On 11/16/06, Alan DeKok [EMAIL PROTECTED] wrote:
And what does the output of radiusd -X say? Is it rejecting the
user?
When I login with the same user (on the same machine), after a
disconnection, if I want reconnect immediatly freeRADIUS receive the first
request and it accept the user
Hi,
I want to provide the possibility of anonymouse EAP, with inner
User-name and password.
So I think I have to add the user annonymous to the users-file with
Auth-type = EAP, but how do I access the inner User-name, which I need
for authentication/authorization?
Thanks
Florian
--
Hello,
I want to provide the possibility of anonymouse EAP, with inner
User-name and password.
If you already successfully used outer = inner identity and it worked, you
don't need to change anything. the eap module doesn't care about the
User-Name of the outer request, just try it out.
Hi.
I'm using FreeRADIUS to authenticate Wireless users (WPA) to an LDAP
backend. FreeRADIUS also rewrites attributes for dynamic Vlan
assignments. Works like a charm.
Is it possible to make FreeRADIUS rewrite/force an Access Denied reply
into an Access Accept reply? Why on earth would I
The inner request will magically show up after the tunnel has
been decoded. It
is a new request, and will have its own User-Name attribute.
Could you be mores specific as:
* when did this feature appear ?
* how does this differ from previous versions ?
Indeed, I found out that with the
into an Access Accept reply? Why on earth would I want
this? Well, I
would like to i.e. give a guest-net Vlan back to users that actually
fail authentication, so that when they try to access the web
they will
instead get connected to a redirected guest-information webpage.
I haven't
Hello,
is it possible to log an EAP conversation's Access-Challenge packets that
leave the FR server? I mean, other than dumping the output of -X but with a
detail { } instance.
During looking that up, I took a look at Post-Auth-Type and the dictionary
only knows about the value Local = 0,
Erling Paulsen wrote:
Hi.
Is it possible to make FreeRADIUS rewrite/force an Access Denied reply
into an Access Accept reply? Why on earth would I want this? Well, I
would like to i.e. give a guest-net Vlan back to users that actually
fail authentication, so that when they try to access the
2006 : Debug: radius_xlat:
'/var/log/radius/radacct/131.188.4.190/auth-detail-20061117'
Fri Nov 17 12:03:14 2006 : Debug: rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var /log/radius/radacct/131.188.4.190/auth-detail-20061117
Fri Nov 17 12:03:14 2006
Hi;
Is there any way to configure in the radius database, the modulation for a
user?
Ex: if I want to oblige a user to open a dial up session, on a certain
modulation, V92 for example (or V90, or V34), can it be done in the radius
database using a certain entry?
Thanks
Elie Hani
-
List
Elie Hani wrote:
Hi;
Is there any way to configure in the radius database, the modulation for a
user?
Ex: if I want to oblige a user to open a dial up session, on a certain
modulation, V92 for example (or V90, or V34), can it be done in the radius
database using a certain entry?
Thanks
Elie
Hi,
first of all hello to everybody!
I have a problem with my freeradius installation.
I'm using it to pass data from a softswitch to another radius server.
The radiusd daemon receive data and put it into a file called details.
The radrelay should read from this file and send data away.
The
Hi James;
My customers do negotiatie it automatically, and on the NAS it can be done
for all users, but I was wondering if it can be done on the radius database
for predefined users.
Thanks James.
Kind Regards
Elie
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Josh Shamir [EMAIL PROTECTED] wrote:
When I login with the same user (on the same machine), after a
disconnection, if I want reconnect immediatly freeRADIUS receive the first
request and it accept the user (but the client isn't really connected to
wifi network),
Why not?
after this,
Thibault Le Meur [EMAIL PROTECTED] wrote:
Indeed, I found out that with the latest release of FR, the debug isn't the
same: previously (FR 1.0.1), I was able to read the Tunneled inner-request
and attributes (with inner user name and password...) and the complete
process of this 'new request'
Riccardo Roasio [EMAIL PROTECTED] wrote:
The radrelay should read from this file and send data away.
The problem is that it seems not to read from file ...
If i run it with -f -xxx options it read few data from the file and
nothing else, while in the detail file there are a lot of data ...
Hello,
Am Freitag, 17. November 2006 12:56 schrieb Thibault Le Meur:
The inner request will magically show up after the tunnel has
been decoded. It
is a new request, and will have its own User-Name attribute.
Could you be mores specific as:
* when did this feature appear ?
* how does
(rlm_detail) for request 0
Fri Nov 17 12:03:14 2006 : Debug: radius_xlat:
'/var/log/radius/radacct/131.188.4.190/auth-detail-20061117'
Fri Nov 17 12:03:14 2006 : Debug: rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var /log/radius/radacct/131.188.4.190/auth
Stefan Winter [EMAIL PROTECTED] wrote:
is it possible to log an EAP conversation's Access-Challenge packets that
leave the FR server? I mean, other than dumping the output of -X but with a
detail { } instance.
