Hi,
I've installed 2.0.2 version and run with debug mode.
I've got username, password and MAC address in mysql radcheck table.
But it didn't check MAC address. but in my radiusd.conf, there is checkval :
checkval {
item-name = Calling-Station-Id
check-name = Calli
I upgraded to 2.0.2 but still have a problem with reading detail (to do
copy-acct-to-home-server ):
It only processes the first request of the detail file and stops after
receiving the accouting response.
Alexandre Chapellon a écrit :
Hello, I want to use freeradius 2.0.1 to do
accouting for
UNCLASSIFIED
> -Original Message-
> > Looking at this it seems that the LDAP record is holding
> the password
> > with a certain encryption and that Radius needs to be told
> to encrypt
> > the password it has passed to it in that format.
> >
> > Anyone know what the LDAP encryption would
Hello all,
I'm following the howto
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO to
integrate FreeRadius with Microsoft's AD. However, I'm experiencing some
troubles.
My disto is Debian 4. I had to install some packages, like krb5-kdc,
krb5-user and krb5-config, to have
I upgraded to 2.0.2 but still have a problem with reading detail (to do
copy-acct-to-home-server ):
It only processes the first request of the detail file and stops after
receiving the accouting response.
May some one help me?
here follows part of freeradius -X:
Polling for detail file /var
Hello, I want to use freeradius 2.0.1 to do
accouting for my DSL users.
I would like to acheive the following setup:
NASes send request to the first radius (SunOS
radius) which only handles authentication request
and proxies accouting request to Freeradius
(v2.0.1). I'd like freeradius to do sev
All,
I have a question regarding including files.
In the radiusd.conf I can include a file:
$INCLUDE /path/to/file
$INCLUDE ${prefix}/file
However, in the dictionary file I cannot use ${prefix}:
Errors reading dictionary: dict_init:
/opt/freeradius-1.1.5/etc/raddb/dictionary[6]: Couldn't op
Sebastian Heil wrote:
> with my configuration, the freeradius-server can handle about 300 to 400
> eap-tls-authentication-request per minute. the cpu load is about 30 - 35 %.
That's less than 10/s. I think that the virtual server is running at
a clock rate of about 800MHz, maybe less.
Ther
Dmitry Sergienko wrote:
> Config file is the same as default example proxy-inner-tunnel in 2.0.2
> release with modified realm name only.
I really don't understand.
1) default config
2) edit eap.conf, peap{} section to set proxy_tunneled_request_as_eap = no
3) edit eap.conf, peap{} sectio
Hi,
> Hmm... if that kind of syntax seems OK, then it looks to be actually
> very small amounts of code. Even adding the ability to do:
>
> if (blah) {
> server[%{Attr-Foo}]
> }
>
> would be relatively easy. That would let you do run-time selection of
> virtual ser
johnson elangbam wrote:
> Hi,
> I am trying to build a radius with free radius 2.0.0 using MySql
> 4.1.2 and I am getting the following errors
>
> rlm_sql (sql): Could not link driver rlm_sql_mysql: rlm_sql_mysql.so:
> cannot open shared object file: No such file or directory
This is in the
Hi,
I am trying to build a radius with free radius 2.0.0 using MySql
4.1.2and I am getting the following errors
rlm_sql (sql): Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot
open shared object file: No such file or directory
rlm_sql (sql): Make sure it (and all its dependent lib
Hi!
[EMAIL PROTECTED] wrote:
Hi,
Tue Feb 12 23:45:21 2008 : Error: Warning: Found 2 auth-types on request
for user '[EMAIL PROTECTED]'
Tue Feb 12 23:45:21 2008 : Debug: rad_check_password: Auth-Type = Accept,
accepting the user
whoah. WinXP is very fussy (as should all EAP clients) abo
Norbert Wegener wrote:
> With 2.0.2 I tried a performance test with eap authentications.
> At one point I get :
>
> Thu Feb 14 15:10:30 2008 : Error: rlm_eap: No EAP session matching the
> State variable.
> Thu Feb 14 15:10:30 2008 : Error: rlm_eap: Either EAP-request timed out
> OR EAP-response
Joe Vieira wrote:
> Hey Alan,
>is the LDAP_DEPRECATED stuff all fixed in 2.0.2? just wanna double
> check before i compile it and don't pass that option myself...
I committed it, and it should be there. Check for it in the Makefile
after "./configure".
Alan DeKok.
-
List info/subscribe/
Hey Alan,
is the LDAP_DEPRECATED stuff all fixed in 2.0.2? just wanna double
check before i compile it and don't pass that option myself...
Thanks,
Joe Vieira
UNIX Systems Administrator
Clark University - ITS
Norbert Wegener wrote:
With 2.0.2 I tried a performance test with eap authen
Original-Nachricht
> Datum: Wed, 13 Feb 2008 19:04:25 +0100
> Von: Norbert Wegener <[EMAIL PROTECTED]>
> An: FreeRadius users mailing list
> Betreff: Re: eap authentication and cpu utilization
> Alan DeKok wrote:
> > ..
> > $ openssl speed
> >
> > Or
> >
> > $ openssl speed r
With 2.0.2 I tried a performance test with eap authentications.
At one point I get :
Thu Feb 14 15:10:30 2008 : Error: rlm_eap: No EAP session matching the
State variable.
Thu Feb 14 15:10:30 2008 : Error: rlm_eap: Either EAP-request timed out
OR EAP-response to an unknown EAP-request
Is thi
Phil Mayers wrote:
> We're bringing a Cisco (formerly Airespace) lightweight wireless system
> online, and I'm seeing some odd things in the accounting.
