Ramm-Ericson, Johannes wrote:
> OK. However, access requests from that particular NAS are in effect not
> processed the way I expect because of the lacking NAS-Port which still
> leaves me with a problem I need to understand and fix.
There is likely nothing that you can do. This is the reality
Hi.
We have changed the query "authorize_check_query" to control the nas ip
From where the client try to connect (AP Cisco).
But in peap messages in radius log we have:
PEAP: Sending tunneled request
EAP-Message =
0x020800401a0208003b318a18fbff0c2330a310b06a6febf0d5db
Guillaume Chartrand wrote:
> Hi, I want to configure my freeradius to authorize my user with an sql
> database or if the user isn’t present it would check in AD.
To be clear: get the password from LDAP, or ask AD about the
*authentication*.
> authorize {
> sql
> if (notfound)
>
2008/4/3 Ivan Kalik <[EMAIL PROTECTED]>:
> Send the debug with ntlm_auth listed in authenticate section. Does
> ntlm_auth appear on the debug after eap?
I see no mention of ntlm_auth outside of the mschap module anywhere in the logs.
I've attached full debug output, and my current sites-enabled/
I guesss i need to use VLAN methods and two SSID
On 03/04/2008, Ivan Kalik <[EMAIL PROTECTED]> wrote:
>
> radiusd -X. Send the debug of the monowall request.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 3/4/2008, "Devinder Singh" <[EMAIL PROTECTED]> piše:
>
> >Hi I have set up Free Radius to
Send the debug with ntlm_auth listed in authenticate section. Does
ntlm_auth appear on the debug after eap?
Ivan Kalik
Kalik Informatika ISP
Dana 3/4/2008, "Charles Jones" <[EMAIL PROTECTED]> piše:
>On Thu, Apr 3, 2008 at 9:07 AM, Ivan Kalik <[EMAIL PROTECTED]> wrote:
>> Don't set Auth-Type. A
Hi Alan.
In old version I don't to create SSL certificates. Just to configure file
radius.conf, eap.conf, users, clients.conf and when I run the program it
work fine.
With a new versions I make same configurations but not work.
¿I think that the SSL certificates can be create alone by the server
Hi, I want to configure my freeradius to authorize my user with an sql
database or if the user isn't present it would check in AD.
Here is my conf for now.
authorize {
preprocess
sql
if (notfound) {
ntlm_auth
}
eap
expiration
lo
Sylvain Robitaille wrote:
> I apologize if I'm seeming dense, or leaving the impression that I
> haven't read documentation that you've already pointed me at. I *have*
> read that documentation, but I think the problem is that I'm struggling
> to wrap my head around the details, perhaps because it
On Thu, 3 Apr 2008, Alan DeKok wrote:
... is it possible to equate "notfound" to "fail" or "reject"?).
Yes.
if (notfound) {
fail
}
Hrmmm... I thought I'd tried that before writing the above, but I didn't
keep a copy of it, so I can't recheck if I maybe simp
Mikhail Novikov wrote:
...
> +- entering group accounting
> expand:
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
It's still sending the request to the default virtual server, and not
to the proper one.
Since it seems to work for me, my suggestion is to STOP d
Sylvain Robitaille wrote:
> On the one hand, "OH!!!" I think I'm starting to understand, but on the
> other hand, I appear to still not be doing it quite right. I put into
> the "authorize" section of sites-available/default:
...
> However, then the request carries on to the inner-tunnel of the T
Mikhail Novikov wrote:
>> Uh... no. That is an authentication request, not an accounting
>> request. The server does NOT read authentication requests from the
>> "detail" file.
>
> I tried to send test requests by following command:
> $echo "User-Name=test,Password=pass,Framed-Protocol=PPP,N
Hi,
> I'm configuring the freeradius as old version, I don't copy the
> configurations files, I configure again the files.
> But when I to run radiusd -X my clients not connect.
>
> Sends an error of authentification.
you've configured and copied the SSL certificates etc correctly?
by default a
On Thu, Apr 3, 2008 at 9:07 AM, Ivan Kalik <[EMAIL PROTECTED]> wrote:
> Don't set Auth-Type. Add ntlm_auth to authenticate not authorize
> section. And instantiate exec module.
