Kevin J wrote:
Well, Radius protocol is not just machine-to-machine issue. I think you
don't understand how request protocol can be simulated by hammering with
our tool. We have tested various protocols by this tool.
The people here do have some experience with RADIUS. Including
Kavita Chitnis wrote:
I am trying to work with Radius on a FreeBSD machine.
When I try radlogin on the client machine , I get the following message
from the server
Ready to process requests.
Service-Type = 0x0001
What client is this? It's *severely* broken.
Alexandre Chapellon wrote:
I am wondering if something is not missing in the oracle libs i
installed...?
That certainly could be the case.
Do you have any clue that can help me to findout what is hapenning?
No idea, sorry. Every time I've built with Oracle support, it's just
worked...
Hi
2008/8/20 Alan DeKok [EMAIL PROTECTED]:
Martin Schneider wrote:
- I read in wikipedia, that the spring 2008 release of FreeRadius has
experimental EAP-TNC support. I couldn't find any information on the
FreeRadius homepage or wiki, that this information is correct. Has FreeRadius
EAP-TNC
Martin Schneider wrote:
Does anybody know about a patch or something for FreeRadius that adds
more stable EAP-TNC processing? I heard about a patch from FH Hannover
(http://tnc.inform.fh-hannover.de/wiki/index.php/Main_Page) but I
don't know how good this one works. Did maybe anybody of you
Perhaps try it with a Cleartext-Password in the users file. i.e.
*Without* using ntlm_auth. That works for me, including with
eapol_test, and TTLS/EAP-MSCHAPv2.
Can you clarify this setup/change to test? I was pretty sure I needed
to use ntlm_auth to auth against AD to test mschapv2
Put a
Hi Alan and Ivan,
Alan DeKok wrote:
Config looks like this:
DEFAULTAuth-Type := Accept
This completely bypasses any password checks.
ERX-Virtual-Router-Name = vpn:XXX,
ERX-Egress-Policy-Name = XXX,
ERX-Local-Loopback-Interface = loopback 255,
hi
how can i reject a user if his datavolume is reached? (some attribute in
radreplay?)
all users are stored in mysql.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hmm..
Our tool .. What tool is this? Something you built yourselves? Commercial
offering perhaps?
I've done performance testing, load testing and all osrts of other types of
testing. You say you have figures showing something, but you seem unsure why
the figures tell you waht they do. Then
Message: 3
Date: Thu, 21 Aug 2008 08:36:07 +0200
From: Martin Schneider [EMAIL PROTECTED]
Subject: Re: EAP-TNC supported?
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID:
[EMAIL PROTECTED]
Content-Type: text/plain; charset=ISO-8859-1
Hi
S Adrian [EMAIL PROTECTED] writes:
Thanks .. but still .. those thingies .. c .. cr .. 7064 .. what are they ?
7064 is a vendor id. c, cr etc. are flags used by Steel-Belted Radius
to specify how the attributes are used. See
Hi Ingo and others
Does anybody know about a patch or something for FreeRadius that adds
more stable EAP-TNC processing? I heard about a patch from FH Hannover
(http://tnc.inform.fh-hannover.de/wiki/index.php/Main_Page) but I
don't know how good this one works. Did maybe anybody of you guys
I'm having a couple of issues particularly pertaining to the NAS-IP-Address
variable that is passed from the switch. When a client sends the auth-request,
we find that the authorize function of our perl script is being executed
multiple times for the same request. I would think that the
Message: 4
Date: Thu, 21 Aug 2008 14:39:48 +0200
From: Martin Schneider [EMAIL PROTECTED]
Subject: Re: EAP-TNC supported?
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID:
[EMAIL PROTECTED]
Content-Type: text/plain; charset=ISO-8859-1
Hi
Have a look at captive portals.
Ivan Kalik
Kalik Informatika ISP
Dana 21/8/2008, Thomas Buchberger [EMAIL PROTECTED] piše:
Hi Alan and Ivan,
Alan DeKok wrote:
Config looks like this:
DEFAULTAuth-Type := Accept
This completely bypasses any password checks.
Does your NAS vendor have sach attribute? If not you can use sqlcounter
with input/output octets. It won't disconnect the user when he reaches
his data limit but it will prevent him from connecting after that.
Ivan Kalik
Kalik Informatika ISP
Dana 21/8/2008, mike [EMAIL PROTECTED] piše:
hi
Alan DeKok wrote:
William Hegardt wrote:
EAP-TLS authentication fails with the fatal unknown ca message.
The server cert may need to be marked with CA:true
If I hack the Makefile like Sergio mentioned last month to sign the
client certificate with
the CA key, then authentication
Pardon me if I've missed something, but as far as I can tell the server
cert isn't authorised to sign client certs
And where did you get that idea?
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Put a test user in the users file:
test Cleartest-Password := blah, MS-CHAP-Use-NTLM-Auth := 0
TTLS/MSCHAPV2 works!
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending
request, round trip time 0.00 sec RADIUS packet matching with station
MS-MPPE-Send-Key (sign) -
Brooks, Kyle wrote:
Put a test user in the users file:
testCleartest-Password := blah, MS-CHAP-Use-NTLM-Auth := 0
TTLS/MSCHAPV2 works!
If that still fails, then there's something wrong with the system
that breaks the server in 2.0.5.
Running Samba 3.2.0 on Fedora 9
Samba 3.0.28
Alan,
Thank you very much for the quick reply.
I have changed the radius client package to
radiusclient-0.5.6_1 Client library and basic utilities for RADIUS AAA
as the old one was giving trouble (5.2 version) and now radlogin seems to
work good!
Now to make the client use radius login instead
Kavita Chitnis wrote:
Now to make the client use radius login instead of regular login
(authentication), I have downloaded the
ftp://ftp.freeradius.org/pub/radius/pam_radius-1.3.17.tar.gz file but
the setting described are for Linux and not for FreeBSD.
Is it possible to get the FreeBSD
Andrew Hood wrote:
Pardon me if I've missed something, but as far as I can tell the server
cert isn't authorised to sign client certs, so I can't see how it could
work. The CA can sign client certs.
There can be multiple levels of CA's. Verisign, your company, the
local division, etc. This
Adam W. Sewell wrote:
I'm having a couple of issues particularly pertaining
to the NAS-IP-Address variable that is passed from the
switch. When a client sends the auth-request, we find
that the authorize function of our perl script is being
executed multiple times for the same request.
This also leads into the second issue I'm having that when
the perl script does run, it doesn't always pass the same
data in the NAS-IP-Address variable. Half the time it is the
correct information and half the time it is 127.0.0.1.
Go read the debug output. The NAS-IP-Address is
Alan DeKok a écrit :
Alexandre Chapellon wrote:
I am wondering if something is not missing in the oracle libs i
installed...?
That certainly could be the case.
Do you have any clue that can help me to findout what is hapenning?
No idea, sorry. Every time I've
26 matches
Mail list logo
