/etc/samba/smbpasswd

2008-06-11 Thread vijayakumar
Hai All, If am using /etc/samba/smbpasswd how can I specify the etc/smbpasswd through network . is it possible like this filename = 192.168. XX. XX:/etc/samba/smbpasswd Regards. VIJAY - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: inner/outer authentication problem in 2.0.2

2008-06-11 Thread Alan DeKok
Gopinath Reddy N wrote: > But by way of hack if user knows some other valid user name in the > system he can use that as outer identity and get the policy setting of > that user. So to avoid that Iam just thinking is there a way I can come > out of this situation in freeradius Yes. That's why t

Re: Simultaneous-Use and radwho

2008-06-11 Thread Alan DeKok
Tuc at T-B-O-H.NET wrote: > I haven't been given authorization to do a radiusd -X yet, Copy the configs to a test machine. Run "radsniff" on the production machine to grab packets. Play them back on the test machine. Run radiusd -X on the test machine. > But it seems somehow they

Re: Freeradius Hardware requirements

2008-06-11 Thread Alan DeKok
nf-vale wrote: > Please help me if you can. I need some data about Freeradius hardware > "requirements". Any commodity system will be fine. > This is for a project I'm working on and I need to establish a minimum > hardware requirements for a radius server (Freeradius 2.0.5) that will > serve a

Re: inner/outer authentication problem in 2.0.2

2008-06-11 Thread Gopinath Reddy N
Hi, Iam planning to send some Vendor Specific attributes to the user based on inner authentication. But by way of hack if user knows some other valid user name in the system he can use that as outer identity and get the policy setting of that user. So to avoid that Iam just thinking is there a wa

Fwd: Help with Rewriting RAD_REQUEST in rlm_perl for proxy

2008-06-11 Thread Ken Gribble
Sorry, my bad, I upgraded to 2.0.5 and this all started to work fine :-) -Ken Begin forwarded message: Greetings! I'm using freeradius installed from the freeradius.i386 1.1.3-1.2.el rpm on CentOS 5 (recompiled RedHat). - List info/subscribe/unsubscribe? See http://www.freeradius.org/lis

Help with Rewriting RAD_REQUEST in rlm_perl for proxy

2008-06-11 Thread Ken Gribble
st 0 rlm_realm: Looking up realm "somerealm.com" for User-Name = "[EMAIL PROTECTED] " rlm_realm: Found realm "DEFAULT" rlm_realm: Proxying request from user kenlime to realm DEFAULT rlm_realm: Adding Realm = "DEFAULT" rlm_realm: Prep

Simultaneous-Use and radwho

2008-06-11 Thread Tuc at T-B-O-H.NET
Hi, I haven't been given authorization to do a radiusd -X yet, but I'm seeing something in my logs that I don't get . User is logging in from multiple times, so I put on Simultaneous-Use and it goes against the radutmp. So I test it by hand and I get in radius.log Wed Jun 11 17:30:45 2008

Re: Forcing lowercase User-Name with rlm_perl

2008-06-11 Thread oz
Wow Chris, looks great and is very helpful! I will test it tomorrow and give a short feedback whether it works. Thanks a lot, oz On Wed, 11 Jun 2008 14:28:13 -0700 Chris <[EMAIL PROTECTED]> wrote: > I'm doing this: > > perl_tolower.pm: > use strict; > use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_

Freeradius Hardware requirements

2008-06-11 Thread nf-vale
Hi all, Please help me if you can. I need some data about Freeradius hardware "requirements". This is for a project I'm working on and I need to establish a minimum hardware requirements for a radius server (Freeradius 2.0.5) that will serve about 3000 users, and will be used as authentication a

Re: Forcing lowercase User-Name with rlm_perl

2008-06-11 Thread Chris
I'm doing this: perl_tolower.pm: use strict; use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK); # # This the remapping of return values # use constantRLM_MODULE_REJECT=>0;# /* immediately reject the request */ use constantRLM_MODULE_FAIL=> 1;# /* module failed,

Memory Problem

2008-06-11 Thread Caio Oliveira
I installed FreeRadius 2.0.3 just for accounting and I´m receving 200/300 accts/s. I have a serious problem that the memory used by the radiusd process starts to increase and don´t stop. I think that happens because FreeRadius uses the memory and keep it forever. Anyone can help me?

