I'm using a Cisco 7204VXR to do the authentication.
It seems it doesn't pass these attributes.
Debugging radius and AAA authentication shows all the other attributes it's
passing.
Anyone using a Cisco to do radius authentication and assign DNS servers?
Thanks
Tony
-Original Message-
Fr
I thought shared secret was in clients.conf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"Atkins, Dwane P" <[EMAIL PROTECTED]> wrote:
> rad_decode: Received Access-Reject packet from client 127.0.0.1 port
> 1812 with invalid signature (err=3D2)! (Shared secret is incorrect.)
>
> I have checked and double checked the shared secret in Users, sql.conf,
> radiusd.conf.
There are no sh
I've applied the patch you provided and freeradius starts up without
issue now.
Thanks for your help it's much appreciated.
On Tue, 2006-03-14 at 12:04 +0200, Boian Jordanov wrote:
> On Tuesday 14 March 2006 02:08, Grant Zanetti wrote:
> > On Mon, 2006-03-13 at 11:48 +0200, Boian Jordanov wrote:
All,
I appreciate the help you have given me on this and I am pretty sure I am
like one or two changes off the correct path.
When I do the radtest, it always tells me that:
[EMAIL PROTECTED] ~]# radtest atkinsd x lhost 1645
Sending Access-Request of id 168 to 127.0.0.
=?ISO-8859-1?Q?=22Tom=E1s_A=2E_Rossi=22?= <[EMAIL PROTECTED]> wrote:
> That's not my point. I'm not trying to say that you should do that but
> rather to print some kind of message showing that the server has read
> the module instantiation.
Why? It doesn't, in fact, read the module instantia
"Guido" <[EMAIL PROTECTED]> wrote:
> ---Received Accounting-Request packet from 192.168.1.12 with invalid
> signature! (Shared secret is incorrect.)
The shared secret is wrong. You did not type it in correctly.
> How can I configure freeradius to work with MD5 secret ? The secret now, is
>
On Thu 16 Mar 2006 20:12, Tony Spencer wrote:
> Hi
>
> I want to be able to assign DNS servers for each user to use as part of the
> users radius entry.
>
> If I use:
>
> MS-Primary-DNS-Server ="",
> MS-Secondary-DSN-Server="
> For each users radius config will this work?
Yes, as long as your NAS
Hello,
I have a question about a configuration entry in the eap.conf file. What does the following entry mean:
A list is maintained to correlate EAP-Response
packets with EAP-Request packets. After a
configurable length of time, entries in the list
expire, and are deleted.
timer_expire
=?ISO-8859-1?Q?=22Tom=E1s_A=2E_Rossi=22?= <[EMAIL PROTECTED]> wrote:
> Is it fixed in a newer version? (I'm using 1.0.4)
No idea, sorry.
Alan DeKOk.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"Tony Spencer" <[EMAIL PROTECTED]> wrote:
> I want to be able to assign DNS servers for each user to use as part of the
> users radius entry.
Read your NAS documentation to see what attributes it needs.
If it doesn't list DNS server attributes, then you can't send any,
because it won't be loo
Tony
You might want to look at using USR-Primary_DNS_Server and
USR-Secondary_DNS_Server.
I don't know how the modems will react with MS specific attributes but
I'm sure there are others on the list with more experience who could
tell you for sure.
Ben
On Thu, 2006-03-16 at 18:12 +, Tony
Can someone please tell me how I can reference a value I set in the
acct_users file so that I can use it in attr_rewrite? Or can I not do
so?
Thanks
Ben
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"Eliot, Wireless and Server Administrator,
Great Lakes Internet" <[EMAIL PROTECTED]> wrote:
> Before I start, let me just ask if there are any already created
> attributes that control bandwidth rates in the Tx and Rx directions
> which take a string as a value?
No. These are non-standa
Replying to my own post...
On Thu, 2006-03-16 at 11:25 -0500, Will Saxon wrote:
> Is it possible to have FreeRADIUS check a separate user database to
> provide the additional attributes? It seems like I could write a script
> to take the username, perform some database queries and return the
> ap
Another question about secret...
