/usr/local/etc/raddb/huntgroups
ILABNAS-IP-Address == 10.11.224.36
Add the group(s) to huntgroup configuration:
ILAB NAS-IP-Address == 10.11.12.13
Etc-Group-Name == wilab
Members of other groups will not be able to connect. You can remove:
102 DEFAULT
Sergio Belkin wrote:
I think is worthwhile to remark that that problem exists even using
OpewnWRT on Linksys WRT54GL and not using original firmware...
Which may be based on similar code to the original firmware.
Is there a way to at least to minimize those errors? I've heard some
people
2008/11/4 Alan DeKok [EMAIL PROTECTED]:
Sergio Belkin wrote:
I think is worthwhile to remark that that problem exists even using
OpewnWRT on Linksys WRT54GL and not using original firmware...
Which may be based on similar code to the original firmware.
Is there a way to at least to
Hi all,
Is it possible to include a VLAN tag in the reply, so that client is assigned
to the appropirate VLAN based on it's auth group ( so, if USER_A is member of
GROUP_A, than it's assigned to VLAN_A)
Is this possible? Or should be done elsewhere, than the radius?
Thanks,
I built a new lab with Freeradius 1.x, Cisco ASA, RSA-OTP and RSARadius Box.
All is working perfectly...because, Freeradius 1.x is parsing TWICE the
authorize section (as it is said in the proxy.conf comment, once before
the proxy request and one after). So it asks twice my LDAP server the
2008/11/4 Sergio Belkin [EMAIL PROTECTED]:
2008/11/4 Alan DeKok [EMAIL PROTECTED]:
Sergio Belkin wrote:
I think is worthwhile to remark that that problem exists even using
OpewnWRT on Linksys WRT54GL and not using original firmware...
Which may be based on similar code to the original
But what do you mean for fix the nas? Should I use another brand/model
of AP?
What I am trying to tell you is are the about of 30 AP's that I am using
broken?
Yes.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dajka Tamás wrote:
Hi all,
Is it possible to include a VLAN tag in the reply, so that client is assigned
to the appropirate VLAN based on it's auth group ( so, if USER_A is member of
GROUP_A, than it's assigned to VLAN_A)
it seems to be vendor specific...For Cisco
Tunnel-Type (064): VLAN
Hello, everybody
I've setup FreeRadius based on MySQL in Debian system. The system passed local
test, but failed with remote user login request from a Coovachilli portal.
It really confused me, because I always get following log message in FreeRadius
debug mode:
auth: user supplied
OK, I've tried using a proxy and now it fails on rlm_eap and says the
User-Name doesn't match EAP Identity. Is there a way to have EAP
processed on the local machine but authentication happen on the
remote? Is that even the problem?
Kerry Tobin
Starting - reading configuration files ...
Hi,
How should i call the ldap module in the post_proxy section (in
Freeradius v1 or v2...)?
It should perhaps be easier to ask a single question rather than in my
long request posted yesterday...;o)
In Freeradius v1, i can merge in an access-accept response radius
attribute to
I am trying to find a good way to limit who is able to login at specific NAS's.
I know I could add all the allowed user names to the Huntgroups file, but this
can get tedious as I must do it for each NAS. So I figured the best way was to
use groups. The users are not account holders on the
Thanks for answers,
i obtained ip, acctound-id, etc etc from preacct section, adding exec to
section !! script filter with Acct-Status-Type = Start working fine now !!
Ivan, in it´s first message i didn´t read to try with accouting packets !!
thanks again !!
Regards..
[EMAIL PROTECTED]
Hello All;
I have a question about EAP - TLS . How can I configure client certification
stored from removable media (ex: usb memor, smartcard, etc..).
I have already used EAP - TLS with client certification stored on Windows
(cliet) but i need a solution that user can authenticate when insert
The first comment you gave mentioned to put the Etc-Group-Name in the
huntgroups file. This unfortunately does not work as it will only accept
system groups (and users do not have accounts for this system).
This option does not scale if I am understanding you right.
I would have to add a
The first comment you gave mentioned to put the Etc-Group-Name in the
huntgroups file. This unfortunately does not work as it will only accept
system groups (and users do not have accounts for this system).
This option does not scale if I am understanding you right.
