Hello!
users: Matched entry DEFAULT at line 155
users: Matched entry DEFAULT at line 175
users: Matched entry DEFAULT at line 187
I'll bet $$ that the entry for that user is NOT on line 155, 175, or
on 187.
You're right - the user entry is not on the named lines
I'll
Hello all,
I'm sorry if my question doesn't match to this list but I don't know
where I can find an answer.
I arrived to authenticate a user but I can't today and I
find it's due to the ntlm_auth .
I try only the ntlm_auth commands and I've this result:
ntlm_auth --request-nt-key
hi everybody,
on the weekend i hab a strange problem with a ppp client.
here's the log from the client:
pr 17 16:23:34 localhost pppd[449]: pppd 2.4.2b1 started by root, uid 0
Apr 17 16:24:35 localhost pppd[449]: Serial connection established.
Apr 17 16:24:35 localhost pppd[449]: Using interface
Hi!
I am using freeradius 1.0.1 with an openldap backend (2.1.30). Therefor
I am using the ldap.attrmap for mapping ldapentries to radiusattributes.
Everything is configured correctly, mapping works. For example, I added
a radiusAuthType with value REJECT and I couldn't authenticate. Even
other
Hi,
I have a newbie question about getting EAP/TLS to work with FreeRADIUS
(ver. 1.0.1 running on NetBSD 2.0). My CA is a Windows 2003 Server
from which I have generated the root certificate. This is either
represented in cer- or p12-format, which can be transformed to
pem-format (say CA.pem)
Hi there,
I've finally come to a decision as to what sort of backend we're going
to use. Thanks for all the discussion it was very helpful in coming to
the final decision. Heres what I'm going to go with:
Use the UNIX password file on the machine that holds the radius server
to authenticate
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
after some trials and very careful config file reading I fixed the
stuff myself. So I apologize for filling your mailboxes ;)
Now, the resolution: In principle I left all the preconfigured entries
~ in the default users config alone and appended my
Hello,
i tried to implement freeradius 0.8 with two ldapservers for authentication.
i want freeradius to check the one ldap-server first, if user not found, the
other server shoud be asked.
But the second server will only be used by the radius-server, if the first
server is unreachable. If
Hi,
isnt this a typo??
autztype LDAP {
should be AUTHTYPE???
Regards,
Edvin
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of freeradius
Sent: Montag, 18. April 2005 13:34
To: freeradius-users@lists.freeradius.org
Subject: Two LDAP-Servers
Hello,
i
freeradius wrote:
Hello,
i tried to implement freeradius 0.8 with two ldapservers for authentication.
i want freeradius to check the one ldap-server first, if user not found, the
other server shoud be asked.
But the second server will only be used by the radius-server, if the first
Hello
I try to setup EAP/TLS on freeradius 1.0.2
Everything works fine.
If i create a CRL no one can login.
How can i configure the eap.conf that the other users can login?
I've set (tls section):
CA_path = /path
check_crl = yes
crl_dir = /path
crl = file
thaks for help
Alain
-
List
hi,
no, if i write authtype, radiusd shows following errormessage:
radiusd.conf[1168] Subsection of module instance call not allowed
if i write autztype, radiusd starts.
Regards
chris
[EMAIL PROTECTED] 18.04.2005 14:02:05
Hi,
isnt this a typo??
autztype LDAP {
should be AUTHTYPE???
Hello,
I am using EAP-TLS. Windows XP, Cisco 1200 AP, freeradius.
Everything is working fine unless I enable the verify server
certificate checkbox on XP.
In this case I am not authenticated anymore by the radius server.
I Cannot understand why. I have the CA certificate installed
I cannot
Hi!
I am using freeradius 1.0.1 with an openldap backend (2.1.30). Therefor
I am using the ldap.attrmap for mapping ldapentries to radiusattributes.
Everything is configured correctly, mapping works. For example, I added
a radiusAuthType with value REJECT and I couldn't authenticate. Even
hello,
thax to all responders!
i solved the prob now ;-)
there was missing the a line which says, the notfound ist NOT a return:
authtype LDAP {
redundant {
ldap1 {
notfound = 1 --- this was missing!
