Original-Message
> Datum: Tue, 19 Aug 2008 17:37:34 +0200
> Von: [EMAIL PROTECTED]
> An: freeradius-users@lists.freeradius.org
> Betreff: Problems with EAP and LDAP replyItems (2.0.2)
> Hi Guys,
>
> Since freeradius2 has some major improvements I try to upgrade from 1.1.4.
> Unf
radiusCallingStationId is already mapped as Calling-Sattion-Id. Use
another ldap attribute name for this.
Ivan Kalik
Kalik Informatika ISP
Dana 20/8/2008, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> piše:
> Original-Message
>> Datum: Tue, 19 Aug 2008 17:37:34 +0200
>> Von: [EMAIL PR
Hi!
I want to bind a login with Calling-Station-Id but i've got problems...
*I've had added the Calling-Station-Id to mysql radcheck table.
*I've had turned on the rlm_checkval by adding it into authorize section
*I've had set the notfound-reject variable to yes
I get the following errors in debu
Original-Message
> Datum: Wed, 20 Aug 2008 09:18:57 +0100
> Von: "Ivan Kalik" <[EMAIL PROTECTED]>
> An: "FreeRadius users mailing list"
> Betreff: Re: Problems with EAP and LDAP replyItems (2.0.2)
> radiusCallingStationId is already mapped as Calling-Sattion-Id. Use
> another ld
at least a RFC with a book.
2008/8/20 Do Nguyen Ha <[EMAIL PROTECTED]>:
> its good news for everyone who love FreeRadius :)
>
>> Date: Tue, 19 Aug 2008 09:23:06 +0200
>> From: Alan DeKok <[EMAIL PROTECTED]>
>> Subject: I've started to put the book online
>> To: FreeRadius users mailing list
>>
>>
IT WORKS! :-)
setting use_tunneled_reply = yes in peap-section solved the problem.
thanks for your help anyway!
Original-Nachricht
> Datum: Wed, 20 Aug 2008 11:09:27 +0200
> Von: "Chaos Commander" <[EMAIL PROTECTED]>
> An: FreeRadius users mailing list
> Betreff: Re: Problems
Hi Alan,
Alan DeKok wrote:
> :) It's simple... just read 1000's of lines of debugging output, and
> hordes of miscellaneous unrelated unorganized documentation files.
>
:-P
>> We have several different Users in user-files which works fine.
>> Now we want that the radius always answers with O
>CHAP Passwords don't get checked and if the username is correct the user
>gets the wrong Options.
>Not really better...
Add Fall-Through = Yes to the DEFAULT entry if you want to check entries
that come later in users file.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
>I want to bind a login with Calling-Station-Id but i've got problems...
>*I've had added the Calling-Station-Id to mysql radcheck table.
>*I've had turned on the rlm_checkval by adding it into authorize section
>*I've had set the notfound-reject variable to yes
>
>I get the following errors in deb
>
> Johan Meiring wrote:
> >> Is there any way to handle clients with dynamic IPs, and use
> >> the NAS-Identifier and radius secret to allow/disallow the NAS?
>
> The current git tree has functionality that should do this. See
> git.freeradius.org, and read raddb/sites-available/dynamic-clie
Yes, you needn't. What you need is to create a normal user account and add
these attributes in radreply:
Framed-Protocol = PPP, Framed-IP-Address = 10.0.0.x,
Framed-IP-Netmask = 255.255.255.0,
Be carefull because you have to modify the ppp profiles in the Mikrotik client
in the option /ppp pr
Ivan Kalik wrote:
> Add Fall-Through = Yes to the DEFAULT entry if you want to check entries
> that come later in users file.
Fall-Through is active.
With PAP it works - but not with CHAP. That's the problem ...
I think the CHAP module handles wrong passwords and auth-type different
than the rlm_p
>Config looks like this:
>
>DEFAULTAuth-Type := Accept
That would make any protocol irrelevant. pap or chap.
