Hi,
> Is there a way to have different PSK's for every MAC? I bed, it is
> not a job for radius and maybe a complete wrong concept?
>
Your bet is correct: WPAx-PSK does not consult a RADIUS server at all.
One PSK is for the whole SSID, there is not usually a PSK-per-user. So
how did you do tha
ok i found this
http://freeradius.org/radiusd/doc/ldap_howto.txt
i guess to have many stuff to read and try my problem any way i can read more
solutions to can make my trouble in fast way and short time.
Regards again.
Tony
Tony P. escribió:
> hi, i have freeradius server over Debian Etch vers
hi, i have freeradius server over Debian Etch version
FreeRADIUS Version 1.1.3 and making Accounting with MySQL radius DB.
I want to make new form to authenticate my users to not have 2 password
databases separated... so.. need auth ldap and account into mysql..
I test to make authorization + au
With freeradius 2.1.6, I have a configuration such as this in my
radiusd.conf file:
user = radiusd
group = radiusd
When I start up radiusd for the first time, the radius.log file gets
created with 0640 permissions, owned by root:radiusd, instead of
radiusd:radiusd. This doesn't prevent the R
Yes, it does, but something isnt working, he is just not checking the
client certificate
On 07/15/2009, Ivan Kalik wrote:
>> Hi all, I need help once again. I want TTLS to require client cert. I put
>> EAP-TLS-Require-client-cert = YES in ttls { part of eap.conf but it's not
>> working. What I a
Hi John thanks for taking the time to reply,
>
> Ask the question "Who are you authenticating?" or "What has permission to
> use the network?" Am I trying to restrict access to a specific set of users
> or am I trying to restrict access to a specific set of machines? If it's the
> later does that
On 07/15/2009 01:08 PM, john wrote:
So are the following correct?:
(1) I can create a single cert for a computer and distribute it to all
users who may use that computer
(2) I can create a cert for every user and distribute it to every
computer that a user logs into.
(3) I cannot create a gen
>
>> (3) I cannot create a generic "computer cert" that authenticates the
>> computer and opens the port?
>
> Yes, you can. But as soon as some user logs onto that computer ...
>
> Ivan Kalik
> Kalik Informatika ISP
Thanks for the reply Ivan. I am fine with folks logging in and having
access from
> Hi all, I need help once again. I want TTLS to require client cert. I put
> EAP-TLS-Require-client-cert = YES in ttls { part of eap.conf but it's not
> working. What I am doing wrong here?
What isn't working? Freeradius can request a certificate - does your
supplicant support that?
-
List info/
> So are the following correct?:
>
> (1) I can create a single cert for a computer and distribute it to all
> users who may use that computer
You can give same user certificate to any user using the computer - you
can place it on the desktop with installatioon instructions. But don't you
hear a vo
On Wed, Jul 15, 2009 at 1:52 AM, Ivan Kalik wrote:
>> Can I create a client cert for a computer so that any user that logs
>> in may use it automatically under Windows XP? I have successfully
>> created a client.p12 with the FQDN of the workstation I am using,
>> installed it and been authenticated
Don't worry, the issue is fixed. A vrf congiguration was missing.
From: Issa Nkusi Karera [MTN Rwanda - MTN Centre]
Sent: Wednesday, July 15, 2009 6:10 PM
To: freeradius-users@lists.freeradius.org
Subject: error 734
Hello folks,
Below is log message after an attempt to authenticate.
Wed
On Среда 15 июля 2009 18:33:11 Alexander Kubatkin wrote:
> On Среда 15 июля 2009 14:07:18 Alan DeKok wrote:
> > Alexander Kubatkin wrote:
> > > On Понедельник 13 июля 2009 11:53:23 Alan DeKok wrote:
> > >> Alexander Kubatkin wrote:
> > >>> when it(fix) come to us?
> > >>>
> > If you want the
Hi,...
i'm pretty new to radiusd, so this may be a dump question. :-)
Is it possible to use something like MAC-based WPA2-PSK's to-
gether with radiusd?
I have used a single "hostapd" installation as AP, configured
with unique WPA2-PSK's for each MAC-Addr that should have access.
