Joe Vieira wrote:
>So, i am using ldap groups to handle my authorization, for wireless
> (peap) and the uid field in openldap is not case sensitive
> (caseignorematch) on the other hand memberUID (for the groups) is
> (caseExactIA5Match). so wicked sucky right? how can i get the
> user-name
Mike Richardson wrote:
> I've been making changes for 8 hours a day for over a week so it might
> differ from the original.
Which is a bit of a problem in and of itself.
> However I been back to the defaults twice. As of
> tomorrow I'll reinstall and try it again. From what you're saying I beli
Rob wrote:
> While I am using Calling-Station-Id freeradius does not authenicate
> user. Without calling-station-id (user Rob) works Ok. Can anybody
> point me where is the problem?
> Checkval exists in radiusd.conf.
Checkval isn't needed. I have no idea why you would use it here.
> Freeradius
Zach Lowry wrote:
> Sorry to reply to my own post, just curious if anyone had a chance to
> take a glance at this. I'm still stumped and starting to suspect that my
> OpenLDAP is borked somehow, due to the numerous revisions of Freeradius
> I've attempted now.
Or maybe the OpenLDAP libraries on
Jeremy Kusnetz wrote:
> We are able to retrieve the clear text password and encrypt it with the
> CHAP-Challenge and see if it matches the CHAP-Password,
> but as far as I can tell, we don't have access to the Request Authenticator
> of the Access-Request packet in the perl module.
Why would y
Sorry to reply to my own post, just curious if anyone had a chance to
take a glance at this. I'm still stumped and starting to suspect that
my OpenLDAP is borked somehow, due to the numerous revisions of
Freeradius I've attempted now.
Thanks again,
--Zach
On Mar 1, 2008, at 6:18 PM, Zach
Was there an RFC that went on to define the proper usage of the Class
attribute, or is it's usage still ambiguous ?
Ambiguous how? The RFC seems pretty specific to me; the field is NOT to
be interpreted by the NAS, is generated in the Access-Accept and sent in
Accounting-Request - i.e. "it's l
>From what you're saying I believe
>I need to put in the LDAP config for our eDirectory and uncomment any LDAP
>authorisation/authentication entries. Anything else?
>
>Then I can use radtest to test the authentication?
Yes. First test with user file entry, then with entry in the directory.
>
>How
Fix obvious errors:
- first line in eap.conf says not to use Auth-Type EAP
- instructions in users file (FAQ etc.) suggest a different password
attribute.
Ivan Kalik
Kalik Informatika ISP
Dana 3/3/2008, "Rob" <[EMAIL PROTECTED]> piše:
>While I am using Calling-Station-Id freeradius does not a
>From RFC: 2865:
The random challenge can either be included in the
CHAP-Challenge attribute or, if it is 16 octets long, it can be
placed in the Request Authenticator field of the Access-Request
packet.
We are able to retrieve the clear text password and encrypt it with
the CHAP-Challen
On Mon, Mar 03, 2008 at 05:23:44PM +0100, Alan DeKok wrote:
> Mike Richardson wrote:
> > I'd read that radtest didn't do EAP so I installed Xsupplicant and was using
> > that for tests. That seems to be a more realisic approach. If you think that
> > I can fix the problem by not attempting EAP and
>Can I write SQL queries inside the perl
>script to fetch the data from the table rather than from the dialup.conf for
>Ms Sql so that i can used my customize table.
>
Yes. See doc/variables.txt for a list of variables that you might need to
pass to the script (you will need to pass at least the u
While I am using Calling-Station-Id freeradius does not authenicate
user. Without calling-station-id (user Rob) works Ok. Can anybody
point me where is the problem?
Checkval exists in radiusd.conf.
Freeradius 1.1.7
user file:
"Alan" User-Password == "12345", Calling-Station-Id == "000d88b
Hi,
RFC 2865:
5.25. Class
Description
This Attribute is available to be sent by the server to the client
in an Access-Accept and SHOULD be sent unmodified by the client to
the accounting server as part of the Accounting-Request packet if
accounting is supported. The cli
Mike Richardson wrote:
> I'd read that radtest didn't do EAP so I installed Xsupplicant and was using
> that for tests. That seems to be a more realisic approach. If you think that
> I can fix the problem by not attempting EAP and using radtest then that is
> exactly what I shall do.
