Hi,
I'm trying to implement two factor authentication using a CISCO VPN device,
freeRADIUS, and RSA SecurID tokens.
We would like to utilise existing username/password infrastructure by
performing this part of the authentication on the LDAP directories and then the
username/token-code aut
>wow hows thats possible? 8)
>My nas has 2 ADIUS servers support, both filds are pointing to the same
>location w/ same shared secret :(
>
>I will try to reboot NAS and radius, maybe that would help
>
Well, if you have retyped them again (and I mean retype - space in shared
secret can easily be th
wow hows thats possible? 8)
My nas has 2 ADIUS servers support, both filds are pointing to the same
location w/ same shared secret :(
I will try to reboot NAS and radius, maybe that would help
On Mon, Jan 26, 2009 at 6:39 PM, wrote:
> >ok I removed the line from ysers sating that auth-type=syst
>ok I removed the line from ysers sating that auth-type=system and that
>helped w/ authentication of the user... still have small problem... under
>the same conditions I get problem w. accounting stating that my shared
>secret is incorrect so accounting record is not accepted ... I dont get it
>com
t...@kalik.net wrote:
Oh, and to add, the certificate does have this: Client Authentication
purpose is 1.3.6.1.5.5.7.3.2 enabled (verified). Just wanted to clarify
that I did read the FreeRadius Wiki FAQ.
thanks -Josh
Server is happy, supplicant isn't. Enable tracing and read the eapol.l
ok I removed the line from ysers sating that auth-type=system and that
helped w/ authentication of the user... still have small problem... under
the same conditions I get problem w. accounting stating that my shared
secret is incorrect so accounting record is not accepted ... I dont get it
completl
>
>Oh, and to add, the certificate does have this: Client Authentication
>purpose is 1.3.6.1.5.5.7.3.2 enabled (verified). Just wanted to clarify
>that I did read the FreeRadius Wiki FAQ.
>
>thanks -Josh
>
Server is happy, supplicant isn't. Enable tracing and read the eapol.log:
http://support.mi
I'm using 1.5
(for some reason cold not install 2.x)
Ok let me se if i can enable PAP
On Mon, Jan 26, 2009 at 3:20 PM, wrote:
> >ok here is the debug info. Note: there is an SQL error which is not a
> >problem... thats bug in mysql so it will onlyopen connection from second
> >request. also wh
Josh Hiner wrote:
t...@kalik.net wrote:
I have a Ruckus ZoneDirector 1025 with waps that I just installed.
Testing out different EAP types I can use. I am using FreeRadius 2.1.3.
I have eap-ttls and eap-peapv0 working perfectly (I am using windows to
control the wireless card for peap and it w
>ok here is the debug info. Note: there is an SQL error which is not a
>problem... thats bug in mysql so it will onlyopen connection from second
>request. also when i sue the same combination under radius ping with CHAP
>all works good but w/o chap nothing works
>
What freeradius version is this?
t...@kalik.net wrote:
I have a Ruckus ZoneDirector 1025 with waps that I just installed.
Testing out different EAP types I can use. I am using FreeRadius 2.1.3.
I have eap-ttls and eap-peapv0 working perfectly (I am using windows to
control the wireless card for peap and it works great). Was go
ok here is the debug info. Note: there is an SQL error which is not a
problem... thats bug in mysql so it will onlyopen connection from second
request. also when i sue the same combination under radius ping with CHAP
all works good but w/o chap nothing works
rad_recv: Access-Request packet
>My NAS sends only cleat text password and freeRadius seams to expect CHAP
>passwors instead...
>How can I configure FR to accespt clear text passwords?
>Thanks a lot!
>
>PS: My curent default auth-type = system... i tried local but that did not
>help :(
There is no need for setting Auth-Type. Rem
>> That is the assistance I need - writing the correct regular expression.
