Hi
On 19/07/07, Cliff Cole <[EMAIL PROTECTED]> wrote:
> Hello all.
>
> Here is my issue. This is very weird and would only affect one NAS.
> I'm not sure freeradius is capable of this. I want a username that
> comes in to check for an @domainname. If the domainname is there I
> want it to be st
Hi,
I was trying to configure EAP with TLS/TTlS. After enabling TLS/TTLS in "
eap.conf", I tried sending an Radius Access-Request with EAP-Identitye
response. The Server is crashing becoz of segmentation fault. The debug lod
from the server is given below.
---
Hi Walter,
We fixed the freeradius so that the WiMAX VSA may be downloaded to the
ASNGW after
EAP completion. We have not enhanced freeradius to be AAA server in a
WiMAX network.
We download the MSK from freeradius to our ASNGW. Based on the downloaded
MSK
our ASNGW generates the AK context and
Hi Nitin,
Question on your planned contribution to FreeRADIUS: Does your module
support the key generation algorithms for the WiMAX mobility keys?
Specifically, is your module able to correctly generate the
MN-HA-MIP4-KEY and related key material from the EMSK derived as part
of the EAP exchange?
Hello All,
Hi I am Nitin Naveen working with HUGHES SYSTIQUE. We have been working to
enhance freeradius to support WiMAX VSA (as per WiMAX NWG forum). WiMAX
VSA are not the typical type-length-value rather they have
type-length-controlinfo-value.
We have enhanced the dictionary but we were not a
I finally thought to look in the changelog
http://www.mikrotik.com/download/CHANGELOG_beta
> What's new in 3.0beta10:
[blah blah]
> *) added radius client to send Accounting-On packet on startup;
[blah]
-- hugh
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htm
http://www.nabble.com/MSCHAP-test-client--tf4069370.html
You don't need to do PEAP to test ntlm_auth, just MSCHAP.
Ivan Kalik
Kalik Informatika ISP
Dana 18/7/2007, "ken" <[EMAIL PROTECTED]> piše:
>Does anyone have actual examples of radclient (or other
>command-line tools) being used to test F
I have an idle routerboard waiting for a replacement wifi mini-pci. It
has routeros 2.9 but somehow I am not tempted to try the upgrade:
upgrade to 3beta & failed logins:
http://forum.mikrotik.com/viewtopic.php?f=3&t=17128
On liked topic things go from bad to worse - it seems that the wireless
pa
Hi,
> Presumably this involves PEAP/MSCHAPv2 I can't work out how to
> do it without using a Windows client and a wireless
> infrastructure we don't have yet. (or even if it is doable)
you dont need wireless to do such testing - there are plenty
of ethernet switches out there that do 802.1x and
Does anyone have actual examples of radclient (or other
command-line tools) being used to test Freeradius using Windows
Active Directory authentication via samba/ntlm_auth?
I'd like to be able to test Radius authentication for various
different categories of user on our Active Directory.
Presu
On Wed 18 Jul 2007, Hugh Messenger wrote:
> Peter Nixon quoth:
> > On Tue 17 Jul 2007, Hugh Messenger wrote:
> > > Can we add sqlippool to the ./modules/stable list?
> >
> > It is in the stable list for 2.0 but its up to Alan whether we put it in
> > for 1.1.7
>
> It's been pretty darn stable for m
[EMAIL PROTECTED] said:
> >, but if anyone on this list has a Beta 3 setup :-D
>
> Good old SETUP - missing or bug:
> http://forum.mikrotik.com/viewtopic.php?f=1&t=16963
OK, I'll rephrase that ... "if anyone on this list has a 3.0beta10 install
they can test with". :)
> Ivan Kalik
> Kalik Infor
>, but if anyone on this list has a Beta 3 setup :-D
Good old SETUP - missing or bug:
http://forum.mikrotik.com/viewtopic.php?f=1&t=16963
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Post the whole debug. I won't even pretend that I have a faintest idea
what are you trying to do:
- you have a supplicant doing EAP
- you have set Auth-Type Ldap in users file
- you have set Auth-Type Local in Ldap
In what possible way do you think that's going to work? Can you just
confirm what
I got a response from Mikrotik on this thread:
http://forum.mikrotik.com/viewtopic.php?f=1&t=17171
. saying that "I think that following attribute is added at 3.0beta10."
