Hello, Alan DeKok and other guys:
I am trying to install radius and ser. i uncomment the digest in
raiudsd.conf and create digest file and test in users file. now the problems
are:
1) where should i put the digest file?
2) when run: radiusd -X and display can not find the digest modules.
Add command 'dot1x system-auth-control' for the switch.
- Original Message -
From: Rafael DiazMaurin [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Cc: [EMAIL PROTECTED]
Sent: Tuesday, August 09, 2005 22:41
Subject: Re: Pb with EAP/MD5
I wanna uninstall it and install another .tar freeradius.
Can anyone tell howto?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jefri bin Dahari a écrit :
Add command 'dot1x system-auth-control' for the switch.
Thank you, that was the solution !
But before adding this command, we need to delete all the dot1x
parameters on each port of the switch, if not the IOS, refuse to add
this command.
Thanks eveyone helps
On 8/11/05, Alan DeKok [EMAIL PROTECTED] wrote:
We have to migrate our user database to another billing system but we
can't migrate all users and reconfigure all routers simultaneously.
Presumably we can migrate about 50-100 user of several thousands every
day, and we want to make this
Hi,
ist it possible to authenticate an user with eap-ttls using PAP with an
Crypt-Password?
The Crypt-Password is obtained by an LDAP-Server.
I can do eap-ttls using MD5/PAP with an cleartext Password.
thanks
Florian
--
--
Dipl.
Florian Prester wrote:
ist it possible to authenticate an user with eap-ttls using PAP with
an Crypt-Password?
The Crypt-Password is obtained by an LDAP-Server.
I can do eap-ttls using MD5/PAP with an cleartext Password.
Yes you can, however you have to configure your clients to use
Hi All,
I have put together a freeradius server to
authenticate users existing on our oracle LDAP directory. The issue that I
have is getting the passowrd from oracle. I can probe the LDAP, get a user
authorized and fallback to the default for the passowrd check which is the
"system". It
Hi All,
I was wondering of anyone knows of an automated utility for importing
certificates into the stores on XP instead of using 'mmc'. I would like to
set something up where the first time an user logs on the utility import the
certificate in to the personal stores.
TIA
Kevin Sochacki
-
List
Hi,
Firstly, sorry about the vague subject line! Here's the scenario:
- FreeRADIUS 1.0.4 running on OpenBSD 3.7
- Netgear WAG302 access points (configured for WPA/TKIP)
I'm using PEAP and MSCHAPv2 to authenticate wireless folk against our
Windows domain controller with ntlm_auth. As things
zhu lizhong [EMAIL PROTECTED] wrote:
1) where should i put the digest file?
Huh?
2) when run: radiusd -X and display can not find the digest modules.=20
...
ERROR: Cannot find a configuration entry for module digest.
Read the rest of radiusd.conf.
Alan DeKok.
-
List
Allan Borman [EMAIL PROTECTED] wrote:
However our LDAP uses oracle on the back end to check the password.
Has anyone configured radius to do this?
Nope. How does LDAP use oracle? Find that out, and you might be
able to configure FreeRADIUS to do the same thing.
Alan DeKok.
-
List
Vladimir Vuksan wrote:
Florian Prester wrote:
ist it possible to authenticate an user with eap-ttls using PAP with
an Crypt-Password?
The Crypt-Password is obtained by an LDAP-Server.
I can do eap-ttls using MD5/PAP with an cleartext Password.
Yes you can, however you have to configure
Active Directory has this support. I'm not sure how it's used, but I
know it's there.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of ksochack
Sent: Thursday, August 11, 2005 10:56 AM
To: FreeRadius users mailing list
Subject: Deploying
Hi,
I am running FreeBSD5.4 and freeradius 1.0.4 is working fine with radwho and radlast.Problem is when I issue radzap command to any logged user, I geterror like " Starting reading configuration file.port 1813 is used by another radius server". Please help.
Thanks
Md. Soheb Ahmed
Soheb Ahmed [EMAIL PROTECTED] wrote:
I am running FreeBSD5.4 and freeradius 1.0.4 is working fine with
radwho and radlast. Problem is when I issue radzap command to any
logged user, I get error like Starting reading configuration
file.port 1813 is used by another radius server. Please
Florian Prester wrote:
The Crypted-Password is working and it is available as Crypt-Password.
(Tested with ntradping).
I added DEFAULTAuth-Type := pap at the end of the
users-file, without it wants to use ldap-authentication!
You should set Auth-Type := pap
See
Ian Chard [EMAIL PROTECTED] wrote:
When a client fails to connect, the output of radiusd -X shows that
the daemon sends the first EAP challenge, but never receives a reply
(tcpdump on the OpenBSD box confirms this). The symptoms are the same
regardless of the type of client.
If this is
Hi,
Thanks for your reply. I have used port collection of FreeBSD on line to install freeradius.Alan DeKok [EMAIL PROTECTED] wrote:
Soheb Ahmed <[EMAIL PROTECTED]>wrote: I am running FreeBSD5.4 and freeradius 1.0.4 is working fine with radwho and radlast. Problem is when I issue radzap command to
SP2 has a stupid problem where it won't talk to non-MS RADIUS
servers. There's a fix, though.
If anyone needs this hotfix, let me know. MS sent it to me, but their
ongoing support is a PITA -- I told them thanks and to close the ticket,
but they kept e-mailing me so I finally told them what I
Hi,
I'm having some problem with sending SQL query to MSSQL 7.0 Server through
UnixODBC driver of FreeRadius (module rlm_sql_unixodbc)
with error:
rlm_sql_unixodbc: ' [unixODBC][FreeTDS][SQL Server]Unclosed quotation mark
before the character string ''.'
