HI
I am using EAP_TLS authentication ie certificate based authentication with
free radius.The setup is working fine .
I have one query.Is there any way to lock the client certificate to a
particular laptop MAC address so that the certificate cannot be used in another
machine..Is there any c
riying to
test with NTRadPing always got the same error.
The user already exists in database
rad_recv: Access-Request packet from host 192.168.1.109:4027, id=2,
length=49
User-Name = "test-user"
User-Password = "test-pass"
rlm_sql (sql): Reserving sql socket id: 4
rl
Yes. It sounds good.
Check common name in the certificate with databases(users or others).
John
[EMAIL PROTECTED] 写道:
> Hangjun He wrote:
> > And I use EAP-TLS and with correct certs. Even if I set wrong
> > username in Odessey Client, freeRADIUS will return
> > success.(check_cert_cn n
>> Module: Loaded Acct-Unique-Session-Id
>>>>>>>>> Module: Instantiated acct_unique (acct_unique)
>>>>>>>>> Initializing the thread pool...
>>>>>>>>> Listening on authentication *:1812
>>>>>>>>> Lis
e error.
The user already exists in database
rad_recv: Access-Request packet from host 192.168.1.109:4027, id=2,
length=49
User-Name = "test-user"
User-Password = "test-pass"
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): SQL query error; rejecting us
;dbuser"
>>>>>>> password = "dbpass"
>>>>>>> radius_db = "radius"
>>>>>>>
>>>>>>> acct_table1 = "radacct"
>>>>>>> acct_table2 = "radacct&quo
Use rlm_perl instead of sqlcounter. That way you can return both gigaword
and octet limiting VSAs.
Ivan Kalik
Kalik Informatika ISP
Dana 13/12/2007, "Russell Tester" <[EMAIL PROTECTED]> piše:
>CoMeC,
>
>Thanks for your reply, Yes I have read the FAQ, and understand why we
>need to wrap at 4GB,
m_sql_socks = 5
>>>>> connect_failure_retry_delay = 60
>>>>>
>>>>> }
>>>>>
>>>>> radreoply table
>>>>>
>>>>> mysql> select * from radreply;
>>>>> ++---+-
with Mysql but when I'm triying to
test with NTRadPing always got the same error.
The user already exists in database
rad_recv: Access-Request packet from host 192.168.1.109:4027, id=2,
length=49
User-Name = "test-user"
User-Password = "test-pass"
rlm_sq
(sql): Reserving sql socket id: 4
rlm_sql (sql): SQL query error; rejecting user
rlm_sql (sql): Released sql socket id: 4
Sending Access-Reject of id 2 to 192.168.1.109 port 4027
Any help please?
Thanks in advance,
Pablo
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/lis
CoMeC,
Thanks for your reply, Yes I have read the FAQ, and understand why we
need to wrap at 4GB, just can't get a solution working to limit users
above 4GB. Accounting works fine above 4GB.
We have been using Mikrtoik with Freeradius for around 4 years, yeah it
works good :)
Btw I forgot to me
ess | = | 0.0.0.0 |
>>> ++---+---++---+
>>> 2 rows in set (0.00 sec)
>>>
>>>
>>>
>>>
>>>
>>> [EMAIL PROTECTED] wrote:
>>>> Send radiusd -X output. Have you done so
d=2,
length=49
User-Name = "test-user"
User-Password = "test-pass"
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): SQL query error; rejecting user
rlm_sql (sql): Released sql socket id: 4
Sending Access-Reject of id 2 to 192.168.1.109 port 4027
Any help pl
e
>>>
>>>
>>> rad_recv: Access-Request packet from host 192.168.1.109:4027, id=2,
>>> length=49
>>>User-Name = "test-user"
>>>User-Password = "test-pass"
>>> rlm_sql (sql): Reserving sql socket id: 4
>>> rlm_sql
"test-pass"
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): SQL query error; rejecting user
rlm_sql (sql): Released sql socket id: 4
Sending Access-Reject of id 2 to 192.168.1.109 port 4027
Any help please?
Thanks in advance,
Pablo
-
List info/subscribe/unsubscribe? See http:
Send radiusd -X output. Have you done something to sql.conf apart from
database connection details?
Ivan Kalik
Kalik Informatika ISP
Dana 13/12/2007, "Pablo Lucchetti" <[EMAIL PROTECTED]> piše:
>Hi,
>
>I've a Freeradius on a Debian Etch with Mysql but when I'm triying to
>test with NTRadPing al
Delete that Auth-Type entry from the database. You don't need it.
Ivan Kalik
Kalik Informatika ISP
Dana 13/12/2007, "ann kok" <[EMAIL PROTECTED]> piše:
>Hi all
>
>As the debian upgrade, i also upgrade the freeradius
>version to from 1.0.2 to 1.1.3 in debian package
>
>the radius database is mig
sql socket id: 4
Sending Access-Reject of id 2 to 192.168.1.109 port 4027
Any help please?
