Hi,
I try to implement EAP/TLS for network users in company I work.
Authentication is works only for one certificate. When I create a second
certificate and concatenate with the first certificate using 'cat', both
certificates does not work . The error it gives is shown below (error is in
the
Hi,
look in /etc/raddb for the ldapattr.map file. That file contains mappings
from Radius attributes to the ones in LDAP. There are Reply- and Check
Items. Just alter the file so that User-Password maps to userPassword or
sambaNTPassword.
Regards,
Edvin Seferovic
-Original Message-
From
Luis Daniel Lucio Quiroz <[EMAIL PROTECTED]> wrote:
> uid: AP-DATI
> userrPassword: cisco1234
> sambaNTPassword: 3B298390489F668CA3C38047C7FE1266
> sambaLMPassword: 8BE57A0FA91F460C19F10A933D4868DC
>
> How should I fix this?
Add the following to ldap.attrmap:
checkItem NT-Password
Ehlo
We are usign Cisco1200 AP for roaming, but AP needs to auth into radius.
Because CISCO it must use LEAP. But it fails on this
rlm_eap: EAP/leap
rlm_eap: processing type leap
rlm_eap_leap: No User-Password or NT-Password configured for this user
rlm_eap: Handler failed in EAP/leap
r
Seferovic Edvin escreveu:
CAN YOU PLEASE TURN OF THIS AUTOMATIC RESPONDER ! OR CAN SOMEONE UNSUBSCRIBE
HIS EMAIL ADDRESS FROM THIS LIST!
Thank you in advance.
Regards,
Edvin Seferovic
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kim
Sent: Dien
CAN YOU PLEASE TURN OF THIS AUTOMATIC RESPONDER ! OR CAN SOMEONE UNSUBSCRIBE
HIS EMAIL ADDRESS FROM THIS LIST!
Thank you in advance.
Regards,
Edvin Seferovic
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kim
Sent: Dienstag, 31. Mai 2005 19:38
To: fre
Please resend this message to Kim Jones'
new email address. Thank You.
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Seema Sirivara <[EMAIL PROTECTED]> wrote:
> The attribute is of type octets and hence I cannot
> specify the Prefix in standard IPv6 address format..
> (Ex - 3001::1 etc)
>
> I am using FreeRADIUS Version 0.9.3.
Which doesn't support IPv6.
Try using 1.0.2.
Alan DeKok.
-
List info/subscr
"Pete Flynt" <[EMAIL PROTECTED]> wrote:
> I configured the LDAP modules and I am able to access Active directory for
> username lookup but the authentication fails because of the password that
> cannot be supplied in cleartext.
Yup. Ask Microsoft to change it.
> How can I solve this issue?
>
Maxim Hitrov <[EMAIL PROTECTED]> wrote:
> Can i use FreeRadius as intermadiate Radius that will change and forward
> Access-Requests params?
Yes. You should be able to do this using the "preproxy_users" file:
DEFAULT
Calling-Station-Id = "%{Framed-IP-Address}"
Alan DeKok.
-
List i
Vittore Zen wrote:
I'm using freeradius (+mysql) in a wireless infrastructure with a
dozen of linksys WAP54G access point (using AES).
Authentication is PEAP with mschapv2.
All go right when use Windows clients but no response using Mac Os X
clients.
Any ideas? Someone says me that MacOsX use
Mikko Saarinen <[EMAIL PROTECTED]> wrote:
> I'm trying to test the PEAP support, but Freeradius 1.0.2 dies when
> it loads and configures the tls module. In older version 0.9.3 the
> tls works a-ok, but it has no peap support.
>
> Anyone have idea if this is a known problem and if there is version
"Andreas Korber" <[EMAIL PROTECTED]> wrote:
> What i am doing wrong? The creation of my certificates for EAP/TLS with
> CA.all or CA.certs always end with an message like this:
It looks like the version of OpenSSL you have is different than the
one the script is expecting.
At this point, I su
[EMAIL PROTECTED] wrote:
> i want to allow nas's behind a flatrate to talk
> with my freeradius server.
> these nas's has dynamis ip's.
> has anybody an idea how i could deal with that.
>
> at the moment i have a client named 0.0.0.0/0 in the clients.conf
> file - but that means that every nas hav
vicky <[EMAIL PROTECTED]> wrote:
> What am I missing?
If you're not going to use rlm_x99_token, just delete that directory.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Arne =?utf-8?q?G=C3=B6tje?= (=?utf-8?q?=E9=AB=98=E7=9B=9B=E8=8F=AF?=)" <[EMAIL
PROTECTED]> wrote:
> I'm trying to authenticate users against a Windows AD server using the
> krb5 module... but due to missing documentation on how to do this, I'm
> stuck.
