Hi
I a using FreeRadius with Postgre, I need to know the way to configure a
double pool of addresses so the dial up user, while connecting, gets a fake
IP Address, then when authenticated, he will redial and gets the real ip
address.
My problem consists in configuring the pools only, where ae the
Hello,
We have a Solaris 8 box running freeradius 1.0.4. This machine is being
upgraded to a bigger beast running Solaris 10. The problem I am having
has occurred on all versions of freeradius I have tested on the new
Solaris 10 machine - including 1.0.4, 1.0.5, and 1.1.1.
The error, when runn
types/rlm_eap_tls/rlm_eap_tls.c:SSL_set_ex_data(ssn->ssl, 0,
(void *)handler);
types/rlm_eap_tls/rlm_eap_tls.c:SSL_set_ex_data(ssn->ssl, 1,
(void *)inst->conf);
Found in the modules/rlm_eap
Something in the TLS end of things. I do believe it to be a bug of some
sorts either in op
"Kun Niu" <[EMAIL PROTECTED]> wrote:
> I found that you mentioned freeradius can limit the user's login for a
> certain period of time.
> Can you show me any link about how to implement this?
See "Session-Timeout". It's a standard RADIUS attribute.
Alan DeKok.
-
List info/subscribe/unsubscr
Dear Alan,
Thanks for your reply.
I found that you mentioned freeradius can limit the user's login for a
certain period of time.
Can you show me any link about how to implement this?
And I'll try Exec-Program-Wait with mysql.
Thank you again for your reply.
Message: 3
Date: Mon, 17 Jul 2006 11:
"Matt Ashfield" <[EMAIL PROTECTED]> wrote:
> I was afraid you'd say that. What would you suggest as a workaround for this
> problem? Could I do EAP-TTLS using the securew2 client instead?
Yes.
> Or am I better off creating a 2nd password attribute on the LDAP
> directory that is maybe encoded
Hi ,
I am using FreeRadius with Cisco 3845 with IOS 12.3. I am using FreeRadius
with MYSQL just for Accounting purpose only. Everthing is coming to database
except the disconnect code of voice calls from Cisco. I have not altered
dictionary or sql.conf file.
Could anyone tell me how I can fix th
Could I do EAP-TTLS using the securew2 client instead?
Yes, that's an option. And since EAP-TTLS is a standard you'll be able
to have it work on a variety of clients (MAC OS, Pocket PC + SecureW2,
Palm-OS, linux).
Or am I
better off creating a 2nd password attribute on the LDAP directory th
I was afraid you'd say that. What would you suggest as a workaround for this
problem? Could I do EAP-TTLS using the securew2 client instead? Or am I
better off creating a 2nd password attribute on the LDAP directory that is
maybe encoded as an NT-Password attribute or something like that.
Thanks
"Matt Ashfield" <[EMAIL PROTECTED]> wrote:
> I'm trying to do 802.1x authentication using freeradius against an LDAP
> directory which stores the userPassword in an ssha-1 hash. My question is,
> is this possible? If so, how do I configure mschap for ssha-1 passwords?
You don't. It's impossible
Hi All
I'm trying to do 802.1x authentication using freeradius against an LDAP
directory which stores the userPassword in an ssha-1 hash. My question is,
is this possible? If so, how do I configure mschap for ssha-1 passwords?
Thanks for your time/advice,
Cheers
Matt
-
List info/subscribe/un
Dave <[EMAIL PROTECTED]> wrote:
> freeradius 1.1.0 does not have this error, 1.1.1 and 1.1.2 both do. for
> me, using ssl 0.9.7j and 0.9.8b.
1.1.2 doesn't have references to SSL_set_ex_data in libeap, and
neither does 1.1.1. It looks to me like OpenSSL has wrappers around
some other function t
Alan DeKok wrote:
> Dave <[EMAIL PROTECTED]> wrote:
>
>> Im using currently 0.9.7j for version openssl, I thought that may have
>> been my problem but the version is up to date.
>>
>
> Then you have two versions of OpenSSL installed.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscrib
Alan DeKok wrote:
> Dave <[EMAIL PROTECTED]> wrote:
>
>> Error: radiusd.conf[10] Failed to link to module 'rlm_eap':
>> /usr/lib/libeap-1.1.1.so: undefined symbol: SSL_set_ex_data
>>
>
> You've built using an older version of OpenSSL. Use OpenSSL 0.9.7
> or later.