My SQL query is a stored procedure
Oleg Motienko [EMAIL PROTECTED] wrote:
This is impossible because of old and new billing system use different
password encryption in database, running on different OS and also use
different software for radiusd.
If you're only using FreeRADIUS to migrate from one non-FreeRADIUS
solution to
Florian Prester [EMAIL PROTECTED] wrote:
I configured as you told, but I still get an error at the freeradius:
You haven't shown the contents of the packet.
Thu Aug 11 17:06:02 2005 : Auth: rlm_pap: Attribute Password is
required for authentication.
You've told the server to do PAP
Soheb Ahmed [EMAIL PROTECTED] wrote:
Thanks for your reply. I have used port collection of FreeBSD on
line to install freeradius.
So? My statement is still true.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Allan Borman wrote:
I have put together a freeradius server to authenticate users existing
on our oracle LDAP directory. The issue that I have is getting the
passowrd from oracle. I can probe the LDAP, get a user authorized and
fallback to the default for the passowrd check which is the
Could you be more specific about the fix?
How about a KB article number? or keywords that hit on MSDN?
Thanks,
Dave.
- Original Message -
From: Alan DeKok [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Subject: Re: EAP challenge gets ignored
David Mitton [EMAIL PROTECTED] wrote:
Could you be more specific about the fix?
How about a KB article number? or keywords that hit on MSDN?
windows xp sp2 radius hotfix in Google brings up:
http://support.microsoft.com/default.aspx?scid=kb;en-us;885453
It looks like they updated the
Kris and List
Still having no luck getting rlm_ldap to work. I used a packet sniffer to
check traffic and all I see is a SYN packet to the ldap and the a SYN back
to the radius followed by a RST packet from the radius server to the ldap.
Cannot decipher any user details in the first packet so I
Hi again,
Is there anyway to test for Simultaneous use without checkrad? I have read
past posts about using an sql only method and I understand this has it's
own problems. However, if anyone has any docs which could help me out it's
appreciated. Ideally I would like to have checkrad speak
Hi Valdimir,
Thanks for the reply. Would it help if I send you the debug info on the
RADIUS. If you are interested let me know.
Regards,
Allan Borman.
- Original Message -
From: Vladimir Vuksan [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Robin [EMAIL PROTECTED] wrote:
Is there anyway to test for Simultaneous use without checkrad?
Yes. The server already does this.
As I said, the server maintains a database. The only purpose of
checkrad is to catch corner cases.
I have read past posts about using an sql only method and I
I am trying to speak between my Freeradius server and a Cisco WLSE. I am seeing
EAP timeouts while WLSE is trying to authenticate through Freeradius.
I have setup the AAA details (server,port,username,password,eap protocol) in
the WLSE, and enabled fault tracking, so that polling is able to take
Allan Borman wrote:
Hi Valdimir,
Thanks for the reply. Would it help if I send you the debug info on the
RADIUS. If you are interested let me know.
I don't think that would help any. First of all you have to make sure
that LDAP is providing the right information before you try to get it
hi all!
i am trying to set up eap/tls using freeradius (1.0.4, on debian sarge, built
package with option -disable-shared) and ran in the following problem:
if i am using the wrong certificate (both client and server certs were build
like the ones in the freeradius package using adapted CA.certs)
hi all!
first what i am using:
- freeradius 1.0.4 (on debian sarge, package built with -disable-shared)
- mac os x 10.3.9
- self-signed certificates built in a similar way than the ones in the
package/tarball (just adapted the CA.certs script)
my users file contains in addition to the unchanged
hi all!
what i am dreaming of (at least regarding radius ;-) ):
- wlan with wpa/802.1x using freeradius
- clients mostly windows xp, several mac os x, few linux (unimportant right now)
- the normal users (known to the local unix network the accesspoint/switch is
connected to via nis or (some day)
Markus Krause [EMAIL PROTECTED] wrote:
when trying to establish a connection from the mac powerbook using 802.1x and
client certificate i get a working connection if i enter anything but
testuser2, even a wrong password or no pasword or username at all works!
with
testuser2 i get an error
Markus Krause [EMAIL PROTECTED] wrote:
what i am dreaming of (at least regarding radius ;-) ):
- wlan with wpa/802.1x using freeradius
- clients mostly windows xp, several mac os x, few linux (unimportant right
now)
- the normal users (known to the local unix network the accesspoint/switch
I was wondering if it is possible to modify the accounting queries to
accept our own Vendor Specific Attributes.
I would like to insert the Ascend-Data-Rate attribute we receive from
our Ascent (Lucent) MAX TNT machine running TAOS 11. Upon browsing the
sql.conf file, my thinking was that if
Wesley Spadola [EMAIL PROTECTED] wrote:
I was wondering if it is possible to modify the accounting queries to
accept our own Vendor Specific Attributes.
Yes. That's why they're text.
my thinking was that if most of the attributes get %{} escaped and
turned into variables that are
Dear all,
FB: 4.11
FR: 1.0.4
mysql: 4.1
From sql.conf file, I would to add one more checking for simul. use i.e
NAS-Port-Type... and changes as below:- Seems working..
Just wanna confirmation regarding simul_verify_query ... what exactly
this line do? I know it do verification .. but for
Rohaizam Abu Bakar [EMAIL PROTECTED] wrote:
Just wanna confirmation regarding simul_verify_query ... what exactly
this line do? I know it do verification .. but for what purpose..
...
# Simultaneous Use Checking Queries
doc/Simultaneous-Use
Alan DeKok.
-
List
42 matches
Mail list logo