[EMAIL PROTECTED] wrote:
> you are calling the unix auth module before suffix - therefore the magic
> hasnt yet happened. I'd try putting the unix module after the modules
> that play around with User-Name
i.e. the order in the default configuration is wrong, too.
I've fixed it.
Alan DeKo
Oh my God!!! This problem is killing me!I back the original sql.conf and
have no Auth-Type in radcheck and other no in tables too.I put := in
Simultaneous-Use.I test the connection and no groups table was read. The
radius log is the same.I did install freeradius in other server and do the
same. No
orion wrote:
> alan , can we have the TOC of the book ?
It's still in development, and I'm re-arranging it occasionally. At a
high level:
Introduction
Concepts
Participants and their roles
User Devices
NAS
RADIUS Servers
Databases
AAA Overview
Authentication
Authori
DEFAULT NAS-IP-Address == so.me.bo.x, Auth-Type := Accept
Ivan Kalik
Kalik Informatika ISP
Dana 16/1/2008, "Chad Whitten" <[EMAIL PROTECTED]> piše:
>Hello,
>
>I run a few NAS devices, all Lucent/Ascend Max TNT with a freeradius
>server. Im trying to locate some documentation on the Max TNT to
Thierry CHICH wrote:
> I have an access-point, and I want use EAP/TTLS in order to authenticate
> people on my LDAP server. The first time, I had then something like that:
...
> in my intel proset, if I am giving a false identity in my roaming profile
> with
> a good identity and a good password
Hi all,
In message
<[EMAIL PROTECTED]>, Rupert
Finnigan <[EMAIL PROTECTED]> writes
Try importing the Certificate to the Local Computer Certificate Store
rather than the User one..
On XP, go Start -> Run, and run mmc. Then, go File -> Add/Remove
Snap-In and add the "Certificates" Snap in and r
OK, since that's correct I had a look at the debug. You are not doing
group checking at all. You have done something to sql.conf to break it.
Go back to the original sql.conf and just alter the connection details
(user, pass, server). Leave rest as it is (we will sort out sumultaneous
use later). D
Hi,
the first request looks like this.NOTE the test order...
> rad_recv: Access-Request packet from host 192.168.1.64 port 32775, id=35,
> User-Name = "test"
> +- entering group authorize
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[unix] returns
Hi,
> > > option is to 'exec' external scripts to perform more complex queries, am
> > > I right?
> > It's an option, but not the only one. You can use Perl or Python, too.
>
>
> Sorry if this seems studpid, but, do you mean that I can embed Perl in
> radiusd.conf?
no - you can call PERL from
Hi Alan,
I am curious about your book.
When will it be available? Will it be sold at Amazon or other online store?
Thanks!
On Jan 16, 2008 9:23 PM, Alan DeKok <[EMAIL PROTECTED]> wrote:
> orion wrote:
> > then dont keep it under 400.
> > more info is better. ( and real examples too )
>
> It's
>
> > Ok, this is certainly a problem for me. I can't change freeradius
> > version (at least not now, maybe in the future) so I assume the only
> > option is to 'exec' external scripts to perform more complex queries, am
> > I right?
> It's an option, but not the only one. You can use Perl or Py
On Wednesday 16 January 2008 16:58:09 Alan DeKok wrote:
> William wrote:
> > The situation is that we have a lot of legacy users who only enter a
> > username, without realm information, and passwords for their connections.
> > Those work fine. When newer users enter [EMAIL PROTECTED] for their
>
William wrote:
> The situation is that we have a lot of legacy users who only enter a
> username,
> without realm information, and passwords for their connections. Those work
> fine. When newer users enter [EMAIL PROTECTED] for their password I need to
> strip off the realm, and authenticate
On Wednesday 16 January 2008 16:39:38 Alan DeKok wrote:
> Configure... what, exactly? I think you're getting stuck on trying to
> make particular configurations "work". You should instead state the
> requirements as clearly as possible. Odds are that a simple
> configuration will be straightfo
William wrote:
> What I am trying to do is set up my main realm to handle either no realm or
> deal with the default realm,
I'm not sure what you mean by that. Do you want those requests to
both be proxied, or handled in the local server?
