hello list
can someone give me a step by step manual to configure freeradius with web
interface
--
^^^|
|Linux band wagon|;...,___
|__===|___|__|...,]
"(@)'(@)*|(@)(@ )(@)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello ,some body know if exist a software platform for simulation of the radius
out of an production envairoment.
I configure radius in my first upon with pgsql an "freeradius -X" give me
freeradius listen 1813 1815 1817 ports for auth pass an proxy and waiting
request
seemingly ok.
But i need to
On Sat, Aug 29, 2009 at 7:11 AM, Peter Lambrechtsen wrote:
> On Fri, Aug 28, 2009 at 10:38 PM, Ivan Kalik wrote:
>
>> > I am trying to have a granular based reply items depending on the NAS
>> they
>> > connected to all driven using attributes in LDAP without needing to use
>> > realms.
>> >
>>
On Fri, Aug 28, 2009 at 10:38 PM, Ivan Kalik wrote:
> > I am trying to have a granular based reply items depending on the NAS
> they
> > connected to all driven using attributes in LDAP without needing to use
> > realms.
> >
> > IE User A passes just User&Password to NAS A. and gets reply attr
>
On 28/08/2009, at 10:38 PM, "Ivan Kalik" wrote:
I am trying to have a granular based reply items depending on the
NAS they
connected to all driven using attributes in LDAP without needing to
use
realms.
IE User A passes just User&Password to NAS A. and gets reply attr
"Service-Type=admin",
Apologies I omitted that our freeradius is Version 2.0.4
Gary Prosser
-
IT Manager
Trinity College, Bristol (http://www.trinity-bris.ac.uk)
To ensure you receive email from Trinity College into your inbox, please add
@trinity-bris.ac.uk to your email safe list (also known as whitelist).
-
Li
We have freeradius running successfully with 3 ldap instances (one for
each of 3 different sets of user credentials, two of which are active
directory).
We want to provide to the calling nas in the Access-Accept reply some
identifier of the ldap instance that authorizes a user. I have not been
abl
Hi I am using Version 2.1.1 with openldap on Centos 5
I wonder if is feasible dumping to logs when user gets login incorrect
if due to non-existance of that uid on Ldap.
Thanks in advance!
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
List
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 28/08/2009 16:50, Steven Sprague wrote:
> Thanks Alan,
>
> WPA Enterprise with AES, I will do some more reading to understand the
> benefits of AES.
TKIP is semi-broken, in that you can do ARP poisoning attacks without needing
the PMK.
Were mand
Thanks Alan,
WPA Enterprise with AES, I will do some more reading to understand the
benefits of AES.
As for the older laptop - I choose this unit because if represents
the oldest of technologies that will be accessing the network. This IBM
Thinkpad uses a Cisco (Calexico) internal wireless card u
Ivan,
Based on your advice I need to set myself up as a user and start testing
from my workstation.
Since it seems I am missing the docs supplied in source (used packaged
file) can you give me some guidance on minimum setting.
1. RADIUS server Shared Secret
Where is the best place to set my RAD
Hi,
> Now I am facing a dilemma - deciding what WEP protocol to use based on
> my test setup. After reading the 'sites' and 'modules' files it seems
> that "some" WEP or EAP protocols are weaker than others, some not
> suggested for use.
dont use WEP. ever.
> Router can provide - WEP 40/128 sha
> Now I am facing a dilemma - deciding what WEP protocol to use based on
> my test setup. After reading the 'sites' and 'modules' files it seems
> that "some" WEP or EAP protocols are weaker than others, some not
> suggested for use.
>
> Here's what my test router and machines can handle.
>
> Rout
Ivan,
Thanks for the url link to the missing documentation. Very helpful.
Ldap is not going to work for EAP.
Now I am facing a dilemma - deciding what WEP protocol to use based on
my test setup. After reading the 'sites' and 'modules' files it seems
that "some" WEP or EAP protocols are weaker t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> There does seem to be a problem, the %control:Packet-Type does not seem
> to expand to a value.
>
> rad_recv: Access-Accept packet from host 118.67.xxx.xxx port 1812,
> id=10, length=25
> Proxy-State = 0x313534
> +- entering group post-proxy {.
Ivan Kalik wrote:
>> How would I match for the packet type ie 'Access-Accept' in unlang
>>
>
> Answers to questions like this can be found examining
> dictionary.freeradius.internal. These attributes are mostly on control
> list. So it should be:
>
> if(control:Packet-Type == "Access-Accept) {
On Fri, 2009-08-28 at 11:51 +0100, Ivan Kalik wrote:
> > On Fri, 2009-08-28 at 11:26 +0100, Ivan Kalik wrote:
> 1. You are using 1.x queries in a 2.x server. Fix that.
