Alan,
What domain were you testing against? 2000 or 2003? (I ask, because I
was under the impression that KRB5 had to be setup as well)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Alan DeKok
Sent: Friday, September 22, 2006 3:26 PM
To: FreeRadius
Hello!
I've created a new sqlippool.conf customized for Oracle.
The queries in there returns no error but I get this:
modcall: entering group post-auth for request 0
Value Of the Pool-Name is [FOO] and its [3] Chars
rlm_sql (sql): Reserving sql socket id: 2
radius_xlat: 'BEGIN'
BEGIN
rlm_sql_
Hi friends,
I am awfully worried about my radius configuration getting the following
error.
Could anybody help me with this real mess ?
I can not find any hint in the freeradius.org/faq files.
Version FreeRadius 1.0.5
MySQL 4.1.12
ERROR:
rlm_sql (sql): No matching entry in the database for
http://www.openssl.org/news/secadv_20060905.txt
From my preliminary reading, this may only affect people using
EAP-TLS. PEAP and EAP-TTLS do not validate certificates on the server
side, so they may not be vulnerable.
Still, it's probably worth upgrading OpenSSL.
Alan DeKok.
--
http://d
On Sat 23 Sep 2006 00:08, Federico Wenner wrote:
> Hi friends,
>
> I am awfully worried about my radius configuration getting the following
> error. Could anybody help me with this real mess ?
>
> ERROR:
>
> rlm_sql (sql): No matching entry in the database for request from user
> [monkey]
> rlm_sql
On Sat 23 Sep 2006 00:02, Kris wrote:
> >> In the tuning guide, where it states "Tune the num_sql_socks to be
> >> larger than the
>
> number
>
> >> of simultaneous authentication/accounting requests" does this mean if I
> >> have 6700 user accounts, I would want to set the num_sql_socks to be
> >>
>> In the tuning guide, where it states "Tune the num_sql_socks to be larger
>> than the
number
>> of simultaneous authentication/accounting requests" does this mean if I have
>> 6700 user
>> accounts, I would want to set the num_sql_socks to be larger than that since
>> it is
>> possible that a
http://deployingradius.com/documents/configuration/active_directory.html
It describes a minimal set of steps to take to get authentication
working against Active Directory. It works in my limited tests, but
if anyone runs into problems, please email me, and I'll update the
page.
Alan DeKok.
"Garber, Neal" <[EMAIL PROTECTED]> wrote:
> I understand that it is sometimes useful to display the plain-text
> password in the debug output; however, I consider this a security
> exposure. I'd like to see a configuration option (e.g.,
> debug_show_passwords or something similar) with a default o
I am not in the office until 4th of Octorber 2006 and have limited access to my
e-mails. Thank you for your understanding that your e-mail will be answered
after my return to the office. This e-mail will not be forwarded.
Kind regards
Olaf Becker
-
List info/subscribe/unsubscribe? See http://w
Hi,
hm digging around in the source I'm not able to really isolate a cause
for that behaviour with certainity. Would you care to provide (in
order of descending helpfulness):
- full debug output (all ongoing requests and challenges)
- including the EAP-Message contents
- users file, eap.conf
- de
Debugging output is always a security exposure. Secure debugging
wouldn't be all that helpful to the debugging process especially as
seeing the plain text password may be the difference between solving a
problem or not.
Perhaps 'redacted' debugging output is what you're after (for posting to
On Fri 22 Sep 2006 19:56, Jory Privett wrote:
> I am getting ready to switch my Radius servers over to FreeRadius and I
> would like to get some performance help. I know that FreeRadius can
> authenticate users from a MySQL database, from Linux users, and other
> options. For a performance and ea
I understand that it is sometimes useful to display the plain-text
password in the debug output; however, I consider this a security
exposure. I’d like to see a configuration option (e.g., debug_show_passwords
or something similar) with a default of no, that when set to false/no would writ
I am getting ready to switch my Radius servers over to FreeRadius and I
would like to get some performance help. I know that FreeRadius can
authenticate users from a MySQL database, from Linux users, and other
options. For a performance and ease of maintenance which is recommended and
why?
J
Hi,
hm, the _full_ debugging output (-X as has been time and time again
been mentioned here, faq, etc.) would show, where exactly freeradius
wants to read that file. "No such file or directory" does point pretty
strong into the direction of the problem one would think.
regards
K. Hoercher
-
Lis
Hi everybody,
I have a little problem with regular expression on
Ldap-Group attribute.
In the radiusd.conf I have :
regular_expressions = yes
extended_expressions= yes
In the users file I have rule like this :
DEFAULT Huntgroup-Name == "clietn802.x", Realm
=="NULL", Ldap-Group =~ "^i
Graham Beneke <[EMAIL PROTECTED]> wrote:
> Is there any way (in some post processing module perhaps) to rewrite the
> name of a reply attribute without changing the value.