The rlm_krb5 module takes a clear-text pas
Radius <[EMAIL PROTECTED]> wrote:
> I'm sure I missed a setting or something. We changed providers as well
> as our IP address's 4 days ago. Ever Since we did, no detail logs are being
> created by FreeRadius 9.3 Everyone can get logged in and realms are working
> fine, just no detail log. Any Idea
Hi,
Can anybody please let me know the usage format of
Framed-IPv6-Prefix attribute. I need to use in a user
file record, but radius does not seem to send out
the correct address.
The attribute is of type octets and hence I cannot
specify the Prefix in standard IPv6 address format..
(Ex - 3001::1
Please resend this message to Kim Jones'
new email address. Thank You.
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The attribute "Calling-Station-Id" is already defined as a checkItem, you
should add it to a user or group profile using the operator ":="
HTH
- Original Message -
From: "Ernesto Freyre Ramírez" <[EMAIL PROTECTED]>
To:
Sent: Monday, May 30, 2005 9:48 AM
Subject: controlling the auth by
Ekkehard Burkon wrote:
did anyone successfully authenticate against a Mac OS X
servers Open Directory?
I need it for 802.1x/WPA.
Are there any docs on the web?
OpenDirectory is an OpenLDAP hack so OpenLDAP docs should work. Please
check out
http://vuksan.com/linux/dot1x/802-1x-LDAP.html
Hi,
did anyone successfully authenticate against a Mac OS X
servers Open Directory?
I need it for 802.1x/WPA.
Are there any docs on the web?
Thank you for any help.
Ekkehard
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I know what you mean about the lack of documentation for using Kerberos
authentication with FreeRadius. I pieced together the correct method using
the documentation from the distribution, emails in the archives of this
mailing list and trial and error. I am authenticating with the SEAM
proces
Hi,
> I built the code in a "clean" directory so to say. There was nothing in
> /opt/freeradius1.0.2/ before I made
> #./configure --prefix=/opt/freeradius1.0.2/
> I just reset everything and retried, but still the same compilation
> error. Do you have any other suggestions?
looks like it cant
Thiago Felipe de Andrade <[EMAIL PROTECTED]> wrote:
You'll probably get more help if you post your message to the list
in straight text instead of HTML.
Jim
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Vittore Zen <[EMAIL PROTECTED]> wrote:
>
> Hi,
>
> I'm using freeradius (+mysql) in a wireless infrastructure with a dozen
> of linksys WAP54G access point (using AES).
> Authentication is PEAP with mschapv2.
> All go right when use Windows clients but no response using Mac Os X
> clients.
> An
Hi,
I'm have a problems with FreeRadius with authentication. If de user
login [EMAIL PROTECTED] and password=null, the conection is estabilished,
and I have the restrictions groups to access my RAS with freeradius
My provider said that the problem is time of request...,
Can you help?
Hello,
My network environment looks like the following:
WinXP client --- Cisco Switch --- FreeRadius Server --- DC(Active Directory)
I am able to authenticate the WinXP client with the local users file and
EAP.
Now I want FreeRadius to lookup the user credentials in Active Directory.
I config
Hi.
Filter here is a usual LDAP filter, you can find some good examples in
OpenLDAP documentation or man pages.
Or you can check here. http://www.zytrax.com/books/ldap/apa/search.html
The complete RFC for this is # 2254.
A.
José Berenguer wrote:
Hello,
Anyone can tell me where can I fin
Please resend this message to Kim Jones'
new email address. Thank You.
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello
I have a radius server that receives Access-Requests params from another Server (an application).
Application sends an value under one param (Framed-IP-Address), but Radius server are configured to read this value in another param (Calling-Station-Id).
So, i need to have something intermediat
Hello,
Anyone can tell me where can I find some instructions about how to
configure the "filter=" option in the "module ldap" subsection of
radiusd.conf?
Thanks a lot!
--
**
José Berenguer Giménez
Rupak,
I built the code in a "clean" directory so to say. There was nothing in
/opt/freeradius1.0.2/ before I made
#./configure --prefix=/opt/freeradius1.0.2/
I just reset everything and retried, but still the same compilation
error. Do you have any other suggestions?
Thanks a lot!
Vicky
R
I also had the same problem.Later on I came to know that I had to again
./configure --prefix=- to another fresh unpacked tarball.Not in the old
unpacked tar ball.just again try tar -xvf freeradius-1.0.2.tar and again
./configure then make then again make install. This time try and give
anoth
Please resend this message to Kim Jones'
new email address. Thank You.
