Abu Warez wrote:
Hi,
I want to use `files' as the auth method on radius 2.1.3. I added one user to
the users file in /etc:
{1}00100...@test.com Service-Type == Framed-User
Framed-IP-Address=30.30.30.1,
Framed-MTU=1500,
Auth-Type=Accept
The Auth-Type =
Hi All,
I'm unsing freeRadius 2.1.3 over SUSE Linux.
I'm trying to set SQL accounting with a sybase DB, but unsuccesfully.
Anyone can tell me what sybase pluging I have to use?
Thnks in advance,
Francesco Toro.
-
List info/subscribe/unsubscribe? See
Hi,
I added:
DEFAULT User-Name =~ ^([...@]+)@isp.com, NAS-IP-Address == 127.0.0.1
User-Name := %{1}
and this is my debug:
rad_recv: Access-Request packet from host 127.0.0.1 port 36732, id=6,
length=59
User-Name = 4371104
User-Password = 4371104
NAS-IP-Address
Francesco Toro XB wrote:
I'm unsing freeRadius 2.1.3 over SUSE Linux.
I'm trying to set SQL accounting with a sybase DB, but unsuccesfully.
Anyone can tell me what sybase pluging I have to use?
You did not give enough information for anyone to be able to help you.
Hi, I tried to do stuff,
tech.subscripti...@shepherdhill.biz wrote:
DEFAULT User-Name =~ ^([...@]+)@isp.com, NAS-IP-Address == 127.0.0.1
User-Name := %{1}
and this is my debug:
rad_recv: Access-Request packet from host 127.0.0.1 port 36732, id=6,
length=59
User-Name = 4371104
User-Password =
If you have these figures, yours database has to be GOOD DB server and a GOOD
machine. To: freeradius-users@lists.freeradius.org Subject: Re: Best Config
Date: Sat, 24 Jan 2009 11:08:53 +0100 From: t...@kalik.net From
experience, what would be the best server configuration for 200,000 users
We are currently using EAP-TLS authentication with FreeRADIUS at the place
where I work right now. Management would like to be able to restrict the
use
of a given certificate for this authentication to specific MAC addresses.
In
other words, for each certificate, the desire is to tie
Hi Ivan,
Try signing client certificates with the ca certificate. I have included
modified Makefile for 2.1.3. I have added make caclient.pem to
produce client certificates and cleanca to remove them. Try
importing caclient.p12 created this way onto the user machine (along
with ca.der) and see
Alexandros Gougousoudis a écrit :
Hi Ivan,
Try signing client certificates with the ca certificate. I have included
modified Makefile for 2.1.3. I have added make caclient.pem to
produce client certificates and cleanca to remove them. Try
importing caclient.p12 created this way onto the user
Thanks for your reply, but that is already what I do. I have created a
CA in TinyCA and the server has a signed server-cert and each client has
a signed client-cert (both with the XP specific usage attributes). The
CA is of course imported into the trusted authorities branch. The CN ist
the
.
++[suffix] returns ok
++[files] returns noop
+- entering group accounting {...}
[detail]expand:
/usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
- /usr/local/freeradius/var/log/radius/radacct/83.150.207.2/detail-20090126
[detail]
/usr/local/freeradius/var/log
Hi again,
I use that operator :=
[exec] expand: %{User-Name} - be...@wifiya.com
Exec-Program output: VALOR 1(Username) ES be...@wifiya.com
Session-Timeout = 79845
Exec-Program-Wait: plaintext: VALOR 1(Username) ES be...@wifiya.com
*Session-Timeout = 79845*
Exec-Program: returned: 0
Let's
Hi Thiebault,
you saved me. AGAIN! :-) That was the clue, not including the Email in
the DN, just saying no in TinyCA was the first step to the solution. XP
SP3 took then the cert for auth.
@Ivan: Thanks for your reply, but it's not an TinyCA issue.
Second step was, that 2000/XP = SP2
t...@kalik.net escribió:
Hi again,
I use that operator :=
[exec] expand: %{User-Name} - be...@wifiya.com
Exec-Program output: VALOR 1(Username) ES be...@wifiya.com
Session-Timeout = 79845
Exec-Program-Wait: plaintext: VALOR 1(Username) ES be...@wifiya.com
*Session-Timeout =
this *Session-Timeout = 79845* is just an echo from my script.
echo Session-Timeout = $CONEXION_SEG
exit 0
As a joke - put := in that echo statement. And see what happens.
Why do you ask for help if you don't want to follow the answers?
In my database, I have := as operator.
So what? You are
Hello,
I'm trying to use vlan assignment under EAP-TTLS authentification. It
works.
Furthermore, when reauth is needed by the Cisco AP (after 300 seconds),
my supplicant NetworkManager under Fedora 9 tells fast
reauthentification. At this point, Freeradius does not send again vlan
attributes
I'm trying to use vlan assignment under EAP-TTLS authentification. It
works.
Furthermore, when reauth is needed by the Cisco AP (after 300 seconds),
my supplicant NetworkManager under Fedora 9 tells fast
reauthentification.
It probably doesn't send the same username. But without the debug ...
and failed authentication. Kindly assist.
Write a *correct* regular expression that matches the incoming User-Name.
That is the assistance I need - writing the correct regular expression.
Regards,
Chris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
tech.subscripti...@shepherdhill.biz wrote:
and failed authentication. Kindly assist.
Write a *correct* regular expression that matches the incoming
User-Name.
That is the assistance I need - writing the correct regular expression.
t...@kalik.net a écrit :
I'm trying to use vlan assignment under EAP-TTLS authentification. It
works.
