Hi
On 19/07/07, Cliff Cole [EMAIL PROTECTED] wrote:
Hello all.
Here is my issue. This is very weird and would only affect one NAS.
I'm not sure freeradius is capable of this. I want a username that
comes in to check for an @domainname. If the domainname is there I
want it to be stripped
Hi all,
I am trying to configure free radius for some Cisco devices.
till now i am able to authenticate using the radius server and i am getting
into user level or privilege level depending on the attribute i am defining.
Now what i am looking for is authorization.
There is something called
On Thu 19 Jul 2007, ashish verma wrote:
Hi all,
I am trying to configure free radius for some Cisco devices.
till now i am able to authenticate using the radius server and i am
getting into user level or privilege level depending on the attribute i am
defining. Now what i am looking for is
I thought it was:
cisco-avpair = shell:priv-lvl=levelnumber
If not, we need to fix the wiki.
Cheers
Peter
On Thu 19 Jul 2007, [EMAIL PROTECTED] wrote:
Use proper format:
Cisco-AVPair = priv-lvl=levelnumber
Ivan Kalik
Kalik Informatika ISP
Dana 19/7/2007, ashish verma [EMAIL
Sorry, my mistake. It is shell:priv-lvl=levelnumber
Ivan Kalik
Kalik Informatika ISP
Dana 19/7/2007, Peter Nixon [EMAIL PROTECTED] piše:
I thought it was:
cisco-avpair = shell:priv-lvl=levelnumber
If not, we need to fix the wiki.
Cheers
Peter
On Thu 19 Jul 2007, [EMAIL PROTECTED] wrote:
Use proper format:
Cisco-AVPair = priv-lvl=levelnumber
Ivan Kalik
Kalik Informatika ISP
Dana 19/7/2007, ashish verma [EMAIL PROTECTED] piše:
Hi all,
I am trying to configure free radius for some Cisco devices.
till now i am able to authenticate using the radius server and i am getting
into
/pipermail/freeradius-users/attachments/20070719/d5a2969f/attachment-0001.html
--
Message: 2
Date: Thu, 19 Jul 2007 17:59:54 +1200
From: Pshem Kowalczyk [EMAIL PROTECTED]
Subject: Re: Quirky question about rewriting usernames
To: FreeRadius users mailing list
Hi,
I am trying to send an Access-Request with EAP-Identity response. The
Request was successful and Server sent an Access-Challenge in response (MD5
challenge), the response to this challenge is failing (receiving
Access-Reject from Server), the Error message was rlm_eap_md5:
User-Password is
Hi All,
is there a tutorial how to install mod_auth_radius on an apache 2.xx
server?
The howto on the freeradius webpage is a little bit deprecated i guess.
i get an error when starting the apache server after installing
mod_auth_radius:
# service httpd start
Starting httpd: httpd: Syntax
I am trying to send an Access-Request with EAP-Identity response. The
Request was successful and Server sent an Access-Challenge in response (MD5
challenge), the response to this challenge is failing (receiving
Access-Reject from Server), the Error message was rlm_eap_md5:
User-Password is
Thanks for the help Stefan.
On 7/19/07, Stefan Winter [EMAIL PROTECTED] wrote:
I am trying to send an Access-Request with EAP-Identity response. The
Request was successful and Server sent an Access-Challenge in response
(MD5
challenge), the response to this challenge is failing (receiving
Thanks for the reply. I'm new to free radius and have been
overwhelmed with documentation the past few days. Let me explain in
some logic and maybe I can make some sense as to what I'm trying to
do.
User authentication comes from NAS A
IF the username does not have @domain.com and NAS = NAS A
Hello FR users,
I am running FreeRadius 1.1.3 together with MySQL 5.0.27
I use huntgroups to allow access to specific devices only to certain users
belonging to a certain group (I use huntgroups since I didnt find a way
to do it via MySQL)
I have the following issue:
When for a longer period
Hi all,
I am new to the list and for RADIUS too so i might ask some repetitive
questions.
Here is my question:
Can we have level 2 (enable) authentication too with Radius server as we
have for level 1(user level)?
If yes, can someone provide me some documentation. I tried to search for it
but
Can we have level 2 (enable) authentication too with Radius server as we
have for level 1(user level)?