>ERX-Virtual-Router-Name = "vpn:XXX",
>ERX-Egress-Policy-Name = "XXX",
>ERX-Local-Loopback-Interface = "loopback 255",
>Service-Type = Framed-User,
>Framed-Prot
Hello everybody,
I've got two questions:
- I read in wikipedia, that the spring 2008 release of FreeRadius has
"experimental EAP-TNC" support. I couldn't find any information on the
FreeRadius homepage or wiki, that this information is correct. Has FreeRadius
EAP-TNC support? And "how experimenta
I want to check by the pppd 3 attributes that must match:
-Login
-Password
-MAC Address
So if someone on another machine who uses the login and the password will
be rejected.
The mikrotik NAS doc shows that there is a Calling-Station-ID
http://www.mikrotik.com/testdocs/ros/2.9/guide/aaa_radius.php
Thank you for the reply but you did miss the point of Calling-Station-ID
Greetz!
On Wed, 20 Aug 2008 12:05:58 +, Santiago Balaguer García
<[EMAIL PROTECTED]> wrote:
> Yes, you needn't. What you need is to create a normal user account and
add
> these attributes in radreply:
> Framed-Protocol
id - username - attribute - op
1139 gojko Calling-Station-Id 00:50:70:AE:04:54 ==
Mikrotik wants uppercase MAC address and OP must be ==
It works for me and you need to insert this in radcheck table
On Wed, Aug 20, 2008 at 2:34 PM, Maciej Drobniuch <[EMAIL PROTECTED]>wrote:
>
> Thank you for th
It works now properly!
BIG THANKS!
On Wed, 20 Aug 2008 14:40:12 +0200, "Marinko Tarlac" <[EMAIL PROTECTED]>
wrote:
> id - username - attribute - op
> 1139 gojko Calling-Station-Id 00:50:70:AE:04:54 ==
>
> Mikrotik wants uppercase MAC address and OP must be ==
>
> It works for me and you need to
Hi,
here is something i can't understand.
If i set some user Expiration attribute for example 23.08.2008,
and this user is connected to my NAS, how NAS will stop that user.
Better explanation.
I have setup mikrotik hotspot with radius authorization.
Authorization works. User have access with given
It calculates maximal session time and sends it to NAS as
Session-Timeout. If your NAS supports Session-Timeout attribute (and
most do) user will be signed off by the NAS if he is still logged on at
the expiration time.
Ivan Kalik
Kalik Informatika ISP
Dana 20/8/2008, "Bozhan Boiadzhiev" <[EMAIL
Hello All,
Can I extend the expire days for the CA certificate (ca.cnf) ?
And if possible how long can I extend it as maximum?
Right now the ca certificate´s maximum days are 30.
Best regards,
Johan Nyman
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/l
Johan Nyman wrote:
> Can I extend the expire days for the CA certificate (ca.cnf) ?
Edit the "default_days" parameter. This is documented in OpenSSL.
> And if possible how long can I extend it as maximum?
See the OpenSSL documentation for it's configuration files.
Alan DeKok.
-
List info
Martin Schneider wrote:
> - I read in wikipedia, that the spring 2008 release of FreeRadius has
> "experimental EAP-TNC" support. I couldn't find any information on the
> FreeRadius homepage or wiki, that this information is correct. Has FreeRadius
> EAP-TNC support? And "how experimental" is the E
Brooks, Kyle wrote:
> I have run the test as recommended and attached the results. eapol_test
> does fail
...
> EAP-MSCHAPV2: Invalid authenticator response in success request
That's pretty definitive.
Hmm... it means that the MSCHAP-Success attribute sent by the server
is wrong.
Perhaps
Thomas Buchberger wrote:
> With PAP it works - but not with CHAP. That's the problem ...
> I think the CHAP module handles wrong passwords and auth-type different
> than the rlm_pap module.
No. It doesn't.
> Config looks like this:
>
> DEFAULTAuth-Type := Accept
This completely byp
Johan Meiring wrote:
> Using the sites-available as an example I created the following:
>
> A Virtual Server with a authorize section that will create the client.
> Tested working using static info.
...
> Works perfectly.
As designed.
> No I replace the "static info" above with a SQL query, ag
ok thanks
one more thing.
is it possible to set timestamps instead date as Expiration attribute.
I need this for example if i want to give a given customer
access to internet for one day.