Re: FreeRadius/eDirectory/802.1X authentication issue

2008-06-11 Thread Alan DeKok
Newall, Bryce wrote: > See why I say I don't know a whole lot about how all this works?? :) So > it sounds like I don't even need LDAP, but it's helpful for at least > testing the RADIUS configuration with a program like NTRadPing to make > sure it's working correctly before jumping into the EAP-T

Re: Forcing lowercase User-Name with rlm_perl

2008-06-11 Thread oz
On Sat, 17 May 2008 18:09:09 -0700 Chris <[EMAIL PROTECTED]> wrote: > Thanks. I'll look at lc. > I was actually more concerned about the interfacing with freeradius than the > perl itself. Hello, another user here, who needs "lower_user = before" to be able to switch to freeradius-2.0.x. Our d

Re: 'Attribute "User-Password" is required for authentication.' (EAP/TTLS/RADIUS/PAM)

2008-06-11 Thread Alan DeKok
sth wrote: > Hi folks, Posting huge amounts of configuration files to the list isn't necessary. > My NAS is talking to the FR instance (being run in "-X" debug mode, of > course), but the NAS doesn't appear to be sending the "User-Password" > attribute that FR is expecting. No. It's sending

Re: 'Attribute "User-Password" is required for authentication.' (EAP/TTLS/RADIUS/PAM)

2008-06-11 Thread Nicolas Goutte
As far as I understand your config files, you want to use MD5. So the question are: - is the client really sending MD5 hashes (or is it sending NT hashes for example) - can PAM handle it? - has PAM access to the password in MD5 or in clear to be able to check against it? I hope that my hi

'Attribute "User-Password" is required for authentication.' (EAP/TTLS/RADIUS/PAM)

2008-06-11 Thread sth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi folks, I've been tasked with determining the feasibility of migrating a campus wireless deployment from "open wireless plus VPN" to WPA2 Enterprise. The existing VPN server authenticates against a RHEL4 FreeRADIUS server (1.0.1-3.RHEL4.5, the late

Re: freeradius 2.05 peap and ldap bind?

2008-06-11 Thread Ivan Kalik
> We just installed freeradius 2.05 on a Centos 5 system. We got >PEAP working rather quickly against our ldap server against LM/NT >passwords. We would also like to allow clients using Securew2 >supplicants configured for TTLS -PAP connections against (crypt and >SSHA) passwords stored in our

RE: FreeRadius/eDirectory/802.1X authentication issue

2008-06-11 Thread Newall, Bryce
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:freeradius-users- > [EMAIL PROTECTED] On Behalf Of Alan DeKok > Sent: Wednesday, June 11, 2008 10:30 AM > To: FreeRadius users mailing list > Subject: Re: FreeRadius/eDirectory/802.1X authentication issue > > > We need to have Free

Re: Forwarding username and framed-ip-address to two destinations

2008-06-11 Thread Alan DeKok
issbruek wrote: > we are using Freeradiuss 1.1.7 and are looking for a solution to forward > username and framed-ip-adress to another additional IP-adresss. Using... what protocol? > Currently the radiusserver receives the accounting data and stores it into a > sql-database. In the end we want

Re: freeradius 2.05 peap and ldap bind?

2008-06-11 Thread Alan DeKok
Tim Tyler wrote: > Freeradius experts, > We just installed freeradius 2.05 on a Centos 5 system. We got PEAP > working rather quickly against our ldap server against LM/NT passwords. > We would also like to allow clients using Securew2 supplicants > configured for TTLS -PAP connections against

Re: FreeRadius/eDirectory/802.1X authentication issue

2008-06-11 Thread Alan DeKok
Newall, Bryce wrote: > I am looking into setting up a test RADIUS server with FreeRADIUS 2.0.5, > since the current server is running 1.1.0. As I mentioned before, > though, I don't know a lot about RADIUS, and would love to find some > HOW-TO's to help me make it work. As would I. This isn't

RE: FreeRadius/eDirectory/802.1X authentication issue

2008-06-11 Thread Newall, Bryce
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:freeradius-users- > [EMAIL PROTECTED] On Behalf Of Phil > Mayers > Sent: Wednesday, June 11, 2008 2:00 AM > To: FreeRadius users mailing list > Subject: Re: FreeRadius/eDirectory/802.1X authentication issue > > On Tue, Jun 10, 2008 a

freeradius 2.05 peap and ldap bind?

