>My first question for the list, to which I haven't been able to find a
>clear answer ever is : What EAP sub-types are the ones I should
>configure?
>
Nothing. Just don't touch anything in eap.conf and all supported eap
types will work. If you generate certificates with scripts provided you
don't e
Alan DeKok wrote:
> Adam Bultman wrote:
>
>> I decided it would be easier (in the long run) to simply start with a
>> default freeRadius 2.0.5 config file, and then adjust it to match our
>> setup. This has so far been going well, except now I've run into a
>> problem where variables in my users
>I cannot find a redundant section in this radiusd.conf
>
*You* should put it in. In post-auth.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I've been trying to get my second set up IP address' working. The
main_pool works correctly. main_pool2 does not appear to ever issue
more than 2 ip addresses.
you had previously mentioned:
Marco C. Coelho wrote:
>> Did you put "main_pool" and "main_pool" into a fail-over section, as
>> d
Hi,
I've got a couple of Wi-Fi APs that support "802.1X" (3Com 7760), so I
want to configure them to authorize client connections based on user
information stored in an LDAP server (Fedora Directory Server, all users
already have "samba" type password hashes).
My first question for the list, to w
Instructions what to do with segmentation faults are in doc/bugs.
Ivan Kalik
Kalik Informatika ISP
Dana 28/10/2008, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> piše:
>Hi All,
>I tried the patch but unfortunately the library sigfaults.
>
>Program received signal SIGSEGV, Segmentation fault.
>0xfecf4
Hi All,
I tried the patch but unfortunately the library sigfaults.
Program received signal SIGSEGV, Segmentation fault.
0xfecf45b8 in pam_sm_authenticate () from /usr/lib/security/pam_radius_auth.so.1
Any suggestion?
Regards,
Cesare
--- Mer 22/10/08, Alan DeKok <[EMAIL PROTECTED]> ha scritto:
>I want to use a freeradius server for the following purposes:
>
>- grant authorizaton to Cisco switches via LDAP (group membership checking,
>etc).
Yes.
>- make a WIFI with WPA+802.1x via MS IAS/RRAS (the main auth is done by the
>IAS, so the freeradius acts as client for IAS/RRAS, and the WIF
Hi,
> Interesting the "getting" page only links to the old 1.x versions - an
> omission? In any case you can just get the old 2.x from here
> ftp://ftp.freeradius.org/pub/freeradius/old/
getting an older version wont help - it'll also fail the OpenSSL stuff
simply because its a compilation prob
Hi,
I want to use a freeradius server for the following purposes:
- grant authorizaton to Cisco switches via LDAP (group membership checking,
etc).
- make a WIFI with WPA+802.1x via MS IAS/RRAS (the main auth is done by the
IAS, so the freeradius acts as client for IAS/RRAS, and the WIFI APs ac
Interesting the "getting" page only links to the old 1.x versions - an
omission? In any case you can just get the old 2.x from here
ftp://ftp.freeradius.org/pub/freeradius/old/
- Original Message -
From: "Hubert Kupper" <[EMAIL PROTECTED]>
To: "FreeRadius users mailing list"
Sent: Tu
Those are check items, so they should go on the first line.
Ivan Kalik
Kalik Informatika ISP
Dana 28/10/2008, "Dajka Tamás" <[EMAIL PROTECTED]> piše:
>What's the difference (commas or new lines)?
>
>BTW, it's working as it should. Thanks.
>
>Tamas
>
>Fela
What's the difference (commas or new lines)?
BTW, it's working as it should. Thanks.
Tamas
Feladó: [EMAIL PROTECTED] [EMAIL PROTECTED], meghatalmazó: [EMAIL
PROTECTED] [EMAIL PROTECTED]
Küldve: 2008. október 28. 13:48
Címzett: FreeRadius users mailing lis
Hi,
> I don't know how much of this was from clean up, but if possible you
> really really shouldn't use cn=Manager,dc=somedomain for this. It is
> generally concidered a no go to let anything use the directory manager.
> At our site I created a dedicated radiusd user who has exactly and only
> t
Hi,
> I have build the rpm's without errors. Before I had to edit the
> freeradius.spec file and comment out autoreconf.
> After radiusd -X I get the following errors:
yep - you build it without openssl-devel package installed -
it clearly says in the log
> rlm_eap: Ignoring EAP-Type/tls becau
On Mon, 2008-10-27 at 18:41 -0600, Anthony Chavez wrote:
> Module: Instantiating ldap
> ldap {
> server = "directory.somedomain"
> port = 389
> password = "secret"
> identity = "cn=Manager,dc=somedomain"
I don't know how much of this was from clean up, but if poss
[EMAIL PROTECTED] wrote:
Do I need to set Simultaneous-Use := 1 for the groups not allowed SU,
and Simultaneous-Use := 2 for the group allowed SU?
