Raja Peer wrote:
> Trying to get radiusd work with local dhcp server.
What does that mean?
> Does anyone have dhcp work with freeradius ?
Yes. See other messages on this list.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello ,
Maybe I didn't as the correct question previously. Is it that failover
works only when the first LDAP server is not reachable ? In my case both
servers are reachable. I want to configure a case where if the login
fails in one of the servers , the other one is tried.
Thanks
Sambuddho
On W
Hello
I set the password_header to = {crypt} and password_attribute to
"userPassword" (Thats the name of the field in the database). Now this
is what the logs show,
rlm_ldap: performing search in ou=People,dc=example,dc=com, with filter
(uid=try)
rlm_ldap: Added User-Password = $1$n48a7wCp$RfvlOx
Hi,
Trying to get radiusd work with local dhcp server.
radiusd: FreeRADIUS Version 2.0.6, for host i386-unknown-openbsd4.1, built
on Jul 2 2008 at 08:57:18
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
http://wiki.freeradius.org/index.php/Rlm_ldap
See use of password_header and password_attribute.
Ivan Kalik
Kalik Informatika ISP
Dana 2/7/2008, "Sambuddho Chakravarty" <[EMAIL PROTECTED]> piše:
>Hello
> I think I know what the problem is. The radius server is looking up
>using cleartext passw
Hello
I think I know what the problem is. The radius server is looking up
using cleartext password , while the LDAP data base stores the hashed
passwords. How can I force the radiuse server to search for the password
as a hashed value (rather than searching for the clear-text value) ?
Thanks
Sa
On Wed, 2008-07-02 at 12:33 -0600, Greg Woods wrote:
> On Wed, 2008-07-02 at 17:15 +0100, Ivan Kalik wrote:
>
> > How sure are you that your auth script works?
>
> I'm not using a script. Under 1.1.7 at least, when "otp" is invoked, it
> communicates with otpd using a socket.
I've got more on t
Hello Alan
I made sure this time that rlm_ldap was compiled. Now the following is
the configuration
--/etc/raddb/modules/ldap---
ldap ldap1 {
server = "a.b.c.d"
...
}
ldap ldap2 {
server = "w.x.y.z"
...
}
-/etc/raddb/radiusd.conf
On Wed, 2008-07-02 at 17:15 +0100, Ivan Kalik wrote:
> How sure are you that your auth script works?
I'm not using a script. Under 1.1.7 at least, when "otp" is invoked, it
communicates with otpd using a socket. This is known as the "rendezvous
point" and is specified in otpd.conf as "otpd_rp
=
On Wed, 02 Jul 2008 18:02:18 +0200
Alan DeKok <[EMAIL PROTECTED]> wrote:
> i.e. "when the server starts properly", checkrad works. When the
> server doesn't start properly, it doesn't.
>
> > So it is not a severe bug of checkrad in 2.0.5, it just behaves strange,
> > when some clients in clien
Does the NAS support CoA? You can use radclient to send CoA request.
Ivan Kalik
Kalik Informatika ISP
Dana 2/7/2008, "sub" <[EMAIL PROTECTED]> piše:
>Hello everybody,
>I looked around a bit but without success.
>
>I currently use freeradius for several services and I have the
>following scenari
>User-Name = "woods"
>User-Password = "##"
>NAS-IP-Address = 127.0.0.1
>NAS-Port = 0
>+- entering group authorize
>++[preprocess] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>rlm_realm: No '@' in User-Name = "woods", looking up realm NULL
>
Hello everybody,
I looked around a bit but without success.
I currently use freeradius for several services and I have the
following scenario:
- a user is authenticated through a NAS;
- due to some event my application/script or something recalculate the
Session-Timeout value, normally decreasing
>I set those two attributes in the users file based on the group the
>username is in and the huntgroup the NAS is in.
rlm_perl post_proxy function might be more suited for this.
>I tried to find
>somewhere I could grab the attributes from, but I couldn't find them
>anywhere. My guess is that the
Thomas LAVIGNE wrote:
> Hello,
>
> Does anybody know how to remove the "" in the answere arround presto ?
...