If you say enable I suspect you are talking about Cisco equipment? Then
enable is really level 15. And the following link was posted just MINUTES ago
on this list. Did you read the
enable is really level 15. And the following link was posted just MINUTES
ago on this list. Did you read the etiquette thing about read the mail
archives before asking??
Wait a minute. That link was sent in reply to YOUR question! Did you even read
it?
--
Stefan WINTER
Stiftung RESTENA -
Hi.
Martin G wrote:
Hello!
Im new to both this mailinglist and to novell/linux/ldap/freeradius but iv
tried my best to install a radius/ldap linuxserver to pass on
radius-requests from a Aruba-controller to our novell-server.
IPs:
Novell 10.10.0.11
Aruba 10.10.0.28
Linux
Hello;
I could solve my problem with change Auth-Type attribute to EAP in LDAP an
everything is ok.
Thank you for your relation.
Best Regards,
Aydin Kocak.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Yes. MySQL has wait_timeout set to 8 hours. See last option:
http://dev.mysql.com/doc/refman/5.0/en/instance-manager-command-options.html
Ivan Kalik
Kalik Informatika ISP
Dana 19/7/2007, [EMAIL PROTECTED] [EMAIL PROTECTED] piše:
Hello FR users,
I am running FreeRadius 1.1.3 together with
Thx for the reply!
Iv tried removing port and tls_mode from my radius.conf and hade
tls_start = yes set.
The tls_certfile and tls_keyfile is now commented away #.
I use the tls_certfile to /etc/freeradius/certs/WIFITREE_CA.b64
Id tried to use c_rehash . in that directory but the rehash dont
Sorry, when i tried to rehash my certificate, id changed its path, but now
its back and i got a new output from my ldapsearch-command:
ldapsearch -vvv -h 10.10.0.11 -x -Z -b ou
=adm,ou=malmo,o=wifi cn=lotta
ldap_initialize( ldap://10.10.0.11 )
ldap_start_tls: Connect error (-11)
Hm.
Martin G wrote:
Sorry, when i tried to rehash my certificate, id changed its path, but now
its back and i got a new output from my ldapsearch-command:
ldapsearch -vvv -h 10.10.0.11 -x -Z -b ou
=adm,ou=malmo,o=wifi cn=lotta
ldap_initialize( ldap://10.10.0.11 )
ldap_start_tls:
RHEL5/FreeRadius freeradius-1.1.3-1.2.el5/Fedora Directory server.
Scenario...
Currently trying to move all our dial up user entry's from users file to
ldap ( FDS )
and need to add an attribute in radius ldap schema which would contain
clear text password
of the dial in password for the dial
Subject of the novell-server-certificate is : O = WIFITREE
OU = Organizational CA
And thats no FQDN!?
(I exported it from the novell as an .der and extracted it to see the
subject, maby wrong way to do it? i havent exported the private key with
either the .b64 or the .der and that shouldnt
I'm trying to authenticate a linux client against a radius server. I've
implemented the radius server with freeradius and i've tested it with a
cisco client and it worked, but, unfortunately, i'm having seriuos problems
to authenticate the linux client using RadiusClient.
I'm running the server
Lisa Casey said:
I correct the error in the users file and get no more complaints
regarding
radiusd.conf
Why?
I've noticed this as well. I've always assumed it's a knock-on effect from
the error in the users file. Same way missing a quote or a semi colon in
something like perl can cause
Hi Stefan,
I read the document and thanks for giving the link, that was helpful.
Well I think i put my question in a wrong way.
Let me put it in a different way.
I dont want the user to go directly in priv mode.
through priv level = 15 we direclty get into priv level right.
what i am looking
You want a shell user to get to privilege mode without typing
enableand knowing enable password? I am quite certain that Cisco
spent many years making sure that's impossible. If you find a way to do
that you can blackmail them for a hell of a lot of money.
Ivan Kalik
Kalik Informatika ISP
Dana
Any idea how to type the FQDN !? :(
Well if this was your server:
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
FQDN would be: messenger.msn.click-url.com
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Once again. I am backwards on my wording, I am so sorry. This should
be correct.
IF the username does have @domain.com and NAS = NAS A
THEN continue with username as is
IF the username does not have @domain.com and NAS = NAS A
THEN append the @domain.com
I have been trying the hints file.
