Kyle Plimack wrote:
> I have pap working (i.e. I ran radtest and got an access-accept).
> I don’t want to configure certs on each of my hosts for each of my
> clients, so I’d like to use PEAP/msChapV2 so that dot1x clients are
> prompted for and username/password.
>
> According the the deployingr
Hi,
It seems that NAS is configured to send the same log with the same
Acct-Session-Id 6 times .
Regards.
On Thu, Jun 17, 2010 at 4:51 PM, Omer Faruk Sen wrote:
> I think answer to my question is suppress field to remove. I am using
> 1.1.8 and I see that for every unique Acct-Sesssion-Id I see
Hi,guys.Anybody know how to complie freeradius 2.19 under cygwin.I feel the
FreeRADIUS.net is out of date but lots of complie error make me mad.any
proposal will be appreciated.
_
约会说不清地方?来试试
my pptp is on serverA, freeradius is on serverB
howto guarantee the security of messages between pptp and radius
2010/6/18 Spacelee
> i haven't created for each client...so will it be unsecure?
>
> 2010/6/18 Fajar A. Nugraha
>
>> On Fri, Jun 18, 2010 at 10:27 AM, Spacelee wrote:
>>
>> > it say
i haven't created for each client...so will it be unsecure?
2010/6/18 Fajar A. Nugraha
> On Fri, Jun 18, 2010 at 10:27 AM, Spacelee wrote:
> > it says : You need to edit client.cnf only if you
> > are using EAP-TLS. If not, then that file can be left as-is.
> >
> > how can i know whether i use
On Fri, Jun 18, 2010 at 10:27 AM, Spacelee wrote:
> it says : You need to edit client.cnf only if you
> are using EAP-TLS. If not, then that file can be left as-is.
>
> how can i know whether i use eap-tls?
Do you create a certificate for each client? If not, then you're not
using EAP-TLS.
Also n
it says : You need to edit client.cnf only if you
are using EAP-TLS. If not, then that file can be left as-is.
how can i know whether i use eap-tls?, i just follow the article:
http://www.howtoforge.com/authentication-authorization-and-accounting-with-freeradius-and-mysql-backend-and-webbased-man
On Fri, Jun 18, 2010 at 10:02 AM, Spacelee wrote:
> howto ?, is there any examples?
Try http://deployingradius.com/documents/configuration/certificates.html
--
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
howto ?, is there any examples?
--
Spacelee
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Fri, Jun 18, 2010 at 7:44 AM, Kyle Plimack wrote:
> I have pap working (i.e. I ran radtest and got an access-accept).
> I don’t want to configure certs on each of my hosts for each of my clients,
> so I’d like to use PEAP/msChapV2 so that dot1x clients are prompted for and
> username/password.
I have pap working (i.e. I ran radtest and got an access-accept).
I don't want to configure certs on each of my hosts for each of my clients, so
I'd like to use PEAP/msChapV2 so that dot1x clients are prompted for and
username/password.
According the the deployingradius.com guide, once pap is w
I did! They were initially unresponsive to phone and e-mail.
They have responded now! In case that doesn't work out, any other
suggestions?
Certainly some people here must have experience with getting paid outside
support?
Garber, Neal wrote:
>
> Have you looked here: http://networkradius.com
On 17/06/10 11:35, John Dennis wrote:
> On 06/17/2010 03:27 AM, Iain Grant wrote:
>> Correct me if I am wrong, that would mean i’d have to use ldap as my
>> connection between the freeradius server and the Win2008 RC2 AD instead
>> of my existing ntlm_auth connection ?
>
> Yes, that is correct, yo
Hi,
> I'm trying to implement PEAP-MSCHAPV2 support in an existing and working
> configuration with EAP-TTLS + PAP,
> giving users a full support of eduroam. There are proxy radius maintained by
> our national "provider", and they test
> authentication every 15 minutes.
>
> When they only test
On Thu, 2010-06-17 at 20:08 +0200, Bjørn Mork wrote:
>
> I would start by looking for any such deliberately ignored request.
>
I am told that the home server logs show nothing suspicious. I have no
direct access to those servers so I cannot say for myself. However, I
have asked that the logs are
Alan DeKok writes:
> John Horne wrote:
>> Hmm. Given that the servers are lightly loaded, I guess we are looking
>> at packet loss over the network?
