Hello, I have some usage questions about FreeRADIUS that I am not
finding answers for on the wiki.
Can FR:
* Place user/device in VLAN based on authentication? AAA 802.1q-in-q?
I guess this would be FR telling a router/switch to push or pop the
tag based on policy?
* Other than VLAN in priority qu
Madwifi wrote:
> From reading online, I understand its possible to run external script
> but I haven't been able to find a simple example.
How about using the "exec" module that is shipped with the server?
> I would like to know if this is possible.
> If so, could somebody help with a simple ex
Tomislav Goluza wrote:
> I have a problem authenticating with Cisco Aironet 1200 access point. I
> have valid certificates on my laptop and on Freeradius.
Are you sure?
> This is the output on AP:
Which is irrelevant.
> This is what I get on freeradius:
...
> Sending Access-Challenge of id
I have a problem authenticating with Cisco Aironet 1200 access point. I
have valid certificates on my laptop and on Freeradius.
This is the output on AP:
Interface Dot11Radio0, Deauthenticating Station 001e.4c8c.8406 Reason:
Sending station has left the BSS
Interface Dot11Radio0, Station NBD7FB3
Hi,Here is the link to send free SMS to any mobile in India. I use it too :-) http://www.indyarocks.com/register_step1.php?invitor=MjEyMjkyMA==&emailencryp=ZnJlZXJhZGl1cy11c2Vyc0BsaXN0cy5mcmVlcmFkaXVzLm9yZw==.-Sunkara RaviPrakashPlease note: This message was sent to you by a user at Indyarocks.com.
>From reading online, I understand its possible to run external script but I
>haven't been able to find a simple example.
I would like to know if this is possible.
If so, could somebody help with a simple example?
I want this script to be run on post-auth REJECT which i believe goes on the
foll
[EMAIL PROTECTED] a écrit :
>> Two problems I can see in the debug output:
>>
>> - 1 - control returns noop (the update control is placed at the end
>> ofthe authorize section after pap), and so nothing happens...
>>
>
> That's OK. AFAIK it returns noop (and not updated) even when attributes
My sincerest thanks to everyone for their assistance on this. The hints
file solution appears to have done the trick. Just a few more tweaks
and I can finally call this project complete.
Thanks again,
J Fox
[EMAIL PROTECTED] wrote:
It's hints file for you then:
http://wiki.freeradius.or
>I know, but what he does not understand is how to referee when you talk
>about "cabundle" because what I have in / cert are the certificates that I
>made in the steps of README, which I did not serve for windows, that the
>back to delete?
>when I run the command openssl x509-inform PEM-in-outform
I know, but what he does not understand is how to referee when you talk
about "cabundle" because what I have in / cert are the certificates that I
made in the steps of README, which I did not serve for windows, that the
back to delete?
when I run the command openssl x509-inform PEM-in-outform DER c
Charles Plater wrote:
> Thanks for the info. Is it safe to distribute the ca.der file via a web
> server?
Yes. There is no secret information in it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello All,
I am trying to authenticate a Windows XP Client with the username and
password configured in the Users file on the Radius Server. I have tried
saveral changes, but I am not able to get rid of this error. I am running
freeradius 2.1.1 on Suse 10 SP1.
Kindly Help, I am in urgent need o
On Oct 16, 2008, at 10:40 AM, Alan DeKok wrote:
Charles Plater wrote:
Are there any instructions on using a valid SSL cert so that users
are
not prompted to verify the cert on first connection?
The users need to load the certificate manually.
I have looked at the README in the certs direc
Charles Plater wrote:
> Are there any instructions on using a valid SSL cert so that users are
> not prompted to verify the cert on first connection?
The users need to load the certificate manually.
> I have looked at the README in the certs directory, and I tried a self
> signed cert, which ga
>Do you referred to this line?
>
>openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der
>
Yes. That converts ca.pem into ca.der. And you don't have to be a genius
to figure out how to convert cabundle.pem into cabundle.der.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/un
Do you referred to this line?
ca.der: ca.pem
openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>It seems we need a comma at the end of the line which is not right for check
>items. So instead of doing that, I changed the sentenses to the following,
>in "users" file:
>
>
>
>DEFAULT Group := "doctor", Pool-Name := "julienne"
>
>
>
>DEFAULT Group := "dentist", Pool-Name := "netplus"
>
>
> I was watching the file cert/Makefile to be able to solve my problem but
>the truth is that according to what I saw I could not understand must be
>done to achieve conversion certificates, is it a script?
No. A single command turns .pem file into .der. One line of text. Can you
at least locate t
Hello all,
I encountered a strange problem while editing "users" file.
I have Freeradius 2.0.5 and MS SQL working together. When a request coming
in, Freeradius forwards it to MS SQL for authentication of username and
password, and Freeradius reads Group Name attribute saved in MS SQL. M
Good day,
I was watching the file cert/Makefile to be able to solve my problem but
the truth is that according to what I saw I could not understand must be
done to achieve conversion certificates, is it a script?
tell me if I am wrong:
XP does not rely on the certificate then we must convert, fol
I have freeradius 2.0.5 successfully authenticating 802.1x via
MSChapV2. I am trying to use a signed SSL certificate, that is signed
by a CA w/ a chained CA certificate (from ipsca.com) I assumed that
using a CA signed cert would do away w/ the errors on connection from
WPA2 / 802.1x client
>I just wonder if i can use radtest command as testing from a different
>client?
>Such as,
>Assume i have a client conf for 1.1.1.1 ip add. in my freeradius(2.2.2.2)
>server.
>And from 3.3.3.3 client(lets call client3) i am trying to test the
>connection.like
>radtest user pass 2.2.2.2 10 secret
Hello ,
I just wonder if i can use radtest command as testing from a different
client?
