Hai All,
If am using /etc/samba/smbpasswd how can I specify the etc/smbpasswd
through network .
is it possible like this filename = 192.168. XX. XX:/etc/samba/smbpasswd
Regards.
VIJAY
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Gopinath Reddy N wrote:
> But by way of hack if user knows some other valid user name in the
> system he can use that as outer identity and get the policy setting of
> that user. So to avoid that Iam just thinking is there a way I can come
> out of this situation in freeradius
Yes. That's why t
Tuc at T-B-O-H.NET wrote:
> I haven't been given authorization to do a radiusd -X yet,
Copy the configs to a test machine. Run "radsniff" on the production
machine to grab packets. Play them back on the test machine. Run
radiusd -X on the test machine.
> But it seems somehow they
nf-vale wrote:
> Please help me if you can. I need some data about Freeradius hardware
> "requirements".
Any commodity system will be fine.
> This is for a project I'm working on and I need to establish a minimum
> hardware requirements for a radius server (Freeradius 2.0.5) that will
> serve a
Hi,
Iam planning to send some Vendor Specific attributes to the user based on
inner authentication.
But by way of hack if user knows some other valid user name in the system he
can use that as outer identity and get the policy setting of that user. So
to avoid that Iam just thinking is there a wa
Sorry, my bad, I upgraded to 2.0.5 and this all started to work fine :-)
-Ken
Begin forwarded message:
Greetings!
I'm using freeradius installed from the freeradius.i386 1.1.3-1.2.el
rpm on CentOS 5 (recompiled RedHat).
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/lis
st 0
rlm_realm: Looking up realm "somerealm.com" for User-Name = "[EMAIL PROTECTED]
"
rlm_realm: Found realm "DEFAULT"
rlm_realm: Proxying request from user kenlime to realm DEFAULT
rlm_realm: Adding Realm = "DEFAULT"
rlm_realm: Prep
Hi,
I haven't been given authorization to do a radiusd -X yet, but
I'm seeing something in my logs that I don't get . User is logging in
from multiple times, so I put on Simultaneous-Use and it goes against
the radutmp. So I test it by hand and I get in radius.log
Wed Jun 11 17:30:45 2008
Wow Chris, looks great and is very helpful!
I will test it tomorrow and give a short feedback whether it works.
Thanks a lot,
oz
On Wed, 11 Jun 2008 14:28:13 -0700
Chris <[EMAIL PROTECTED]> wrote:
> I'm doing this:
>
> perl_tolower.pm:
> use strict;
> use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_
Hi all,
Please help me if you can. I need some data about Freeradius hardware
"requirements".
This is for a project I'm working on and I need to establish a minimum
hardware requirements for a radius server (Freeradius 2.0.5) that will
serve about 3000 users, and will be used as authentication a
I'm doing this:
perl_tolower.pm:
use strict;
use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK);
#
# This the remapping of return values
#
use constantRLM_MODULE_REJECT=>0;# /* immediately
reject the request */
use constantRLM_MODULE_FAIL=> 1;# /* module failed,
I installed FreeRadius 2.0.3 just for accounting and I´m receving 200/300
accts/s.
I have a serious problem that the memory used by the radiusd process starts to
increase and don´t stop. I think that happens because FreeRadius uses the
memory and keep it forever.
Anyone can help me?
Newall, Bryce wrote:
> See why I say I don't know a whole lot about how all this works?? :) So
> it sounds like I don't even need LDAP, but it's helpful for at least
> testing the RADIUS configuration with a program like NTRadPing to make
> sure it's working correctly before jumping into the EAP-T
On Sat, 17 May 2008 18:09:09 -0700
Chris <[EMAIL PROTECTED]> wrote:
> Thanks. I'll look at lc.
> I was actually more concerned about the interfacing with freeradius than the
> perl itself.
Hello, another user here, who needs "lower_user = before" to be able to
switch to freeradius-2.0.x. Our d
sth wrote:
> Hi folks,
Posting huge amounts of configuration files to the list isn't necessary.
> My NAS is talking to the FR instance (being run in "-X" debug mode, of
> course), but the NAS doesn't appear to be sending the "User-Password"
> attribute that FR is expecting.