>
> Ivan Kalik
> Kalik Informatika ISP
>
After further experimentation, I found that if I create a new
"ntlm_autz" in
> Hi,
>
> >I have installed the latest freeradius server (version: 2.0.3) on my
> > Fedora Core 5 i386 PC. Now it can work ok when I use "radtest test test
> > localhost 0 testing123" to test local user from local. And under debug mode
> > "radiusd -X" the server can print out relevant handle
Thanks Frank
I'd tried two instances of preprocess but couldn't get it to work. I'll do
some reading and try again.
I have got the huntgroup now set in the Hints file though so immediate
problem solved
Thanks again
Dean
--
Message: 4
Date: Thu, 3 Apr 2008 11:06:17 +
Hi.
I have the same problem and it's very strange.
In other server I have CentOS 5 with freeradius-1.1.3-1.2.el5 (rpm) and its
working without problem. My WindowsXP and WindowsCE clients connect fine.
But I need to upgrade my version why my Windows VISTA clients can't connect.
I'm installing th
Framed-Protocol = PPP
Framed-IP-Address = 192.168.5.66
Acct-Delay-Time = 0
+- entering group accounting
expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
-> /usr/local/var/log/radius/radacct/127.0.0.1/detail-20080403
rlm_detail: /usr/local/var/l
On Thu, 3 Apr 2008, Alan DeKok wrote:
You have to change the reference to "ldap" in sites-available/default.
to the instance name. e.g. "ldap_wireless".
...
In 2.0, you don't really need Autz-Type. I would suggest pretending
that it doesn't exist. Instead, use "unlang".
...
The sections are
> Which version are you using? 2.0.3 has some fixes over 2.0.2...
>
I'm using FreeRadius 2.0.3.
> > User-Name = "test"
> > User-Password = "pass"
>
> Uh... no. That is an authentication request, not an accounting
> request. The server does NOT read authentication request
Thanks for the response.
My apologies, it was a typo when I wrote "authorize". I meant
"authenticate" in that paragraph. The ntlm_auth entry is already
located inside the authentication section of the
sites-available/default file. I should have included that file
initially, but was a little pre
read authentication requests from the
"detail" file.
> Framed-Protocol = PPP
> NAS-Port-Id = "11123"
> +- entering group accounting
> expand:
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
> -> /usr/local/var/log/radius/r
ing group accounting
expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
-> /usr/local/var/log/radius/radacct/127.0.0.1/detail-20080403
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/127
Arran Cudbard-Bell wrote:
> Module-Success-Message / Module-Failure-Message
>
> were listed in the internal dictionary
Yes. They are used by a number of different modules, but not all.
> Are they legacy attributes ? They don't seem to be being populated. Be
> really nice if they were pop
Hi,
I noticed
Module-Success-Message / Module-Failure-Message
were listed in the internal dictionary
Are they legacy attributes ? They don't seem to be being populated. Be
really nice if they were populate with the nice new shiny Login OK /
Login Fail messages...
Login OK: [ac221/
>Next, I decided to try a different Auth-Type. However, anytime I try
>to provide an alternative Auth-Type, FR refuses to start with "Unknown
>value for for attribute Auth-Type".
>I have specifically tried to use ntlm_auth because that would be my
>preferred method of authentication between FR an
Nothing can use Crypt-Password and do PEAP. It just can't be done.
Ivan Kalik
Kalik Informatika ISP
Dana 3/4/2008, "Enrico Fanti" <[EMAIL PROTECTED]> piše:
>Ivan Kalik ha scritto:
>> You can't have Crypt-Password and do PEAP:
>>
>> http://deployingradius.com/documents/protocols/compatibility.ht
Ivan Kalik ha scritto:
You can't have Crypt-Password and do PEAP:
http://deployingradius.com/documents/protocols/compatibility.html
And you should use Cleartext-Password in 1.1.7.
But also in freeradius 2 I can't use "Crypt-Password and do PEAP" ??
