Please, help me..
I am confuse
why my freeradius server can´t detect the password that i write on the client?
I am use OpenLDAP for the database
rad_recv: Access-Request packet from host 10.10.53.100:1812, id=76, length=83
User-Name = "htrisnadi"
Framed-MTU = 1400
NAS-Po
Koko Kurniawan wrote:
> why my freeradius server can´t detect the password that i write on the
> client?
Because the password is NOT in the RADIUS packet. Go read it: no
"User-Password" attribute.
> rad_recv: Access-Request packet from host 10.10.53.100:1812, id=76,
> length=83
> User
Hello!
I've installed freeradius on CentOS 5.1 and configured it to use mysql.
freeradius+mysql seems to work fine,
here's the output of "radtest" command:
radtest myuser mypassword localhost 0 mysecret
Sending Access-Request of id 188 to 127.0.0.1 port 1812
User-Name = "user"
Use
Hi everyone,
I have been trying to get RADIUS to run a perl script which would
authenticate users (and yes I have tried rlm_perl but I decided
against it). So far all I have in the perl script itself is
#!/usr/bin/perl
use strict;
use Data::Dumper;
exit 3;
-
Vladi Lemurov wrote:
> but when I try to connect to pptpd, pptpd doesn't even try to connect to
> radius server (I even tried to listen
> with tcpdump on lo for packets going to ports 1812 and 1813, caught
> nothing from pptpd) and gives me the following errors:
> rc_avpair_new: unknown attribute 6
T Kid82 wrote:
> I have been trying to get RADIUS to run a perl script which would
> authenticate users (and yes I have tried rlm_perl but I decided
> against it).
Why? It is *much* more efficient than exec'ing a program.
...
> Exec-Program output:
> Exec-Program: returned: 3
> ++[exec] returns
Alan DeKok a écrit :
What am I doing wrong? Below I've copypasted config files of pptpd
radius and their debug logs.
Do NOT post the FreeRADIUS dictionaries to this list. There
is nothing wrong with the dictionaries.
DO configure pptpd to point to the RADIUS dictionaries it need
Nice one ! Should be really usefull !
Regards,
E:S
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
g] On Behalf Of Thibault Le Meur
Sent: Mittwoch, 19. März 2008 09:57
To: FreeRadius users mailing list
Subject: Re: freeradius+pptpd+mysq -> rc_avpair_new: unknown attri
I've adjusted radiusclient.conf and now everything's fine!
Thanks a lot!
Vladi Lemuroff.
but when I try to connect to pptpd, pptpd doesn't even try to connect to
radius server (I even tried to listen
with tcpdump on lo for packets going to ports 1812 and 1813, caught
nothing from pptpd) a
Hi, here is my problem:
0) Cisco APs - Radius - Ldap authentication via 802.1x - PEAP - MSCHAPv2
works.
1) I need to link the group of the user that try to authenticate with
the SSID, so i can allow only a particular group of users to use a
particular SSID/VLAN.
2) I have an OpenLDAP backend we
I am using freeradius 2.0. With the default schema which comes with that.
Following is the database entry. It shows a new user never logged in before.
If i give value of Max-All-Data 2147483646 it works fine. Anything above it
doesnt work. Attached is the radius log where it displays negative valu
Pietro Accerboni wrote:
> Hi, here is my problem:
> 0) Cisco APs - Radius - Ldap authentication via 802.1x - PEAP - MSCHAPv2
> works.
That's a good start.
> 1) I need to link the group of the user that try to authenticate with
> the SSID, so i can allow only a particular group of users to use a
thanks for the answer,
i want ask something
what do you mean about "the password is NOT in the RADIUS packet"??
so where is the user-password??
i have removed Auth-Type := LDAP in users..
it´s still not working. what must i do?
LDAP doesn´t know EAP, so what kind of authentication i must use
Thanks a lot for the quick answer, it works!
So the ldap filters i wrote are ok, the problem was on the users file. I
have 2 more questions:
1) Now i check the group membership with a numeric constant, like
Ldap-Group!=800.
Say the ldap posixGroup entry is:
cn=staff,dc=mydomain,dc=it
cn=staff
>thanks for the answer,
>i want ask something
>what do you mean about "the password is NOT in the RADIUS packet"??
>
>so where is the user-password??
>
Most protocols don't work on password matching but on challenge-response.
>i have removed Auth-Type := LDAP in users..
>it´s still not working.
I've just downloaded the new 2.0.3, and when I tried to generate the
debian packages, I got the following error:
Lab:~/freeradius-server-2.0.3# dpkg-buildpackage -b -uc
parsechangelog/debian: error: found start of entry where expected more
change data or trailer, at file debian/changelog line 1
rgreiner wrote:
> I've just downloaded the new 2.0.3, and when I tried to generate the
> debian packages, I got the following error:
>
> Lab:~/freeradius-server-2.0.3# dpkg-buildpackage -b -uc
> parsechangelog/debian: error: found start of entry where expected more
> change data or trailer, at fil
Hi,
Is it possible to send or execute a script to a user when he
authenticated thru wi-fi connection with particular NAS.
Like when user joe successfully authenticated with the sql database, if
he was connected with NAS IP address X, he receive a Welcome message X
and if he authenticated with
Oh,
ok. Tks.
Roberto
Alan DeKok wrote:
rgreiner wrote:
I've just downloaded the new 2.0.3, and when I tried to generate the
debian packages, I got the following error:
Lab:~/freeradius-server-2.0.3# dpkg-buildpackage -b -uc
parsechangelog/debian: error: found start of entry where expected
Koko Kurniawan wrote:
> thanks for the answer,
> i want ask something
> what do you mean about "the password is NOT in the RADIUS packet"??
