Hi everyone,
I am thinking of adding a FreeRadius server to an existing
infrastructure in order to provision users through an application. I
am currently running a WLAN controller connecting several access
points. Currently users are added manually through the WLAN controller
interface.
Sorry for my previous email;)
I was meaning: %{control:Auth-Type}
In my configuration, I use two different auth-type, one for PAP, one
for MS-CHAP.
Regards,
Vincent
Vincent Magnin [EMAIL PROTECTED] a écrit :
Bonjour,
Avez-vous essayé d'utiliser %{Auth-Type} ?
Salutations,
Vincent
Ben Little wrote:
Yeah, I'm not sure I want to use LDAP (clear text) for authentication.
LDAP is a database, not a password management system.
If the incoming Access-Requests contain clear-text passwords, then
there is no additional security problem when you check them against LDAP.
I'm
Hi John,
Nice to meet you ;-)
John Dennis a écrit :
John Dennis wrote:
Thibault Le Meur wrote:
T
I've searched and finally found out what occured. I'm using Fedora
Core 9 and after the FR package update here is what occured: a lot
of files including module files from the new RPM package
Matthew Carriere wrote:
I am thinking of adding a FreeRadius server to an existing
infrastructure in order to provision users through an application.
FreeRADIUS authenticates users... databases provision them.
I am
currently running a WLAN controller connecting several access points.
There is an entry in the users file that states (according to the how to this
can be used for testing)
rtest Auth-type := ntlm_auth
But not on the first line. The debug you posted suggests that the first
line is:
rtest Auth-Type := Local
[files] users: Matched entry rtest at line 1
I am thinking of adding a FreeRadius server to an existing
infrastructure in order to provision users through an application. I
am currently running a WLAN controller connecting several access
points. Currently users are added manually through the WLAN controller
interface.
Could I add a
PS. What is the error that you get when you remove quote around
ntlm_auth. For users file entry as is in the howto.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
We are pleased to announce the release of version 2.1.2 of the
FreeRADIUS server. The focus of this release is stability.
ftp://ftp.freeradius.org:/pub/freeradius/freeradius-server-2.1.2.tar.bz2
2008/12/3 Alan DeKok [EMAIL PROTECTED]:
Sergio Belkin wrote:
Hi, I use freeradius with EAP-TTLS y EAP-PEAP, below there is ldap
log, I wonder why radius bothers to query for anonymous uid and not
only for uid into the tunnel
Because you configured the ldap module *outside* of the tunnel,
Hi,
My server has two interfaces, A and B.
My NAS is on interface A and I'm proxying to another Radius on interface B.
My problem is that FreeRadius is sending packets to the Radius at interface
B with the IP of interface A (the listening interface to my NAS).
I'm running FreeRadius v2.1.1.
I've
Here is the first line in the users file
(quotes removed)
rtest Auth-Type := ntlm_auth
And here is the error that generates:
/etc/raddb/users[1]: Parse error (check) for entry rtest: Unknown value
ntlm_auth for attribute Auth-Type
Errors reading /etc/raddb/users
/etc/raddb/modules/files[7]:
Jørn Kostøl wrote:
My server has two interfaces, A and B.
My NAS is on interface A and I'm proxying to another Radius on interface B.
My problem is that FreeRadius is sending packets to the Radius at
interface B with the IP of interface A (the listening interface to my NAS).
You can control
Hi,
I just downloaded the new version for testing, but I got a compile
error. Di somebody get something similar?
I'm building debian packages, on Debian Lenny-RC1. To compile, I had to
remove --with-system-libtool from debian/rules.
Running dpkg-buildpackage -b -uc, I got the following error
rgreiner wrote:
Hi,
I just downloaded the new version for testing, but I got a compile
error. Di somebody get something similar?
I'm building debian packages, on Debian Lenny-RC1. To compile, I had to
remove --with-system-libtool from debian/rules.
