Dear all,
I try to put my Windows-XP-Clients in different VLANs on my Cisco Catalyst
3750 Switch, depending on their Account.
And i use two differnt authentication methods: MD5-Challange and MS-CHAP.
User hugo should be mapped in VLAN 50 and authenticated via MD5-Challange
User roka at
Title: PLS Help I get no response for 2 monthe (missing User-name attribute)
Hello All freeradius mailinglist
I would appriciate you help
Description
a telephony service provider is sending Radius req to my RADIUS server who proxy them to a backend server
I have configured a free
a telephony service provider is sending Radius req to my RADIUS
server who proxy them to a backend server
You probably meant he is sending *accounting* requests to you? Please be
specific in your wording.
I have configured a free radius server Version 1.1.0 to act as a
proxy
Hi,
Ive been trying to get $subject working.
My last state is the client has been authenticated, but no traffinc is
going through.
Does anyone have a working config for Cisco350 with PEAP?
What kindof reply is CISCO expecting from radius?
br, Gabor Szelei
-
List info/subscribe/unsubscribe?
On 4/28/06, Alan DeKok [EMAIL PROTECTED] wrote:
sumi thra [EMAIL PROTECTED] wrote: It works in 1.1.1, so my conclusion is that you're running an olderversion, or that there's something broken in your local system.
Yes. it works fine when the configuration is like this..DEFAULT Group-Name ==
Hi,
I would like to find out how to configure freeradius so I don't have to save clear text passwords in the users file.
I've been following the mail list but I've seen so many ways of configuring crypted passwords, md5, that right now I've got a mess in my head.
If someone can help me, to
On Fri, 2006-05-05 at 14:00 -0400, Alan DeKok wrote:
Bjarni Hardarson [EMAIL PROTECTED] wrote:
Think i have the same problem. I normally use EAP-PEAP but i couldnt get
the server to segfault in valgrind with that. Think it was openssl that
grinded it to a halt. Tried with EAP-MD5 instead
the freeradius to pass the request and not
to check these header or maybe to use some sort of INJECTION
To the header .
I
Tia
Tal assa
-- next part --
An HTML attachment was scrubbed...
URL:
https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060508
Hello Everybody,
I'm new to openser and also to freeradius.
1)how to insert the users in freeradius server
2) When I test with radiusd - X its show somes errors .
The errors are mention below
/usr/local/etc/raddb/users[64]: Unexpected trailing comma in check item list for entry test
Errors
Title: Message
Hi
Miguel,
Bellow you will find the config I'm using. It works
with Unix Crypt but not with md5 or SHA1. It looks like for md5 or sha1 the
crypt-password attribute has to be changed to MD5-password or SHA1-password.
However my freeRadius doesn't recognize any of these 2
Ok Phil. That works fine, thanks.
I had to enable with_ntdomain_hack too.
2006/5/5, Phil Mayers [EMAIL PROTECTED]:
wekz wrote:
Hi all,
I use freeradius1.1.1 + ldap. And peap or eap-tls for authorization.
I've been trying to use hints.file for changing the User-Name. When a
laptop user
Hi,
Hi Stepan 10x for your prompt respond
I Used radrelay and it works fine
You're welcome :-)
the point is that I would like to do it without additional proccess
Like u said with the hint file
where can I get this patch for the hint file ?
I am running AD in native mode. By my ancient understanding of samba, I cannot join this domain. I can authenticate using ldap, no? Also, is this insecure due to clear text? Any other ideas for what I want here?
Thanks!
-
List info/subscribe/unsubscribe? See
Gabor Szelei [EMAIL PROTECTED] wrote:
My last state is the client has been authenticated, but no traffinc is
going through.
Does anyone have a working config for Cisco350 with PEAP?
I've used a Cisco AP350 before without problems.
I started off with the default config, and added the
sumi thra [EMAIL PROTECTED] wrote:
Yes. it works fine when the configuration is like this..
...
But you won't say what version you're running.
But, when i use ~ symbol( to allow more that one wlan access/reject ), The
above default policy will not work for more than one wlan's.
My guess
Miguel Angel Quiles [EMAIL PROTECTED] wrote:
I would like to find out how to configure freeradius so I don't have to
save clear text passwords in the users file.
