Hello,
I want to upgrade from freeradius-0.8.1 to freeradius-1.0.1.
Begining of my hints file:
sergk Strip-User-Name = No
Hint := "admin"
It matches only username "sergk" with freeradius-0.8.1.
But it matches any username with freeradius-1.0.1.
Is it bug or feature ?
-
List info/
Rohaizam Abu Bakar wrote:
> How can we possible do to ensure only when sql1 down.. then the accounting
> will be sent to sql2..??
You might try a different approach:
- store accounting in "detail" files (man rlm_detail)
- run radsqlrelay to send accounting in the database (get it from a
Hi!
I'm trying to configure freeradius with peap autentication. I use winxp for
client. When starting autentication, I get following error. Can somebody help
me and tell what is going wrong. I had made changes radius.conf, eap.conf,
users and clients.conf files. Should I make changes huntsgroup f
Hello,
today figured out that on FR 1.0.1 the following Info message appears if
the user enter an incorrect password:
Info: rlm_sql (sql): No matching entry in the database for request from
user [edgars]
In the previous versions i think it was like usual - Login incorrect bla
bla bla.
Has this
>
> I have following entry in the users file:
> bob User-Password == "bob"
> Cisco-AVpair = "access-list 188 deny ip any any",
> Fall-Through = YES
>
> Whats wrong?
>
try it like this:
Cisco-AVPair = "ip:inacl#1=permit ip a.a.a.a 0.0.0.255 b.b.b.b 0.0.0.63",
Cisco-AVPai
hello all
I have a problem with attr_rewrite :
I have added an attribute in
/usr/share/freeradius/freeradius/dictionnary
Reply-Message-2 65string
I haven't added in /etc/freeradius/dictionnary because it doesn't work
!!
in radius.conf my configuration is:
attr_rewrite passpar
On Mon, 24 Jan 2005, Nans Delrieu wrote:
hello all
I have a problem with attr_rewrite :
when a user is accepted, i have reply-message and reply-message 2.
when a user is reject, i have only reply-message.
I don't understand that ??
Only a few attributes are allowed in an access-reject.
--
Kostas Ka
Hello
My configuration is : Proxy Radius ---> primary radius
---> secondary radius
---> remote radius for realm
company.com
--->
In Primary Radius, I want to add in reply message t
Çäðàâñòâóéòå, Markus.
Âû ïèñàëè 24 ÿíâàðÿ 2005 ã., 15:15:50:
>>
>> I have following entry in the users file:
>> bob User-Password == "bob"
>> Cisco-AVpair = "access-list 188 deny ip any any",
>> Fall-Through = YES
>>
>> Whats wrong?
>>
> try it like this:
> Cisco-AVPai
> Hello, freeradius-users.
>
> I have following entry in the users file:
> bob User-Password == "bob"
> Cisco-AVpair = "access-list 188 deny ip any any",
> Fall-Through = YES
>
> radreply log saying that all ok:
> Packet-Type = Access-Accept
> Fri Jan 21 17:55:56 2005
> Ser
Hi, again.
For resolve my the problem whidt freeradius, i update my system for the
red hat 9.0, this
version of linux have one version of openssl who supports the tls tunnels
for the eap methods.
Thanks again Paulo Ferreira.
Alan DeKok wrote:
>Paulo Alexandre Caceres Ferreira <[EMAIL PROTECTED
Hi there !
I've a problem with my proxyRADIUS server :
I've configured two freeradius server (each in v1.0.1, EAP-TTLS
activated). When I log on the first server (from a Cisco AP-1100), it's
OK. I change IP address of the radius server on the NAS : direct login
is ok.
Now I use the syntax '[EMAIL P
I've got freeradius setup to authenticate wireless clients with
PEAP/MSCHAP (to an Active Directory backend) and now I'm looking for a
way to test/monitor the radius server. Ideally, I'd like to do
something like radtest, but test either PEAP or at least the MSCHAP
authentication portion. Does an
*oups* sorry !
option 'nostrip' in proxy.conf missed...
it works now !
Regards,
David
David ROUMANET a écrit :
Hi there !
I've a problem with my proxyRADIUS server :
I've configured two freeradius server (each in v1.0.1, EAP-TTLS
activated). When I log on the first server (from a Cisco AP-1100), i
I am running it but having problems starting external scripts. Some type of
path problem. Need info on where to get a build for windows.
George Schoggins
Enterasys Networks
Phone: 407-268-9894
FAX: 407-268-9881
Cell: 407-808-6013
Email: [EMAIL PROTECTED]
www: http://www.enterasys.com
-
List
Hello all,
I am trying to setup a radius service for eap with an
ldap backend. I have gotten the ldap backend working
and I have gotten eap to work with a user defined in
the users file. Next 2 lines from my users file.
testuser Auth-Type := EAP, User-Password ==
"testpass"
DEFAULT Auth-Type
I am stumped on this one: I have used the Simultaneous-Use attrib and
checkrad script for sometime now with great success. But recently we
made some network changes and now some of our users are connecting from
another network. All radius requests are proxied via the local radius
server to our ra
I solved this problem using an other attribute :
in /etc/freeradius/ldap.attrmap :
checkItem User-Password radiusTunnelPassword
and set up passwords in it ;-)
I think it's only an access right problem on the LDAP 'userPassword'
attribute...
If that don't solve your pro
"Ed Henderson" <[EMAIL PROTECTED]> wrote:
> From what I can tell it appears that if a request is proxied then
> freeradius does not use checkrad and automatically denies request. Is
> this how it is designed? Or am I missing something?
