Thank you for your response.
We test EAP-TTLS with enterasys swithes with supplicant odyssey client
and FUNK steelbelted radius server. it works. So the Enterasys switches
support EAP-TTLS.
But we cant buy odyssey at this point. so we had to enable EAP-TTLS on
windows XP client with securew2
But
Try this :
Tunnel-Type := VLAN,
Tunnel-Medium-Type := IEEE-802,
Tunnel-Private-Group-Id := 13,
It works on my FreeRADIUS
Horschtel a écrit :
Hi my situation is freeradius give the switch wrong attribute parameters.
The “users” config file says:
…
Username Auth-Type == EAP, User-Password == “xxx”
Hi,
it's possible to setup freeradius to forward (for a specific realm
"oldradius") an Accounting-Request to another radius server and not
store it locally?
scenario:
In a transition phase I've some records on my new freeradius and others
on an other old radius server...
in radiusd.conf (autho
Hi all,
I just started with freeradius, due I saw it should be possible to use mssql as
database backend.
A look into the files talks about drivers in
src/modules/rlm_sql/drivers/rlm_sql_freetds/db_mssql.sql
but in the src distri I got there is no file ...
can anyone help me in installing fre
Hello,
I'm running freeradius 1.0.2 using the rlm_ldap module which interfaces
an openldap 2.2.23 ldap database with a berkely db 4.3.27 backend. The
OS is FreeBSD 5.3-release.
We're using freeradius as a means for our NAS equipment (Cisco's) to
authenticate dialup users in an ldap database.
I have no idea what you are talking about.
If you mean that WLAN users will be able to talk to eachother after
authentication then yes, that's the whole point of opening the network.
You need to describe your network first.
On Thu, 10 Mar 2005 15:56:36 -0800
"Nurul Faizal M.Shukeri" <[EMAIL PROT
Nurul probably means client isolation.
Nurul, your issues are not really related to freeradius.
You can authenticate over whatever you want to freeradius. However,
that's not your point. For what you want to do, you need to setup the
access controller which is just another NAS in AAA slang. WLAN
It depends on the Authenticator. If you have a Hotspot gateway model
with unauthenticated association, then yes, two wireless users could use
your infrastructure to talk to each other without first authenticating.
Some switch vendors (wireless and wired) offer web based authentication
that requir
just a quick question about proxying radius.
when a radius proxy forward a request onto the target radius servers, does
the response ncessarily return via the proxy server/device?
i ask this because if i want to post-process replies from a radius server
(the target of the proxying) i need to be s
On Thu, 10 Mar 2005 12:10:40 +0100, Achim Schmidt <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I just started with freeradius, due I saw it should be possible to use mssql
> as database backend.
>
> A look into the files talks about drivers in
>
> src/modules/rlm_sql/drivers/rlm_sql_freetds/db_mssq
Hi,
since no one answers I'll answer myself :-)
> in my setup I use TTLS-PAP to authenticate users (which works perfectly).
> Now I have setup a test user to enable some keepalive checking for the
> server. I use MySQL as backend and have put a Reply-Message attribute in
> radreply. It gets picke
I try but it doesn't work. I try another radius server and it failed also. I
the properties of the Attribute 81 I see should be a string. So I think I did a
mistake on the switch configuration. I post the configuration here :
Current configuration : 3985 bytes
!
version 12.1
no service pad
se
Hi,
I'm using freeradius 1.0.1 for LDAP-EAP/TTLS authentication, works fine.
I would like to know if it's possible to remove the user-pawword line
from detail log without external script.
Regards
Rija Rasolo
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Since I'm using the version of dialup_admin from the 1.0.2 release of
freeradius (with freeradius 1.0.1), would you suggest updating the whole
thing to the latest CVS?
I'm also curious, why is naslist.conf used, instead of reading the
information from the "nas" table in sql?
On Wed, 2005-03-09 at
On Thu, 2005-03-10 at 08:33, Nick Bright wrote:
> Since I'm using the version of dialup_admin from the 1.0.2 release of
> freeradius (with freeradius 1.0.1), would you suggest updating the whole
> thing to the latest CVS?
Clarification of my own email (hehe), I mean update dialup_admin to the
late
I'm happily running FreeRadius with SQL for storing users - etc...
In the accounting sections - there are entries for :-
accounting_update_query
-and-
accounting_update_query_alt
Under what conditions does Radius run the '_alt' version of the SQL
query??
(Where is it documented?)
On Thu, 10 Mar 2005, Nick Bright wrote:
On Thu, 2005-03-10 at 08:33, Nick Bright wrote:
Since I'm using the version of dialup_admin from the 1.0.2 release of
freeradius (with freeradius 1.0.1), would you suggest updating the whole
thing to the latest CVS?