No. It's sending
As far as I understand your config files, you want to use MD5.
So the question are:
- is the client really sending MD5 hashes (or is it sending NT hashes
for example)
- can PAM handle it?
- has PAM access to the password in MD5 or in clear to be able to
check against it?
I hope that my hi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi folks,
I've been tasked with determining the feasibility of migrating a campus
wireless deployment from "open wireless plus VPN" to WPA2 Enterprise.
The existing VPN server authenticates against a RHEL4 FreeRADIUS server
(1.0.1-3.RHEL4.5, the late
> We just installed freeradius 2.05 on a Centos 5 system. We got
>PEAP working rather quickly against our ldap server against LM/NT
>passwords. We would also like to allow clients using Securew2
>supplicants configured for TTLS -PAP connections against (crypt and
>SSHA) passwords stored in our
> -Original Message-
> From:
[EMAIL PROTECTED]
> [mailto:freeradius-users-
> [EMAIL PROTECTED] On Behalf Of Alan
DeKok
> Sent: Wednesday, June 11, 2008 10:30 AM
> To: FreeRadius users mailing list
> Subject: Re: FreeRadius/eDirectory/802.1X authentication issue
>
> > We need to have Free
issbruek wrote:
> we are using Freeradiuss 1.1.7 and are looking for a solution to forward
> username and framed-ip-adress to another additional IP-adresss.
Using... what protocol?
> Currently the radiusserver receives the accounting data and stores it into a
> sql-database. In the end we want
Tim Tyler wrote:
> Freeradius experts,
> We just installed freeradius 2.05 on a Centos 5 system. We got PEAP
> working rather quickly against our ldap server against LM/NT passwords.
> We would also like to allow clients using Securew2 supplicants
> configured for TTLS -PAP connections against
Newall, Bryce wrote:
> I am looking into setting up a test RADIUS server with FreeRADIUS 2.0.5,
> since the current server is running 1.1.0. As I mentioned before,
> though, I don't know a lot about RADIUS, and would love to find some
> HOW-TO's to help me make it work.
As would I. This isn't
> -Original Message-
> From:
[EMAIL PROTECTED]
> [mailto:freeradius-users-
> [EMAIL PROTECTED] On Behalf Of Phil
> Mayers
> Sent: Wednesday, June 11, 2008 2:00 AM
> To: FreeRadius users mailing list
> Subject: Re: FreeRadius/eDirectory/802.1X authentication issue
>
> On Tue, Jun 10, 2008 a
Freeradius experts,
We just installed freeradius 2.05 on a Centos 5 system. We got
PEAP working rather quickly against our ldap server against LM/NT
passwords. We would also like to allow clients using Securew2
supplicants configured for TTLS -PAP connections against (crypt and
SSHA) passw
Hi,
What do you have in the users file, starting from line 28?
kind regards
Pshem
2008/6/12 Breuer Nicolas <[EMAIL PROTECTED]>:
>
> Just a question,
>
> Is it normal that warning on the launch of the radiusd
>
> [users]:28 WARNING! Check item "Pool-Suffix" found in reply item list for
> user
Hi,
we are using Freeradiuss 1.1.7 and are looking for a solution to forward
username and framed-ip-adress to another additional IP-adresss.
Currently the radiusserver receives the accounting data and stores it into a
sql-database. In the end we want freeradius to send the data towards the
SQL-da
Issuer: ..., MarNet
Subject: ..., MarsNet
Check certificate details. It seems that there are some typing errors
there.
Ivan Kalik
Kalik Informatika ISP
Dana 11/6/2008, "Kwok Sianbin" <[EMAIL PROTECTED]> piše:
>Hi Ivan,
>
>
>
>The date shows in Client Cert as word format and dates are correct.
>In ldap.attrmap I have the line:
>checkItem NT-Password ntPassword
>
>in radiusd.conf in my ldap declaration, I have:
>password_attribute = ntPassword
>
And that would work if you were using pap module. But you are using
mschap. That one looks for cleartext password first. If
Anders Holm wrote:
> Hitting "Reply All" in most MUAs would do this. The list should be smart
> enough to only forward on one copy per recipient ...
It's not. We get 2 copies of every mail you send to the list.
> ALL mails I receive for this list has the list in *both* TO and CC headers
> ..