2008-06-11 Thread Tim Tyler
Freeradius experts, We just installed freeradius 2.05 on a Centos 5 system. We got PEAP working rather quickly against our ldap server against LM/NT passwords. We would also like to allow clients using Securew2 supplicants configured for TTLS -PAP connections against (crypt and SSHA) passw

Re: Check Items on launch

2008-06-11 Thread Pshem Kowalczyk
Hi, What do you have in the users file, starting from line 28? kind regards Pshem 2008/6/12 Breuer Nicolas <[EMAIL PROTECTED]>: > > Just a question, > > Is it normal that warning on the launch of the radiusd > > [users]:28 WARNING! Check item "Pool-Suffix" found in reply item list for > user

Forwarding username and framed-ip-address

2008-06-11 Thread issbruek
Hi, we are using Freeradiuss 1.1.7 and are looking for a solution to forward username and framed-ip-adress to another additional IP-adresss. Currently the radiusserver receives the accounting data and stores it into a sql-database. In the end we want freeradius to send the data towards the SQL-da

Re: Certificate Error!

2008-06-11 Thread Ivan Kalik
Issuer: ..., MarNet Subject: ..., MarsNet Check certificate details. It seems that there are some typing errors there. Ivan Kalik Kalik Informatika ISP Dana 11/6/2008, "Kwok Sianbin" <[EMAIL PROTECTED]> piše: >Hi Ivan, > > > >The date shows in Client Cert as word format and dates are correct.

RE: FR and PEAP question

2008-06-11 Thread Ivan Kalik
>In ldap.attrmap I have the line: >checkItem NT-Password ntPassword > >in radiusd.conf in my ldap declaration, I have: >password_attribute = ntPassword > And that would work if you were using pap module. But you are using mschap. That one looks for cleartext password first. If

Re: MySQL connection over SSL possible?

2008-06-11 Thread Alan DeKok
Anders Holm wrote: > Hitting "Reply All" in most MUAs would do this. The list should be smart > enough to only forward on one copy per recipient ... It's not. We get 2 copies of every mail you send to the list. > ALL mails I receive for this list has the list in *both* TO and CC headers > ..

Re: Redundant SQLIPPOOL > NOK

2008-06-11 Thread Alan DeKok
Breuer Nicolas wrote: >>> LIVE SYSTEM = SQLIPPOOL > > When database was down it works > but when radius received a 1017 error, it doesn't go to the second > module. Yes, this was discussed before. The code hasn't changed since last time, so the answer hasn't changed, either. Alan DeKok.

Re: MySQL connection over SSL possible?

2008-06-11 Thread Anders Holm
Hitting "Reply All" in most MUAs would do this. The list should be smart enough to only forward on one copy per recipient ... ALL mails I receive for this list has the list in *both* TO and CC headers //anders - Original Message - From: "Nicolas Goutte" <[EMAIL PROTECTED]> To:

Redundant SQLIPPOOL > NOK

2008-06-11 Thread Breuer Nicolas
Dear, Redundant config seems not working. Conf : LIVE-SYSTEM-01 { fail=1 } if (!ok) { LIVE-SYSTEM-02 } >> LIVE SYSTEM = SQLIPPOOL When database was down it works but when radius received a 1017 error, it doesn't go to the second module. I checked the same thing with the accounting (

Re: FR and PEAP question

2008-06-11 Thread Nicolas Goutte
Am 11.06.2008 um 14:48 schrieb Matt Ashfield: Hi I’m still trying to get this working. I’m using an XP machine plugged into an edge switch acting as a NAS. I’m using the PEAP/ MSCHAP in XP to authenticate against an LDAP directory. In that directory, we have created an attribute called nt

Re: Whether the FreeRADIUS supports switch 3Com 5500G-EI ?

2008-06-11 Thread Gennadiy Redko
Ivan Kalik ?: Have the Tunnel attributes appeared now in the Access-Accept? If they have, that's all radius server can do. If the switch doesn't understand tunnel attributes ... Yes. Now tunnel attributes began to be appeared. We with Victor shall lay out working configs and we shall close b

Check Items on launch

2008-06-11 Thread Breuer Nicolas
Just a question, Is it normal that warning on the launch of the radiusd [users]:28 WARNING! Check item "Pool-Suffix" found in reply item list for user "DEFAULT".This attribute MUST go on the first line with the other check items This attribute is an internal reply attribute Added in

Re: Whether the FreeRADIUS supports switch 3Com 5500G-EI ?

