Hi!
I have a freeradius 0.9.3 with Solaris 8.
I got all the time these error messages:
Thu Apr 28 07:21:55 2005 : Error: rlm_radutmp: Logout entry for NAS
1.1.1.1 port 1610613128 has wrong ID
Thu Apr 28 07:22:05 2005 : Error: rlm_radutmp: Logout entry for NAS
1.1.1.1 port 1610613218 has wrong ID
Th
Hi!
I using freeradius for authentication and accounting.
I´m going to use some new realms, where incomming calls with those
realms, apart from being logged on my radius, will have to be replicated
to another radius server.
I made some tests with proxying with a test radius server, and
everythi
Hi Michael,
I will see this with Extreme Networks (Brazil).
Thanks for your help.
Michael Griego wrote:
Talk to your NAS vendor. That's completely insane for a NAS to rewrite
the User-Name, not to mention a violation of RFC 3579.
--Mike
Israel Fabio Alves wrote:
Hi,
I need help to solve a probl
Talk to your NAS vendor. That's completely insane for a NAS to rewrite
the User-Name, not to mention a violation of RFC 3579.
--Mike
Israel Fabio Alves wrote:
Hi,
I need help to solve a problem.
My configuration work 100% with Switch Cisco 2950.
Now I need use Switch from Extreme Networks (Summi
Hi,
I need help to solve a problem.
My configuration work 100% with Switch Cisco 2950.
Now I need use Switch from Extreme Networks (Summit 1i), but this Switch
sent request to Freeradius with this "[EMAIL PROTECTED]".
I think use attr_rewrite to change the request from this
"[EMAIL PROTECTED]" t
Hi,
my linux box ( suse 9.2 ) that I use as NAS for VPN ( poptop ) sends this
attribute, but it contains the IP address of the client. Is it possible to
change what NAS sends?
Regards,
Edvin Seferovic
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mich
Guy Davies wrote:
> The downside, you can't do it with the default MS 802.1x supplicant. :-(
Exactly. In our environment, it's very important that we not have to
install additional software on client machines. This rules out a GINA
plugin or different supplicant.
--Mike
---
Another way to achieve this is to use an 802.1x client with a GINA
module. Immediately after you enter your credentials in the Windows
login screen, the GINA module takes control and pauses the windows login
process. It uses the user's windows credentials to connect the user to
the network and, o
Alan DeKok wrote:
>What's so special about machine authentication?
I spent days and days trying to get this working. It won't happen
without, at the very least, cooperation from the Samba group.
Here's what I've been able to figure out so far (before I gave up as
other things needed my atte
Alan DeKok wrote:
What's so special about machine authentication?
Short Version. (Forgive my use of nomenclature)
When your sitting at a logon prompt at windows (Hit CTRL-ALT-DELETE), it
(the client machine) has no user credentials to perform an 802.1x
session. Hence, it has no network acces
Michael Griego <[EMAIL PROTECTED]> wrote:
> Currently, there is no way to fully do this inside of FreeRADIUS.
What's so special about machine authentication?
> This is the reason we set up an IAS server as a home server for
> machine authentications.
I'm sad to hear that.
> We proxy *onl
Could you share your proxy config? I have a radius server (Funk Steel
Belted Radius) that can do machine authentications.
Thanks.
Mike
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Michael Griego
Sent: Thursday, April 28, 2005 3:13 PM
To: freeradius
Currently, there is no way to fully do this inside of FreeRADIUS. This
is the reason we set up an IAS server as a home server for machine
authentications. We proxy *only* machine authentications to an IAS
server (member of the domain, of course). User authentications,
however, stay inside of
Has anyone figured a way to authenticate the computer account in Active
Directory? Other than pGina. I don't have the option of changing the
client OS.
radius_xlat: Running registered xlat function of module mschap for
string 'NT-Response'
radius_xlat: '/usr/bin/ntlm_auth --request-nt-key
--use
See Step 2 in this webpage
http://www.dslreports.com/forum/remark,9286052~mode=flat
It worked for me.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Zuromski, Brian
Sent: Thursday, April 28, 2005 12:32 PM
To: 'freeradius-users@lists.freeradius.org'
S
Hello,
I realize this has most likely been covered here many times.
However I can't find anything specific to help me out. I'm running FC3 and
have installed freeradius 1.0.1 rpm. My problem is that I'm having trouble
with the cert's. Now I know it's documented on now to create them ho
Hmm... That's a good point. I've updated the rlm_sql module in CVS to
handle this situation so that it more closely matches the users file
methodology (if there are no check pairs, then the section is
automatically matched).
Of course, I'm assuming you're using a CVS version of FreeRADIUS. I
If your NAS supports sending the MAC address, you will see it show up as
the Calling-Station-Id attribute. Your NAS must be sending this
attribute, though.
--Mike
Marc-Henri Boisis-Delavaud wrote:
How can I have the user mac adress in accounting files ?
Marc
- List info/subscribe/unsubscribe? S
How can I have the user mac adress in accounting files ?
Marc
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
have to accomplish the following - requests coming from the NAS should
check for the information locally (on the local PostgreSQL DB), but al
accounting data should be passed to another machine. Maybe inordinary
situation, but the things have collacated so that i should perform this
kind of set
Hi,
Token card support is based on the now obsolete X9.9 ANSI standard,
correct? From the documentation in freeradius I understand that the
challenge response algorithm is weak because it uses DES. The work
around suggested is to us sync mode. Fine.
Is using 3DES to solve the problem not an
hi,
i'm interesting in doing some pre-proxy processing.
pre-proxy:
* i need to restrict the attributes that are sent on to the
target/home radius server
* the documentation doesn't suggest that attr_filter can be used in
the pre-proxy{} section.
is this a su
Hi,
whats the background behind the radgroupreply table now only being read
if there are entries in the radgroupcheck table for this group?
I just want to add reply attributes for some groups which is not
possible any more like it was done before. Whats the intended way now?
Regards
Stephan Jae
Hi,
I'm just having a discussion about proxy-timeouts with a downstreaming
requesting it to be at least 30 seconds..
Besides that don't see why this piece of crap there should be given 30 secs to
do a simple authentication ;) I'm concerned this will break up my failover in
case any primary RA
24 matches
Mail list logo
