"raviprakash sunkara" <[EMAIL PROTECTED]> wrote:
...
Do not CC me on messages to the list. I *am* subscribed.
Sending me multiple copies of the same message is annoying,
especially when it's clear you're not following the instructions in
the FAQ, README, and INSTALL.
Read the server docum
Alain Fauconnet <[EMAIL PROTECTED]> wrote:
> I've browsed the FAQs, the mailing list archives but I have failed to
> find a definite, clear answer to this: what kind of user/password
> back-end can work if one is to support MS-CHAP?
I don't see why there was no clear answer. The answer has been
Hello readers,
I've browsed the FAQs, the mailing list archives but I have failed to
find a definite, clear answer to this: what kind of user/password
back-end can work if one is to support MS-CHAP? is anything storing
crypt or MD5 passwords (/etc/passwd+shadow, NIS, LDAP) hopeless? (I
suspect it
Hi Everybody
I'm working on openser + freeradius. Recently Installed both .
I had a issue below onw, actual what this means...
By Typing '" radtest 444 444 192.168.2.55 1812 radiustest " its shows below
one.
Sending Access-Request of id 236 to 192.168.2.55 port 1812
User-Name = "444"
"Jarrid Keller" <[EMAIL PROTECTED]> wrote:
> After setting the radius server up and
> trying to authenticate a user, the radius server is giving me the
> following error.
>
> rad_recv: Access-Request packet from host 172.16.1.2:1042, id=10,
> length=71
> Ignoring request from unknown home server 1
Hi everyone,
I am running freeradius version 1.0.4 on Fedora Core 4. I am trying to
authenticate mt VPN users on my Cisco VPN concentrator to my ldap
server. I am trying to use my radius server to proxy the authentication
requests to the ldap server. After setting the radius server up and
tryin
Is there a proper way to "reinstall" something you installed.
Alan DeKok wrote:
Eric Hilden <[EMAIL PROTECTED]> wrote:
After running "*radtest steve testing localhost 1812 testing123"* I get
the following.
*radclient: dict_init: Couldn't open dictionary
"/usr/local/etc/raddb/dictionary: N
You are correct about being able to sneeze and break into the network.
But luckily all machines with that prefix will be placed into a Ethernet
Only VLAN. The Devices with that prefix belong to a Ethernet based
phone system (www.3com.com/nbx) so anyone who breaks into that vlan will
only be able t
Walter Reynolds <[EMAIL PROTECTED]> wrote:
> So even though the AP must know the information, we are unable to get it
> into the radius accounting?
Yes. Although the AP does not necessarily "know" the information.
If it's running a DHCP server, it knows. Otherwise, it would have to
sniff DHCP
On Wednesday 10 May 2006 13:16, [EMAIL PROTECTED] wrote:
> Is the 'cisco-avpair' parameter misplaced, or should I look for the error
> on the CISCO-config (using IOS 12.1)?
>
> thanks alot
> thomas
The priv lvl I use in my users file is:
Cisco-AVPair := "shell:priv-lvl=1"
Debug output wo
Jason Montgomery wrote:
> Hello I have a customer who would like to have 100% MAC address lock
> down on their network. To do that we are able to have the Ethernet
> Switches Send the Device MAC address as the Username and password to the
> Radius Server. The question I have is on the radius se
Eric Hilden <[EMAIL PROTECTED]> wrote:
> After running "*radtest steve testing localhost 1812 testing123"* I get
> the following.
>
> *radclient: dict_init: Couldn't open dictionary
> "/usr/local/etc/raddb/dictionary: No such file or directory. *
Odds are that you have a partial install, or m
I changed the username portion to what you suggested and it works :)
Thanks!
--
Chris Liles
System Analyst
Air2Web, Inc.
1230 Peachtree St. N.E.
12th Floor
Atlanta, GA 30309
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of King, Michael
Sent: Wednesday,
Title: Re: Solaris 8/SPARC - MySQL 5.0 NDB Cluster - Freeradius 1.1.1 with rlm_sqlippool module: 'radiusd' segmentation fault
"Alan DeKok" <[EMAIL PROTECTED]> wrote:
>> I have for the past 4 weeks been trying to evaluate if FreeRadius
>> can be used as a AAA in an UMTS network with a large
Try this ntlm_auth string (Watch for page breaks in email)
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name} --challenge=%{mschap:Challeng
e} --nt-response=%{mschap:NT-Response}
> -Original Message-
> From:
> [EMAIL PROTECTED]
> g
> [mailto
I have installed FreeRadius (latest version) to my system and all goes
well until it gets to the rlm_* files. I have tried specifying the
mysql directory at /usr/lib/mysql and it seemed to fix a few of those
errors in the make process but then it just errors out. So I blew away
that installati
You are right, it was that I was lowercasing the username before
authentication...