2008-06-11 Thread Ivan Kalik
Sorry, my mistake. Missed the SHIFT while typing. Ivan Kalik Kalik Informatika ISP Dana 11/6/2008, "Guk Viktor" <[EMAIL PROTECTED]> piše: > >> >> Did you put use-tunneled-reply=yes in peap config? I also can't see >> freeradius config files. >> >> Ivan Kalik >> Kalik Informatika ISP >> >> >> Da

RE: FR and PEAP question

2008-06-11 Thread Matt Ashfield
Hi I’m still trying to get this working. I’m using an XP machine plugged into an edge switch acting as a NAS. I’m using the PEAP/MSCHAP in XP to authenticate against an LDAP directory. In that directory, we have created an attribute called ntPasssword which I have populated with the word ‘passw

Re: inner/outer authentication problem in 2.0.2

2008-06-11 Thread Ivan Kalik
Why do you apply any policies to the outer identity? Ivan Kalik Kalik Informatika ISP Dana 11/6/2008, "Gopinath Reddy N" <[EMAIL PROTECTED]> piše: >Hello all, > >Iam using freeradius 2.0.2 version with TTLS/MSCHAPv2 > >I have two users in configuration > >tmpuser -> tmpgroup >emp1 -> employee >

Re: Whether the FreeRADIUS supports switch 3Com 5500G-EI ?

2008-06-11 Thread Ivan Kalik
Have the Tunnel attributes appeared now in the Access-Accept? If they have, that's all radius server can do. If the switch doesn't understand tunnel attributes ... Ivan Kalik Kalik Informatika ISP Dana 11/6/2008, "Gennadiy Redko" <[EMAIL PROTECTED]> piše: >Ivan Kalik wrote: >> Did you put use-t

Whether the FreeRADIUS supports switch 3Com 5500G-EI ?

2008-06-11 Thread Guk Viktor
Did you put use-tunneled-reply=yes in peap config? I also can't see freeradius config files. Ivan Kalik Kalik Informatika ISP Dana 10/6/2008, "Krzysztof Olędzki" <[EMAIL PROTECTED]> piše: Sorry! We changed "use_tunneled_reply = yes" in other file of сonfig freeradius. After they found whe

Re: Whether the FreeRADIUS supports switch 3Com 5500G-EI ?

2008-06-11 Thread Krzysztof Olędzki
On 2008-06-11 12:37, Gennadiy Redko wrote: [5500G-EI]display interface GigabitEthernet 7/0/40 GigabitEthernet7/0/40 current state : DOWN This port is down, there is no client connected nor authorized/authenticated. [5500G-EI]display port-security interface GigabitEthernet 7/0/40 Gigabit

Re: Problems compiling Freeradius 2.0.4 on Fedora 8 [Updated to 2.0.5]

2008-06-11 Thread Alan DeKok
Piero Giobbi wrote: > Ups, sorry, here's with the line above: ... > -lnsl -lresolv -lpthread -lssl -lcrypto -Wl,--rpath -Wl,/usr/local/lib/ > /libeap/.libs/libfreeradius-eap.so: undefined reference to `BIO_test_flags'/ > /libeap/.libs/libfreeradius-eap.so: undefined reference to `EVP_MD_size'/

inner/outer authentication problem in 2.0.2

2008-06-11 Thread Gopinath Reddy N
Hello all, Iam using freeradius 2.0.2 version with TTLS/MSCHAPv2 I have two users in configuration tmpuser -> tmpgroup emp1 -> employee Iam using "tmpuser" in outer authentication and "emp1" in inner authentication. I have eap.conf file configured with ttls { copy_req

Re: Whether the FreeRADIUS supports switch 3Com 5500G-EI ?

2008-06-11 Thread Gennadiy Redko
Ivan Kalik wrote: Did you put use-tunneled-reply=yes in peap config? I also can't see freeradius config files. Ivan Kalik Kalik Informatika ISP Hi, Ivan. This option too has not helped. Regards. Gennadii. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Whether the FreeRADIUS supports switch 3Com 5500G-EI ?

