Hi,
> 1.) My Radius Server IP auth = 172.21.185.142, acct = 172.21.185.142
> 2.) User = alcatel , Domain = adilab.com
> 3.) User password = alcatel
> 4.) Authentication: 8021.X , through MD5-Challenge.
> If possible, kindly provide me the Radius Server COnfiguration for the above
> mentioned, deta
Sorry, that should be
apt-get build-dep freeradius
apt-get install dpatch
dpatch is necessary to build the source package but isn't including as a
build dependency.
On Thu, Dec 11, 2008 at 2:09 AM, Jason Wittlin-Cohen <
[EMAIL PROTECTED]> wrote:
> Note that the version of FreeRADIUS packaged by
Note that the version of FreeRADIUS packaged by Ubuntu doesn't have SSL
support (so no TLS, PEAP, TTLS). If you decide to install from source you
should build a .deb package. It'll make it easier to administer and
upgrade/uninstall in the future.
tar -xvf freeradius*
cd freeradius*
apt-get build-d
Sudo apt-get install freeradius
Its a bit of an older version if i remember correctly, so if you need
virtual hosts (or whatever they are called) you should compile from
source. First get the tar file
tar -xvf freeradius*
cd freeradius*
./configure (with whatever modules you need)
make
sudo m
On Wed, 2008-12-10 at 21:36 -0500, Jason Wittlin-Cohen wrote:
> Craig,
>
> Have you tried authenticating with the same certificate from a
> different computer, or using a different supplicant? The XP supplicant
> is pretty awful. If you have an Intel card, you can download the Intel
> PROset softw
Hi
This is Durai Velan C, from India.
I would like to know about the Free Radius Version that supports, "Dynamic
VLAN Association" for an User that is getting authenticated from Radius
Server.
Here by, I would require the Free Radius Server Configurations document to
aid the Same.
Requirements.
1.)
Craig,
Have you tried authenticating with the same certificate from a different
computer, or using a different supplicant? The XP supplicant is pretty
awful. If you have an Intel card, you can download the Intel PROset software
for free which has more features than XP's supplicant, supports more
a
Hi,
I'm setting up RADIUS server to use with Wireless network
1) RADIUS server is Debian (eth0=192.168.25.254 (support all local
computer, Access point) and eth1=192.168.2.45 (to Internet)
2) Access Point is LinkSys WAP54G (192.168.25.75)
3) Client is Dell Inspiron with Intel Broadcom wire
On Wed, 2008-12-10 at 19:51 -0500, Jason Wittlin-Cohen wrote:
> Craig,
>
> Apparently Windows automatically sends non-CA certificates in DER or
> PEM format to the "Other People' certificate store. More importantly,
> the wireless supplicant in Windows XP \will not work with PEM or DER
> formatted
Hi, thanks for your quick reply.
I have seen the documents related with wimax in the freeradius, files in
rlm_wimax directory, dictionary.wimax, /modules/wimax. However, I didn't figure
out how to configure it to let it use the wimax vender specified attribute. I
also find the MSK is set to 32 b
>Apparently Windows automatically sends non-CA certificates in DER or PEM
>format to the "Other People' certificate store. More importantly, the
>wireless supplicant in Windows XP \will not work with PEM or DER formatted
>client certificates. It'll complain that you have no certificate. You must
>c
I am also about to install FreeRadius, anyone have experience with
installing on Ubuntu 8.10 Server 32 Bit?
--
Matthew Carriere
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>Is it normal for this 'client' certificate to show "Windows does not
>have enough information to verify this certificate" when you view it?
>
No. Click on the details and see who is the issuer - server or ca. You
should give users .p12 certificates which can't be installed without a
password used
On Thu, 2008-12-11 at 01:49 +0100, [EMAIL PROTECTED] wrote:
> >I only re-generated the 'client' certificate but in doing a diff, it
> >appears that every level of cert generation has changed...do I have to
> >start over?
> >
>
> You should. Original Makefile was creating ca certificate that was va
Craig,
Apparently Windows automatically sends non-CA certificates in DER or PEM
format to the "Other People' certificate store. More importantly, the
wireless supplicant in Windows XP \will not work with PEM or DER formatted
client certificates. It'll complain that you have no certificate. You mus
On Wed, 2008-12-10 at 19:32 -0500, Jason Wittlin-Cohen wrote:
> >server certs seem fine but generated client cert in Windows shows
> >"Windows does not have enough information to verify" and yes, I have
> >loaded the 'ca.der' file generated by the instructions on the Windows
> >client and that inst
>I only re-generated the 'client' certificate but in doing a diff, it
>appears that every level of cert generation has changed...do I have to
>start over?