After I turned that off, I am getting further, it still doesn't work and I
believe it is because of a problem with "Stripped-User-Name" and ntlm_auth
ntlm_auth is getting called with the entire username "DOMAIN\us
> -Original Message-
> I can't seem to figure out how to get with_ntdomain_hack set
> correctly.
>
> I am trying to get peap going against active directory with winbind.
>
> It works if I enter in the username and password from the
> windows supplicant prompt, but when I set the supp
Hello I have a customer who would like to have 100% MAC
address lock down on their network. To do that we are able to have
the Ethernet Switches Send the Device MAC address as the Username and password
to the Radius Server. The question I have is on the radius server
is it possible to s
So even though the AP must know the information, we are unable to get it
into the radius accounting? We have to script the coordination between
the DHCP server?
Message: 4
Date: Wed, 10 May 2006 12:52:36 -0400
From: "Alan DeKok" <[EMAIL PROTECTED]>
Subject: Re: A
I can’t seem to figure out how to get with_ntdomain_hack set correctly.
I am trying to get peap going
against active directory with winbind.
It works if I enter in the username and password from the
windows supplicant prompt, but when I set the supplicant to send the
information aut
Hi,
I hope someone can help me with that - I dont seem to be able to, after
hours of Googling and trying ... :-(
I want to allow an admin to login to a Cisco-box, authenticated via radius
and get immediately to privileged level ( so he doesnt have to do a
"enable" when he logged in to the box)
"Robles Rodriguez,Alejandro" <[EMAIL PROTECTED]> wrote:
> I have for the past 4 weeks been trying to evaluate if FreeRadius
> can be used as a AAA in an UMTS network with a large amount of
> subscribers for the GPRS Data services.
I believe others are doing this today.
FreeRADIUS scales very
mad <[EMAIL PROTECTED]> wrote:
> I have a problem with the ip address ... because it's dhcpd who give an ip
> address at the client, so freeradius can't have this information.
Exactly.
> I have try ippool in freeradius (freeradius want to give an ip address but
> the client don't receive). Also
[EMAIL PROTECTED] wrote:
> Can I (I assume I can) "force" freeradius not to use the "clients.conf"
> file for checkinf for known clients, but put this information into MySQL?
> (I assume this would be in the "nas" table of the radius-db)
Yes. You have to list at least one client in the "clients
Make sure you handle the Digest problem first. This error means you are
selecting an auth-type of 'digest' for the user's authentication request
but you don't have the rlm_digest module configured. Look in
doc/rlm_digest in the source tree on how to configure this module, what
it does, etc...
Hello Everybody,
I'm working on openser, recently I install freeradius for "AAA".
By seeing the Documentation from " http://openser.org/docs/openser-radius-1.0.x.html "
I followed that.
While testing the radius server by ' radiusd -X " its shows
radiusd.conf[1840] unknown Auth-type " Diges
Yes, I'm french ... I hope you understand fine my english
I send my configuration
=> radiusd.conf
...
ippool test {
range-start = xxx.xxx.xxx.250
range-stop = xxx.xxx.xxx.253
netmask = 255.255.255.0
cache-size = 3
sess
Hi,
> To be honest I'm not sure! The last reply from Alan says that this
> functionality is in the CVs head and not in 1.1.x. I'm not sure exactly
> what that means. But I guess you are right, at the moment it is
it means that the feature is in the latest bleeding edge version -
you must use CVS
mad wrote:
Hello,
I have a freeradius server, I use an eap/ttls authentication with 802.1x
and ldap.
I want to save the username, the ip adress, the MAC address, the start
time and the stop time of the connection with the accounting function
(with mysql).
I have a problem with the ip address .
Hi Bogdan,
>Then you have to enable it in sql.conf
>
> # Set to 'yes' to read radius clients from the database ('nas'
>table)
>#readclients = yes
thanks for that
the lines you provided weren't in my sql.conf file, but I added them
>I haven't tried it but it should work.
I am pleased
Title: Message
Hello Miguel,
To be honest I'm not sure! The last reply from Alan
says that this functionality is in the CVs head and not in 1.1.x. I'm not sure
exactly what that means. But I guess you are right, at the moment it is
impossible to use MD5 or SHA1. I guess the best practice wo
Hi,
The purpose of this mail is to give you an insight on some stuff I've been
trying at work (playing some could argue) that I'd like to share in case it
could be useful to any of you out there.