First, which authentication types do your users use? If they use
CHAP, you have no choice but to use clear-text passwords.
Yes you can do use the ldap
module of freeradius to hit your AD, I am doing this
now.
Yes you can do ssl/tls
for encryption between the radius server and AD.
Windows server 2000 does not support tls, only ssl.
It is similar to setting up mm_mod_auth_ldap for apache.
You will need
Frank Smith wrote:
I am running AD in native mode. By my ancient understanding of samba, I
cannot join this domain.
That is not correct, and is indeed ancient. Samba 3 can join an AD
native-mode domain. See the massive quantity of docs include with samba.
Once in the domain, the winbind
Bogdan Dumitriu - Technical Support Team [EMAIL PROTECTED] wrote:
However my
freeRadius doesn't recognize any of these 2 attributes (rlm_sql: unknown
attribute SSHA-Password).
This functionality is in the CVS head, and not in 1.1.x
Alan DeKok.
-
List info/subscribe/unsubscribe? See
[EMAIL PROTECTED] wrote:
robiwan: Okay, here is the complete output from my radiusd, when user roka do a
request:
sorry, it's huge
rad_recv: Access-Request packet from host 10.187.0.15:1645, id=231, length=137
NAS-IP-Address = 10.187.0.15
NAS-Port = 50103
NAS-Port-Type
raviprakash sunkara [EMAIL PROTECTED] wrote:
1)how to insert the users in freeradius server
Edit the users file. See the examples.
2) When I test with radiusd - X its show somes errors .
The errors are mention below
/usr/local/etc/raddb/users[64]: Unexpected trailing comma in check item
Anyone know of a Windows port of freeradius ?
--
View this message in context:
http://www.nabble.com/freeradius-port-to-windows-t1578157.html#a4284227
Sent from the FreeRadius - User forum at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Stuart Auchterlonie [EMAIL PROTECTED] wrote:
If you ignore the 'unitialized value' errors in the valgrind log then
you come to the real errors, 'Invalid Write', 'Invalid Read' to/from
memory areas that aren't part of the server or were previously freed.
Ah, OK. That looks like it's a bug
Hi,
Frank Smith wrote:
I am running AD in native mode. By my ancient understanding of samba, I
cannot join this domain.
That is not correct, and is indeed ancient. Samba 3 can join an AD
native-mode domain. See the massive quantity of docs include with samba.
Once in the domain, the
Thanks for all your replies. This is simply to do 802.1x authentication. Nothing to do with wireless. This is my first whack at radius all together. Based on what you guys are saying, it sounds like Radius - Pam - Pam-LDAP - Active Directory sounds like the way to go. Any objections?
On 5/8/06,
Hi Alan,
Sorry, I'm new to this: what does your reply mean? Is there a patch I
can install? Do I have to do an upgrade?
Thanks,
Bogdan.
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
ius.org] On Behalf Of Alan DeKok
Sent: May 8, 2006 12:48 PM
To: FreeRadius
Last week I reported an issue I had with FreeRadius 1.0.5 on Red Hat
Enterprise Linux ES release 3. It had to do with dropped MySQL connections.
We continue experience severe problems with FreeRadius. The server will
run for upwards to 8 hours, sometimes more, before getting into some
jasonatx0001 [EMAIL PROTECTED] wrote:
Anyone know of a Windows port of freeradius ?
No. I don't think it should be too hard, though. I ported a
version of Livingston to Windows in a few weeks. Most of that was
spent trying to figure out what Windows needed.
Alan DeKok.
-
List
hi,
i suggest EAP/PEAP MS-CHAPv2 with ntlm authentication.
bye
Frank Smith wrote:
Thanks for all your replies. This is simply to do 802.1x
authentication. Nothing to do with wireless. This is my first whack
at radius all together. Based on what you guys are saying, it sounds
like
Frank Smith wrote:
Thanks for all your replies. This is simply to do 802.1x
authentication. Nothing to do with wireless. This is my first whack at
radius all together. Based on what you guys are saying, it sounds like
Radius - Pam - Pam-LDAP - Active Directory sounds like the way to
go.
Ok, went through and reinstalled everything. I got freeradius working
through text files with test users and got the Accept messages.