Ivan Kalik
Kalik Informatika ISP
I'm using chillispot + freeradius_2.0.3 + mysql
- Original Message
From: Alan DeKok <[EMAIL PROTECTED]>
To: FreeRadius users mailing list
Sent: Thursday, April 3, 2008 15:03:14
Subject: Re: freeradius_2.0.3+mysql
SANDY KALUGDAN wrote:
> why is my config always using Auth-type := CHAP???
I don't know. It just says that my authentication is being done thru CHAP
- Original Message
From: Alan DeKok <[EMAIL PROTECTED]>
To: FreeRadius users mailing list
Sent: Thursday, April 3, 2008 15:03:14
Subject: Re: freeradius_2.0.3+mysql
SANDY KALUGDAN wrote:
> why is my config always
It can't be doing CHAP with radtest.
Ivan Kalik
Kalik Informatika ISP
Dana 3/4/2008, "SANDY KALUGDAN" <[EMAIL PROTECTED]> piše:
>why is my config always using Auth-type := CHAP
>
>- Original Message
>From: Alan DeKok <[EMAIL PROTECTED]>
>To: FreeRadius users mailing list
>Sent: Th
SANDY KALUGDAN wrote:
> why is my config always using Auth-type := CHAP
Are you alway sending it CHAP requests?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
You can't have Crypt-Password and do PEAP:
http://deployingradius.com/documents/protocols/compatibility.html
And you should use Cleartext-Password in 1.1.7.
Ivan Kalik
Kalik Informatika ISP
Dana 3/4/2008, "Enrico Fanti" <[EMAIL PROTECTED]> piše:
>Hi,
>
>I found another problem.
>
>It works, b
why is my config always using Auth-type := CHAP
- Original Message
From: Alan DeKok <[EMAIL PROTECTED]>
To: FreeRadius users mailing list
Sent: Thursday, April 3, 2008 13:17:36
Subject: Re: freeradius_2.0.3+mysql
SANDY KALUGDAN wrote:
> thanks for replying.
> for testing purposes, i
Vikash Badal wrote:
> When I try to load my freeradius server with auth requests I encounter
> :
> Error: [event.c:969] Failed to insert event
Arg.
It may be simplest to give me SSH access to a machine where you see
this. if it happens after 25 seconds or so, it should be relatively
easy to
Hi,
I found another problem.
It works, but I have to set the Attribute User-Password (clear text
password),, because if I use Crypt-Password ... it doesn't work
mysql> select * from radcheck where username='fanti';
+--+--+---+++
| id | UserName | At
I'll try to test it using a longer password.
doing the radtest my configuration works but when I try to login using the
normal way, it is not authenticating.
- Original Message
From: Alan DeKok <[EMAIL PROTECTED]>
To: FreeRadius users mailing list
Sent: Thursday, April 3, 2008 13:17:36
Greetings,
When I try to load my freeradius server with auth requests I encounter
:
Error: [event.c:969] Failed to insert event
Thu Apr 3 11:44:46 2008 : Debug: attr_filter: Matched entry DEFAULT at
line 11
Thu Apr 3 11:44:46 2008 : Debug: modsingle[post-auth]: returned from
attr_filter.ac
Mandi! Phil Mayers
In chel di` si favelave...
> You are not running the default config. You've added the "ldap" module, so
> even though "files" doesn't match, "ldap" does.
Perfectly clear. Reviewing all the stuff indeed now is clear, thanks.
--
dott. Marco Gaiarin
Mandi! Alan DeKok
In chel di` si favelave...
> Start with the default configuration and make small changes. Test
> them. You WILL get it working very quickly.
Exactly what i've done. I've wrote a little docs (sorry, in italian) on
how to setup all the stuff, and it count 5-6 modification.
Hi,
I got this message and freeradius stoped work:
Rejecting request 0 due to lack of any response from home server
192.168.0.10 port 1812
There was no response configured: rejecting request 0
Finished request 0.
[event.c:969] Failed to insert event
How can I fix that?
-
List info/subscribe/unsu
Ramm-Ericson, Johannes wrote:
>>From what I understand the current Freeradius code interprets the RFC
> statement so that if the NAS-Port attribute is not sent then the access
> request is not processed and subsequently denied (in rlm_radutmp.c -
> line 404).
No.
