Jonathan Hutchins wrote:
> Looking carefully through the log, I saw that I had disabled mppe when I was
> testing without the domain (?). Renabled it.
Yes. You broke the configuration by disabling "use_mppe".
You have been sending *many* messages trying to get the server to
work. This is
-Type = Framed-User
Framed-Protocol = PPP
Acct-Authentic = RADIUS
NAS-Port-Type = Async
Framed-IP-Address = 192.168.10.51
NAS-IP-Address = 24.123.100.82
NAS-Port = 0
Acct-Delay-Time = 0
+- entering group preacct {...}
++[preprocess] returns ok
[acct
Ok, disabled smbpasswd, enabled the existing config for ntlm_auth, updated
the /path/to/ntlm_auth to /usr/bin/ntlm_auth, added freerad to the
winbind_priv group, enabled domain on client.
This _looks_ like it worked, but same errror in the pptp log:
Apr 20 17:31:26 firewall pppd[2831]: MPPE req
Have you read the changelog between 2.1.0 and 2.1.8? Maybe there's a known
bug? I've had issues where some part of SAMBA dies (winbind/nmbd/smbd) and of
course Auth will also fail, but if all the SAMBA pieces are working and FR is
running, it usually just works!
Maybe run in debug mode until
Hi List...
I've been having this strange issue, that I hope somebody in here will
be able to assist me in solving.
I have a Linux machine (Ubuntu 9.10, 32 bit), running freeradius 2.1.0
(ubuntu 9.10 version, but re-built with ssl), setup to provide
authentication services for a wireless netw
I think I see that I do not have an authentication backend
configured. /etc/freeradius/modules/smbpasswd exists, but it isn't called by
anything.
I found a commented authorisation method "smb_passwd"
in /etc/freeradius/sites-enabled/default and uncommented it. This fails, the
module is actua
Yeah, there's a way. I had / have similar requirements. I *think* with some
unlang and maybe a "fall-through" here or there... I haven't quite figured
this out, but I'm pretty sure it can be done. From what I've gathered so far
FR allows one to do pretty much anything, it's usually the other
I really appreciate the help and patience:
On Tuesday 20 April 2010 03:38:53 pm Alan Buxey wrote:
> see your logs, it says
> ++[unix] returns notfound
> [files] users: Matched entry DEFAULT at line 172
That worries me a bit, but I think at that point it's treating as
/, and _that's_ what it's
Hi,
> According to http://wiki.freeradius.org/PopTop though, I shouldn't need to
> define a user. The 1.x configuration does not appear to have required this
> either. Did it default to using local /etc/passwd or PAM? Did the old
> mschap module know to use samba?
>
> Thibault, how does you
Hi,
> I believe my next step, according to what Josip Rodin has been kind enough to
> point out, is to enable the ntdomain parsing section, which is configured
> but commented out in /etc/freeradius/sites-denabled/default.
> (It occurrs twice, if I understand correctly the second one is for accou
You have to send some attributes to the switch. I am using Cisco
switches and here are the attributes that I need to send to the switch
to switch the port to VLAN 3:
bob Cleartext-Password := "test"
Tunnel-Type:0 = VLAN,
Tunnel-Medium-Type:0 = IEEE-802,
Tunnel-Private
I was able to get ntlm-auth working with AD integration. But unfortunately
this stops the existing users in the users' file from being check. Whenever
I have the "ntlm_auth =" line configured in modules/mschap, my users file is
not check. If I comment out "ntlm_auth" the users file works again.
Is
Old radiusd.conf (stripped):
prefix = /usr
exec_prefix = ${prefix}
sysconfdir = /etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
lo
Jonathan Hutchins wrote:
> According to http://wiki.freeradius.org/PopTop though, I shouldn't need to
> define a user.
No. It defines how to configure PPTP. It doesn't define how to
configure users.
By the same "logic", you could say "BUT my poptop users can't access
the network! The docu
On Tuesday 20 April 2010 02:44:33 pm you wrote:
> Oh, of course the PopTop howto supposes that you have a working FR
> setup, and that you're able to authenticate your user using MSCHAP !
Ok, maybe a mention of that in the howto.
> Where do you plan to manage your users account ?
I'd like to kee
Jonathan Hutchins a écrit :
On Tuesday 20 April 2010 01:00:42 pm John Dennis wrote:
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
You have to either have a Cleartext
On Tuesday 20 April 2010 01:00:42 pm John Dennis wrote:
> [pap] WARNING! No "known good" password found for the user. Authentication
> may fail because of this.
> [mschap] No Cleartext-Password configured. Cannot create LM-Password.
>
> You have to either have a Cleartext password for the user or
The log messages are pretty clear and informative:
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
You have to either have a Cleartext password for the user or an ntlm
has
Progress, of a sort!
In additition to the instructions in the PopTop doc, I have enabled ntdomain
on lines 119 and 345 of /etc/freeradius/sites-enabled/default, and I have
enabled nt_domainhack on line 37 of /etc/freeradius/modules/mschap.
Now we move on to the following error:
[ntdomain] Loo
Ok, I've completely removed and reinstalled everything for a clean start.
Following http://wiki.freeradius.org/PopTop, I get the following output.
I believe my next step, according to what Josip Rodin has been kind enough to
point out, is to enable the ntdomain parsing section, which is configu
In your configuration, to the remote XP users have a domain configured? Do
you have nt_domainhack enabled?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jonathan Hutchins wrote:
> This is the documentation I was working from:
> http://wiki.freeradius.org/PopTop
>
> Not external after all.
And not wrong, either.
