hi,
Wat is the purpose of having dictionary files in the Radius Client?
thank u.
-
Why delete messages? Unlimited storage is just a click away.-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dear All,
is there any way to limit the access for ADSL user to be from a specific
ATM port? I have an ATM DSLM and want to proxy the request to a specific
ISP, depending on some attribute, and need a help to do know the
attributes which i can use to do that? i did that for the dial up users
Ashraf Al-Basti wrote:
Dear All,
is there any way to limit the access for ADSL user to be from a specific
ATM port? I have an ATM DSLM and want to proxy the request to a specific
ISP, depending on some attribute, and need a help to do know the
attributes which i can use to do that? i did
***
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***-***
Good afternoon:
We are trying to install a server with Red Hat Enterprise Linux v.4 with a
FreeRadius v1.0.1-3. The topology has an Enterasys AP which authenticates users
Hello,
rad_recv: Access-Request packet from host 172.24.230.15:3324, id=10,
length=113 NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name =
Calling-Station-Id = 00118865b6e5
***
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***-***
Good morning:
Thank you for your quick answer Stefan. Just one more question: Who is the
supplicant? The AP or the PC client?
On the PC Client (WinXP) we have always
Hi,
Thank you for your quick answer Stefan. Just one more question: Who is the
supplicant? The AP or the PC client? On the PC Client (WinXP) we have
always entered a login and password.
The supplicant is the PC client. That's odd. If you really have entered a
username on the supplicant, the
***
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***-***
Hello, Stefan:
About the supplicant, we are using just Windows XP. We have tried with several
wireless card (enterasys one, integrated Intel Centrino 2200b/g...). I have
Hi,
About the supplicant, we are using just Windows XP. We have tried with
several wireless card (enterasys one, integrated Intel Centrino
2200b/g...). I have may not understood the supplicant meaning, tell me
then, please. I thought it could be a problem related to the way the
freeradius
***
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***-***
Hi:
Thank you, Stefan. We are going to revise the client configuration.
Carlos Jimenez Barranco
- Área de Postventa
Telf. +34 933034139
www.impala-net.com
Sistemas
***
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***-***
Hello, Stefan:
As you told us, the supplicant was sending an empty username. We had to
introduce manually the username and password because wireless card was not
taking
On Wed, 2007-07-11 at 08:33 +0200, Alan DeKok wrote:
Stefan Winter wrote:
It is actually quite important. If you are in a roaming scenario where your
EAP session goes to your home ISP, it makes no sense to tie the posture
information into the EAP session - it's the *access network* at the
What EAP method are you using? PEAP? Can you post the radiusd -X output.
Ivan Kalik
Kalik Informatika ISP
Dana 12/7/2007, Carlos Jimenez Barranco [EMAIL PROTECTED]
piše:
***
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***-***
I'm happy that Cisco is following that line of thinking in their NAC
solution,
by offering a web-based or downloadable client *after* the EAP session if
That has its own problems. If post-auth NAC is done with some kind of
web download, you are then educating users to expect and trust code
***
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***-***
Yes, it is PEAP.
Here is the debug:
rad_recv: Access-Request packet from host 172.24.230.15:1274, id=118, length=156
NAS-IP-Address = 172.24.230.15
***
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***-***
Hello again:
We have found that when we configure supplicant as OPEN authentication method,
it Works right, but not when we configure it as WPA (authenticating versus
Hi,
okay, now that the User-Name thing is fixed, another problem with your config
shows up. The ntlm_auth line is way too short! Therefore, the key can't be
retrieved.
Is there maybe a line wrap in radiusd.conf, line ntlm_auth = ... or
something? The shipped ntlm_auth line works by default!
Hi,
err, hello. have a look at your debug logs.
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for host/PC-BARCMM2.it.local with
NT-Password
radius_xlat:
It's another topic that I'm overall sceptical of NAC, IMO a network should
only reactively shut a client down *after* it did something wrong, not
proactively sniff around the local environment and lock it away at once. But
NAC is here to stay I guess. :-(
Presumed innocent is a
Hi,
I think many roaming scenarios (e.g. eduroam federation) could probably
get by usefully on that.
Access-Accept
Endpoint-Posture = os:vendor=Microsoft
Endpoint-Posture = os:product=Windows XP
Endpoint-Posture = os:patchage=91230
Endpoint-Posture =
Hi,
One thing that seldom gets talked about is the absence of TPM on many
systems - making it reasonably trivial for 1st gen TNC-based clients to
submit forged responses. This can only be handled at the administrative
level e.g. formal disciplinary for any staff found running TNCFaker or
***
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***-***
Hello, Stefan:
We have entered this data in radiusd.conf:
# Be VERY careful when editing the following line!
#
#ntlm_auth =
Hi,
Right, but machines on a residential network are generally going to be
personal machines, I for one would protest greatly if I was forced to
install an AV solution just to use the network in my halls of residence.
our terms and conditions state that an AV solution must be installed
on
Hi,
Maybe, the intro after every line is not correct, so we have changed it for:
ntlm_auth = /usr/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-Domain}
--username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}
did you restart the
We have entered this data in radiusd.conf:
# Be VERY careful when editing the following line!
#
#ntlm_auth = /path/to/ntlm_auth --request-nt-key
--username=%{Stripped-User-Name:-%{User-Name:-None}}
--challenge=%{mschap:Challenge:-00}
To be able to communicate with the server. If you don't know the words
it's hard to speak or understand the langusge.