Now I am trying to setup Dialup Admin following the installation guide
and this is where I am running into issues.
When running radiusd i am getting the
Hello All
Just a quick question, i am running Freeradius with Time and Seconds
restriction at the
moment but i want to add another product on my line.
The product is Per Megabyte account, i.e restrict a user to a Max amount of
DATA i.e
1000Megabytes, can someone show me or tell me the key
Alan DeKok wrote:
Ah, OK. That looks like it's a bug that's been there a while. It
only happens when TLS is being used inside of PEAP, apparently.
I got the output from valgrind using EAP-MD5.
Try this patch. If it works, I'll add it into 1.1.2
Tried the patch but the build fails
All,
Is it possible to have freeradius bind to ldap using the username and
password provided in the access-request?
For example in the ldap module have some sort of variable in the Identity=
field.
Thank you
Corey
attachment: winmail.dat-
List info/subscribe/unsubscribe? See
I have posted two requests to this list concerning MySQL issues and
FreeRadius. To date I haven't gotten a single response. As I can also
use /etc/password and /etc/shadow, I've decided for now to drop using
MySQL (e.g. use Auth-Type := System).
So hopefully my new problem is now more common.
Bjarni Hardarson [EMAIL PROTECTED] wrote:
Tried the patch but the build fails with the following errors.
Sorry, sent the wrong patch.
Alan DeKok
Index: src/modules/rlm_eap/eap.h
===
RCS file:
Alan DeKok [EMAIL PROTECTED] wrote:
Sorry, sent the wrong patch.
With a lock bug. Dang. I'll get it right one of these days.
OK, This should work.
Alan DeKok.
Index: src/modules/rlm_eap/eap.h
===
RCS file:
Bill Schoolfield [EMAIL PROTECTED] wrote:
In the users file I have:
DEFAULT Auth-Type := System, Simultaneous-Use == 1
Fall-Through = Yes
You're comparing the Simultaneous-Use, don't do that. Use := there, too.
Mon May 8 23:50:01 2006 : Debug: users: Matched entry DEFAULT
[EMAIL PROTECTED] (Corey Burks) wrote:
Is it possible to have freeradius bind to ldap using the username and
password provided in the access-request?
Yes. The server does this by simply enabling LDAP.
Alan DEKok.
-
List info/subscribe/unsubscribe? See
--- Bill Schoolfield [EMAIL PROTECTED] wrote:
I have posted two requests to this list concerning
MySQL issues and
FreeRadius. To date I haven't gotten a single
response. As I can also
use /etc/password and /etc/shadow, I've decided for
now to drop using
MySQL (e.g. use Auth-Type :=
Bill Schoolfield wrote:
Wed May 3 08:02:52 2006 : Error: rlm_sql_mysql: MYSQL Error: Cannot get
result
Wed May 3 08:02:52 2006 : Error: rlm_sql_mysql: MYSQL Error:
Wed May 3 08:02:52 2006 : Error: rlm_sql_mysql: MYSQL Error: No Fields
Wed May 3 08:02:52 2006 : Error: rlm_sql_mysql:
Alan DeKok wrote:
With a lock bug. Dang. I'll get it right one of these days.
Now the server segfaults at the first Access-Request with EAP.
Attached the output from valgrind. (not the whole thing this time :)
Bjarni Hardarson
==18068==
==18068== Invalid read of size 4
==18068==
Hello all,
Is this normal?
It looks like it's comparing group ownership against each group even
though the user is a member of only one group. Why does it has to check
group ownership if there is an entry in the usergroup file for this
user?
It looks like it's running 'SELECT GroupName FROM
Bill Schoolfield wrote:
Last week I reported an issue I had with FreeRadius 1.0.5 on Red Hat
Enterprise Linux ES release 3. It had to do with dropped MySQL connections.
We continue experience severe problems with FreeRadius. The server will
run for upwards to 8 hours, sometimes more,
On 5/8/06, Alan DeKok [EMAIL PROTECTED] wrote:
sumi thra [EMAIL PROTECTED] wrote: Yes. it works fine when the configuration is like this.But you won't say what version you're running.
I am using version: 1.1.1 But, when i use ~ symbol( to allow more that one wlan access/reject ), The
above
45 matches
Mail list logo