Talking about the local server as a "main realm" co
Kevin J wrote:
> Is there a way to open two ports (1645 and 1812) for auth at the same time?
> We want to find a way to open 1645, 1812, 1646, and 1813 for auth and
> acct in parallel.
See the "listen" directive in radiusd.conf. This is documented.
Alan DeKok.
-
List info/subscribe/unsubscri
orion wrote:
> then dont keep it under 400.
> more info is better. ( and real examples too )
It's a lot of typing, and a lot of copy-editing.
The main issue with examples is that adding NAS examples is almost
impossible. There are dozens of manufacturers, and hundreds of possible
configurati
Spam Eater wrote:
> Ok, this is certainly a problem for me. I can't change freeradius
> version (at least not now, maybe in the future) so I assume the only
> option is to 'exec' external scripts to perform more complex queries, am
> I right?
It's an option, but not the only one. You can use Pe
Greetings,
I have looked at the documentation included with the 2.0 distribution for
setting up radius 2.0 and I am either blind, or it doesn't have when I am
looking for.
What I am trying to do is set up my main realm to handle either no realm or
deal with the default realm, The problem
Is there a way to open two ports (1645 and 1812) for auth at the same time?
We want to find a way to open 1645, 1812, 1646, and 1813 for auth and acct in
parallel.
Thanks,
Kevin
-
Never miss a thing. Make Yahoo your homepage.-
List info/subscribe/unsubsc
> > > b) Is there a limit to the sql query length?
> >
> > In 1.1.x, yes. About 253 octets in many cases. If the queries are in
> > the configuration (e.g. rlm_sql_ippool), then the queries can be very
> > long.
>
> Ok, this is certainly a problem for me. I can't change freeradius version
> (at
then dont keep it under 400.
more info is better. ( and real examples too )
thanx.
On 16/01/2008, Alan DeKok <[EMAIL PROTECTED]> wrote:
>
> orion wrote:
> > alan , can we have the TOC of the book ?
>
> It's still in development, and I'm re-arranging it occasionally. At a
> high level:
>
> Intro
Hi,
Do you provide co-location service in Sth Africa ?
I am looking to have a rackspace or half down there.
Regards,
Abdul Hakeem
IPEX Telecom
+447931800952
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Keith Dovale
Sent: 15 January 2008 16:41
To: 'FreeRadius users m
Hi,
> Thierry CHICH wrote:
> > freeradius Version 1.1.3 ??? I can't believe it ! I thank I was using the
> > version 1.1.6 ! Is it possible it change the beahvior if I upgrade ?
>
> In 1.1.x you can set the User-Name inside of the tunnel, and then set
> "use_tunneled_reply = yes" in the EAP con
indira kolli wrote:
>What is the expected callflow for EAP-MSCAHPv2
Read the specification, or the source code.
> Access-request
> Access-Challenge
> Access-request
> Access-Accept
>
> Why am I getting Access-challenge again
You're not saying which supplicant you're using.
Hello Alan,
Thank you so much for your quick response!
Please check my comments inline below:
> > Problem: When I have the attribute Session-Timeout in the radcheck
> > table, I get a Segmentation Fault after the query as run, no matter if
> > it returns results or not.
> doc/bugs
> > a) I'v
Hello Alan,
What is the expected callflow for EAP-MSCAHPv2
Access-request
Access-Challenge
Access-request
Access-Accept
Why am I getting Access-challenge again
..Indi
On Jan 16, 2008 10:30 AM, Alan DeKok <[EMAIL PROTECTED]> wrote:
> indira kolli wrote:
> > >> Thank you very
Spam Eater wrote:
> Problem: When I have the attribute Session-Timeout in the radcheck
> table, I get a Segmentation Fault after the query as run, no matter if
> it returns results or not.
doc/bugs
> a) I've noticed that freeradius performs Accounting-Request when this
> attribute is set, is th
Thierry CHICH wrote:
> freeradius Version 1.1.3 ??? I can't believe it ! I thank I was using the
> version 1.1.6 ! Is it possible it change the beahvior if I upgrade ?