>
> Specifically, the usernames can change in the accounting packets.
The NAS is broken.
Some NASes do "helpful" things like snoop traffic,
Oguzhan Kayhan wrote: I want to use 2 freeradius servers for failover.
> It seems it wont be a problem if i use mysql backend for logging etc. But,
> I wonder what will happen about multiple login check.
> Because as i know freeradius also checks radutmp file if the user is
> already logged in or n
Stefan Winter wrote:
> If I want to get that done with 2.0, I'm unsure how to proceed.
You should be able to do it exactly as in 1.1.x. However, you likely
want to do it via a *simpler* method.
> If I get a
> tagged packet from the proxy and assign this proxy's IP address to a virtual
> serv
Hello!
I reply to old message from Thu Oct 25 13:37:14 CEST 2007. I'm trying
to use freeRADIUS for EAP-TLS authentication using certificate with
SHA-256 digest. I found this topic in archive and the last message
(below) says support for SHA-256 is already in CVS. But it's probably
not in 2.0.1
2008/2/14, [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
> Hi,
>
>
> > But, I don't understand, how can be shown it if password is encrypted
> > in LDAP and I am using EAP-TTLS, is not the password into the tunnel?.
> > I am using securew2 with PAP from windows clients. Does it mean that
> > password
Hi,
> But, I don't understand, how can be shown it if password is encrypted
> in LDAP and I am using EAP-TTLS, is not the password into the tunnel?.
> I am using securew2 with PAP from windows clients. Does it mean that
> password could be sniffed when radius is not running in debug mode??
the se
Hi,
just switching from a 1.1.7 with an incredibly sophisticated policy engine to
a virtual-server based, simple 2.0 setup here.
From what I see so far, virtual servers really rock. There's just one use case
not entirely clear to me:
I receive requests from a proxy who in turn has multiple clie
Am Donnerstag, 14. Februar 2008 09:22:09 schrieb Eduardo Lima:
> Hello I have a problem with password:
>
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> rad_recv: Access-Request packet from host 10.0.0.245:1040, id=0, length=198
> Message-
2008/2/14, [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
> Hi,
>
> > Sorry for insist on, but is right that in debug mode show the user
> > password, even using tunnel?
>
>
> yes - if the password is available is a clear format - eg not
> a challenge/response method. ALL passwords get printed in clear
Hi,
> Sorry for insist on, but is right that in debug mode show the user
> password, even using tunnel?
yes - if the password is available is a clear format - eg not
a challenge/response method. ALL passwords get printed in clear
text.
alan
-
List info/subscribe/unsubscribe? See http://www.freer
Hello I have a problem with password:
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 0 to 10.0.0.245 port 1038
Waking u
Sorry for insist on, but is right that in debug mode show the user
password, even using tunnel?
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
People using EAP should definitely upgrade.
Feature improvements
* Added notes on how to debug the server in radiusd.conf
* Moved all "log_*" in radiusd.conf to log{} section.
The old configurations are still accepted, though.
* Added ca.der target in ra
Hello,
I am wondering if such scenario is possible.
I want to use 2 freeradius servers for failover.
It seems it wont be a problem if i use mysql backend for logging etc. But,
I wonder what will happen about multiple login check.
Because as i know freeradius also checks radutmp file if the user is
Arran Cudbard-Bell wrote:
Alan DeKok wrote:
Arran Cudbard-Bell wrote:
Can always apply the accounting_response filter in post-proxy if you
were worried about it... something like
post-proxy {
...
if("%{Packet-Type}" == 'Accounting-Response'){
attr_filter.accounting_response
Alan DeKok wrote:
Arran Cudbard-Bell wrote:
Can always apply the accounting_response filter in post-proxy if you
were worried about it... something like
post-proxy {
...
if("%{Packet-Type}" == 'Accounting-Response'){
attr_filter.accounting_response
That won't do what yo
Arran Cudbard-Bell wrote:
> Can always apply the accounting_response filter in post-proxy if you
> were worried about it... something like
>
> post-proxy {
>...
>if("%{Packet-Type}" == 'Accounting-Response'){
>attr_filter.accounting_response
That won't do what you think. It fil
Tony Spencer wrote:
> We proxy some authentication and accounting to another company.
>
> After installing freeradius version 2.0.1 they have said they are
> getting errors in their log file:
...
> Wed Feb 13 15:17:00 2008 : Debug: modsingle[accounting]: returned from
> attr_filter.accounting_re
.. snip ...
Wed Feb 13 15:17:00 2008 : Debug: rlm_sql (sql): Released sql socket
id: 4
Wed Feb 13 15:17:00 2008 : Debug: modsingle[accounting]: returned
from sql (rlm_sql) for request 0
Wed Feb 13 15:17:00 2008 : Debug: ++[sql] returns ok
Wed Feb 13 15:17:00 2008 : Debug: modsingle
Norbert Wegener wrote:
> Do you also have experience in how many percent of that theoretic value
> can be reached in practise with a database backend on the same machine
> where beside freeradius and the database nothing else is running?
I don't have hard numbers, unfortunately. It also depends
Deepak Panigrahy wrote:
> Can someone guide me with the steps to enable the Challenge Response in
> Freeradius server?
You don't enable it.
Some authentication protocols use challenge-response. All you need to
do is to use one of the appropriate authentication protocols, and it
will do the r
We proxy some authentication and accounting to another company.
After installing freeradius version 2.0.1 they have said they are getting
errors in their log file:
02/13/2008 00:01:06 Missing Acct-Status-Type attribute in request
02/13/2008 00:01:06 Request has invalid syntax (e.g. invalid, mi
40 matches
Mail list logo