I mean it's not.
> so where is the user-password??
Some authentication protocols do not require exchanging the password.
CHAP, MS-CHAP, and EAP all w
Hi, Ivan.
Thanks for your answer.
It's very strange. I don't delete anything.
Just modified the option in eap md5 to peap, but when I try to reload the
radius with radiusd -X the program can't work and send it errors.
I have another test server, and same configurations work fine.
I have copied th
Hi, Ivan.
Thanks for your answer.
It's very strange. I don't delete anything.
Just modified the option in eap md5 to peap, but when I try to reload the
radius with radiusd -X the program can't work and send it errors.
I have another test server, and same configurations work fine.
I have copied t
Pietro Accerboni wrote:
> Thanks a lot for the quick answer, it works!
Yes. It's really that easy.
The hard part is usually figuring out how to phrase the policies
correctly. If the policies are phrased incorrectly, it's *impossible*
to get the server to do what you want... because the poli
Guillaume Chartrand wrote:
> Is it possible to send or execute a script to a user when he
> authenticated thru wi-fi connection with particular NAS.
$ man unlang
You can write a policy that matches any condition you want, and then
run a script. See also the "exec" module.
> Like when user joe
Gustavo Chavelas wrote:
> It's very strange. I don't delete anything.
> Just modified the option in eap md5 to peap, but when I try to reload
> the radius with radiusd -X the program can't work and send it errors.
Then the server was built *without* SSL support. PEAP needs SSL, so...
> I have
Okey, i've searched and searched for a hint, hopefully this isn't one of
those RTFM messages, and hopefully I didn't read an invalid FM ;-)
I'm trying to "emulate" the edunet network wireless roaming network,
which primarily uses (in this order):
EAP-TTLS
PEAP
EAP-MSCHAPv2
My Access point
Hi,
>
> Okey, i've searched and searched for a hint, hopefully this isn't one of
> those RTFM messages, and hopefully I didn't read an invalid FM ;-)
>
> I'm trying to "emulate" the edunet network wireless roaming network, which
> primarily uses (in this order):
>
> EAP-TTLS
> PEAP
> EAP-MSCHAPv2
>Okey, i've searched and searched for a hint, hopefully this isn't one of
>those RTFM messages, and hopefully I didn't read an invalid FM ;-)
>
Not hard enough ;-)
http://lists.freeradius.org/pipermail/freeradius-users/2008-March/070076.html
Ivan Kalik
Kalik Informatika ISP
-
List info/subscrib
Please let me know if this topic is already discussed
or has doc/wiki. If yes please guide me to the right
thread. Thanks.
We are going to use MACaddress as silent
authentication. When the users tries to connect to the
WIFI Access point, Aptilo Networks is going to send
MacAddress as User-Name att
James McOrmond wrote:
> This is a Samba NT domain, not AD. I do not have access to the plain
> text password through Samba or LDAP.
Samba is a lot friendlier about passwords than AD is.
> The "Protocol and Password Compatibility" chart and the "Authenticaiton
> Systems and Password Compatibili
> You have put significant effort into butchering the default
configuration. Why?
I got this from the comments in exec-program-wait (which has been
deprecated) where it explains how to use rlm_exec. It says,
"An entry for the module 'rlm_exec' must be added to the file
'radiusd.conf' with the pa
On Mar 19, 2008, at 11:34, T Kid82 wrote:
You have put significant effort into butchering the default
configuration. Why?
I got this from the comments in exec-program-wait (which has been
deprecated) where it explains how to use rlm_exec. It says,
"An entry for the module 'rlm_exec' must be
Alan DeKok wrote:
James McOrmond wrote:
This is a Samba NT domain, not AD. I do not have access to the plain
text password through Samba or LDAP.
Samba is a lot friendlier about passwords than AD is.
Of course it is.. I probably should have mentioned samba in the
original mes
James McOrmond wrote:
> Using secureW2 in the windows client - if I put anything in the DOMAIN
> field, it doesn't work well - likely because my userid is still
> [EMAIL PROTECTED] when it attempts to connect to ldap.
>
> possibly I have the ntdomain hack stuff wrong? or maybe some realm
> settin
T Kid82 wrote:
> I got this from the comments in exec-program-wait (which has been
> deprecated) where it explains how to use rlm_exec. It says,
>
> "An entry for the module 'rlm_exec' must be added to the file
> 'radiusd.conf' with the path of the script."
Yes... but from the debug output you
Thanks a lot of Alan.
I will try to install the SSL as you suggest me.
Saludos cordiales,
Message: 4
Date: Wed, 19 Mar 2008 17:07:17 +0100
From: Alan DeKok <[EMAIL PROTECTED]>
Subject: Re: Error EAP
To: FreeRadius users mailing list
Message-ID: <[EMAIL PROTECTED]>
Content-Type: te
I have a cronjob that pulls down a CRL, runs openssl to verify it's OK, and
then stops radius, copies the crl into place, and then starts radius.
Occasionally, around two or three times a month, I get the following errors
and no one can auth to radius until the next run of the cronjob when the CRL
With that, and a few configuration options (like making sure the host was
connected to the domain and ntlm_auth functioned as required), i've managed
to get PEAP and EAP-MSCHAPv2 working fine to the ntdomain.
EAP-TTLS works fine with an account in the "users" file that has a clear
text passw
38 matches
Mail list logo