CJ O wrote:
> Good Afternoon -
>
> I've read through a lot of threads and documents and have
> piced information together, however I am still having issues. We are
> running an OpenLDAP with the passwords encrypted. I know that PEAP
> requires the clear text password to be stored in the LDAP Serv
Any idea how to fix this?
Wed Nov 12 21:29:16 2008 : Error: rlm_counter: Failed to open file
/etc/raddb/db.daily: Permission denied
Wed Nov 12 21:29:16 2008 : Error: /etc/raddb/radiusd.conf[152]:
Instantiation failed for module "daily"
Wed Nov 12 21:29:16 2008 : Error: Errors initializing modules
>Version: freeradius-2.1.1
>
>I cannot get a redundant-load-balance set to work within a variable
>expansion in the users file.
>
No. It's not a module, it's a group. You can list different modules
inside the group - they don't have to be the same type (all ldap or all
sql; they can be mixed).
>I
Ivan -
Thank you for your help. I removed the password_attribute field from
modules/ldap and everything seems to be working with PEAP and GTC.
Thank you again!
CJ> To: freeradius-users@lists.freeradius.org> Subject: RE: FreeRadius 2.1.1 -
OpenLDAP + NT hash + PEAP> Date: Thu, 13 Nov 2008
>That change has allowed MS-Chapv2 to work from my tunnel.
>
>Since I've specified PEAP in the eap.conf, is it possible to use GTC too?
>
Yes, you can use any eap method you want. default_eap_type will be tried
first. If refused, server and suppicant will try to "agree" on
another. It just mean
Ivan -
Thank you for your help.
That change has allowed MS-Chapv2 to work from my tunnel.
Since I've specified PEAP in the eap.conf, is it possible to use GTC too?
Thanks
CJ> To: freeradius-users@lists.freeradius.org> Subject: Re: FreeRadius 2.1.1 -
OpenLDAP + NT hash + PEAP> Date: Thu,
>In site-enable/default under authorize I've uncommented ldap.
You don't need ldap there. Uncomment ldap in sites-enabled/inner-tunnel
virtual server.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok wrote:
Tim Palmer wrote:
Full disclosure - I did try an install from ports, then removed the port
and rerun ldconfig. I did not recompile/install freeradius after the
port excercise.
===
Why yes, I did map Cleartext-Password, since the debug error ( and
various list postings) s
>Hmy eyes are bugging out. This is a new freeradius
>install/mysql/daloradius/ubuntu.
New? This is an ancient version.
>I fail to find any specific as to why my
>users are failing to authenticate, via a simple radcheck. anyone have
>another eye and take a peek, and see somthing I'm miss
You've got:
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry DEFAULT at line 153
modcall[authorize]: module "files" returns ok for request 0
...and
modcall[authorize]: module "sql" returns ok for request 0
And finally
rad_check_password: Found
>I've setup hostapd 0.5.10-1(with bridge) + freeradius 2.1.1(with mysql) and it
>works pretty good except one thing:
>Windows(vista sp1) users when turn their machines off, radacct mess up (this
>doesn't happened when user request disconnect manually)
>
>User "goa" connects and when he turns mach
Hmy eyes are bugging out. This is a new freeradius
install/mysql/daloradius/ubuntu. I fail to find any specific as to why my
users are failing to authenticate, via a simple radcheck. anyone have
another eye and take a peek, and see somthing I'm missing.the first part
of this is all
Version: freeradius-2.1.1
I cannot get a redundant-load-balance set to work within a variable
expansion in the users file.
I added this to the bottom of the instantiate section of radiusd.conf:
redundant-load-balance redundant_ldap {
ldap1
ldap2
>My radius server (which is not freeradius) rejects my authentication ...
So why are you asking the questions here? Freeradius proxy has nothing
to do with this.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
NGUYEN DANG LUAN, Eric wrote:
> My radius server (which is not freeradius) rejects my authentication when i'm
> using a ProxyRadius (freeradius). But it's ok when I use NTRadping or a cisco
> ACS. I'm currently using SecureW2 software for the end user machine.
>
> Does anyone know where is the p
> -Message d'origine-
> De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Alan DeKok
> Envoyé : mercredi 12 novembre 2008 15:48
> À : FreeRadius users mailing list
> Objet : Re: FreeRadius working as a ProxyRadius using PAP protocol
>
> NGUYEN DANG LUAN, Eric wrote:
> > In my r
Michael Plourde wrote:
> I want to use multiple database to sort different kind of radius
> authentification (dialup, wireless, router login, etc). I don't know if i'm
> using it the right way, but I have try to run freeradius with two virtual
> server using two different sql instance. Those sql in
Paul Bartell wrote:
I could recomend dalo radius. Its interface looks pretty nice from
here. I havent been able to evaluate it yet though.
