George KNIGHT wrote:
A person like you who is dealing with freeradius on a daily basis may
have a tendency of thinking that using/installing/troubleshooting
freeradius is very easy.
The goal is to *make* it that easy. A large number of problems on the
list are because people think it's
Hey Tuc,
This might happen because of interface changes.
Also add a record to the nas table for the 127.0.0.1 ip address (or the
other
IP address you have configured on your ethernet interface).
And I'm also assuming you have configured the nas table in sql.conf
Regards,
Liran Tal.
On Wed, Apr
hi,
I am using free Radius 2.0.3. I m configured my AAA through rlm_perl. I
need to do the authorization by using the following attributes.
Digest-Realm
Digest-Method
Digest-Uri
Digest-Nonce
Digest-Nonce
Digest-Response
Unfortunately i did not get any value from these attributes when i
hi,
I am using free Radius 2.0.3. I m configured my AAA through rlm_perl. I
need to do the authorization by using the following attributes.
Digest-Realm
Digest-Method
Digest-Uri
Digest-Nonce
Digest-Nonce
Digest-Response
Unfortunately i did not get any value from these attributes when i
That's a pap request. Send a request with Digest-Attributes and you will
get digest attributes.
hi,
As advice by Ivan Kalik, I've tried sending the request with
Digest-Attributes, unfortunately i didn't get any values from these
attributes:
'Digest-User-name', 'Digest-Realm',
Hi,
I have a record for 127.0.0.1, and for the ip of the machine
itself (Fixed dedicated IP).
The end result is that I found that no matter what IP I
used to pass on the NAS-IP-Address, it used the machines IP to match
the secret. The problem I had is we placed the device out in
As advice by Ivan Kalik, I've tried sending the request with
Digest-Attributes, unfortunately i didn't get any values from these
attributes:
'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri',
'Digest-Nonce', 'Digest-Response'.
here is the piece of perl code that i have
Thanks for lead Ivan. I was able to make it work by changing radiusd.conf
I add module
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
preproxy_usersfile = ${confdir}/preproxy_users
compat = no
Hi,
Exactly the same config used between 2.0.3 and 2.0.4, but now the LDAP
module fails lookups because it claims it can't find the User-Name
attribute
PEAP: Got tunneled EAP-Message
EAP-Message =
Arran Cudbard-Bell wrote:
Exactly the same config used between 2.0.3 and 2.0.4, but now the LDAP
module fails lookups because it claims it can't find the User-Name
attribute
Arg... grab src/main/evaluate.c from CVS.
In short, a pointer to the user name is cached in a data structure.
Hello Everyone,
So in my world we have been able to diagnose that the authentication issue
is related to the username case (only difference in Radius) and I have not
found anything other than a statement in an old post from Alan about AD
being case sensitive with usernames? Is there any
Just me again,
User has reset there password the usual way however we are still getting
fail login. Anyone with an idea or what I can provide to help solve this
puzzle? Thx
Thu May 1 09:07:33 2008 : Auth: Login incorrect: [brebberm/no
User-Password attribute] (from client 10.0.1.12 port 60035
Alan DeKok wrote:
Arran Cudbard-Bell wrote:
Exactly the same config used between 2.0.3 and 2.0.4, but now the LDAP
module fails lookups because it claims it can't find the User-Name
attribute
Arg... grab src/main/evaluate.c from CVS.
In short, a pointer to the user name is
George KNIGHT wrote:
Yes, I run all the commands as a root. Is this wrong?
No.
When I run the bootstrap script, again, as a root, here is what I get;
sigh You said it had errors. You need to show what those errors
are. Showing that it runs *without* errors doesn't help.
I will use
Alan,
I feel extremely stupid even though I know I am not.
Running radiusd -X command as a root gives me the following error message as
I posted here yesterday;
PS: I'm just posting last part of the output here. The full output can be
seen at my previous email that I sent yesterday.
Hi,
I have a security group in AD 'noremote' that I would like to deny VPN
access.
Reading the FAQ, I edit users to include
DEFAULT Group == noremote, Auth-Type := Reject
Reply-Message = Your account is not allowed.
but this doesn't work.
I also tried below which I based on my
George KNIGHT wrote:
Running radiusd -X command as a root gives me the following error
message as I posted here yesterday;
And the permissions on that directory are... ?
It says a 'permission denied' and you asked me earlier if I was running
the command as a root, which the answer is yes.
rmp dmd wrote:
I have a security group in AD 'noremote' that I would like to deny VPN
access.
Reading the FAQ, I edit users to include
DEFAULT Group == noremote, Auth-Type := Reject
Reply-Message = Your account is not allowed.
but this doesn't work.
The Group
Permissions are as follow;
comp-010:/etc/raddb # dir
total 289
-rw-r- 1 root radiusd 718 2008-02-14 10:35 acct_users
-rw-r- 1 root radiusd 4187 2008-02-14 10:35 attrs
-rw-r- 1 root radiusd 516 2008-02-14 10:35 attrs.access_reject
-rw-r- 1 root radiusd 501 2008-02-14 10:35
No, there is a digest module in default radiusd.conf that should decode
the attributes. Post radiusd -X for request with Digest-Attributes.
Those attributes you want are not in the request - have you tried
$RAD_CHECK.
hi Kalik,
I've tried $RAD_CHECK but it doesn't work, I've found
OK, I have changed the ownership of the following files from root:root to
root:radiusd
server.pem
ca.pem
random
dh
and now radiusd -X is working.
The problem arisen because the root:root permissions on the abovementioned
files.
Will get back to you for either further questions and or a success
George KNIGHT wrote:
Permissions are as follow;
..
comp-010:/etc/raddb # dir
Uh... which OS are you using?
In any case, this is an OS issue. FreeRADIUS OpenSSL use the normal
OS API's to access files. If the server gets a permission denied
error, it's because the OS is denying
Alan,
The permission problem has been solved as I mentioned at my earlier email.
Now, as a last step, I'm installing the certificates. I created the
certificates by following the README file under /etc/raddb/certs/ folder.
Now I have the following certificates;
ca.der
ca.key
ca.pem
client.crt
We have two FR servers (running 1.1.15) on Red Hat machines.
We are using it to authenticate wireless users against an LDAP directory.
Occasionally, one of the FR servers (it happens to each, just not at the
same time), stops working. The service remains up, but it's like the
conversation
No, there is a digest module in default radiusd.conf that should decode
the attributes. Post radiusd -X for request with Digest-Attributes.
Those attributes you want are not in the request - have you tried
$ RAD_CHECK.
hi Kalik,
I've tried $RAD_CHECK but it doesn't work, I've found
Thank you all for responding to my first post in getting FreeRadius set up
and working on a Solaris 10 box.
I am working on creating the (non-priviledged) user environment that will
run the
server.
I have successfully set up a working Radius server to work with a FirePass
VPN appliance..
Arran Cudbard-Bell wrote:
Alan DeKok wrote:
Arran Cudbard-Bell wrote:
Exactly the same config used between 2.0.3 and 2.0.4, but now the LDAP
module fails lookups because it claims it can't find the User-Name
attribute
Arg... grab src/main/evaluate.c from CVS.
In short, a
27 matches
Mail list logo