>
You should. Original Makefile was creating ca certificate that was valid
only for 30 days. This one will use value from ca.cnf.
>Windows is
>server certs seem fine but generated client cert in Windows shows
>"Windows does not have enough information to verify" and yes, I have
>loaded the 'ca.der' file generated by the instructions on the Windows
>client and that installs in 'Trusted Root Authorities'. The 'client'
>cert seems to instal
On Thu, 2008-12-11 at 01:13 +0100, [EMAIL PROTECTED] wrote:
> >freeradius-2.1.1-2 (rebuild SRPM from Fedora on CentOS 5)
> >
> >followed instructions in certs/README perfectly - so I believe.
> >
> >server certs seem fine but generated client cert in Windows shows
> >"Windows does not have enough i
>freeradius-2.1.1-2 (rebuild SRPM from Fedora on CentOS 5)
>
>followed instructions in certs/README perfectly - so I believe.
>
>server certs seem fine but generated client cert in Windows shows
>"Windows does not have enough information to verify" and yes, I have
>loaded the 'ca.der' file generate
Just E. Mail wrote:
OK..
I am ready to install freeRADIUS!. I have setup a LINUX server with:
CentOS 5.2
mySQL-server-5.0.25-7
I noticed that 2.1.3 is the latest freeRADIUS version. Does it work
with the above OS & mySQL versions or I need to fall back to a
previous version of freeRADIUS? I
OK..
I am ready to install freeRADIUS!. I have setup a LINUX server with:
CentOS 5.2
mySQL-server-5.0.25-7
I noticed that 2.1.3 is the latest freeRADIUS version. Does it work with
the above OS & mySQL versions or I need to fall back to a previous
version of freeRADIUS? I am pretty new and thi
freeradius-2.1.1-2 (rebuild SRPM from Fedora on CentOS 5)
followed instructions in certs/README perfectly - so I believe.
server certs seem fine but generated client cert in Windows shows
"Windows does not have enough information to verify" and yes, I have
loaded the 'ca.der' file generated by th
On Tue, Dec 9, 2008 at 5:35 AM, Alan DeKok <[EMAIL PROTECTED]>wrote:
> Jason Wittlin-Cohen wrote:
> > I already do that with the Juniper Access Client. The problem is that
> > the client certificate has the user's name as the Common Name and that
> > is sent in the clear. PEAP/EAP-TLS sends the us
(repost, was posted as part of wrong thread)
I have had a number of problems with 1.1.7 and sqlippool that its simply
not able to process more than 10-20 connections at any one time.
I will upgrade to 2.1.3 if its capable of handing 50-80 connections at
one time? Does any one know?
My server is
I have had a number of problems with 1.1.7 and sqlippool that its simply
not able to process more than 10-20 connections at any one time.
I will upgrade to 2.1.3 if its capable of handing 50-80 connections at
one time? Does any one know?
My server is a p4 dual core 3.0ghz and its also handing so
>So if I used a ready made captive portal solution, would my solution still
>work?
>
>Captive Portal authenticates users (using FreeRadius?)
Yes. It will provide login screen and most of them can be set up to use
radius.
>WLAN controller delivers an IP.
Yes. And you Ruby application hadles user
Just E. Mail wrote:
> 1. Is there a GUI application to setup freeRADIUS?
daloradius, dialupadmin,
> 2. Is there a free accounting package (must interface with mySQL) I can
> use?
To do... what?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.h
Peter Ellens wrote:
> If I stop the first sql server service, freeradius starts to use the
> second sql server, as expected.
>
> But if I stop the entire first server (ie poweroff) freeradius still
> continues to try and use sql1, hanging...
FreeRADIUS is at the mercy of the MySQL client librar
Ok.
So if I used a ready made captive portal solution, would my solution still
work?
Captive Portal authenticates users (using FreeRadius?)
WLAN controller delivers an IP.
On Wed, Dec 10, 2008 at 2:38 AM, <[EMAIL PROTECTED]> wrote:
> >Yes I do plan on using a RoR application to make the changes
>It is bad news, you say check mac address too
>no way reject it simple without mac...