(which prevents
Hello folks,
Below is log message after an attempt to authenticate.
Wed Jul 15 16:31:31 2009 : Auth: Login OK: [t...@wimax.mtnonline.rw]
(from client XX-bras-1 port 0)
It is bring error 734 on a windows machine. Therefore, the user cannot
be connected.
Thanks in advance for you advise.
Ivan Kalik wrote:
>
>> Here is my all debug.
>
> Enable ldap in inner-tunnel virtual server as well.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
Thanks for your help Ivan.
Now everything looks fine.
Hi all, I need help once again. I want TTLS to require client cert. I put
EAP-TLS-Require-client-cert = YES in ttls { part of eap.conf but it's not
working. What I am doing wrong here?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I am using freeradius 2.1.6 with mysql backend, user's password are stored
in database in SHA256 format , question is: does freeradius support this
type of encryption?. I know it support SHA-1 and SSHA but it's not what I
want.
Thank you
-
List info/subscribe/unsubscribe? See http://www.freeradius
> Here is my all debug.
Enable ldap in inner-tunnel virtual server as well.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ivan Kalik wrote:
>
>
>> You have deleted the interesting part of the debug.
>
>>Ivan Kalik
>>Kalik Informatika ISP
>
>
Sorry
Here is my all debug.
Ready to process requests.
rad_recv: Access-Request packet from host 10.14.56.33 port 32768, id=2,
length=163
User-Name = "user"
On Среда 15 июля 2009 14:07:18 Alan DeKok wrote:
> Alexander Kubatkin wrote:
> > On Понедельник 13 июля 2009 11:53:23 Alan DeKok wrote:
> >> Alexander Kubatkin wrote:
> >>> when it(fix) come to us?
> >>>
> If you want the latest version, use git.
> >>>
> >>> last changes 4 days ago
> >>
> >>
>Hope you are referring to
> realm freescale.com {
>type= radius
>authhost= LOCAL
>accthost= LOCAL
>
> present in the radiusd.conf file. removed it. Restarted the freeradius
> server.
>
> The user file contains
> na...@freescale.c
Hi,
Hope you are referring to
realm freescale.com {
type= radius
authhost= LOCAL
accthost= LOCAL
present in the radiusd.conf file. removed it. Restarted the freeradius server.
The user file contains
na...@freescale.com Cleartext-Passwo
> but when i try from mi XP client the debug show this:
You have deleted the interesting part of the debug.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Stefan Winter wrote:
> This new SUBDIRS shouldn't do harm either way. Any chance to push this
> into 2.1.7?
Done.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> OK how about this. Edit "Makefile". Change:
>
> SUBDIRS = $(LTDL_SUBDIRS) src raddb scripts doc
>
> to
>
> SUBDIRS = $(LTDL_SUBDIRS) $(wildcard src raddb scripts doc)
>
>
> Then configure;rm -rf raddb;make;make install
>
Cute, works.
I don't like
On 07/15/2009 09:55 AM, shiva shankar wrote:
hi all,
i am facing bleow problem while make
gmake[10]: Nothing to be done for `all'.
Well you don't say what you're problem is. Is it because make says
everything is already done? Well that's probably true if you've already
done a build. Note, if
shiva shankar wrote:
> i thought configure has a no.of warnings that's why make giveing problem
They are different programs...
And the output of "make" showed no errors.
Why do you think there are errors?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
Hi.
I've been trying to setup freeradius with LDAP + TTLS PAP.
I use the default radius, eap users files configuration, I configure my
modules/ldap file to connect to my ldap, sites-avilable/default file to
authorize ldap, and ldap.attrmap to check Cleartext-Password against
userPassword.
Every
>I am new to radius . hence kindly excuse if my terminologies
> are different from what is expected.
>
> I am using Freeradius Version 1.1.7.
> Is it possible to reject when a request comes from the NAS server
> with a user logging in without a realm as suffix?
>
> For example, if the FreeRadiu
i thought configure has a no.of warnings that's why make giveing problem
2009/7/15 Alan DeKok
> shiva shankar wrote:
> > hi aland
> >
> > is is giveing problem while doing >make.
>
> So you posted the output of "configure", and not "make".
>
> Hmm...