}
ldap2
]: module files returns noop for request 1
modcall: group preacct returns ok for request 1
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 1
radius_xlat: '/var/log/freeradius/radacct/127.0.0.1/detail-20050418'
rlm_detail:
/var/log/freeradius
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Stefan Winter wrote:
|
|users: Matched entry DEFAULT at line 155
|users: Matched entry DEFAULT at line 175
|users: Matched entry DEFAULT at line 187
|
|
|
| Could it be that the entry with the user name is _below_ line 187
and that
|
2) I notice now that the certificate validation is working that I no
longer am prompted to enter my username and password. Even after
rebooting the WinXP computer, the connection to freeradius occurs
automatically. I suppose this might be convenient in some circles
but it's also a security
Dustin any input on this one?
Maqbool Hashim wrote:
Hi there,
I've finally come to a decision as to what sort of backend we're going
to use. Thanks for all the discussion it was very helpful in coming
to the final decision. Heres what I'm going to go with:
Use the UNIX password file on the
Greetings,
Am Montag 18 April 2005 11:24 schrieb Lasse Baek:
Hi,
I have a newbie question about getting EAP/TLS to work with FreeRADIUS
(ver. 1.0.1 running on NetBSD 2.0). My CA is a Windows 2003 Server
from which I have generated the root certificate. This is either
represented in cer- or
On Mon, 18 Apr 2005, guest01 wrote:
Hi
Thxs for the fast reply!!
Ok, user steve (the one with the Auth-Type := Local) exists only for
testing purposes. With user-data in die local users file, the
nas-identifier works
So, I don't know why radius ignores my ldap data ...
Thxs for you help!
best
Bob Mancker [EMAIL PROTECTED] wrote:
rlm_mschap: Told to do MS-CHAPv2 for test with NT-Password
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
That's pretty definitive. The password you entered on the
supplicant doesn't match the password the server has.
Any idea what's wrong there?
Alexei Chetroi [EMAIL PROTECTED] wrote:
Hmm, documentation states that TCL was developed as language easy to
embed in other applications. That's strange for me it has memory leaks
problem. Anyway I'm going to do some experiments to see what happens.
It has *intentional* memory leaks.
Alex [EMAIL PROTECTED] wrote:
...
1) Do not CC me on posts to the list. I read the list, and I get
enough email already.
2) This is a ser problem, and has nothing to do with FreeRADIUS.
For some reason that i can not figure out i don't receive anything on
the radius logs.
Then fix the
Andre Herkenrath [EMAIL PROTECTED] wrote:
The Usernames can be e.g. [EMAIL PROTECTED] or [EMAIL PROTECTED]
I tried this with proxying on the same machine, but the authentication
against ads took a very long time so the main
Radius sent an reject.
That's a different issues which still MUST
Hello everyone, I am having an issue with radrelay and
wanted to run it through the list. I have googled the list but not found anything
with an error like this.
First off I would like to go over what I am trying to do on
the box to see if I am close on this one.
I have FreeRadius
Hi
Thxs for the fast reply!!
Ok, user steve (the one with the Auth-Type := Local) exists only for
testing purposes. With user-data in die local users file, the
nas-identifier works
So, I don't know why radius ignores my ldap data ...
Its not ignoring it, I think you just aren't
Dustin any input on this one?
Maqbool Hashim wrote:
Hi there,
I've finally come to a decision as to what sort of backend we're going
to use. Thanks for all the discussion it was very helpful in coming
to the final decision. Heres what I'm going to go with:
Use the UNIX
On Monday 18 April 2005 16:35, David Jones wrote:
So I end up with a command looking like this..
/usr/local/bin/radrelay -a /var/log/radius/raddact -d /etc/raddb/ \ -S
/path/to/clients.conf -r localhost:1646 detail combined
And I get. Secret in /path/toMerit/clients is to short.
David,
Are you sure you used the xpextensions file when you built your
server and client certificates? I had the same problem you describe
until I added the xpextension (OID) stuff to the certificates.
Try using the following resource, cut and pasting the commands
as they appear within the document. I
I am logging my data from cisco voip box to mssql on a
freeradius on Linux.
All these are working without problem but my question
now is one of the attribute sent by cisco, Acct-Session-Id,
somewhat is actuallly very long ( about 500 bytes ) and
I would like to truncate it and strip the
31 matches
Mail list logo
