thanks for that, it's done the job.
Now my second problem is dialup admin. I can access it using http://(IP
address)/dialup, however when I click on the left hand side menu options, for
example accounting or statistic, I receive the following error "DEBUG(SQL,MYSQL
DRIVER): Connect: User=(root
hi,
i hope someone can help me to understand this case.
from a nas cisco 1841 i send by pppoe a request to a freeradius Version 1.1.3.
the response ever is NAS-Port=0
--
rad_recv: Accounting-Request packet from host xx:1646, id=114,
length=168
Acct-Se
> I've more than one radius server configured on my switches. If one
> server timeouts the switch takes the second server. On each radius
> server a freeradius and a mysql db is running. I'm now searching for a
> way that the freeradius does not return anything (=timeout for the
> switch) if he can
Hi!
I've more than one radius server configured on my switches. If one server
timeouts the switch takes the second server. On each radius server a freeradius
and a mysql db is running. I'm now searching for a way that the freeradius does
not return anything (=timeout for the switch) if he canno
On Wed, 2010-09-08 at 22:14 -0700, Tim Sylvester wrote:
> [sql] expand: %{User-Name} -> fredf
> [sql] sql_set_user escaped user --> 'fredf'
> rlm_sql (sql): Reserving sql socket id: 4
> [sql] expand: SELECT id, username, attribute, value, op
> FROM radcheck WHERE username = '%{SQL-Us
[sql] expand: %{User-Name} -> fredf
[sql] sql_set_user escaped user --> 'fredf'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username,
Dear developers/experts,
I haven't bugged you guys for too long so I decided to come back with a
strange question so you know that I'm still your loyal user.
I need to proxy requests with the following username pattern to a remote
server.
host/.gtcorp.com
This is what the username look
Hi,
> Well, the User-Name attribute is being copied to Stripped-User-Name
> which is *only* used during LDAP authentication, which works.
thats as much as maybe - but there is still no need for such
hacks in v2.x - likewise you have a very strange server layout -
why do you not have eg inner-tun
> Hmm... OK. The issue appears to be that the tunneled reply is saved
> for Access-Accept, but not Access-Reject.
> See "accept_vps" in rlm_eap_peap/*. Something similar needs to be
> done for reject, and for TTLS.
You are a gentleman and a scholar! I have made the changes as you suggested
for
Korosi, Nick wrote:
> I was wondering if anybody had any more information with this topic.
> Winbind authentication works every time during testing of ntlm_auth, but
> PEAP will only work once after a reboot and then fails every time. I
> can see a difference in the EAP-Message when running in de
I was wondering if anybody had any more information with this topic. Winbind
authentication works every time during testing of ntlm_auth, but PEAP will only
work once after a reboot and then fails every time. I can see a difference in
the EAP-Message when running in debug mode once it gets Req
On Wed, Sep 8, 2010 at 2:35 PM, Alan Buxey wrote:
> Hi,
>
>> [copy.user-name] expand: %{User-Name} -> SMB001\bob
>> copy.user-name: Added attribute Stripped-User-Name with value 'SMB001\bob'
>> ++[copy.user-name] returns ok
>> [add-dollar-sign] expand: ^(host/.*) -> ^(host/.*)
>> add-
Hi,
> [copy.user-name]expand: %{User-Name} -> SMB001\bob
> copy.user-name: Added attribute Stripped-User-Name with value 'SMB001\bob'
> ++[copy.user-name] returns ok
> [add-dollar-sign] expand: ^(host/.*) -> ^(host/.*)
> add-dollar-sign: Does not match: Stripped-User-Name = SMB001\bo
Hello,
We've recently upgraded FreeRADIUS from v1.1.8 to v2.1.9. We use it
together with Cisco AP to do WPA2 Enterprise using PEAP. All users and
machines accounts are stored in LDAP (OpenLDAP) and Samba v3.0 is
being used to provide a NT domain to Windows users. OpenLDAP contains
the ntPassword a
> Subject: Re: Enabling Session Resumption in FreeRadius
>
> Panagiotis Georgopoulos wrote:
> > Then a full EAP-TTLS exchange follows from the
> beginning
> > that succeeds. However, the failure message above Forcibly stopping
> > session resumption as it is not allowed implies tha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 9/3/10 2:30 PM, Alan DeKok wrote:
> Kevin Ehlers wrote:
>> Is it possible to modify attributes returned from ldap? E.g. We're
>> trying to do wpa-enterprise with peap-mschapv2. We store our nt hash
>> passwords as "{nthash}" instead of "{nt}". It
Noura Kossentini wrote:
> I proposed to use TinyRadius but they refused it. they consider it
> (contamination risk AND the IPR risk )
My $0.02 is that licenses aren't an issue. FUD around licenses is an
issue.
