Slava wrote:
> Could anyone tell me if there exists a solution to integrate FR with a
> POP3 server
> in order to provide Radius controlled access to mailboxes via POP3?
> I am currently using cucipop
Look for patches to let cucipop do RADIUS authentication. If there
are none, maybe cucipop doe
Ryan Setiawan H wrote:
>Thanks for the reply, I've Update to freeradius 2.0.5, but still
> didn't show result, the debug still the same,
> here are the debug :
>
>...
> rad_recv: Access-Request packet from host 192.168.12.130 port 1024,
> id=27, length=213
> Sending duplicate reply to client l
Chris Fruehwirth wrote:
> Below is the debug output from FreeRADIUS. The first attempt is using
> the suffix [EMAIL PROTECTED], which works. The second attempt is using the
> users file and no realm, which fails.
...
> ++[eap] returns updated
> ++[unix] returns notfound
> users: Matched entry DEF
Hi,
Could anyone tell me if there exists a solution to integrate FR with a
POP3 server
in order to provide Radius controlled access to mailboxes via POP3?
I am currently using cucipop
Thank you
Slava Shkarupin
Kiev, UA
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/u
Ryan Setiawan H wrote:
> Use 2.0.5. Or, install raddb/sites-available/inner-tunnel from the
>source tree.
>
> Alan DeKok.
>
Hi Alan,
Thanks for the reply, I've Update to freeradius 2.0.5, but still
didn't show result, the debug still the same,
here are the debug :
rad_recv: Access-Re
Alan DeKok wrote:
Chris Fruehwirth wrote:
Here is my update from testing with different versions. I tried to test
the same scenario with 2.0.5 and got the same failed results. Then I
went back to 1.1.7 and it worked.
Read the debug output to see where the differences are.
I will
jbenben wrote:
> I am a new user of freeRadius. I fount you are a expert for it. I have
> same question about it. Can you give me a guideline : how to install and
> enable eap with 2.0.5 version ? Thanks a lot. Waiting your reply.
Read the documentation. It's all there.
Do you have a sp
Chris Fruehwirth wrote:
> Here is my update from testing with different versions. I tried to test
> the same scenario with 2.0.5 and got the same failed results. Then I
> went back to 1.1.7 and it worked.
Read the debug output to see where the differences are.
> I would like to add the realm na
Daniel Baumann wrote:
> Follow-up question (sorry I'm new this): I'm currently authenticating
> users with FreeRadius against an AD database (PEAP-MS-CHAPv2). Would I
> still have to use the ldap module to get a user's AD group membership?
Yes. There is no other way to get the AD group membersh
Alan DeKok-4 wrote:
>
> Ryan Setiawan H wrote:
>> Hi All,
>>I've an issue about EAP in 802.1X. right now, I'm trying EAP-MD5 for
>> 802.1X using freeradius 2.0.3
>
> Use 2.0.5. Or, install raddb/sites-available/inner-tunnel from the
> source tree.
>
> Alan DeKok.
> -
> List info/sub
Follow-up question (sorry I'm new this): I'm currently authenticating
users with FreeRadius against an AD database (PEAP-MS-CHAPv2). Would I
still have to use the ldap module to get a user's AD group membership?
Thanks,
Daniel
-Original Message-
From:
[EMAIL PROTECTED]
g
[mailto:[EMAIL P
>I would like to add the realm name to specific RADIUS traffic either by
>IP address, EAP type or NAS-Port-Type.
>
>If there is a better way to do this in 2.0.4-5, please let me know.
>
http://freeradius.org/radiusd/man/unlang.html
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscri
Here is my update from testing with different versions. I tried to test
the same scenario with 2.0.5 and got the same failed results. Then I
went back to 1.1.7 and it worked.
Here is more information on what I am trying to do.
I would like to add the realm name to specific RADIUS traffic eithe
>How do I configure FreeRADIUS to "read" the AD group membership
>attribute,
See group membeship section in ldap module configuration.
>and how do I then pass the matching VLAN-ID back to the
>switch?
Your switch documentation should tell you that. You normally use
Tunnel-Type, Tunnel-Medium-Ty
>Below is the debug output from FreeRADIUS. The first attempt is using
>the suffix [EMAIL PROTECTED], which works. The second attempt is using the
>users file and no realm, which fails.
>I'm just trying to figure out the differences between the two
>configurations and how to make the users file ent
Does anyone have a FreeRADIUS server handing out dynamic VLANs based on
group membership in AD to a HP 2800 series switch that's configured for
802.1X?
How do I configure FreeRADIUS to "read" the AD group membership
attribute, and how do I then pass the matching VLAN-ID back to the
switch?
Danie
# THIS WILL NOT WORK FOR CHAP, MS-CHAP, or 802.1x (EAP).
That relates to ldap "bind as user" authentication, not using ldap to
store user information.