Breuer Nicolas wrote:
>>> LIVE SYSTEM = SQLIPPOOL
>
> When database was down it works
> but when radius received a 1017 error, it doesn't go to the second
> module.
Yes, this was discussed before. The code hasn't changed since last
time, so the answer hasn't changed, either.
Alan DeKok.
Hitting "Reply All" in most MUAs would do this. The list should be smart enough
to only forward on one copy per recipient ...
ALL mails I receive for this list has the list in *both* TO and CC headers
//anders
- Original Message -
From: "Nicolas Goutte" <[EMAIL PROTECTED]>
To:
Dear,
Redundant config seems not working.
Conf :
LIVE-SYSTEM-01 {
fail=1
}
if (!ok) {
LIVE-SYSTEM-02
}
>> LIVE SYSTEM = SQLIPPOOL
When database was down it works
but when radius received a 1017 error, it doesn't go to the second
module.
I checked the same thing with the accounting (
Am 11.06.2008 um 14:48 schrieb Matt Ashfield:
Hi
I’m still trying to get this working. I’m using an XP machine
plugged into an edge switch acting as a NAS. I’m using the PEAP/
MSCHAP in XP to authenticate against an LDAP directory. In that
directory, we have created an attribute called nt
Ivan Kalik ?:
Have the Tunnel attributes appeared now in the Access-Accept? If they
have, that's all radius server can do. If the switch doesn't
understand tunnel attributes ...
Yes. Now tunnel attributes began to be appeared. We with Victor
shall lay out working configs and we shall close b
Just a question,
Is it normal that warning on the launch of the radiusd
[users]:28 WARNING! Check item "Pool-Suffix" found in reply item list for
user "DEFAULT".This attribute MUST go on the first line with the other
check items
This attribute is an internal reply attribute
Added in
Sorry, my mistake. Missed the SHIFT while typing.
Ivan Kalik
Kalik Informatika ISP
Dana 11/6/2008, "Guk Viktor" <[EMAIL PROTECTED]> piše:
>
>>
>> Did you put use-tunneled-reply=yes in peap config? I also can't see
>> freeradius config files.
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>>
>> Da
Hi
I’m still trying to get this working. I’m using an XP machine plugged into an
edge switch acting as a NAS. I’m using the PEAP/MSCHAP in XP to authenticate
against an LDAP directory. In that directory, we have created an attribute
called ntPasssword which I have populated with the word ‘passw
Why do you apply any policies to the outer identity?
Ivan Kalik
Kalik Informatika ISP
Dana 11/6/2008, "Gopinath Reddy N" <[EMAIL PROTECTED]> piše:
>Hello all,
>
>Iam using freeradius 2.0.2 version with TTLS/MSCHAPv2
>
>I have two users in configuration
>
>tmpuser -> tmpgroup
>emp1 -> employee
>
Have the Tunnel attributes appeared now in the Access-Accept? If they
have, that's all radius server can do. If the switch doesn't
understand tunnel attributes ...
Ivan Kalik
Kalik Informatika ISP
Dana 11/6/2008, "Gennadiy Redko" <[EMAIL PROTECTED]> piše:
>Ivan Kalik wrote:
>> Did you put use-t
Did you put use-tunneled-reply=yes in peap config? I also can't see
freeradius config files.
Ivan Kalik
Kalik Informatika ISP
Dana 10/6/2008, "Krzysztof Olędzki" <[EMAIL PROTECTED]>
piše:
Sorry!
We changed "use_tunneled_reply = yes" in other file of сonfig
freeradius. After they found whe
On 2008-06-11 12:37, Gennadiy Redko wrote:
[5500G-EI]display interface GigabitEthernet 7/0/40
GigabitEthernet7/0/40 current state : DOWN
This port is down, there is no client connected nor
authorized/authenticated.
[5500G-EI]display port-security interface GigabitEthernet 7/0/40
Gigabit
Piero Giobbi wrote:
> Ups, sorry, here's with the line above:
...
