Jack Daniels wrote:
> No, I'm not trying to run it with 1.1.x files. I've downloaded the
> latest snapshot in a brand new computer, which has only the LBS.
Hmm... OK.
> In previous versions, when I compiled FreeRadius, it was 100%
> functional, obviously I needed to configure it to meet my need
Hi all!
I added the Simultanous-Use attribute to radgroupcheck in my MySQL-db
with the following statement:
INSERT INTO radgroupcheck (GroupName, Attribute, op, Value)
values("dialup", "Simultaneous-Use", ":=", "1");
But I can login twice or more with the same account... so what do i have
Ray Phillips wrote:
> I've attempted to compile free radius 1.1.7 on a machine running
> NetBSD/amd64 without success...
FreeRADIUS is in pkgsrc. If the version there isn't 1.1.7, the
patches will let you build it on NetBSD.
> At first configure couldn't find krb5.h and make failed:
I've f
Arran Cudbard-Bell wrote:
> I know you like to kill the server off if theres any kind of
> configuration parsing error; but possibly duplicate/invalid clients is
> one of the exceptions where it might be better to complain bitterly...
This goes for invalid clients, invalid home servers, database
Hello,
I'm using radius server and and linksys access point configured to use
radius security mode and windows xp in my laptop as wlan client configured like
that:
network authentication: open
data encryption: WEP
enable IEEE 802.1x authentication for this NW
EAP type: smartcard or oth
Regarding the subject, it's still much better than the following
headline: "A startup dies on pre1" :-)))
Sorry, couldn't help thinking of it when reading the mail. Anyway, a
hale to the project that has already helped so many new companies to
construct their businnesses...
On 28 Au
Michael Ziemann wrote:
> I added the Simultanous-Use attribute to radgroupcheck in my MySQL-db
> with the following statement:
...
> But I can login twice or more with the same account... so what do i have
> to enable/disable to deny simultaneous usage of the accounts???
As ALWAYS, run the serve
Hi all!
I added the Simultanous-Use attribute to radgroupcheck in my MySQL-db
with the following statement:
INSERT INTO radgroupcheck (GroupName, Attribute, op, Value)
values("dialup", "Simultaneous-Use", ":=", "1");
But I can login twice or more with the same account... so what do i have
Hi All
I have a problem with freeradius and Direct Server return configuration.
I use Alteon load balancer configured for DSR, freeradius listen on the
virtual IP address and the real address as health check request are sent
on the real IP address but client request are sent on the virtual IP
Ray Phillips wrote:
> Yes, it is there. I suppose I'm obstinate, but I'd like the original
> sources to be compilable without having to patch them.
I've fixed it in CVS head. For 1.1.8 (if it's released), we'll see.
> If you understand them. :) It looks to me as though none of the
> patches
On Tue, 2007-08-28 at 11:39 +0200, Giuseppe Tricarico wrote:
> Hi All
> I have a problem with freeradius and Direct Server return configuration.
>
> I use Alteon load balancer configured for DSR, freeradius listen on the
> virtual IP address and the real address as health check request are sent
On Mon, 2007-08-27 at 19:00 -0500, Stefan Adams wrote:
> Is there anyway that I can rewrite the Calling-Station-ID to the name
> of the PC instead of the MAC address? This table can be found in LDAP
In which case, you might be able to do it in the hints file with an
ldap: xlat
DEFAULT Calling-St
Thanks for your reply Alan.
> I've attempted to compile free radius 1.1.7 on a machine running
NetBSD/amd64 without success...
FreeRADIUS is in pkgsrc.
Yes, it is there. I suppose I'm obstinate, but I'd like the original
sources to be compilable without having to patch them.
If th
Fedora core 5
freeradius-client-1.1.5.tar.bz2
./confiugre
make
make install
freeradius-1.1.7.tar.gz
rpmbuild -bb redhat/freeradius.spec
cp /usr/share/freeradius/dictionary.microsoft \
/usr/local/etc/radiusclient
vi /usr/local/etc/radiusclient/dictionary
INCLUDE /usr/local/etc
Hi all !
I don't know what to do... sql is enabled, but i still can login
twice... i inserted the Simultaneous-Use attribute already in my db ...
Here's the debug info, startet with radiusd -X ...
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: includ
On Tue, 2007-08-28 at 19:20 +0900, hyunok wrote:
> Fedora core 5
> freeradius-client-1.1.5.tar.bz2
> ./confiugre
> make
> make install
Great, so you posted this barely-comprehensible gibberish to the poptop
list and now to the FreeRadius list.
http://catb.org/~esr/faqs/smart-questions.html
Hi Guys!
Bad bad error ... the user had wrong rights, so the server couldn't
write down who's online...
very bad mistake...
Regards
Michael
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Michael Ziemann wrote:
> Hi all !
>
> I don't know what to do... sql is enabled, but i still can login
> twice... i inserted the Simultaneous-Use attribute already in my db ...
>
> Here's the debug info, startet with radiusd -X ...
...
> Ready to process requests.
So... the server starts. Tha
Hello!
I have the NAS-List in MySQL with hostnames, like nas1.foo.bar. It's nessecary
to restart freeradius if the ip of a nas changes? In the morning i had this
error and i think this is because my ip has changed:
# Error: Ignoring request from unknown client 85.25.116.14:2052
Or is there an op
>Matthias Lohr wrote:
>> I have the NAS-List in MySQL with hostnames, like nas1.foo.bar. It's
>nessecary
>> to restart freeradius if the ip of a nas changes?
>
> Yes.
Does a restart have any influence to running sessions?
