Andy Smith wrote:
Erm, thanks. But Im trying to work out how I Administer the data in MySQL.
Are there no utilities for entering data? If I have to enter data manually
with SQL insert etc can anyone point me at some docs explaining the format
the information should be in??
There are many applica
Found the problem... and ummm... I'm really ashamed to admit this one.
I had the CA root certificate in the users trusted root store, moved it
over the machine trusted root store and all is well.
Thank you for enduring my duh moment.
-- Mike Olson
Michael Olson wrote:
I loaded the computer
pershendetje/Hi dashamir.
sorry for my english , not my mother language.
i use the same scenario at our isp but we
check the MAC address of the NAS where the client comes from.
In mysql we have:
++--+++--+
| id | username | attribute | o
Hi,
I have installed freeradius-1.1.7 in fedora8. However I find that the module
rlm_sql does not work as described in this page:
http://wiki.freeradius.org/Rlm_sql
For example, I have inserted such data in the database:
radcheck:
+--+--+--++---+
| id | Us
Rupert Finnigan wrote:
On 17/01/2008, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
I have hp procurve 3500yl switches for which i use mac based authentication
against radius server.
The radius server should assign the vlan's.
The pc that hangs behind the phone get the correct vlan, but the ph
Hi,
> HP ProCurve edge series can only dynamically assign a single untagged VLAN
> to any one switch port.
> It is not possible to create dynamic VLAN trunks. It may be possible to
> create a VLAN trunk statically, then leave the switch to do VLAN
> assignment, and just deny/allow access via th
Hello,
Have you a patch for cisco wlse leap authentication, working for
freeradius 2.0 ?
Thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(pt-BR) Olá Marcos,Eu tinha me deparado com este mesmo problema a
um tempo atrás, eu retirei o default e mudei de Date para IncidentDate, isso
resolveu.(en-US) Hi, Marcos,I saw this problem a time ago,
I delete the default in ID and replace Date to IncidentDate, appers to work
fine.
I tried upgrading to 2.0.0, very close to a stock default config and I'm
getting the same symptoms, user works, computer doesn't. Makes me even
more suspicious of my certificates. I updated the files listed below to
new logs generated from 2.0.0.
I saw the note to in certs/xpextensions to add
Alan,
Thanks for your quick response! Yes, I'm aware that apple has
included FR into Leopard and am curious to see how it works in that
version of the OS once I move to it eventually. However, for the
Tiger users of which I'll remain for a while, I'd like to provide
ease of installation v
>
>Looking at User cert request ID #52 and Computer cert request ID #40
>(Where the "SSLv3 read client certificate A" error occurs) they are
>pretty much identical. The next messages in the sequence (#53/#41)
>are also almost identical (the freeradius reply is identical right down
>to the EAP-Messa
Have a look in debug mode to see if you are getting accounting packets
from Chillispot. If you are not getting accounting data there is no way
for counter to work.
Off topic, what stops a user to use a different username and gain another
2 hours? Mikrotik has a trial mode where users can gain una
Hi,
several folk run FreeRADIUS on MacOSX already - and Apple even
have added code themselves - I believe FR is the fundamental
EAP system in eg latest airport/timecapsule product (though
I may be wrong on that aspect of usage! ;-) )
> 2] Is perl only a build dependency for rlm_perl, or does the
Hi,
> thanks, Ive looked at this and its a good guide to initial install but
> doesnt seem to provide any detailed info on how to administer the data in the
> tables. IE there is a sample of some data from a test system but this doesnt
> even mention the "NAS" table, how are other people admi
The nas table definition can be found at the bottom of this page
http://wiki.freeradius.org/MySQL_DDL_script
make sure to set:
readclients = yes (probably at the bottom of sql.conf)
the column names in the nas table are pretty self-explanatory after you
have that set up. Just be sure to re-sta
PhpMyAdmin for example :)
Just kidding :)
Andy Smith wrote:
Hi,
thanks, Ive looked at this and its a good guide to initial install
but doesnt seem to provide any detailed info on how to administer the
data in the tables. IE there is a sample of some data from a test
system but this doe
Hi,
thanks, Ive looked at this and its a good guide to initial install but doesnt
seem to provide any detailed info on how to administer the data in the tables.
IE there is a sample of some data from a test system but this doesnt even
mention the "NAS" table, how are other people administerin
FreeRadius Wiki is a good starting point. SQL Howto
Andy Smith wrote:
Erm, thanks. But Im trying to work out how I Administer the data in MySQL.
Are there no utilities for entering data? If I have to enter data manually
with SQL insert etc can anyone point me at some docs explaining the format
t
I'm trying to install and configure my freeradius at rhel 5 to authenticate in
ldapdatabase. i read the rml_ldap and configure then according i understand. I
start my server with no problem, but i'm not sure if its working good or bad. I
create a test user at ldap database with username and pass
Erm, thanks. But Im trying to work out how I Administer the data in MySQL.
Are there no utilities for entering data? If I have to enter data manually
with SQL insert etc can anyone point me at some docs explaining the format
the information should be in??
Andy Smith wrote:
>Im completely new t
Greetings,
Quick disclaimer: Though I've been working on my unix chops for the
last year (intermittently), I still consider myself a bit of a
newbie, so I apologize for any questions that might have obvious
answers. That said:
I'm working on a port of FR 2.0 for macports.org and had a cou
Andy Smith wrote:
>Im completely new to freeradius, I have installed the server with
> MySQL and also got the dialup web GUI up and running.
> However its still not clear to me how I add new NAS devices, you dont
> appear to be able to do that in the GUI. I just want
> to add a system by IP add
indira kolli wrote:
> I understand that you know a lot more than i do.
