Hi,
Make sure that the server name you specify in the LDAP
module section matches with the CN in the certificate used
by the eDirectory LDAP server. e.g if your LDAP server is
using SSL CERT DNS, write the hostname as the server name.
If you are using SSL CERT IP, write the IP address of the
se
Hello
I want My Radius server not to access the clients IP List, and it
should entertain everyother IP which sends the request. It must not
block the IP to get info. HOw can i do this?
Second, if there is any way that radius server should look for Mysql
database for the IP which tries to connect
Title: Re: EAP/TLS and XP client
Alan,
Thanks for the response. Here’s the server debug output in the attached file.
Thanks,
Kevin Sochacki
On 7/18/05 3:14 PM, "Alan DeKok" <[EMAIL PROTECTED]> wrote:
ksochack <[EMAIL PROTECTED]> wrote:
> I configured a freeRADIUS(RH-FC4) server to authenti
Hi all,
Our setup in LDAP right now is: ou=People,dc=domain,dc=net
Under the Organizational Unit of "People", we have our posixAccount users,
which have valid UNIX uid's and have email accounts.
However, not all of our Email users (ou=People) have radius accounts as well,
and sometimes, user
On Mon, 18 Jul 2005, Matt Juszczak wrote:
> Hi all,
>
> Our setup in LDAP right now is: ou=People,dc=domain,dc=net
>
> Under the Organizational Unit of "People", we have our posixAccount users,
> which have valid UNIX uid's and have email accounts.
>
> However, not all of our Email users (ou=Peopl
"Will Carter" <[EMAIL PROTECTED]> wrote:
> 1. I have a separate database from radius that authenticates the user's
> login/password. I delete all rows from from radcheck for this user. I delete
> all rows from radreply for this user. I add back a radcheck record and
> radreply session-timeout recor
Tore Anderson <[EMAIL PROTECTED]> wrote:
> Thanks for the tip, but I'm after a script that can encrypt/decrypt
> the User-Password attribute of a RADIUS Access-Request packet, not
> the stuff in /etc/passwd on a UNIX machine.
See src/lib/radius.c
It should be a matter of a few minutes to
Hi,
I configured a freeRADIUS(RH-FC4) server to authenticate Proxim AP700
clients via eap/tls. The radius server processes the authentication request
and challenges however in the logs I don't see 'access-accepted' messages
(see detailauth log below). The AP monitor shows a number of request and
ksochack <[EMAIL PROTECTED]> wrote:
> Thanks for the response. Here's the server debug output in the attached
> file.
Which shows neither a reject nor an accept. This means that the NAS
(or supplicant) stops talking to the server, for reasons only it knows.
See if there's a debug log on the
* Tore Anderson
> Hi. Does anyone have a script that implements the encrypting/
> decrypting algorithm of User-Password that they'd like to share? I
> want to be able to input the Authenticator, shared secret, a
> password, and then get the encrypted password in return (or vice
> verca).
* Bil
ksochack <[EMAIL PROTECTED]> wrote:
> I configured a freeRADIUS(RH-FC4) server to authenticate Proxim AP700
> clients via eap/tls. The radius server processes the authentication request
> and challenges however in the logs I don't see 'access-accepted' messages
> (see detailauth log below).
And
DALE REAMER <[EMAIL PROTECTED]> wrote:
> In tls.c I want to add some code to tls_handshake_send:
So add the code, and do "make;make install" from the top of the
tree.
> So I just want to biuld tls.c and use it.
What's wrong with the usual "make" process?
Alan DeKok.
-
List info/
Hi,
First, sorry for the long post...
I am new to radius in general and freeradius and am attempting to set up a
credit card based wifi access point where you can buy time to surf the
internet for certain alotments of time. The configuration should kick them
off when their alloted paid for time e
Roy D. Hockett wrote:
> I am trying to figure out a way to have different groups of realm proxies
> for different NAS/huntgroups. For example, for a VPN resouces I don't
> want realms, but for wireless/wired 802.1x I want to be able to forward to
> other realms.
In the "users" file:
DEFAULT H
I appoligize if this question is covered somewhere, in docuementation, but
I haven't found it. If you can point me to I would greatly appreciate it.
I am trying to figure out a way to have different groups of realm proxies
for different NAS/huntgroups. For example, for a VPN resouces I don't
Hi, everybody
I am using freeradius 1.0.2.