> Sending Access-Accept of id 6 to 212.xx.xx.xx port xxx
> Redback-Subscriber-Profile-Name := "presto"
You don't remove the double quotes. They are printed to the screen.
They
oz wrote:
> I guess, I tracked it down. I started radiusd -X of version 2.0.3 in my
> 2.0.5 environment, and compared the console messages between the two
> versions.
>
> I noticed, that 2.0.5 didn't read in all my NAS clients. It stopped,
> where one client definition had no secret set, with this
Alan DeKok wrote:
oz wrote:
M. S. wrote:
Can I put this in bugzilla? Seems like simultaneous use is completely
broken in 2.x which is a fairly significant feature.
I would agree. I'm not sure why it's broken...
To me checkrad seems to be broken too. I'm using 2.0.5 without virtual
se
Ivan Kalik wrote:
>> OK, I think I have this figured out. Does this seem like a reasonable
>> solution? From sites-enabled/default:
>>
>> pre-proxy {
>># Save our relevant attributes in the 'control' list before
>># we send our request to the proxy. We will retrieve them later.
>>
Hello,
Does anybody know how to remove the "" in the answere arround presto ?
Please find here an example of the access-accept answere sended by my
FreeRadius server.
---BEGINING---
Sending Access-Accept of id 6 to 212.xx.xx.xx port xxx
Redback-Subscriber-Profile-Name := "presto"
On Wed, 2008-07-02 at 09:23 +0100, Ivan Kalik wrote:
> Try adding it to inner-tunnel as well (you won't be using it there, but
> it won't hurt). It looks like inner-tunnel is loaded before default in
> your configuration (my 2.0.5 loads default first).
Thank you! That was it! First major hurdle ov
Ryan Setiawan H wrote:
> right now I have already installed 2.0.3
"Try installing 2.0.5" != "I installed 2.0.3"
It's nice that it works... but...
> It's just work :D thanks Alan however there is this strange string
> "Please update your configuration so that the "known good" clear text
>
Did you uncheck "validate server certificate" in peap properties in xp
supplicant?
Yes, this option is/was uncheck,
Peter
--
Pogoda na dzis.
Sprawdz >>> http://link.interia.pl/f1e42
-
List info/subscribe/unsubscribe? See
>thx for answers, i forgot write that I use only login and password for
>authentication, i don't use certificates, EAP-mschapv2. This workaround
>is for me ?
>
Did you uncheck "validate server certificate" in peap properties in xp
supplicant?
Ivan Kalik
Kalik Informatika ISP
-
List info/subscri
Alan DeKok wrote:
Try installing 2.0.5 in a separate directory and configuring it. Odds
are it will work.
in time I will try install it, but if i can't make this ( LDAP CHAP )
clear... definitely I will encounter the same problem again :)
2.0.5 has many, many fixes that aren't in 1.1.7.
Piotr Salwerowicz wrote
> thx for answers, i forgot write that I use only login and password for
> authentication, i don't use certificates, EAP-mschapv2. This workaround
> is for me ?
You cannot use EAP-MSCHAPv2 for wireless authentication. You have to
use PEAP or TTLS.
I suggest reading m
>I follow your documentation and succeed with the part "Configuring FreeRADIUS
>to use ntlm_auth"
>
>So I want to use "Configuring FreeRADIUS to use ntlm_auth for MS-CHAP",
Why? Your client is not using mschap. If you want to test if mschap works
you can send test requests with ntradping or JRadi
Thanks a lot, that was the point.
Pierre
[EMAIL PROTECTED] wrote:
> Trying to setup group membership filtering against LDAP group membership
> for user authentication and authorization, seems that %{Ldap-UserDn} is
> not correctly expanded (shown as blank) in my conf.
> Does anyone experienc
Alan DeKok pisze:
Piotr Salwerowicz wrote:
I have problem with freeradius 2.x with wpa/wpa2 and win xp home sp2.
I try to make 802.1x + wpa/wpa2 on my ap linksys/dd-wrt. The supplicants
are windows xp home with sp2 with patch wpa/wpa2. On my access points i
set wpa/wpa2 enterprise/mix/radius and
[EMAIL PROTECTED] wrote:
> Trying to setup group membership filtering against LDAP group membership
> for user authentication and authorization, seems that %{Ldap-UserDn} is
> not correctly expanded (shown as blank) in my conf.