I would have to add a
On Tue, Nov 4, 2008 at 11:18 AM, Aydın KOÇAK [EMAIL PROTECTED] wrote:
Hello All;
I have a question about EAP - TLS . How can I configure client
certification stored from removable media (ex: usb memor, smartcard, etc..).
I have already used EAP - TLS with client certification stored on
OK, I've tried using a proxy and now it fails on rlm_eap and says the
User-Name doesn't match EAP Identity. Is there a way to have EAP
processed on the local machine but authentication happen on the
remote? Is that even the problem?
DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm
How should i call the ldap module in the post_proxy section (in
Freeradius v1 or v2...)?
It should perhaps be easier to ask a single question rather than in my
long request posted yesterday...;o)
In Freeradius v1, i can merge in an access-accept response radius
attribute to
Kerry Tobin wrote:
OK, I've tried using a proxy and now it fails on rlm_eap and says the
User-Name doesn't match EAP Identity. Is there a way to have EAP
processed on the local machine but authentication happen on the remote?
Is that even the problem?
That makes no sense. EAP *is* an
Paul TAVERNIER wrote:
So, the thing i'd like to do with Freeradius v2.1 is to insert a ldap
authorization in the post_proxy section of my config.
You can add ldap.authorize in the post-proxy section. It might work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Dajka Tamás wrote:
Is it possible to include a VLAN tag in the reply, so that client is assigned
to the appropirate VLAN based on it's auth group ( so, if USER_A is member
of GROUP_A, than it's assigned to VLAN_A)
Yes. See your NAS documentation for documentation about what it needs
to
I have a question about EAP - TLS .
No, you don't.
How can I configure client certification stored from removable media (ex: usb
memor, smartcard, etc..).
I have already used EAP - TLS with client certification stored on Windows
(cliet) but i need a solution that user can authenticate when
Sorry, my brain is like sieve today.
Not DEFAULT but user entries (as I said in the text):
walt password, hutgroup, group
fall-through
walt bpassword, huntgroup, group
Ivan Kalik
Kalik Informatika ISP
Dana 4/11/2008, Reynolds, Walter [EMAIL PROTECTED] piše:
I am trying to find a good
Aydın KOÇAK wrote:
Hello All;
I have a question about EAP - TLS . How can I configure client certification
stored from removable media (ex: usb memor, smartcard, etc..).
I have already used EAP - TLS with client certification stored on Windows
(cliet) but i need a solution that user can
Jep, in my case I use about 30 AP's from Linksys (WAP54g). They all appear
to be broken. To bad, but then again a reason to integrate the N standard
with other AP's... :)
2008/11/4 Stephen Bowman [EMAIL PROTECTED]
But what do you mean for fix the nas? Should I use another brand/model
of
Sorry, you have problem with users in multiple groups. What I posted will
have no effect. You should create a different huntgroup - add every NAS
that groups wilab2 and nolab are allowed to connect. Than remove that
users file entry and add:
DEFAULT Huntgroup-Name == wilab2, Etc-Group-Name ==
Radius is OK with this:
Sending Access-Accept of id 128 to 192.168.5.199:1033
MS-MPPE-Recv-Key =
0x1c3166a5ac144184d06242bea756adbef7a696dc98522668d12084ca8d9d5a1d
MS-MPPE-Send-Key =
0x0cd28527f22aae46443fe1458e1a67a430502cc3e566fffbbc53e0bfd4c3020b
EAP-Message =
Zhifeng Yang wrote:
FreeRadius: 1.1.3 (this is the newest stable version I can apt-get for Debian)
Then install 2.1.1 from the source tar file.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
some NAS will drop the access-accept or remain port close if the vlan
provide from radius doesn't match the swith's vlan.
eric
On Tue, Nov 4, 2008 at 8:59 AM, Alan DeKok [EMAIL PROTECTED]wrote:
Dajka Tamás wrote:
Is it possible to include a VLAN tag in the reply, so that client is
assigned
Finally found that {mschap:User-Name} will work for me.
Thanks anyway :)
On Mon, Nov 3, 2008 at 5:27 PM, Luke [EMAIL PROTECTED] wrote:
I'm trying to use rlm_ldap to do group lookups for dynamic vlan assignment.
I've got freeradius (version 2.1.1) to connect to my ldap server, but
when it
Hello ;
Thank you for your replays...