Unfortunately I don't have a spare Mtik at the moment I can test the v3 Beta
OS on. I have a new one on order, so I should b
Peter Nixon quoth:
> On Tue 17 Jul 2007, Hugh Messenger wrote:
> > Can we add sqlippool to the ./modules/stable list?
>
> It is in the stable list for 2.0 but its up to Alan whether we put it in
> for 1.1.7
It's been pretty darn stable for me in 1.1.6. And now we've gotten the
MySQL stuff whippe
Hello;
I implemented 802.1x on 3com 4500 switch but i receive an error on my
FreeRadius server:
rlm_ldap: - authorize
rlm_ldap: performing user authorization for aydin
radius_xlat: '(uid=aydin)'
radius_xlat: 'ou=Kullanicilar,dc=kocak,dc=org,dc=tr'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_l
Hello all.
Here is my issue. This is very weird and would only affect one NAS.
I'm not sure freeradius is capable of this. I want a username that
comes in to check for an @domainname. If the domainname is there I
want it to be stripped and added back later. If the domainname is not
there I'd l
> PEAP: Got tunneled identity of hwang
> PEAP: Setting default EAP type for tunneled EAP session.
> PEAP: Setting User-Name to hwang
> PEAP: Sending tunneled request
Your "real" username will be sent only inside the encrypted tunnel.
Many NASes will set identity outside the tunnel to "anonymou
Hi All,
Ok, after battling with OpenSER + FreeRadius digest authentication, I managed
to make it work correctly.
Now, i've decided to try moving to rlm_perl, and I was wondering if any of you
guys may have examples or
code/configuration snips of rlm_perl integration.
I've managed to work w
It's ok now, it works fine thank you all.
- Original Message
From: Arran Cudbard-Bell <[EMAIL PROTECTED]>
To: FreeRadius users mailing list
Sent: Wednesday, July 18, 2007 2:56:58 PM
Subject: Re: how to drop idle users
*sigh*
add it as a row not as a field :\
--
Arran Cudbard-Bell ([EM
On Tue 17 Jul 2007, Peter Nixon wrote:
> On Tue 17 Jul 2007, [EMAIL PROTECTED] wrote:
> > I don't think things like Mikrotik and Chillispot send such packets.
> > I've never seen one from our Mikrotik which is rebotted once every week
> > or two. I've never seen one from our Cisco either but that's
*sigh*
add it as a row not as a field :\
--
Arran Cudbard-Bell ([EMAIL PROTECTED])
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900
-
List info/subscribe/unsubscribe? See http://www.freeradiu
Ok,
I should really kick myself in the head for this one. First off, I would like
to thank you for your
assistance, sorry for being a little bit of a pest. Here is what happened:
1. I compiled OpenSER 1.2.1 with TLS support, while the IP phones that I used
don't support TLS,
this apparent
Perhaps you need to return some SIP attributes.
Ivan Kalik
Kalik Informatika ISP
Dana 18/7/2007, "FreeRadius-ML" <[EMAIL PROTECTED]> piše:
>Hi Alan,
>
> Ok, I managed to solve the dual request thingy, apparently that was caused
> by a config on
>the OpenSER server. All requests now are coming
Ok. May I ask where have you added Idle-Timeout if "radreply table is
still empty"? Idle-Timeout is an attribute that is added (in)to the
radreply table in the same way that you added password attribute (in)to
the radcheck table. Operator you should use is = and value is number of
seconds, lets say
I've added Idle-Timeout, but still tha table is empty. What should i do to make
radius use it?
Thanks.
- Original Message
From: Stefan Winter <[EMAIL PROTECTED]>
To: FreeRadius users mailing list
Sent: Wednesday, July 18, 2007 1:13:29 PM
Subject: Re: how to drop idle users
> Thank you
hi,
I am use freeradius1.1.6 . And It can work.