> Does anyone experienced same problems or has any idea about what i
oz wrote:
> M. S. wrote:
>> Can I put this in bugzilla? Seems like simultaneous use is completely
> broken in 2.x which is a fairly significant feature.
I would agree. I'm not sure why it's broken...
> To me checkrad seems to be broken too. I'm using 2.0.5 without virtual
> servers.
...
> che
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
| I have problem with freeradius 2.x with wpa/wpa2 and win xp home sp2.
| I try to make 802.1x + wpa/wpa2 on my ap linksys/dd-wrt. The supplicants
| are windows xp home with sp2 with patch wpa/wpa2. On my access points i
| set wpa/wpa2 enterpr
Piotr Salwerowicz wrote:
> I have problem with freeradius 2.x with wpa/wpa2 and win xp home sp2.
> I try to make 802.1x + wpa/wpa2 on my ap linksys/dd-wrt. The supplicants
> are windows xp home with sp2 with patch wpa/wpa2. On my access points i
> set wpa/wpa2 enterprise/mix/radius and every time i
Am 02.07.2008 um 14:05 schrieb Ubale, Abhishek Amarnath:
Hi,
Im trying to install freeradius 2.0.5 on solaris10 (sparc) and Im
only interested in rlm_perl module. My configure script is
./configure --prefix=/usr/local/radius --with-static-modules=perl --
disable-shared --without-rlm_sql -
P.S. Sorry, I posted to the developers-list, but I meant the users-list, so
here it should be discussed:
M. S. wrote:
> Can I put this in bugzilla? Seems like simultaneous use is completely
broken in 2.x which is a fairly significant feature.
To me checkrad seems to be broken too. I'm using
hello
I have problem with freeradius 2.x with wpa/wpa2 and win xp home sp2.
I try to make 802.1x + wpa/wpa2 on my ap linksys/dd-wrt. The supplicants
are windows xp home with sp2 with patch wpa/wpa2. On my access points i
set wpa/wpa2 enterprise/mix/radius and every time i have in logs:
"Sendin
Hi,
Im trying to install freeradius 2.0.5 on solaris10 (sparc) and Im only
interested in rlm_perl module. My configure script is
./configure --prefix=/usr/local/radius --with-static-modules=perl
--disable-shared --without-rlm_sql --without-rlm_eap --without-rlm_ldap
--without-rlm_krb5 --withou
Hello,
Trying to setup group membership filtering against LDAP group membership
for user authentication and authorization, seems that %{Ldap-UserDn} is
not correctly expanded (shown as blank) in my conf.
Does anyone experienced same problems or has any idea about what is wrong
in my conf ?
Her
Thank you Ivan, but I will not create hashes because the LDAP
administrator doesn't want any changes on LDAP.
I have other alternative which I'll will explains in a while.
Thanks.
Ivan Kalik escreveu:
Try typing smbencrypt on the command line and see what happens.
Ivan Kalik
Kalik Informatik
Try adding it to inner-tunnel as well (you won't be using it there, but
it won't hurt). It looks like inner-tunnel is loaded before default in
your configuration (my 2.0.5 loads default first).
Ivan Kalik
Kalik Informatika ISP
Dana 1/7/2008, "Greg Woods" <[EMAIL PROTECTED]> piše:
>On Tue, 2008-
Thanks Alan for your answer
I follow your documentation and succeed with the part "Configuring FreeRADIUS
to use ntlm_auth"
So I want to use "Configuring FreeRADIUS to use ntlm_auth for MS-CHAP", so I
delete my user in database.
Do I have to keep the following line in my radiusd.conf ?
exec ntl
Ryan Setiawan H wrote:
>> Try installing 2.0.5 in a separate directory and configuring it. Odds
>> are it will work.
>
> in time I will try install it, but if i can't make this ( LDAP CHAP )
> clear... definitely I will encounter the same problem again :)
2.0.5 has many, many fixes that aren'
41 matches
Mail list logo