Ideally, it should be possible, but I think code changes are
necessary.
Alan
Alan DeKok wrote:
Riccardo Roasio [EMAIL PROTECTED] wrote:
The radrelay should read from this file and send data away.
The problem is that it seems not to read from file ...
If i run it with -f -xxx options it read few data from the file and
nothing else, while in the detail file there are a
Thibault Le Meur [EMAIL PROTECTED] wrote:
Indeed, I found out that with the latest release of FR, the debug
isn't the
same: previously (FR 1.0.1), I was able to read the
Tunneled inner-request
and attributes (with inner user name and password...) and
the complete
process of this
Stefan Winter [EMAIL PROTECTED] wrote:
as before. The only thing that changed is that the new, inner request isn't
printed in -X. But it's still there.
Hmm... that should be fixed.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
And, lastly, did you set copy_request_to_tunnel in eap.conf?
Don't, because
then your real inner user name gets overwritten by the outer one.
Strange... I've set copy_request_to_tunnel and I haven't seen my inner
User-Name be overwritten !
Are you sure it would overwrite the inner User-Name
Riccardo Roasio [EMAIL PROTECTED] wrote:
I found some errors like
Error: Accounting: logout: login entry for NAS svi port 0 not found
but the radiusd wrote on the detail file, while the radrelay doesn't
read ...
Perhaps you could say a little more what RADRELAY is doing. Are
there any
hello,
I am trying to use the redundant feature of freeradius and I do not
understand why the sql module (postgresql driver) returns ok when a
query fails.
from radiusd -X
rlm_sql (sql): Reserving sql socket id: 61
rlm_sql_postgresql: Status: PGRES_FATAL_ERROR
rlm_sql_postgresql: Error
Thibault Le Meur [EMAIL PROTECTED] wrote:
Strange... I've set copy_request_to_tunnel and I haven't seen my inner
User-Name be overwritten !
Doing that would be wrong. FreeRADIUS doesn't do that.
And, lastly, did you set copy_request_to_tunnel in eap.conf?
Don't, because
then your
Vista supports only PEAPv2 client (but I think only one TLV type-
TLV-Result), Microsoft is going to release a new version of Windows Server
(Longhorn) in the second half of 2007. It will support PEAPv2.
I want to know that, if there is currently any RADIUS server which supports
PEAPv2.
Hi!
I need to be thankful all that had helped me.
My problem was decided when I reinstalled all the packages.
Probably I was with some problem in my installations because I did not
obtain to get no reply when I had started freeradius - x or radiusd - x. Now
it's work.
Thanks a lot,
Marilene
-
MURAT SEZGIN [EMAIL PROTECTED] wrote:
I want to know that, if there is currently any RADIUS server which supports
PEAPv2.
No open source RADIUS server supports PEAPv2. Please supply patches. :)
Alan DeKok.
--
http://deployingradius.com - The web site of the book
-Original Message-
Vista supports only PEAPv2 client (but I think only one TLV
type- TLV-Result),
Can you provide some documentation on that? We've been collectively
trying to figure out what Microsoft did to break Vista working with
FreeRADIUS. I'm wondering if this is it.
Thibault Le Meur [EMAIL PROTECTED] wrote:
Strange... I've set copy_request_to_tunnel and I haven't seen my inner
User-Name be overwritten !
Doing that would be wrong. FreeRADIUS doesn't do that.
I know, It would have broken my setup ;-)
And, lastly, did you set
Thibault Le Meur [EMAIL PROTECTED] wrote:
Ok, so I had correctly interpreted this copy_request_to_tunnel option.
Thus I thin the previous debug output showing th decoded inner request
was better to troubleshoot tunneled authentication schemes.
The weird thing is that the code hasn't
Hi,
I am again. It's work with my mysql users. But, I have two databases and I
will have more. The first, mysql it's ok. But, after I installed every
softwares again, I can't authenticate now with my ldap users. It is the
error: rlm_unix: [ldapuser]: invalid shell []...
I don't know where I
Quoting Christopher Carver [EMAIL PROTECTED]:
Quoting Michael Mitchell [EMAIL PROTECTED]:
Hi Chris,
Christopher Carver wrote:
Thanks for the reply, Kevin. You got me on the right track, but I still
don't
quite have it right. It seems as though the users file can only
Marilene Lima [EMAIL PROTECTED] wrote:
I am again. It's work with my mysql users. But, I have two databases and I
will have more. The first, mysql it's ok. But, after I installed every
softwares again, I can't authenticate now with my ldap users. It is the
error: rlm_unix: [ldapuser]: invalid
My set up: multiple servers with FreeRadius 1.1.0, MySQL 5.0.27 with
Master-Master replication
After some trouble with duplicate entries in the radius accounting table due
to
non-unique Acct-Session-Id's, I switched to using the acct_unique module.
acct_unique {
key = User-Name,
36 matches
Mail list logo