I installed freeradius and have noticed that all while other fields are
filled in on the radacct table some are not. Of particular importance to me
is the groupname field. I need this field because I need to know which group
the customer is from so that I charge them accordingly. A person may
-Authenticator = 0x3ced719a5b1cfdb5e3e3c49fa411e309
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module preprocess returns ok for request 6
radius_xlat: '/usr/local/var/log/radius/radacct/10.0.99.1/auth-detail-20090225
Has anyone got such a manifest for solaris 10?
Kind regards
Thomas
-
Thomas Noppe
Dienst Informatiesystemen - SO
thomas.no...@uzleuven.bemailto:thomas.no...@uzleuven.be
+32 16 34 79 87
+32 16 34 78 01
Am 25.02.2009 um 09:59 schrieb 张虓:
[...]
Does it because I'm not configure LDAP? Does PEAP/MSCHAP-V2 must
use with LDAP?
In my database I have already add the testuser User-
Password := test123 in radcheck table but it doesn't work.
Try using Cleartext-Password instead of
rad_recv: Access-Request packet from host 127.0.0.1:54057, id=172, length=59
User-Name = monitor
User-Password =
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
Processing the authorize section of radiusd.conf
modcall: entering group authorize for
File named radius.xml
?xml version=1.0?
!DOCTYPE service_bundle SYSTEM
/usr/share/lib/xml/dtd/service_bundle.dtd.1
service_bundle type='manifest' name='radius'
service
name='system/radius'
type='service'
version='1'
create_default_instance enabled='false' /
I forgot to include svc-radius
#!/bin/sh
. /lib/svc/share/smf_include.sh
#!/bin/sh
#
# radiusd Start the radius daemon.
#
#This program is free software; you can redistribute it and/or
modify
#it under the terms of the GNU General Public License as published
by
#the Free Software
Tnx for the quick answer. In the meantime I figured out my problem.
In 'users' file I commented out:
-
# First setup all accounts to be checked against the UNIX /etc/passwd.
# (Unless a password was already given earlier in this file).
#
#DEFAULTAuth-Type = System
# Fall-Through
I have a wired 802.1x auth setup on cisco gear. I would like to
record the IP address of machines that connect and are authorized. Is
this possible?
I currently see NAS-IP-Address and Client-IP-Address as the IP of the
switch. The Calling-Station-Id is the correct mac address of the
authorized
I am facing strange issue while running radtest from remote IP and
radiusd running on other IP but on the same network.
My Radius server is not listening to any other client except localhost.
I've added all clients entries in clients.conf file.
What could be the issue?
clients.conf file doesn't
Hi,
I'm trying to setup freeradius 2.1.3 as a radius for wifi security. The
setup is as follows :
- AP is running dd-wrt, Wireless Security set Security Mode=radius
- Client (Ubuntu Hardy) is setup using network-manager, connect to the
wireless network using settings : Wireless Security=WPA2
| Herestraat 49 | B - 3000 Leuven |
www.uzleuven.behttp://www.uzleuven.be
-- next part --
An HTML attachment was scrubbed...
URL:
https://lists.freeradius.org/pipermail/freeradius-users/attachments/20090225/9c1e0f0c/attachment.html
--
Message: 2
Date
I installed freeradius and have noticed that all while other fields are
filled in on the radacct table some are not. Of particular importance to me
is the groupname field. I need this field because I need to know which group
the customer is from so that I charge them accordingly. A person may
Thank you very much!
-
Thomas Noppe
Dienst Informatiesystemen - SO
thomas.no...@uzleuven.bemailto:thomas.no...@uzleuven.be
+32 16 34 79 87
+32 16 34 78 01
UZ Leuven | campus Gasthuisberg | Herestraat 49 |
I configured my freeradius 1.1.7 + oracle + cisco 3750 switch to do 802.1x
authentication for wired client. I configured it with EAP/MD5 method and it
works well. Now I want to use peap/mschap-v2 method,but I didn't configure
LDAP in radiusd.conf,and when the server start it report some
I went through a document in the Internet that says EAP does not support
MD5 hashes, only EAP-GTC and PAP does.
Can someone suggest a solution for getting users authenticated through
AP whith their passwords stored in MD5??
You can't use PEAP. Install SecureW2 on all the clients and use EAP
but using LDAP user with auth_type = PAP in gtc section does not work
#==
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/gtc
[eap] processing type gtc
[gtc] +- entering group PAP {...}
I have accounting turned on, but I don't see the authed machines IP on
that of the NAS.
On Wed, Feb 25, 2009 at 8:47 PM, t...@kalik.net wrote:
I have a wired 802.1x auth setup on cisco gear. I would like to
record the IP address of machines that connect and are authorized. Is
this possible?
t...@kalik.net wrote:
but using LDAP user with auth_type = PAP in gtc section does not work
#==
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/gtc
[eap] processing type gtc
[gtc]
I have accounting turned on, but I don't see the authed machines IP on
that of the NAS.
Post the debug of accounting packet. Start might not but stop should have
it.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Paul Dealy wrote:
I have accounting turned on, but I don't see the authed machines IP on
that of the NAS.
This is an advanced vendor specific feature. The switch will need to be
running some form of DHCP snooping, or layer 3 header inspection.
I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm pretty sure PEAPv0 does not support GTC as an inner method, and
FreeRADIUS does not support PEAPv1.
Use EAP-TTLS with a GTC/PAP inner.