> -lnsl -lresolv -lpthread -lssl -lcrypto -Wl,--rpath -Wl,/usr/local/lib/
> /libeap/.libs/libfreeradius-eap.so: undefined reference to `BIO_test_flags'/
> /libeap/.libs/libfreeradius-eap.so: undefined reference to `EVP_MD_size'/
Hello all,
Iam using freeradius 2.0.2 version with TTLS/MSCHAPv2
I have two users in configuration
tmpuser -> tmpgroup
emp1 -> employee
Iam using "tmpuser" in outer authentication and "emp1" in inner
authentication. I have eap.conf file configured with
ttls {
copy_req
Ivan Kalik wrote:
Did you put use-tunneled-reply=yes in peap config? I also can't see
freeradius config files.
Ivan Kalik
Kalik Informatika ISP
Hi, Ivan.
This option too has not helped.
Regards.
Gennadii.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Krzysztof Olędzki wrote:
OK, we absolutely need some more info:
- display vlan
- display vlan ... (2?)
- display interface ... (G7/0/40?)
- display port-security interface ... (G7/0/40)
Hi,Krzysztof
Viktor Guk wrote:
>All too most, only with the letter "G".
[5500G-EI]disp vlan
The follo
Ups, sorry, here's with the line above:
/usr/bin/gmake -w -C libeap
gmake[7]: Entering directory `/root/freeradius-server-2.0.5/src/
modules/rlm_eap/libeap'
gmake[7]: Nothing to be done for `all'.
gmake[7]: Leaving directory `/root/freeradius-server-2.0.5/src/modules/
rlm_eap/libeap'
/root/fre
Please try to avoid to send emails to the list as "TO" *and* as "CC".
(I (and probably not only me) get your messages always twice.)
Have a nice day!
Am 11.06.2008 um 11:31 schrieb Anders Holm:
"There are other options."
Yes, I've come up with a few. Would you have others as well?
Sugges
"There are other options."
Yes, I've come up with a few. Would you have others as well? Suggestions are
welcome in all cases ..
//anders
- Original Message -
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: "FreeRadius users mailing list"
Sent: Monday, June 9, 2008 5:57:48 PM GMT +00:00 GMT
Indeed, stunnel is one way to go, another might be SSH tunnels, or as another
poster mentioned IPSec tunnels.
Yes, data integrity and security of the data is vital, along the whole path
from backend storage to end device, so this is just one piece of that puzzle ...
What I'll do short term is t
Alan DeKok a écrit :
Mustapha Bouikhif wrote:
I am having problemes getting Post-Proxy-Type to work in FreeRadius (FR);
I did tests with FR v2.0.3 and FR v2.0.5 after update without success;
Here is what i want to do:
Use attr_rewrite to write some attributes (those for setting VLAN) in
pro
On Tue, Jun 10, 2008 at 07:32:45PM -0700, Newall, Bryce wrote:
login credentials each time. The "Use Windows login credentials" (or
whatever it's called; can't remember off the top of my head) option is
checked. In fact, if I un-check it and have Windows prompt me for the
credentials, then the
Am 11.06.2008 um 09:50 schrieb Piero Giobbi:
Hi again.
Sorry Alan, i forgot to include "the" problem when i try to build
freeradius 2.0.5 on Fedora 8. Below is from make:
collect2: ld returned 1 exit status
Is it the only error line about the linking problem or are there
relevant lines
Piero Giobbi wrote:
> Sorry Alan, i forgot to include "the" problem when i try to build
> freeradius 2.0.5 on Fedora 8. Below is from make:
>
> /collect2: ld returned 1 exit status/
> /gmake[6]: *** [radeapclient] Error 1/
And you've deleted the actual error message.
Alan DeKok.
-
List info/
Hi again.
Sorry Alan, i forgot to include "the" problem when i try to build
freeradius 2.0.5 on Fedora 8. Below is from make:
collect2: ld returned 1 exit status
gmake[6]: *** [radeapclient] Error 1
gmake[6]: Leaving directory `/root/freeradius-server-2.0.5/src/modules/
rlm_eap'
gmake[5]: *
Newall, Bryce wrote:
> I'm convinced that it has SOMETHING to do with how Windows is passing
> the credentials through to FreeRadius, rather than a FreeRadius problem;
> I'm just not sure where to troubleshoot.
You'll know from reading this list where *my* biases are.
For most problem interac
55 matches
Mail list logo