2008-06-11 Thread Gennadiy Redko
Krzysztof Olędzki wrote: OK, we absolutely need some more info: - display vlan - display vlan ... (2?) - display interface ... (G7/0/40?) - display port-security interface ... (G7/0/40) Hi,Krzysztof Viktor Guk wrote: >All too most, only with the letter "G". [5500G-EI]disp vlan The follo

Re: Problems compiling Freeradius 2.0.4 on Fedora 8 [Updated to 2.0.5]

2008-06-11 Thread Piero Giobbi
Ups, sorry, here's with the line above: /usr/bin/gmake -w -C libeap gmake[7]: Entering directory `/root/freeradius-server-2.0.5/src/ modules/rlm_eap/libeap' gmake[7]: Nothing to be done for `all'. gmake[7]: Leaving directory `/root/freeradius-server-2.0.5/src/modules/ rlm_eap/libeap' /root/fre

Re: MySQL connection over SSL possible?

2008-06-11 Thread Nicolas Goutte
Please try to avoid to send emails to the list as "TO" *and* as "CC". (I (and probably not only me) get your messages always twice.) Have a nice day! Am 11.06.2008 um 11:31 schrieb Anders Holm: "There are other options." Yes, I've come up with a few. Would you have others as well? Sugges

Re: MySQL connection over SSL possible?

2008-06-11 Thread Anders Holm
"There are other options." Yes, I've come up with a few. Would you have others as well? Suggestions are welcome in all cases .. //anders - Original Message - From: "Alan DeKok" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: Monday, June 9, 2008 5:57:48 PM GMT +00:00 GMT

Re: MySQL connection over SSL possible?

2008-06-11 Thread Anders Holm
Indeed, stunnel is one way to go, another might be SSH tunnels, or as another poster mentioned IPSec tunnels. Yes, data integrity and security of the data is vital, along the whole path from backend storage to end device, so this is just one piece of that puzzle ... What I'll do short term is t

Re: Setting Post-Proxy-Type ??

2008-06-11 Thread Mustapha Bouikhif
Alan DeKok a écrit : Mustapha Bouikhif wrote: I am having problemes getting Post-Proxy-Type to work in FreeRadius (FR); I did tests with FR v2.0.3 and FR v2.0.5 after update without success; Here is what i want to do: Use attr_rewrite to write some attributes (those for setting VLAN) in pro

Re: FreeRadius/eDirectory/802.1X authentication issue

2008-06-11 Thread Phil Mayers
On Tue, Jun 10, 2008 at 07:32:45PM -0700, Newall, Bryce wrote: login credentials each time. The "Use Windows login credentials" (or whatever it's called; can't remember off the top of my head) option is checked. In fact, if I un-check it and have Windows prompt me for the credentials, then the

Re: Problems compiling Freeradius 2.0.4 on Fedora 8 [Updated to 2.0.5]

2008-06-11 Thread Nicolas Goutte
Am 11.06.2008 um 09:50 schrieb Piero Giobbi: Hi again. Sorry Alan, i forgot to include "the" problem when i try to build freeradius 2.0.5 on Fedora 8. Below is from make: collect2: ld returned 1 exit status Is it the only error line about the linking problem or are there relevant lines

Re: Problems compiling Freeradius 2.0.4 on Fedora 8 [Updated to 2.0.5]

2008-06-11 Thread Alan DeKok
Piero Giobbi wrote: > Sorry Alan, i forgot to include "the" problem when i try to build > freeradius 2.0.5 on Fedora 8. Below is from make: > > /collect2: ld returned 1 exit status/ > /gmake[6]: *** [radeapclient] Error 1/ And you've deleted the actual error message. Alan DeKok. - List info/

Re: Problems compiling Freeradius 2.0.4 on Fedora 8 [Updated to 2.0.5]

2008-06-11 Thread Piero Giobbi
Hi again. Sorry Alan, i forgot to include "the" problem when i try to build freeradius 2.0.5 on Fedora 8. Below is from make: collect2: ld returned 1 exit status gmake[6]: *** [radeapclient] Error 1 gmake[6]: Leaving directory `/root/freeradius-server-2.0.5/src/modules/ rlm_eap' gmake[5]: *

Re: FreeRadius/eDirectory/802.1X authentication issue

2008-06-11 Thread Alan DeKok
Newall, Bryce wrote: > I'm convinced that it has SOMETHING to do with how Windows is passing > the credentials through to FreeRadius, rather than a FreeRadius problem; > I'm just not sure where to troubleshoot. You'll know from reading this list where *my* biases are. For most problem interac