>
> Alan DeKok.
> -
> List info/subscribe
Hi,
I am new to radius . hence kindly excuse if my terminologies
are different from what is expected.
I am using Freeradius Version 1.1.7.
Is it possible to reject when a request comes from the NAS server
with a user logging in without a realm as suffix?
For example, if the FreeRadius server r
shiva shankar wrote:
> hi aland
>
> is is giveing problem while doing >make.
So you posted the output of "configure", and not "make".
Hmm...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
plz find
gmake[10]: Nothing to be done for `all'.
gmake[10]: Leaving directory
`/opt/packages/freeradius-server-2.1.6/src/modules/rlm_sql/drivers/rlm_sql_unixodbc'
gmake[9]: Leaving directory
`/opt/packages/freeradius-server-2.1.6/src/modules/rlm_sql/drivers'
gmake[8]: Leaving directory
`/opt/pack
hi all,
i am facing bleow problem while make
gmake[10]: Nothing to be done for `all'.
gmake[10]: Leaving directory
`/opt/packages/freeradius-server-2.1.6/src/modules/rlm_sql/drivers/rlm_sql_unixodbc'
gmake[9]: Leaving directory
`/opt/packages/freeradius-server-2.1.6/src/modules/rlm_sql/driver
Am 15.07.2009 um 15:45 schrieb shiva shankar:
hi aland
is is giveing problem while doing >make.
Then please post the relevant lines of the bottom of the output of make.
regard's
shiva shankar
Have a nice day!
2009/7/15 Alan DeKok
shivashankar wrote:
> when i am isntalling freeradi
On 07/15/2009 09:20 AM, shivashankar wrote:
hi all,
this is shiva shankar.
when i am isntalling freeradius-server-2.1.6 on solaris10. it is showing
some warnings.
plz help me out how to remove those warining
miboss3:root$./configure>log.txt
configure: WARNING: snmpget not found - Simultaneous
> when i am isntalling freeradius-server-2.1.6 on solaris10. it is showing
> some warnings.
>
> plz help me out how to remove those warining
Why? Do you need any of mentioned modules. openSSL is probably important.
Do you have development headers for it installed?
Ivan Kalik
Kalik Informatika ISP
hi aland
is is giveing problem while doing >make.
regard's
shiva shankar
2009/7/15 Alan DeKok
> shivashankar wrote:
> > when i am isntalling freeradius-server-2.1.6 on solaris10. it is showing
> > some warnings.
> >
> > plz help me out how to remove those warining
>
> You don't. They are WA
shivashankar wrote:
> when i am isntalling freeradius-server-2.1.6 on solaris10. it is showing
> some warnings.
>
> plz help me out how to remove those warining
You don't. They are WARNINGS, not ERRORS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.
Stefan Winter wrote:
> Not really...
>
> gmake[2]: Leaving directory
> `/home/swinter/packages/linux/freeradius-server-2.1.6/src'
> Making install in raddb...
> gmake: Entering an unknown directory
OK how about this. Edit "Makefile". Change:
SUBDIRS = $(LTDL_SUBDIRS) src raddb sc
hi all,
this is shiva shankar.
when i am isntalling freeradius-server-2.1.6 on solaris10. it is showing
some warnings.
plz help me out how to remove those warining
miboss3:root$./configure >log.txt
configure: WARNING: snmpget not found - Simultaneous-Use and checkrad.pl may
not work
configure:
> The valuable information that I have is that it is restricted in
> radius.log
> Auth: Multiple logins (max 1) [MPP attempt]: [login @ realm.
>
> If it were possible to write the message "Multiple logins" in Database
> would
> be perfect, I suggested that the Kalik.
That would require (small) sou
Hi,
> $ rm -rf ./raddb
> $ make install
>
> ? Might work...
>
Not really...
gmake[2]: Leaving directory
`/home/swinter/packages/linux/freeradius-server-2.1.6/src'
Making install in raddb...
gmake: Entering an unknown directory
gmake: *** raddb: Datei oder Verzeichnis nicht gefunden. Schlu
Thanks Kalik, think about this possibility.
