Hello,
I'm using FreeRADIUS-1.0.5 on Windows XP and Windows XP client.
And I'm attempting PEAP authentication.
I was using the certificate published by OpenSSL, I revoked this certificate.
(Herewith, this certificate's information was written on CRL.)
And I attempted PEAP authentication by this
Matt Juszczak wrote:
Hi all,
We've got our freeradius servers working with LDAP fine, except for
CHAP. Originally, the logs were saying Invalid user \\user, but we
fixed that by enabling an option in radiusd.conf.
Now, when we dial up without encrypted password enabled, the connection
Phil Mayers wrote:
Christophe Gravier wrote:
My password are not stored in LDAP in clear text but hashed using SHA
algorythm, so this won't work ;-(
Ok, let's take a breath. First things first:
If your passwords are in SHA (which they are) your Radius server will
ONLY be able to
Michael Calizo wrote:
Hi,
Same thing has happened, I still can not authenticate to WindowsAD. Same
Error is displayed when i debug radiusd
I put quotes arround password..
radtest user 'mypass' 192.168.1.1:1812 http://192.168.1.1:1812 1812
testing123
or
radtest user 'mypass'
Christophe Gravier wrote:
Phil Mayers wrote:
Christophe Gravier wrote:
My password are not stored in LDAP in clear text but hashed using
SHA algorythm, so this won't work ;-(
Ok, let's take a breath. First things first:
If your passwords are in SHA (which they are) your Radius
On 12/16/05, Kouji Amemiya [EMAIL PROTECTED] wrote:
I was using the certificate published by OpenSSL, I revoked this certificate.
(Herewith, this certificate's information was written on CRL.)
And I attempted PEAP authentication by this revoked certificate,
but authentication result was
Hi again,
thx 2 all who helped me until now with my freeradius project. I made
many advancings but have 2 issues which I cant figure out.
1)
My client gets authenticated if I use the users file (testentry from
howto of Christoph Gravier)
Sending Accounting-Response of id 2 to
Alan DeKok wrote:
I miss something obvious, but although I printed out variables.txt
and read it several times I still don't get the point.
'%' is a special character.
From variables.txt I understand that variables are referred to
by %{name}.
Or, % followed by one character.
Do I get
I changed the users file as you recommended, the ldap.attrmap contains the
additional line:
checkItem User-Category primaryGroupID
Unfortunately also in this case only the Reject entry matches, although the
primaryGroupID seems to passed to User-Category:
radiusd -AX
To do CHAP, you must have:
1. The PLAINTEXT password in the LDAP server
2. The Radius server permitted to read that attribute
3. The ldap module configured to put whatever that attribute is
(usually userPassword) into the radius User-Passord, using the
password_attribute option of the
Dusty Doris wrote:
Did you get the second email I sent. I don't believe you can use that
check item from ldap in the users file. Try the ldap-group options I
sent over in the last email. That should work for you.
Thank you, I got it and already tried that attribute. The behaviour is a
Hi,
I am not too sure about how this should be handled, but hopefully
someone can give me a hint
As soon as I try to use the rlm_sqlcounter module and start the radiusd,
it gives me a segmentation fault message.
The last line before it crashes, radiusd -xx is giving me is the
following
Thank you, I got it and already tried that attribute. The behaviour is a bit
better, but does not really lead to the desired result, as the client gets
an:
Incoming RADIUS packet did not have correct Message-Authenticator - dropped
Well, at least you've got the ldap part working. The
Hi, it's me again.
Now I'm trying to implement the IPv6 Freeradius, but I'm having some
doubts.
When I'm configuring Freeradius, is the same configuration that is used in
IPv4, except in the clients file, where I must use IPv6 addresses.
My doubt is:
How and where did I configure the IPv6
Does anyone know how to configure a proxy for the forwarding of no reply
accounting requests? In particular I am interested in accounting start/stop
packets.