Ivan Kalik
Kalik Informatika ISP
Dana 8/7/2008, "joris" <[EMAIL PROTECTED]> piše:
>Hello,
>
>After reading the configuration file radiusd.conf
Maciej Drobniuch wrote:
>> You are forcing Auth-Type. Don't do that.
>
> So, what I must force to don't mess up things?
Don't force anything. Use the default configuration.
>> And the passwords don't match.
>
> The passwords match. Do they have to be in plaint text (in db) or some kind
>
joris wrote:
> After reading the configuration file radiusd.conf, it explicitly says
> that one can't use LDAP as the authentication backend when you use EAP
I don't think it says that.
What part of the configuration file leads you to think it's impossible?
> Nonetheless, I can read elsewher
2008/7/8 joris <[EMAIL PROTECTED]>:
> Hello,
>
> After reading the configuration file radiusd.conf, it explicitly says
> that one can't use LDAP as the authentication backend when you use EAP
> (in my case, i'm interested in EAP-TTLS).
>
> Nonetheless, I can read elsewhere on the web that some peop
On Tue, 08 Jul 2008 18:49:48 +0200, Alan DeKok <[EMAIL PROTECTED]>
wrote:
>
> Upgrade to 2.0.5.
>
I had tht version and the same error appeared
>
> You are forcing Auth-Type. Don't do that.
>
So, what I must force to don't mess up things?
>
> And the passwords don't match.
The p
Hello,
After reading the configuration file radiusd.conf, it explicitly says
that one can't use LDAP as the authentication backend when you use EAP
(in my case, i'm interested in EAP-TTLS).
Nonetheless, I can read elsewhere on the web that some people seem to
use both EAP and LDAP, so I wonder w
Maciej Drobniuch wrote:
> I've tryied several freeradius versions, but i get always the same error:
> auth: user supplied CHAP-Password does NOT match local User-Password
> Currently i'm using freeradius 1.0.5
Upgrade to 2.0.5.
> and i want to bind it with the
...
> rlm_chap: Setting 'Auth-Ty
Hi everyone !
I'm a newbie in freeradius.
I've tryied several freeradius versions, but i get always the same error:
auth: user supplied CHAP-Password does NOT match local User-Password
Currently i'm using freeradius 1.0.5 and i want to bind it with the
pppoe-server(accounts are mysql based).
This
>I'm wonder what's the difference between using a suffix like @realmname
>versus using the proxy-to-realm in the users file.
>
Not much. With suffix the request will be proxied to that realm by
default (if that realm is defined) while proxy-to-realm attribute forces
it in the cases when it normall
Hello,
FreeRADIUS version 2.0.4
I'm wonder what's the difference between using a suffix like @realmname
versus using the proxy-to-realm in the users file.
My current setup is testing using the XP supplicant using PEAP. I've
already been able to terminate the PEAP connection and then proxy th
I'm seeing the same problems with Vista devices:
Sending Access-Accept of id 12 to 131.202.9.32 port 2048
User-Name = "u3t98"
Tunnel-Private-Group-Id:0 = "Academic"
Tunnel-Type:0 = VLAN
MS-MPPE-Recv-Key =
0xce1ea72659c68cceba45498192e03bbb73292f9cdc314bbdea6e5ede030
Hi,
I've tried sending this directly to the author, but there seems to be
a problem somewhere, so I'm sending it to the list instead.
Maybe I should file it as a bug report...
This has been in the Debian package for a while now
(http://packages.debian.org/libapache2-mod-auth-radius).
- Forw
>As you noted the client gets Access-Accept once, but then for some
>reason i don't know, it looses connection and never gets access to the
>network, on windows the network icon, shows trying to connect then
>later get the exclamation sign on the icon, first thought it was
>something with the vlan
Hello Alan.
> further to previous post - your log shows several WARNING
> entries - fix those.
Yes, fixed with eap.conf indications.
> finally, read eap.conf - especially the part about Windows
> systems not responding to EAP challenges...which is what your
> log looks like
I've read it again,
Alan DeKok wrote:
Norbert Wegener wrote:
As snmp is not available right now, I am looking in how to deal with
statistics, status_server and played a bit.
This way I was able to kill freeradius...
Whoops. The intent was to allow Status-Server to any port, but to
permit the statistic
[EMAIL PROTECTED] wrote:
Hi,
...
I got:
rad_recv: Status-Server packet from host 127.0.0.1 port 33453, id=117,
length=50
Message-Authenticator = 0x32f28212809676b99d5943988a714aa8
FreeRADIUS-Statistics-Type = Authentication
ASSERT FAILED stats.c[318]: request->listener->type == RAD_L
Norbert Wegener wrote:
> As snmp is not available right now, I am looking in how to deal with
> statistics, status_server and played a bit.
> This way I was able to kill freeradius...
