David Blood wrote:
> I wish what you said was true. I see that in Make.inc sysconfdir is set to
> /etc. Great. The problem is when I run radius -X after installing. It says
> it is looking for the config files in /usr/local/etc/raddb. I can use
> radiusd -Xd /etc/raddb and things work fine.
I wish what you said was true. I see that in Make.inc sysconfdir is set to
/etc. Great. The problem is when I run radius -X after installing. It says
it is looking for the config files in /usr/local/etc/raddb. I can use radiusd
-Xd /etc/raddb and things work fine. The problem is making rad
Hi
I have Freeradius configured with a backend of OpenLdap for user management.
I would like to be able to pass attributes for Nortel and Juniper
gear, which when statically defining users in user file is done via:
user Auth-type:=Local, User-Password := "test"
Juniper-Local-User-Name =
Well, I would follow documentation and recompile with that option. It's
hard to imagine facts will change without it.
Again Auth-Type will be set if password is located in ldap, so that
won't work either.
Ivan Kalik
Kalik Informatika ISP
Dana 28/8/2008, "Syed Anwarul Hasan" <[EMAIL PROTECTED]>
Alan DeKok a écrit :
> Alexandre Chapellon wrote:
>
>> Oh my! Do you know what thoose commands are, or where i can find them.?
>>
>
> Err.. "man ld"? Watch the output of running "make", and see what
> commands it runs, then try variants of those?
>
Is there a possibility to have an
kas mataz wrote:
> Due to acquisition of companies, we now need to support multiple Certificate
> Authorities.
See "CA_path". Certificates in that directory are allowed CA's.
> Wireless is successful in v2.0.5 using EAP-TLS with one eap instance for
> Company1, but when
> I add a second eap
David Blood wrote:
> I have deleted all the files and reextracted them and still have this
> problem. I can see in the make install output that It is trying to install
> the configuration files in the /etc/raddb and warns me that there are files
> there that are old then it's new ones. That’s
Greg wrote:
> Are there still plans to add in GnuTLS support for freeradius, or have
> those died?
There's little value in it.
> I looked through the mail archives and found references
> to people wanting to do it in 2003 and 2006, against pre-2.0 code, and
> wondered if things had changed (ei
Due to acquisition of companies, we now need to support multiple Certificate
Authorities.
Wireless is successful in v2.0.5 using EAP-TLS with one eap instance for
Company1, but when
I add a second eap instance for Company2, eap fails for Company1.
Is there a means to evaluate the certificate
In line
David Blood
> -Original Message-
> From: freeradius-users-
> [EMAIL PROTECTED] [mailto:freeradius-
> [EMAIL PROTECTED] On Behalf Of
> Alan DeKok
> Sent: Thursday, August 28, 2008 12:13 AM
> To: FreeRadius users mailing list
> Subject: Re: Compile problems
>
> David Blood wrote:
Hi all,
Are there still plans to add in GnuTLS support for freeradius, or have
those died? I looked through the mail archives and found references
to people wanting to do it in 2003 and 2006, against pre-2.0 code, and
wondered if things had changed (either in freeradius or gnutls) to
make it more
hi,
whats wrong with that debug? looked fine here - that should
end with a happy connection. ntlm_auth got the correct
response.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Arran Cudbard-Bell wrote:
> New administrative components. The default schemas and configs will need
> altering if you want it to work straight off, that's usually done in a
> major release.
It's been long enough since 2.0.5. I'd like to do something soon.
> Ah no, this is EAP-TLS session resu
James Yale wrote:
> I've upgraded to the testing version of samba for FC9, 3.2.1 which
> unfortunately didn't resolve the issue - still getting the 'Invalid
> authenticator response in success request' problem.
If it works when you put a Cleartext-Password in the "users" file,
then there isn't m
>> EAP-MSCHAPV2: Invalid authenticator response in success request
>
> Upgrade Samba. If you're not using at least 3.2.1, upgrade to that.