> So they opt to FreeRadius Client. It's a C library, had to be used from
> a Java a
Nathan McDavit-Van Fleet wrote:
> Thanks Ken,
>
> Is there existing documentation for this? I have searched for url
> redirection and the attribute names but I haven't found anything for
> freeradius. I'm not much of a FR guru so I don't have much of a mind for how
> I could put it together from s
Panagiotis Georgopoulos wrote:
>
> Then a full EAP-TTLS exchange follows from the beginning that
> succeeds. However, the failure message above "Forcibly stopping
> session resumption as it is not allowed" implies that there is
> somewhere in the FR a setting that will allow it? Am I assuming
Panagiotis Georgopoulos wrote:
> Then a full EAP-TTLS exchange follows from the beginning
> that succeeds. However, the failure message above “Forcibly stopping
> session resumption as it is not allowed” implies that there is somewhere
> in the FR a setting that will allow it? Am I
I never saw a reply to my below e-mail. Would anybody have any thoughts
or ideas on why our ldap group lookups fail after some period of
time...? If it would help to send debug output, I can... Just for my
information, are many folks out there using ldap/AD group lookups on
large FR installs
Thanks Ken,
Is there existing documentation for this? I have searched for url
redirection and the attribute names but I haven't found anything for
freeradius. I'm not much of a FR guru so I don't have much of a mind for how
I could put it together from scratch.
-Nathan
> -Original Message-
On Wed, Sep 08, 2010 at 10:25:41AM -0400, Nathan McDavit-Van Fleet wrote:
> Cisco has a feature to redirect users to a splash page after
> 802.1x/WPA2-personal authentication. We are interested in this feature so we
> can notify users of our EAP-TTLS service that we are migrating to
> PEAP-MSCHAPv2
Hello all,
I have a client that uses EAP-TTLS to authenticate to a
FreeRadius (2.1.8) over different access networks. After some handovers from
one network to another, I see in my FR log that session resumption fails,
and specifically I see :
Debug: SSL C
Cisco has a feature to redirect users to a splash page after
802.1x/WPA2-personal authentication. We are interested in this feature so we
can notify users of our EAP-TTLS service that we are migrating to
PEAP-MSCHAPv2.
I have included the url for the configuration description (of Cisco ACS).
But
Hi
I proposed to use TinyRadius but they refused it. they consider it
(contamination risk AND the IPR risk )
So they opt to FreeRadius Client. It's a C library, had to be used from a
Java application, it would need to be called either via JNI, or simply
linked into a small C main program and then
So the program (freeradius?!) that is calling rad2vmps is a perl script?
Best, Jan
Alan DeKok hat am 8. September 2010 um 14:19
geschrieben:
> Jan Zacharias wrote:
> > is the vmps functionality in freerad really a substitute for freenac?
>
> For some of it.
>
> > Is there a Gui th
Jan Zacharias wrote:
> is the vmps functionality in freerad really a substitute for freenac?
For some of it.
> Is there a Gui that I missed?
FreeRADIUS doesn't include a GUI for VMPS.
> After reading the sample configuration in
> sites-available/vmps I get the impression that freerad
Ple
Hey,
is the vmps functionality in freerad really a substitute for freenac?
Is there a Gui that I missed? After reading the sample configuration in
sites-available/vmps I get the impression that freerad can just handle
vmps requests as well. For me, vmps is not required at all, the clients
Hi,
> What version of RedHat?
>
> I have just tried the latest git 2.1.10 version on RHEL3 (update 9), and
> configure shows:
>
> configure: WARNING: silently not building rlm_python.
> configure: WARNING: FAILURE: rlm_python requires: Python.h
> libpython2.2.
RHEL3 - but from your outpu
Hi,
> Huh? Did 2.1.9 compile on those versions of Redhat? The last change
> to the Python module was over a year ago.
probably not - just reporting it before someone else does ;-)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
31 matches
Mail list logo