The software is designed that way because the network is
Hi,
I have a little problem. A configured my linux xsupplicant for 802.1X
authentication on a port of a Cisco 3550 switch. Authentication works
through radius, if port is assigned statically to a VLAN I can ping other
boxes on the segment but if I assign VLAN to the port from the RADIUS I
got a RA
> "Ed Henderson" <[EMAIL PROTECTED]> wrote:
> > From what I can tell it appears that if a request is proxied then
> > freeradius does not use checkrad and automatically denies
> request. Is
> > this how it is designed? Or am I missing something?
>
> The software is designed that way because
There is a test tool to send an eap request to the radius
Server with a test user. You could send a test authentication
Off every so often with a script to monitor it's status.
Ron.
http://www.positive-logic.net
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On B
Hello T
It seems that the user doens't exist on
users.conf
Jacques
"Ed Henderson" <[EMAIL PROTECTED]> wrote:
> I understand that it can't ask a radius server but is it possible to
> have it check the original nas instead?
As I said once before:
> > Checkrad can't check the NASes of the other RADIUS servers, as
> > those NASes don't know who you are, they only
> That makes no sense to me. Listing NASes from another RADIUS server
> in your "clients.conf" file is a waste of time.
>
> Alan DeKok.
Its not a waste of time if one has permission to "poke" the remote NASes
and wants to check them for multiple login attempts. But I guess
freeradius can't
"Ed Henderson" <[EMAIL PROTECTED]> wrote:
> Its not a waste of time if one has permission to "poke" the remote NASes
> and wants to check them for multiple login attempts. But I guess
> freeradius can't do this.
As always, you have source. You can make it do whatever you want.
Alan Dekok.
On Sat, 2005-22-01 at 01:55 -0800, [EMAIL PROTECTED] wrote:
> Thanks for the information. What I was missing was the Auth-Type in
> Radgroupcheck. That is new to me. I did not have do that with the older
> version of Freeradius. When did that change? I did not see any references
> to that Auth-Typ
I am attempting to set up FreeRadius to handle dot1x from some Cisco
2950 Series Switches. I am using the supplicant that is supplied as
part of Windows XP. Currently, using a basic configuration of FR1.0.1
I can use radtest to verify that basic radius functions are working
correctly. (I get an acc
Hey, Thanks for the help...
Still having difficulty, although I think you are
right on target.
LDAP appear to respond correctly then Radius states
that the User-Password attribute is missing. Isn't
this what I set with the ldap.attrmap and
dictionary_mapping in the radiusd.conf?
Here are snippe
I want to set up a secure wlan using EAP-PEAP as
authentication method and Radius as a authentication
server, in the AP I choose TKIP encryption, but I
think TKIP needs to renew the keys used, and I think
is the Radius server the one that has to create the
keys and pass them to the AP, is this true
hi
TKIP is the encryption method used on the wireless link. radius is
designed to be independent of the access technology used by the NAS.
in other words, TKIP is something which is not known to the radius
server - by design. the radius server will - if available - provide the
NAS (802.11 acces
Suresh:
>
> Hi,
> I am new to freeradius server.I have installed freeradius server
> 1.0.1 version in my gobolinux machine. I have also installed
> the pyrad client 0.8 version in my machine. I have made the radtest
> for server testing.It is working fine.How can I test the pyrad client
>
Brandon Blank <[EMAIL PROTECTED]> wrote:
> I'm just wanting a basic setup that will allow me to do port
> authentication using the included WinXP supplicant using my unix
> /etc/passwd file. Maybe there is a better way?
It's possible ONLY for EAP-TTLS with tunneled PAP.
For all other EAP aut
Matt Moore <[EMAIL PROTECTED]> wrote:
> DEFAULT Auth-Type := LDAP
> Fall-Through = 1
...
> rad_recv: Access-Request packet from host
> 143.116.5.238:2048, id=98, length=117
...
> User-Name = "matt_moore"
> EAP-Message = 0x0201000f016d6174745f6d6f6f7265
LDAP doesn't do
Hi all
I've installed and use freeradius 1.0.1 for
EAP/TLS auntentication. It work well without CRL. But each time I want to
active check_crl = yes on eap.conf file , authentication fail with following
message :
*** unable to get certificate CRL***
Someone can help me on following ques
>
> Hi!
>
> I'm trying to configure freeradius with peap autentication. I use winxp for
> client. When starting autentication, I get following error. Can somebody
> help
> me and tell what is going wrong. I had made changes radius.conf, eap.conf,
> users and clients.conf files. Should I make chan
is there something easier to use than the Expire check item to expire users on
or afer a certain date to trigger a deny response? No one in his right mind
is going to sit there and even use a calculator for the number of seconds
since some date in 1970!
Isn't there some check item where I can j
Hello... I am trying to make freeradius authenticate some access
packets using the output of SQL stored procedures (that eventually would
do the billing as well). Can it be done? And if yes, how?
thank you
--
Siderite <[EMAIL PROTECTED]>
-
List info/subscribe/unsubscribe? See http://www
I updated all the server to freebsd 4.10 with the latest patch release,
rebuilt world and kernel and I am still having the same issue when I
attempt to restart or HUP the radiusd process. It seems to be looping as
Alan said. I did do the gdb and when it I issue the radiusd.sh restart
command, it
39 matches
Mail list logo