Thanks,
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Michael,
Try querying Active Directory with the ldapsearch utility. Here is an
example.
ldapsearch -LLL -h 1.2.3.4 -x -b 'dc=domain,dc=com'
'(samaccountname=backops)' -D backops -w passofbackops
This will make sure that the credentials are correct or not.
Alhagie Puye - Network Engineer
ok,
I get point 1 solved but point 2 still exists
For the files:
I removed also files from the authorize section. There is now only
{preprocess, sql}
If you can help with point 2 that clients could not connect to internet
i am not angry about ;)
cu
mfred
Am Freitag, den 16.12.2005, 13:42
Bill Schoolfield [EMAIL PROTECTED] wrote:
I just tested the exact same setup but this time accessing this radius
server directly (instead of thru a proxy) and it works fine. So the
proxy is changing something. Thoughts?
Run it in debug mode, and compare the input packets sql queries.
On Fri, 16 Dec 2005, David Bickle wrote:
Does anyone know how to configure a proxy for the forwarding of no reply
accounting requests? In particular I am interested in accounting start/stop
packets.
Thanks,
What does forwarding of no reply accounting requests mean?
-
List
I do an eap/tls authentication and after that an ad search. This works
so far.
But when setting the groupmembership in the ldap1 section, there are
problems.
I do not see the usual eap messages flying around, but nevertheless
radius sends an Access-Accept:
rlm_ldap::ldap_groupcmp: User found
I did. Turns out it had nothing to do with the proxy. I had
inadvertently placed a reply attribute as a check attribute in the db.
That of course caused the lookup to fail. My apologies for the false alarm.
Bill
Alan DeKok wrote:
Bill Schoolfield [EMAIL PROTECTED] wrote:
I just tested the
In some versions of RADIUS it is possible using the proxy feature to forward
accounting requests to a home radius server or some other 3rd party server
without having to wait for a response packet. Typically this is accomplished
by configuring an attribute (ie. IgnoreAccountingResponse) in the
Norbert Wegener [EMAIL PROTECTED] wrote:
I do not see the usual eap messages flying around, but nevertheless
radius sends an Access-Accept:
...
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type Accept
Who sets that? The server doesn't
Alan DeKok wrote:
Norbert Wegener [EMAIL PROTECTED] wrote:
I do not see the usual eap messages flying around, but nevertheless
radius sends an Access-Accept:
...
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type Accept
Norbert Wegener [EMAIL PROTECTED] wrote:
although I have not yet found the culprit, it is calming to know the
reason behind. I have read this and that documentation about freeradius
during the past time, but this one I think, did never cross my way. Is
there a document, where this
although I have not yet found the culprit, it is calming to know the reason
behind. I have read this and that documentation about freeradius during the
past time, but this one I think, did never cross my way. Is there a document,
where this behaviour is described?
I believe its your users
Hi, Alan
In a previous email, I asked you if Freeradius supports IPv6
authentications and you response to me that CVS version does.
How and where did I configure the IPv6 attributes referred in RFC 3162 to
RADIUS distribute them to Authenticated users?
You use the IPv6 attributes
Paulo Alexandre Caceres Ferreira [EMAIL PROTECTED] wrote:
In a previous email, I asked you if Freeradius supports IPv6
authentications and you response to me that CVS version does.
Yes... so?
You use the IPv6 attributes from the dictionary, just like you use
IPv4 attributes from the
I see that
http://www.freeradius.org/pam_radius_auth/README
says
This is the PAM to RADIUS authentication module. It allows any
Linux or Solaris machine to become a RADIUS client for authentication
and password change requests.
^
OK! But then
Currently rlm_sqlcounter sums all the session time used by a user, via a
MySQL query (summing all the AcctSessionTime) and returns a coresponding
Session-Timeout reply to the nas.
Now, in my application, I limit users by bytes transfered, so I need to
sum AcctInputOctets and AcctOutputOctets,
30 matches
Mail list logo