That isn't the problem. The problem is that you are not describing
what you want to do, what you expect,and why you expect it. This makes
it nearly impossible to help you.
> Can you point me
> to right RFC or draft wh
As entitled, with my office we have installed at a library town a server
with Ubuntu 7.10, Freeradius and Chilispot to
ensure wireless navigation to users with their notebooks from the local
library;
The access point is configured without any authentication, anyone can
connect, authentication i
Hi list,
Im completely new to freeradius, I have installed the server with MySQL and
also got the dialup web GUI up and running.
However its still not clear to me how I add new NAS devices, you dont appear to
be able to do that in the GUI. I just want
to add a system by IP address with a secr
Hi Alan,
I understand that you know a lot more than i do. Can you point me to
right RFC or draft which tells about the EAP-MSCHAPv2 radius call flow. We
are trying to establish an IKEv2 tunnel using the EAP-MSCHAPv2
authentication. We are not using EAP-PEAP, so no certificates involved.
Dean, Barry wrote:
> 1) I have the line:
>
> filter = "(cn=%{Stripped-User-Name:-%{User-Name}})"
>
> I am not sure why, I inherited this setup and I am still trying to understand
> it. The LDAP server is eDirectory (FreeRADIUS compiled with -with-edir)
In 1.1.7, read doc/variables.txt
Hi,
> I am not sure why, I inherited this setup and I am still trying to understand
> it. The LDAP server is eDirectory (FreeRADIUS compiled with -with-edir)
>
> The "-X" output says:
>
> WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
> expand: (cn=%{Strip
I loaded the computer certificate via the MMC Certificates module,
into the Local Machine, Personal store. When there isn't one in
there I get a can't find a certificate error in widows when trying
to connect and it never tries to do EAP. Also, looking at the user
log and the computer log, they bo
I am testing my current 1.1.7 config with version 2.0.0.
I have 2 bits of config that are not quite right on 2.0.0
1) I have the line:
filter = "(cn=%{Stripped-User-Name:-%{User-Name}})"
I am not sure why, I inherited this setup and I am still trying to understand
it. The LDAP server i
I am doing IKEv2 EAP-MSCHAPv2 radius Passthrough.
On Jan 18, 2008 1:43 AM, Alan DeKok <[EMAIL PROTECTED]> wrote:
> indira kolli wrote:
> > I finally got it working. I missed the reply to the second
> > access-challenge.
>
> How could you possibly miss that? If you're using a standard
> s
>Is it possible to have a counter setup to achieve this?
Yes. It is.
>I'd like to know if someone has implemented realtime upload/download
limitations and what methods were used.
Realtime traffic accounting would have to be supported by your NAS. Any
kind of traffic/bandwidth limitati
As I can see Mikrotik wants mac address in next format XX:XX:XX:XX:XX:XX
(all letters must be in uppercase)
On Jan 17, 2008 7:53 PM, orion <[EMAIL PROTECTED]> wrote:
> pershendetje/Hi dashamir.
>
> sorry for my english , not my mother language.
>
> i use the same scenario at our isp but we
> che
machine: TLS_accept:error in SSLv3 read client certificate A
user:(other): SSL negotiation finished successfully
There doesn't seem to be a machine certificate in the certificate store.
Ivan Kalik
Kalik Informatika ISP
Dana 18/1/2008, "Michael Olson" <[EMAIL PROTECTED]> piše:
>I'm att
Pshem Kowalczyk wrote:
> One more reason to upgrade ;-) Where should I look for that
> functionality? proxy.conf?
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 18/01/2008, Alan DeKok <[EMAIL PROTECTED]> wrote:
> Pshem Kowalczyk wrote:
> > Is it possible to discard the packet on the proxy if the home server
> > doesn't reply and let the device to fall back to a different proxy?
> >
> > Currently we use radius 1.1.7, but looking into upgrading it to 2.0.
Hello everyone,
I am trying to implement traffic volume accounting in my Radius server.
Is it possible to have a counter setup to achieve this?
I've tested a lot and it seems freeradius is just ignoring my counter.
I have somewhat managed to do some traffic accounting relying on external
scripts,
[EMAIL PROTECTED] wrote:
Hi,
This can be done if we use the attribute Called-Station-Id
(or NAS-Identifier) with the operator '=~' and a value like
this: (00-1b-d1-36-e2-85|11-1b-d1-36-e2-86|22-1b-d1-36-e2-87)
This is a regular expression that will match the attribute
if its value is one of
Hi,
> This can be done if we use the attribute Called-Station-Id
> (or NAS-Identifier) with the operator '=~' and a value like
> this: (00-1b-d1-36-e2-85|11-1b-d1-36-e2-86|22-1b-d1-36-e2-87)
> This is a regular expression that will match the attribute
> if its value is one of them that are listed.
Arlinelson Fernandes dos Santos wrote:
> The pre1 version is buggy!!!
Yes... which is why 2.0.0 was released.
> Now, I'm working to solver this: rlm_acct_unique: WARNING: Attribute
> Client-IP-Address was not found in request, unique ID MAY be inconsistent
Grab the latest version from CVS.
William Segura wrote:
> I am trying to setup Freeradius to authenticate against an active
> directory server.
Only "bind as user" will work, and even then not always.
> Here are the relevant files:
Please do not post configuration files to the list.
> Radius Log:
...
> rad_recv: Access-Requ
Orion wrote:
---++--+++--+-
| id | username | attribute | op | value|
++--+++--+
| 1 | orioni | Called-Station-Id | == | 001bd136e285 |
| 2 | orioni | Cleartext-Password | := | test
42 matches
Mail list logo