>
> Yes. Many packets lost. The NAS re-transmits, FR re-transmits, and
> the home server doesn't respond.
>
> The default timeout before marki
On 06/17/2010 11:57 AM, Kyle Plimack wrote:
I’m trying to use ldap to authorize/authenticate my users into the
wireless network using 802.1x.
I just created a fresh installation of freeradius 2.1.7. We use Centos
Directory Server (aka red had dir. Srv / fedora dir.srv), not openLdap.
You didn'
Hi,
Before beginning, sorry for my bad English, I'm French.
I'm trying to implement PEAP-MSCHAPV2 support in an existing and working
configuration with EAP-TTLS + PAP,
giving users a full support of eduroam. There are proxy radius maintained by
our national "provider", and they test
authentica
John Horne writes:
> On Thu, 2010-06-17 at 17:54 +0200, Alan DeKok wrote:
>> John Horne wrote:
>> > Why does it think it looks like it is dead?
>>
>> Because the home server didn't respond to *another* request.
>>
>> Each request has a timer. If the home server doesn't respond within
>> tha
John Horne wrote:
> Hmm. Given that the servers are lightly loaded, I guess we are looking
> at packet loss over the network?
Yes. Many packets lost. The NAS re-transmits, FR re-transmits, and
the home server doesn't respond.
The default timeout before marking a home server zombie is 30s.
Jakob Hirsch writes:
> Hi,
>
> Alan DeKok, 2010-05-24 12:28:
>> * re-open log file after HUP. Closes bug #63.
>
> Since the update to 2.1.9 a new log file is _only_ opened on HUP. Is
> this behaviour intended?
> Previously we just let logrotate rename the old logfile and freeradius
> created a
Kyle Plimack wrote:
> I’ve read a lot of threads and looked at the protocol / encryption
> compatibility chart, but I’ve never seen someone say, “this is the
> solution”.
1) get PAP working against LDAP
2) follow the EAP guide (deployingradius.com) to get EAP working
3) configure ldap in the "inne
On Thu, 2010-06-17 at 17:54 +0200, Alan DeKok wrote:
> John Horne wrote:
> > Why does it think it looks like it is dead?
>
> Because the home server didn't respond to *another* request.
>
> Each request has a timer. If the home server doesn't respond within
> that time, then it is marked "zo
check this out
http://www.clearfoundation.com/docs/howtos/setting_up_freeradius2_to_use_ldap
Kyle Plimack wrote:
I’m trying to use ldap to authorize/authenticate my users into the
wireless network using 802.1x.
I just created a fresh installation of freeradius 2.1.7. We use Centos
Directory
John Horne wrote:
> So what is being seen is that backend server 141.163.66.101 has sent an
> accept accept packet (to the local proxy server 195.250) and the log
> shows a user as having authenticated. About 10 seconds later, the server
> is marked as zombie, but tcpdump shows that a packet (acces
On 17.06.2010 16:56, Alan DeKok wrote:
> Jens Weibler wrote:
>
>> The question is: why isn't the check allowing workstations?
>>
>> if (((smb_ctrl->vp_integer & ACB_DISABLED) != 0) ||
>> (((smb_ctrl->vp_integer & ACB_NORMAL) == 0) && (smb_ctrl->vp_integer &
>> ACB_WSTRUST == 0))) {
>> RDEBUG2("S
Jens Weibler wrote:
> The question is: why isn't the check allowing workstations?
>
> if (((smb_ctrl->vp_integer & ACB_DISABLED) != 0) ||
> (((smb_ctrl->vp_integer & ACB_NORMAL) == 0) && (smb_ctrl->vp_integer &
> ACB_WSTRUST == 0))) {
> RDEBUG2("SMB-Account-Ctrl says that the account is disabled,
Omer Faruk Sen wrote:
> First of all thank you for your reply Alan. Is this feature also valid
> for 1.1.8 for some certain reasons I have to use 1.1.8
Upgrade.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hey averyone;
i have installed the pre packaged version and i have found rlm_sqlcounter :)
and everything works great now thanks for helping.
