If the RADIUS User-Name were prefixed with a string to indicate its preferred
EAP type for authentication, could the hints file be used to force first that
EAP authentication be used, and then that the indicated EAP type be used? This
would be desirable to minimize response time. If so, how woul
Hi,
is there a solution to configure different authentication for
different clients?
For example:
All authentication coming from NAS use this configuration
for LDAP:
base_filter = "abc"
>From NAS use:
base_filter = "cbd"
Regards,
--
( ) .:. Maikon R Graeff
/ \ .:. GoogleTalk maikong
Installed and configured FreeRADIUS and fired it up:
(lines prefixed v are server messages, lines prefixed ^ are client messages)
[EMAIL PROTECTED] ~]# radiusd -x
v Starting - reading configuration files ...
v Module: Loaded exec
v rlm_exec: Wait=yes but no output defined. Did you mean output=none
Hi Danny,
Let me correct just some things... can you confirm ?
> After a lot of help from Thibault I was able to connect from xp client.
>
> the causes for the problem was :
>
> 1.missing raddattr plug-in to option.pptpd
> raddattr.so # after radius.so
>
> 2.un update dictionary (Microsof
Server is giving access-accept because you have correct user and correct
password. But for connection to work you need more parameters.
Ivan Kalik
Kalik Informatika ISP
Dana 31/5/2007, "shantanu choudhary" <[EMAIL PROTECTED]> piše:
>this is the user file, i dont think there is any spelling mist
This is the same one as before. Where is the one that gives parsing error?
Ivan Kalik
Kalik Informatika ISP
Dana 31/5/2007, "shantanu choudhary" <[EMAIL PROTECTED]> piše:
>this is the user file, i dont think there is any spelling mistake or else why
>server is giving access accept? is it probl
Associated is only the first stage. You then need to get authenticated,
authorized ...
Ivan Kalik
Kalik Informatiaka ISP
Dana 31/5/2007, "shantanu choudhary" <[EMAIL PROTECTED]> piše:
>what is final state or message of this authentication?
>is it associated or authenticated??
>regards
>shantanu
this is the user file, i dont think there is any spelling mistake or else why
server is giving access accept? is it problem with AP?
#Please read the documentation file ../doc/processing_users_file,
#or 'man 5 users' (after installing the server) for more information.
#
#As of 1.1.4,
what is final state or message of this authentication?
is it associated or authenticated??
regards
shantanu
-
Heres a new way to find what you're looking for - Yahoo! Answers -
List info/subscribe/unsubscribe? See http://www.freeradius
There is a spelling mistake somewhere. Post that users file again. If you
are using DHCP you don't need IP address and netmask. Just return the
service type.
Those parameters are to tell NAS how to make this connection and what
type of user is it, what services can he use etc.
Ivan Kalik
Kalik In
Hello,
I need to proxy AA request from some users. Therfore, the proxy is based
on the string "[EMAIL PROTECTED]", and non only on the realm...
Do you have any suggestion in order to configure such feature?
Thank you and regards
Tullio Loffredo
-
we tried to use service type, framed protocol, framed ip address(what are they
used for???), framed ipnetmask but after making those changes, my server was
unable to startup giving an error relate to some parsiing failure.
can u tell me what should i add, and is it not supposed to work and i ge
I think that problem is that supplicant expects IP adress, netmask etc.
in the accept packet. Witout those it cant configure the connection.
Return appropriate parameters and connection should be established.
Ivan Kalik
Kalik Informatika ISP
Dana 31/5/2007, "shantanu choudhary" <[EMAIL PROTECTED
we have restarted that server with this user file,
one question i want to ask, what address is the client requesting for which it
is failing, where do u thik the problem is?
regards
shantanu
[EMAIL PROTECTED] wrote: Sorry, didn't see the atach. Have you restarted the
server since
changing user
OK, change you testuser entry to:
steve Cleartext-Password := "whatever"
Service-Type = Framed-User,
Framed-IP-Address = 192.168.2.132,
Framed-IP-Netmask = 255.255.255.255,
Framed-MTU = 1438
Ivan Kalik
Kalik Informatika ISP
Dana 31/5/2007, "shantanu choudhary"
Sorry, didn't see the atach. Have you restarted the server since
changing user config? That DEFAULT entry for Framed-User should also
match.
Ivan Kalik
Kalik Informatika ISP
Dana 31/5/2007, "shantanu choudhary" <[EMAIL PROTECTED]> piše:
>this is server side output
>
>rad_recv: Access-Reques
You haven't posted your users file.
Ivan Kalik
Kalik Informatika ISP
Dana 31/5/2007, "shantanu choudhary" <[EMAIL PROTECTED]> piše:
>this is server side output
>
>rad_recv: Access-Request packet from host 192.168.2.182:1027, id=4, length=177
>Message-Authenticator = 0x758e436fc2b176
accounting section of
radiusd.conf
2007-05-31 06:18:14.884837500 +- entering group accounting
2007-05-31 06:18:14.884839500 radius_xlat:
'/var/log/freeradius/radacct//detail-20070531'
2007-05-31 06:18:14.884860500 rlm_detail:
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%
this is server side output
rad_recv: Access-Request packet from host 192.168.2.182:1027, id=4, length=177
Message-Authenticator = 0x758e436fc2b17672ad389e0ffeca2982
Service-Type = Framed-User
User-Name = "testuser"
Framed-MTU = 1488
Called-Station-Id = "
Client output isn't showing Access-Accept packet content. Post radiusd
-X output and your users file.
Ivan Kalik
Kalik Informatika ISP
Dana 31/5/2007, "shantanu choudhary" <[EMAIL PROTECTED]> piše:
>hello,
>this is my client side output:
>Authentication with 00:03:7f:09:60:a0 timed out.
>Added
20 matches
Mail list logo