On Wed, Nov 12, 2008 at 3:32 AM, Allan Patrick Ksiaskiewcz
<[EMAIL PROTECTED]> wrote:
Hello how are? I would some indication of the control panel, use the d
Hi,
I want to use multiple database to sort different kind of radius
authentification (dialup, wireless, router login, etc). I don't know if i'm
using it the right way, but I have try to run freeradius with two virtual
server using two different sql instance. Those sql instance are configured
the
Hello
I implemented successfully a wireless-access for clients windows xp
with authentication of the machine (in a samba domain) and the users
(in a samba-domain) to my openldap-DB with freeradius.
This works fine.
My question : somebody have configured windows xp(SP3) to make only a
ma
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Got a weird condition evaluation issue
elsif(\
("%{Supplicant-Flags}" =~ /^10$/) || \
(("%{Supplicant-Flags}" == 'notfound') && ("%{Realm}" == 'local') &&
("%{Huntgroup-Name}" != 'auth-proxy') && \
(("%{Service-Type}" == 'Framed-User') ||
Dalo radius is very good
There is only 1 bug I have found and that is a problem when editing a
user and adding a extra Cisco-AVpair, it will overwrite the first
Cisco-AVPair.
You can add multiple Cisco-AVPairs when you first add the user with no
problems, it's just when editing
Other than that i
I could recomend dalo radius. Its interface looks pretty nice from
here. I havent been able to evaluate it yet though.
On Wed, Nov 12, 2008 at 3:32 AM, Allan Patrick Ksiaskiewcz
<[EMAIL PROTECTED]> wrote:
> Hello how are? I would some indication of the control panel, use the dial_up
> admin, but i
Hi,
On Wed, Nov 12, 2008 at 2:06 AM, liran tal <[EMAIL PROTECTED]> wrote:
>
> Waiting for that traffic limitation patch, Venkatesh.
> Thanks.
I am sorry. I had few busy days this week. You can expect a patch tomorrow.
>
> On Sun, Nov 9, 2008 at 6:00 AM, Venkatesh K <[EMAIL PROTECTED]> wrote:
>>
>I think the problem is the protocol I use : PAP.
>I'm not sure that FreeRadius use PAP protocol to communicate with Radius
>Server.
>And is it normal that I can't see any password when I use a sniffer?
>
No, the protocol you (or should I say the user) are using is eap not pap.
Freeradius recieve
NGUYEN DANG LUAN, Eric wrote:
> In my radius log file:
> < *** Incoming RADIUS packet: ***
> < radrecv: Packet from host 10.226.66.51, port=24670
> < send_reject()
Your main server is rejecting the request. Fix it.
And it isn't FreeRADIUS.
> I think the problem is the protocol I
> -Message d'origine-
> De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de [EMAIL
> PROTECTED]
> Envoyé : mercredi 12 novembre 2008 12:15
> À : FreeRadius users mailing list
> Objet : Re: FreeRadius working as a ProxyRadius using PAP protocol
>
> >I'm trying to use FreeRadius (
> Oguzhan Kayhan wrote:
>> Hi,
>> I am trying snmp on debian 32 bit. With freeradius 2.0.5. and net-snmp
>> 5.4.1
>
> Why are you running 2.0.5?
It was the default package for debian. Ok we will recompile the new
version and give a try.
Thank you.
>
>> I did all just like on http://wiki.freer
Great - thanks,
Absolutely outstanding help thanks! :)
I hashed from ldap.attrmap as below
#checkItem LM-Password sambaLmPassword
#checkItem NT-Password sambaNtPassword
And it all worked! :)
Thanks very much!
Simon
>>> <[EMAIL PROTECTED]> 12/11/20
>[ldap] Added the eDirectory password password in check items as
>Cleartext-Password
OK. Here is the clear text password.
>[ldap] No default NMAS login sequence
>[ldap] looking for check items in directory...
>rlm_ldap: acctFlags -> SMB-Account-CTRL-TEXT == "[UX ]"
>rlm_ldap: sambaNtPassw
Hairy51 wrote:
> Is there any documentation out there on how to get a basic VMPS system up
> and running? I am purely in the testing stages at the moment, but would like
> to get the box attached to a switch and begin responding to VMPS requests as
> quick as possible...
There's no quick guide.
Oguzhan Kayhan wrote:
> Hi,
> I am trying snmp on debian 32 bit. With freeradius 2.0.5. and net-snmp 5.4.1
Why are you running 2.0.5?
> I did all just like on http://wiki.freeradius.org/SNMP_HOWTO.
>
> Changed radiusd.conf as
> snmp= yes
> $INCLUDE snmp.con
SNMP doesn't work in 2.0.5.