Thanks in advance,
Pablo
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__ Infor
Hey,
I am not sure, no specialist, but try to make this query in your mysql:
"SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username =
'test-user' ORDER BY id"
Make sure, that your mysql server/login/password/database are correct.
Take a look how is you password handled... clear-
Hi,
I've a Freeradius on a Debian Etch with Mysql but when I'm triying to
test with NTRadPing always got the same error.
The user already exists in database
rad_recv: Access-Request packet from host 192.168.1.109:4027, id=2,
length=49
User-Name = "test-user"
User-Password = "t
Hi all
As the debian upgrade, i also upgrade the freeradius
version to from 1.0.2 to 1.1.3 in debian package
the radius database is migrated to this new debian
I use the NTRADping utiliy to tests the new freeradius
login fine.
When I put it in the production, the radius.log is
showing
Error: r
Phil Mayers wrote:
Norbert Wegener wrote:
With 1.1.7 I want to add attributes to an eap authenticated client.
The rules for applying vlan are somewhat unusual, that I decided to
use mysql and stored procedures to determine the values that have to
be applied.
When I call the corresponding sql
Norbert Wegener wrote:
With 1.1.7 I want to add attributes to an eap authenticated client.
The rules for applying vlan are somewhat unusual, that I decided to use
mysql and stored procedures to determine the values that have to be
applied.
When I call the corresponding sql module from the auth
With 1.1.7 I want to add attributes to an eap authenticated client.
The rules for applying vlan are somewhat unusual, that I decided to use
mysql and stored procedures to determine the values that have to be applied.
When I call the corresponding sql module from the authorize section, I
run int
Hi Phil,
Here is the detail configs and logs. Please let me
know.
Thanks and Regards.
modules {
ldap {
server = "ldap://x:1389";
identity =
"uid=appuser,ou=appadm,o=entitlement"
password = **
basedn = "ou=roles
it's ok when delegate is commented
On Dec 13, 2007 7:34 PM, <[EMAIL PROTECTED]> wrote:
> That's nothing to do with freeradius. Debug PPP and see what's missing.
> Netmask?
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 13/12/2007, "hadi golestani" <[EMAIL PROTECTED]> piše:
>
> >in windows xp
That's nothing to do with freeradius. Debug PPP and see what's missing.
Netmask?
Ivan Kalik
Kalik Informatika ISP
Dana 13/12/2007, "hadi golestani" <[EMAIL PROTECTED]> piše:
>in windows xp after verifying username and password.
>
>On Dec 13, 2007 3:02 PM, <[EMAIL PROTECTED]> wrote:
>
>> >with t
That's ment about the link between APs not between AP and the user.
Ivan Kalik
Kalik Informatika ISP
Dana 13/12/2007, "Sergio Belkin" <[EMAIL PROTECTED]> piše:
>Hi,
>I've configured freeradius with eap-ttls, and is working fine, but I
>have one doubt:
>Can I use this kind of settings for use se
Dana 13/12/2007, "Reynolds, Walter" <[EMAIL PROTECTED]> piše:
>
>I am looking at that option, but I should not have to. Per the
>huntgroups file:
>
>"# This file can also be used to define restricted access
># to certain huntgroups. The second and following lines
>#
Hi,
> "# This file can also be used to define restricted access
> # to certain huntgroups. The second and following lines
> # define the access restrictions (based on username and
> # UNIX usergroup) for the huntgroup.
> #"
so why not do as
Hi,
I've configured freeradius with eap-ttls, and is working fine, but I
have one doubt:
Can I use this kind of settings for use several APs with WDS?
I ask this because I've read this:
"This means that Wi-Fi Protected Access (WPA) and other dynamic key
assignment technology may not be used"
htt
in windows xp after verifying username and password.
On Dec 13, 2007 3:02 PM, <[EMAIL PROTECTED]> wrote:
> >with this attribute connection fails in registeration section with this
> >error: connection closed by remote host
> >
>
> Registration section???
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
I am looking at that option, but I should not have to. Per the
huntgroups file:
"# This file can also be used to define restricted access
# to certain huntgroups. The second and following lines
# define the access restrictions (based on username and
#
>I did, but the user list is not being recognized by more than one.
>How can I get that user list to be used for all NAS that are in that
>huntgroup? Or is this a bug?
>
No, it's not a bug. It's a flat file entry. Every entry is matched
separately. i.e. one entry doesn't "know" what's listed unde
Hi,
> I should say that I do not want to use an external solution. Creating a
> huntgroup for each NAS with the exact same user list does work, but then
> if I have to change a user I would then have to modify what could be
> over 100 groups.
i think, therein, lies your problem - you havent look
Hi Alan, Ivan,
After adding entry in users file, this is working correctly now. Thanks a
lot for your help.