How can I configure freeradius to work with MD5 secret ? The secret now, is
coming MD5 encrypted and I see the following error:
---rad_recv: Accounting-Request packet from host 192.168.1.12:1813, id=0,
length=772
---Received Accounting-Request packet from 192.1
Alan DeKok escribió:
=?ISO-8859-1?Q?=22Tom=E1s_A=2E_Rossi=22?= <[EMAIL PROTECTED]> wrote:
Sorry, I know what it was happening with the module. It seems that
radiusd it doesn't take in account the instantiation of any module
unless it is used in some other section (i.e. authorize). Though thi
I think you can use radreply directive with your variable, if your NAS
supports that.
-Original Message-
From:
[EMAIL PROTECTED]
.org
[mailto:[EMAIL PROTECTED]
eeradius.org] On Behalf Of Jeff Stout
Sent: Thursday, March 16, 2006 11:44 AM
To: FreeRadius users mailing list
Subject: Differ
Keith Moores <[EMAIL PROTECTED]> wrote:
> I'm trying to understand the relationship between the modules in the
> authorize {} and authenticate {} sections and how it relates to the
> directives defined in users.
The "users" file is just another "authorization" module.
See also doc/aaa.txt
Will Saxon <[EMAIL PROTECTED]> wrote:
> Is it possible to have FreeRADIUS check a separate user database to
> provide the additional attributes?
Like the "users" file?
> It seems like I could write a script
> to take the username, perform some database queries and return the
> appropriate infor
[EMAIL PROTECTED] wrote:
> i would like to créate a proxy freeradius. I have 3 forests, 3 data base for
> storing users. I want to know how to configure:
>
> 1. proxy freeradius with IAS in each forest, how to give to freeradius server
> the certificat stored in active directory?
Export it from
Alan DeKok escribió:
=?ISO-8859-1?Q?=22Tom=E1s_A=2E_Rossi=22?= <[EMAIL PROTECTED]> wrote:
On the other hand, I've been playing around with 'radiusd.conf' I've
discovered that if I add some random module name in the module
instantiation section, radiusd doesn't complain at all about it's
non
Hi
I want to be able to assign DNS servers for each user to use
as part of the users radius entry.
If I use:
MS-Primary-DNS-Server =””,
MS-Secondary-DSN-Server=”
For each users radius config will this work?
These users are ADSL users using DSL modems and routers.
Thank
Jeff Stout <[EMAIL PROTECTED]> wrote:
> I need to have different privilege levels based upon which NAS they
> are coming from, eg... Connecting while on the Corporate Network
> privilege level = 8, same user Connecting thru IPass out of the office
> privilege level = 5.
>
> Any assistance with thi
Before I start, let me just ask if there are any already created
attributes that control bandwidth rates in the Tx and Rx directions
which take a string as a value?
I found USR-Initial-Tx-Link-Data-Rate and USR-Initial-Rx-Link-Data-Rate,
but they take enumerated values that will not allow me to s
"Guido" <[EMAIL PROTECTED]> wrote:
> The problem is that Squire softswitch is not sending to freeradius the
> shared secret in request accounting.
No, RADIUS doesn't work like that.
> So, I need accept accounting request from a NAS that does not send secret.
I have no idea what this means.
KNO <[EMAIL PROTECTED]> wrote:
> And what I must to do if I want to use MD5 to store the passwords?
Source code modifications.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"Guido" <[EMAIL PROTECTED]> wrote:
> I NEED accept a NAS that is not sending the shared secret.
I think you're confused. RADIUS doesn't work like that.
> Somebody can help me ? please, if not, somebody can tell me which part of
> source code must I modify?
Could you describe in different w
Hi Folks, I have freebsd 4.10-RELEASE
with mysql 4.1.1-alpha and freeradius 1.1.0
Radius give me this error:
There are no DB handles to use!
what this error means ?
radiusd -X
ql: group_membership_query = "SELECT GroupName FROM
usergroup WHERE UserName='%{SQL-User-Name}'" sql:
connec
=?ISO-8859-1?Q?=22Tom=E1s_A=2E_Rossi=22?= <[EMAIL PROTECTED]> wrote:
> Sorry, I know what it was happening with the module. It seems that
> radiusd it doesn't take in account the instantiation of any module
> unless it is used in some other section (i.e. authorize). Though this
> behavior could
=?ISO-8859-1?Q?=22Tom=E1s_A=2E_Rossi=22?= <[EMAIL PROTECTED]> wrote:
> On the other hand, I've been playing around with 'radiusd.conf' I've
> discovered that if I add some random module name in the module
> instantiation section, radiusd doesn't complain at all about it's
> non-existence! This i
=?iso-8859-1?Q?Beno=EEt_Bianchi?= <[EMAIL PROTECTED]> wrote:
> Is there a way to use the Ldap-Group with EAP-TTLS authentication
> based on LDAP???
