Hi Guys
I have an account which I want to auth locally on our 2 proxy radius
machine.
The problem is that sometimes the connection authenticates and other
times it does not, there are warning in the log's below so I'm sure I
have something wrong. But I can not work out what I should be doing
Should I expect something like this to do the right thing?
ldap-localhost {
server = "127.0.0.1"
basedn = switch "%{Huntgroup-Name}" {
case dsl {
"ou=dsl,ou=radius,dc=viptalk,dc=net"
}
case {
Hi,
> Sending Access-Request of id 7 to 192.168.29.34 port 1812
> Service-Type = Framed-User
> Framed-Protocol = PPP
> User-Name = "test"
> MS-CHAP-Challenge = 0xSNIP
> MS-CHAP2-Response = 0xSNIP
> Calling-Station-Id = 192.168.55.55
> NAS-IP-
Robert Haskins wrote:
I'm trying to compile freeradius.org version 2.0.3 on Red Hat 7.3, and
I'm getting the following error:
Wow. That's a seriously OLD os install. Please consider upgrading.
/usr/local/src/radius/freeradius-server-2.0.3/src/freeradius-devel/rad_assert.h:26:
warning: `used'
All,
We're rolling out a password-expiry policy here, and it's been suggested
that it would be helpful for the VPN to prompt a user to change their
password, rather than just lock them out.
The VPN is poptop on Linux, authing to FreeRadius, which current talks
to winbind and then to our w2k3
Thanks Ivan that I did'n know :) also, I had disabled accounting, now,
I enabled that and detailed auth log
Now I get something as follow in radacct/10.128.255.80/auth-detail-20080423 :
Wed Apr 23 14:16:22 2008
Packet-Type = Access-Request
User-Name = "queloc
Install SecureW2 and try EAP-TTLS/PAP. If that works then passwords are
encrypted and PEAP won't work.
Ivan Kalik
Kalik Informatika ISP
Dana 23/4/2008, "Dr.Peer-Joachim Koch" <[EMAIL PROTECTED]> piše:
>Hi Ivan,
>
>thanks, but I don't have access to this server.
>I'll can only do anything on our
I'm trying to compile freeradius.org version 2.0.3 on Red Hat 7.3, and
I'm getting the following error:
/usr/local/src/radius/freeradius-server-2.0.3/src/freeradius-devel/rad_assert.h:26:
warning: `used' attribute directive ignored
In file included from ../../eap.h:34,
from eap_tn
That will be logged in your accounting log.
Ivan Kalik
Kalik Informatika ISP
Dana 23/4/2008, "Sergio Belkin" <[EMAIL PROTECTED]> piše:
>Thanks Ivan,
>
>I know that :) But I want get IP from NAS's that are behind a
>NAT-proxy-firewall server, I want the NAS IP and not the
>NAT-proxy-firewall serv
No idea. That check must have some purpose.
Usual workaround for this is to rewrite (update in freeradius speak)
NAS-Port attribute with the value of Calling-Station-Id (in unlang,
perl, ...). That sorts out missing NAS-Port in the request.
There are way too many places where NAS-Port needs to be
I currently have freeRadius running on a Macintosh 10.5 server.
freeRadius is using opendirectory for authentication and authorization.
This is working successfully.
What I would like to do next is have the PrimaryGroupID or the gidNumber
in Opendirectory for that particular user passed back
> From: [EMAIL PROTECTED]> To: [EMAIL PROTECTED]> Subject: Your confirmation is
> required to join the Freeradius-Users mailing list> Date: Wed, 23 Apr 2008
> 17:25:45 +0200> > Mailing list subscription confirmation notice for mailing
> list> Freeradius-Users> > We have received a request from
raddb/sqlippool.conf
## Using Calling-Station-Id works for NAS that send fixed NAS-Port
## ONLY change this if you know what you are doing!
## pool-key = "%{NAS-Port}"
pool-key = "%{Calling-Station-Id}"
What I suggest is that we take the "NAS that send fixed NAS-Port"
condition off from RLM_
Numerous posts about Active Directory OU searching and FreeRadius can be found
easily via Google, but none seem to have the definitive answer/workaround for
the "Windows 2003 rebind failure when searching the root of the active
directory"
On the latest freeradius-2.0.3 compiled from source, I
Thanks Ivan,
I know that :) But I want get IP from NAS's that are behind a
NAT-proxy-firewall server, I want the NAS IP and not the
NAT-proxy-firewall server IP.