Furthermore, when reauth is needed by the Cisco AP (after 300 seconds),
my supplicant NetworkManager under Fedora 9 tells fast
reauthentification.
It probably doesn't send the same
Hi
i use the perl example supplied with freeradius for authenticate my
user.
modules {
perl {
module = /etc/raddb/Test-Auth.pl
func_accounting = accounting
func_authenticate = authenticate
func_authorize = authorize
i use the perl example supplied with freeradius for authenticate my
user.
modules {
perl {
module = /etc/raddb/Test-Auth.pl
func_accounting = accounting
func_authenticate = authenticate
func_authorize = authorize
there is not two different dictionanries, the support juste told you
that the dictionnary they gave is meant to be used with radclient
standalone installations. If you have a whole freeradius server
installled, most of the attributes contained in this file are already
definec elsewhere.
Just
Hi,
I was trying to load the freeswitch dictionary (see attachment) in
freeradius and I am getting the following
error :
Errors reading dictionary: dict_init:
/usr/local/share/freeradius/dictionary.freeswitch[257]: unknown option
Freeswitch
I asked this question to the freeswitch mailing
Thanks for the tip.
At first, it did not work. Then I noticed that the freeswitch guys/gals
had the keyword Freeswitch at the end of each attribute declaration. E.g. :
ATTRIBUTE Freeswitch-Callenddate 23 string
Freeswitch
After I deleted this it worked fine :
Hey all,
My NAS sends only cleat text password and freeRadius seams to expect CHAP
passwors instead...
How can I configure FR to accespt clear text passwords?
Thanks a lot!
PS: My curent default auth-type = system... i tried local but that did not
help :(
-
List info/subscribe/unsubscribe? See
That is the assistance I need - writing the correct regular expression.
http://www.regular-expressions.info/
User-Name =~ ^([...@]+)(@isp.com)?$
Double quotes don't work for me (2.1.3). Single work OK:
DEFAULT User-Name =~ '^([...@]+)(@isp.com)?$'
also, in second statement, it doesn't
My NAS sends only cleat text password and freeRadius seams to expect CHAP
passwors instead...
How can I configure FR to accespt clear text passwords?
Thanks a lot!
PS: My curent default auth-type = system... i tried local but that did not
help :(
There is no need for setting Auth-Type. Remove
ok here is the debug info. Note: there is an SQL error which is not a
problem... thats bug in mysql so it will onlyopen connection from second
request. also when i sue the same combination under radius ping with CHAP
all works good but w/o chap nothing works
rad_recv: Access-Request packet
t...@kalik.net wrote:
I have a Ruckus ZoneDirector 1025 with waps that I just installed.
Testing out different EAP types I can use. I am using FreeRadius 2.1.3.
I have eap-ttls and eap-peapv0 working perfectly (I am using windows to
control the wireless card for peap and it works great). Was
ok here is the debug info. Note: there is an SQL error which is not a
problem... thats bug in mysql so it will onlyopen connection from second
request. also when i sue the same combination under radius ping with CHAP
all works good but w/o chap nothing works
What freeradius version is this? It
Josh Hiner wrote:
t...@kalik.net wrote:
I have a Ruckus ZoneDirector 1025 with waps that I just installed.
Testing out different EAP types I can use. I am using FreeRadius 2.1.3.
I have eap-ttls and eap-peapv0 working perfectly (I am using windows to
control the wireless card for peap and it
I'm using 1.5
(for some reason cold not install 2.x)
Ok let me se if i can enable PAP
On Mon, Jan 26, 2009 at 3:20 PM, t...@kalik.net wrote:
ok here is the debug info. Note: there is an SQL error which is not a
problem... thats bug in mysql so it will onlyopen connection from second
Oh, and to add, the certificate does have this: Client Authentication
purpose is 1.3.6.1.5.5.7.3.2 enabled (verified). Just wanted to clarify
that I did read the FreeRadius Wiki FAQ.
thanks -Josh
Server is happy, supplicant isn't. Enable tracing and read the eapol.log:
ok I removed the line from ysers sating that auth-type=system and that
helped w/ authentication of the user... still have small problem... under
the same conditions I get problem w. accounting stating that my shared
secret is incorrect so accounting record is not accepted ... I dont get it
t...@kalik.net wrote:
Oh, and to add, the certificate does have this: Client Authentication
purpose is 1.3.6.1.5.5.7.3.2 enabled (verified). Just wanted to clarify
that I did read the FreeRadius Wiki FAQ.
thanks -Josh
Server is happy, supplicant isn't. Enable tracing and read the
ok I removed the line from ysers sating that auth-type=system and that
helped w/ authentication of the user... still have small problem... under
the same conditions I get problem w. accounting stating that my shared
secret is incorrect so accounting record is not accepted ... I dont get it
wow hows thats possible? 8)
My nas has 2 ADIUS servers support, both filds are pointing to the same
location w/ same shared secret :(
I will try to reboot NAS and radius, maybe that would help
On Mon, Jan 26, 2009 at 6:39 PM, t...@kalik.net wrote:
ok I removed the line from ysers sating that
wow hows thats possible? 8)
My nas has 2 ADIUS servers support, both filds are pointing to the same
location w/ same shared secret :(
I will try to reboot NAS and radius, maybe that would help
Well, if you have retyped them again (and I mean retype - space in shared
secret can easily be the
Hi,
I'm trying to implement two factor authentication using a CISCO VPN device,
freeRADIUS, and RSA SecurID tokens.
We would like to utilise existing username/password infrastructure by
performing this part of the authentication on the LDAP directories and then the
username/token-code
40 matches
Mail list logo