Whoops. The intent was to allow Status-Server to any port, but to
permit the statistics only to a "status" por
Hi,
> As snmp is not available right now, I am looking in how to deal with
> statistics, status_server and played a bit.
> This way I was able to kill freeradius...
>
> First I noticed:
> radclient: dict_init: /usr/share/freeradius//dictionary.freeradius[47]:
> dict_addattr: attribute name too l
As snmp is not available right now, I am looking in how to deal with
statistics, status_server and played a bit.
This way I was able to kill freeradius...
First I noticed:
radclient: dict_init: /usr/share/freeradius//dictionary.freeradius[47]:
dict_addattr: attribute name too long
I commented
>users: Matched entry testing at line 102
What is this entry? Does it contain Cleartext-Password as debug clearly
suggests? Fix that.
>Sending duplicate reply to client test port 1024 - ID: 4 <--- any
>clue what is it ?
Your supplicant is sending initial request again. Server is respond
On Mon, 2008-07-07 at 20:51 +0200, Jos Vos wrote:
> On Mon, Jul 07, 2008 at 02:27:18PM -0400, John Dennis wrote:
>
> > NOTE: The Fedora src rpms's were never meant to build on RHEL (centos),
> > you may encounter build problems as a consequence. YMMV, you're on your
> > own :-)
>
> I have recen
Ryan Setiawan H wrote:
> Hi All,
>I've an issue about EAP in 802.1X. right now, I'm trying EAP-MD5 for
> 802.1X using freeradius 2.0.3
Use 2.0.5. Or, install raddb/sites-available/inner-tunnel from the
source tree.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius
Norbert Wegener wrote:
> I took today's cvs/git, modified the nas table:
...
> Modified nas_query:
>{"nas_query", PW_TYPE_STRING_PTR,
Err raddb/sql/mysql/dialup.conf, "nas_query". :)
It's not in the default config yet, but it should be updated before
2.0.6 is released.
Alan De
Hi All,
I've an issue about EAP in 802.1X. right now, I'm trying EAP-MD5 for
802.1X using freeradius 2.0.3 and procurve switch, sadly it doesn't
work. but when I 'am using freeradius 1.1.7 it works smoothly I've
tried not only using native windows XP SP 2 supplicant but also
wpa_suppli
>A new doubt. Is there anyway to safe disconnet an user from the radius server,
>in a way that it auto disconnects him from the nas (a pppoe server)?
Users are not connected to the radius server, so there is no need to
"disconnect" them.
>The server is an ISP in production and we have to restart
A new doubt. Is there anyway to safe disconnet an user from the radius server,
in a way that it auto disconnects him from the nas (a pppoe server)? And about
that Packet of Disconnect, is it still working?
I forgot to cite the version I'm using, and considering the message was sent on
weekend,
Geoffroy Arnoud wrote:
> I have a question about EAP-SIM and EAP-AKA authentication.
> Is fast-reauthentication supported (in eap or eap2 module)?
Fast re-authentication is supported only in the eap2 module, so far as
I know.
We should add the EAP-AKA patches to rlm_eap at some point. I've b
[EMAIL PROTECTED] wrote:
Hi,
Modified nas_query:
{"nas_query", PW_TYPE_STRING_PTR,
offsetof(SQL_CONFIG,nas_query), NULL, "SELECT
id,nasname,shortname,type,secret,server FROM nas"},
rebuild the server.
huh? thats the default query in the code - if you
edit sql.conf and
Hi,
> Modified nas_query:
>{"nas_query", PW_TYPE_STRING_PTR,
> offsetof(SQL_CONFIG,nas_query), NULL, "SELECT
> id,nasname,shortname,type,secret,server FROM nas"},
> rebuild the server.
huh? thats the default query in the code - if you
edit sql.conf and modify nas_query in the con
Alan DeKok wrote:
Norbert Wegener wrote:
where those changes alone did not seem to help...
See raddb/sql/mysql/nas.sql
The field name is "server", not "virtual_server". And it's commented
out by default.
So in 2.0.5 something seems to be missing.
The SQL tables
Hi all,
I have a question about EAP-SIM and EAP-AKA authentication.
Is fast-reauthentication supported (in eap or eap2 module)?
Thanks in advance for your answers.
Geoff.
_
Envoyez avec Yahoo! Mail. Une boite
Norbert Wegener wrote:
> where those changes alone did not seem to help...
See raddb/sql/mysql/nas.sql
The field name is "server", not "virtual_server". And it's commented
out by default.
> So in 2.0.5 something seems to be missing.
The SQL tables have to be updated to contain the ri
Alan DeKok wrote:
Norbert Wegener wrote:
will this be in 2.0.6 by default?
Yes.
It's also in 2.0.5, if you're willing to try it out in a testing
environment.
I will try it, but what about the comment from [EMAIL PROTECTED]:
the logic is in rlm_sql.c alrady, all you need to d
49 matches
Mail list logo