I won't describe all the issues I've had during the compilation,
configuration and functio
There is a nas table you can use. It's the last table db_mysql.sql
creates;
Then you have to enable it in sql.conf
# Set to 'yes' to read radius clients from the database ('nas'
table)
#readclients = yes
I haven't tried it but it should work.
Bogdan.
-Original Message-
mad a écrit :
Hello,
I have a freeradius server, I use an eap/ttls authentication with
802.1x and ldap.
I want to save the username, the ip adress, the MAC address, the start
time and the stop time of the connection with the accounting function
(with mysql).
I have a problem with the ip addre
Stefan Winter <[EMAIL PROTECTED]> writes:
>> Is there a way to redirect a authenticated user to a specific web address
>> depending on there login information?
>
> "Captive Portal"
or faking DNS responses
Bjørn
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I'm not sure I understand what you mean. Could you be more specific?
Now I have the MS-CHAP module configured ad it works with the nt users
authentication.
I have a LDAP server where I have other users. I have configured the
LDAP module on freeradius ad it works.
The problem is that if I
Antonio Matera wrote:
Hallo,
ok now it works, there was a problem with the nt domain.
one question: it is possible to configure in the same time a MS-CHAP
module like this with nt-domain and another with LDAP?
I'm not sure I understand what you mean. Could you be more specific?
I have tri
Hello,
I have a freeradius server, I use an eap/ttls authentication with 802.1x and ldap.
I want to save the username, the ip adress, the MAC address, the start
time and the stop time of the connection with the accounting function
(with mysql).
I have a problem with the ip address ... because it's
Pierre LEONARD a écrit :
hi
i would like to configure my cisco 2620 router as VPN concentrator
with a 12.3 IOS and i use a radius server (freeradius) to authenticate
the users of the VPN but when the radius get the ip config to the
router then the router don't relay these informations to the
Hallo,
ok now it works, there was a problem with the nt domain.
one question: it is possible to configure in the same time a MS-CHAP
module like this with nt-domain and another with LDAP?
I have tried it but if I activate the MS-CHAP module the LDAP
authentication doesn't work, whitout MS-CH
The start login page depends on hotspot type. for example, I use for Nomadix
2100 the specific vendor attribute 'Nomadix-URL-Redirect'. Each hotspot has
one.
and it is set in radreply table.
From: "Nick Marino" <[EMAIL PROTECTED]>
Reply-To: FreeRadius users mailing list
To: "FreeRadius use
Thanks Bogdan,
I've tried with mysql and the crypt passwords and it works fine.
Now I still wondering if there is any way with PAP to enable crypted passwords with
MD5 or SHA1.
I don't know if I understood ok, tell me if I'm wrong.
I think that at the moment it's impossible to enable MD5
hi
i would like to configure my cisco 2620 router as VPN concentrator with
a 12.3 IOS and i use a radius server (freeradius) to authenticate the
users of the VPN but when the radius get the ip config to the router
then the router don't relay these informations to the VPN client and it
assigns
Antonio Matera wrote:
Your eap.conf is irrelevant because...
authorize {
preprocess
mschap
suffix
#eap
files
}
...you've disabled eap by commenting it out.
Why do people insist on breaking the server? Start with the default
config and make small changes to work toward
Hello Everybody,
I'm working on Openser currently . Now I integrated FreeRadius in openser.
I installed freeradius and radiusclient-ng in to box..
In client.conf file
- - - - - - - - - - - - - - - - -
client 192.168.2.55 {
secret = radiustest
shortname = hyperion.
nastype =other
Hi,
I just set up freeradius1.1.1 with MySQL and startet some basic tests -
first question I ran into was:
Can I (I assume I can) "force" freeradius not to use the "clients.conf"
file for checkinf for known clients, but put this information into MySQL?
(I assume this would be in the "nas" table o
Antonio Matera wrote:
Hallo, thanks for your answer.
Now I post all my configuration and log, in this way I suppose that is
much easy understand my problem.
my eap.conf file is:
Your eap.conf is irrelevant because...
authorize {
preprocess
mschap
suffix
#eap
files
}
On 5/10/06, raviprakash sunkara <[EMAIL PROTECTED]> wrote:
Hello Everybody,
I'm working on Openser currently . Now I integrated FreeRadius in openser.
I installed freeradius and radiusclient-ng in to box..
In client.conf file
- - - - - - - - - - - - - - - - -
client 192.168.2.55 {
secret
Hi All,How to send the freeradius server logs to remote syslog server??Is it a compile time option? or we need to specify in config script to build with syslog option.
or starting the server with radiusd -l syslog is enough ?
How do i go ahead? Please reply me if you have any idea.Thanks,Sumi
-
50 matches
Mail list logo