Hi Corey,
You don't have debug output for the "username without
realm", but I suspect what is happening is the Sripped-User-Name attribute is
not being added, because the username doesn't need to be
stripped!
You can try:
filter
= "(uid=%{Stripped-User-Name:-%{User-Name}})"
Which wil
We have 2 clients authenticating user one passes simply the
uid (cburks) and users authenticate properly.
The other client is passing username and realm ([EMAIL PROTECTED]), which fails. I have
configured zhone.com realm in the proxy.conf file like this:
realm zhone.com {
type
Tony Redstone wrote:
Hi Michael,
On 5/18/06, Mitchell, Michael J <[EMAIL PROTECTED]> wrote:
this also sounds interesting, under extreme conditions, when, in our
case, BT dropped around 30k users simultaneously during one
maintenance window (SDH MUX software changes), we had to resort to
-- Forwarded message --
From: Abul Monsur Mannan <[EMAIL PROTECTED]>
Date: May 19, 2006 3:28 AM
Subject: freeradius cannot find the rlm_sql module
To: freeradius-users@lists.freeradius.org
-- Forwarded message --
From: Abul Monsur Mannan <[EMAIL PROTECTED]>
Date:
"Chris Liles" <[EMAIL PROTECTED]> wrote:
> How can I make the mschap module use both ntlm and mysql?
If it gets a clear-text password, it should probably default to
using that. For now, you can set the check item MS-CHAP-User-NTLM-Auth = No.
Alan DeKok.
-
List info/subscribe/unsubscribe? S
Search through the list archives for "PEAP Machine Authentication".
--Mike
On May 18, 2006, at 6:41 PM, Jérémy Cluzel wrote:
Hello,
I try to secure my wireless LAN with freeradius.
I managed to do PEAP (with auth_ntlm) against a windows 2003 server
AD.
Both machines and users auth work.
No
Hi Michael,
On 5/18/06, Mitchell, Michael J <[EMAIL PROTECTED]> wrote:
Hi Tony,
I've run into this problem in the past. What version of freeRADIUS are
you running?
until recently we were running 1.0.5 but we've just upgraded to 1.1.1
and we see the same issue (which doesn't surprise me since
Hello,
I try to secure my wireless LAN with freeradius.
I managed to do PEAP (with auth_ntlm) against a windows 2003 server AD.
Both machines and users auth work.
Now, I try to do the same (still PEAP) against a samba server acting as
PDC (not AD).
But, I have a problem, the machine (which belon
Kostas Kalevras wrote:
On Thu, 18 May 2006, Mike Jakubik wrote:
Hello,
I need help restricting users based on the number they called. I am
using Freeradius 1.1.1 and a MySQL backend. I tried adding
Called-Station-Id == "number,number,..." in to radgroupcheck, but it
does not seem to be func
On Thu, 18 May 2006, Mike Jakubik wrote:
Hello,
I need help restricting users based on the number they called. I am using
Freeradius 1.1.1 and a MySQL backend. I tried adding Called-Station-Id ==
"number,number,..." in to radgroupcheck, but it does not seem to be
functioning. Could someone s
"Glenn Swonk" <[EMAIL PROTECTED]> wrote:
> When I configure with the following:
>
> ./configure --prefix=/Radius
...
> the 'make install' fails.
Are you willing to say what the error is?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Christopher Carver wrote:
In radgroupcheck set up something like this:
++-+--++-+
| id | GroupName | Attribute | op | Value |
++-+--++-+
| 1 | restricted | Called-
Hi Tony,
I've run into this problem in the past. What version of freeRADIUS are
you running?
Like you I found that it appears more often when proxying requests to a
home server - I guess the reqeusts sit in the queue longer waiting for a
reply.
Alan was kind enough to supply a patch within hours
-- Forwarded message --
From: Abul Monsur Mannan <[EMAIL PROTECTED]>
Date: May 19, 2006 2:47 AM
Subject: freeradius cannot find the rlm_sql module
To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
Hi fr users,
I setup Freeradius and mysql again.Actually, at earlier try I ran the
serve
I cannot configure freeradius to install into any other directory other than the default.
When I configure with the following:
./configure --prefix=/Radius
make all
make install
the 'make install' fails.
When I perform the default configure, everything works fine.
Comments below
--- [EMAIL PROTECTED] wrote:
> Hi,
>
> I think I have my radius server configured properly
> (I followed the configuration advice in
> http://tldp.org/HOWTO/html_single/8021X-HOWTO/).
>
> I can get it running (using radiusd -X) and see all
> the expected output.