> Ive set it up in my users file but It doesnt work as the group
> belonging is performed on the outer identity first
> Can I som
Grahame Jordan <[EMAIL PROTECTED]> wrote:
> I have installed free radius(lastest) on my machine and cannot seem to
> get it configured correctly.
> Initially there are duplicates in some dictionaries that I have
> commented out.
That only happens if you installed a new version of the server on
I am using freeradius rev 1.1.0 I have everything running great
I am using AAA authorization on different Network Devices,
Cisco Routers, Cisco Switches, Foundry Switches, Juniper FW's.
I have setup VSA's to respond to the user to set their privilege level
upon successful authentication, then the
I'm trying to understand the relationship between the modules in the
authorize {} and authenticate {} sections and how it relates to the
directives defined in users. EAP-TLS works fine, but I can't seem to
figure how to get make the ldap authorization reject a user.
DEFAULT Auth-Type := ea
Hello,
I am using FreeRADIUS 1.1.0 on FreeBSD 6.0 with Cisco Aironet 1200
WAPs.
I need to be able to control which VLAN my users are assigned to, and it
seems like this is accomplished by setting three RADIUS user attributes
which control the assigned vlan after authentication. The problem is
th
Hi, everybode, I sent this same mesage last March 14.
I NEED accept a NAS that is not sending the shared secret.
Somebody can help me ? please, if not, somebody can tell me which part of
source code must I modify?
Thanks very much,
Guido
-
List info/subscribe/unsubscribe? See http://www.fr
Tomás A. Rossi escribió:
I have something like this on 'radiusd.conf':
...
modules{ ...
pgping {
}
...
}
...
Where 'rlm_pgping' is a module compiled and installed following the
manual. My question is why does it not appear to load (i.e. not
showing any messages with 'radiusd -X')? _th
I have something like this on 'radiusd.conf':
...
modules{
...
pgping {
}
...
}
...
Where 'rlm_pgping' is a module compiled and installed following the
manual. My question is why does it not appear to load (i.e. not showing
any messages with 'radiusd -X')? _the module code is on the
Geoff Silver wrote:
DEFAULT My-Group != "known", Auth-Type := Reject
DEFAULT Auth-Type:=Accept, Huntgroup-Name=="Office", Hint==Port-1812
Connect-Info="OFFICE_NET"
DEFAULT Huntgroup-Name=="Office", Hint==Port-1645, Proxy-To-Realm := PROXY_GW
Connect-Info="OFFICE_NET"
That wi
Hi,
Is there a way to use the Ldap-Group with EAP-TTLS authentication
based on LDAP???
Ive set it up in my users file but It doesnt work as the group
belonging is performed on the outer identity first
Can I some way specify to check the group only for the tunnelled
iden
Hi,
I have installed free radius(lastest) on my machine and cannot seem to
get it configured correctly.
Initially there are duplicates in some dictionaries that I have
commented out.
However in radiusd.conf in the authorize section I need to comment out
all of the items to get radisud to sta
Hello,
Here is my question:
i would like to créate a proxy freeradius. I have 3 forests, 3 data base for
storing users. I want to know how to configure:
1. proxy freeradius with IAS in each forest, how to give to freeradius server
the certificat stored in active directory?
2. Is it possible to c
Hello,
Here is my question:
i would like to créate a proxy freeradius. I have 3 forests, 3 data base for
storing users. I want to know how to configure:
1. proxy freeradius with IAS in each forest, how to give to freeradius server
the certificat stored in active directory?
2. Is it possible to c
On 3/16/06, Alan DeKok <[EMAIL PROTECTED]> wrote:
> "Fabiano Rodrigo Boscatto" <[EMAIL PROTECTED]> wrote:
> > Hi there, i have freeradius working fine with mysql authentication. The
> > problem is that the User-Password is stored in mysql table as clear text. Is
> > there a way to crypt that?
>
>
On a Suse9.3 I checked out
ftp://ftp.freeradius.org/pub/radius/CVS-snapshots/freeradius-snapshot-20060308.tar.gz
configure reports an error on that version:
checking whether to build static libraries... yes^M
configure: creating libtool^M
appending configuration tag "CXX" to libtool^M
checking
46 matches
Mail list logo