Hello,
I am trying to get statistics information from the freeradius 2.1.1. As I
understand the attribute FreeRADIUS-Statistics-Type represents the type
of information wich will given back by the server. The value ist bit
oriented.
bit 0 = 1 -- give me Auth stats
bit 1 = 1 -- give me Acc
Well, the my NAS (Huawei PDSN 9660) does support RADIUS actually, the
MMSC is a older Huawei MMSC (based on Sun) and documentation doesn't say
nothing about RAIUS.
I know HLR can handle the Phone authorization for data usage, but that
will enable/disable MMSC and EVDO in bundle, lets say I
[EMAIL PROTECTED] wrote:
This is my problem, what can you suggest to me :
I want use 802.1x port auth, although the machines are servers, and
users logging in rarely.
the machines will automaticly do the authentication(this is the goal),
What is the Authenticator (NAS)? You should find
I will be out of the office starting 11/26/2008 and will not return until
12/01/2008.
Thank you and have a nice day,
Dan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
I have two virtual servers on my freeradius installation with one is made
via mysql and other is via a perl script which is checking an xml page for
user/pass control.
What i noticed is, when the xml server is down if somebody tries to login
from this virtual server, the other virtual
If I don't have the new entry ldapuser, so how can I add the new entries ?
Do you actually know how to use ldap?
Ivan Kalik
Kalik informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dear all,
I have a few problem. i use ip pool and it's works fine if i define ip pool in
mysql.
779084,test,password,=,test123
779085,test,Pool-Name,:=,main_pool1
779086,test,Called-Station-Id,=,hostpot1
The problem happened if i have 2 access point in the same area and IP the
different is
Aldo wrote:
Well, the my NAS (Huawei PDSN 9660) does support RADIUS actually, the
MMSC is a older Huawei MMSC (based on Sun) and documentation doesn't say
nothing about RAIUS.
I know HLR can handle the Phone authorization for data usage, but that
will enable/disable MMSC and EVDO in bundle,
Alan DeKok wrote:
Fernando wrote:
Yes, it's works now, but I cann't execute any method... I'm trying
eap-md5 but nothing happens. I put in authentication section (eap2) I
remove eap module and I add experimentation.conf to radiusd.conf do I
need do anything more?
You deleted eap,
Paul TAVERNIER wrote:
1) i want to authorize/authenticate a user with a couple
username/OTPpassword (RSASecurid) through a Freeradius server (i proxy
the acces-request to a RSARadius-Securid server). It's ok.
What do you mean It's OK? Have you tested this with
cleartext-passwords,
Alan DeKok wrote:
Fernando wrote:
Alan DeKok wrote:
You deleted eap, but didn't add eap2.
Yes, I added eap2 in authentication section, see this...
Are you really sure you know what you're doing?
Module: Checking authenticate {...} for more modules to load
Hi all,
I am having problem to configure Radius to read client information from
mysql database table nas. I found an option at last line of sql.conf
readclients = yes
i uncommented it ... then added record in nas table... then tried to send
request from newly added client but it says unknown
Hi all,
after configure EAP2 module and test it with EAP-MD5 (it works properly)
I want use the EAP-PSK and/or EAP-GPSK . But if I add in eap2 module ...
eap2 {
psk {
}
}
When I run radiusd... it fails showing that psk is unknown, how can
these not native freeradius methods provided
Hi,
now imho cisco switches don't support mac based authentication with
freeRadius.
Have any solutions for my problem?:
i have server machines, if the power fails and returns, this server
boot up, and the server services continues(nobody log in).
I want 802.1x security on the network. I
Hi seems to me you are missing rlm_sql, when I start radiusd -X I get the
following lines:
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
..
rlm_sql_mysql: query: SELECT id, nasname, shortname, type, secret FROM nas
this last line is then followed by
rlm_sql
Saeed Akhtar wrote:
Debug Trace:
You're not running 2.x. You should upgrade.
You haven't configured the SQL module. You need to do this for it to
work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Do they support Mac-Based Auth + 802.1X on the same port?
In a (very) weird way. It's not mac auth + 802.1x but mac auth *in*
802.1x (mac address is sent as user/pass - requires registry hacking on
XP). And then you can re-authenticate with username/pass.
There is also something called mac
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Phil Mayers wrote:
Arran Cudbard-Bell wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
now imho cisco switches don't support mac based authentication with
freeRadius.
They most certainly do. And when you study for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
now imho cisco switches don't support mac based authentication with
freeRadius.
They most certainly do. And when you study for your CCNA you will learn
how.