Running dpkg-buildpackage -b -uc, I got the
Hi guys,
I'm with problems on my first radius authentication server for
wireless clients. I've made some progress, but now I'm with problems
that I don't know how to solve.
I want to use the NIS user database.
Freeradius version: 2.1.1, compiled from source on mandriva 2008.1
(yes, i don't like
Is cygwin compiled Freeradius.net stable enough to be used in a corporate
environment with a few hundred access-requests daily? Any thoughts?
Thanks.
_
Join the Fantasy Football club and win cash prizes here!
Here is the first line in the users file
(quotes removed)
rtest Auth-Type := ntlm_auth
And here is the error that generates:
/etc/raddb/users[1]: Parse error (check) for entry rtest: Unknown value
ntlm_auth for attribute Auth-Type
Errors reading /etc/raddb/users
/etc/raddb/modules/files[7]:
I'm with problems on my first radius authentication server for
wireless clients. I've made some progress, but now I'm with problems
that I don't know how to solve.
I want to use the NIS user database.
That's your problem right there.
Freeradius version: 2.1.1, compiled from source on mandriva
This is great thank you.
I was trying to find something in the documentation about doing this.
Could anyone point me in the direction of documentation that outlines
using a MySQL database for authenticating users?
Is there some kind of schema that the users table must follow?
Thanks
http://wiki.freeradius.org/SQL_HOWTO
http://wiki.freeradius.org/Rlm_sql_mysql
Le 04.12.2008 09:03, Matthew Carriere a écrit :
This is great thank you.
I was trying to find something in the documentation about doing this.
Could anyone point me in the direction of documentation that outlines
On Thu, 2008-12-04 at 18:07 +0100, Alan DeKok wrote:
You can control this. Read radiusd.conf, and look for the
documentation in the listen section.
What this means in a nutshell is that there is no direct way to tell
freeradius what source IP address to use when proxying (I'll be happy if
Well I'll be a son of a gun :-)
It worked! Awesome, thanks a ton, ok now to see if I can make my silly switch
work with this authentication! Alan, if you're reading this you should add the
inner-tunnel addition to the how to.
Now I just have to figure out the authorization piece of the
I've been working on this on/off for 2 weeks now and I'm confused.
I found on this Windows laptop I've been playing with that I can't
connect via the built-in Windows XP SP3 supplicant but one connection I
can make is using the Intel ProSet (it's a 2100) but the only way that
I've been able to
rgreiner wrote:
Running dpkg-buildpackage -b -uc, I got the following error bellow after
some time. Any ideas about how to proceed?
...
libtool: link: cannot find the library
`/root/freeradius-server-2.1.2/libltdl/libltdlc.la' or unhandled
Bizarre. Nothing in the source or Makefiles
Now I just have to figure out the authorization piece of the puzzle and I'll
be golden.
Service-Type you should use and priv level avpairs should be described in
switch documentation. There is also a common Cisco configuration
described on freeradius wiki:
John Dennis wrote:
I'm getting an error that I suspect is related, however I'm building
with --with-system-libtool and --disable-ltdl-install
error: conditional INSTALL_LTDL was never defined.
I'm in the process of trying to track this down, but it's slow going
because the machine
Joshua Lim wrote:
Is cygwin compiled Freeradius.net stable enough to be used in a
corporate environment with a few hundred access-requests daily? Any
thoughts?
It's 1.1.7, which is *very* old. It may be stable, but it's unsupported.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
John Dennis wrote:
rgreiner wrote:
Hi,
I just downloaded the new version for testing, but I got a compile
error. Di somebody get something similar?
I'm building debian packages, on Debian Lenny-RC1. To compile, I had to
remove --with-system-libtool from debian/rules.
Running
I have included a clip from the radius log file that shows both allow
and a deny. The problem that I'm having is that I need to log info that
I can track back to the computer that logged on. Can I get the mac
address or computer name of the computer written to the log file? I see
that the
Greg Woods wrote:
You can control this. Read radiusd.conf, and look for the
documentation in the listen section.
