>
> Message: 6
> Date: Mon, 7 Dec 2009 23:00:02 - (UTC)
> From: t...@kalik.net
> Subject: Re: Problems with PEAP
> To: "FreeRadius users mailing list"
>
> Message-ID: <50214.87.194.16.13.1260226802.squir...@www.kalik.net>
> Content-Type: text/plain;charset=iso-8859-1
>
> >
> > Hello everyo
> It never occurred to me that the Cisco controllers could be our issue...
> Though I have just checked with a colleague and he did try restarting
> them after hours yesterday, and it didn't help matters. If you can find
> out what setting you changed that would be ideal, but probably best to
> ema
> One of the attributes we are after is the client-mac-address from
> Cisco-AVPair = "client-mac-address=0012.3fb2.15d2".
>
> So far it is now converted to an attribute of its own
> client-mac-address=0012.3fb2.15d2. (by setting cisco-av-hack to yes
> and
> adding some attributes to the dictionar
One of the attributes we are after is the client-mac-address from
Cisco-AVPair = "client-mac-address=0012.3fb2.15d2".
So far it is now converted to an attribute of its own
client-mac-address=0012.3fb2.15d2. (by setting cisco-av-hack to yes and
adding some attributes to the dictionary)
Now to
From someone who has already suffered through it five years ago.
And, for the benefit of those who come after me.
1) set with_cisco_vsa_hack = yes in radiusd.conf
2) add the attributes I want to have stripped from the AVPair fields to
cisco.dictionary in /usr/local/share/freeradius, freeradius
On Mon, 7 Dec 2009, Bryan Campbell wrote:
O.K. That gets us to the per packet instances of the Cisco-AVPair. We
can access the array of two or five instances of Cisco-AVPair that are
in the respective packets. That gets us to the strings that are
defined.
How about using a regexp:
if (
In user account setup, you can use either Cleartext-Password or User-Password.
What is the difference? Thanks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. . .
>man unlang. Read about variables.
>
>Ivan Kalik
O.K. That gets us to the per packet instances of the Cisco-AVPair. We
can access the array of two or five instances of Cisco-AVPair that are
in the respective packets. That gets us to the strings that are defined.
Once you have the st
Hi Nere,
Make is finding the mysql libs in /opt/mysql/mysql/lib. You need to
change the path to /opt/mysql/mysql/lib/sparcv9 to get the 64bit libs.
HTH
-John
On 12/07/2009 11:53 AM, Nereida Bernal wrote:
Hi all!
I want to install FreeRADIUS 2.1.7, but while running "make" I get t
> We use Freeradius/MySQL with Cisco-AVPair entries to send radreplies and
> radgroupreplies that specify speeds and such with great success.
> However, we are having a bit of difficulty sorting out how to sort out
> Cisco-AVPair accounting entries so that we can insert them into the
> database.
>
> I'm new to this list and have never used one before. Here are my stats:
> FreeRadius version 1.272
There is no such version.
> My problem is when I try and start freeRadius it tells me it can't find
> the other config files that are in etc/radiusd/ like proxy.confg and
> clients.config. Here is
> I almost have a working Radius setup...
It's working.
> Well almost, because when I try to setup a pptp tunnel with my Windows XP,
> I see the following om my radius server:
>
> Packet number 1 has just been sniffed
> From:127.0.0.1:54717
> To: 127.0.0.1:1812
>
On Mon, Dec 07, 2009 at 11:53:45PM +0100, Josip Rodin wrote:
> On Mon, Dec 07, 2009 at 10:02:39PM +, Adrian Klaver wrote:
> > > Mon Dec 7 13:19:01 2009 : Error: [ourlittle_sql] Couldn't update SQL
> > > accounting STOP record - ERROR: invalid input syntax for integer: ""
> > >
> > > accounti
On Mon, Dec 07, 2009 at 01:16:02PM -0700, Guy Fraser wrote:
>> sql trace log indicates that this is the offending query:
>>
>> UPDATE radacct
>> SET AcctStopTime = ('2009-12-07 13:19:01'::timestamp -
>> '6'::interval),
>> AcctSessionTime = CASE WHEN '' = '' THEN
>> (EXTRACT(EPOCH FROM ('200
>
> Hello everyone,
> I know that it is something I have forgot to configure but I cant for my
> life remember what it is.