But there is a question: why freeradius recieve username=anonymous many
time? and than receive real username hwang??
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-
ChilliSpot supports Idle-Timeout.
Regards
Peter
On Wed 18 Jul 2007, vik wrote:
> In fact i am using chillispot running on the same PC along with apache and
> freeradius. So chillispot acts as dhcp and comunicates with the radius
> server ont tha same machine. Does it change anything.
>
> - O
> Thank you for your fast answer, but my radreply table is empty and there is
> no field Idle-Timeout.
*add* it to radreply.
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung & Entwicklung
6, rue Richard Coudenhove-Kale
In fact i am using chillispot running on the same PC along with apache and
freeradius. So chillispot acts as dhcp and comunicates with the radius server
ont tha same machine. Does it change anything.
- Original Message
From: Arran Cudbard-Bell <[EMAIL PROTECTED]>
To: FreeRadius users ma
vik wrote:
> Thank you for your fast answer, but my radreply table is empty and there is
> no field Idle-Timeout.
>
>
Idle-Timeout is a reply attribute
See
http://www.freeradius.org/rfc/rfc2865.html#Idle-Timeout
No guarantee your NAS will support it though.
--
Arran Cudbard-Bell ([EMAIL PR
liran tal wrote:
> This is usually done by the NAS IIRC.
> Simply set an Idle-Timeout attribute in radreply for the user and the NAS
> takes care of that.
>
>
Yep, otherwise you would need to write something outside FreeRADIUS
using something like radclient, to send disconnect packets to your NAS.
Thank you for your fast answer, but my radreply table is empty and there is no
field Idle-Timeout.
>This is usually done by the NAS IIRC.
>Simply set an Idle-Timeout attribute in radreply for the user and the NAS
>takes care of that.
>Regards,
>Liran.
On 7/18/07, vik wrote:
>>
>> Hi there,
This is usually done by the NAS IIRC.
Simply set an Idle-Timeout attribute in radreply for the user and the NAS
takes care of that.
Regards,
Liran.
On 7/18/07, vik <[EMAIL PROTECTED]> wrote:
Hi there,
I have this problem, i would like to have idle users disconnected. With
"idle" i mean users
Hi there,
I have this problem, i would like to have idle users disconnected. With "idle"
i mean users that have no activity with internet browsers. I'm not sure if
there are other apllications using the 80 port the users are still idle.
Thank you in advance.
__
Hi Alan,
Ok, I managed to solve the dual request thingy, apparently that was caused by
a config on
the OpenSER server. All requests now are coming out as:
rad_recv: Access-Request packet from host 192.168.2.80:34908, id=213, length=232
User-Name = "[EMAIL PROTECTED]"
Digest-At
Hi Alan,
Ok, I did as you instructed, and I admit that I appear to be getting
somewhere.
The debug log now shows the following:
SNIP -
rad_recv: Access-Request packet from host 192.168.2.80:33365, id=47, length=192
FreeRadius-ML wrote:
> Now, I'm basically re-learning everything, as the world of OpenSER +
> FreeRadius is a little new to me,
> and sometimes frustrates me. The amount of documentation in the configuration
> files is great, but the lack
> of updated examples is somewhat annoying. Even Asteris
Hi Alan,
First off, I'd like to apologize for my outburst, it's simply getting to be a
little too frustrating
to me. I've used FreeRadius in the past in conjunction with GnuGK and rlm_sql,
which was working flawlessly
for over 3 years time.
Now, I'm basically re-learning everything, as the
Hi Alan,
First off, I'd like to apologize for my outburst, it's simply getting to be a
little too frustrating
to me. I've used FreeRadius in the past in conjunction with GnuGK and rlm_sql,
which was working flawlessly
for over 3 years time.
Now, I'm basically re-learning everything, as the
Hi,
julien blanc wrote:
> hi !
>
> I'd like to set up an authentication system (for wireless clients) based
> on freeradius.
>
> I'm using a DC windows 2003 with Active Directory to manage my users and
> groups... i know ... its bd :-) but i don't have the choice !
>
> I have built a linux
42 matches
Mail list logo