Please post
In radgroupcheck set up something like this:
++-+--++-+
| id | GroupName | Attribute | op | Value |
++-+--++-+
| 1 | restricted | Called-Station-ID | == | 111222333
If the radius server in debugging mode isn't showing any sort of
access-request coming from the client, then the requests simply aren't
reach the server. This could be due to firewalling, your client looking
at the wrong host/port, or a variety of other things. I'd suggest using
tcpdump to se
Christopher Carver wrote:
In the users file you could have a line...
DEFAULT Called-Station-ID == 111222, Auth-Type := Reject
As i mentioned, i need to do this in the sql database and for each
group. Adding the Called-Station-ID to radgroupcheck results in the
following error:
Thu May
Hi,
I think I have my radius server configured properly (I followed the
configuration advice in http://tldp.org/HOWTO/html_single/8021X-HOWTO/).
I can get it running (using radiusd -X) and see all the expected output.
I have also configured my AP to point to the correct location, and it is
pin
In the users file you could have a line...
DEFAULT Called-Station-ID == 111222, Auth-Type := Reject
Chris Carver
Pennswoods.Net
Network Engineer
Mike Jakubik wrote:
Hello,
I need help restricting users based on the number they called. I am
using Freeradius 1.1.1 and a MySQL backend. I tr
Hello,
I need help restricting users based on the number they called. I am
using Freeradius 1.1.1 and a MySQL backend. I tried adding
Called-Station-Id == "number,number,..." in to radgroupcheck, but it
does not seem to be functioning. Could someone shed some light on the
problem?
Thanks.
-
On Thu, May 18, 2006 at 04:10:00PM +0300, KES wrote:
> Здравствуйте, Boian.
>
> Yes, problem was with ITHREADS
> # cd /usr/ports/lang/perl5.8
> # make clean install clean WITH_THREADS=YES
>
> but I see nothing executing "perl -V | grep USE_ITHREADS"
> May be usage of ITHREADS showed by -D_THREAD_
I'll wait :^))
Giuseppe
- Original Message -
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: "FreeRadius users mailing list"
Sent: Thursday, May 18, 2006 6:34 PM
Subject: Re: max_requests
"Giuseppe Parlato" <[EMAIL PROTECTED]> wrote:
None can help me?
Are you expecting immediate an
Antonio Matera <[EMAIL PROTECTED]> wrote:
> Invalid operator for item EAP-Type: reverting to '=='
> rlm_ldap: Pairs do not match. Rejecting user.
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns reject for request 5
Why do you have EAP-Type in your LDAP co
root linux <[EMAIL PROTECTED]> wrote:
> Below is the command I run for pppoe-server: -
>
> pppoe-server -I eth1 -k -L 10.3.0.1 -R 10.3.1.1
...
> I did perform a download speed test and the download
> speed is not correct. I can't get 128kbits but I get
> the full speed of 1Mbps, why?
Did PPPoE
emerson <[EMAIL PROTECTED]> wrote:
> My AP is a Ovislink wl5460AP, it's authenticate better, but the client linked
> on AP cause this error below:
> *
> Info: rlm_eap_md5: Issuing Challenge
> Mon May 15 14:47:29 2006 : Error: TLS_accept:error in SSLv3 read client
>
"Giuseppe Parlato" <[EMAIL PROTECTED]> wrote:
> None can help me?
Are you expecting immediate answers to your questions?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
None can help me?
Giuseppe
- Original Message -
From:
Giuseppe Parlato
To: freeradius-users@lists.freeradius.org
Sent: Thursday, May 18, 2006 2:42
PM
Subject: max_requests
value max_requests now is 1024, as default value
is I think, but 4 clients isn't i
Hello,
i'm a new user's list and new freeradius users's.
I configuring freeradius ok, but it's not work...
My Freeradius is, 1.1.1, with mysql, OpenSSL 0.97d,running in slackware 10.1.
My AP is a Ovislink wl5460AP, it's authenticate better, but the client linked
on AP cause this error below:
Rate_Limit_Rate = 128, Rate_Limit_Burst = 2, Police_Rate = 128, Police_Burst = 2,what does the 128,2 mean ? if i want to restrict download speed at 10.0k and upload of 5k for each user?what value should be for rate_limit and police_rate ?what is fall_through? i cant find wiki on this.
Thanks Alan,
That worked perfectly.
Now the next problem:
I'm trying to set up freeradius to do ntlm and mysql.
Currently mysql only works when I comment out the ntlm_auth line in the mschap
section. I'm thinking because it is sending the username/password to the Domain
Controller, which won
We had this problem so we did a dodgy but nonetheless functional small
hack to make it work. YMMV but you may find it useful until the next
proper release which hopefully will contain the new code which Alan
refers to.
