On Tue, Apr 27, 2010 at 1:17 AM, John Dennis wrote:
> On 04/26/2010 05:33 PM, eric.hernan...@allegiantair.com wrote:
>
>> I see thats what I thought, I also confirmed its all clear text with
>> tcpdump.
>>
>> If I were to switch my backend to an ldap system would I have encrypted
>> traffic for u
This may help you.
http://lists.freeradius.org/mailman/htdig/freeradius-users/2009-November/msg1.html
Using the Postauth_users restricting it via a ldap group should work.
On Tue, Apr 27, 2010 at 11:50 AM, Gary Gatten wrote:
> Hello all,
>
>
>
> I currently have FR v2.1.6 (Yes, I’ll upgra
Hi,
I came across a bug when rlm_python executes python code that tries to load a
dynamic (shared) module. This bug seems to have been discussed 2 or 3 times on
this list, but no really satisfying solution appears to have been found so far
(as far as I know), so I thought I might raise the sub
Hello all,
I currently have FR v2.1.6 (Yes, I'll upgrade...) running on RHEL5. I'm
authenticating VPN users and Ci$co device shell access using SAMBA/ntlm_auth
integration. "Everything" is working fine.
My next task is assigning Dynamic VLAN ID's. I have some test accounts/ports
working usi
I am trying to setup FreeRadius server to handle EAP-TLS authentication with
a WiMAX ASN GW.
I have another Radius server which does not support EAP-TLS but stores the
WiMAX QoS attribute values that need to be assigned to the user (user is
identified by Calling-Station-ID).
I have been going throu
Hi, Josip.
Now I am able to authenticate against freeradius on the Cisco 7206-VXR.
I just copied the configuration from an other Cisco switch.
--
Wagner Pereira
PoP-SP/RNP - Ponto de Presença da RNP em São Paulo
CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo
http://www
On 04/26/2010 05:33 PM, eric.hernan...@allegiantair.com wrote:
I see thats what I thought, I also confirmed its all clear text with
tcpdump.
If I were to switch my backend to an ldap system would I have encrypted
traffic for user authentication with freeradius remote ldap/backend setup?
Not cu
Hi,
> This has nothing to do with how many MySQL servers you've got or how
> you're doing replication, encryption occurs on a per connection basis
> (e.g. connections established via rlm_sql_mysql). rlm_sql_mysql never
> opens an encrypted session with it's server because rlm_sql_mysql does
>
I see thats what I thought, I also confirmed its all clear text with
tcpdump.
If I were to switch my backend to an ldap system would I have encrypted
traffic for user authentication with freeradius remote ldap/backend setup?
Also is there a nas/radacct table equivalent in the ldap solution or is
Agent Smith wrote:
> I'd like to have a radius proxy setup where it can proxy users based on
> number of numeric characters in the userid.
>
> so for example, if the userid is abc123 (with 3 numeric char. at the end) it
> should proxy to an instance of radius running on the same box and if the
I'd like to have a radius proxy setup where it can proxy users based on number
of numeric characters in the userid.
so for example, if the userid is abc123 (with 3 numeric char. at the end) it
should proxy to an instance of radius running on the same box and if the user
id is abcxxx it should
On Mon, Apr 26, 2010 at 03:44:50PM -0300, Wagner Pereira wrote:
> Is there a How-To explaining how to implement Radius in this NAS?
>
> The IOS version is 12.2
What exactly do you need explained, that isn't in Cisco documentation?
--
2. That which causes joy or happiness.
-
List info/subscr
On 04/26/2010 01:57 PM, eric.hernan...@allegiantair.com wrote:
Hi,
I am trying to figure out if need to encrypt my traffic from a
FreeRadius server to a remote MySQL backend.
I have the following setup.
FreeRadius/MySQL (Server1)
FreeRadius/MySQL (Server2) Both Server1 and Server2 are doing M
Hi, all.
Is there a How-To explaining how to implement Radius in this NAS?
The IOS version is 12.2
Thanks.
--
Wagner Pereira
PoP-SP/RNP - Ponto de Presença da RNP em São Paulo
CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo
http://www.pop-sp.rnp.br
Tel. (11) 3091-8901
On 04/26/2010 08:46 AM, Ana Gallardo wrote:
Hello,
sorry to ask again about this isuue, but I can't get the correct
configuration.
I follow your howto: http://wiki.freeradius.org/SQL_Huntgroup_HOWTO
I want to filter users login from fixed NAS,but I always get an reject.