Best regards,
Bassem Tadros
- Original Message -
From: "David Peterson"
To: "FreeRadius users mailing list"
Sent: Wednesday, June 16, 2010 4
Hi all,
I also encountered same crashed while testing Normal/backup proxy
feature.
I'm going to try if I am able to rebuild 2.1.10 using git, following git
build infos available en freeradius wiki, and I will report if this also
solves my problem.
Freeradius 2.1.9 build from sources under CentOS5.5
I think answer to my question is suppress field to remove. I am using
1.1.8 and I see that for every unique Acct-Sesssion-Id I see 5-6
detail log. Is it possible to combine it into only one in detail log
using
detail {
}
?
On Thu, Jun 17, 2010 at 4:28 PM, Omer Faruk Sen wrote:
> Hi,
>
> Is it p
Hi,
First of all thank you for your reply Alan. Is this feature also valid
for 1.1.8 for some certain reasons I have to use 1.1.8
Regards.
On Thu, Jun 17, 2010 at 9:06 AM, Alan DeKok wrote:
> Omer Faruk Sen wrote:
>> How can I make Calling-Station-Id and Called-Station-Id to be see in
>> accou
On Thu, 2010-06-17 at 14:09 +0100, Alan Buxey wrote:
> Hi,
> > On Thu, Jun 17, 2010 at 11:26:37AM +0100, John Horne wrote:
> > > So what is being seen is that backend server 141.163.66.101 has sent an
> > > accept accept packet (to the local proxy server 195.250) and the log
> > > shows a user as h
Hi,
Is it possible to customize rlm_detail log files? For example I want
to filter some Attributes or want to add certain Attributes even if
they don't exists.
Regards.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Alan DeKok, 2010-05-24 12:28:
> * re-open log file after HUP. Closes bug #63.
Since the update to 2.1.9 a new log file is _only_ opened on HUP. Is
this behaviour intended?
Previously we just let logrotate rename the old logfile and freeradius
created a new radius.log. I'm aware that it is
On Thu, 2010-06-17 at 14:16 +0200, Josip Rodin wrote:
> On Thu, Jun 17, 2010 at 11:26:37AM +0100, John Horne wrote:
> > So what is being seen is that backend server 141.163.66.101 has sent an
> > accept accept packet (to the local proxy server 195.250) and the log
> > shows a user as having authent
Hi,
> On Thu, Jun 17, 2010 at 11:26:37AM +0100, John Horne wrote:
> > So what is being seen is that backend server 141.163.66.101 has sent an
> > accept accept packet (to the local proxy server 195.250) and the log
> > shows a user as having authenticated. About 10 seconds later, the server
> > is
On Thu, Jun 17, 2010 at 11:26:37AM +0100, John Horne wrote:
> So what is being seen is that backend server 141.163.66.101 has sent an
> accept accept packet (to the local proxy server 195.250) and the log
> shows a user as having authenticated. About 10 seconds later, the server
> is marked as zomb
Have you looked here: http://networkradius.com/
> Even if you aren't able to provide support, I'd be interested in any
> suggestions for where to get support from.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 06/17/2010 03:27 AM, Iain Grant wrote:
Correct me if I am wrong, that would mean i’d have to use ldap as my
connection between the freeradius server and the Win2008 RC2 AD instead
of my existing ntlm_auth connection ?
Yes, that is correct, you would have to use ldap.
--
John Dennis
Lookin
Hello,
We have 3 backend servers which are used in a client-balance mode from
our local proxy server. We are running FR 2.1.10 (from git), but have
seen the following behaviour when we were running 2.1.7 and 2.1.9 for a
short time. Our logs are showing that FR marks the backend servers as
zombie e
Correct me if I am wrong, that would mean i'd have to use ldap as my
connection between the freeradius server and the Win2008 RC2 AD instead
of my existing ntlm_auth connection ?
Iain
__
SCRI, Invergowrie, Dundee, DD2 5DA.
The Scottish Crop
On 17.06.2010 08:08, Alan DeKok wrote:
> Jens Weibler wrote:
>
>> Shouldn't it be possible to use workstation accounts? My temporary
>> solution is to exclude querying sambaAcctFlag. No real solution if you
>> want to lock out really expired or disabled accounts :(
>>
> If the flag mean
43 matches
Mail list logo