In 1.1.x you can set the User-Name inside of the tunnel, and then set
"use_tunneled_reply = yes" in the EAP config. This will
Hello everyone,
I am trying to do a more complicated query for a custom session time
counter, but I am running into problems.
Can someone please answer the following questions?
Problem: When I have the attribute Session-Timeout in the radcheck table, I
get a Segmentation Fault after the query as
Le mercredi 16 janvier 2008, Arran Cudbard-Bell a écrit :
> Thierry CHICH wrote:
> > Le mercredi 16 janvier 2008, Alan DeKok a écrit :
> >> Thierry CHICH wrote:
> >>> I have an access-point, and I want use EAP/TTLS in order to
> >>> authenticate people on my LDAP server. The first time, I had then
John Dennis wrote:
>> Where is the LDAP-UserDN being set from?
>
> It is set by rlm_ldap by performing an LDAP search on the USER_NAME
> attribute. If the search succeeds the ldap-userdn is set to the dn the
> user name was found under. This dn can then be used to efficiently point
> to the user
Hello,
I run a few NAS devices, all Lucent/Ascend Max TNT with a freeradius
server. Im trying to locate some documentation on the Max TNT to
change some options and the site I used to use - hal-pc.org/~ascend
doesnt seem to be available any longer. Thought I might try my luck
here.
What I am n
Alan DeKok wrote:
Brian Wilson wrote:
I tried updating to version 2.0. I like the debug interface much
better, it makes it alot easier to read. Nice job!
Thanks. It was a fair amount of work, but I think it's worth it.
Unfortunately, this upgrade introduced a new issue for me. When doi
Thierry CHICH wrote:
Le mercredi 16 janvier 2008, Alan DeKok a écrit :
Thierry CHICH wrote:
I have an access-point, and I want use EAP/TTLS in order to authenticate
people on my LDAP server. The first time, I had then something like that:
...
in my intel proset, if I am g
indira kolli wrote:
> >> Thank you verymuch for the response
>>> How and when do I get this fix
The web site contains instructions for obtaining code via CVS.
> >> Also does this fix the reply as type Access-Accept instead of
> Access-challenge or
> >> am I interpretting thi
Alan DeKok Wrote:
> No. The bug is different: EAP-MSCHAPv2 is *not* MS-CHAPv2.
>
> The MS-CHAP2-Success attribute has no business being in *any* packet that
> also contains EAP.
> I've committed a fix for that to CVS head.
>
> >> Thank you verymuch for the response
>
>> How and when do I ge
Le mercredi 16 janvier 2008, Alan DeKok a écrit :
> Thierry CHICH wrote:
> > I have an access-point, and I want use EAP/TTLS in order to authenticate
> > people on my LDAP server. The first time, I had then something like that:
>
> ...
>
> > in my intel proset, if I am giving a false identity in my
Gopinath Reddy N wrote:
> Catónio if its converted to UTF-8 then it should look like below in hex
> format. Try to get ur hex data and compare it with below data.
If I cut & paste that from my mailer to the config files && test
cases, it works. It doesn't mangle the name at all.
> If you are n
Josh Howlett wrote:
...
>> Sending Access-Challenge of id 3 to x.x.x.x port 1812
>> MS-CHAP2-Success =
...
>> EAP-Message =
...
> That looks like a bug to me. It's a violation of RFC2548:
No. The bug is different: EAP-MSCHAPv2 is *not* MS-CHAPv2.
The MS-CHAP2-Success attribute has no busin
hi
Catónio if its converted to UTF-8 then it should look like below in hex
format. Try to get ur hex data and compare it with below data.