Do they support Mac-Based Auth + 802.1X on the same port?
Debug Trace:
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file:
[EMAIL PROTECTED] wrote:
(i wonder me why the Acc data are marked as
FreeRADIUS-Total-*Proxy*-Accounting-Requests)
It's a bug. I'll fix it in the next release.
The accounting stats *are* the client statistics. They're just put
into the wrong attribute.
Alan DeKok.
-
List
Hi,
now imho cisco switches don't support mac based authentication with
freeRadius.
They most certainly do. And when you study for your CCNA you will learn
how.
well, it depends on which Cisco switches you are talking about ;-)
alan
-
List info/subscribe/unsubscribe? See
Arran Cudbard-Bell wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
now imho cisco switches don't support mac based authentication with
freeRadius.
They most certainly do. And when you study for your CCNA you will learn
how.
Do they support Mac-Based Auth +
now imho cisco switches don't support mac based authentication with
freeRadius.
They most certainly do. And when you study for your CCNA you will learn
how.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks for ur help setting sql in authorize section of radiusd.conf
solved the problem But now when sql checks for username and password it
gives error Unknow Attribute Cleartext-Password.. I am not
upgrading to 2.x because i tried to configure jradius with 2.1.1 it gave
[EMAIL PROTECTED] wrote:
Do they support Mac-Based Auth + 802.1X on the same port?
In a (very) weird way. It's not mac auth + 802.1x but mac auth *in*
802.1x (mac address is sent as user/pass - requires registry hacking on
XP). And then you can re-authenticate with username/pass.
There
Well, you are right I shouldn't post about the MMSC if I know that dont
support RADIUS, but as I wrote in the input, the NAS (Huawei PDSN 9660)
support RADIUS, and I need to set it up the headsets to being authorized
with FreeRADIUS to use EVDO, I think I have a very basic idea, please
correct
sql is commented out in radiusd.conf by default. Enable it somewhere.
This is the old server version. Use the latest one. Even for testing.
It's so much better.
Ivan Kalik
Kalik Informatika ISP
Dana 26/11/2008, Saeed Akhtar [EMAIL PROTECTED] piše:
Debug Trace:
Starting - reading
Fernando wrote:
Alan DeKok wrote:
You deleted eap, but didn't add eap2.
Yes, I added eap2 in authentication section, see this...
Are you really sure you know what you're doing?
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_eap2
Module:
1.1.3 doesn't use Cleartext-Password. That came in 1.1.4. Read the users
file. It should be User-Password.
Ivan Kalik
Kalik Informatika ISP
Dana 26/11/2008, Saeed Akhtar [EMAIL PROTECTED] piše:
Thanks for ur help setting sql in authorize section of radiusd.conf
solved the problem
Post the debug of the server startup.
Ivan Kalik
Kalik Informatika ISP
Dana 26/11/2008, Saeed Akhtar [EMAIL PROTECTED] piše:
Hi all,
I am having problem to configure Radius to read client information from
mysql database table nas. I found an option at last line of sql.conf
readclients =
Aldo wrote:
-In FreeRADIUS I have to connect it with sql database server (such as
mysql), then create a database, then I dont know how to interconnect it
with the NAS (my PDSN)
Um... via the RADIUS protocol?
See your NAS documentation for what it needs in a RADIUS response.
-For the
Maybe you can define your pools similiar like this (not tested)
DEFAULT Called-Station-Id == your called station id_1, Pool-Name
:=pool_1
Fall-Through = Yes
DEFAULT Called-Station-Id == your called station id_2, Pool-Name
:=pool_2
Fall-Through = Yes
Ciao
TF
From:
Arran Cudbard-Bell wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
was aware HP ProCurve were the only ones that supported this properly
No. Extreme X250/X450 and 3Com 4400.
They don't publish their manuals online ?! All I can find is a 'getting
started guide' for the 3Com and nothing
Hi,
Previously I asked if anyone had trouble with the Linksys WAP54G, Like I
did. I'm think about trying another type of Accesspoint. Before buying
one, I would like to know what AP's are being used with FreeRadius.
Any tips/suggestions on buying an AP that works wel in WPA-enterprise
(EAP-TLS)
I find that my WRT54G-L works well with DD-WRT flashed on it. I know
some weird linksys voip box from T-mobile supports WPA-ENT
authentication, making me think that maybe in Linksys' enterprise
products they would have some kind of WPA enterprise authentication
possibility. Usually is it in the
Hi,
I enabled the status server and the freeradius 2.1.1 does not start:
Wed Nov 26 15:43:59 2008 : Error:
/opt/radius/etc/raddb/sites-enabled/status[63]: Failed to find module
ok.