> 2. That user was found as system user as well and unix module is enabled.
> You likely have different password in /etc/passwd.
El vie, 28-08-2009 a las 11:53 +0100, Ivan Kalik escribió:
> > Is this posible?
> > I need use a auto signed CA and certificate from FNMT (external agency)
> > How can it be do?
>
> Multiple eap instances - one for each certificate chain.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info
> Is this posible?
> I need use a auto signed CA and certificate from FNMT (external agency)
> How can it be do?
Multiple eap instances - one for each certificate chain.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> I am trying to have a granular based reply items depending on the NAS they
> connected to all driven using attributes in LDAP without needing to use
> realms.
>
> IE User A passes just User&Password to NAS A. and gets reply attr
> "Service-Type=admin", and the admin comes from an LDAP Attribute "
On Fri, 2009-08-28 at 11:26 +0100, Ivan Kalik wrote:
>
> Remove forcing of Auth-Type Local. Let the server set the auth type.
That resulted in a different error message:
++[sql] returns ok
++[pap] returns updated
rad_check_password: Found Auth-Type
auth: type "PAP"
+- entering group PA
Hi,
If two vmps requests are sent in close succession (within cleanup_delay), with
the same source port, from the same switch (which does in fact seem to be
common, as the cisco switch I'm using for testing sends *all* requests with a
source port picked on startup), they are detected as identical b
> I've been using FreeRadius for quite some time now, but after a recent
> update (to 2.0.4, debian lenny variant) all users in a certain group
> have stopped authenticating properly, with the above error -- even
> though as far as I can tell the password transmitted (and logged) is
> identical to
Thank in advance.
Is this posible?
I need use a auto signed CA and certificate from FNMT (external agency)
How can it be do?
and sorry for my poor english.
--
Por favor, NO utilice formatos de archivo propietarios para el
intercambio de documentos, como DOC y XLS, sino HTML, RTF, TXT,
CSV o c
Hello,
I've been using FreeRadius for quite some time now, but after a recent
update (to 2.0.4, debian lenny variant) all users in a certain group
have stopped authenticating properly, with the above error -- even
though as far as I can tell the password transmitted (and logged) is
identical to th
I am trying to have a granular based reply items depending on the NAS they
connected to all driven using attributes in LDAP without needing to use
realms.
IE User A passes just User&Password to NAS A. and gets reply attr
"Service-Type=admin", and the admin comes from an LDAP Attribute "nasA"
attri
> My freeradius version is 2.1.1. When I config eap-tls with crl and one
> level root certificate,it's work normally. But when the ca is two level,
> the
> root ca is for signing the second level CA certificate , and the second
> level CA is for signing user certificates and crls.It's mean the r
Thanks. It's working fine.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> How would I match for the packet type ie 'Access-Accept' in unlang
Answers to questions like this can be found examining
dictionary.freeradius.internal. These attributes are mostly on control
list. So it should be:
if(control:Packet-Type == "Access-Accept) {
...
Ivan Kalik
Kalik Informatika IS
>SQL-Group == "" is equivalent to that.
>> "%{sql AND so on...
>You can do:
>if(statement && another statement || other statement) {
>...
>Ivan Kalik
>Kalik Informatika ISP
This is Awesome! Thanks for taking the time to answer my obvious questions.
/Mika
--
View this message in conte
> I installed freeradius with detail, buffered-sql active. How to monitor
> the
> buffered-sql module. If it stops or sleeps for very long time responding
> to
> mysql db.?
> I saw all of a sudden buffered-sql not pushing packets to mysql db
> yesterday. After restarting radius process it started p
>
>> You have to enforce reject:
>
>> if(SQL-Group == "vpnuser") {
>> ok
>> }
>> else {
>> reject
>> }
>
>> Ivan Kalik
>> Kalik Informatika ISP
> Alright. that makes sense.
> But can the if(xxx) contain several sql-queries to the database?
> The username and groupname from radusergroup and
> You have to enforce reject:
> if(SQL-Group == "vpnuser") {
> ok
> }
> else {
> reject
> }
> Ivan Kalik
> Kalik Informatika ISP
Alright. that makes sense.
But can the if(xxx) contain several sql-queries to the database?
The username and groupname from radusergroup and groupname
33 matches
Mail list logo