You are rigth it isn't related radius...
I can do it but it is take a time...
Thank You,
Aydin KOCAK.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I think we're back to what I had been trying to do on my test machines
now and still can't seem to get working.
When I add DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-
Realm := DOMAIN to users of the first server (I believe that's the
correct place to put it). I get rlm_eap:
Cleartext password should work with all methods. This looks like a bug to
me. rlm_eap_md5 should complain here if it didn't like the password
etc.:
[eap] Request found, released from the list
[eap] EAP/md5
[eap] processing type md5
[eap] Freeing handler
++[eap] returns reject
Ivan Kalik
Kalik
Ola use:
{nome do dicionario}
Ex:
{Call-Station-Id}
-Mensagem original-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Em nome de Alexandre J. Correa - Onda Internet
Enviada em: segunda-feira, 3 de novembro de 2008 19:43
Para: FreeRadius users mailing list
Assunto: exec program, but
I have compiled and installed FR2.1.1 on ubuntu 8.04.
FR starts correctly with no warning but when the server needs to process
the sqlippool module FR crashes with the following:
rlm_sql (myippool1): Reserving sql socket id: 4
[sqlippool1] expand: START TRANSACTION - START TRANSACTION
So radius *is* assigning IP's? Where? If it's ippool/sqlippool list
your exec program after these in post-auth section. If IP's are
assigned by DHCP you have to get it from accounting packets. But that
will work for radius assigned IP's too.
Ivan Kalik
Kalik Informatika ISP
Dana 4/11/2008,
Here i use Exec-Program-Wait to validade data AFTER auth OK, i need to
execute other script AFTER auth OK to get IP address assigned to user.
i´m trying to pass %f to my script but return ?.?.?.? because at this
moment, radius not assigned ip for user...
how i can do this ?
Where is here?
PS. You might need mppe encryption attributes. Enable use_tunneled_reply
in ttls section of eap.conf.
Ivan Kalik
Kalik Informatika ISP
Dana 4/11/2008, Prasad Parab [EMAIL PROTECTED] piše:
Hi all,
Kindly help me with the issue involving freeradius-1.0.5 for
EAP-TTLS_mschapv2 auth type.
**
Sorry for bothering but does anyone know what's wrong with these nases?
Is there any way to go a little deeper than #radiusd -x ?
Jelle wrote:
Jep, in my case I use about 30 AP's from Linksys (WAP54g). They all
appear to be broken. To bad, but then again a reason to integrate the
N standard
I think we're back to what I had been trying to do on my test machines
now and still can't seem to get working.
When I add DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-
Realm := DOMAIN to users of the first server (I believe that's the
correct place to put it). I get rlm_eap: Request is
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg45635.html
There is nothing to see in server debug for the packet that's discarded.
Ivan Kalik
Kalik Informatika ISP
Dana 4/11/2008, Marinko Tarlac [EMAIL PROTECTED] piše:
Sorry for bothering but does anyone know what's
Hello,
i am running into problems while using usernames which include a percent
% sign. The rlm_sql_mysql module apparently translates these into the
ascii of =25. So a username which was isp/somebody%somewhere gets
translated into isp/somebody=25somewhere.
Additionally these users are listed
2008/11/4 [EMAIL PROTECTED]:
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg45635.html
There is nothing to see in server debug for the packet that's discarded.
Ivan Kalik
Kalik Informatika ISP
Dana 4/11/2008, Marinko Tarlac [EMAIL PROTECTED] piše:
Sorry for
hi, i would like to know if somebady can help me to configurate a cautive
portal in monowall to autenticate user in freeradius.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I used sniffer to checked radius packet between authenticator -- radius
I also use sniffer to checked eapol between supplicant -- authenticator
By using these 2 ways to troubleshooting authentication issues.
Hope this info help you.
Eric YIng
2008/11/4 Sergio Belkin [EMAIL PROTECTED]
2008/11/4
Hi All,
had a few queries:
I read about Radius Server
http://deployingradius.com/documents/configuration/eap.html
1. I saw that in PEAP- EAP-MD5 is not mentioned. Is EAP-MD5 supported in
PEAP?
2. Also saw in EAP-TTLS- Token Card is not mentioned? is it supported?
3. Another query i had was,
47 matches
Mail list logo