I don't understand why
Hi,
I am trying to figure out if need to encrypt my traffic from a FreeRadius
server to a remote MySQL backend.
I have the following setup.
FreeRadius/MySQL (Server1)
FreeRadius/MySQL (Server2) Both Server1 and Server2 are doing MySQL Master
to Master (ssl) Replication
Now I want to add a th
Ana Gallardo wrote:
> sorry to ask again about this isuue, but I can't get the correct
> configuration.
>
> I follow your howto: http://wiki.freeradius.org/SQL_Huntgroup_HOWTO
>
> I want to filter users login from fixed NAS,but I always get an reject.
...
> [expiration] Checking Expiration time:
Joshua Lim wrote:
> Hi Alan,
>
> Thanks, how about using the pgina radius plugin?
> http://userpage.fu-berlin.de/~holger/radiusplugin/RADIUSplugin-0.3src.zip
>
> It has code taken from pam_radius_auth
>
> Is pam_radius_auth using radiusclient?
No. They are different code bases.
They should
Rosario Lumia wrote:
> I'm not sure how can I configure freeradius to have this kind of
> configuration:
>
> try to account to home_server1;
> if fails try home_server2;
> else fail;
>
> A kind of failover but not exactly; my goal is to have one @realm for
> more authentication server.
What do
Jakob Hirsch wrote:
> This will become a non-issue when the prctl() calls are moved into the
> fr_suid_* functions. :)
> Would you like me to prepare a patch for that or would you rather do
> that yourself?
Patch, please. It's just easier.
> Anyway, here's the aftermath: I got my core dump, fi
Kristoffer Milligan wrote:
> Configuration works perfectly, but when building I get the following error:
$ git pull
This was fixed recently.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> > ++[sql] returns ok
> >
> !!
> !!!
> > !!
> > !!!Replacing User-Password in config items with
> Cleartext-Password.
> > !!!
> >
> !!
> !!!
> > !!
hi,
the GIT version is guaranteed to compile - its very bleeding edge and work in
progress
...you've got the pre-2.2.0 HEAD versionand theres a few little niggles
that seem to have crept in.
will the 2.1.8 source not do things for you?
alan
-
List info/subscribe/unsubscribe? See http://www.
Hi,
This is what I get.
--
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for usern...@doma
Alan DeKok, 04/20/2010 06:21 PM:
btw, I wonder why is prctl() is not called when debug_flag is set. I
would have thought that one would want to get a core dump especially
when running in debug mode.
>>> It doesn't switch UIDs when in debug mode. So it inherits whatever
>> AFAICS
I'm trying to compile a fresh version of FreeRADIUS. I fetched the
latest stable from
git://git.freeradius.org/freeradius-server.git using the information
provided at http://git.freeradius.org/.
I am using the following configuration string:
./configure --with-experimental-modules
I want the
Hi,
> ++[sql] returns ok
> !
> !!
> !!!Replacing User-Password in config items with Cleartext-Password.
> !!!
> !
> !!
> !!! Please update you
Hi,
> Info: ++[mschap] returns ok
> Debug: MSCHAP Success
>
> So i assume that the auth. against AD is OK
not if you havent done the EAP inner-tunnel stuff yet - unless you mean
basic authorize has completed.
> but then the inner tunnel does something
well, it tries to
> Mon Apr 26 12
Hello,
sorry to ask again about this isuue, but I can't get the correct
configuration.
I follow your howto: http://wiki.freeradius.org/SQL_Huntgroup_HOWTO
I want to filter users login from fixed NAS,but I always get an reject.
I don't understand why in the example bellow:
++[request] returns n
Hi List,
When upgrading an existing 1.x config to 2.1.8 I get following lines in the
debug:
"
++[sql] returns ok
!
!!
!!!Replacing User-Password in config items with Cleartext-Password.
!!!
!!!
Hi,
I have some strange problems with peap+mschap+AD
I followed the howto on the wiki for AD but with no luck.
When authenticating a user I'll get:
Info: ++[mschap] returns ok
Debug: MSCHAP Success
So i assume that the auth. against AD is OK
but then the inner tunnel does something
Hi to all,
I'm not sure how can I configure freeradius to have this kind of
configuration:
try to account to home_server1;
if fails try home_server2;
else fail;
A kind of failover but not exactly; my goal is to have one @realm for more
authentication server.
I read the "more complex configuratio
32 matches
Mail list logo