"Rohaizam Abu Bakar" <[EMAIL PROTECTED]> wrote:
> I've found unusual activity where there is an attempt to authenticate
> but unsuccesfull due to no entry in database (LDAP) but there is
> accounting record for it.
Ask the NAS vendor why they do this. FreeRADIUS just logs the
accounting packets
Hi,
I've found unusual activity where there is an
attempt to authenticate but unsuccesfull due to no entry in
database (LDAP) but there is accounting record for it. Below are the log
& accounting record.
Any comments on this..
TQ..
Fri Oct 21 22:03:06 2005 : Auth: Login incorrect
(r
Title: RE: FreeRADIUS 1.0.5 rlm_ldap crashing
-Original Message-
From: [EMAIL PROTECTED] on behalf of Alan DeKok
Sent: Thu 12/29/2005 7:06 PM
To: FreeRadius users mailing list
Subject: Re: FreeRADIUS 1.0.5 rlm_ldap crashing
"Paul Khavkine" <[EMAIL PROTECTED]> wrote:
> Crashed at ab
=?us-ascii?Q?Frank_Buttner?= <[EMAIL PROTECTED]> wrote:
> rlm_eap: ERROR! Our request for tls was NAK'd with a request for tls, what
> is the client thinking?
Your supplicant is broken. Very broken.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htm
Thank you, Mr. DeKok. I very much appreciate your taking the time to respond.
I've seen the processing sequence mentioned frequently in my reading, and thought perhaps the "should be ordered" was somewhat more significant than merely alphabetical.
After my initial eMail to this list, I happ
"Paul Khavkine" <[EMAIL PROTECTED]> wrote:
> Crashed at about same place.
doc/bugs
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Never mind. I missed "post_proxy_authorization" in proxy.conf.
Thanks,
Kevin
kevin wrote:
What is the procedure of proxy?
Even if we proxy [EMAIL PROTECTED] to a remote server, our radius will
still go thru the authorization module listed in authorize of
radiusd.conf?
Kevin
- List info/su
Here's another one:
rlm_ldap: (re)connect to ldap01.mtlcnds.int.distributel.net:389,
authentication 0
User-Password = "test123"
NAS-IP-Address = 1.1.1.1
rlm_ldap: - authorize
rlm_ldap: - authorize
rlm_ldap: - authorize
rlm_ldap: ldap_start_tls_s()
User-Name = "[EMAIL PROTE
On Thu, 2005-12-29 at 16:56 -0500, Alan DeKok wrote:
> "Paul Khavkine" <[EMAIL PROTECTED]> wrote:
> > rlm_ldap: setting TLS CACert File
> > to /usr/local/radiusd/current/etc/raddb/certs/cacert.pem
> > rlm_ldap: setting TLS CACert File
> > to /usr/local/radiusd/current/etc/raddb/certs/cacert.pem
>
What is the procedure of proxy?
Even if we proxy [EMAIL PROTECTED] to a remote server, our radius will
still go thru the authorization module listed in authorize of radiusd.conf?
Kevin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"Paul Khavkine" <[EMAIL PROTECTED]> wrote:
> rlm_ldap: setting TLS CACert File
> to /usr/local/radiusd/current/etc/raddb/certs/cacert.pem
> rlm_ldap: setting TLS CACert File
> to /usr/local/radiusd/current/etc/raddb/certs/cacert.pem
That second entry should be a directory, not a file. There's a
So now it works better. After set the IP of the radius server from * to a
real IP. But now I get this error:
rad_recv: Access-Request packet from host 192.168.1.2:2068, id=0, length=157
User-Name = "schneeball.netz-von-frank"
NAS-IP-Address = 192.168.1.2
Called-Station-Id =
Hi Guys.
I'm doing a stress test on 1.0.5 running on FreeBSD 5.4-RELEASE and when
start_tls is enabled radiusd crashed somwhere in the rlm_ldap module.
I can't seem to make it produce a core file to properly inspect it.
The server is running as root and core dumps are enabled in the config
fil
M T <[EMAIL PROTECTED]> wrote:
> Does "the entries should be ordered" mean in alphabetical order? (username
> first)
It means they're processed from the top of the users file to the
bottom, in that order.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/user
Yes I have add this value client for the clients(1.3.6.1.5.5.7.3.2) and
Server for the Server(1.3.6.1.5.5.7.3.1).