If you are not getting the UTF-8 decoded information as shown in below then
there must be an issue with encoding mechanism of free radius.
C- 0x43
a- 0x61
t
I am an idiot,
The Autz-Type and the like are configuration items that are processed in
their own sections. The sql module changes reply and check items.
Sorry for the waisted bandwith.
Kind Regards
Etienne Pretorius
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users
On 16/01/2008, Ian Begg <[EMAIL PROTECTED]> wrote:
> Hi
> Dont know if this is the correct place to ask but I have a problem. I have
> got freeradius working with eap/tls and can load the certs to XP laptops and
> connect. The problem I have is that if I log onto the laptop using a
> different user
Hi
Dont know if this is the correct place to ask but I have a problem. I have
got freeradius working with eap/tls and can load the certs to XP laptops and
connect. The problem I have is that if I log onto the laptop using a
different user, no log on, I think the certs are for user and not machine.
Etienne Pretorius wrote:
Hello List,
I have managed to get sqlcounter working for tracking the octets in
the accounting database. Could someone give me a hint as how I would
say allow a user for group 'A' to use up their octets and if the user
also belongs to group 'B' to then allow an addtio
alan , can we have the TOC of the book ?
On 16/01/2008, Santiago Balaguer García <[EMAIL PROTECTED]> wrote:
>
> I have been following you since three years and
> I trust you, so I will buy your book.
>
> > Date: Tue, 15 Jan 2008 17:03:52 +0100
> > From: [EMAIL PROTECTED]
> > To: freeradius-users@
Hello List,
I have a question regarding the ability of rlm_sql setting of the
Autz-Type attribute.
I am attempting to assign/add to the Autz-Type attribute for processing
of sqlcounter instances based on the groups the user belongs to.
User [EMAIL PROTECTED] belongs to a group DSL-LOCAL fo
I have been following you since three years and
I trust you, so I will buy your book.> Date: Tue, 15 Jan 2008 17:03:52 +0100>
From: [EMAIL PROTECTED]> To: freeradius-users@lists.freeradius.org> Subject:
Re: alan's book, or anything new on the horizon> > Duane Cox wrote:> > I wonder
if Alan ever
Hello,
I have a small problem a little bit annoying, and it seems to me that a lot of
people using LDAP don't know that they have the same problem.
I explain :
I have an access-point, and I want use EAP/TTLS in order to authenticate
people on my LDAP server. The first time, I had then somethin
Brian Wilson wrote:
> I tried updating to version 2.0. I like the debug interface much
> better, it makes it alot easier to read. Nice job!
Thanks. It was a fair amount of work, but I think it's worth it.
> Unfortunately, this upgrade introduced a new issue for me. When doing
> group ldap s
Marc LEURENT wrote:
> Good evening,
> I'm sending a group membership query from openser to freeradius...
> I would like to send a group membership query, but it's a group
> authorize query that is received...
I have no idea what you mean by that. OpenSER sends RADIUS packets to
FreeRADIUS. It
Oguzhan Kayhan wrote:
> Hello,
> I am using rlm_perl script for authentication. And logging radacct in sql.
> But it is strange that,
> i couldnt use radwho radzap radlast etc for a while.. had the error "file
> not found" etc..
> So i manually created the files with touch. Now i can see theres rec
nikitha george wrote:
> Please find the debug log below..
>
> rlm_eap_ttls: Session established. Proceeding to decode tunneled
> attributes.
> +- entering group authorize
> ++[preprocess] returns ok
> expand: %{User-Name} -> Catónio
It looks like it's not doing anything to the charact
Hi again,
I think i found a solution
I dont know why but i had to give -d parameter to show the default config
path, my config path is under freeradius but it searches for radiusd
so..it made the problem.
So is there a way to change default path for radzap/radwho etc?
> Hello,
> I am using rlm_per
54 matches
Mail list logo