I am treating to use Attributes of aruba,
for what I had to add dictionary.aruba file to the
directory:
/usr/local/radius/share/freeradius/,
and, in the file:
/usr/local/radius/etc/raddb/dictionary,
I add the following line:
$INCLUDE/usr/local/radius
On Mon, Jul 18, 2005, Tore Anderson wrote:
>
> Hi. Does anyone have a script that implements the encrypting/
> decrypting algorithm of User-Password that they'd like to share? I
> want to be able to input the Authenticator, shared secret, a
> password, and then get the encrypted password in retu
Fechete Raul <[EMAIL PROTECTED]> wrote:
> thank you for your answer. that might just be it! :-) i have a test
> client also programmed by a colleague, that starts a number of threads (for
> each authorization one) that in the beginning wait for a semaphore. after
> all threads are ready, the semap
Roger Kristiansen <[EMAIL PROTECTED]> wrote:
> For some (quite a few, actually) session, we get two almost identical
> entries.
>
> Could this be because freeradius does something like this:
It logs the packets that the NAS sends. If the NAS sends a number
of packets simultaneously, FreeRADIU
Fechete Raul <[EMAIL PROTECTED]> wrote:
> what bothers me is that the
> freeradius is handling such a small amount of authorizations, and keeping
> the processor usage below 10%. (?!) why doesn't it take 90% and do in the
> mean time more work?
It's limited by how fast the packets are being sent
Tore Anderson <[EMAIL PROTECTED]> wrote:
> > Huh? You don't configure reply attributes in radiusd.conf
>
> Sure I do. Relevant parts of my radiusd.conf:
>
> modules {
> attr_rewrite add_class {
Ah. You're configuring a module. Most modules read the attributes
from a database.
>
On Monday 18 July 2005 10:10, Marcin Jessa wrote:
> On Mon, 18 Jul 2005 15:12:00 +0200 Erling Paulsen <[EMAIL PROTECTED]>
wrote:
> > Hello.
> >
> > Right now I'm running multiple servers for listening to multiple ports,
> > for having the option of accomadating both NAS'es that use the old 1645
>
Hi,
I tried to compile 1.0.4 with support for mysql and postgresql, but
compilation failed for rlm_sql
I then tried with snapshot-20050718 but with the same result.
Platform is i386, OS is CentOS 3.4
Below the make output of both attempts.
Anybody any ideas?
freeradius-1.0.4:
Making static
On Thu, 14 Jul 2005, Shelbyville.Unwired wrote:
> I would like to check group membership before authenticating user
> login requests.
>
> I currently have radiusd.conf setup such that all users can login.
> However after spending several days reading man pages, and searching
> these archives I hav
May I ask why do you want to do such a thing?
On Mon, 18 Jul 2005 15:12:00 +0200
Erling Paulsen <[EMAIL PROTECTED]> wrote:
> Hello.
>
> Right now I'm running multiple servers for listening to multiple ports,
> for having the option of accomadating both NAS'es that use the old 1645
> port and t
Hello.
Right now I'm running multiple servers for listening to multiple ports,
for having the option of accomadating both NAS'es that use the old 1645
port and the ones using the newer 1812 port for requests.
Is there a possibillity to have one radiusd listen to more ports, or do I
have to reconf
Title: Re: freeradius performance & cpu usage
Nicolas Baradakis wrote:
>> what bothers me is that the freeradius is handling such a small
>> amount of authorizations, and keeping the processor usage below
>> 10%. (?!) why doesn't it take 90% and do in the mean time more work?
freeradius 1.0.4 compiled with -edir support on Solaris 9.
After configuring and running freeradius, I issue a query from the
command line
radtest VALID-USER VALID-USER-PASSOWRD localhost 389 testing123
I seem to be getting an error
rlm_ldap: could not set LDAP_OPT_X_TLS_CACERTFILE option
Fechete Raul wrote:
> what bothers me is that the freeradius is handling such a small
> amount of authorizations, and keeping the processor usage below
> 10%. (?!) why doesn't it take 90% and do in the mean time more work?
Perhaps the client doesn't send enough requests to make the server
busy. H
Alan DeKok wrote:
Can I get freeradius to log every "Alive" message to the database,
so that I at least know when the last "Alive" was received?
See "accounting_update_query", which is run for Alive (i.e.
Interim-Update) packets.
Ok, thanks for clearing up a few things. We seem to hav
Title: freeradius performance & cpu usage
hello,
i have the following problem. i'm running freeradius (with the eap-sim module, and a special module a colleague of mine wrote) on a dual 3 ghz xeon, and all that i'm getting out of it are 25 (?) authorizations per second. i wanted to s
Hi. Does anyone have a script that implements the encrypting/
decrypting algorithm of User-Password that they'd like to share? I
want to be able to input the Authenticator, shared secret, a
password, and then get the encrypted password in return (or vice
verca).
Thanks
--
Tore Anderson
* Tore Anderson
> If I add a verbatim null-byte in radiusd.conf
* Alan DeKok
> Huh? You don't configure reply attributes in radiusd.conf
Sure I do. Relevant parts of my radiusd.conf:
modules {
attr_rewrite add_class {
attribute = Class
searchfor = ignored
searchin
33 matches
Mail list logo