I have tried verson 3.3.10 and 3.4.5.
Which stable version can you recommend ?
Version 3.0.35 is working for me. I went through the downgrade process quite a
few months ago and settled on that version. It's been fine ever since.
Regards,
Leighton
---
This transmission is confidential and ma
Abdessamad BARAKAT wrote:
I have tried verson 3.3.10 and 3.4.5.
Which stable version can you recommend ?
Search the list.
You'll get lots of messages about it.
As far as I Remember it needs to be 3.2 and below.
--
Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021) 886-778
I have tried verson 3.3.10 and 3.4.5.
Which stable version can you recommend ?
Thanks Alan
Alan DeKok a écrit :
Abdessamad BARAKAT wrote:
The AD authentication with ntlm_auth is working fine but just after
that, the freeradius send a access-challenge to the aironet and nothing
after that, no
Also I found the below snippet of code in exec.c
/*
* We're not waiting, exit, and ignore any child's status.
*/
if (!exec_wait) {
return 0;
}
When does freeradius close the child?
Regards,
Sajeewa Warnakulasuriya
Systems Devel
Dear List
Finally(!) got to the bottom this...
The RHEL server of interest is actually a RHEL SELinux server, and SELinux
enforced that a process owned by the user radiusd should not be accessing a
remote port 25.
Cure was a local policy override, and for those who know as much SELinux as I
d
Thanks Alan, I'd just noted that same advice in one of your responses earlier
today. I'll certainly be taking a look.
Thanks much for your time!
-Benjamin
> Date: Wed, 10 Feb 2010 00:41:49 +0100
> From: al...@deployingradius.com
> To: freeradius-users@lists.freeradius.org
> Subject: Re: Forwar
Benjamin Marvin wrote:
> I've noted the RFCs list the following:
Who reads those things? :)
> So my question is:
> Does FreeRadius have built in support for taking responsibility of Accounting
> retransmission?
No. It's up to the NAS to retransmit.
> I currently proxy to an upstream ven
dev nath wrote:
> I am trying to authenticate Xsupplicant (open1x) through freeradius
> using EAP-PEAP-MSCHAPv2 configs. TLS initial connection was successful
> but MSCHAP-v2 authentication was not initiating (Xsupplicant returned
> TLS application packet not decrypted).
Knowing the real error m
Josh Willmarth wrote:
> Hello,
>
> Quick question: how do I restrict simultaneous use on a user by user
> basis in the users file?
You set the attribute Simultaneous-Use on a user by user basis.
bob Simultaneous-Use := 1
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.free
On Tue, Feb 09, 2010 at 01:17:02PM -0800, Amal Janardhanan wrote:
> But the same script is running in DEBUG mode..
>
> Also if I user freeradius-server-2.0.5, the script works in debug as
> well as daemon mode.
>
> Radius Server : freeradius-server-2.1.8
> Server ProductName: Mac OS X Server
I've noted the RFCs list the following:
>From PROXY section 2.1
A forwarding server may either perform its forwarding function in a
pass through manner, where it sends retransmissions on as soon as it
gets them, or it may take responsibility for retransmissions, for
example
Hello,
Quick question: how do I restrict simultaneous use on a user by user
basis in the users file?
Thank you.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
That worked wonderfully. Thanks for the great tip!
---
- Nick Bright
Network Administrator
Valnet Telecommunications, LLC
Tel 888-332-1616 x 315
Fax 620-332-1201
Benjamin Marvin wrote:
Hi Nick,
You should be able to update your users file with your realm, similar to
this:
DEFAULT Su
Hi Nick,
You should be able to update your users file with your realm, similar to this:
DEFAULT Suffix == "@YourRealm.com", Auth-Type := Accept
You can add commas and additional attributes to return to the NAS to help
direct the NAS in handling these local realm users.
Oh, btw, I'm running 1.
Greetings!
I'd like to configure freeradius such that my local realm is an "open
authentication" realm, by this I mean that I would like to return
Access-Accept back to any Access-Request no matter what username &
password is submitted.
This seems like it should be pretty easy, but I'm just
Anyone please, as this is driving me mad...
