004, Alan DeKok wrote:
Tim Winders [EMAIL PROTECTED] wrote:
Is there a way to configure a WinXP SP2 client to use EAP-TTLS/PAP?
http://www.alfa-ariss.com
YES!
When I enable TTLS, what default_eap_type do I specify? I would guess
PAP.
No. Please re-read the comments describing
Thank you Guy! The SecureW2 free plugin works perfectly!
--
Tim Winders
Associate Dean of Information Technology
South Plains College
Levelland, TX 79336
On Mon, 13 Dec 2004, Guy Davies wrote:
Hi Tim,
EAP-TTLS is not supported by default by the MS 802.1x supplicant.
*However*, you can get a copy
Michael Griego wrote:
You might want to take a look at the new policy module Alan has been
working on. You could possibly set up different instances of the
rlm_attr_filter for each realm and then use the policy module to
control which instance gets called based on which realm the request
is for.
Hi Team,
I've been using the pam_radius module on FreeBSD and Redhat Linux now for a
while quite successfully. I am, however, having problems getting the module
to compile under Solaris 9. Am I missing something silly here?
--Steve
bash-2.03# make
/usr/local/bin/gcc -Wall -fPIC -c
Thor Spruyt wrote:
Michael Griego wrote:
You might want to take a look at the new policy module Alan has been
working on. You could possibly set up different instances of the
rlm_attr_filter for each realm and then use the policy module to
control which instance gets called based on which realm
Hi all,
Just wondering if anyone is able to tell me how to do multiple Framed-Route
replies for a single user? We have a single user that needs a /24 and a /30.
We are using MySQL as the backend and having two entries for the user in
radreply doesnt work.
Any ideas/suggestions would be
Hi Rick,
Andrew,
I have been using freeradius with Plat for a long time and it works well.
Have you downloaded the *nix binary and scripts off of boardtown's website
to interface with your windows server?
What on earth for? Isn't freeRadius supposed to have inbuilt MS SQL
support?
All of
On Monday 13 December 2004 21:26, Nikolas Geyer wrote:
Hi all,
Just wondering if anyone is able to tell me how to do multiple Framed-Route
replies for a single user? We have a single user that needs a /24 and a
/30. We are using MySQL as the backend and having two entries for the user
in
I would like to monitor my users(wireless) and I try writing a system and
I'm using table radacct. But value for Calling-Station-Id is not recorded
and we are using DHCP server.All user can get ip address from dhcp but my
radius server doesn't record it. Can anyone help me how to grab users
Hi,
Does FreeRADIUS support 802.11i?
On a more general level; in the wireless environment, does the RADIUS Server
(any RADIUS Server) need to support 802.11i or just the intervening Access
Point with this support is required?
Thanks,
Bilal
Alan DeKok wrote:
Thor Spruyt [EMAIL PROTECTED] wrote:
I have noticed that the preproxy_users file is not used anywhere in
radiusd.conf
It's part of the files module.
Oh ok :)
I'd like to replace much of this in 1.1.x and following with the new
policy module. It's a *lot* more powerful, and can
Alan DeKok wrote:
Thor Spruyt [EMAIL PROTECTED] wrote:
I have noticed that the preproxy_users file is not used anywhere in
radiusd.conf
It's part of the files module.
If I understand correctly, that means one would create a module instance
like so?
files files_preproxy {
Hi,
I am using FR-0.9 and MySQL as backend. how can i add
single framed-route for a user ? e.g. i just want to
forward /30 to a user.
what is the exact format for framed-route attribute ?
what i tried is 192.192.168.1 is the static ip user
and route would be added for 192.192.168.2 gw would be
Am Mo, den 13.12.2004 schrieb Guy Davies um 17:27:
Hi Mathias,
Hi Guy
Yep, build from source and configure with the --disable-shared option.
oki, thx. But in my mind, is this the only option I need ? Nothing more
to do ? eg linking the openssl lib
regards
[EMAIL PROTECTED]
-
52 matches
Mail list logo