Wed Nov 26 15:43:59 2008 : Error:
/opt/radius/etc/raddb/sites-enabled/status[61]: Errors parsing authorize
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
was aware HP ProCurve were the only ones that supported this properly
No. Extreme X250/X450 and 3Com 4400.
They don't publish their manuals online ?! All I can find is a 'getting
started guide' for the 3Com and nothing for the Extreme switches.
Hi
i would like to know if this thing (scenario) is possible...
1) i want to authorize/authenticate a user with a couple
username/OTPpassword (RSASecurid) through a Freeradius server (i proxy
the acces-request to a RSARadius-Securid server). It's ok.
2) (then,
I should know better to ask what are you thinking? but let me attempt to
explain.
The RSA SecurID RADIUS server can authenticate plain text OTPs inside of PEAP
(or if you load our EAP client, use SecurID-EAP or Protected-OTP)
FreeRADIUS should have no problem proxying that.
But as Alan points
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
Do they support Mac-Based Auth + 802.1X on the same port?
In a (very) weird way. It's not mac auth + 802.1x but mac auth *in*
802.1x (mac address is sent as user/pass - requires registry hacking on
XP). And then you can
Thanks It worked but here comes another issue where im
stuck ... using both sql and jradius for authorization creates a problem
First freeradius goes to sql and check for the user record... regardless of
result of sql , request is also fwd to jradius. and jradius also
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Phil Mayers wrote:
Arran Cudbard-Bell wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
was aware HP ProCurve were the only ones that supported this properly
No. Extreme X250/X450 and 3Com 4400.
They don't publish their manuals online ?!
Saeed Akhtar wrote:
please...formatyourmessages in a normal way.
Formatting them badly makes them harder to understand.
i dont now that is there any conditional statements in
configuration file which will help me hopeful for some help :)
FreeRADIUS 2.x comes with a
Arran Cudbard-Bell wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Phil Mayers wrote:
Arran Cudbard-Bell wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
was aware HP ProCurve were the only ones that supported this properly
No. Extreme X250/X450 and 3Com 4400.
They don't publish
Yes that's how I thought it worked. I guess that's ok in some situations
but it's really inflexible in others.
HP ProCurve switches allow you to enable both methods of authentication
together on the same port. It's a little weird how it operates, but it
seems to work very well in most situations.
[EMAIL PROTECTED] wrote:
/opt/radius/etc/raddb/sites-enabled/status[63]: Failed to find module ok.
Wed Nov 26 15:53:18 2008 : Error:
/opt/radius/etc/raddb/sites-enabled/status[61]: Errors parsing authorize
section.
Wed Nov 26 15:53:18 2008 : Debug: }
Wed Nov 26 15:53:18 2008 : Debug: }
Wed
Oguzhan Kayhan wrote:
Hello,
I have two virtual servers on my freeradius installation with one is made
via mysql and other is via a perl script which is checking an xml page for
user/pass control.
What i noticed is, when the xml server is down if somebody tries to login
from this virtual
First freeradius goes to sql and check for the user record... regardless of
result of sql , request is also fwd to jradius. and jradius also checks for
the same username in another database over another server (as im using
jradius for having connectivity to another server)... i want freeradius to
I comment out the authorize section and everything works fine.
From:
Alan DeKok [EMAIL PROTECTED]
To:
FreeRadius users mailing list freeradius-users@lists.freeradius.org
Date:
26.11.08 17:33
Subject:
Re: Status Server on RHEL 4 64 bit fails
Sent by:
[EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Hey guys,
i'm trying configure a VPN Server with PPTP, using the 'radiusclient', to
connect on a FreeRadius, with auth in a LDAP Server.
I finished the configure, but when a try connect with a client Windows XP,
don't work.
The radiusd -X output:
=
[EMAIL PROTECTED] /usr/local/etc/raddb]#
rad_recv: Access-Request packet from host 10.0.16.4 port 1645, id=6, length=136
User-Name = test
Framed-MTU = 1400
Called-Station-Id = 0019.2fdb.9d00
Calling-Station-Id = 001f.3c22.44c5
Service-Type = Login-User
Message-Authenticator =
Douglas Macedo wrote:
i'm trying configure a VPN Server with PPTP, using the 'radiusclient',
to connect on a FreeRadius, with auth in a LDAP Server.
I finished the configure, but when a try connect with a client Windows
XP, don't work.
The radiusd -X output:
The client is doing CHAP,
Alan,
how I can fix that?