Hi ashish,
First of all, WHY you will need such a setup?
Afaik, cisco will send a request to radius for user '$enable15$' whenever someone tries to "enable".
Run freeradius in debug mode (radiusd -X) and then login as one of your users. Type "enable" and the cisco will
Iv found the following on the novellserver (CA-service):
Distinguished name: WIFITREE CA.Security
Host server: NW1.SYSTEM.WIFI
NW1 would be the servername and NW1.SYSTEM.WIFI the FQDN?
I added the info in all kinds of sorts in my hosts-file to the novell-ip on
the linux-server but still no
Hi,
You want a shell user to get to privilege mode without typing
enableand knowing enable password? I am quite certain that Cisco
spent many years making sure that's impossible. If you find a way to do
that you can blackmail them for a hell of a lot of money.
err, TACACS+ with priv_lvl 15
Use regular expressions:
http://wiki.freeradius.org/Operators
Check for @ or that it doesn't end with @domain.com or whatever you
fancy.
Ivan Kalik
Kalik Informatika ISP
Dana 19/7/2007, Cliff Cole [EMAIL PROTECTED] piše:
Once again. I am backwards on my wording, I am so sorry. This should
Hugh Messenger wrote:
It's been pretty darn stable for me in 1.1.6. And now we've gotten the
MySQL stuff whipped into shape and fixed a few other issues for 1.1.7, I'd
say it's ready for Prime Time.
Alan?
I have that Internet thing working again, so yes. Tomorrow looks good.
Alan
Nitin Naveen wrote:
Hi I am Nitin Naveen working with HUGHES SYSTIQUE. We have been working to
enhance freeradius to support WiMAX VSA (as per WiMAX NWG forum). WiMAX
VSA are not the typical type-length-value rather they have
type-length-controlinfo-value.
Yes..
We have enhanced the
Walter Goulet wrote:
Question on your planned contribution to FreeRADIUS: Does your module
support the key generation algorithms for the WiMAX mobility keys?
Specifically, is your module able to correctly generate the
MN-HA-MIP4-KEY and related key material from the EMSK derived as part
of
Govardhana K N wrote:
I was trying to configure EAP with TLS/TTlS. After enabling TLS/TTLS in
eap.conf, I tried sending an Radius Access-Request with EAP-Identitye
response. The Server is crashing becoz of segmentation fault. The debug
lod from the server is given below.
See doc/bugs
The
Rascher, Markus wrote:
# service httpd start
Starting httpd: httpd: Syntax error on line 205 of
/etc/httpd/conf/httpd.conf: Cannot load
/usr/lib/httpd/modules/mod_auth_radius-2.0.so into server:
/usr/lib/httpd/modules/mod_auth_radius-2.0.so: undefined symbol: ap_snprintf
There are patches
Aydın KOÇAK wrote:
Hello;
I could solve my problem with change Auth-Type attribute to EAP in LDAP an
everything is ok.
Don't do that.
If anyone is reading the archive of this list, don't do that.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Lisa Casey wrote:
But if I make changes to my users file (and accidently make a mistake), I
get errors regarding that of course when I restart radius, but I also get
errors regarding the radiusd.conf file.
No, those errors are saying radiusd.conf says to load the files
module, which says
Peter - a couple of things about the MySQL stuff:
1) I just noticed that the ./docs/examples/mysql.sql schema in the 2.0 HEAD
doesn't look right:
#
# Table structure for table 'radippool'
#
CREATE TABLE radippool (
idint(11) unsigned NOT NULL auto_increment,
pool_name
This may be a Fedora/Kerberos issue rather than a Freeradius issue, but...
Has anyone experienced radiusd -X segfaulting when using rlm_krb5?
This is under Fedora 7 (x86_64), with freeradius 1.1.6 and 2.0.0-pre1
built from source tarballs. (I am trying to migrate to this environment
from a
/freeradius-users/attachments/20070719/4c1e3a0e/attachment-0001.html
--
Message: 2
Date: Thu, 19 Jul 2007 18:13:00 +0100
From: [EMAIL PROTECTED]
Subject: Re: Second level authentication.
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
44 matches
Mail list logo