>
> Alan DeKok.
>
> -
> > Maybe... but is ldap xlat yet available in the "users" file ? As
> > stated in doc/rlm_ldap I thought it was only "hopefully shortly"
> > available ?
>
> The issue is more that the LDAP module ignores the
> operator, and does a simple string compare. The server core
> needs to expose a
> for example, if, on the current ACS server, i set the host where
> 'radtest' lives to...
>
> "authenticate using" -> "RADIUS (Cisco aironet)",
>
> ...I get back the correct wireless vlan info. If I then set it to
> authenticate using "RADIUS (VPN 3000)", I don't get back the
> vlan info
>
Maybe... but is ldap xlat yet available in the "users" file ? As stated in
doc/rlm_ldap I thought it was only "hopefully shortly" available ?
FreeRadius 1.1.0 definitely has it. Can't remember but I recall earlier
versions having it too.
Using it in the exact manner you want will be tricky
Hello, I have in my LAN a Colubris Access Conroller (IP: 192.168.10.81, gw: 192.168.10.1/80.B.C.D) which I authenticate on a freeradius via Internet (IP of freerad server : 63.E.F.G). My server (on log mode radiusd -X) receives : rad_recv: Access-Request packet from host 80.B.C.D:10901,
Rob Shepherd wrote:
Dear FreeRADIUS users,
I am a radius newbie.
Please could anybody point me at a ref for migrating from Cisco ACS server.
I'd specifically like to understand how I can get FreeRADIUS to reply to
my switches,firewalls,VPN and wireless controller with the
right/appropriate d
Dave <[EMAIL PROTECTED]> wrote:
> Im using currently 0.9.7j for version openssl, I thought that may have
> been my problem but the version is up to date.
Then you have two versions of OpenSSL installed.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.h
"Thibault Le Meur" <[EMAIL PROTECTED]> wrote:
> Maybe... but is ldap xlat yet available in the "users" file ? As stated in
> doc/rlm_ldap I thought it was only "hopefully shortly" available ?
The issue is more that the LDAP module ignores the operator, and
does a simple string compare. The serv
Rob Shepherd <[EMAIL PROTECTED]> wrote:
> Please could anybody point me at a ref for migrating from Cisco ACS server.
There's no real documentation for that specific purpose.
> I'd specifically like to understand how I can get FreeRADIUS to reply to
> my switches,firewalls,VPN and wireless con
"Jory Privett" <[EMAIL PROTECTED]> wrote:
> I have to upgrade my current radius solution and have chosen FreeRadius for
> this task.
Good choice. :)
> I need to be able to have one server (FreeRadius) check a username
> and if it is not found then to forward the request to another server
> (n
[EMAIL PROTECTED] wrote:
> I need to add a foreign key to the radcheck table, but the tables
> are in MyISAM, and not InnoDB. When I tried changing the table type
> to InnoDB, I get back errors that the table cannot be created.
For some reason, I presume. This would appear to be a MySQL questi
"Vishwanath Srikant Pattanshetti" <[EMAIL PROTECTED]> wrote:
> Now my problem is: when I change the shared secret stored in nas table,
> it is not being picked by the RADIUS server. I need to restart the
> RADIUS server for new shared secret to take effect. Is there now way the
> RADIUS server can
"sumi thra" <[EMAIL PROTECTED]> wrote:
> Do anyone have an idea of why is it trying to do ldap_grpcmp() during proxy
> state??
Because you told it to.
The server doesn't do LDAP or proxying to any destination in the
default install, so the issue is limited to the changes you made to
your serv
"Kun Niu" <[EMAIL PROTECTED]> wrote:
> And I have a shell command to execute after an authentication session.
See Exec-Program-Wait. It's in the documentation.
> In fact, I want to limit the time of user connection.
> I know that it's not freeradius' job.
Yes, it is.
Alan DeKok.
-
List
Dear FreeRADIUS users,
I am a radius newbie.
Please could anybody point me at a ref for migrating from Cisco ACS server.
I'd specifically like to understand how I can get FreeRADIUS to reply to
my switches,firewalls,VPN and wireless controller with the
right/appropriate data.
for example, i
> > Am I missing something or is this setup impossible with
> Ldap-Groups ?