> What I want to do is to authenticate a user from a windows machine using
> PEAP.
>
> Things I´ve have configured in raddb and in raddb/modules is:
>
> 1. Added a user called
On Mon, Dec 07, 2009 at 10:02:39PM +, Adrian Klaver wrote:
> > Mon Dec 7 13:19:01 2009 : Error: [ourlittle_sql] Couldn't update SQL
> > accounting STOP record - ERROR: invalid input syntax for integer: ""
> >
> > accounting_stop_query = "UPDATE ${acct_table2} \
> > SET
> > AcctSessionTim
> Below is the complete Log..
> Please let me know how to solve/debug it..
>
>
> [tls] Done initial handshake
>
> [tls] <<< TLS 1.0 Alert [length 0002], warning bad_certificate
>
> TLS Alert read:warning:bad certificate
>
It's adifferent error. Quite clear what is wrong. Did you try to
On Mon, Dec 07, 2009 at 04:11:32PM +0100, Wim De Hul wrote:
> Dear list members,
>
> I almost have a working Radius setup...
>
> Well almost, because when I try to setup a pptp tunnel with my Windows XP, I
> see the following om my radius server:
>
> Packet number 1 has just been sniffed
>
Afternoon -
We use Freeradius/MySQL with Cisco-AVPair entries to send radreplies and
radgroupreplies that specify speeds and such with great success.
However, we are having a bit of difficulty sorting out how to sort out
Cisco-AVPair accounting entries so that we can insert them into the
data
Ignore me...
signature.asc
Description: OpenPGP digital signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>> Any advise or experiences would be much appreciated!
>>
> Fix the SQL queries so that the right information goes into the DB.
>
> Note that the calculated times may be off by a second or two, due to
> limited time resolution.
>
> It may be worth updating the server to create a "Acct-
Hello,
I'm new to this list and have never used one before. Here are my stats:
FreeRadius version 1.272
Linux OES2
My problem is when I try and start freeRadius it tells me it can't find the
other config files that are in etc/radiusd/ like proxy.confg and
clients.config. Here is what the com
On 2009-Dec-07, at 06:00, Josip Rodin wrote:
Hi,
I've observed an SQL logging problem with FreeRADIUS (2.x) and
PostgreSQL
(8.1), on several different installations I occasionally get these
errors:
Mon Dec 7 13:19:01 2009 : Error: [ourlittle_sql] Couldn't update
SQL accounting STOP re
Hi all!
I want to install FreeRADIUS 2.1.7, but while running "make" I get the
error "ld: fatal: file .libs/sql_mysql.o: wrong ELF class: ELFCLASS32"
Version: FreeRADIUS 2.1.7
Host SUN Sparc Netra-210
OS: Solaris2.10
MySQL Pkg: mysql-5.0.88-solaris10-sparc-64bit.pkg.gz
Where can I find the 64 bi
Dear list members,
I almost have a working Radius setup...
Well almost, because when I try to setup a pptp tunnel with my Windows XP, I
see the following om my radius server:
Packet number 1 has just been sniffed
From:127.0.0.1:54717
To: 127.0.0.1:1812
Type:
Hi,
> My domain comes through as part of the request.
>
> Sorry, but I didn´t understand this: "if so you can simply use the example
> ntlm_auth to do the substitution".
> Can you explain it better ?
hmm, looks like the domain part of the default config is gone...anyway, you can
do something
hi,
the request gets sent to inner-tunnel (as per standard EAP
configuration) but then inner-tunnel cant authenticate the user -
ie no authentication method in which your user 'Jens' can be found.
check that the requires method is in inner-tunnel
alan
-
List info/subscribe/unsubscribe? See http:
Hi, Allan:
My domain comes through as part of the request.
Sorry, but I didn´t understand this: "if so you can simply use the
example ntlm_auth to do the substitution".
Can you explain it better ?
Thanks.
Charles.