>
>> In the morning i had this
>> error and i think this is because my ip
Norbert Wegener wrote:
> If the client's certificate is expired, eap/tls will, of course, fail.
> In this case a guest vlan shall be assigned to the client.
I'm not sure that's good enough. The client may not believe it was
successfully authenticated until the TLS session is properly finished.
Matthias Lohr wrote:
> Does a restart have any influence to running sessions?
If you're doing EAP, yes. If you're not doing EAP, there are no
ongoing RADIUS sessions.
>> Don't use hostnames for RADIUS. Use IP addresses.
> I have only NAS with dynamic ips, so that doesn't work
Fix your netw
inelec communication wrote:
> Sending Access-Challenge of id 0 to 192.168.0.211:2057
> EAP-Message = 0x0113000a0d80
> Message-Authenticator = 0x
> State = 0x1859df1e2a63289dde2fcecf053c07cc
> Finished request 107
> Going to the next re
Hello,
I'm using radius server and and linksys access point configured to use radius
security mode and windows xp in my laptop as wlan client configured like that:
network authentication: open
data encryption: WEP
enable IEEE 802.1x authentication for this NW
EAP type: smartcard or other certific
I have setup authentication against AD according to:
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
This works as expected.
If the client's certificate is expired, eap/tls will, of course, fail.
In this case a guest vlan shall be assigned to the client.
Having a module
Matthias Lohr wrote:
> I have the NAS-List in MySQL with hostnames, like nas1.foo.bar. It's
> nessecary
> to restart freeradius if the ip of a nas changes?
Yes.
> In the morning i had this
> error and i think this is because my ip has changed:
> # Error: Ignoring request from unknown client
Hi,
> > Don't use hostnames for RADIUS. Use IP addresses.
> I have only NAS with dynamic ips, so that doesn't work
using a VPN between the NAS and the server could help
in this case - if its possible - that way the NAS is always
the same IP endpoint of the VPN tunnel.
alan
-
List info/subscribe
Alan DeKok wrote:
...
Incoming RADIUS packet did not have correct Message-Authenticator - dropped
message
on the client side.
Try adding a Message-Authenticator to the reply. Any value will do,
as it will be re-calculated when the packet is sent.
freeradius now sends a Message-A
Hi all,
We are running FreeRADIUS 1.1.6 on Solaris 10 (sparc) and want to
retrieve authorization information from an Pervasive SQL database via an
ODBC Bridge.
In order to do so we installed on our Solaris host:
- the unixODBC ODBC Manager 2.2.12
- Easysoft ODBC-ODBC Client 32bit for Solaris
But
Hi,
> I am having in starting radius. Following is text output of "radiusd -X"
..and its obvious...
> rlm_eap: No such sub-type for default EAP type peap
> The eap.conf has following configuration -
oh my. you have seriously and blindly edi
Hi Guys!
I've another problem ...
When I enter radwho, it displays user1, user2 and user3 ...
But they aren't connected, and with these accounts I can't login since I
entered the Simultaneous-Use into radgroupcheck ... The Value is 1.
I already deleted the radacct tables, and disabled the radu
Norbert Wegener wrote:
> freeradius now sends a Message-Authenticator with value 0x00:
...
> but there seems to be a problem on the other end, as eapol_test shows:
>
> STA 00:00:00:00:00:02: Received RADIUS packet matched with a pending
> request, round trip time 0.05 sec
> RADIUS packet matchin
I have run across a number of machines that seem to have a problem
authenticating to the radius server via Cisco 1200 AP using LEAP. All the
newer Cisco/Intel cards don't have a problem with current or recent drivers,
but a model of Atheros and Belkin drivers that have a copyright date of
2004
Hi Alan,
how can I could know what kind of error it is?
AD account is ok (I'm using that)
the password works fine when I run ntlm_auth command manually:
ntlm_auth --request-nt-key --domain=REFAP --username=dadfh9
password:
(Success)
On 8/24/07, Alan DeKok <[EMAIL PROTECTED]> wrote:
> Alexsander
Alan
First of all i apologize for my late reply . I dont remember exactly but
openswan and strongswan were not supporting EAP payload when we started this
project.
Our project demands EAP-SIM.
Strongswan has added this feature recently i guess. By interface i ment that
the EAP-SIM
payload to be
I'm trying to set up l2tp forwarding based on an auth suffix ... I've
tried something like this:
DEFAULT Suffix == "[EMAIL PROTECTED]"
Cisco-Avpair := "vpdn:tunnel-type=l2tp",
Cisco-Avpair += "vpdn:ip-addresses=10.221.1.34",
Cisco-Avpair += "vpdn:l2tp-tunnel-password=secret
I will be out of the office starting 08/28/2007 and will not return until 09/04/2007.
I will respond to your message when I return.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I am running a Cisco 7200 with vpdn tunnels.
Freeradius 1.1.6 server I am running,
My authentications to my local box of other realms (e.g. @bbb.org,
@ccc.com) within the local box is working fine, but authenticating
from Cisco router nas_ip_x, to my local radius box, and then (re-)
proxyin
Alexsander wrote:
> how can I could know what kind of error it is?
What part of the error message is unclear?
> AD account is ok (I'm using that)
> the password works fine when I run ntlm_auth command manually:
>
> ntlm_auth --request-nt-key --domain=REFAP --username=dadfh9
> password:
> (Suc
Hi,
I guess I just need a RTFM reminder here, but I failed to find something on
first glance:
I would like to set up a rule in 1.1.7 that matches a subnet of
Client-IP-Addresses. I did
DEFAULT Client-IP-Address == 158.64.14.224/28, Proxy-To-Realm := NULL
in acct_users. I used to think it matc
40 matches
Mail list logo