>
> You are missing something.
>
> Ldap-Group is not a real attribute that's copied to the config items.
> It's a "virtual" attribute. At runtime, the right-hand-side of the
> comparison is searched for in the LDAP dir
I have to upgrade my current radius solution and have chosen FreeRadius for
this task. I have been reading the docs and so forth and can not find an
answer to a setup that I want to do. I need to be able to have one server
(FreeRadius) check a username and if it is not found then to forward t
Peter de Groot wrote:
Eeeerrk
Given that I suspect that this form of authentication is going to be
popular ... I was wondering if
it could be "broken out" into a test program to add to the others
See the "eapol_test" program from the "wpa_supplicant" package. Works
very well.
Al
Thibault Le Meur wrote:
Hello,
I've made a little test and found that the match operator "=~" doesn't work
on my setup (Freeradius 1.0.4) for Groups defined as LDAP DNs.
Indeed I'd like to to use the following rule (in the users file):
DEFAULT Ldap-Group =~
"cn=mygroupname,ou=(unit1|unit2|unit
Thank you, it loaded into the database fine.
On 7/17/06, Kun Niu <[EMAIL PROTECTED]> wrote:
Hi Matt,
Here is the db_mysql.gz I copied from /usr/share/doc/freeradius/examples
You can make some minor changes if you get warning when installing.
Hope you good luck.:)
#
ah, thank you very much. i kept grepping for db_mysql
On 7/16/06, Alan DeKok <[EMAIL PROTECTED]> wrote:
"Matt Manjos" <[EMAIL PROTECTED]> wrote:
> Hello, it's my first install of freeradius using mysql for auth and I
> must be going mental because I can't seem to find the default schema
> to imp
Hi,
I need to add a foreign key to the radcheck table, but the tables are in
MyISAM, and not InnoDB. When I tried changing the table type to InnoDB, I get
back errors that the table cannot be created. Is there any way to add a
foreign key into the tables created using the db_mysql.sql script
Hello,
I've made a little test and found that the match operator "=~" doesn't work
on my setup (Freeradius 1.0.4) for Groups defined as LDAP DNs.
Indeed I'd like to to use the following rule (in the users file):
DEFAULT Ldap-Group =~
"cn=mygroupname,ou=(unit1|unit2|unit3),dc=mycorp,dc=org"
Title: need help - Freeradius + oracle
Hello all
My setup has freeradius 1.1.0 with Oracle10 my oraclesql.conf file has the following line:
readclients=yes
Now my problem is: when I change the shared secret stored in nas table, it is not being picked by the RADIUS server. I need to restar
Matt wrote:
Hello,
I have a problem with the users file. Indeed, if I write in this file :
DEFAULT Auth-Type := digest
I got this error "rlm_digest: Configuration item "User-Password" or
Digest-HA1 is required for authentication."
Digest auth REQUIRES the plaintext password or digest HA1 att
Eeeerrk
Given that I suspect that this form of authentication is going to be
popular ... I was wondering if
it could be "broken out" into a test program to add to the others
I have gone with WPA-PSK for the moment, until I get this sorted ..
Has anybody on the samba list got ntlm_a
Hi All,Im trying to authenticate a [EMAIL PROTECTED]The same realm is found in the realm list & the request got proxyed. But the freeradius server is still trying to do ldap_groupcmp(). When 2-3 ldap servers are configured the radius server is busy in connecting to those.. & fails in case of non-r
Hi Matt,
Here is the db_mysql.gz I copied from /usr/share/doc/freeradius/examples
You can make some minor changes if you get warning when installing.
Hope you good luck.:)
###
# db_mysql.sql rlm_sql - Fr
Hello,
I have a problem with the users file. Indeed, if I write in this file :
DEFAULT Auth-Type := digest
I got this error "rlm_digest: Configuration item "User-Password" or
Digest-HA1 is required for authentication."
So I decided to put a Digest-HA1 attribute in the users file and the auth
w
Dear all,
I have a freeradius server on Debian3.1.
And I have a shell command to execute after an authentication session.
In fact, I want to limit the time of user connection.
I know that it's not freeradius' job.
So I want to write a shell command for private use.
I just wonder if I can communic
43 matches
Mail list logo
