Re: STILL Trying to get tunneling to work- resolved, and a question

Mike Bernhardt wrote: > Just to clarify my questions: > If one of the servers I'm proxying to is dead, is there a way to reduce the > number of times freeradius tries before failing over to the next one? Read raddb/proxy.conf > 2. Are there any ways to make this process more efficient, given th

RE: STILL Trying to get tunneling to work- resolved, and a question

Just to clarify my questions: If one of the servers I'm proxying to is dead, is there a way to reduce the number of times freeradius tries before failing over to the next one? 2. Are there any ways to make this process more efficient, given that status check currently doesn't work with the downstre

Re: Allowing Access via 'users' when LDAP fails

From: Alan DeKok To: FreeRadius users mailing list Sent: Thu, January 28, 2010 1:00:47 AM Subject: Re: Allowing Access via 'users' when LDAP fails Amaru Netapshaak wrote: > Right now, if a user > isnt found in the LDAP database, a reject is returned to the s

Re: STILL Trying to get tunneling to work- resolved, and a question

Mike Bernhardt wrote: > I found the major problem that caused my configuration to not work. This was > in regards to getting freeradius to proxy EAP/PEAP to IAS servers as > standard CHAP. ? That's impossible. PEAP uses a MD4 hash of the password, and CHAP uses an MD5 hash of the password. Yo

Re: STILL Trying to get tunneling to work- resolved, and a question

I found the major problem that caused my configuration to not work. This was in regards to getting freeradius to proxy EAP/PEAP to IAS servers as standard CHAP. I was using freeradius 2.1.7, and then 2.1.8 as recommended by someone. Neither worked. The solution was to back down to 2.1.4. Is this a

Re: Issues with squid_radius_auth

Ovi C wrote: ... > Failed to authenticate the user. > WARNING: Unprintable characters in the password.Double-check > the shared secret on the server and the NAS! So... > Somehow the client is not sending the cleartext password from database > and this causes the error. > The shared se

Re: Logging in more then once

I have read this document. It is asking me to add something like this to my users.conf file. I don't understand. What group do I use? Is it asking me for a local group or an eDirectory group? DEFAULT Group == "staff", Simultaneous-Use := 4 Fall-Through = 1 DEFAULT Group == "business", Simulta

RE: freeRadius LDAP auth using WPA-EAP on 802.11

Sorry bother you once more. Can you please specify which files and option must I change exactly... José Campos -Mensagem original- De: freeradius-users-bounces+jjscampos=gmail@lists.freeradius.org [mailto:freeradius-users-bounces+jjscampos=gmail@li

Proxied accounting

I'm currently running Freeradius 2.1.7 across 3 servers and have been having a recurring issue where proxied accounting packets stop being relayed to my customers approximately after 1 month of uptime. Auth still works just fine, but for some strange reason, acct just stops being relayed. At fi

Re: freeRadius LDAP auth using WPA-EAP on 802.11

José Campos wrote: > What do you sugest. Diable md5 on eap or not using eap? Use an EAP method that works with an AP: PEAP, TTLS, ... > Sorry, I'm not very familiar with this subject. > > Can't I still use WPA-EAP on my AP? Yes... there are millions of people using that.

Re: proxy same realm but different authentication protocol to different server

piston wrote: > Due some limitation, my partner is using two different server to handle > different auth-type (PAP / EAP), said server1 only take PAP cannot handle > EAP, server 2 take EAP cannot handle PAP. > > But their user (realm xyz.com), login at my location maybe authenticate by > PAP or

Re: proxy same realm but different authentication protocol to different server

piston writes: > Due some limitation, my partner is using two different server to > handle different auth-type (PAP / EAP), said server1 only take PAP > cannot handle EAP, server 2 take EAP cannot handle PAP. > > But their user (realm xyz.com), login at my location maybe > authenticate by PAP or

RE: freeRadius LDAP auth using WPA-EAP on 802.11

Hello, What do you sugest. Diable md5 on eap or not using eap? Sorry, I'm not very familiar with this subject. Can't I still use WPA-EAP on my AP? José Campos -Mensagem original- De: freeradius-users-bounces+jjscampos=gmail@lists.freeradius.

Re: proxy same realm but different authentication protocol to different server

Due some limitation, my partner is using two different server to handle different auth-type (PAP / EAP), said server1 only take PAP cannot handle EAP, server 2 take EAP cannot handle PAP. But their user (realm xyz.com), login at my location maybe authenticate by PAP or EAP, depending what kind

Re: get attributes from multiple AD domains

John wrote: > Again. Now we can get attributes from AD domains using the Global > Catalog port 3268. > > A new problem: there are 2 same accounts in 2 domains. And we use filter > = "(sAMAccountName=%{mschap:User-Name})". Looks ldapsearch return 2 > results from AD. And freeRADIUS could not handl

Re: Framed-IP-Address cant override NAS ip pool

Tevfik Ceydeliler wrote: Because still I don't know why but When I dont use pool, and I use onle framed-ip-address and mask, user can get Access-Accept but cant get IP address and mask. Agai I don't know why but radius can't send to user Framed-IP-Address and Netmask. I sniff the client side

Re: Windows Authentication Failing After Changing IP

Can anyone provide any input? I'm really clueless\stuck at this point. I've run some LDP tool to verify credentials and DN is correct. Any input would be deeply appreciated. On Wed, Jan 27, 2010 at 2:14 AM, Edwin Isada wrote: > I commented out rebind and chase_referral, but this didn't fix the