As i understand Expiration attribute can get only date values.
Can i set timestamp and radius to send Sessio
Hi,
Regarding the above mentioned subject, we are facing the
problem of "Windows was unable to find the certificate to
log on to the network Roaming test2".
Though the certificates are installed properly, and when we
are using the same certificates for 'PEAP-MSCHAPv2' with
'validate server certif
Does anybody know the performance on Sun T-1000?
Just noticed that radius cannot reach more than 20% CPU time when we ran a
heavy traffic with nas simulations. We have tested some other programs and
could reach even more than 90% so just curious anybody experienced the similar
result.
-
It is not likely your actually putting too much strain on the server side.
You¹ll need quite a lot of machines hammering the RADIUS server before it¹ll
break into a sweat. The client side would have higher CPU utilization then
the server side, per request.
Comparing one program to another is not e
Alan DeKok a écrit :
> Alexandre Chapellon wrote:
>
>> Ok the modules compils great. and it creates rlm_sql_oracle-2.0.5.so
>> (and its symlink). I copy thoose two files in /usr/lib/freeradius
>> but when launching freeradius -X i get:
>> ...
>> freeradius: symbol lookup error: /usr/lib/freera
Well, that's why I am saying we used the nas simulation tool. We can hammer a
lot of traffic with this multi-threaded tool and also we tried at least three
client boxes so don't assume our traffic was not enough.
- Original Message
From: Anders Holm <[EMAIL PROTECTED]>
To: FreeRadius
I still do ...
I¹ve had 10 multi core boxes hammering one server, still not enough .. You
need more clients .. ;) RADIUS as such requires very little from the server
side in terms of CPU. All it really does is compare x with y and then
respond yes or no, once you strip down all the various variant
Here we go,
TTLS/PAP works
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending
request, round trip time 0.00 sec RADIUS packet matching with station
MS-MPPE-Send-Key (sign) - hexdump(len=32): c5 bd 3a 25 91 1b fa 82 01 4c
d2 d3 0f 50 b9 69 57 32 5c 19 73 03 2a 02 d2 47 36 bd 0d 7
Hi,
I am trying to work with Radius on a FreeBSD machine.
When I try radlogin on the client machine , I get the following message from
the server
Ready to process requests.
Service-Type = 0x0001
User-Name = "xxx"
User-Password = "\240\365\313ħ\255\371\r\203\30
Well, Radius protocol is not just machine-to-machine issue. I think you don't
understand how request protocol can be simulated by hammering with our tool.
We have tested various protocols by this tool.
Per our test results, radius can reach the limit of requests by hammering
easily but CPU wa
>As i understand Expiration attribute can get only date values.
No, date and time:
August 20 2008 13:45:00
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Kevin J wrote:
> Well, Radius protocol is not just machine-to-machine issue. I think you
> don't understand how request protocol can be simulated by hammering with
> our tool. We have tested various protocols by this tool.
The people here do have some experience with RADIUS. Including
perform
Kavita Chitnis wrote:
> I am trying to work with Radius on a FreeBSD machine.
> When I try radlogin on the client machine , I get the following message
> from the server
>
> Ready to process requests.
> Service-Type = 0x0001
What client is this? It's *severely* broken.
>
Alexandre Chapellon wrote:
> I am wondering if something is not missing in the oracle libs i
> installed...?
That certainly could be the case.
> Do you have any clue that can help me to findout what is hapenning?
No idea, sorry. Every time I've built with Oracle support, it's just
worked..
Hi
2008/8/20 Alan DeKok <[EMAIL PROTECTED]>:
> Martin Schneider wrote:
>> - I read in wikipedia, that the spring 2008 release of FreeRadius has
>> "experimental EAP-TNC" support. I couldn't find any information on the
>> FreeRadius homepage or wiki, that this information is correct. Has FreeRadius
Martin Schneider wrote:
> Does anybody know about a patch or something for FreeRadius that adds
> more stable EAP-TNC processing? I heard about a patch from FH Hannover
> (http://tnc.inform.fh-hannover.de/wiki/index.php/Main_Page) but I
> don't know how good this one works. Did maybe anybody of you
42 matches
Mail list logo