Alan,
I use control simultaneous use using SQL, working perfectly. Why do I need
to provide an Web interface to the Help Desk, to report the reason for which
the user is not connected, and a generic message "Access-Reject" no
difference if the error duri
Alexander Kubatkin wrote:
> On Понедельник 13 июля 2009 11:53:23 Alan DeKok wrote:
>> Alexander Kubatkin wrote:
>>> when it(fix) come to us?
>>>
If you want the latest version, use git.
>>> last changes 4 days ago
>> Did you download the version using git, as I said? The fix was
>> availa
Santosh wrote:
> Error: WARNING: Unresponsive child for request 282, in module main_pool1
> component post-auth
That message comes out after the request has been blocked for ~30
seconds. If that's happening, you have a MAJOR problem that is
unrelated to performance.
i.e. the database is on a
Daniel Aparecido Martins Rosa wrote:
> Hi All!
> I need to register in a database when occurs simultaneous use. Currently
> I stored by postauth_query through the variable '% (reply:
> Packet-Type)', but the message is generic, ranging from Access-Reject or
> Access-Accept.
Why? Why not just us
Ila Palanisamy wrote:
> Can someone help me in defining new string Attribute in freeradius.
Edit the dictionaries that the server is using.
> I have added a new attribute Foundry-INM-Role-AOR-List as string in
> dictionary and I’m trying to set this attribute for a user. With the
> below config
Ila Palanisamy wrote:
> Hi Ivan,
>
> Our dictionary is already existing, it is called dictionary.foundry. We
> need update in this file.
>
> Here is the new list
Which you pasted as text... and your mailer helpfully reformatted so
that it is nearly useless.
Please add it as an attachment so
Leighton Man wrote:
> Hi,
> I tar the entire raddb directory (from the level above), reinstall, and untar
> the original config over the top of the new one. That way I can keep multiple
> configs whilst experimenting and switch between them.
>
Just move the raddb directory to /etc/raddb and ch
> Can I create a client cert for a computer so that any user that logs
> in may use it automatically under Windows XP? I have successfully
> created a client.p12 with the FQDN of the workstation I am using,
> installed it and been authenticated by Freeradius. However when I log
> in to the computer
> IN users
>
> chenyongle Cleartext-Password := "123456"
> --
> debug information as following:
...
> ++[files] returns noop
...
Check if users file you are changing *is* the one server is using. Look at
list of included files a
Hi,
I tar the entire raddb directory (from the level above), reinstall, and untar
the original config over the top of the new one. That way I can keep multiple
configs whilst experimenting and switch between them.
Regards,
Leighton
> -Original Message-
> From:
> freeradius-users-bounces+
Am 15.07.2009 um 09:53 schrieb Stefan Winter:
Hi,
I do not know how to do it at compile time but you can do it at
runtime by specifing -d your_directory to radiusd.
So perhaps a make install will install many configuration files but
not where *your* configuration is.
Yes, I considered poin
Stefan Winter wrote:
> I wonder if there's a way to install FreeRADIUS, but *not* have it
> install config files in its raddb dir.
$ rm -rf ./raddb
$ make install
? Might work...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> I do not know how to do it at compile time but you can do it at
> runtime by specifing -d your_directory to radiusd.
>
> So perhaps a make install will install many configuration files but
> not where *your* configuration is.
Yes, I considered pointing --with-raddb-dir=/tmp/trash or so. But
We are receiving your messages. You do not need to post them multiple
times. (Posting to a mailing list is never immediate.)
(See also the archives: http://lists.freeradius.org/pipermail/freeradius-users/2009-July/date.html
)
Have a nice day!
Am 15.07.2009 um 09:40 schrieb youler:
My ru
Am 15.07.2009 um 08:16 schrieb Stefan Winter:
Hello,
I wonder if there's a way to install FreeRADIUS, but *not* have it
install config files in its raddb dir.
The reason being that if you have a previous version and a
well-shepherded config directory with only exactly the needed files, a
"mak
My running environment is freeraius-2.1.3,The authentication type is EAP/MD5.
It's running not well with individual 'user' file.I can't find the problem.
My mainly configuration file as follow:
IN sites-enabled/default
--
authorize {
eap {
ok = return
}
file
60 matches
Mail list logo