You can probably just update the user_finge
I'm sure Kostas Kalevras pointed me to a file - which included the
section
--
In the following example, 2 different sql modules are used
to store accepted requests and rejected requests.
post-auth {
my_sql_accept
Post-Auth-Type REJECT {
I updated to the latest CVS of dialup_admin, and am getting this error
when I click on "statistics":
Warning: Cannot use a scalar value as an array in
/usr/local/dialup_admin/htdocs/stats.php3 on line 117
Warning: Cannot use a scalar value as an array in
/usr/local/dialup_admin/htdocs/stats.php3
You need a WLAN Access Point that can isolate/block inter-client traffic.
Regards.
--- "Nurul Faizal M.Shukeri" <[EMAIL PROTECTED]> wrote:
>
> Tq 4 ur response
>
> But if I do this, wlan user still can access each other. How to protect
> that? Is that mod_auth_radius that I'm looking for?
>
I'd like to start working on adding usrhiper support to snmpfinger,
since I'm going to be using a rather large USR Total Control.
What exactly is the snmpfinger command after? Usernames only? Other
information? From running the snmpwalk command out of the file against
one of my max units, it seems
I'm storing passwords in plain text, to ease troubleshooting, and even
though I have general_show_user_password: yes in my admin.conf file, the
dialup_admin pages don't show the users' password anywhere (though I can
reset the password properly).
Ideally I think it should be on the "show" page onl
Nick,
I had the same problem. I'm using MySql and the column is named
User-Password
The file "user_edit.attrs" in your dialup_admin/conf directory.
add to the file above the line Auth-Type
User-PasswordUsers Password
That should do it.
Joel
- Original Message -
From: "Nick Bright
Horschtel wrote:
I try but it doesn't work. I try another radius server and it failed also. I the properties of the Attribute 81 I see should be a string. So I think I did a mistake on the switch configuration. I post the configuration here :
Is 802.1x working at all ? For instance I had to
On Thu, 10 Mar 2005, Nick Bright wrote:
I'd like to start working on adding usrhiper support to snmpfinger,
since I'm going to be using a rather large USR Total Control.
What exactly is the snmpfinger command after? Usernames only? Other
information? From running the snmpwalk command out of the fil
On Thu, 10 Mar 2005, Nick Bright wrote:
I'm storing passwords in plain text, to ease troubleshooting, and even
though I have general_show_user_password: yes in my admin.conf file, the
dialup_admin pages don't show the users' password anywhere (though I can
reset the password properly).
Hmm, the com
On Thu, 2005-03-10 at 11:28, Joel Eddy wrote:
> Nick,
>
> I had the same problem. I'm using MySql and the column is named
> User-Password
I am using MySQL as well, but I didn't change the column from the
default name of "Value"
>
>
> The file "user_edit.attrs" in your dialup_admin/conf direct
"Horschtel" <[EMAIL PROTECTED]> wrote:
> Tunnel-Private-Group-Id = "13"
>
> and that's the problem. I think the Tunnel-Private-Group-Id is not
> more an Integer
The RFC's define it to be string. Some switch vendors, however,
implemented it as integer, which causes problems.
Alan DeKok.
Nick,
Yes that would be right. SQL_Column_name Description
Joel
- Original Message -
From: "Nick Bright" <[EMAIL PROTECTED]>
To: "freeradius-users"
Sent: Thursday, March 10, 2005 12:20 PM
Subject: Re: (dialupadmin) user edit not showing passwords
On Thu, 2005-03-10 at 11:28, Joel Eddy
Chris Carver <[EMAIL PROTECTED]> wrote:
> Put another way, when the ldap module in radius fails to communicate
> with the configured ldap server, is there any way for radius to pretend
> as though its dead or actually die (rather than returning an
> access-reject packet) so the Cisco's fail over
Rija Rasolo <[EMAIL PROTECTED]> wrote:
> I'm using freeradius 1.0.1 for LDAP-EAP/TTLS authentication, works fine.
> I would like to know if it's possible to remove the user-pawword line
> from detail log without external script.
If it's in the "detail" file, it's because the NAS is sending it in
Tariq Rashid <[EMAIL PROTECTED]> wrote:
> when a radius proxy forward a request onto the target radius servers, does
> the response ncessarily return via the proxy server/device?
Yes.
> i ask this because if i want to post-process replies from a radius server
> (the target of the proxying) i ne
Mark Elkins <[EMAIL PROTECTED]> wrote:
> I think this means - set up two extra instances of sql (in sql.conf) -
> using the names "my_sql_accept" and "my_sql_reject".