How much simpler can you get? You say that it is a problem that a user
with AD account gets access from an unauthorized machine. The only
answer is to check machine credentials. mac filtering is the simplest
thi
Hello:
My first try on freeRADIUS. I am going to setup a test freeRADIUS server
with CentOS 5.2 & mySQL for learning about RADIUS server. Questions:
1. Is there a GUI application to setup freeRADIUS?
2. Is there a free accounting package (must interface with mySQL) I can use?
Thanks.
Sam
-
Abdelmonam Kouka wrote:
> I am new on FreeRadius, I tried to build it from sources on ubuntu 8.04,
> when I run ./configure all is OK, but when I run make I have got this error:
> /home/kouka/Desktop/freeradius-server-2.1.2/src/freeradius-devel/modpriv.h:9:18:
Delete 2.1.2, and install 2.1.3. S
still a few issues so I upgraded to 2.1.1 and in debug mode (and I have
enabled ldap), I see this...
[ldap] checking if remote access for $SOME_USER is allowed by uid
[ldap] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x...
rlm_ldap: sambaLmPassword -> LM-Pa
On Wed, 10 Dec 2008, Marcel Grandemange wrote:
|->
|->|->>I have a problem where I upgraded v1 to v2 of freeradius and now I can
|->only
|->|->start it with mode radius -X , if I try use script is simply does
|->following.
|->|->
|->|->>/usr/local/etc/rc.d]# ./rc.radiusd start
|->|->>Starting Free
Have you checked permissions of the file / dir?
Marcel Grandemange wrote:
|->>I have a problem where I upgraded v1 to v2 of freeradius and now I can
only
|->start it with mode radius -X , if I try use script is simply does
following.
|->
|->
|->
|->>/usr/local/etc/rc.d]# ./rc.radiusd start
|->>S
|->>I have a problem where I upgraded v1 to v2 of freeradius and now I can
only
|->start it with mode radius -X , if I try use script is simply does
following.
|->
|->
|->
|->>/usr/local/etc/rc.d]# ./rc.radiusd start
|->>Starting FreeRADIUS:radiusd: Error: No log destination specified.
|->>Radius
Hey,
This may be a stupid question, but if I don't have access to a carriers
HLR. Can I still do EAP-SIM if I have a sim reader.
Sorry for this question I am just having trouble finding a definitive
answer.
Thanks,
Leigh
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/user
The new version of FreeRADIUS, 2.1.3, is available in the testing
repositories for Fedora 10 and Fedora 9.
Please note they are in the testing repositories and have not been
pushed to stable yet.
If you have questions or issues please consult the FreeRadius Red Hat
FAQ (http://wiki.freeradiu
[EMAIL PROTECTED] wrote:
certainly,
hi is in the AD it is correct,
the problem is the domain
win send the
- DOMAIN\username if it is in domain,
- HOSTNAME\username if it is not in domain (only workgroup)
but when i set TEST(my domain) as hostname (it still not in domain), it
will send this and
henry1412 wrote:
I install freeradius-2.1.3 on redhat9, the python version is 2.2
Is my python version too old ?
As was stated numerous times, all your software versions are old and you
should upgrade to current versions. RedHat 9 and all the software which
came with it is 5 years old. The fol
>certainly,
>hi is in the AD it is correct,
>
>the problem is the domain
>
>win send the
>- DOMAIN\username if it is in domain,
>- HOSTNAME\username if it is not in domain (only workgroup)
>
>but when i set TEST(my domain) as hostname (it still not in domain), it
>will send this and freeradius thin
[EMAIL PROTECTED] wrote:
here is the debug: (user-test- who is not in domain
Well, he was found in AD. And in that domain. And with correct password.
certainly,
hi is in the AD it is correct,
the problem is the domain
win send the
- DOMAIN\username if it is in domain,
- HOSTNAME\user
>> 2. I don't expand the vlanXY schema, I get user info(by samaccname)
>> contains "member of" attr, and in the freeradius user file I create
>> group. If group in the users file equals "member of" attrib send back
>> the vlan info to the switch:
>> (i know it is not good yet)
>> DEFAULT Ldap-Group
On Wed, Dec 10, 2008 at 11:01:05AM +0100, Abdelmonam Kouka wrote:
> I am new on FreeRadius, I tried to build it from sources on ubuntu 8.04,
> when I run ./configure all is OK, but when I run make I have got this error:
> /home/kouka/Desktop/freeradius-server-2.1.2/src/freeradius-devel/modpriv.h:9
>Yes I do plan on using a RoR application to make the changes to the MySQL
>database.