Yes. The
Hi,
So, i am using ldap groups to handle my authorization, for wireless
(peap) and the uid field in openldap is not case sensitive
(caseignorematch) on the other hand memberUID (for the groups) is
(caseExactIA5Match). so wicked sucky right? how can i get the
user-name lower cased for J
On Mon, Mar 03, 2008 at 04:46:36PM +0100, Alan DeKok wrote:
> Mike Richardson wrote:
> >> 2) Configure an test LDAP with "radtest" (clear-text password)
> >> for a *different* user
> >
> > Doesn't work. Similar sort of error though.
>
> Then fix that before proceeding with EAP.
> >> D
hi,
I am using free radius server 2.0 and Ms Sql 2000, I want to used my
customized tables which contains only username and password.I used to
authenticate using perl script. Can I write SQL queries inside the perl
script to fetch the data from the table rather than from the dialup.conf for
Ms
Mike Richardson wrote:
>> 2) Configure an test LDAP with "radtest" (clear-text password)
>> for a *different* user
>
> Doesn't work. Similar sort of error though.
Then fix that before proceeding with EAP.
>> Don't do 802.1x and LDAP until you have normal "radtest" working with
>> LDAP
Cristian Novac wrote:
> Is it possible to approximate on when the wimax vsa support will be
> included in FreeRadius???
As soon as someone sponsors the development.
Right now, there is no definite time frame for the work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freera
On Mon, Mar 03, 2008 at 03:44:29PM +0100, Alan DeKok wrote:
> Mike Richardson wrote:
> > My first post: I'm trying to do 802.1x between Xsupplicant (through a Cisco
> > switch) to Freeradius 1.1.7 using Novell eDirectory LDAP.
>
> 1) Configure and test TTLS with a user in the "users" file.
Work
Is it possible to approximate on when the wimax vsa support will be
included in FreeRadius???
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Mon, Mar 03, 2008 at 03:38:32PM +0100, Stefan Winter wrote:
> Hi,
>
> The debug log says whens tarting up:
>
> > rlm_ldap: Over-riding set_auth_type, as we're not listed in the
> > "authenticate" section.
>
> My first suggestion would be: check if the mentions of ldap are commented out
> in
You had your answer: rlm_sql expects a password attribute and an
operator. You don't have those in your schema so it can't create the
attribute-value pair. Rewrite the code in rlm_sql and fix them to some
value or write anothe (?perl) module to authenticate the user.
Ivan Kalik
Kalik Informatika I
Hello,
I am getting such an error when i try to run perl.
symbol lookup error: /usr/lib/perl5/auto/DBI/DBI.so: undefined symbol:
Perl_Tstack_sp_ptr
Where should i check for debugging this error?
What might be the possible reasons for that ?
freeradius -X
Starting - reading configuration files
Mike Richardson wrote:
> My first post: I'm trying to do 802.1x between Xsupplicant (through a Cisco
> switch) to Freeradius 1.1.7 using Novell eDirectory LDAP.
1) Configure and test TTLS with a user in the "users" file.
2) Configure an test LDAP with "radtest" (clear-text password)
for a
Hi,
The debug log says whens tarting up:
> rlm_ldap: Over-riding set_auth_type, as we're not listed in the
> "authenticate" section.
My first suggestion would be: check if the mentions of ldap are commented out
in the authenticate { } section - they are by default. Change that, and see
how far
Wolfgang Burger wrote:
> How or where do I set "Control Items". I can't find any information
> about them in the archive of the mailing list, wiki or faq.
> Or is this just a different name for check-items?
Yes. The term "check items" has been removed from 2.x
$ man unlang
Alan DeKok.
-
Li
Hi,
My first post: I'm trying to do 802.1x between Xsupplicant (through a Cisco
switch) to Freeradius 1.1.7 using Novell eDirectory LDAP.