Tony
in radiusd.conf:
pap {
encryption_scheme = sha1
}
we occasionally get these errors in our logs:
Thu May 18 09:31:05 2006 : Error: FATAL! Server is too busy to process requests
and the server dies. I've found the core in src/main/threads.c that
spits out this message but it's not clear to me under what
circumstances this would/should happen. I
There's more going on the exchange than a simple authentication.
The data in the Access-Request packet may have correct data for
authentication. The server will correctly authenticate the entity.
However server signs the response packet with a different secret than
the client making the signa
I can check RAD_REQUEST for some values and set RAD_REPLY
How must I use %RAD_CHECK? it reserving for?
Can you give me an example how I must use it?
--
KES mailto:[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hello,
See comments below
Thanks
regards
Stephan
"Alan DeKok"
<[EMAIL PROTECTED]>
Envoyé par : [EMAIL PROTECTED]
16/05/2006 17:50
Veuillez répondre à
FreeRadius users mailing list
A
FreeRadius users mailing
list
cc
Objet
Re: PB with Accent in nspmPassword
in request LDAP
Здравствуйте, Boian.
Вы писали 18 мая 2006 г., 11:14:13:
BJ> On Wed, May 17, 2006 at 05:02:28PM +0300, KES wrote:
>> I have try next program:
>> rlm_perl: perl_embed:: module = /usr/local/etc/raddb/kes.pl , func =
>> authorize exit
>> status= Can't call method "prepare" on an undefined value at
..and if I tell you I also have unixodbc and
freetds installed?
Giuseppe
- Original Message -
From:
Giuseppe Parlato
To: FreeRadius users mailing
list
Sent: Wednesday, May 17, 2006 3:05
PM
Subject: Re: freeradius upgrade
thanks,
I'll backup dictionar
value max_requests now is 1024, as default value is
I think, but 4 clients isn't it too low? if I want to change it then do I have
to just change and restart freeradius to make it working?
Giuseppe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hey All,Im using the D-Link client card with the odyssey client manager.Im trying to connect to the wlan configured with 802.1x authetication & the radius server used for authetication is
freeradius-1.1.1
. Eap-Type : TTLSAuth-Type : MS-CHAPV2When the MU sends an access request, the radius server
Hello EveryBody ,
I need help from U. please help me in How make a conference in softphones.
On Which modules have work.
I recently install tested the softphones . that a calls are made .
And When I looked into Location table . in that table records are insert. immediately when the system
hi,
If the shared-secret mismatches bwtween NAS and RADIUS server,
then still the access-accept message is sent from RADIUS server to NAS.
why is access-reject message not sent???
--DilipSimha
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Le Thu, May 18, 2006 at 02:37:57AM +1000, Jeremy ohara ecrivait:
> would there be any reason for '%{Acct-Terminate-Cause}' to not work?
What do you mean by "not work" ? If you don't get it in the accounting
request sent by the (NAS|Client) you just can't have it anyway.
Regards,
Fox.
signature
Well I have found the answer. In the proxy realm I've put nostrip and it is working now.2006/5/18, wekz <[EMAIL PROTECTED]>:
Hello everyone,I've configured a freeradius 1.1.1 + LDAP for eap-tls authentication with domains.
authorize { preprocess ntdomain ...}realm host { type = radius au
Hello everyone,I've configured a freeradius 1.1.1 + LDAP for eap-tls authentication with domains. authorize { preprocess ntdomain ...}realm host { type = radius authhost = LOCAL
accthost = LOCAL strip}This configuration gives an error: rlm_eap: Identity does not match User-Name, s
On Wed, May 17, 2006 at 05:02:28PM +0300, KES wrote:
> I have try next program:
> rlm_perl: perl_embed:: module = /usr/local/etc/raddb/kes.pl , func =
> authorize exit
> status= Can't call method "prepare" on an undefined value at
> /usr/local/etc/raddb/kes.pl line 58.
Did you check your script
Hi,
I write better my error in my log, the problem I suppose that is these
lines:
Invalid operator for item EAP-Type: reverting to '=='
rlm_ldap: Pairs do not match. Rejecting user.
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns reject for request 5
Her
hi Alan
Thanks for the reply. i want to specify the NAS if the billing model is
prepaid then go in for authorization else dont.
--
View this message in context:
http://www.nabble.com/Cisco-and-RADIUS-t1609640.html#a4446056
Sent from the FreeRadius - User forum at Nabble.com.
-
List info/subscri
49 matches
Mail list logo