Kind Regards,
Nilanjan
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
us.org] On Behalf Of Alan DeKok
Sent: Thursday, December 13, 2007 4:47 PM
To: FreeRadiu
> Message: 9
> Date: Wed, 12 Dec 2007 22:41:54 +0100
> From: <[EMAIL PROTECTED]>
> Subject: RE: Example listed in huntgroup file does not work
> To: "FreeRadius users mailing list"
>
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset=ISO-8859-2
>
> >But I guess here is m
Dana 13/12/2007, "Nilanjan Sarkar" <[EMAIL PROTECTED]> piše:
>Hi Alan, Ivan,
>
>Thanks for the reply. I have posted the log below.
>
>After observing the radiusd log, I guess the authentication failed due to
>this
>-
>rlm_eap_md5: User-Password is required for EAP-MD5 authenticatio
> Hangjun He wrote:
> >And I use EAP-TLS and with correct certs. Even if I set wrong
> > username in Odessey Client, freeRADIUS will return
> > success.(check_cert_cn not set).
>
> EAP-TLS authenticates users based on certificates. It ignores the
> user name.
i think, thats not complete
>with this attribute connection fails in registeration section with this
>error: connection closed by remote host
>
Registration section???
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Nilanjan Sarkar wrote:
> Thanks for the reply. I have posted the log below.
That's one piece of the solution.
> After observing the radiusd log, I guess the authentication failed due to
> this
...
> Do you have information about what does it mean?
Yes.
Go read the web page I posted my las
with this attribute connection fails in registeration section with this
error: connection closed by remote host
On Dec 13, 2007 2:28 PM, <[EMAIL PROTECTED]> wrote:
> Framed-IP-Address with :=
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 13/12/2007, "hadi golestani" <[EMAIL PROTECTED]> piše:
Framed-IP-Address with :=
Ivan Kalik
Kalik Informatika ISP
Dana 13/12/2007, "hadi golestani" <[EMAIL PROTECTED]> piše:
>thanks, it's ok now.
>
>How about assigning a static ip to username without ip-pool.
>
>On Dec 13, 2007 1:54 PM, <[EMAIL PROTECTED]> wrote:
>
>> >
>> >what's wrong in my confi
thanks, it's ok now.
How about assigning a static ip to username without ip-pool.
On Dec 13, 2007 1:54 PM, <[EMAIL PROTECTED]> wrote:
> >
> >what's wrong in my configurations?
> >
>
> Not much.
>
> >rlm_sqlippool: Framed-IP-Address already exists
> > modcall[post-auth]: module "sqlippool" retur
Hi Alan, Ivan,
Thanks for the reply. I have posted the log below.
After observing the radiusd log, I guess the authentication failed due to
this
-
rlm_eap_md5: User-Password is required for EAP-MD5 authentication
rlm_eap: Handler failed in EAP/md5
rlm_eap: Failed in EAP select
>
>what's wrong in my configurations?
>
Not much.
>rlm_sqlippool: Framed-IP-Address already exists
> modcall[post-auth]: module "sqlippool" returns noop for request 8
You have Framed-IP-Address already set, probably by the Service-Type
entry in users file. ippool in radiusd.conf has an option t
manIP wrote:
> I have a problem when I receive a "Event-Timestamp" attribute. The
> provider assures me that he sends it in seconds (...elapsed since Jan
> 1st 1970) but My radius server "convert it into a date.
It prints it out as a date.
> For instance, the operator has sent Event-Timestamp
Hangjun He wrote:
>And I use EAP-TLS and with correct certs. Even if I set wrong
> username in Odessey Client, freeRADIUS will return
> success.(check_cert_cn not set).
EAP-TLS authenticates users based on certificates. It ignores the
user name.
> Can I let freeRADIUS to check if use
Hi,
I'm using freeradius to assign ip to my vpn clients.
so I've configured sqlippool to bind ips to my users and groups.
and in pptpd.conf I choose not to assign ip in pptpd.
but connections to pptpd fails ( from win xp ) with error: no assigned ip.
what's wrong in my configurations?
my DB state
Nilanjan Sarkar wrote:
> I want to test radiusd with radeapclient. I am following from
> radeapclient man page, and using "./radeapclient -x localhost auth
> testing123 But radeapclient is getting access-reject with Failure EAP-Code from
> radiusd (running like ./radiusd -X in another console).
Phil Mayers wrote:
> Slightly confusing, there are two ways to do this:
This should be fixed before 2.0. There should be only one way to do
things.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jeremy M. Guthrie wrote:
> The PAM module for RSA(ACE) does work except in one case:
> - an account in 'next token mode' or 'new pin mode' causes FreeRADIUS to
> spin
> out and swallow all of the memory on the host running it till it crashes.
Ouch.
> I have not nailed down yet if it is PAM o
52 matches
Mail list logo