What this means in a nutshell is that there is no direct way to tell
freeradius what source IP address to use when proxying(I'll be happy if
I'm proven wrong on that).
You can also browse server related stuff on github. For mysql:
http://github.com/alandekok/freeradius-server/tree/master/raddb/sql/mysql
You can get the schema from there, use it and play with RoR and the
database without installing freeradius.
Ivan Kalik
Kalik Informatika ISP
Dana 4/12/2008,
That's awesome. This is a much better option than what I previously
thought would be necessary to setup a development environment.
Has anyone done this before in any language? Any potential issues to
watch out for?
Thanks.
On 4-Dec-08, at 12:43 PM, [EMAIL PROTECTED] wrote:
You can also
John Dennis wrote:
O.K. I give up. I've begun to truly despise libtool. There are too many
layers, obsurcifications, and poorly documented configuration options to
wrap my poor little brain around.
The libtool people must be *much* smarter than me, because I don't
understand the code.
My
Has anyone done this before in any language?
I've done it in ASP.NET (C#), php and perl (on separate occasions). You
actually have dialup admin (php) included with the server. That is not
under active development. daloRadius is (you will find the developer
lurking on this list).
Any potential
Hi,
radiusd: FreeRADIUS Version 1.1.7
radiusd nasname could be host name only. It would be convenient if it could
also be ip as radiusserver in radtest.
Is it supported in new version?
Thanks.
Schilling
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I have included a clip from the radius log file that shows both allow
and a deny. The problem that I'm having is that I need to log info that
I can track back to the computer that logged on. Can I get the mac
address or computer name of the computer written to the log file? I see
that the
I got it working once I upgraded to 2.1.2. Guess something was wrong with my
2.1.1 install.
A pity that it's not possible to have more then one proxy listener as this
would be very useful.
I guess I'll have to nest multiple freeradius installs in the future when I
need to proxy to other networks.
I wonder if this is a small violation of the EAP-TTLS RFC (5281).
In RFC 5281 http://tools.ietf.org/html/rfc5281#section-9.2.2, it states:
Fragments other than the first MUST NOT have the L
bit set. ...
while this behavior is configurable in eap.conf:
#
Hi All,
I have a few problem.
i have freeradius version 1.0.5 running with rlm_sql.
radcheck :
username, attribute, op, value
test1,password,==,testpass
test2,password,==,testpass
radreply :
none
radusergroup :
test1,HS1
test2,HS2
test2,HS1
radgroupcheck :
groupname, attribute, op, value
Gong Cheng wrote:
I wonder if this is a small violation of the EAP-TTLS RFC (5281).
In RFC 5281 http://tools.ietf.org/html/rfc5281#section-9.2.2, it states:
Fragments other than the first MUST NOT have the L
bit set. ...
while this behavior is configurable in eap.conf:
...
schilling wrote:
radiusd nasname could be host name only. It would be convenient if it
could also be ip as radiusserver in radtest.
What does that mean?
The server can use hostname or IP address almost anywhere...
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Jørn Kostøl wrote:
I got it working once I upgraded to 2.1.2. Guess
something was wrong with my 2.1.1 install.
A pity that it's not possible to have more then one proxy listener as
this would be very useful.
It's possible to add that feature to the code. But it's not a
priority right now.
Sergio Belkin wrote:
That solved it. Now it remains a little problem on radiusd.log:
Thu Dec 4 09:07:51 2008 : Error: rlm_ldap: ldap_search() failed: LDAP
connection lost.
Your LDAP server is likely timeout out the connections.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
(sorry i still don't know how to reply into a thread from yahoo web mail)
Yeah I agree. All the supplicants I used are ok with that. I just thought I
might point it out ... Thanks for your reply Alan.
Re: include_length and EAP-TTLS
* To: FreeRadius
45 matches
Mail list logo