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
] On Behalf Of Alan DeKok
Sent: Thursday, December 29, 2005 9:00 PM
To: FreeRadius users mailing list
Subj
On Tuesday 20 December 2005 16:03, Adam KOSA wrote:
> Hi all,
>
> google and the wiki search option did not answer my question, it may be
> too dumb to ask. i have the following huntgroup contents:
>
> aclip Calling-Station-Id == 127.0.0.1
> aclip Calling-Station-Id == 127.0.0.
=?us-ascii?Q?Frank_Buttner?= <[EMAIL PROTECTED]> wrote:
> I think the same. I have try to run ethereal on the linux client's and I
> must see, that after that the client send his ID nothing happened more:( I
> have write this the manufacture of the WLAN router. I have an WRT54GS v4.
I would als
In man 5 users, HINTS, from: http://www.freeradius.org/doc/users.5.html#index
Does "the entries should be ordered" mean in alphabetical order? (username first)
TIA
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a bit more information:
radius_xlat: 'SELECT radgroupreply.id, radgroupreply.GroupName,
radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM
radgroupreply,usergroup ??WHERE usergroup.Username = 'user2' AND
usergroup.GroupName = radgroupreply.GroupName ??ORDER BY
radgrouprep
Hi all,
Although I haven't had any trouble compiling 1.0.4, it
seems almost impossible to do the same with 1.0.5. I extract the oficial
tarball to my debian system, edit debian/rules to fit my requirements
(disable-shared, with-experimental-modules) and run "dpkg-buildpackage",
nut I
Hi,
I'm sorry to be bothering you, but I'm having a strange problem with
this combo.
I am using freeradius 1.0.5 and have the following user:
radius=# select * from radcheck order by id;
id | username | attribute | op | value
+--+-++-
10 | use
I think the same. I have try to run ethereal on the linux client's and I
must see, that after that the client send his ID nothing happened more:( I
have write this the manufacture of the WLAN router. I have an WRT54GS v4.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED
Hi two questions.
#1 Is there a way to log only incorrect logins in radius.log and to
ignore correct logins (so as to not fill up the log file)?
#2 When I do get a login incorrect right now I get:
Auth: Login incorrect (rlm_chap: Clear text password not available):
[EMAIL PROTECTED]/] (from clien
Samuel Degrande <[EMAIL PROTECTED]> wrote:
> --- users
>
> DEFAULT Auth-Type != MS-CHAP .
> DEFAULT Auth=Type == MS-CHAP .
You can't do that kind of comparison with the "users" file.
> Is there a doc somewhere that precisely describes how the server chains
> things ?
Yes. The "man
Johan Ramm-Ericson <[EMAIL PROTECTED]> wrote:
> I am currently experiencing an authentication problem and am wondering
> if anyone has run into something similar (or has an answer as to what
> I'm doing wrong
...
> pam_pass: using pamauth string for pam.conf lookup
> Segmentation Fault - core dum
Richard Bortolucci <[EMAIL PROTECTED]> wrote:
> I'm already reading the confs files, but I still can't make this work. Can
> you check the log bellow?
First, nothing in the debug log shows anything going wrong, or a
user being rejected. Could you PLEASE explain why what you expect,
and say WHY
Hi,
I'm sorry to be bothering you, but I'm having a strange problem with
this combo.
I am using freeradius 1.0.5 and have the following user:
radius=# select * from radcheck order by id;
id | username | attribute | op | value
+--+-++-
10 | use
=?us-ascii?Q?Frank_Buttner?= <[EMAIL PROTECTED]> wrote:
> But not client will get access. The Windows XP clients say that they can not
> be verified. And
> my Windows 2000 Clients will send the request all time because the request
> from the radius server seems not complete:(
The debug shows th
Thanks to your patience Alan, I have resolved !!!
I have reinstalled freeradius.
The errors was in radiusd.conf.
Sorry but I did not know that for any modify in users file it was needed
restart radiusd :-(
The others old files do not give errors.
I haved included the difference betw
On Dec 29, 2005, at 8:39 AM, LeRoy DeVries wrote:
On Thursday 29 December 2005 04:16, mfred wrote:
Hi,
The clients can login (through chillispot login page) and
authenticate via
the radius server and mysqldb. So they have an IP like 192.168.182.5.