OK. This is how Simultaneous-Use works in freeradius: you put that
attribute when you want to set the limit for a number of simultaneous
connectio
Graham Marsh schrieb:
No idea, sorry. You say this is SLES10SP2 which I haven't used, have
you tried
- FR2.1.0?
- clean slate install perhaps in a VM?
- fall back to SLES10SP1?
Other than that I have nothing to suggest
where can I get FR2.1.0 source?
Boert
-
List info/subscribe/unsubscribe?
You probably need to link to openssl in configure. Something like:
http://www.mail-archive.com/[EMAIL PROTECTED]/msg19160.html
Ivan Kalik
Kalik Informatika ISP
Dana 28/10/2008, "Graham Marsh" <[EMAIL PROTECTED]> piše:
>No idea, sorry. You say this is SLES10SP2 which I haven't used, have you
>t
No idea, sorry. You say this is SLES10SP2 which I haven't used, have you
tried
- FR2.1.0?
- clean slate install perhaps in a VM?
- fall back to SLES10SP1?
Other than that I have nothing to suggest
- Original Message - > rlm_eap: Ignoring EAP-Type/tls because we do
not have OpenSSL supp
>DEFAULT
>Ldap-Group != "cn=routing_admins,ou=groups,dc=mydomain,dc=hu",
>Auth-Type := Reject
>
Sorry, this looked like a single line in my webmail. It should be:
DEFAULT Ldap-Group !=
"cn=routing_admins,ou=groups,dc=mydomain,dc=hu", Auth-Type := Reject
(all on the same line).
Ivan Ka
Allready tried it, but not working. The users file:
DEFAULT
Service-Type = Login-User,
Fall-Through = 1
DEFAULT
Ldap-Group != "cn=routing_admins,ou=groups,dc=mydomain,dc=hu",
Auth-Type := Reject
In the log, I don't see it, if it ever tries to search for group membership.
Does i
I've got only a few lines of debug.
Ivan Kalik
Kalik Informatika ISP
Dana 28/10/2008, "Oguzhan Kayhan" <[EMAIL PROTECTED]> piše:
>>>I have freeradius virtual configurations.
>>>Until today all were working without a problem.
>>>But today i created a new one and i have a tiny problem about it.
>>
>>I have freeradius virtual configurations.
>>Until today all were working without a problem.
>>But today i created a new one and i have a tiny problem about it.
>>It doesnt update sql queries until the user logs off. SO i can not track
>>the statistics of online users and transferred data etc via
Add Fall-Through = 1 for Service-Type entry.
Ivan Kalik
Kalik Informatika ISP
Dana 28/10/2008, "Dajka Tamás" <[EMAIL PROTECTED]> piše:
>Working, thanks. What about LDAP group membership checking?
>
>DEFAULT
>Ldap-Group != "cn=routing_admins,ou=groups,dc=mydomain,dc=hu",
>Auth-Type := Re
Working, thanks. What about LDAP group membership checking?
DEFAULT
Ldap-Group != "cn=routing_admins,ou=groups,dc=mydomain,dc=hu",
Auth-Type := Reject
This is not working (inserted after DEFAULT Service-Type = Login-User)
Tamas
Feladó: [EMAIL PROT
>>I have freeradius virtual configurations.
>>Until today all were working without a problem.
>>But today i created a new one and i have a tiny problem about it.
>>It doesnt update sql queries until the user logs off. SO i can not track
>>the statistics of online users and transferred data etc via
>I have freeradius virtual configurations.
>Until today all were working without a problem.
>But today i created a new one and i have a tiny problem about it.
>It doesnt update sql queries until the user logs off. SO i can not track
>the statistics of online users and transferred data etc via mysql
Graham Marsh schrieb:
I am running FR 2.1.0 OK on SLES10SP1 against edir LDAP backend.
The way I did it, I installed the C/C++ Compiler and Tools in the Yast
patterned setup. This takes care of a number of dependencies. If you
don't want to do this, simply install the required deps later but
the
>As I see, that I should provide "Service-Type = Login-User" in the reply. Is
>it possible somehow?
DEFAULT
Service-Type = Login-User
In users file. Or put it in ciscoextra where avpair is.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/l
Hello,
I have freeradius virtual configurations.
Until today all were working without a problem.
But today i created a new one and i have a tiny problem about it.