Yes.
> So in these instances - what should the names of the "queries" be
> called?
The names won't change. You're running SQ
I would have to agree with the idea of passwords not being visable.
However, in our situation and maybe even Nick's, if we have
a customer call in with issues connecting we typically make sure
the ID is correct and have them retype their password.
It is nice to be able to see what it is, without ha
On Thu, 2005-03-10 at 12:18, Kostas Kalevras wrote:
> On Thu, 10 Mar 2005, Nick Bright wrote:
>
> > I'm storing passwords in plain text, to ease troubleshooting, and even
> > though I have general_show_user_password: yes in my admin.conf file, the
> > dialup_admin pages don't show the users' passw
I've never made a diff before, or anything like that, but the code I
added in is pretty trivial, so I'll put it here:
elsif ($type eq 'usrhiper'){
$walk = `$snmpwalkcmd
.iso.org.dod.internet.private.enterprises.429.4.10.1.1.18`;
}
My only modification was to add the elsif for "usrhiper"
On Thu, 10 Mar 2005, Nick Bright wrote:
On Thu, 2005-03-10 at 12:18, Kostas Kalevras wrote:
On Thu, 10 Mar 2005, Nick Bright wrote:
I'm storing passwords in plain text, to ease troubleshooting, and even
though I have general_show_user_password: yes in my admin.conf file, the
dialup_admin pages don'
To hop back to this question, updating to the latest CVS made
user_finger.php3 behave quite a bit differently.
Now when I go to that page, I get a listing for every NAS from the
database, but there is no information for the NAS unless there is also
information in naslist.conf
Shouldn't it just us
On Thu, 10 Mar 2005, Nick Bright wrote:
I've never made a diff before, or anything like that, but the code I
added in is pretty trivial, so I'll put it here:
elsif ($type eq 'usrhiper'){
$walk = `$snmpwalkcmd
.iso.org.dod.internet.private.enterprises.429.4.10.1.1.18`;
}
Added in CVS, thanks
"Serg Shipaev" <[EMAIL PROTECTED]> wrote:
> Can somebody give me a clue. How can I build the version with
> --without-threads flag.
> I don't need threads.
After a bit of snooping, I discovered the problem: You have net-snmp
installed, and one of *it's* header files is defining HAVE_PTHREAD_H.
HI all,
I copy the directive de sql.conf a mssql.conf but no work,someone can help me.
Thanks a lot,
VicenteLas mejores tiendas, los precios mas bajos, entregas en todo el mundo, YupiMSN Compras: Haz clic aquí...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users
Alan,
Thank you very much. I'll update or edit by myself net-snmp module to
resolve this problem.
So, why I don't need threads. The practice shows me that threading are
not so beauty as it can imagine.
Due my usage of rlm_perl module I see memory leaks when it works in
threading mode, however al
Admin <[EMAIL PROTECTED]> wrote:
> Thank you very much. I'll update or edit by myself net-snmp module to
> resolve this problem.
> So, why I don't need threads. The practice shows me that threading are
> not so beauty as it can imagine.
> Due my usage of rlm_perl module I see memory leaks when it
Hello,
I'm wondering if it is possible to set up an ippool for a single user?
Right now our users are flatfiled in the users file. anyone with a
static has the info with their username, all the rest of the users get
their ip assigned by the NAS device they are logging in through. From
what i'
On Thu, Mar 10, 2005 at 11:31:48AM -0900, Terry J Fike Jr wrote:
> I'm wondering if it is possible to set up an ippool for a single user?
> Right now our users are flatfiled in the users file. anyone with a
> static has the info with their username, all the rest of the users get
> their ip assi
Alan,
Ok. Thank you.
Serg
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: Thursday, March 10, 2005 23:26
To: freeradius-users@lists.freeradius.org
Subject: Re: Compile problem
Admin <[EMAIL PROTECTED]> wrote:
> Thank you very much. I
Hey all,
I
got a bit of a problem.
The setup we have here is a bit strange (I think). I dont have any access to
any of the NAS's.
Instead I got given a list of IP addresses of other radius servers , that
was added to my clients.conf file. These servers then passes everything on
to
Just update the mysql accounting table and set
AcctStopTime = now()
--
Chris.
- Original Message -
From:
Hyperlink
Admin
To: freeradius-users@lists.freeradius.org
Sent: Friday, March 11, 2005 12:00
AM
Subject: Kill sessions
Hey
all,
I
got a
Hi,
in eap.conf ttls section default_eap_type = md5. but I need to use
EAP-TTLS inner PAP.
when I set default_eap_type=pap or PAP it does not accept. How can I
enable PAP.
