Ahh. yes. Ignore my reply. I neglected to read the history and assumed thet
you wanted to restrict which network devices certain groups of users should
be able to access AFTER they are connected.
-Peter
On Tue 16 Jan 2007 12:00, Jan Mulders wrote:
Hoping to be more helpful here, I know how to
On Wed 17 Jan 2007 00:12, Tas Dionisakos wrote:
I have successfully setup a freeradius, mysql, chillispot.
Im just wondering if there is a way to allow free sites for my users,
without radius accounting?
I guessing that an IP table rules will do the job, as in allow a subnet
range to bypass
On Wed 17 Jan 2007 04:57, Long wrote:
Probably a file or directory has the wrong permissions. When you run in
debug with -X the server runs as root. When you run for real it changes
to user radiusd or whatever you set up.
Try strace -e open,stat -f radiusd and look for EPERM line
Are all
Hi,
I wanted to try the Pre2.0 release in the CVS to see if the TLS locking
code fixed the problem I had with the SSL errors in PEAP.
I downloaded the snapshot from ftp.freeradius.org
freeradius-server-snapshot-20070116.tar.bz2
I'm building on Debian, so I wanted to package it
Hi,
Thanks to help from many folks here, tonight I got one property up and
running on our new server. THANK YOU!
Now, another question. When I start radius with radiusd or
/usr/local/sbin/radiusd, I get a brief message reading configuration
file...; then, doing ps aux | grep radiusd
Hi,
Long wrote:
BTW - I have it configued in radiusd.conf to run under nobody:nobody.
Andrew
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Hey Andrew,
I'm sure you've checked it, but was there anything interesting in
King, Michael wrote:
I unzipped it, and ran
fakeroot dpkg-buildpackage -b -uc
It failed with:
checking how to run the C++ preprocessor... /lib/cpp
configure: error: C++ preprocessor /lib/cpp fails sanity check
See `config.log' for more details.
make: *** [stamp-build] Error 1
apt-get
Hi all,
I've install freeradius-1.1.3,use it with AP Aironet 1100 doing EAP-TLS
and works very well.
I still confuse about certificate, is all client certificate created
under 1 root ca, can be authenticated against freeradius that started
with different server certificate?
is it possible to
Are all the log files in /var/log/radius writable by the user you are running
radiusd as?
Configured to run as nobody:nobody. chmod -R nodody:nobody
/usr/local/var/log/radiusd allows me to run it as nobody now, but if I do
radiusd radlog the radlog still only contains the first line
My configuration is:
[poptop pptpd pppd][freeradius]-[Microsoft IAS][ADS]
pptpd is 1.3.3
pppd is 2.4.4
freeradius is 1.1.3
Clients go from internet, make auth via MS IAS, but accounting does
freeradius.
All seems good. Clients go OK. Auth and accounting seems OK too.
But, I have
Hi list!
We have an internal LAN with several VLANs, each corresponding the the
unix group of the users. This VLAN information is stored in OpenLDAP
(via radiusprofiledn), and that works :-)
But we want to give our users the possibility to get into a special
VLAN, in particular one which
kemas wrote:
Hi all,
I've install freeradius-1.1.3,use it with AP Aironet 1100 doing EAP-TLS
and works very well.
I still confuse about certificate, is all client certificate created
under 1 root ca, can be authenticated against freeradius that started
with different server certificate?
2. Radius does not understand some attributes from client.
a) Jan 14 12:37:14 shata pppd[25046]: rc_avpair_gen: received
unknown attribute 25 of length 30:
0x333B0427013700010A1701C735C490B2116B014C
b) Jan 11 22:29:02 shata pppd[19185]: RADIUS: wrong service
type 4 for
Marxy wrote:
1. Accounting of Calling-station-id returns only first 4 characters of
user's IP address.
If that's what the RADIUS client is sending, then the only solution is
to fix the client so it sends the correct information.
2. Radius does not understand some attributes from client.
a)
El mar, 07-11-2006 a las 18:29 -0500, Alan DeKok escribió:
Angel L. Mateo [EMAIL PROTECTED] wrote:
But now I want to send all the logs for requests from a group of
clients (defined as a huntgroup) to the same files, and the request for
all other clients as now (classified with the IP
Haas Florian wrote:
The tricky part is that XP's
supplicant, which supplies the username as DOMAIN\\Username while a user is
logged on, supplies a username in the form of host/computername.my.domain
otherwise -- this corresponds to the servicePrincipalName attribute on the
machine's object in
It seems no mistakes in dictionary file. It is standard one from RH
distribution.
BTW, freeradius use $INCLUDE, not INCLUDE as you advised.
With INCLUDE you will see something like
--
Wed Jan 17 14:48:41 2007 : Error: Errors reading dictionary: dict_init:
Alan DeKok-4 wrote:
Marxy wrote:
1. Accounting of Calling-station-id returns only first 4 characters of
user's IP address.
If that's what the RADIUS client is sending, then the only solution is
to fix the client so it sends the correct information.
