On Fri 20 Jul 2007, ashish verma wrote:
Hi Ivan,
What i meant is you type enable but the password you give should be
authenticated by RADIUS server not the enable password stored on the
device.
I am not sure whether it is possible or not. But just wanted to know from
the experts.
Are you
Hi.
Martin G wrote:
Subject of the novell-server-certificate is : O = WIFITREE
OU = Organizational CA
Well, that looks like the SubjectDN of your Novell CA certificate. You need
to put this CA certificate (no the pkcs#12/.p12 or the private key) in PEM
format into the file referenced by option
Martin G wrote:
Iv found the following on the novellserver (CA-service):
Distinguished name: WIFITREE CA.Security
Host server: NW1.SYSTEM.WIFI
Well this looks like the novell ldap server certifivate.
NW1 would be the servername and NW1.SYSTEM.WIFI the FQDN?
Yes.
I added the info in all
O/H Jóhann B. Guðmundsson έγραψε:
RHEL5/FreeRadius freeradius-1.1.3-1.2.el5/Fedora Directory server.
Scenario...
Currently trying to move all our dial up user entry's from users file to
ldap ( FDS )
and need to add an attribute in radius ldap schema which would contain
clear text
Dana 20/7/2007, ashish verma [EMAIL PROTECTED] piše:
av I dont want the user to go directly in priv mode.
av through priv level = 15 we direclty get into priv level right.
av what i am looking for is first the user get into user level and
av then with
av another
av password in level 2. (not with
Matt Garretson wrote:
The segfault is actually occurring in the Kerberos libraries, which
means that Freeradius might not be the issue, however the segfault
occurs only when radiusd is given -X or -sfxx options. I.e.
radiusd -sfx and radiusd work as expected, and do not segfault.
(One thing
Hello,
Attached patch contains four new attributes (3Com-Connect_Id,
3Com-NAS-Startup-Timestamp, 3Com-Ip-Host-Addr, 3Com-Product-ID) and one
new value (3Com-Visitor) available on 3c5500G switch.
Example output from radiusd -X:
3Com-Connect_Id = 1265
3Com-Product-ID =
Hello Peter,
Peter Nixon [Fri, Jul 13, 2007 at 02:40:09PM +0300]:
Just a quick tip to get you started as I have to head out and may not have a
chance to reply until tomorrow:
ALTER TABLE radacct ALTER acctinputoctets TYPE bigint;
and
ALTER TABLE radacct ADD XAscendSessionSvrKey
On Fri 20 Jul 2007, Nico -telmich- Schottelius wrote:
Hello Peter,
Peter Nixon [Fri, Jul 13, 2007 at 02:40:09PM +0300]:
Just a quick tip to get you started as I have to head out and may not
have a chance to reply until tomorrow:
ALTER TABLE radacct ALTER acctinputoctets TYPE bigint;
- Original Message -
From: [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Friday, July 20, 2007 4:07 AM
Subject: Re: Second level authentication..
Dana 20/7/2007, ashish verma [EMAIL PROTECTED] piše:
av I dont want the user to go
Hi,
I was able to enable EAP-TTLS in eap.conf file. After sending an
Access-Request with EAP-Identity response, using radeapaclient, an
Access-Challenge (with EAP-Type = 21) was received from the server.
Immediately after receivng the challenge the client is terminating.
What configuration
Hello Everybody,
We have several network equipments with radius athentication. We want to limit
the access to several administrators. We use a radius-proxy and a radius server
with a LDAP base.
For example :
We have two NAS : NAS1 and NAS2
Two groups of users USERS1 and USERS2 in the LDAP
http://www.freeradius.org/radiusd/man/radeapclient.txt
The EAP-MD5-Password attribute, if present is used to respond to an MD5
challenge.
No other EAP types are currently supported.
Ivan Kalik
Kalik Informatika ISP
Dana 20/7/2007, Govardhana K N [EMAIL PROTECTED] piše:
Hi,
I was able to
Hi,
Does it work if I use some other client which has EAP-TTLS support?
we use SecureW2 and MacOSX with that EAP form with no problem
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
You can try wpa_supplicant's eapol_test. It should support all EAP types
that wpa_supplicant supports.
Ivan Kalik
Kalik Informatika ISP
Dana 20/7/2007, Govardhana K N [EMAIL PROTECTED] piše:
Ivan,
Does that mean, EAP-TTLS is supported in FreeRadius Server but not in
FreeRadius Client?
Does it
Try Called-Station-Id.
Ivan Kalik
Kalik Informatika ISP
Dana 20/7/2007, [EMAIL PROTECTED] [EMAIL PROTECTED] piše:
Hello Everybody,
We have several network equipments with radius athentication. We want to limit
the access to several administrators. We use a radius-proxy and a radius server
This is a long shot, but if anyone has the time to read this, I'd appreciate
any suggestions!
I'm running FR 1.x on the same RHEL4 box that handles POP3/IMAP proxying
(using 'perdition') and authenticated SMTP (using sendmail). I'm in the
process of migrating from Funk/Juniper, so my other
On Jul 20, 2007, at 12:55, Hugh Messenger wrote:
If it makes any difference, I run radiusd in –X mode, because it
crashes when running as a service (valgrind showed Bad Things
happening).
While that may not be all of the issues, debug mode uses a lot of
disk I/O. You might be getting
Doug Hardie said:
While that may not be all of the issues, debug mode uses a lot of
disk I/O. You might be getting delays accessing mail files from
this. You need to figure out why it doesn't run as a service. I
have been using it in service mode for years with no problems.
Yup, that
Good afternoon,
I have a configuration scenario that I have researched all day long (8+
hours now) and cannot solve. I know I must be missing something simple, but
I'm not sure what that is.
The environment is a small business location with Cisco 1130AG Access
Points. We are currently use LEAP
Good Afternoon,
I have a Freeradius (1.1.5) running on a server (1G RAM, double processor) as a
Proxy Radius, on a production enviroment to AAA VOIP calls.
At peak hours, the Radius stop responding. I cannot see any message on the
log, just stop working.
I have to kill/load manually in
Cregester said:
fact that it keeps inserting the computer name in front of the username.
For
example MYCOMPUTER\Bob. This is a problem because I just want usernames to
authenticate no matter what computer they access from. Bob should be able
to
authenticate from a number of PCs.
Not sure if
On Fri 20 Jul 2007, Hugh Messenger wrote:
This is a long shot, but if anyone has the time to read this, I'd
appreciate any suggestions!
I'm running FR 1.x on the same RHEL4 box that handles POP3/IMAP proxying
(using 'perdition') and authenticated SMTP (using sendmail). I'm in the
process of
Thank you for the response.
Yes, that is one item I have turned off and on, trying to figure out exactly
which way is better in my case. Most recently, I left it turned on.
cheesegrits wrote:
Cregester said:
fact that it keeps inserting the computer name in front of the username.
For
Alan DeKok wrote:
That would seem to be the case, yes. But it's very weird. Doubly so
since there's no code in rlm_krb5 that depends on debug_flag = 2.
So... the culprit is likely elsewhere. Exactly where it is located is
difficult to say.
Thanks, Alan. Just a quick update...
No renewal notification domain expiry == headache.
sigh
Things should be back within 24 hours.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
26 matches
Mail list logo