It doesnt update sql queries until the user logs off. SO i can not track
the statistics of online users and transferred data etc via mys
As I see, that I should provide "Service-Type = Login-User" in the reply. Is it
possible somehow?
Feladó: [EMAIL PROTECTED] [EMAIL PROTECTED], meghatalmazó: Dajka Tamás
[EMAIL PROTECTED]
Küldve: 2008. október 28. 11:48
Címzett: FreeRadius users mailing lis
Now, the users file is empty, and still the same (%Authorization failed on the
switch). The log:
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++- entering policy redundant
rlm_ldap: - aut
Le mardi 28 octobre 2008 11:37, [EMAIL PROTECTED] a écrit :
> Chances are: 99.9% - shared secret is different (retype it both in
> clients.conf and hostapd konfiguration); 0.1% - crypto libraries on
> radius or hostapd machine are corrupt.
Shared secret is fszd79772mvtib96 in hostapd.conf and in c
>I saw that :
>rad_recv: Accounting-Request packet from host 10.1.1.254 port 32782, id=14,
>length=199
>Received Accounting-Request packet from 10.1.1.254 with invalid signature!
>(Shared secret is incorrect.) Dropping packet without response.
>Going to the next request
>Waking up in 0.9 seconds
On Thursday, 25. September 2008 08:48, Alan DeKok wrote:
> No. getpwent still depends on the calling application having
> permission to read /etc/shadow.
and that was it. I had screwed up file ownership by touching
it with XEmacs. Sorry for answering that late and thanks for
your help.
Martin
>rad_recv: Access-Request packet from host myswitchip port 1645, id=139,
>length=80
>NAS-IP-Address = myswitchip
>NAS-Port = 1
>NAS-Port-Type = Virtual
>User-Name = "myusernamer"
>Calling-Station-Id = "myclientip"
>User-Password = "myvalid_ldap_passw
Le mardi 28 octobre 2008 10:19, [EMAIL PROTECTED] a écrit :
> Have you enabled sql in the accounting section? Can you post the
> freeradius debug (radiusd -X)? Accounting-Request should be coming
> straight after Access-Accept.
And a part of my hostapd debug :
RADIUS message: code=1 (Access-Reques
>I have a question to understanding better radius.
>For this i make a simple example-scenario :
>
>I want to use my radius for 2 things :
>
>1. wireless-access for laptops with machine authentication over a
>wireless switch with ip 1.1.1.1
>2. authentication for the login to my switches for some a
auth"
ipaddr = *
port = 0
}
main {
snmp = no
smux_password = ""
snmp_write_access = no
}
Listening on authentication address * port 1812
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host mysw
hello list
I have a question to understanding better radius.
For this i make a simple example-scenario :
I want to use my radius for 2 things :
1. wireless-access for laptops with machine authentication over a
wireless switch with ip 1.1.1.1
2. authentication for the login to my switches fo
>redundant {
> # if I comment the folloing line out, the password is accepted, but I
> get "% Authorization failed." from the switch (this is coused by the
> incorrect "users" file maybe).
So, post the debug (radiusd -X).
>files
>ldap
>ciscopwd
>
That's what I've tried. The authorize section:
redundant {
# if I comment the folloing line out, the password is accepted, but I
get "% Authorization failed." from the switch (this is coused by the incorrect
"users" file maybe).
files
ldap
ciscopwd
Have you enabled sql in the accounting section? Can you post the
freeradius debug (radiusd -X)? Accounting-Request should be coming
straight after Access-Accept.
Ivan Kalik
Kalik Informatika ISP
Dana 28/10/2008, "lolo" <[EMAIL PROTECTED]> piše:
>Hi,
>
>I am not member of the list, cause I never
..
> Module: Linked to module rlm_ldap
> Module: Instantiating ldap
> ldap {
..
> access_attr = "uid"
> access_attr_used_for_allow = yes
..
>Login incorrect (rlm_ldap: User not found): [someuser\000/= EAP>] (from client someap2 port 6 cli somemac2)
If you want people who are not in ld
Hi,
I am not member of the list, cause I never received any answer !???
So write to my email !
Is someone have installing and configuring accounting with hostapd and
freeradius ?
I have some problems to understand why my configuration doesn't save any data
in table "radacct" ?
I have some data
Hi,
> found a 1.1.6-2.1 rpm and installed it. Now I will update to a newer
> version but there is no rpm for SLES 10 available. When I try to compile
> freeradius v. 2.x then there are problems with shared libraries they are
> not available in SLES. On a Opensuse 11.0 machine the 2.0.5 versi
47 matches
Mail list logo