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I checked bu there is no "mysqld.sock" in /var/run/mysqld. May be because my
sql is not started. Because it gives back an error telling that " mysqld
dead but subsys locked
Rupak
Rupak wrote:
>Ya you must be right. I have'nt configured the file /etc/my.cnf.I saw the
>file and found that the valu
Hi Stéphane (and all the others of course),
Thats is what I was trying to do, configure and install the new version
elsewhere but still on the same machine (I'm gonna set the default ports
to something else so there will be no conflicts). Now I've downloaded
version 1.0.2 and I get a compilati
Thanks Jim,
I've added the offender to my blocked sender list
. ;-)
Chris
- Original Message -
From: "Jim Seymour" <[EMAIL PROTECTED]>
To:
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, May 31, 2005 1:17 PM
Subject: Re: Please resend this message to Kim Jones'
"Christoph
Please resend this message to Kim Jones'
new email address. Thank You.
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Rupak wrote:
Ya you must be right. I have'nt configured the file /etc/my.cnf.I saw the
file and found that the value of user= was set to mysql. Where as in the
sql.conf file I pointed out the following
Login = "root"
Password = "password".But I don't know how to configure mysql.Does any one
hav
Rupak wrote:
Ya you must be right. I have'nt configured the file /etc/my.cnf.I saw the
file and found that the value of user= was set to mysql. Where as in the
sql.conf file I pointed out the following
Login = "root"
Password = "password".But I don't know how to configure mysql.Does any one
hav
Continuing with huntgroups and groups. I followed the most recent
instructions below.
The client uses the default group below.
I see the reply message come through in the request
But the request gets access accept instead of access reject?
>
>
Hey,
Not sure if this would belong to devel list, but still.
I'm trying to test the PEAP support, but Freeradius 1.0.2 dies when
it loads and configures the tls module. In older version 0.9.3 the
tls works a-ok, but it has no peap support.
Anyone have idea if this is a known problem and if there
Hello Vicky,
Haven't you try to copy your config files and do the upgrade on a test system ?
(create an exact replica on another machine and upgrade it)
I think it would be useful to post an "howto to upgrade from xxx to yyy" once
you've done it.
regards,
Stéphane
-Message d'origine-
Hi list subscribers, hi list admins, (again)
I'm running a freeRADIUS server version 0.8.1 (I know it is ancient) and
I want to upgrade it to the latest version available. I have been trying
to find some kind of procedure to upgrading but with no success. Does
anyone know how to (in a fairly simp
U dont have to change anything to my.cnf as when u install the new
rpm, the cnf file will be automatically adjusted. After succesful
installation, run the mysql client. After the successful running, do
some changes to sql.conf in raddb as u wish. for tutorial , try mysql
website as they got good ma
Ya you must be right. I have'nt configured the file /etc/my.cnf.I saw the
file and found that the value of user= was set to mysql. Where as in the
sql.conf file I pointed out the following
Login = "root"
Password = "password".But I don't know how to configure mysql.Does any one
have a link to a go
Hi list,
I'm trying to authenticate users against a Windows AD server using the
krb5 module... but due to missing documentation on how to do this, I'm
stuck.
When I try to get a Kerberos ticket using kinit on the radius machine,
it works. But when I try to use the krb5 module, it always gives
Please resend this message to Kim Jones'
new email address. Thank You.
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> Thank you for the reply I think I have compiled free radius with mysql
> support because I had installed it --with-experimental-modules.Now if I
> start the sql server by giving the command "mysql -u root -p rootpass radius
> < db_mysql.sql" then it returns me with the following error
>
> E
Well I have installed the following things of my sql.The things are the
following.
rpm -q mysql--it is installed
rpm -q mysql-server--it is installed
rpm -q mysql-devel---it is installed.
These packages were installed from redhat9.But when I start the service
Service mysqld start/status it says
Hi,
What i am doing wrong? The creation of my certificates for EAP/TLS with
CA.all or CA.certs always end with an message like this:
-
Country Name (2 letter code) [AU]:State or Province Name (full name)
[Some-State]:Locality Name (eg, city) []:Organization Name (eg, company)
[Internet Widgits
Hi all.
I'm trying to set up a fully operational adsl access router so i mean,
I have a cisco 7200 as access server (NAS) and a freeradius. Everythings
works fine (dynamic and one static IP assignement) exept for the multi
IP assignement (so one starting IP and a netmask). In this case the
c
Try installing the Mysql rpm separately and then check wether ur MySQL
is running correctly or not.
Try this tweak,hope it will clear the mess.
On 6/1/05, Rupak <[EMAIL PROTECTED]> wrote:
>
> Thank you for the reply I think I have compiled free radius with mysql
> support because I had installed
Hi,
I'm using freeradius (+mysql) in a wireless infrastructure with a dozen
of linksys WAP54G access point (using AES).
Authentication is PEAP with mschapv2.
All go right when use Windows clients but no response using Mac Os X
clients.
Any ideas? Someone says me that MacOsX use a tunnel with
Thank you for the reply I think I have compiled free radius with mysql
support because I had installed it --with-experimental-modules.Now if I
start the sql server by giving the command "mysql -u root -p rootpass radius
< db_mysql.sql" then it returns me with the following error
Error 2002: can't
56 matches
Mail list logo