FreeRADIUS Version 2.1.1, for host x86_64-unknown-linux-gnu, built on
Nov 10 2008 at 13:18:51
Copyright (C) 1999-2008 The FreeRADIUS server project and
contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS und
Hi Ivan;
Got it sorted!
I had two files on the "sites-enabled" directory, one was the default and
another one called defaul.bak, which i had created and tested with some configs.
By starting the radius server with -X option and piping the output to a file:
radiusd -X > file
i was able t
>>>pap against LDAP works fine
>>>chap against LDAP works fine (With ntradping)
>>
>>They used different password.
>
>Do you mean chap and MSCHAPv2 require passwords in different formats or
>something?
No. There is a clear text password stored somewhere.
>I can auth CHAP, but with the same userna
Hey,
Thanks for the tip, though that's FR2-specific solution and I'd like to be
able to get this sort out with older deployments
running 1.1.7 or earlier (god forbid! :-) )
That patch for rlm_sqlcounter would be ideal I think.
I think this should also be already pushed into the formal release, th
>>pap against LDAP works fine
>>chap against LDAP works fine (With ntradping)
>
>They used different password.
Do you mean chap and MSCHAPv2 require passwords in different formats or
something?
I can auth CHAP, but with the same username and password can't auth
CHAPv2
(with no config change on fre
>Thank you for the quick response. I though on Freeradius version 2.x i needed
>to work only on the SQL tables, and that i needed to specify on the file
>"raddb/sites-enabled/default" as:
>authorize {sql}
>authenticate {sql}
>preacct {acct_unique}
>accounting {sqli
Hello how are? I would some indication of the control panel, use the
dial_up admin, but it is bad, I tested the phpradmin. Outside the two
anyone could spend some more?
Thanks
Allan Patrick Ksiaskiewcz
Brazil Guarapuava/PR
Novos endereços, o Yahoo! que você conhece. Crie um email no
>Thanks again! I amended it and it works.
>But that is only for testing...
>
Yes. Now you go on with the manual.
>Can I use the MSCHAP method? Or I have to create a module of my own for
>users to authenticate?
No, you configure the ntlm_auth line in raddb/modules/mschap.
Ivan Kalik
Kalik Inform
>I'm trying to use FreeRadius (server-2.1.1) as a Proxy Radius with PAP
>protocol.
>
If you ment to proxy only pap requests, your configuration is not going
to work.
>proxy.conf:
>
>
>
>realm NULL {
>
>authhost= ***.***.***.***:1645
>
>accthost= ***.***.***.***:16
Hi,
I am trying snmp on debian 32 bit. With freeradius 2.0.5. and net-snmp 5.4.1
I did all just like on http://wiki.freeradius.org/SNMP_HOWTO.
Changed radiusd.conf as
snmp= yes
$INCLUDE snmp.con
and remove comment on line smux_password = verysecret
and added the line on snmpd.conf of snmpdae
Excellent, thanks for all your comments guys - i have managed to successfully
download, compile and install the Freeradius 2.1.1 application and have
delved into the vmpsd.conf.inf file
Is there any documentation out there on how to get a basic VMPS system up
and running? I am purely in the testi
About this mailing:
You are receiving this e-mail because you subscribed to MSN
>> default sql.conf claims opposite:
>>
>># Print all SQL statements when in debug mode (-x)
>>sqltrace = yes sqltracefile = ${logdir}/sqltrace.sql
>>
>> But to check your statement, I started radiusd in demonmode (rc
>> script), and I still dont get queries logged in the t
liran tal wrote:
Waiting for that traffic limitation patch, Venkatesh.
Thanks.
Hi,
I was stuck with this problem too, and I came up with this solution,
which works in my test environment.
The idea is to store allowed bytes in Tmp-Integer-0, than just use
unlang to compare user's allowed
Hello,
I'm trying to use FreeRadius (server-2.1.1) as a Proxy Radius with PAP
protocol.
peap,eap,pap
pap
Client <--> AP <-> FreeRadius
<--> Radius server
There's what i have had in my conf files:
client.conf:
clien
Tim Palmer wrote:
> Full disclosure - I did try an install from ports, then removed the port
> and rerun ldconfig. I did not recompile/install freeradius after the
> port excercise.
> ===
> Why yes, I did map Cleartext-Password, since the debug error ( and
> various list postings) seemed clear
Siumafua Moala wrote:
> Everything is fine but I want to use the current server to
>
> 1. allocate ip address
> 2. use cisco-avpairs to allocate vrf
>
> Then send to another server to check only the username and password.
That is possible.
> I have gone through the proxy configuration and i
49 matches
Mail list logo