Thanks in advanced,
Douglas
On Wed, Nov 26, 2008 at 4:54 PM, Alan DeKok [EMAIL PROTECTED]wrote:
Douglas Macedo wrote:
i'm trying configure a VPN Server with PPTP, using the 'radiusclient',
to connect on a FreeRadius, with auth in a LDAP Server.
I finished the
Douglas Macedo wrote:
how I can fix that?
Read the web page. It tells you.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sorry Alan,
but the webpage tells that its don't work. Its impossible? Correct?
So, how I can fix that the other way?
My pptp-options:
==
epiderme:/etc/ppp# cat pptpd-options
name pptpd
refuse-pap
##refuse-chap
require-chap
##refuse-mschap
require-mschap
require-mschap-v2
require-mppe-128
trying forcing windows pptp client to use mschapv2
Le 26.11.2008 09:15, Douglas Macedo a écrit :
Sorry Alan,
but the webpage tells that its don't work. Its impossible? Correct?
So, how I can fix that the other way?
My pptp-options:
==
epiderme:/etc/ppp# cat pptpd-options
name pptpd
Douglas Macedo wrote:
but the webpage tells that its don't work. Its impossible? Correct?
Since I wrote that web page... I won't disagee with it.
So, how I can fix that the other way?
Do you have questions about the suggestions on the web page?
My pptp-options:
==
epiderme:/etc/ppp#
Alexandre,
if I try mschapv2 in Windons client:
--
rad_recv: Access-Request packet from host 150.162.67.254:32839, id=46,
length=52
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = nobody
NAS-IP-Address = 1.1.1.1
NAS-Port = 0
Processing the authorize section of
Le 26.11.2008 09:32, Douglas Macedo a écrit :
Alexandre,
if I try mschapv2 in Windons client:
--
rad_recv: Access-Request packet from host 150.162.67.254:32839
http://150.162.67.254:32839, id=46, length=52
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = nobody
Douglas Macedo wrote:
Any idea?
Use a recent version of the server.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I would like to not only authenticate my users via FreeRadius, but also
authorize them by creating some local groups, and running a program to do
the authorization check, then pass that back to radius as an attribute (I
think). I would have to write the program myself obviously, but is this
I'm using the NTLM_AUTH authenticator currently, if that helps.
-Mike
On Wed, 26 Nov 2008, Mike Diggins wrote:
I would like to not only authenticate my users via FreeRadius, but also
authorize them by creating some local groups, and running a program to do the
authorization check, then
Ask Intel where does that thing write logs and then read them. Answer is
with the supplicant. Looking at the radius server won't help.
Ivan Kalik
Kalik Informatika ISP
Dana 26/11/2008, Martin Silvero [EMAIL PROTECTED] piše:
rad_recv: Access-Request packet from host 10.0.16.4 port 1645, id=6,
if I try mschapv2 in Windons client:
--
rad_recv: Access-Request packet from host 150.162.67.254:32839, id=46,
length=52
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = nobody
NAS-IP-Address = 1.1.1.1
NAS-Port = 0
This is not an mschap request.
Look at perl and sql modules and unlang. You can probably do this using
groups in sql tables without any programming. If you need to impose some
simple policies unlang should be the answer. If you want to do some
complex checks then use perl.
Ivan Kalik
Kalik Informatika ISP
Dana 26/11/2008,
Im having a hard time figuring out how to do group checking with
freeradius. I am trying to authenticate against open directory, but I
have no idea where to give the group name to check for. (modifying the
schema isint really an option)
-
List info/subscribe/unsubscribe? See
Hello, does somebody can please provide some FreeRADIUS configuration
sample of an environment like mine? Which is:
-Wireless Telephony provider that offer EVDO for subscribers (CDMA)
-PDSN
-FreeRADIUS
-MySQL (or Postgres)
Thanks in advance to all
Aldo
-
List info/subscribe/unsubscribe? See
I've upgraded to OpenWRT Kamikaze and problem seems goes away...
2008/11/6 Alan DeKok [EMAIL PROTECTED]:
Sergio Belkin wrote:
Alan, thanks, That's really a quite convincing answer :)
Yup. I'm not just a random loudmouth on this list.
Of course I believe you , but please understand me,
Hi,
I am using OpenWRT Kamikaze and sometimes there is a problem with Mac
OS clients. Clients get Access-Accept, but Mac OS says that only gets
a self asigned IP and then it can't surf the web. Problem happens
using either TTLS or PAP.
It is a problem of Mac OS or a OpenWRT one?
I'd be glad to
70 matches
Mail list logo