But even if they get authenticated they st
Hello everybody, I wish you a merry christmas.
I have one small question, something I don't understand, and I didn't
found any explication nowhere :
I have something like this :
--- radiusd.conf
authorization {
...
etc_smbpasswd
files
...
}
--- users
DEFAULT A
Tekrar Merhaba,
Radius calisiyor ise switch in icindeki kullanici adi ile login olamamaniz
gerekiyor. Demekki bir yerde sorun var. Radius, switch in kendi kullanici
Hesabi ile yapilan loginleri bir yere yazmaz. Telnet islemi sirasinda radius
Bulunamadi seklinde bir yanit aliyor musunuz?
-Or
On Thursday 29 December 2005 04:16, mfred wrote:
> Hi,
>
> The clients can login (through chillispot login page) and authenticate via
> the radius server and mysqldb. So they have an IP like 192.168.182.5.
> But even if they get authenticated they still cannot connect to the
> internet. And I have
> The clients can login (through chillispot login page) and authenticate via
> the radius server and mysqldb. So they have an IP like 192.168.182.5.
> But even if they get authenticated they still cannot connect to the
> internet. And I have no idea why.
This looks to me like a question for the ch
Kai Geek wrote:
what problem ?
when i test locally, it seems as working but teh switch doesnt connect to
radius?
outpt of radiusd -X?
--
Lewis Bergman
Texas Communications
4309 Maple St.
Abilene, TX 79602-8044
Off. 325-691-1301
Cell 325-439-0533
fax 325-695-6841
-
List info/subscribe/unsubs
mfred wrote:
Hi,
The clients can login (through chillispot login page) and authenticate via
the radius server and mysqldb. So they have an IP like 192.168.182.5.
But even if they get authenticated they still cannot connect to the
internet. And I have no idea why.
Any hints ?
Learn your platform
Merhabalar Inci hanim,
oncelikle yardimlariniz icin cok tesekkur ederim. Ancak tacacs kullanamiyoruz
cunku switchlerin cogu Dlink ve 3226 modeli yani tacacs yok. radius server
destekliyorlar. bu nedenle radius kullanmam gerek.
#radiusd -X
diyerek debug moda aliyorum ve benim ip adresim 10.0.0.18
Selam,
Radius un debug ettin mi ? Sen switch e baglanmaya calisirken ekrana neler
geliyor bir bakar misin ? Birde calisan bir sistemden ornek veriim :
client.conf dosyani asagidaki gibi editler misin ?
client 10.0.0.250 {
secret = 250
shortname = switch
nastype
t/192.168.1.2/auth-detail-20051229'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.1.2/auth-detail-20051229
modcall[authorize]: module "auth_log" returns ok for request 0
modcall[authorize]: module
Hello,
i am using freeradius in my computer with the ip 10.0.0.6
i have a dlink 3226s model switch in my network and its ip is 10.0.0.250
i want this switch to verify username and password from radius server
(10.0.0.6)
i have added 10.0.0.250 as a client to the radius servers clients.conf and
Hi,
The clients can login (through chillispot login page) and authenticate via
the radius server and mysqldb. So they have an IP like 192.168.182.5.
But even if they get authenticated they still cannot connect to the
internet. And I have no idea why.
Any hints ?
TIA
mfred
-
List info/subscribe
NAS-Port-Type = Virtual
User-Name = "daniel"
User-Password = "secret"
Calling-Station-Id = ""
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preproc
Alan,I'm already reading the confs files, but I still can't make this work. Can you check the log bellow? Starting - reading configuration files ...reread_config: reading radiusd.confConfig: including file: /etc//raddb/proxy.conf
Config: including file: /etc//raddb/clients.confConfig: includ
But not client will get access. The Windows XP clients say that they can not
be verified. And
my Windows 2000 Clients will send the request all time because the request
from the radius server seems not complete:(
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
] On Be
you have to put the path to files which he can't find.
- Original Message -
From: "pelusa vali" <[EMAIL PROTECTED]>
To:
Sent: Thursday, December 29, 2005 12:34 AM
Subject: openssl fails
hi everybody, well finally get install openssl v0.9.8a, now when i try to
generate certificates
45 matches
Mail list logo