Hi!
The secret key between nas and radius1 is right.
In debug mode I receive a clear password:
Sending Access-Request of id 0 to radius2 port 1645
User-Password = estestA243
...
This does not mean you receive a cleartext password, it only means that
the shared secret between
Hi all,
I'm setting up module fail-over for mysql backend following the guide from the
wiki, but something goes wrong.
I included two sql.conf (mysql1.conf and mysql2.conf) in the modules section
and radiusd -X reports the two files are included, but I only see the
parameters from the first
Here is my radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config:
Hi all,
further investigations show that it's a name resolution problem (if I put IP
addresses in mysql1.conf and mysql2.conf everything works fine).
So it doesn't seem to be a FR problem.
Regards,
Francesco Cristofori.
-Messaggio originale-
Da:
[EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
..
rad_check_password: Found Auth-Type LDAP1
Why did you set that? It's breaking EAP.
Read eap.conf. DO NOT SET AUTH-TYPE.
This comes up so often on the list, and it's documented in so many
places, that I'm don't understand why people still run into it.
Hi Alan,
I did try to remove the Auth-Type in users file i.e.
DEFAULT Realm == "ocesb.com.my", Autz-Type := LDAP1
However, it is still not working. Below is the debug message.
modcall[authorize]: module "ldap_1x" returns ok for request 4
modcall: group Autz-Type returns ok for request 4
I've take a look at your radius.conf.
I can only say that i have a Radius+LDAP+EAP-ttls (pap)
configuratio working in authorize section
ldap is uncommnet in authenticate section
Auth-Type LDAP {
ldap
} is uncommented, i have no ldap_1x modules enabled.
this way it works with crypt (md5)
Hi,
I'm a bit confuse now. Can you explain in more detail about your
finding?
Very thank for your patient.
Arjuna Scagnetto wrote:
I've take
a look at your radius.conf.
I can only say that i have a Radius+LDAP+EAP-ttls (pap)
configuratio working in authorize section
ldap is
Hello,
i would to deploy a freeradius system with dynamic vlan assignment in a
wireless LAN.
Ths SSID must be unique and the VLAN must be assigned via auth-type or
username.
The authentication is EAP and the users are in the users file.
How can to pass a radius attributes, like auth-type, to my
Vincenzo Agosti wrote:
How can to pass a radius attributes, like auth-type, to my wireless switch?
You don't pass Auth-Type to the switch. Forget it exists, nearly
everyone gets it wrong.
The attributes you pass to the switch are the ones listed in the
switch documentation.
The
Hi Alan,
After try to remove the Auth-Type in users and let radius auto detect
the method, also add in another 3 new attribute in ldif, below is the
different message I get. Can you please have a look? Thanks.
modcall[authorize]: module "ldap_1x" returns ok for request 4
modcall: group
Dear Alan,
Finally, I manage to get TTLS with PAP work by just change the config
in radius.conf:
authorize{
ldap_1x
}
authenticate {
Auth-Type LDAP {
ldap_1x
}
}
However, I do notice radius only insert the login record in radpostauth
but no record in radacct. If I'm using EAP-MD5
Let's try like Yoda:
Auth-Type set you do not
Ivan Kalik
Kalik Informatika ISP
Dana 3/7/2007, [EMAIL PROTECTED] [EMAIL PROTECTED] piše:
Hi Alan,
After try to remove the Auth-Type in users and let radius auto detect
the method, also add in another 3 new attribute in ldif, below
Hello!
I am developing a custom module for Debian 4.0 with preinstalled FreeRADIUS
1.1.3,
but if I build and install my module I get a segmentation fault.
Is there a way to build a custom module, and use it with a preinstalled
FreeRADIUS?
Thank you.
Best regards,
Baki
-
List
[EMAIL PROTECTED] wrote:
...
However, I do notice radius only insert the login record in radpostauth
but no record in radacct. If I'm using EAP-MD5 with L2 switch as NAS, a
login record will be there. What make this happen?
It's in the FAQ. The NAS isn't sending accounting packets.
Alan
[EMAIL PROTECTED] wrote:
Hello!
I am developing a custom module for Debian 4.0 with preinstalled FreeRADIUS
1.1.3,
but if I build and install my module I get a segmentation fault.
Is there a way to build a custom module, and use it with a preinstalled
FreeRADIUS?
Make sure you use the
Alan DeKok wrote:
Tom De Wispelaere wrote:
we are using freeradius (with mysql backend) in an isp environment for
authentication and accounting of adsl modems.
Some of these modems are misconfigured with a wrong password and try
to authenticate every 5 secs or so, so i was wondering if
Hello,
I am having a problem with Freeradius v1.1.6. We have one server
(running v1.0.1) which works as we want it to, but when trying to build
a new v1.1.6 server to act in the same way is proving to be difficult.
All our users are stored in a local DBM database and authentication is
either
Tom Griffin wrote:
...
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
...
rad_check_password: Found Auth-Type Local
Whoops. That looks to be a bug.
1.1.7 should be released this week, to fix that, and other issues.
Alan DeKok.