My radius client is standard
Hi, i have one question:
Why when i try auth. by laptop-wifi over linksys then it's send that
request:
rad_recv: Access-Request packet from host 192.168.1.245:3072, id=0,
length=119
User-Name = rka
NAS-IP-Address = 192.168.1.245
Called-Station-Id = 001217694588
It seems no mistakes in dictionary file. It is standard one
from RH distribution. BTW, freeradius use $INCLUDE, not
INCLUDE as you advised. With INCLUDE you will see something like
--
Wed Jan 17 14:48:41 2007 : Error: Errors reading dictionary:
dict_init:
-Message d'origine-
De :
[EMAIL PROTECTED]
radius.org
[mailto:[EMAIL PROTECTED]
sts.freeradius.org] De la part de Marxy
Envoyé : mercredi 17 janvier 2007 14:39
À : freeradius-users@lists.freeradius.org
Objet : Re: A couple of questions PoPToP+FreeRadius+IAS
Alan
Rafał Kamiński wrote:
Why when i try auth. by laptop-wifi over linksys then it's send that
request:
...
Request without User-Password - and that is problem with auth.
The authentication method is called EAP. It's the way wireless is
supposed to work. See eap.conf.
Alan DeKok.
--
Hi, i have one question:
Why when i try auth. by laptop-wifi over linksys then it's send that
request:
rad_recv: Access-Request packet from host 192.168.1.245:3072,
id=0, length=119
User-Name = rka
NAS-IP-Address = 192.168.1.245
Called-Station-Id =
Thibault LE MEUR wrote:
The client doesn't understand the response of the server. Again,
the only solution is to fix the client.
Yes. You are quite right.
I add missing attributes to radiusclient dictionary file.
ATTRIBUTE MS-CHAP2-Response 25 string
ATTRIBUTE
Hi All,
Sorry team, but I still problem to authenticate a valid Administrator User
in 3Com Swithc, my question is anyone implemented this feature ?
I really don't know where to start the solution in freeradius
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi all,
Can someone share his experiance with me in getting freeradius work with
quintum CMS ?
goksie
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Alexandre,
I think you need RADIUS to return the Service-Type attribute as
Administrative for it to work.
-Vineet
Alexandre Soares wrote:
Hi All,
Sorry team, but I still problem to authenticate a valid Administrator
User in 3Com Swithc, my question is anyone implemented this
Hello.
Why not? There's a reason that the ntlm_auth configuration is
editable in the mschap module. Just edit it to do whatever you want.
If all else fails, replace ntlm_auth with a Perl script that looks at
the environment variables, and determines the proper arguments to use.
Ahem.
Hello,
This pertains to Feeradius 1.1.0.
I am having trouble setting up freeradius and Checkpoint's
Secureplatform Pro (SPLAT) firewall (which is a stripped down Linux) so
that administrators logging into the firewalls will be authenticated by
the freeradius server.
According to
Enright Patrick - penrig wrote:
I’m not sure if this is how you tell it to look in the group file and
not sure why I do not see this in the messages when I start freeradius….???
G'day Patrick,
You've defined the etc_group module but you also need to instantiate it.
Add etc_group to the
On Wed, 2007-01-17 at 13:36 +0100, Alan DeKok wrote:
kemas wrote:
Hi all,
I've install freeradius-1.1.3,use it with AP Aironet 1100 doing EAP-TLS
and works very well.
I still confuse about certificate, is all client certificate created
under 1 root ca, can be authenticated against
All,
When trying to use the radauth tool from nagios to monitor
freeradius, I get the following in the freeradius log:
Error: WARNING: Malformed RADIUS packet from host ... too long (length
18432 maximum 4096)
radtest seems to be ok. has anyone else experienced this or knows
what is wrong?
-
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mike wrote:
All,
When trying to use the radauth tool from nagios to monitor
freeradius, I get the following in the freeradius log:
Error: WARNING: Malformed RADIUS packet from host ... too long (length
18432 maximum 4096)
radtest seems to be ok. has anyone else experienced this or knows
what
Hi Alan,
Now everything works but the Active Directory authentication,Please see
the following output from $ Radiusd -X when a wireless client uses
administrator logon into the chillispot web logon page:
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:32772, id=0,
-Original Message-
apt-get install g++
Thank you. Apparently, this would be my first Debian box that didn't
have g++ out of the box. (I've built more than 10 following the same
cookbook that our office wrote)
I guess gcc and gpp weren't enough.
It built... Well it's building
On Wed, 17 Jan 2007, Mike wrote:
|-All,
|-When trying to use the radauth tool from nagios to monitor
|-freeradius, I get the following in the freeradius log:
|-
|-Error: WARNING: Malformed RADIUS packet from host ... too long (length
|-18432 maximum 4096)
|-
|-radtest seems to be ok. has anyone
On 17/01/2007, at 4:47 PM, Alan DeKok wrote:
James Lever wrote:
Wed Jan 17 08:00:11 2007 : Error: TLS_accept:error in SSLv3 read
client certificate A
That just means there's no client certificate.
Interesting given I'm only allowing EAP-TLS access to my wireless LAN
(or attempting
Enright Patrick - penrig wrote:
When I start the freeradius server with the –AX switches I really don’t
see it reading the following that I set up in the radiusd.conf file:
passwd etc_group {
filename = /etc/freeradius/group
format = =Group-Name:::*,User-Name
You can't
Mike wrote:
All,
When trying to use the radauth tool from nagios to monitor
freeradius, I get the following in the freeradius log:
Error: WARNING: Malformed RADIUS packet from host ... too long (length
18432 maximum 4096)
radtest seems to be ok. has anyone else experienced this or
John Wan wrote:
Hi Alan,
Now everything works but the Active Directory authentication,Please see
the following output from $ Radiusd -X when a wireless client uses
administrator logon into the chillispot web logon page:
Ready to process requests.
rad_recv: Access-Request packet from
41 matches
Mail list logo