Etienne Philip Pretorius wrote:
> I need to make localhost select the correct virtual server based on a
> custom attribute that is passed to Freeradius.
Virtual servers don't work that way.
> I have three virtual servers, and I use scripts to inject radius
> accounting packets into the radius s
rrperez wrote:
> Thanks for the response David,
>
> Now, I have solved the problem locally by putting an attribute in the
> ldap.attrmap but then another problem appears through the wireless network,
> MSCHAPv2 fails.
...
> Is there a way for me to solve the mschapv2 error?
Store the passwords
Thanks for the response David,
Now, I have solved the problem locally by putting an attribute in the
ldap.attrmap but then another problem appears through the wireless network,
MSCHAPv2 fails.
Here is the debug:
rad_recv: Access-Request packet from host 10.96.100.205 port 3474, id=0,
length=141
Hi All,
I use freeradius version 2.1.3 and LDAP to authenticate ADSL users. I have a
requirement to compare the NAS-Port-Id in the user request to the one in the
LDAP. But when I test it, radius debug output says "Pairs do not match.
Rejecting user.". But the values in the request and LDAP are sam
Hello List,
I need to make localhost select the correct virtual server based on a
custom attribute that is passed to Freeradius.
I have three virtual servers, and I use scripts to inject radius
accounting packets into the radius server and I would like to ideally
select the correct virtual s
I would recommend sending your full debug. It looks as though you are
mixing clear text passwords and encrypted passwords. That would suggest a
configuration issue.
David
-Original Message-
From:
freeradius-users-bounces+david.peterson=acc-corp@lists.freeradius.org
[mailto:freerad
Here is the debug for the problem:
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "k1mberly."
[pap] Using clear text password "{crypt}$1$3rOzYhpM$iBPcRQdUVkW4x6BxpUrNO0"
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
how c
Freeradius2 + OpenLDAP for Wifi Authentication
I'm having a problem with the password decryption for radius with ldap
entries that have an encrypted password. Is there a way to map the attribute
so that the radius can read/decrypt the password on ldap directory?
--
View this message in context:
I am working on trying to get information from connections such as
Mac-Address and last connected IP from the device. Once we get this
information I would like to add this to the radius database, either in the
radpostauth or radacct. I am completely new to radius so not to sure about
if I need to a
On Mon, Aug 9, 2010 at 6:31 PM, Alan DeKok wrote:
> Peter Lambrechtsen wrote:
> > Using FreeRadius 2.1.7 and trying to get the postauth_users to return an
> > access reject however it always seems to return either a noop or ok.
> ..
> > And this is what is in my postauth_users file:
> >
> > DEFAUL
Natr Brazell wrote:
> Wasn't suggesting I'd use TACACS+. I am in the process of replacing my
> customers existing TACACS+ architecture however they keep coming back to
> the ability of TACACS+ over Radius to secure, or rather, not send
> accounting data across the network in the clear. (I assume
- Original Message
> From: Jiann-Ming Su
> To: freeradius-users@lists.freeradius.org
> Sent: Mon, August 9, 2010 4:29:57 PM
> Subject: sql nas and accounting
>
> 2. How do I get sql accounting to work? That is, how do configure
> freeradius
>
> to update the radacct table? Righ
Two questions:
1. Does listing clients in the nas database table support virtual servers? If
so, what field do I enter that info in and do I need to update the SQL query
used in dialup.conf?
2. How do I get sql accounting to work? That is, how do configure freeradius
to update the radacct
:)
Wasn't suggesting I'd use TACACS+. I am in the process of replacing my
customers existing TACACS+ architecture however they keep coming back to the
ability of TACACS+ over Radius to secure, or rather, not send accounting
data across the network in the clear. (I assume this is the case) I thi
Bjørn Mork wrote:
> And now I've got a code issue...
>
> commit 60fcab53 introduced radius_pairmake() in
> src/modules/rlm_eap/libeap/tls.c
> commit d210de17 introduced radius_pairmake() in
> src/modules/rlm_eap/libeap/cb.c
>
> which AFAICT is part of the server and not available outside it.
We would be stuck with static weak security built in to RADIUS just like
TACACS uses.
There are options for securely tunneling RADIUS packets that weren't
available in the early years. Secure tunneling doesn't require changes
to the RADIUS protocol. The EAP-TLS extension alone has made most of
I am running FreeRadius version 2.1.7-7
I am doing clear-text password authentication against Active Directory
using ntlm_auth. Then ldap is used for group checking. Finally, I have
moved my policies to postauth_users in the postauth group.
This clear-text functionality works fine.
However, whe
Alan DeKok writes:
> Bjørn Mork wrote:
>> I don't have any issues with the code, but I have one with the
>> repository: Could you please tag the 2.1.9 release (and of course the
>> 2.1.10 as well when it is released)? It's so much easier to look for
>> small differences in a particular file or su
Bjørn Mork wrote:
> I don't have any issues with the code, but I have one with the
> repository: Could you please tag the 2.1.9 release (and of course the
> 2.1.10 as well when it is released)? It's so much easier to look for
> small differences in a particular file or such if you can just do e.g.
Alan DeKok writes:
> Version 2.1.10 should be released soon. If there are any pressing
> issues people would like to get addressed, now is the time to speak up.
I don't have any issues with the code, but I have one with the
repository: Could you please tag the 2.1.9 release (and of course the
WWF wrote:
> Now I use fr 2.19 for wimax. The CPE asks for session resumption in
> TTLS-MACHAPv2. like this:
Try the v2.1.x branch from git (http://git.freeradius.org). It has
fixes to work around an OpenSSL change that can cause this issue.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Curious why we're fortunate? Could you elaborate some?
On Sun, Aug 8, 2010 at 10:01 PM, Michael Lecuyer wrote:
> TACACS+ uses an MD5 pad based on the session ID, shared secret, TACACS+
> version, and packet sequence number. This is XOR'd over the packet. The pad
> is in multiples of the MD5 ha
freddychu wrote:
> Hi,
>I want to configure a proxy radius server and the username doesn't have
> any realm, just like 'tom'.
>So I configure realm NULL section in proxy.conf file, but it doesn't
> work, the error message in radiusd terminal when redius server received the
> accounting mess
dear all, hi!
Now I use fr 2.19 for wimax. The CPE asks for session resumption in
TTLS-MACHAPv2. like this:
Mon Aug 9 16:14:16 2010 : Info: [eap] Request found, released from the list
Mon Aug 9 16:14:16 2010 : Info: [eap] EAP/ttls
Mon Aug 9 16:14:16 2010 : Info: [eap] processing type ttls
Mon
Hi,
I want to configure a proxy radius server and the username doesn't have
any realm, just like 'tom'.
So I configure realm NULL section in proxy.conf file, but it doesn't
work, the error message in radiusd terminal when redius server received the
accounting message:
Proxying request 0 t
Hi,
> I see know that it was my fault (obviously it was going to be). I am using
> sql, and not the users file as the guide
> (http://wiki.freeradius.org/Rlm_perl) suggests. I added Auth-Type attribute
> into the table and I know cannot login with the user baduser.
> So radcheck used to look li
26 matches
Mail list logo