> Yes, the main documentation is thorough, but while it specifies all off the
> possible options and configurations, it's a bit diff
Jakob Hirsch wrote:
> Any idea when it will be released?
In the next month or so.
>>> btw, I wonder why is prctl() is not called when debug_flag is set. I
>>> would have thought that one would want to get a core dump especially
>>> when running in debug mode.
>> It doesn't switch UIDs when in
Alexander wrote:
> Dear all,
>
> accounting data gets sent to MySQL in my setup. Unfortunatly active sessions
> do not show up in radacct. Although terminated sessions show up in the table
> correctly.
>
> Eg. neither AcctStartTime information nor perodic accounting updates get
> displayed in
Michael Bathe wrote:
> Hello freeRadius-Users,
>
> I've installed freeradius-1.1.7-sol10-x86-local and all dependencies.
What is that?
If it's a Solaris Package, ask the people who gave you the package.
Otherwise, install 2.1.8 from source.
Alan DeKok.
-
List info/subscribe/unsubscribe
On Tuesday 20 April 2010 03:27:19 am Thibault Le Meur wrote:
> Yes it is true, but this part seems easy once you've understood how to
> migrate from FR1 to FR2 which is required anyway to do a proper
> migration.
Is there a doc that specifically addresses migration?
> In fact this would be only
Thanks for your replies and help.
On Saturday 17 April 2010 01:51:22 am Alan DeKok wrote:
> (1) Read http://freeradius.org/doc/
> Most external documentation is wrong.
This is the documentation I was working from:
http://wiki.freeradius.org/PopTop
Not external after all.
Now that the FAQ is
Hi,
I'm seting up a FreeRadius Server using SQL backend to store
informations about NAS, Users and Groups. I search the Attribute to use
to allow a group in a VLAN of my switch.
My setup permit to authenticate a user and the group of the user. But
what is the attribute to use in table radrep
Dear all,
accounting data gets sent to MySQL in my setup. Unfortunatly active sessions do
not show up in radacct. Although terminated sessions show up in the table
correctly.
Eg. neither AcctStartTime information nor perodic accounting updates get
displayed in radacct table until the session e
Hello freeRadius-Users,
I've installed freeradius-1.1.7-sol10-x86-local and all dependencies. I
don't know whats wrong!
then i run /usr/loacl/sbin/radiusd -X i get the following output:
r...@host# /usr/local/sbin/radiusd -X
Starting - reading configuration files ...
reread_config: reading radiu
Hi,
> > Should I be posting my debug logs to a pastebin rather than sending
> > them to the whole list?
>
> E-mail's cheap. Paste the text from the logs into the main body of your
> e-mail.
agreed. i'm far less likely to fire up a browser to read a log
file when i'm in a mutt session
alan
-
List
Alan DeKok, 2010-04-20 10:54:
>> So after some debugging I got to the root cause of this:
>> The process's dumpable flag is reset every time the UID is changed. FR
>> does this several times with fr_suid_up() and fr_suid_down() after
>> switch_users() is run, e.g. in listen_bind().
>> So I guess w
Hi,
I'm having problems to configure the dhcp with freeradius (this is the
first time :$)
I have compiled it with the --with-dhcp option, and linked dhcp in
sites-available.
My dhcp server is 10.88.3.25 and the router is 10.88.3.1.
I have only modified the dhcp configuration and the mac2ip file.
Jakob Hirsch wrote:
> So after some debugging I got to the root cause of this:
> The process's dumpable flag is reset every time the UID is changed. FR
> does this several times with fr_suid_up() and fr_suid_down() after
> switch_users() is run, e.g. in listen_bind().
> So I guess we have to change
Jonathan Hutchins wrote:
> I don't suppose there's a utility that will parse a freeradius 1.x
> configuration and spit out appropriate files for 2.x?
Nearly everything is compatible. The major changes are simple
re-arrangements of configurations.
Alan DeKok.
-
List info/subscribe/unsubscrib
Jonathan Hutchins wrote:
> Wow, much more complex than the existing external documentation suggests.
(1) Read http://freeradius.org/doc/
Most external documentation is wrong.
(2) The *default install* sets up those files correctly. The only
reason for not having those files is you did so
John Dennis wrote:
> RHEL 6 which is under development and is currently in beta testing does
> have FreeRADIUS 2.1.8. So a possible solution would be to upgrade from
> RHEL 5 to RHEL 6. If FreeRADIUS 2.1.9 is released shortly I *may* be
> able to get it into RHEL 6,
2.1.9 should be released in a
- Message de hutch...@tarcanfel.org -
Date : Mon, 19 Apr 2010 19:41:44 -0500
De : Jonathan Hutchins
Répondre à : FreeRadius users mailing list
Objet : Re: PopTop
À : FreeRadius users mailing list
On Monday 19 April 2010 07:16:52 pm Thibault Le Meur wrote:
Hi,
I have a problem with authenticating users against an AD.
I'm connecting to a WPA2-Ent with PEAP and MS-CHAPv2
But it wont just work.
Any ideas?
freeradius is running in "SUSE enterprise 11-64bit"
Here is the output from "radiusd -f -X" (the relative parts)
FreeRADIUS Version 2.1.1, for host
On Mon, Apr 19, 2010 at 05:10:09PM -0500, Jonathan Hutchins wrote:
> On Monday 19 April 2010 04:33:25 pm Josip Rodin wrote:
>
> > The suffix module didn't recognize \ as a delimiter. You probably need to
> > tell it explicitly to do that. To add your own module instance, just add a
> > new file in
40 matches
Mail list logo