>So I think this is coming together. However, the username and password...
>where is the user responsible for using those credentials.
>
>Would a user connect to my WiFi network, then authenticate against the
>RAD
>here is the debug: (user-test- who is not in domain
Well, he was found in AD. And in that domain. And with correct password.
>[mschap] expand: --domain=%{mschap:NT-Domain} -> --domain=TEST
>[mschap] expand: --username=%{mschap:User-Name} -> --username=test
>[mschap] mschap2: 10
>
>[msch
Hegedus Gabor wrote:
Hi all!
I have 802.1x authentication, which works.
I want use dynamic vlan assignment:
The radius authenticate the user (use ntlm_auth)
and after this, it use ldap to get user indormation form database
(username=samaccount name).
ldap.attrmap changes the attributes and sen
Salem,
I am new on FreeRadius, I tried to build it from sources on ubuntu 8.04,
when I run ./configure all is OK, but when I run make I have got this error:
/home/kouka/Desktop/freeradius-server-2.1.2/src/freeradius-devel/modpriv.h:9:18:
error: ltdl.h: No such file or directory
In file included fr
You say you read the FAQ. Did you see this:
http://wiki.freeradius.org/FAQ#It_still_doesn.27t_work.21
Ivan Kalik
Kalik Informatika ISP
>
>Jason, thank you for you prompt reply but i've already solved the problem
>with Re[2]: (err=2)! (Shared secret is incorrect.)
>But i met another one like thi
hello!
debugging freeRADIUS i met the problem like this:
'rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=194,
length=20'
At the beginning I thought that the problem was in the users file but
in radiusd.log I saw the message:
rlm_sql (sql): Driver rlm_sql_oracle (module rlm_s
hello!
debugging freeRADIUS i met the problem like this:
At the beginning I thought that the problem was in the users file but
in radiusd.log I saw the message:
rlm_sql (sql): Driver rlm_sql_oracle (module rlm_sql_oracle) loaded and linked
rlm_sql (sql): Attempting to connect to [EMAIL PROTECTE
>Under my freeradius and ap current configuration, I can be success
>authenticated by windows xp client, but failed by linux client of
>wpa_supplicant-0.4.8 What's wrong with my setting? Is my wpa_supplicant
>version too old or my wpa_supplicant config file has some problem?
And you are asking
Hi all,
I'm trying to configure EAP-AKA using EAP2, where do I insert the
quintets?.. in the same way as EAP-SIM?
Thanks,
Fernando.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Under my freeradius and ap current configuration, I can be success
authenticated by windows xp client, but failed by linux client of
wpa_supplicant-0.4.8. What's wrong with my setting? Is my wpa_supplicant
version too old or my wpa_supplicant config file has some problem?
-
List info/subscribe/
for example:
clients.conf file:
client 192.168.1.0/24 {
secret= cisco
shortname = not_important
}
users file:
username Cleartext-password:="pasSw0rd"
for test it local uncomment this section in clients.conf(if it is
commented):
client localhost {
ipaddr=127.0.0.1
secret= test
Ying DONG wrote:
> I am using the freeradius server 2.1.1 as the Radius server in the
> network to authenticate a wimax user.
>
> It seems that it could support the wimax VSA, since I found the
> dictionary.wimax in the dictionary directory.
If you look at the *rest* of the configuration files,
henry1412 wrote:
>>>I want to build a IEEE 802.1x authentication environoment and
>>>I have installed freeradius-1.0.2,
>> Why? It's outdated and has serious security flaws in EAP.
> I just do some testing with old version who had more documents. It seem
> the old version also can run well, but I c
[EMAIL PROTECTED] wrote:
my configuration:
radius 2.X , win 2003 AD, domain: TEST, 802.1x
I have a problem:
If the pc is in the domain(TEST) it can authenticate good.
If it is not in domain it can't auth, it is good, BUT when i set the
computer name to TEST and it is not in the domain(simple
Title: Re[2]: (err=2)! (Shared secret is incorrect.)
Jason, thank you for you prompt reply but i've already solved the problem with Re[2]: (err=2)! (Shared secret is incorrect.)
But i met another one like this:
'rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=194, length=20 '
The shared secret is the password that clients use to connect to the RADIUS
server. It's located in the "client.conf" file in your freeradius
configuration directory. Note, that this shared secret is used to secure
RADIUS traffic. User names and passwords of users which are authenticating
via EAP a
61 matches
Mail list logo