Thanks,
Arran
t...@kalik.net wrote:
but using LDAP user with auth_type = PAP in gtc section does not work
Here's a complete debug log from radius startup tested with wifi client,
same user and password, same config files. Somehow in this config LDAP
never got to bind as my user.
http://pastebin.com/f37aaf2b2
Ah, bind as user works only for pap requests not eap. This is
documented in ldap module
Hi all,
I'm trying to comunicate Freeradius with an external entity (A).
Freeradius sends some information to A, which is processed by A, and A
requires contact Freeradius to obtain some attributes from a certain user.
-
Hello all!!
I facing this problem with my Freeradius 2.1.3, and I don't know how to solve
it :(
My NAS is sending only accounting registers to my freeradius server. My
freeradius server, is configured to store these registers into a MySQL server.
I have configured max_request_time = 120, in
On Wed, Feb 25, 2009 at 9:58 AM, Fernando fber...@um.es wrote:
Hi all,
I'm trying to comunicate Freeradius with an external entity (A). Freeradius
sends some information to A, which is processed by A, and A requires contact
Freeradius to obtain some attributes from a certain user.
Luciano Afranllie wrote:
On Wed, Feb 25, 2009 at 9:58 AM, Fernando fber...@um.es wrote:
Hi all,
I'm trying to comunicate Freeradius with an external entity (A). Freeradius
sends some information to A, which is processed by A, and A requires contact
Freeradius to obtain some attributes from
Solved. No debug mode
Luciano Afranllie wrote:
On Wed, Feb 25, 2009 at 9:58 AM, Fernando fber...@um.es wrote:
Hi all,
I'm trying to comunicate Freeradius with an external entity (A). Freeradius
sends some information to A, which is processed by A, and A requires contact
Freeradius to
I facing this problem with my Freeradius 2.1.3, and I don't know how to solve
it :(
My NAS is sending only accounting registers to my freeradius server. My
freeradius server, is configured to store these registers into a MySQL server.
I have configured max_request_time = 120, in the case of MySQL
-users/attachments/20090225/9c1e0f0c/attachment.html
--
Message: 2
Date: Wed, 25 Feb 2009 10:28:57 +0100
From: Nicolas Goutte nicolas.gou...@extragroup.de
Subject: Re: does peap/mschap-v2 must use with ldap?
To: FreeRadius users mailing list
freeradius
Thx Ivan,
and do you know if the accouting registers is lost? or another child retries
the insert into the database?
thx
Regards
On Miércoles 25 Febrero 2009 14:09:44 t...@kalik.net wrote:
I facing this problem with my Freeradius 2.1.3, and I don't know how to
solve it :(
My NAS is
I tried editing the dialup.conf and added groupname with a value of
'%{SQL-Group}' but still it writes nothing for the groupname in the radacct
table. Can you help me as to how exactly I have to edit the dialup.conf ?
That is fine, only the attribute is wrong. ASFAIK Class is the only
attribute
Hi all,
I have a little problem with freeradius. And i can't find any solution for it..
We have logged failed login attempt following statement: (Its taken
from Freeradius Wiki)
Post-Auth-Type REJECT {
# Login failed: log to SQL database.
sql
}
However when we use rlm_sqlcounter
and do you know if the accouting registers is lost? or another child retries
the insert into the database?
They usually are - there are no handles to write to the database as the
whole server gets blocked. I haven't seen tha case where single handle
would dia and the rest of them would continue
In My case, that it's not necesary, you can comment out that lines; and
probe with 'freeradius -X'
On Wed, Feb 25, 2009 at 9:51 AM, Devrim Seral dse...@gmail.com wrote:
Hi all,
I have a little problem with freeradius. And i can't find any solution for
it..
We have logged failed login attempt
Vegard Svanberg wrote:
I'm using Freeradius with a Postgresql backend. Every two or three days,
Freeradius dies. These are the last lines from the log file:
Tue Feb 24 21:15:31 2009 : Auth: Login OK: [] (from client port 3
cli )
Tue Feb 24 21:16:34 2009 : Auth: Login OK:
Chris Howley wrote:
I encountered the following problem when the server received an
Access-Challenge packet
from a proxy server. Any help in fixing this problem would be appreciated.
See doc/bugs for giving additional information, such as the rest of
the back trace.
Also, a lot more of
I have a little problem with freeradius. And i can't find any solution for it..
We have logged failed login attempt following statement: (Its taken
from Freeradius Wiki)
Post-Auth-Type REJECT {
# Login failed: log to SQL database.
sql
}
However when we use rlm_sqlcounter this
* Paul Dealy pde...@gmail.com [Wed, 25 Feb 2009 21:42:37 +1100]:
I have accounting turned on, but I don't see the authed machines IP on
that of the NAS.
Use DHCP Snooping[1] and then yank the DHCP servers logs. If you want
them in the SQL table, you should add them afterwards. You need to
Thanks, i've got it working. Does it work by comparing the generated hash with
the hash in the ldap backend?
t...@kalik.net 23/02/2009 9:02 pm
Does freeradius support SHA hashed passwords (on ldap backend)?
Yes. This is documented in doc/rlm_ldap included with the server.
Ivan Kalik
Kalik
On Wed, Feb 25, 2009 at 6:31 PM, t...@kalik.net wrote:
documented in ldap module configuration file. Enable ldap in authorize
in inner-tunnel virtual server in order to have password available.
Great! It works perfectly.
Other than enabling ldap in authorize and authenticate in
inner-tunnel, I
41 matches
Mail list logo
