Sallee, Stephen (Jake) wrote:
Is it possible to have FreeRADIUS send a radius response without first
receiving a request, provided I can feed it the same information the
request would have?
What kind of RADIUS response?
In general, though, the answer is no. RADIUS is a request /
response
Kevin Ehlers wrote:
I'm having a really hard time with proxying or just dealing with
CoA's. The documentation just isn't working for me.
Well... it's as clear as we know how.
I can configure the coa server. I can get the originate-coa server up
too. I can send CoA's to the server, but
Kory Wheatley wrote:
Will LDAP failover work on Solaris 10 with FreeRadius 1.1.3 ?
Yes. See doc/configurable_failover.
This is
the default that comes with Solaris or do we need to upgrade FreeRadius.
I would really suggest upgrading.
Alan DeKok.
-
List info/subscribe/unsubscribe?
Tom Leach wrote:
Alan, changing from User-Password to Password-With-Header brought back
the 'No known good password' error. I'm going through the rlm_pap.c
code to try to see what's going on here. I haven't found any docs yet
on what the various mapping possibilities are and what they do.
Tom Leach wrote:
Grr, off on a goose chase. Problem isn't in rlm_pap.c, but rlm_ldap.c.
rlm_ldap only likes the Cleartext-Password and User-Password
attributes.
Yes... the message you posted clearly shows it's output from the LDAP
mdoule.
Would it be a bad thing to patch rlm_ldap.c to
newtownz wrote:
I think I understand the problem here, there are multiple request
done to freeradius in the process of authenticating the user and
since I'm trying to access the variable that was set in the previous
request it is simply empty...
Yes.
If you want to store information
Hi all,
I would like to be able to prevent Interim-Update accounting packets
for a realm from being proxied. Start and Stop packets need to be
proxied, but the Interim-Updated should only be handled locally.
Is this possible with freeradius?
Many Thanks,
Murray
-
List
Murray Long wrote:
Hi all,
I would like to be able to prevent Interim-Update accounting packets
for a realm from being proxied. Start and Stop packets need to be
proxied, but the Interim-Updated should only be handled locally.
Is this possible with freeradius?
Yes.
accounting {
Here is another pair of logs which may be more focused than the previous
pair. It is of the LDAP portion only
SagiBarOr wrote:
Thank you for the info Jan. The radiusd-x files were included in the zip
files. Though I guess the other logs were overwhelming.
I now posted the two log files
SagiBarOr wrote:
Here is another pair of logs which may be more focused than the previous
pair. It is of the LDAP portion only
Could you explain in *simple* terms what you want? You've been
posting large debug outputs with little or no explanation.
Alan DeKok.
-
List
Sure. Here is the picture again: we are doing EAP-TTLS authnentcation with a
partial proxy. We call it split authentication. One Freeradius server is
doing the TLS phase and then proxy the MS CHAP v2 portion to a second Free
Radius server.
This works just fine.
When we try to do the same when
SagiBarOr wrote:
Sure. Here is the picture again: we are doing EAP-TTLS authnentcation with a
partial proxy. We call it split authentication. One Freeradius server is
doing the TLS phase and then proxy the MS CHAP v2 portion to a second Free
Radius server.
This works just fine.
When we try
The connection is not refused. these logs are of a successful session.
I did not post logs of a refused connection because this is not a free
radius server.
If you have no infomration about something non std with the way Free radius
proxy MA CHAP v2 then I will continue to investigate in other
SagiBarOr wrote:
The connection is not refused. these logs are of a successful session.
Then why did you post them? You have a problem with rejected
sessions, so there is *no* reason to post logs from accepted sessions.
I did not post logs of a refused connection because this is not a free
Hi Alan,
Managed to get that one right, but now its stripping off the realm despite me
having set nostrip, and the second server then complains about not knowing the
user. Where else can a realm get stripped except for proxy.conf and
sites-enabled/default?
-Original Message-
From:
Could someone please point me to a good how-to that will explain how to
get either pap or chap running using Microsoft AD as a backend?
Jake Sallee
Godfather Of Bandwidth
Network Engineer
Fone: 254-295-4658
Phax: 254-295-4221
-
List info/subscribe/unsubscribe? See
Never mind, God I feel dumb.
Jake Sallee
Godfather Of Bandwidth
Network Engineer
Fone: 254-295-4658
Phax: 254-295-4221
-Original Message-
From: freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org
[mailto:freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.o
I am looking for information on grouping users into profiles/groups. I've
searched around the FAQ's and docs but not finding a clear picture. I've
found how to associate a user with a group of NAS's.
.
Here's the scenario. There is a specfic VSA from Juniper called
Juniper-Local-User-Name.
Marius Pesé wrote:
Hi Alan,
Managed to get that one right, but now its stripping off the realm despite me
having set nostrip,
Well... it doesn't strip the realms if the nostrip is set. Are you
SURE you did it correctly?
And what does the debug log say? It's really not that hard to
Natr Brazell wrote:
I am looking for information on grouping users into profiles/groups.
I've searched around the FAQ's and docs but not finding a clear
picture. I've found how to associate a user with a group of NAS's.
See man rlm_passwd It can be used to create arbitrary groups,
Ooh! I'll try the LDAP-Group. wrt the Juniper-Local-User-Name VSA:
Once authenticated against LDAP the user is mapped to the NAS device where
there is a username called tier3 (or whatever you called it. Could be
superduck). That username is matched against a class which defines a
specific set
On 07/29/2010 01:08 PM, Sallee, Stephen (Jake) wrote:
I have correctly configured the LDAP module (I think...) but when I try
to authenticate a user I get an error saying the user cannot be found.
I have attached the debug output. I have tried turning the follow
referrals and rebind vars on
I added 3 groups called tier1,2 and 3 like
cn=tier3,ou=People,dc=somedomain,dc=com and added a user to that group.
That user is not able to log on. Here is the output. Note the member=
and uniquemember=. Ldap-UserDn values are null???
[ldap] performing search in
fixed it... Or rather Alan fixed it. I just found it and uncommented it.
Had forgotten to uncomment group checking in the ldap module. Apprarantly
there are defaults.
Thanks for the help.
N
On Thu, Jul 29, 2010 at 2:39 PM, Natr Brazell natrbraz...@gmail.com wrote:
I added 3 groups called
Hi
I am using FreeRADIUS Version 2.0.4
On failure of the first of 4 ldap sources the freeradius server does not
continue to the next source but reports 'failed'.
In radiusd.conf modules I have defined 4 ldap items
ldap ldap1 {
server = 192.168.4.250
check this
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
From: freeradius-users-bounces+ultrabalad=gmail@lists.freeradius.org
[freeradius-users-bounces+ultrabalad=gmail@lists.freeradius.org] On Behalf
Of Sallee,
Hello all.
I tried to configure freeradius to operate as dhcp server and reach the
point from where I can`t proceed.
the version of freeradius is 2.1.9
I have two situation
1. DHCP Discover packet comes from client who directly connected to
network which freerasdius listen on.
2. DHCP Discover
27 matches
Mail list logo