You may be able to create a new attribute with the value of the old
one, and then delete the old one.
Alan DeKok.
--
h
On 9/22/06, K. Hoercher <[EMAIL PROTECTED]> wrote:
the usual suspects: oid's in certs on supplicant, reception of
ah, for peap, of course you only need a proper root ca cert there.
Anyways it doesn't look like that gets even relevant.
regards
K .Hoercher
-
List info/subscribe/unsubscribe? See
Hi,
On 9/22/06, Tilen <[EMAIL PROTECTED]> wrote:
Hello, it's me again, did you miss me? :)
Thing is, i tried to make 2nd freeradius server
(eap-peap,mschapv2,openldap), with same setup and i configured it exact same
way, but i get this when i try to connect:
Welcome back to our regular progra
> all of these files mentioned exist and are readable by the radiusd process?
Yes, all of them have "chmod 777" just in case. The contents of
server_keycert.pem and cacert.pem is the following:
server_keycert.pem:
-BEGIN RSA PRIVATE KEY-
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,***
Hello, it's me again, did you miss me? :)Thing is, i tried to make 2nd freeradius server (eap-peap,mschapv2,openldap), with same setup and i configured it exact same way, but i get this when i try to connect:
rad_recv: Access-Request packet from host 192.168.1.1:3079, id=0, length=121 User-N
> Thanks, in fact I know that by using the developpment version I could
> have a test at the 2.0 branch, but I'm a little "frightened"
> to test it
> in my production environment...
I just want to correct my words because I don't want users on the list to
misunderstand my meaning: I think th
On Fri 22 Sep 2006 10:52, Thibault Le Meur wrote:
> Thibault Le Meur <[EMAIL PROTECTED]> wrote:
>> * the inner PAP authentication is "processed" by the ldap module in
>> which I don't need to define which password hashing method is used (I
>> use at least CRYPT _and_ MD5 in the same directory for
Hi,
> Ok,
> but how can I convert passwd from clear text to NT-Passwd format?
use a utility that can do that. you're not firewalled from google,
altavista, ask AND msn are you?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> PAP! I have read that it is possibile make it with NT-passwd
hash.
> It is true? And how it is possible?
you put the NT-Passwd hash into the LDAP as password field entry
alan
Ok,
but how can I convert passwd from clear text to NT-Passwd format?
Thanks
Naviga e telefona senza limit
On Fri 22 Sep 2006 10:52, Thibault Le Meur wrote:
> > Thibault Le Meur <[EMAIL PROTECTED]> wrote:
> >> * the inner PAP authentication is "processed" by the ldap module in
> >> which I don't need to define which password hashing method is used (I
> >> use at least CRYPT _and_ MD5 in the same directo
On Fri 22 Sep 2006 09:11, Kshitij Korde wrote:
> Hi
>
>
>
> I have integrated free radius server with NET-SNMP for monitoring radius
> server. Now the NET-SNMP daemon is detecting radius server. If I run radius
>server in debug mode I get following debug messages.
--snip--
> Is there any mechanism
> they havent used PEAPv1/PEAPv2 in Vista by any chance? :-|
We suspect that this is possible.
I've only got as far as ascertaining that Vista + PEAP doesn't work against
our Freeradius 1.0.5 servers,which work fine doing PEAP with all other
clients, and that Vista + EAP-TLS does work.
> whilst
Thibault Le Meur <[EMAIL PROTECTED]> wrote:
* the inner PAP authentication is "processed" by the ldap module in
which I don't need to define which password hashing method is used (I
use at least CRYPT _and_ MD5 in the same directory for historical
reasons)
Version 2.0 has fixes that make it
Hi,
> PAP! I have read that it is possibile make it with NT-passwd hash.
> It is true? And how it is possible?
you put the NT-Passwd hash into the LDAP as password field entry
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I have a big problem with Radius and Ldap. There is a way to use
MSCHAP v2 with the password stored in LDAP in some encripted manners?
(md5, crypto...) In the client authentication software I cannot use
pap/ttls, so Radius receive finally from the client unencripted passwd
and have to compa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
you should check if php is installed and add this line to your httpd.conf
AddType application/x-httpd-php .php3
regards,
Christian
anyuru francis wrote:
> Hello,
>
> Am installing freeRadius with Mysql5 and dialup admin with a freebsd 5.4 box
>
Hi,
> tls {
> private_key_password = ** # have I to put the
> server pass phrase here?
yes. the pass phrase goes there.
> private_key_file =
> ${raddbdir}/certs/server_keycert.pem
> certificate_file =
34 matches
Mail list logo