In fact my clients.conf has something as follows:
client 10.128.255.86 {
require_message_authenticator = no
secret = "pepepotam
Hi Ivan,
thanks, but I don't have access to this server.
I'll can only do anything on our proxy.
Your are right, the WLAN is configured with wpa2 TKIP PEAP
and ms-chap-V2.
Is there anything else I can do ?
Bye, Peer
Ivan Kalik schrieb:
This is the debug from the proxy not home server. You ne
Hello,I learn that there is a MK that need to pass to the AP after the auth is
complete.Do you know how to generate the key? Are they generated differently in
different way of auth?
Xingtom
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>From clients.conf:
# The short name is used as an alias for the fully qualified
# domain name, or the IP address.
#
shortname = localhost
shortname is printed in the log. Put NAS IP there if you want it in
radius.log.
Ivan Kalik
Kalik Informatika ISP
Da
e authorize section of radiusd.conf
>modcall: entering group authorize for request 7
> modcall[authorize]: module "preprocess" returns ok for request 7
>radius_xlat: '/var/log/radius/radacct/141.5.16.151/auth-detail-20080423'
>rlm_detail:
>/var/log/radius
Hi, how can I get the "NAS-IP-Address" in radius.log?
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
request 7
radius_xlat: '/var/log/radius/radacct/141.5.16.151/auth-detail-20080423'
rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radius/radacct/141.5.16.151/auth-detail-20080423
modcall[authorize]: module "auth_log" ret
Great , but it was not the case of freeradius 1.x which i was using and
discussing about all the time.
Regards,
D.
2008/4/22 Alan DeKok <[EMAIL PROTECTED]>:
> David Hláčik wrote:
> > i did a lot of reading about certificate generation,
>
> This just kills me.
>
> 2.0 ships with scripts to crea
Am 23.04.2008 um 10:56 schrieb jennie susan:
Thank you alan for your time,
As i mentioned before i am new to linux too. I had installed
openssl already and the libraries are in /usr/local/lib folder.
i dont know how to enable this (path) in the server, because i
guess there is another op
radiusd -X
Ivan Kalik
Kalik Informatika ISP
Dana 23/4/2008, "Dr.Peer-Joachim Koch" <[EMAIL PROTECTED]> piše:
>Hi,
>
>we are using one radius server for external users to get
>access to a 802.1x WLAN.
>The radius server is configured to look for the domain
>and only answer local request or form
Hi,
we are using one radius server for external users to get
access to a 802.1x WLAN.
The radius server is configured to look for the domain
and only answer local request or form our domain.
Everything else is forwareded to central instance (using
the proxy.conf).
Now I have a strange problem:
W
Thank you alan for your time,
As i mentioned before i am new to linux too. I had installed openssl already
and the libraries are in /usr/local/lib folder.
i dont know how to enable this (path) in the server, because i guess there is
another openssl (older version) installed, i had this problem
Alan DeKok wrote:
Arran Cudbard-Bell wrote:
Hi,
We formulate our reply inside of the virtual server dealing with EAP and
send it back to the outer server. This is the only way I could think of
to insert the Inner identity into the Access-Accept.
...
update outer.reply
Arran Cudbard-Bell wrote:
> Hi,
>
> We formulate our reply inside of the virtual server dealing with EAP and
> send it back to the outer server. This is the only way I could think of
> to insert the Inner identity into the Access-Accept.
...
update outer.reply {
Us
jreubens wrote:
> I am newbie trying to test free radius for my master thesis, i installed
> free radius two days ago and did some initial testing, the initial test was
> through so the radius server is running properly, before i move on i wanted
> to test the eap modules, so i tried to test with t
Hi,
I am newbie trying to test free radius for my master thesis, i installed
free radius two days ago and did some initial testing, the initial test was
through so the radius server is running properly, before i move on i wanted
to test the eap modules, so i tried to test with the help of eapol_t
30 matches
Mail list logo