Such as,
Assume i have a client conf for 1.1.1.1 ip add. in my freeradius(2.2.2.2)
server.
And from 3.3.3.3 client(lets call client3) i am trying to test the
connection.like
radtest user pass 2.2.2.2 10 secret
Yes. I had a look at Chillispot dictionary and you can set up sqlcounter
with ChilliSpot-Max-Total-Octets.
Ivan Kalik
Kalik Informatika ISP
Dana 16/10/2008, "Budiono U." <[EMAIL PROTECTED]> piše:
>Hi Ivan,
>Is it possible ,after he reach limit, it will disconnect with Chillispot ?
>
>Regards
>B
I'm going to wait and see if it "fixes itself" in Fedora 10. The version I'm
working with now is 2.1.1. Then I may report a bug to Fedora. If I do I'll
mention it on this listserv. The issues I've seen on Fedora 9 are:
- Grabbed a random port when starting up (this was with the early 2.0 version
Hi Ivan,
Is it possible ,after he reach limit, it will disconnect with Chillispot ?
Regards
Budiono
2008/8/21 Ivan Kalik <[EMAIL PROTECTED]>:
> Does your NAS vendor have sach attribute? If not you can use sqlcounter
> with input/output octets. It won't disconnect the user when he reaches
> his da
Noel Rwamatsika wrote:
> i have inserted the file but still get this error
>
> roke-billing:/etc/raddb/certs # rcfreeradius start
> Starting RADIUS daemon radiusd: Error: No log destination specified.
> startproc: exit status of parent of /usr/sbin/radiusd: 1
Are you sure it's reading the conf
Karl Auer wrote:
> Which brings us full circle to the original question: Has anyone already
> done this? Anyone out there have scripts that do DDNS?
I don't have any scripts handy, but there must be DNS / DHCP tools
that do DDNS. I suggest looking in non-RADIUS software.
Alan DeKok.
-
List i
piston wrote:
> I'm trying to building package, so how i got error during the process. I have
> no problem to build freeradius 2.1.0 package at this pc.
Grab the "stable" tar file. See git.freeradius.org for instructions.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freerad
Just to re-enforce what others have said, its pretty simple. Just make
sure you either have the correct dial-in attribute on your users in
the LDAP server or that you comment out the line containing it. (it
took me a while to figure out why is was sending so many access-reject
packets)
On Wed, Oct
http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ#It_still_doesn.27t_work.21
Ivan Kalik
Kalik Informatika ISP
Dana 16/10/2008, "Ronni Feldt" <[EMAIL PROTECTED]> piše:
>Thanks,
>
>I found the following in the HP Documentation:
>
>To supply a privilege level via RADIUS, specify the âServ
Hi All
Update, i found this error message under
freeradius-server-2.1.1/debian/patches/01-radiusd-to-freeradius.dpatch
patching file Make.inc.in
Hunk #1 succeeded at 48 with fuzz 1.
patching file raddb/radiusd.conf.in
Hunk #1 succeeded at 66 with fuzz 2 (offset 33 lines).
Hunk #2 FAILED at 128
On Thu, 2008-10-16 at 12:13 +0200, Alan DeKok wrote:
> Nice... but there's no reason to *rely* on the User-Name.
No - and it really shouldn't. It should allow the authenticating entity
to deliver a name to register. At very least it should allow the realm
to be stripped off before doing DDNS on
Thanks,
I found the following in the HP Documentation:
To supply a privilege level via RADIUS, specify the “Service-Type”
attribute in the user’s
credentials.
• Service-Type = 6 allows manager-level access
• Service-Type = 7 allows operator-level access
• A user with Service-Type not equal to 6 o
Hi All
I'm trying to building package, so how i got error during the process. I have
no problem to build freeradius 2.1.0 package at this pc.
Please assist.
Below are the logs
dpkg-buildpackage -b -uc
dpkg-buildpackage: set CPPFLAGS to default value:
dpkg-buildpackage: set CFLAGS to default v
Karl Auer wrote:
>> DHCP does DDNS. RADIUS doesn't.
>
> NASes may..
Based on RADIUS User-Names? This is dumb. The NAS should at *least*
assign names based on a VSA. Using the User-Name is wrong.
> Here's the full scoop then: This "NAS" is a tunnel broker. When you
> bring up a tunnel, yo
>But now I'm stuck again. Where do I specify privileges ?
>
You will have to find the answer to that in your switch documentation.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Thu, 2008-10-16 at 07:57 +0200, Alan DeKok wrote:
> Karl Auer wrote:
> > We have a very broken NAS - it basically only half-understands realms.
> DHCP does DDNS. RADIUS doesn't.
NASes may..
> Why the heck would the NAS be doing DDNS updates? In what alternate
> reality is this useful?
H
Okey - got a bit futher.
Had forgot to add the HP-Switch in the clients.conf
Now it evaluates me against Radius, but I get the following error:
Please Enter Login Name: rofe
Please Enter Password:
Access denied: no user's privilege level supplied by the RADIUS server
But now I'm stuck again. Wh
Hi,
I am trying to get FreeRadius to work with Heimdal Kerberos.
What I use:
Ubuntu 8.04
FreeRadius 1.1.7-1build4
Heimdal-kdc 1.0.1-5ubuntu4
I have installed Heimdal Kerberos and get tickets. My next step is to
get FreeRadius to work with Heimdal and then logging in to my HP-Switch
using FreeRad
i have inserted the file but still get this error
roke-billing:/etc/raddb/certs # rcfreeradius start
Starting RADIUS daemon radiusd: Error: No log destination specified.
startproc: exit status of parent of /usr/sbin/radiusd: 1
41 matches
Mail list logo