Regards,
Taylan
Taylan KIRAN
Network&System Specialist
Koc University
-
List info/subscribe/unsubscribe? See http://w
"TAYLAN KIRAN" <[EMAIL PROTECTED]> wrote:
> in eap.conf ttls section default_eap_type = md5. but I need to use
> EAP-TTLS inner PAP.
> when I set default_eap_type=pap or PAP it does not accept. How can I
> enable PAP.
Once you configure EAP-TTLS, inner PAP works.
And no, PAP is not an EAP
Sirs,
Here what I received:
Wed Mar 9 22:47:34 2005 : Info: Ready to process requests.
Thu Mar 10 10:17:30 2005 : Error: Dropping conflicting packet from client
apk1:1813 - ID: 71 due to unfinished request 48567
Thu Mar 10 12:52:57 2005 : Error: Dropping conflicting packet from client
apk1:1813 -
Hello List :)
I've been thrust into the role of administering our companies Radius server.
I have spent a few hours searching on the net and in the O'Reilly Radius
book for an answer to the following question but it eludes me.
I am migrating my dial-up base to a new vendor and ran into a problem
> It all depends on how you get the Pool-Name attribute added to the
> user's configuration attribute list. If it's added for one user when
> that user comes from a specific NAS, then only that user on that
> specific NAS will get an IP from the relevant pool.
Okay, i see in the radiusd.conf where
"J Morgan" <[EMAIL PROTECTED]> wrote:
> I am migrating my dial-up base to a new vendor and ran into a problem with
> some of the current radius attributes causing the new vendors NAS's to choke
> and not complete the authentication process.
That's... weird. It shouldn't be happening.
> I want
"Serg Shipaev" <[EMAIL PROTECTED]> wrote:
> Thu Mar 10 20:08:03 2005 : Error: Dropping conflicting packet from client
> apk1:1813 - ID: 92 due to unfinished request 209934
>
> Can somebody explain the errors I've got. What should I change in
> radiusd.conf to elliminate these errors?
You don't.
mmm... I understand now. That's mean I need to do something with AP / Switch
not to my server
TQ very much to everyone..
TQ
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Artur
Hecker
Sent: Thursday, March 10, 2005 3:47 AM
To: freeradius-users@lists.free
I see the same thing with trying to set up realms, but haven't received
any response to my question.
Are you running realms setup?
Bob
Serg Shipaev wrote:
Sirs,
Here what I received:
Wed Mar 9 22:47:34 2005 : Info: Ready to process requests.
Thu Mar 10 10:17:30 2005 : Error: Dropping conflicting
On Thu, Mar 10, 2005 at 03:45:24PM -0900, Terry J Fike Jr wrote:
> > It all depends on how you get the Pool-Name attribute added to the
> > user's configuration attribute list. If it's added for one user when
> > that user comes from a specific NAS, then only that user on that
> > specific NAS will
No. Trying to connect to Oracle server.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Radius
Sent: Friday, March 11, 2005 04:14
To: freeradius-users@lists.freeradius.org
Subject: Re: Can somebody explain the errors?
I see the same thing with trying to
Thank you, Alan.
I think I know where the mistake is...
Best regards, Serg Shipaev
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: Friday, March 11, 2005 04:02
To: freeradius-users@lists.freeradius.org
Subject: Re: Can somebody explain t
Hi All
Running on MacOS X panther, I cannot run freeradius as a daemon. I am
forced to run in debugging mode.
Log files are also not updated.
Any inputs are welcome.
Thanks in advance
Mahesh S Kudva
---
Robosoft Technolog
Hello all,
I found that this script isn't working for me, so wonder if this script
is still working?
What does this script check anyway?
did this scrip need checkrad to work?
Just wonder anyone have the guide to patch checkrad to work with another
oid with snmp way?
regards.
Thank You
Chan Mi
Sure does. We use it from time to time, when our wholesale connections
don't send a good disconnect.
radzap IP-Address S:port [EMAIL PROTECTED]
Chan Min Wai wrote:
Hello all,
I found that this script isn't working for me, so wonder if this script
is still working?
What does this script check anyw
You are missing:
aaa authentication network default group radius
The attributes you posted earlier are correct. You can also specify
the VLAN name instead of the number which may help you if the VLAN ids
are different on different networks.
--
DaveD
On Mar 10, 2005, at 7:51 AM, Horschtel wrot
You say You we only need to enable EAP-TTLS but it does not work. You
can find debug log as following.
client is configured with securew2 and EAP-TTLS PAP authentication.
Thanks,
rad_recv: Access-Request packet from host 172.18.3.95:10259, id=34,
length=83
Message-Authenticator = 0x26e
65 matches
Mail list logo