Ivan Kalik
Kalik Informatika ISP
Dana 12/7/2007, Diana Robert [EMAIL PROTECTED] piše:
hi,
Wat is the purpose of having dictionary files in the Radius Client?
thank u.
***
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***-***
Hello:
We have restarted the radius service.
This is the output of the debug:
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config:
***
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***-***
Hello, Stefan:
Thank you for your help.
You are in reason: I need a good book of Unix command-line tools. :)
For the moment, I left all in just one line.
Carlos Jimenez
Hi,
you are CHANING more than ONE thing at a time. look at this:
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/ttls
rlm_eap: No such EAP type ttls
rlm_eap: Failed in EAP select
modcall[authenticate]: module eap returns
domain user credentials
read the config comments carefully and the howtos on the wiki and can fix it.
==
Benjamin K. Eshun
- Message d'origine
De : Carlos Jimenez Barranco [EMAIL PROTECTED]
À : FreeRadius users mailing list
On 11/07/07, Alan DeKok [EMAIL PROTECTED] wrote:
Thomas Dagonnier wrote:
Would you agree to close that part of the discussion ?
Fine.
sorry, this was a late email and I forgot important details like had in
mind with additionnal (NAC) features and the for windows is implied
by the
[EMAIL PROTECTED] wrote:
Hi,
Right, but machines on a residential network are generally going to be
personal machines, I for one would protest greatly if I was forced to
install an AV solution just to use the network in my halls of residence.
our terms and conditions state that
Lets get few things straight:
Enterasys is your AP, not your wireless card?
What supplicant are you using on your PC to connect: Windows XP
supplicant, supplicant provided by the manufacturer of PC's wireless
card or something else? Supplicant is the program you are using to make
the wireless
hi !
I'd like to set up an authentication system (for wireless clients) based on
freeradius.
I'm using a DC windows 2003 with Active Directory to manage my users and
groups... i know ... its bd :-) but i don't have the choice !
I have built a linux server (fedora core 5), with freeradius,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
julien blanc wrote:
My problem is here. I don't know how to use certificates in the
freeradius directory:
root.pem, root.p12, root.der
cert-clt.pem, cert-clt.p12, cert-clt.der
cert-srv.pem, cert-srv.p12, cert-srv.der
any advice ... suggestions
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robert E. Toense wrote:
I am attempting to setup EAP-PEAP authentication via FreeRadius and a
Windows-based LDAP backend. The users accounts are in AD. After making
it past a number of obstacles, I am communicating with the LDAP server,
but
Robert E. Toense wrote:
This may be on the fringes of the scope of this group, but any pointers
would be appreciated.
I am attempting to setup EAP-PEAP authentication via FreeRadius and a
Windows-based LDAP backend. The users accounts are in AD. After making
it past a number of
On Thu, 2007-07-12 at 12:46 +0100, Arran Cudbard-Bell wrote:
It's another topic that I'm overall sceptical of NAC, IMO a network should
only reactively shut a client down *after* it did something wrong, not
proactively sniff around the local environment and lock it away at once.
But
It's a thorny problem no doubt. It'll be a few years before we start to
see working, interoperable systems I think.
yep and you still get undone by those systems which dont run a standard
OS and use the network squeezebox, PS3, xbox/xbox360, Wii/gamecube,
slingbox, polycom
Phil Mayers wrote:
On Thu, 2007-07-12 at 12:46 +0100, Arran Cudbard-Bell wrote:
It's another topic that I'm overall sceptical of NAC, IMO a network should
only reactively shut a client down *after* it did something wrong, not
proactively sniff around the local environment and lock it
Alan DeKok said:
Robert E. Toense wrote:
Yes, I could use ntlm_auth and probably get it working, but this is
supposed to be LDAP-based, not SAMBA. The LDAP could move to a
different environment. Use of standards is important to us.
Robert ... unfortunately, Microsoft doesn't take standards
Has anyone ever come across a RADIUS test client which supports MSCHAP?
Remote working is a wonderful thing, but it does mean I'm several hundred
miles from my nearest NAS and wireless client. This obviously makes certain
aspects of RADIUS testing a bit tricky.
-- hugh
-
List
Hello,
I am trying to install freeradius 1.1.6 on AIX 5.3 with gcc 4.1.1.
