I always run radiusd as root for my test !
But I've find the solution : In the radiusd.conf, at the beginning, we
can put an username and a group, I write radius in group and nobody
and user and it works !
Thank you.
-
List info/subscribe/unsubscribe? See
Thanks for the reply.
I'm not sure I explained my problem correctly.
I do authentication via radius to login to some router.
I'd like to be able to get "enabled mode" in that router by default.
For this I should specify privilege level 15.
In TACACS for instance I achieve this with $enab15$
Hi,
i have a problem with freeradius executing the checkrad script.
I get Check-TS: unknown error in waitpid()
child_pid = -1;
for (n = 0; n 10; n++) {
sleep(1);
radlog(L_ERR, pid: %d, pid);
child_pid = waitpid(pid, status, WNOHANG);
radlog(L_ERR, child_pid: %d,
Send instant messages to your online friends http://uk.messenger.yahoo.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi guys,
I am facing some problem with load balancing servers.
I have tow servers for the freeRADIUS under the load
balancing system. And both servers are accessible via
Virtual IP (212.X.X.12) .
The radius is configured with mysql server also I have
tow mysql server with clustering which one of
Hi,
the parser for Ascend-Data-Filter attributes in FreeRadius is very
rigorous, following the definition in the Ascend Radius guide.
However, the Ascend documentation seems to be a bit messy, since first
there is the definition:
Ascend-Data-Filter=ip dir action [dstip dest_ipaddr/subnet_mask]
I am trying to get free radius working with huntgroups and ldap.
A couple of problems are occurring?
(1) modcall[authorize]: module files returns notfound for request 1
But the user can still login how can I stop this?
(2) rlm_ldap::groupcmp: Group disabled not found or user not a
On Tue, 26 Apr 2005, alan walters wrote:
I am trying to get free radius working with huntgroups and ldap.
A couple of problems are occurring?
(1) modcall[authorize]: module files returns notfound for request 1
But the user can still login how can I stop this?
(2) rlm_ldap::groupcmp: Group
On Mon, 25 Apr 2005 [EMAIL PROTECTED] wrote:
I had this working, I don't know why but for some reason it doesn't anymore.
Any user in LDAP receives an Access-Accept. Here's my entire radiusd.conf and
the output of a user that is not in the VPN group receiving an Access-Accept
using radtest. Is
If the member is part of a group it is working now.
But when the user is not in a valid group this happens.
rlm_ldap::groupcmp: Group default not found or user not a member
ldap_release_conn: Release Id: 0
users: Matched DEFAULT at 28
this group is as follows
DEFAULT Auth-Type
Stephan Jaeger [EMAIL PROTECTED] wrote:
For testing purposes i replaced the call to rad_waitpid with waitpid.
As soon as the checkradius script is exiting the call returns with -1
and errno set to No child processes.
It's a bug in 1.0.x. The CVS head has fixes.
Alan DeKok.
-
List
Wolfgang Hottgenroth [EMAIL PROTECTED] wrote:
What do you think? (Just in case of: I would volunteer to deliver a
patch.)
Sure, submit a patch to bugs.freeradius.org
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Excellent! Kostas, you are the best. So, I'm back to square one. I'm sure I
accidently removed that while I was trying to fix an issue I'm currently
having, Perhaps someone can give advice on it?
I'm running freeradius 1.0.1 to authenticate wireless and VPN users, using
the NTpassword and
Yep, done.
Wolfgang
At Tue, 26 Apr 2005 09:53:49 -0400,
Alan DeKok wrote:
Wolfgang Hottgenroth [EMAIL PROTECTED] wrote:
What do you think? (Just in case of: I would volunteer to deliver a
patch.)
Sure, submit a patch to bugs.freeradius.org
Alan DeKok.
-
List
Hi all,
I'm setting up a radius server using a few realms and an ippool for each
of them.
Everything is working right till now.
The only thing I'm missing is the ability to log into mysql the
Framed-IP-Address taken from a pool (I have the ip logged when i specify
a Framed-IP-Address in the single
On Tuesday 26 April 2005 07:00, Abdul Lateef wrote:
And radius refused to accept the registration from the
device. Meanwhile the user name 123456 is correctly
entered in radcheck and radreply table.
I will be really appreciate if any one can redirect me
at such way.
Did you run in debug
On Tuesday 26 April 2005 02:33, Alexander Chuzhoy wrote:
Thanks for the reply.
I'm not sure I explained my problem correctly.
I do authentication via radius to login to some router.
I'd like to be able to get enabled mode in that router by default.
For this I should specify privilege
Can one pass AUTH from freeradius daemon to kerberos daemon? Both would
be running on same server. Was thinking It could be done using pam
radiusd but no joy.
Ted
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I have groups configured in the preprocess section.