The *radutmp* module requires
Herve Brunet wrote:
> I want authenticate user "[EMAIL PROTECTED]" to my local server and all
> others requets "[EMAIL PROTECTED]" will be proxied to rad1.eduroam.fr.
...
> The directive DEFAULT in proxy.conf doesn't match the string
> [EMAIL PROTECTED]
From the change log in 2.0.2:
*
SANDY KALUGDAN wrote:
> thanks for replying.
> for testing purposes, i've use 's' as the password.
> SQL password for user sandy is really 's'
(a) you didn't type "s" as the user's password on the client
(b) the client is broken, and does not do CHAP properly
(c) the code in FreeRADIUS is b
Dear,
I want authenticate user "[EMAIL PROTECTED]" to my local server and all
others requets "[EMAIL PROTECTED]" will be proxied to rad1.eduroam.fr.
My configuration doesn't works, all the request "[EMAIL PROTECTED]" will be
sent to my local server.
here my configuration :
proxy.conf :
>What application might I use to test this environment using a Windows XP
>system?
A device called UTP cable that you plug into the local switch and a C:\
prompt. "my Cisco router" implies that you have access to it.
>I thought I have to dialup the normal way and then start my Telnet
>Client to c
Hello Freeradius-users,
>From what I see in the mailing list archives several freeradius users
have historically run into trouble with Access-Request information sent
by NASes and particularly the lack of the NAS-Port attribute. I've run
into it quite often recently and was wondering if I may hav
thanks for replying.
for testing purposes, i've use 's' as the password.
SQL password for user sandy is really 's'
SANDY KALUGDAN wrote:
> rlm_chap: Using clear text password s for user sandy authentication.
> rlm_chap: Pasword check failed
There really isn't much else to say. Is the user
radiusd -X. Send the debug of the monowall request.
Ivan Kalik
Kalik Informatika ISP
Dana 3/4/2008, "Devinder Singh" <[EMAIL PROTECTED]> piše:
>Hi I have set up Free Radius to allows users to set up certificates on their
>notebook and get access to the Internet.
>
>When i set EAP i cant sem to
SANDY KALUGDAN wrote:
> rlm_chap: Using clear text password s for user sandy authentication.
> rlm_chap: Pasword check failed
There really isn't much else to say. Is the user's password really
one-letter "s" ?
If not, what *is* the password, and why is the SQL server only
returning "s"?
Sorry, I didn't notice that Session-Timeout is on the same line as the
Group. It shouldn't be there but as one of the reply lines.
Ivan Kalik
Kalik Informatika ISP
Dana 3/4/2008, "[EMAIL PROTECTED]"
<[EMAIL PROTECTED]> piše:
>
>The result is still same. It doesn't return Session-Timeout.
>How w
Hi,
> I'm tryng to set up "freeradius_1.1.7 + AP_Cisco_1130 + PEAP".
>
> Freeradius is configured to use a database mysql, and I launch freeradius
> by "radiusd -x"
its configured to use the SQL but you havent put all details in
radgroupcheck is failing. if you dont want to use it, dont call
here is a portion of the radiusd -X output
rlm_sql (sql): Released sql socket id: 3
modcall[authorize]: module "sql" returns ok for request 1
modcall: group authorize returns ok for request 1
rad_check_password: Found Auth-Type CHAP
auth: type "CHAP"
Processing the authenticate section of r
Hi,
> I'm new in using the marvelous work but I can't seem to authenticate properly
> using my current conf files. I've done my home work by reading all the howtos
> + wiki I can but still I'm stuck with authenticating my users.
> Expert comments will be highly appreciated.
please send radiusd
here is a portion of the radiusd -X output
rlm_sql (sql): Released sql socket id: 3
modcall[authorize]: module "sql" returns ok for request 1
modcall: group authorize returns ok for request 1
rad_check_password: Found Auth-Type CHAP
auth: type "CHAP"
Processing the authenticate section of r
I'm new in using the marvelous work but I can't seem to authenticate properly
using my current conf files. I've done my home work by reading all the howtos +
wiki I can but still I'm stuck with authenticating my users.
Expert comments will be highly appreciated.
/etc/raddb/radiusd.conf
instantia
57 matches
Mail list logo