Hi,
>
> Hi All:
>
> My name is Charles and I need to "Configure my FreeRad
Hello everyone,
I know that it is something I have forgot to configure but I cant for my life
remember what it is.
What I want to do is to authenticate a user from a windows machine using PEAP.
The error I get in the output is:
rad_recv: Access-Request packet from host 192.168.118.10 port 35923,
Hi,
I've observed an SQL logging problem with FreeRADIUS (2.x) and PostgreSQL
(8.1), on several different installations I occasionally get these errors:
Mon Dec 7 13:19:01 2009 : Error: [ourlittle_sql] Couldn't update SQL
accounting STOP record - ERROR: invalid input syntax for integer: ""
s
Patric wrote:
> When the proxied updates are eventually processed, they are written into
> my account logs mysql table. The acct_start_time is written as the
> current date and time, and the acct_delay_time holds the difference
> between the actual time of the accounting update and now.
Hmm... t
Hi everyone,
I have an interesting dilemma that I would like to share with the list,
perhaps someone can shed some light on how they handle this kind of thing.
I have 2 freeradius 2.1.7 servers that receive accounting updates from
multiple clients, and proxy these accounting updates to eachother
Fajar A. Nugraha wrote:
> So to be clear: the issue would not exist with engines that support
> transaction? Including ndb (MySQL cluster) and falcon?
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> If i remove the 'testuser Auth-Type := Accept' completely everything
> works fine; the user connects and accounting updates are written. I am
> looking for an efficient way to remove the ability to connect without
> touching the password in the database. I searched through ppp and
> radiuscl
Ok, i figured it out. I can change between Reject and MSCAP and it will work.
On Mon, Dec 7, 2009 at 12:55 PM, jon michaels wrote:
> On Mon, Dec 7, 2009 at 12:31 PM, Alan Buxey wrote:
>
>> quite easy - you are forcing an access-accept on the initial packet
>> and you rNAS wont take that - it nee
Hi,
> > did you check permissions etc for the freeradius config
> > directory - need to ensure you have read/write priv for
> > the user you chose to run as in the certs directory (or
> > wherever you configured EAP to look for certs etc.
please read what i said. your compilation steps arent inv
On Mon, Dec 7, 2009 at 12:31 PM, Alan Buxey wrote:
> quite easy - you are forcing an access-accept on the initial packet
> and you rNAS wont take that - it needs to offer the full challenge-response
> and not just get a 'yes yes let them on'. if you remove that part where
> you are setting access
On Mon, Dec 7, 2009 at 2:03 PM, Alan DeKok wrote:
> rena...@flash.net.br wrote:
>> I was afraid of using sqlippool because the DB of this server is MySQL and
>> there is a warning about that in FreeRadius:
>>
>> # WARNING: MySQL has certain limitations that means it can
>> # hand out
Hi All,
Below is the complete Log..
Please let me know how to solve/debug it..
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 4991, id=2,
length=144
User-Name = "maemo"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "0023692c6f74"
Calling-
> Message: 5
> Date: Thu, 3 Dec 2009 14:18:14 +
> From: Alan Buxey
> Subject: Re: Problems when trying to start Freeradius with eap
> To: FreeRadius users mailing list
>
> Message-ID: <20091203141814.gb5...@lboro.ac.uk>
> Content-Type: text/plain; charset=us-ascii
>
> hi,
>
> did yo
Hi,
> True, its doing mschap. I currently dont understand yet why the debug
> shows an accept but the ppp doesn't like it.
quite easy - you are forcing an access-accept on the initial packet
and you rNAS wont take that - it needs to offer the full challenge-response
and not just get a 'yes yes le
Hi,
> Alen,
you know my name - i dont mispell it in my emails :-(
> As other explained, when the port is set to 0, the daemon will take any port
> dynamically. However, thanks to Tim, he cleared out my confusion, and I see
> clearly the ports are in fact 1812 and 1813.
>
> udp 0 0 *:ra
eturns ok
expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
-> /var/log/freeradius/radacct/127.0.0.1/auth-detail-20091207
[auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/127.0.0.1/auth-detai
43 matches
Mail list logo