I can successfully authenticate as a local user in the 'users' file but the
LDAP side is eluding me.
This is my first experience with 802.1x/EAP etc so I'm st
Hi,
> expand: SELECT UserName,Value FROM checking WHERE Username =
> '%{SQL-User-Name}' -> SELECT UserName,Value FROM checking WHERE Username =
> 'John'
> query: SELECT UserName,Value FROM checking WHERE Username = 'John'
> rlm_sql_getvpdata: database query error
> rlm_sql (sql): SQL quer
hi,
I am using free radius server 2.0 and Ms Sql 2000, I want to used my
customized tables which contains only username and password.I've tried
modyfying the query in dialup.conf, but it doesn't work. Please tell me the
solution.
here is the piece of output after rejecting the user that is sto
..
See rlm_example for a simple C challenge-response authentication
module. You may also need a consistent State attribute. That code is
in rlm_eap, but should probably be pulled into src/main, because other
modules may need it, too.
Thanks, that was the missing link.
Norbert Wegener
Hi,
> rad_recv: Access-Request packet from host 138.253.XXX.XXX port 47032,
> id=195, length=49 User-Name = "user"
> User-Password = "passwd"
> NAS-IP-Address = 138.253.XXX.XXX
There. No MS-CHAP-Challenge. You are not supposed to process this packet with
the rlm_mschap module. Wh
->
/usr/radius201/log/radacct/138.253.XXX.XXX/auth-detail-20080303
rlm_detail: /usr/radius201/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/radius201/log/radacct/138.253.XXX.XXX/auth-detail-20080303
expand: %t -> Mon Mar 3 11:28:08 2008
++[auth_log] returns o
4) "changed the users file DEFAULT entry from LDAP to mschap"
>+- entering group MS-CHAP
> rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password.
> rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.
> rlm_mschap: No MS-CHAP-Challenge in the request
>++[
Hi,
I have a short question (i hope).
From eap.conf (2.0.2):
# You can make TTLS require a client cert by setting
#
# EAP-TLS-Require-Client-Cert = Yes
#
# in the control items for a request.
How or where do I set "Control Items". I can't find any information
about them in the arch
> I am using free radius 2 along with Ms Sql 2000, I need to authenticate
> with perl script using my own table schema which contains only username and
> password. How do I read username and password from these customize table
> using perl script.
You don't use a Perl script. Just configure th
hi,
I am using free radius 2 along with Ms Sql 2000, I need to authenticate
with perl script using my own table schema which contains only username and
password. How do I read username and password from these customize table
using perl script.
With Regards
Elangbam Johnson
-
List info/subscrib
I am migrating my RADIUS from:
a) FreeBSD, FreeRADIUS 1.1.7, eDirectory lookups.
to
b) Solaris 10 x86, FreeRADIUS 2.0.1, Active Directory, winbindd etc.
I stripped out all the LDAP stuff from the config, enabled ntlm_auth in the
mschap module, changed the users file DEFAULT entry from LDAP to
Xiao Peng wrote:
> I’m writing codes for a EAP-TTLS client, but I have some confusions when
> cope with diameter AVP format;
This is not a general help list for RADIUS or EAP topics.
However, the source code to FreeRADIUS *is* available to you, and it
*does* work with all known clients.
> Wo
Hi,
I'm writing codes for a EAP-TTLS client, but I have some confusions when
cope with diameter AVP format;
Would anyone please send me some logs of EAP-TTLS handshake? ( I mean,
just the EAP-TTLS messages exchange between a server and a client, which
I can use for illustration )
Thanks
radcheck and it works fine for me
2008/3/3 Budiono <[EMAIL PROTECTED]>:
> Thank you for replying,
> Fyi, I'm using freeradius 1.1.3 base on Centos 5.1 distro and mysql 5.0
>
> Is Expiration attribute put on radcheck or radgroupcheck in mysql ? or
> is there any link or "how-to" to do this configu
42 matches
Mail list logo