Thx
Nev
- Original Message -
From: Neville
To: freeradius-users@lists.freeradius.org
Sent: Sunday, February 07, 2010 1:28 PM
Subject: Max-Monthly-Traffic
Sorry for troubling everyone on this, but I cannot work out why
Session-Oc
Hi,
I am trying to authenticate Xsupplicant (open1x) through freeradius using
EAP-PEAP-MSCHAPv2 configs. TLS initial connection was successful but MSCHAP-v2
authentication was not initiating (Xsupplicant returned TLS application packet
not decrypted).
PLEASE HELP with correct freeradius config
Amal Janardhanan wrote:
>
> But the same script is running in DEBUG mode..
>
> Also if I user freeradius-server-2.0.5, the script works in debug as
> well as daemon mode.
>
>
> Radius Server : freeradius-server-2.1.8
> Server ProductName: Mac OS X Server
> Server ProductVersion: 10.5.8
> Server
But the same script is running in DEBUG mode..
Also if I user freeradius-server-2.0.5, the script works in debug as
well as daemon mode.
Radius Server : freeradius-server-2.1.8
Server ProductName: Mac OS X Server
Server ProductVersion: 10.5.8
Server BuildVersion:9L34
If radius ve
Trevor Jennings wrote:
> Just out of curiosity, is there a reason why Samba is used in the AD
> authentication? Is that the only option for FreeRadius?
Samba is the only option for *anyone* to do MS-CHAP authentication
against AD.
Remember: AD isn't an LDAP server. LDAP servers let you quer
Just out of curiosity, is there a reason why Samba is used in the AD
authentication? Is that the only option for FreeRadius?
I ask because I heard that ntlm_auth was not that stable.
Cheers,
- Trevor
On Tue, Feb 9, 2010 at 3:36 PM, Alan DeKok wrote:
> Abdessamad BARAKAT wrote:
>> The AD aut
Abdessamad BARAKAT wrote:
> The AD authentication with ntlm_auth is working fine but just after
> that, the freeradius send a access-challenge to the aironet and nothing
> after that, no access-accept or access-reject.
Change Samba. It's a bug in Samba.
i.e. install a different version of Sa
Matt Ashfield wrote:
> I’m quite certain this would work, however I was hoping there’d be some
> way similar to the huntgroups file (which I realize is for NAS’s which
> our AP’s are not acting as) that could group all our Access Point
> devices into a group s we wouldn’t have to have a statement i
Hi guys,
I need your help for a strange problem.
I want to authenticate users connected to a Cisco Aironet 1240 AG with
their AD account
and sometimes it's working and sometimes not and now doesn't want to
work without changing something on the configuration...
The AD authentication with ntlm_a
Hi All
We are using FR 2.1.5 for authenticating wireless users against our LDAP
database. Recently, our student wireless vlan is getting too large, and we
wish to subdivide it.
Currently we place users in the appropriate vlan based on the user type
returned via the groupmembership_attribu
Oliver Gorwits wrote:
> I'd welcome some guidance on configuring FreeRADIUS (any version) to
> select a onward proxy server(s) based on a RADIUS request attribute,
> and not the username's realm.
In 2.1.7 and earlier, create a fake realm (e.g. foo.bar.baz), and fill
out the normal home servers,
Hi Larry,
I am doing this same thing...
I've modified the PAP and LDAP sections, in
/etc/raddb/sites-enabled/{default,inner-tunnel}, to do this and it works
well.
authenticate {
#
# PAP authentication, when a back-end database listed
# in the 'authorize' section su
Thanks for your response, Alan.
On 2/9/10 4:01 AM, Alan DeKok wrote:
> The message was *changed* in that commit:
So it was previously there... My upgrade was from version 2.1.6, and
don't remember to have seen it before, but I'll check...
> The message is generated when the child thread tak
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I'd welcome some guidance on configuring FreeRADIUS (any version) to
select a onward proxy server(s) based on a RADIUS request attribute,
and not the username's realm.
The specific situation is that it would be useful to proxy based on
the wirele
29 matches
Mail list logo