If I follow the basic instructions it seems to compile and install.
However, trying to run radiusd with any options results in
a coredump.
Has anyone managed to install a recent freeradius release on AIX 5.3?
What
On Thu, 2007-07-12 at 11:46 -0500, Hugh Messenger wrote:
Has anyone ever come across a RADIUS test client which supports
MSCHAP?
If you mean plain MS-CHAP, you can do it with radclient. Since, with
plain MS-CHAP, the NAS generates the challenge and sends it to the
radius server with the
Hillel Seltzer wrote:
I am trying to install freeradius 1.1.6 on AIX 5.3 with gcc 4.1.1.
If I follow the basic instructions it seems to compile and install.
However, trying to run radiusd with any options results in
a coredump.
See doc/bugs.
Or, build it with ./configure
JRadius simulator will do MSCHAPv2 very well...
http://jradius.org/wiki/index.php/JRadiusSimulator
On 7/12/07, Hugh Messenger [EMAIL PROTECTED] wrote:
Phil Mayers said:
On Thu, 2007-07-12 at 11:46 -0500, Hugh Messenger wrote:
Has anyone ever come across a RADIUS test client which
Hi all.
I'm new with freeradius. I'd like some help to configure my Radius server,
in order to acomplish the following task:
I have a radius server, called R. This radius authenticates users wha want
to access our lab equipments, called A, B, C, D and etc.
I want to restrict access to these
You can use huntgroups:
nasA NAS-IP-Address == aaa.aaa.aaa.aaa
User-Name = jane,
User-Name = peter
nasB NAS-IP-Address == bbb.bbb.bbb.bbb
User-Name = john,
User-Name = peter
nasC NAS-IP-Address == ccc.ccc.ccc.ccc
User-Name = john,
On Thu, 12 Jul 2007 19:50:26 +0200, Alan DeKok wrote
Hillel Seltzer wrote:
I am trying to install freeradius 1.1.6 on AIX 5.3 with gcc 4.1.1.
If I follow the basic instructions it seems to compile and install.
However, trying to run radiusd with any options results in
a coredump.
See
On Thu, 12 Jul 2007 19:50:26 +0200, Alan DeKok wrote
Or, build it with ./configure --disable-shared. That might help.
I tried building with ./configure --disable-shared, and
the make process hits an error with undefined symbols:
gcc .libs/radiusdS.o -pie -static -o radiusd acct.o auth.o
I need to apply it according to this document
http://www.netexpertise.eu/en/FreeRadius/DailyAcct.html
Could someone reply with simple yes/no answers? I am going to do it on a
life server. Please.
1. Can I issue mysql queries while radius is running?
2. Can I issue PROCEDURE queries at
Irina said
I need to apply it according to this document
http://www.netexpertise.eu/en/FreeRadius/DailyAcct.html
Could someone reply with simple yes/no answers? I am going to do it on a
life server. Please.
Firstly, I strongly recommend you set up a test copy of FR with its own test
Thank you very much for your clarifications. I will think how to set up a
test environment.
Thanks again.
Irina
==
- Original Message -
From: Hugh Messenger [EMAIL PROTECTED]
To: 'FreeRadius users mailing list'
freeradius-users@lists.freeradius.org
Sent: Thursday, July 12,
On Thu 12 Jul 2007, Irina wrote:
I need to apply it according to this document
http://www.netexpertise.eu/en/FreeRadius/DailyAcct.html
Hi Irina
Please note that that document describes several things that you can do,
including ONE way to fix your problem. There is and easier and more
Hi all,
The script which is invoked by Exec-Program-Wait attribute produces
the output similar to the following:
Reply-Message=c5|c3|c14|, Reply-Message=ci5|c14|, Reply-Message=done
So I expect to see three Replay-Message attributes in the
ACCESS-ACCEPT message. According to the FreeRadius docs
There is and easier and more correct
way to fix your problem simply by fixing the mysql query to work the same
way the existing postgresql query does. The next version of FreeRADIUS
will have this _bug_ fixed.
So I presume all we need to do to the 1.1.x MySQL is the shift gigawords
left and
Thomas Dagonnier wrote:
yes, I noticed - but are you taking an active role there
or just supporting by helping with freeradius (as a reference,
std-based radius server) ?
I'm watching it. There's only so much time in a day.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Michael Alexeev wrote:
The script which is invoked by Exec-Program-Wait attribute produces
the output similar to the following:
Reply-Message=c5|c3|c14|, Reply-Message=ci5|c14|, Reply-Message=done
That is *not* the normal format for attributes. See man users.
So I expect to see three
On Fri 13 Jul 2007, Hugh Messenger wrote:
There is and easier and more correct
way to fix your problem simply by fixing the mysql query to work the
same way the existing postgresql query does. The next version of
FreeRADIUS will have this _bug_ fixed.
So I presume all we need to do to
59 matches
Mail list logo