Hello,
I am having trouble while trying to work with huntgroups. Maybe I
misunderstand the way how huntgroups works.
I read another post about this issue, but I don't really understand
why force the huntgroup name in confs.
I have inserted two NAS' into radhuntgroup, as follow:
mysql> select * f
Neville wrote:
It's not as simple as your making it. Also, I am using %{NAS-Port} and
not %{Calling-Station-Id} due to the Lack of Calling-Station-Id.
Why didn't you say that in the first message? Giving out *part* of
the information is annoying.
I Understand, but I was trying to make the
Hi
I have 3 ldap instances (one for each of staff, student, faculty users
on different hosts). In authorise section I want FR to call eg ldap2
only if ldap1 returns fail or notfound.
How can I refer to an instance of the ldap module within a conditional
statement?
authorise {
preprocess
Hi Alan!
I use Debian 5.0 Lenny and version of OpenSSL is 0.9.8.g.
--
Best regards
Pawel Pogorzelski
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Alan!
I use Debian 5.0 Lenny and version of OpenSSL is 0.9.8.g.
--
Best regards
Pawel Pogorzelski
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> I am mounting a platform of authentication with freeradius. I have
> formed freeradius in order that it works with Active Directory. Also I
> have mounted an openLDAP service, where I realize authentication without
> 802.1x support. There is some way of forming freeradius+openldap+802.1x
> as if
> Alan Buxey wrote:
>>> Hmmm... maybe over-writing it with spaces would work... or something
>>> else might go wrong.
>>
>> or reverse it when making the .work copy and read from the end of the
>> file
>
> That's hard... the detail.work file is created via a "rename", which
> is nearly zero
Neville wrote:
> It's not as simple as your making it. Also, I am using %{NAS-Port} and
> not %{Calling-Station-Id} due to the Lack of Calling-Station-Id.
Why didn't you say that in the first message? Giving out *part* of
the information is annoying.
> pool-key = "%{NAS-Port}"
> # pool-key =
Alan Buxey wrote:
>> Hmmm... maybe over-writing it with spaces would work... or something
>> else might go wrong.
>
> or reverse it when making the .work copy and read from the end of the file
That's hard... the detail.work file is created via a "rename", which
is nearly zero cost.
Ala
Hi,
> File *truncation* is supported in POSIX. But truncating from the
> start of the file isn't in POSIX.
ah yes. been a while.
> Hmmm... maybe over-writing it with spaces would work... or something
> else might go wrong.
or reverse it when making the .work copy and read from the end of
Hi,
> Success. After switching from PEAPv1 to v0.
>
> See this one error below
> - OpenSSL: tls_connection_handshake - Failed to read possible
> Application Data error::lib(0):func(0):reason(0)
I think you can ignore that one - OpenSSL API doing something or FreeRADIUS
doing something t
Alan,
Success. After switching from PEAPv1 to v0.
See this one error below
- OpenSSL: tls_connection_handshake - Failed to read possible
Application Data error::lib(0):func(0):reason(0)
Results:
Authentication with 00:00:00:00:00:00 timed out.
Trying to associate with 00:1b:11:62:ba:5
Neville wrote:
I've facing a problem since rebuild, where every user is being allocated
the same IP from the sqlippool, and I'm not sure why this is happening.
...
pppd does not pass back Client-IP-Address or Client-Station-Id
"Calling-Station-Id".
table structure for radipool is
Yes.
Hi
I am mounting a platform of authentication with freeradius. I have
formed freeradius in order that it works with Active Directory. Also I
have mounted an openLDAP service, where I realize authentication without
802.1x support. There is some way of forming freeradius+openldap+802.1x
as if i
Alan Buxey wrote:
>> It would need to (somehow) mark each record in the detail file as
>> "handled". Ideally, without breaking the existing format, OR using any
>> extra bytes on the disk.
>
> can it not throw away the data from the detail.work as it completes it?
Er... how? It's a text fi
Hi,
> Anonymous Identity: blank
> CA Certificate: ca.pem [copied from the servers cert directory]
> PEAP Version: Version 1
nope. PEAPv0 (version 0) only - PEAPv1 is a very special thing.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__ Information from ESET Smart Security, version of virus signature
database 4386 (20090901) __
The message was checked by ESET Smart Security.
http://www.eset.com
__ Information from ESET Smart Security, version of virus signature
database 4386 (20090901)
Hi,
> It would need to (somehow) mark each record in the detail file as
> "handled". Ideally, without breaking the existing format, OR using any
> extra bytes on the disk.
can it not throw away the data from the detail.work as it completes it?
alan
-
List info/subscribe/unsubscribe? See http
Alan,
In the users file I simply put
steven Cleartext-Password := "glider"
My client (redhat workstation) side the settings are:
Security: WPA2 & WPA2 Enterprise (only choice for Enterprise)
Authentication: Protected EAP (PEAP)
Anonymous Identity: blank
CA Certificate: ca.pem [copied from t
>> I have configured three virtual servers: "default", "inner" (uses
>> eap-ttls), "inner-peap" (uses eap-peap). I guess that "out of tunnel"
>> attempts go to "default server" log files.