>
>> http://jim.geezas.com/stuff/radius-debugging/ *-failure.log), the
>> message authenticator does seem to be invalid,
>
> No. eapol_test is saying that t
Gene Hinds wrote:
> I am trying to determine how to have freeradius respond with
> different attributes for a user depending on what device he telnets
> into.
You key off of the source IP address. See "man unlang"
if (Packet-Src-IP-Address == 1.2.3.4) {
update reply
Ivan , I have build the free radius on SLES 10 SP2 without e-directory
option. And also in ldap module, it is uncommented by default with value
e-dir_account_policy_check=no.So by default the Novell e-dir check is
disabled and further in the module I have uncommented the set_auth_type=yes
which is
This is easier in users file. In sql you can use groups and have customer
router IP as NAS-IP-Address for customer group and your router IP for
core group in radgroupcheck. In radgroupreply you shoulf return Service
-Type and priv level (1 for core and 15 for customer).
If there several tech level
Hello,
I have recently installed freeradius and set it up to use a mysql
database which will store username, passwords and attributes. My current
goal is to limit user access and privileges into Cisco, and other types,
of routers when support personnel SSH/telnet into them. I currently have
the gen
Hi,
I'm using the radius pam module to authenticate users connecting to an ftp
server.
The proprietary radius server that we are using expects, after a successful
user name / password check, an access challenge in the form numbers displayed
on a token.
My problem is that I can't figure out
Hm, that should work (password was found):
>rlm_ldap: - authorize
>rlm_ldap: performing user authorization for thales
>WARNING: Deprecated conditional expansion ":-". See "man unlang" for
>details
>expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=hasan)
>expand: dc=thales
*yes Ivan.
Debug o:p radiusd -X*
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 1031, id=171,
length=57
User-Name = "hasan"
User-Password = "thales"
Could be. You haven't posted the debug of request processing, so we
can't see what's going on.
Ivan Kalik
Kalik Informatika ISP
Dana 28/8/2008, "Syed Anwarul Hasan" <[EMAIL PROTECTED]>
piše:
>Hi Ivan, this is the request .Sorry Ivan, I didn't fix the name resolution
>for locahost. This Problem
Hi Ivan, this is the request .Sorry Ivan, I didn't fix the name resolution
for locahost. This Problem is due to this.
I will fix the name resolution.
SYED
# radtest hasan thales localhost 1 testing123
Sending Access-Request of id 241 to 127.0.0.1 port 1812
User-Name = "hasan"
User
Well, ldap found the user but didn't find the password. Post the debug
from the request.
Ivan Kalik
Kalik Informatika ISP
Dana 28/8/2008, "Syed Anwarul Hasan" <[EMAIL PROTECTED]>
piše:
>Hi Alan,
>Since I am using a Plain password in the LDAP database, hence I tried to do
>LDAP Authentication wi
Hi Alan,
Since I am using a Plain password in the LDAP database, hence I tried to do
LDAP Authentication with Auth-type set to LDAP.
Even I tried with only uncommenting ldap in Authorize and Authenticate
section of default file in sites-enabled.Still, I am having the Problem with
*no Authenticate m
That should work. See also:
http://wiki.freeradius.org/index.php/Cisco#IOS_12.x
Ivan Kalik
Kalik Informatika ISP
Dana 28/8/2008, "ICHIRO Yamaguchi" <[EMAIL PROTECTED]> piše:
>Hi,I'm Ichiro Yamaguchi from Japan.
>I installed freeradius ver.1.1.7 on Solaris 10(sparc).
>I want to use this radius
Alan DeKok wrote:
(but in fact this response arrives to the interface of the computer with
freeradius installed - i see this with sniffer, but there is nothing in
freeradius logs about this packet)
Odds are that it arrives, but too late. Run the server in debugging
mode to see it print a mes
28 matches
Mail list logo
