Hello,
look in auth-detail here you see the requests from your nas.
Here is one request from our Cisco-Wlc (wism):
Thu Jan 15 06:01:06 2009
Packet-Type = Access-Request
User-Name = gschwarz
Calling-Station-Id = 00-1F-5B-D7-3D-53
Called-Station-Id =
The requests all came in at the same time, to the second (among others),
its like FR took 3 requests and looked at the database at the exact same
time, saw it was an available IP and all those 3 requests assigned it.
That can't be avoided. SELECT (allocate-find) will always work much
faster than
Hi all,
I'm facing a really strange problem. The setup:
IAS+RRAS on Windows 2k3 server - FW with proxy - FREERADIUS on linux
There are to clients for the freeradius:
- Linksys WRT300N ( 802.1x + WPA2 on wifi )
- Cisco 3750G ( 802.1x on wired port )
The freeradius is configured as a proxy
Hello all,
I am having some issues with setting up 802.1x using
freeradius-server-2.1.1-2.el5. I have 3 SSIDs setup. One of them is
doing Mac Auth against a file. One is using ldap auth and the other is
setup to use 802.1x. Mac auth and ldap auth works great so I know my
ldap config in radius
I have an existing FreeRadius setup for an 802.1x wireless network.
Currently the accounting is done to a MySQL database. Presently, the
username appearing in these records is the outer identity. I want to use
the authenticated inner identity, such that I can rely on my accounting
data e.g.
Hello Ivan,
Would adding a mutex around the select-update code in the sqlippool
module solve this issue?
Padam
t...@kalik.net wrote:
The requests all came in at the same time, to the second (among others),
its like FR took 3 requests and looked at the database at the exact same
smbencrypt is distributed with the server. Use it to check the
password hash.
Ivan Kalik
Kalik Informatika ISP
The authentication is half finished. The hint with the smbencrypt showed
that the stored nt passwords in our ldap directory was wrong. The hint with
ldap.attrmap pointed to a wrong
Can't you do the select and update as part of one transaction?
For example with MySQL:
START TRANSACTION;
SELECT @A:=SUM(salary) FROM table1 WHERE type=1;
UPDATE table2 SET summa...@a WHERE type=1;
COMMIT;
The transaction may need to be changed to serializable as well. I don't know
I dont know if this means anything, but Im not using DHCP, Im using
PPPoE. I didnt know FR could even be a dhcp server.
Im just throwing out ideas, but is there a way to not thread the
sqlippool module ? Let one request at a time for an IP, sure it would
be slower, but for my use would be fine.
Can't you do the select and update as part of one transaction?
For example with MySQL:
START TRANSACTION;
SELECT @A:=SUM(salary) FROM table1 WHERE type=1;
UPDATE table2 SET summa...@a WHERE type=1;
COMMIT;
AFAIK it is the transaction. Problem is that update will work for all
three users.
I am having some issues with setting up 802.1x using
freeradius-server-2.1.1-2.el5. I have 3 SSIDs setup. One of them is
doing Mac Auth against a file. One is using ldap auth and the other is
setup to use 802.1x. Mac auth and ldap auth works great so I know my
ldap config in radius should be setup
Ok here's where I'm at now:
I added a second IP Pool in my radius.conf. If I create a user account
with a group that only lists that new IP Pool (main_pool2), I get an
address in that pool. The problem is when I have a user in a group that
uses both pools (main_pool and main_pool2), when
Below are all sections of the radius.conf that I've got the pools called
out.
accounting {
detail
main_pool
main_pool2
radutmp
sql
}
post-auth {
# Get an address from the IP Pool.
main_pool
main_pool2
sql
}
redundant {
# added by mcc per suggestions 11/9/08
main_pool
Below are all sections of the radius.conf that I've got the pools called
out.
accounting {
detail
main_pool
main_pool2
radutmp
sql
}
post-auth {
# Get an address from the IP Pool.
main_pool
main_pool2
sql
}
redundant {
# added by mcc per suggestions 11/9/08
main_pool
Change this in ippool.conf:
allocate-update = UPDATE ${ippool_table} \
SET nasipaddress = '%{NAS-IP-Address}', pool_key = '${pool-key}', \
callingstationid = '%{Calling-Station-Id}', username =
'%{User-Name}', \
expiry_time = NOW() + INTERVAL ${lease-duration} SECOND \
WHERE framedipaddress =
On Thursday, January 15, 2009 at 20:36:00, t...@kalik.net wrote:
Where is his password supposed to be? Ldap auth can't work with mschap,
so you need to send the password to freeradius. You need to enable ldap
instances in inner-tunnel virtual server (that will be doing mschap
auth).
The
The passwords are in the ldap server (Novell). I don't understand what
you mean by
so you need to send the password to freeradius
It should be made available in userPassword attribute. Or as NT hash in
ntPassword or sambaNtPassword.
Can you either explain or point me to the proper doc? If ldap
I've moved redundant to be inside of post-auth and restarted
radiusd. Any ideas on how to test that it's working without waiting
for a max usage night?
Marco
t...@kalik.net wrote:
Below are all sections of the radius.conf that I've got the pools called
out.
accounting {
detail
I've moved redundant to be inside of post-auth and restarted
radiusd. Any ideas on how to test that it's working without waiting
for a max usage night?
It now looks like:
post-auth {
# Get an address from the IP Pool.
main_pool
main_pool2
#
sql
redundant {
# added by mcc per
The passwords need to be extracted from eDirectory and passed to
freeradius.
This guide is old - I haven't seen what needs to be done with the
freeradius config, but it will tell you what you need to do on the
Novell end.
http://freeradius.org/doc/radiusadmin.pdf
Mearl
-Original
Don't you have a test server? Don't run tests on a production server.
radclient can send simultaneous requests.
http://wiki.freeradius.org/Radclient
Ivan Kalik
Kalik Informatika ISP
Dana 15/1/2009, Marco C. Coelho mailli...@argontech.net piše:
I've moved redundant to be inside of post-auth and
There are comments about eDirectory in ldap module configuration file.
You might need to rebuild the server.
Ivan Kalik
Kalik Informatika ISP
Dana 15/1/2009, Danner, Mearl jmdan...@samford.edu piše:
The passwords need to be extracted from eDirectory and passed to
freeradius.
This guide is
22 matches
Mail list logo