>>
>> cron performs a daily task that more or less perform something like
>> that:
>>
>
> Please I beg you tha
> ++? if (Cleartext-Password =~ /ethernet ([1-9a-ZA-Z:]*)/i )
> (Attribute Cleartext-Password was not found)
> rlm_chap: login attempt by "00:11:XX:XX:XX:XX" with CHAP password
> rlm_chap: Using clear text password "ethernet 00:11:XX:XX:XX:XX" for user
> 00:11:XX:XX:XX:XX authentication.
> rlm_chap
Hi there
I'm trying to configure my Freeradius (v 1.272) to work with an LDAP server
(for a mac-based authentication). Unfortunately, switchs of the LAN send only
Access-request to the RADIUS with a CHAP password, so I have to choose CHAP
authentication.
I get the mac address from the LDAP and
2009/8/31 Sergio Belkin :
> Hi,
>
> I have configured three virtual servers: "default", "inner" (uses
> eap-ttls), "inner-peap" (uses eap-peap). I guess that "out of tunnel"
> attempts go to "default server" log files.
>
> cron performs a daily task that more or less perform something like that:
>
Hello all,
I'm trying to get Radius to work with encrypted passwords in the MySQL database.
My setup :
FreeRADIUS 2.1.0 + MySQL + Dialup Admin installed via Ubuntu 9.04's
official packages
I posted my full config files here (please tell me if you need more info) :
http://pastebin.com/f529d2cce
I
Paweł Pogorzelski wrote:
...
> [peap] Success
> [peap] FAIL: Forcibly stopping session resumption as it is not allowed.
> [eap] Freeing handler
Arg. FreeRADIUS tells OpenSSL to *not* allow session resumption, and
it still negotiates session resumption.
Which OS are you using? Which version
Alan Buxey wrote:
> as it currently stands, if you quit then it'll start reading
> the detail.work from the very beginning - there is no tail/stripping or
> checkpointing of the file. it'd be good for such feature to be added
> at some point (i dont have time to dig/fix it)
It would need to (so
> I calculated it correctly in dialup.conf file and restarted radius process
> and it looks like it's not catching up from the point before restart.
> Instead of that it's reading full detail.work file? why is like that?
> Any bug in my code?
No, that's what it's supposed to do - finish detail.wor
Hi,
> Thanks Ivan for quick responses.
> I calculated it correctly in dialup.conf file and restarted radius process
> and it looks like it's not catching up from the point before restart.
> Instead of that it's reading full detail.work file? why is like that?
> Any bug in my code?
as it currently
Thanks Ivan for quick responses.
I calculated it correctly in dialup.conf file and restarted radius process
and it looks like it's not catching up from the point before restart.
Instead of that it's reading full detail.work file? why is like that?
Any bug in my code?
Thanks,
Rams.
> How to inter
Neville wrote:
> I've facing a problem since rebuild, where every user is being allocated
> the same IP from the sqlippool, and I'm not sure why this is happening.
...
> pppd does not pass back Client-IP-Address or Client-Station-Id
"Calling-Station-Id".
> table structure for radipool is
Yes
Hi,
> [files] users: Matched entry steven at line 79
okay - whats at line 79 of your Users file? you're trying to use
EAP/PEAP (PEAPv0/MSCHAPv2) from your accounts - so whats the
info you put into the users file?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.
> How to interpret AcctStopDelay filed?
It's the delay in seconds.
> Is there any SQL query readily
> available to update acctstoptimes correctly in FR? please suggest.
You subtract the delay from the time. For MySQL:
http://dev.mysql.com/doc/refman/5.1/en/date-and-time-functions.html#function_
Hi,
> Is there a way to configure FreeRADIUS to accept authentication requests
> from any AP. In other words, I don't want to have to pre-configure
> access points in the client.conf.
you can define a netmask to cover all clients - but without preconfiguring
a shared secret on the NAS? nope...nee
How to interpret AcctStopDelay filed? Is there any SQL query readily
available to update acctstoptimes correctly in FR? please suggest.
> I'm using freeradius2.1.6 with buffered-sql , detail files for accounting.
> In accounting queries i observed acctstoptime = %S.
> my db some how freezed and r
> I have implemented Free Radius Server
> SUSE 9.3 Prof and using mysql database with Perle JETSTREAM 4000 RAS
> device. My problem is that when I try to connect a user through modem
> in windows XP client machine its occure a error 691 but radius log
> authenticate t
> excuse me, somebody know if freeradius can see of some way the telephone
> number that one remote user is wearing in order to call me with his
> modem.My line(pair of copper) give me this information trhough a single
> telephone ,then can a NAS with freeradius give me the same information.
> if t
Craig Campbell wrote:
> We are upgrading from ancient radius servers to current, and discovered the
> radrelay program no longer exists.
See http://git.freeradius.org/pre/
The "pre" release of 2.1.7 has a sample "radrelay.conf" file.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http:
37 matches
Mail list logo