>
>http://www.regular-expressions.info/
>
>User-Name =~ "^([...@]+)(@isp.com)?$"
>
Double quotes don't work for me (2.1.3). Single work OK:
DEFAULT User-Name =~ '^([...@]+)(@isp.com)?$'
also, in second statement, it doe
Hey all,
My NAS sends only cleat text password and freeRadius seams to expect CHAP
passwors instead...
How can I configure FR to accespt clear text passwords?
Thanks a lot!
PS: My curent default auth-type = system... i tried local but that did not
help :(
-
List info/subscribe/unsubscribe? See htt
Thanks for the tip.
At first, it did not work. Then I noticed that the freeswitch guys/gals
had the keyword Freeswitch at the end of each attribute declaration. E.g. :
ATTRIBUTE Freeswitch-Callenddate 23 string
Freeswitch
After I deleted this it worked fine :
ATTR
there is not two different dictionanries, the support juste told you
that the dictionnary they gave is meant to be used with radclient
standalone installations. If you have a whole freeradius server
installled, most of the attributes contained in this file are already
definec elsewhere.
Just copy/
Hi,
I was trying to load the freeswitch dictionary (see attachment) in
freeradius and I am getting the following
error :
"Errors reading dictionary: dict_init:
/usr/local/share/freeradius/dictionary.freeswitch[257]: unknown option
"Freeswitch""
I asked this question to the freeswitch maili
>i use the perl example supplied with freeradius for authenticate my
>user.
>
>modules {
>perl {
>module = "/etc/raddb/Test-Auth.pl"
>func_accounting = accounting
>func_authenticate = authenticate
>func_authorize = authorize
>
Hi
i use the perl example supplied with freeradius for authenticate my
user.
modules {
perl {
module = "/etc/raddb/Test-Auth.pl"
func_accounting = accounting
func_authenticate = authenticate
func_authorize = authorize
t...@kalik.net a écrit :
I'm trying to use vlan assignment under EAP-TTLS authentification. It
works.
Furthermore, when reauth is needed by the Cisco AP (after 300 seconds),
my supplicant NetworkManager under Fedora 9 tells fast
reauthentification.
It probably doesn't send the same usern
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
tech.subscripti...@shepherdhill.biz wrote:
>>> and failed authentication. Kindly assist.
>>
>> Write a *correct* regular expression that matches the incoming
>> User-Name.
>
> That is the assistance I need - writing the correct regular expression.
and failed authentication. Kindly assist.
Write a *correct* regular expression that matches the incoming User-Name.
That is the assistance I need - writing the correct regular expression.
Regards,
Chris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>I'm trying to use vlan assignment under EAP-TTLS authentification. It
>works.
>Furthermore, when reauth is needed by the Cisco AP (after 300 seconds),
>my supplicant NetworkManager under Fedora 9 tells fast
>reauthentification.
It probably doesn't send the same username. But without the debug
Hello,
I'm trying to use vlan assignment under EAP-TTLS authentification. It
works.
Furthermore, when reauth is needed by the Cisco AP (after 300 seconds),
my supplicant NetworkManager under Fedora 9 tells fast
reauthentification. At this point, Freeradius does not send again vlan
attributes
>this *Session-Timeout = 79845* is just an echo from my script.
>
>echo "Session-Timeout = $CONEXION_SEG"
>exit 0
>
As a joke - put := in that echo statement. And see what happens.
Why do you ask for help if you don't want to follow the answers?
>In my database, I have := as operator.
So what?
t...@kalik.net escribió:
Hi again,
I use that operator :=
[exec] expand: %{User-Name} -> be...@wifiya.com
Exec-Program output: VALOR 1(Username) ES be...@wifiya.com
Session-Timeout = 79845
Exec-Program-Wait: plaintext: VALOR 1(Username) ES be...@wifiya.com
*Session-Timeout = 798
Hi Thiebault,
you saved me. AGAIN! :-) That was the clue, not including the Email in
the DN, just saying no in TinyCA was the first step to the solution. XP
SP3 took then the cert for auth.
