On Wed, 23 Jul 2008 21:31:02 +0200, krzychk2 <[EMAIL PROTECTED]> wrote:
> Dnia 2008-07-23, śro o godzinie 21:06 +0200, Alan DeKok pisze:
>> krzychk2 wrote:
>> > I'd like to do a solution like token authentication.
>>
>> Token authentication is usually done as part of an existing
>> authenticati
No, it should return notfound.
I can confirm this. If check is put in radcheck table user will be
rejected but if check (that should fail) is put in radgroupcheck table
user is authenticated. That is not how things should work. It should
return notfound if there is no match in radgroupcheck too.
Sergio escribió:
Sergio escribió:
HI,
continuing with Reveal MAP problem with unknown ca's under eap-tls
using default configuration
private_key_file = ${certdir}/server.pem
certificate_file = ${certdir}/server.pem
CA_file = ${cadir}/ca.pem
freeradius tell me this:
rlm_eap_tls: <<< TLS 1.
Dnia 2008-07-23, śro o godzinie 21:06 +0200, Alan DeKok pisze:
> krzychk2 wrote:
> > I'd like to do a solution like token authentication.
>
> Token authentication is usually done as part of an existing
> authentication protocol.
>
> Which authentication protocol do you plan on using?
> Alan
krzychk2 wrote:
> I'd like to do a solution like token authentication.
Token authentication is usually done as part of an existing
authentication protocol.
Which authentication protocol do you plan on using?
> Firts step.
> User is authorized by user/password.
>
> Secound step:
> For the a
It seems that rlm_sql_process_groups in rlm_sql.c does not handle this
situation
1. If paircompare fails in rlm_sql_process_groups it should not return
found=1
2. rlm_sql_authorize should handle return code of rlm_sql_process_groups so
that if it is not found it should actually return not found a
Dnia 2008-07-23, śro o godzinie 16:28 +0100, Ivan Kalik pisze:
> >Firts step.
> >User is authorized by user/password.
> >
> That would be radius.
>
> >Secound step:
> >For the authentication from LDAP is taken further informations (like UID,
> >date of birth) and user is asked about it.
> >
>
>
http://msdn.microsoft.com/en-us/library/aa813696(VS.85).aspx
To enable logging do the following:
- Netsh wlan set tra yes
- netsh ras set tr * en
- Reproduce your problem
- netsh ras set tr * dis
- Netsh wlan set tra no
If you go to the %windir%\tracing\wireless\ directory you will a load of
.et
Ivan,
Even with default SQL query it returns OK, because user is defined properly,
it is just check attributes of group do not match
I went to the code and I saw that rlm_sql_process_groups function causes the
whole module to return OK even though NAS-IP-Address attribute does not
match
Note it d
I have FreeRADIUS check the pop3 server for valid users.
So I'm looking for a script. Some one have this for gmail account? :-)
v.
2008/7/23, Alan DeKok <[EMAIL PROTECTED]>:
> Vittore Zen wrote:
>> how to use (a remote) pop3 server with (a local) freeradius to
>> authenticate users?
>
> What d
>See in debug output a valid user with valid password comes from wrong
>NAS-IP-Address which does not belong to check attributes of the user's group
>
>++[sql] returns ok
That is wrong. If group check fails sql should return notfound. Check
your sql entries again. Have you altered default sql quer
>Firts step.
>User is authorized by user/password.
>
That would be radius.
>Secound step:
>For the authentication from LDAP is taken further informations (like UID, date
>of birth) and user is asked about it.
>
That would be web or some other application that you will need to write.
You sould pr
Sergio escribió:
HI,
continuing with Reveal MAP problem with unknown ca's under eap-tls
using default configuration
private_key_file = ${certdir}/server.pem
certificate_file = ${certdir}/server.pem
CA_file = ${cadir}/ca.pem
freeradius tell me this:
rlm_eap_tls: <<< TLS 1.0 Handshake [lengt
Alan DeKok wrote:
Lech Karol Pawłaszek wrote:
Vista and XP3 are broken. Microsoft does this deliberately.
Is there any way to un-break it?
Ask Microsoft. I'll ask some of the people who may be (partially)
responsible next week.
I know this is not the place to ask such questions howeve
The problem is that all the users are valid and SQL module returns OK
replyattribute list is empty, so I need somehow reject the user
I did some dirty workaround
if (!reply:Service-Type) {
# reply list does not contain Service-Type
reject
}
See in debug o
Thank you!!!
Cristian Novac.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I'm a new user in freeRADIUS.
I'd like to do a solution like token authentication.
Firts step.
User is authorized by user/password.
Secound step:
For the authentication from LDAP is taken further informations (like UID, date
of birth) and user is asked about it.
I think it is something
Lech Karol Pawłaszek wrote:
>> Vista and XP3 are broken. Microsoft does this deliberately.
>
> Is there any way to un-break it?
Ask Microsoft. I'll ask some of the people who may be (partially)
responsible next week.
> I know this is not the place to ask such questions however is there any
Thank you !
Cristian NOVAC
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok wrote:
Lech Karol Pawłaszek wrote:
I've tested my configuration with eapol_test command (as suggested at
this site[1]) and it works fine. I've tested it against MacOsX 10.4 and
MacOsX 10.5 and it works fine. I even tested it against Windows XP SP2
and it works fine. It doesn't work wi
Stefan A. wrote:
Gurus,
normally, I would do a short check, but currently I've no connection to one
of my running FR, but have to plan some extensions.
Has someone of you done something like the following?