If the user is in a valid group all is fine the user logs on.
But if the user is a valid user and not in a group they get logged in as well.
Is this the way freeradius should work???
Snip from users file
DEFAULT Huntgroup-Name =3D=3D
Hello all,
I'd like to run a Wireless LAN with a Windows XP SP2 Client, a FreeRADIUS
1.0.2 Server and a Windows 2003 Server with Active Directory. For the
authentication PEAP and MS-CHAPv2 is used. This scenario works quite well
when I am logged on as the local Administrator on the Client and I
My first FreeRadius Post, and I don't think I can answer your problem,
but I think I can clarify the problem.
When you configure the MSCHAPv2 properties in the Windows client, you
are selecting Automatically Use my Windows Username and Password (And
Domain if available) You get the error you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- From the comments in radiusd.conf (under the mschap config):
# Windows sends us a username in the form of
# DOMAIN\user, but sends the challenge response
# based on only the user portion. This hack
#
I cleared the check box, but the problem still exists. I think the problem
isn't the client, because I have used the same scenario and the same
configuration with the IAS Radius Server from Microsoft and all worked
well, but I won't use the IAS for this project. It is important for me to
get
I have already set it to yes, but it doesn`t work in my case.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- From the comments in radiusd.conf (under the mschap config):
# Windows sends us a username in the form of
# DOMAIN\user, but sends the challenge response
Hello!
Im' using freeradius 1.02 (under linux), Cisco AiroNet 1230B and PC-station
under Win-XP. And I have some problem with authorization.
Here parts of my configs:
users:
-
ttt Password ==
-
radiusd.conf:
-
authenticate {
#
Is there a How-to on using FreeRADIUS / PEAP / Active Directory
I've been trying to hobble along with
http://www.dslreports.com/forum/remark,9286052~mode=flat
But it wasn't for this specific instace.
I'm dying right now on this
snip
modcall: entering group authenticate for request 1
King, Michael [EMAIL PROTECTED] wrote:
/usr/local/sbin/radiusd: relocation error:
/usr/local/lib/rlm_eap_peap-1.0.2.so: undefined symbol: eaptls_process
Yuck. You're running an unfriendly OS.
The simplest way to fix this is to re-build re-install the server via:
$ ./configure
Ted Kaczmarek [EMAIL PROTECTED] wrote:
Can one pass AUTH from freeradius daemon to kerberos daemon? Both would
be running on same server. Was thinking It could be done using pam
radiusd but no joy.
See raddb/experimental.conf, and src/modules/rlm_krb5/
Alan DeKok.
-
List
Will do. I'm running Debian Sarge, but I built from source. I read the
change log that they can't distribute binaries, so they have disabled
ttls and peap in they're debian package
BTW, the testing Certs that were included, the CA is still good, but the
server and the client cert have expired.
The --disable-shared fixed that problem, and I replaced all the
certificates and I was successfully able to logon via TLS, and low and
behold. PEAP works now too.
Thanks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ok, scratch half of my last message. I left it configured for TLS.
PEAP isn't working for me.
I'm getting this failure:
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 14
rlm_mschap: No User-Password configured. Cannot create LM-Password.
Hey, Michael,
I'm betting your ntlm_auth command, where it uses the username, looks
like this:
--username=%{Stripped-User-Name:-%{User-Name:-None}}
This is the default. Try changing your ntlm_auth line in your
radiusd.conf to something like this:
ntlm_auth --request-nt-key
Just for the record, I was able to find a solution to my problem, and my
question.
Regarding the error, I found the fix to be a combination using the
with_ntdomain_hack = yes, and the modification to the hints file. In
order to allow everyone wireless access, while only granting members of
the
I've already done some work to get this working, its pretty much
finished, but I'll try to do finish it off in the next couple of week...
But in the meantime I can provide some patches?
I think there's also been patches added to provide hooks to check for a
client in a database at authentication
Are you trying to use TLS or PEAP? I'm not an expert but there are
some PEAP definitions in your config file that I think need to be changed
if you are attempting TLS. The most obvious is the default_eap_type
which should be tls.
default_eap_type = tls
Also, if you are attempting tls you don't
27 2005 13:06 frad :
Are you trying to use TLS or PEAP? I'm not an expert but there are
some PEAP definitions in your config file that I think need to be changed
if you are attempting TLS. The most obvious is the default_eap_type
which should be tls.
default_eap_type = tls
You right
Hi,
I used Windows zeroConfig to test PEAP
To seecaptured packet on my Freeradius server,
(Server is 172.16.254.12, andAP's address
is 172.19.0.10)
I found the last packet is "Access
Accept".
But in Zeroconfig, the status is alwaysin "Attempting to
authenticate"
The following is the
37 matches
Mail list logo