@Ivan: Thanks for your reply, but it's not an TinyCA issue.
Second step was, that 2000/XP <= SP2 conv
>>> Hi again,
>>>
>>> I use that operator :=
>>>
>[exec] expand: %{User-Name} -> be...@wifiya.com
>Exec-Program output: VALOR 1(Username) ES be...@wifiya.com
>Session-Timeout = 79845
>Exec-Program-Wait: plaintext: VALOR 1(Username) ES be...@wifiya.com
>*Session-Timeout = 79845*
>Exec-Program: ret
ot;be...@wifiya.com"'
[acct_unique] Acct-Unique-Session-ID = "ef62a1fd47a430c6".
++[acct_unique] returns ok
[suffix] Looking up realm "wifiya.com" for User-Name = "be...@wifiya.com"
[suffix] Found realm "wifiya.com"
[suffix] Adding Stripped-User-Nam
>Thanks for your reply, but that is already what I do. I have created a
>CA in TinyCA and the server has a signed server-cert and each client has
>a signed client-cert (both with the XP specific usage attributes). The
>CA is of course imported into the trusted authorities branch. The CN ist
>the Co
Alexandros Gougousoudis a écrit :
Hi Ivan,
Try signing client certificates with the ca certificate. I have included
modified Makefile for 2.1.3. I have added "make caclient.pem" to
produce client certificates and "cleanca" to remove them. Try
importing caclient.p12 created this way onto the us
Hi Ivan,
Try signing client certificates with the ca certificate. I have included
modified Makefile for 2.1.3. I have added "make caclient.pem" to
produce client certificates and "cleanca" to remove them. Try
importing caclient.p12 created this way onto the user machine (along
with ca.der) and
>> >We are currently using EAP-TLS authentication with FreeRADIUS at the place
>> >where I work right now. Management would like to be able to restrict the
>> >use
>> >of a given certificate for this authentication to specific MAC addresses.
>> >In
>> >other words, for each certificate, the des
If you have these figures, yours database has to be GOOD DB server and a GOOD
machine.> To: freeradius-users@lists.freeradius.org> Subject: Re: Best Config>
Date: Sat, 24 Jan 2009 11:08:53 +0100> From: t...@kalik.net> > > >From
experience, what would be the best server configuration for> >200,0
tech.subscripti...@shepherdhill.biz wrote:
> DEFAULT User-Name =~ "^([...@]+)@isp.com", NAS-IP-Address == "127.0.0.1"
> User-Name := "%{1}"
>
> and this is my debug:
> rad_recv: Access-Request packet from host 127.0.0.1 port 36732, id=6,
> length=59
> User-Name = "4371104"
> User
Francesco Toro XB wrote:
> I'm unsing freeRadius 2.1.3 over SUSE Linux.
> I'm trying to set SQL accounting with a sybase DB, but unsuccesfully.
> Anyone can tell me what sybase pluging I have to use?
You did not give enough information for anyone to be able to help you.
"Hi, I tried to do stu
Hi,
I added:
DEFAULT User-Name =~ "^([...@]+)@isp.com", NAS-IP-Address == "127.0.0.1"
User-Name := "%{1}"
and this is my debug:
rad_recv: Access-Request packet from host 127.0.0.1 port 36732, id=6,
length=59
User-Name = "4371104"
User-Password = "4371104"
NAS-IP
Hi All,
I'm unsing freeRadius 2.1.3 over SUSE Linux.
I'm trying to set SQL accounting with a sybase DB, but unsuccesfully.
Anyone can tell me what sybase pluging I have to use?
Thnks in advance,
Francesco Toro.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.h
Abu Warez wrote:
> Hi,
>
> I want to use `files' as the auth method on radius 2.1.3. I added one user to
> the users file in /etc:
>
> "{1}00100...@test.com" Service-Type == Framed-User
> Framed-IP-Address=30.30.30.1,
> Framed-MTU=1500,
> Auth-Type=Accept
The "Auth
40 matches
Mail list logo