Regarding 'hints' - file: Would it be possible to use
- $INCLUDE /path/file?
rlm_pre
Hello
We have been using the groupmembership attribute in radius.conf to assign
users to the appropriate vlans. Up until now we've done it based on the type
of LDAP user they are (ie, staff, student, faculty, etc..):
groupmembership_attribute = eduPersonPrimaryAffiliation, (where
eduPersonPrim
leopold wrote:
> If user is coming from NAS-IP-Address x.x.x.1 or x.x.x.2 or x.x.x.3 the user
> should be accepted and reply attributes are sent back
> If however if user is coming from NAS-IP-Address y.y.y.1 he should be
> rejected (even in the case he provide a valid password and NAS y.y.y.1 is
>
Hi,
I am using freeradius 2.0.5 with MySQL, I am very new to Radius and
FreRadius so please pardon my ignorance
I need to reject user if his NAS-IP-Address input attribute does not match
check attributes defined for his group.
For example radgroupcheck
| 1 | GROUP1 | NAS-IP-Address | == | x
Am Mittwoch, 23. Juli 2008 13:57 schrieb Stefan A.:
> Gurus,
>
>
> For my Application, I have to build a central error file, which will be
> parsed by the HP Openview agents for monitoring.
> I'd like to write major errors raised by FR also into this file. It would
> be enough to have the DB errors
Gurus,
Would it be possible to BCD decode a VSA value coming from the NAS?
I'm working in 3GPP environment.
Some of my older GGSNs are sending the 3GPP-IMEISV as it will be delivered
to them by the SGSN, which is BCD encoded. They just put the information
into the 3GPP VSA. Times ago, it was not c
Gurus,
For my Application, I have to build a central error file, which will be
parsed by the HP Openview agents for monitoring.
I'd like to write major errors raised by FR also into this file. It would be
enough to have the DB errors in there.
How can I configure FR, that these Messages are appen
Gurus,
normally, I would do a short check, but currently I've no connection to one
of my running FR, but have to plan some extensions.
Has someone of you done something like the following?
Regarding 'hints' - file: Would it be possible to use
- $INCLUDE /path/file?
- Fall-Trough?
- temp A/V pai
I'm sorry! I try to connect in telnet...
Moreover, probably I solved my problem with your suggestion.
In the clients.conf I create a specific client for each host on my network,
like this:
client 192.168.0.1/32 {
secret = secret
shortname = router
}
cli
>rlm_pap: No clear-text password in the request. Not performing PAP.
>++[pap] returns noop
>auth: No User-Password or CHAP-Password attribute in the request
>auth: Failed to validate the user.
Are you sure your supplicant is set to use PAP inside TTLS? You have
disabled chap and mschap on the ser
Right. The log lists short name from clients.conf which is a descriptive
name that you give to your routers (so you can tell them apart easier
than with IPs). So, login attempt was onto the router you called
"myhomenetwork-network".
Ivan Kalik
Kalik Informatika ISP
Dana 23/7/2008, "Danilo Molini
Lech Karol Pawłaszek wrote:
> I've tested my configuration with eapol_test command (as suggested at
> this site[1]) and it works fine. I've tested it against MacOsX 10.4 and
> MacOsX 10.5 and it works fine. I even tested it against Windows XP SP2
> and it works fine. It doesn't work with Windows Vi
splintered thoughts wrote:
> I've trying to get ntlm_auth to authenticate several supplicants using
> freeradius 1.1.6,
Upgrade.
> Is there a way to use regular expressions or otherwise to inspect the
> Stripped-User-Name to adjust which radius attribute is used in the
> ntlm_auth command, in
Danilo Molini wrote:
> I try to explain better what I want.
>
> My freeradius server is 10.0.0.1 and the router that
> use the radius service is 192.168.0.1 and I try to
> connecto to the router from my pc with ip address 172.16.0.1
'connect"... how? Administrator login on the router? Plea
Vittore Zen wrote:
> how to use (a remote) pop3 server with (a local) freeradius to
> authenticate users?
What do you want to do? Authenticate pop3 users via RADIUS, or have
FreeRADIUS check the pop3 server for valid users?
If (1), see the pop3 documentation for any RADIUS and/or PAM
integra
Am Mittwoch, 23. Juli 2008 09:44 schrieb Vittore Zen:
> Hi,
>
> how to use (a remote) pop3 server with (a local) freeradius to authenticate
> users?
>
> thanks
> v.
What POP3 server?
What methods is this using to authenticate (sasl, unix, pam, ...)?
If PAM, see:
http://freeradius.org/pam_radius_au
Hi,
how to use (a remote) pop3 server with (a local) freeradius to authenticate
users?
thanks
v.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I try to explain better what I want.
My freeradius server is 10.0.0.1 and the router that use the radius service
is 192.168.0.1 and I try to connecto to the router from my pc with ip
address 172.16.0.1
The log report this information:
Auth: Login OK: [test] (from client myhomenetwork-network por
UNCLASSIFIED
Running version 2.0.5, with LDAP backend for
authentication/authorization.
Needed functionality: A single user account needs a different
ldap/radius profile depending on which huntgroup the request is coming
in on... the reason is that each user has a different Framed-IP-Address
for
Danilo Molini wrote:
> For example: from my pc I try to connect to a router without the correct
> credentials. Freeradius log that my PC with IP address 1.1.1.1
> has tried to make access with the user "admin" and
> password "admin", but do not report the address of the router to wich
> someone has
nf-vale wrote:
> I'm also suffering from this Vista "disease". But in my case I can
> authenticate users using PEAP, from XP SP2 and SP3 clients, even with
> "Validating Server Certificate" checked.
>
> The problem is only with Vista. I've all the windows updates available
> installed but I can't
Vidar Hatlemark wrote:
> I see, so no extra config is needed to route the accounting info from
> the file it now uses into the mysql radacct table?
As I said, the "sql" module is referenced in
raddb/sites-available/default. You need to READ it, and uncomment all
of the references to SQL. This
42 matches
Mail list logo