-
List
[EMAIL PROTECTED] said:
I am developing a custom module for Debian 4.0 with preinstalled
FreeRADIUS 1.1.3,
Baki - unless you have some utterly compelling reason to be working on the
Debian distro version, you really should upgrade to at least 1.1.7.
Depending on your schedule, you might even
On Tue 03 Jul 2007, Hugh Messenger wrote:
[EMAIL PROTECTED] said:
I am developing a custom module for Debian 4.0 with preinstalled
FreeRADIUS 1.1.3,
Baki - unless you have some utterly compelling reason to be working on the
Debian distro version, you really should upgrade to at least
Hugh, I am writing a module for a company, where the latest stable
Debian is used, so I have to use 1.1.3.
Baki
Hugh Messenger wrote:
[EMAIL PROTECTED] said:
I am developing a custom module for Debian 4.0 with preinstalled
FreeRADIUS 1.1.3,
Baki - unless you have some utterly
I am configuring a wireless network with EAP Authentication. I can
connect successfully with the following line in my users file.
testuser User-Password == testing
I would like to be able to authenticate with ANY password. I tried
using the != operand, but that causes an MS-CHAP incorrect
Back in April the following post was sent out and it is still not in CVS
as of July 2nd. Is it possible to get this checked in?
http://readlist.com/lists/lists.freeradius.org/freeradius-users/2/11069.
html
Here is a patch someone posted:
testuser Auth-Type:=Accept
will accept user with any password.
Ivan Kalik
Kalik Informatika ISP
Dana 3/7/2007, Adrienne Rau [EMAIL PROTECTED] piše:
I am configuring a wireless network with EAP Authentication. I can
connect successfully with the following line in my users file.
testuser
I'm using the latest and greatest 2.0.0 HEAD.
If I wrap an 'if' statement round something (in this case a query in
mysql_dialup.conf), any config items seem to get blown away.
So for instance:
authorize_reply_query = \
SELECT id, UserName, Attribute, Value, op \
FROM
What you're attempting to do is impossible because MS-CHAP is a mutual
authentication protocol. If the RADIUS server does not demonstrate
knowledge of the password to the supplicant, a well-behaved the
supplicant *should* refuse the connection.
(I also wouldn't be surprised if the RADIUS server
radius_xlat:
'/var/log/radius/radacct/client.IP.addr/auth-detail-20070703'
rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/var/log/radius/radacct/client.IP.addr/auth-detail-20070703
modcall[authorize]: module auth_log returns ok for request 9
NAS-Port = 122
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
modcall[authorize]: module preprocess returns ok for request 9
radius_xlat:
'/var/log/radius/radacct/client.IP.addr/auth-detail-20070703'
rlm_detail:
/var/log/radius
modcall: entering group authorize for request 9
modcall[authorize]: module preprocess returns ok for request 9
radius_xlat:
'/var/log/radius/radacct/client.IP.addr/auth-detail-20070703'
rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/var/log/radius
For those working with sqlippool, I made a quick script which will make
it easy for you to create the ip blocks in the radippool table. Might
be nice for new users if this was included in the scripts directory.
#!/bin/sh
# This script will output the necessary INSERT commands
# for the
Does FreeRadius (I have version 2.0.0-pre1) support PEAP(EAP-TLS)?? I want
to use certificates on both sides - client and server..
If so, what must I modify in eap.conf file?? Currently I'm using
PEAP(EAP-MSCHAPv2) it work fine..
I can post my eap.conf file when someone interested..
-
List
On Jul 3, 2007, at 07:25, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hello!
I am developing a custom module for Debian 4.0 with preinstalled
FreeRADIUS 1.1.3,
but if I build and install my module I get a segmentation fault.
Is there a way to build a custom module, and use it with a
Dear Alan,
I try 2 different type of wireless NASs but still didn't insert the
record into table. Is that mean the wireless NAS by default do not send
accounting info or do not have this kind of function?
Regards
Alan DeKok wrote:
[EMAIL PROTECTED] wrote:
...
However, I do
Hugh Messenger wrote:
flame
I'm just wondering why some of the major Linux releases are still shipping
1.1.3.
There are versions of redhat that still use 1.0.4.
The problem is that when you sell a distribution, the customers want
support for N years. Software doesn't sit still, so they
[EMAIL PROTECTED] wrote:
I try 2 different type of wireless NASs but still didn't insert the
record into table. Is that mean the wireless NAS by default do not send
accounting info or do not have this kind of function?
Does the NAS documentation say it supports accounting?
Alan DeKok.
-
Hugh Messenger wrote:
I'm using the latest and greatest 2.0.0 HEAD.
If I wrap an 'if' statement round something (in this case a query in
mysql_dialup.conf), any config items seem to get blown away.
You can't. if is a processing directive that is valid only when
packets are being
Miłosz Modrzewski wrote:
Does FreeRadius (I have version 2.0.0-pre1) support PEAP(EAP-TLS)??
It doesn't support PEAP + EAP-TLS.
As always, patches are welcome.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Roy Walker wrote:
For those working with sqlippool, I made a quick script which will make
it easy for you to create the ip blocks in the radippool table. Might
be nice for new users if this was included in the scripts directory.
Thanks. Please post it again, with a GPL license header in
39 matches
Mail list logo
