Stephane Brodeur wrote:
> I am a newbie with Radius and I have problems to authenticate XP
> wireless clients with eap. I think that my first problem is due to the
> fact that Windows XP client requires a Certificate Authority since
> Windows only recognized signed certificate. I could not find th
John wrote:
> I want to use 'radacct' to detect whether the accoounting aervice is
> alive or not. What kind Acct-Status-Type should I include in accounting
> message? Accouting-On or Accouting-start or others? Can you give some
> advice?
See RFC 5997. It's been implemented in FreeRADIUS for
I want to use 'radacct' to detect whether the accoounting aervice is alive or
not. What kind Acct-Status-Type should I include in accounting message?
Accouting-On or Accouting-start or others? Can you give some advice?
John
-
List info/subscribe/unsubscribe? See http://www.freeradius.
Got it. Thanks.
--- 10年9月9日,周四, Alan DeKok 写道:
发件人: Alan DeKok
主题: Re: Failed to load module "handled"
收件人: "FreeRadius users mailing list"
日期: 2010年9月9日,周四,下午3:56
John wrote:
> 2010-09-09 07:42:10 err
> /usr/local/etc/raddb/sites-enabled/default[1]: Errors parsing authorize
> section.
Hi,
I am a newbie with Radius and I have problems to authenticate XP wireless
clients with eap. I think that my first problem is due to the fact that
Windows XP client requires a Certificate Authority since Windows only
recognized signed certificate. I could not find the certificate propertie
Hi,
> Thanks again, Alan. Sorry, not selectively. I do not understand how to
> proceed. What does "your configuration" refer to specifically? (users,
> radcheck, *.conf, chillispot?) I grepped all the config files for "known" and
> none appeared to be insightful (to my newbie understanding of r
p preacct
++[preprocess] returns ok
rlm_acct_unique: Hashing 'NAS-Port = 0,Client-IP-Address =
192.168.0.72,NAS-IP-Address = 0.0.0.0,Acct-Session-Id =
"4c8944db",User-Name = "123"'
rlm_acct_unique: Acct-Unique-Session-ID = "acc24399d8fb1504".
++[acct_uniqu
Hi,
> I have in post-auth:
>
> If(outer.NAS-IP-Address == x.x.x.x)
> {
> Cisco-AVPair += "http:url-redirect=http://www.cisco.com";
> }
huh? you are checking for a condition and then trying to 'run' that Cisco
attribute. what you want to do is SET that attribute...eg
if(outer.NAS-IP-Ad
Hi,
> rad_check_password: Found Auth-Type CHAP
> !!!
> !!!Replacing User-Password in config items with Cleartext-Password.
> !!!
> !!!
On Thu, Sep 9, 2010 at 8:01 PM, Sean Wingert wrote:
> Thanks to Alan and Stephen, I am closer to a solution. I realized the
> scrambled password was due to hotspotlogin.php (I need to study Chillispot
> more), so for now I commented out its uamsecret line, which -- although it
> still fails on
Thanks to Alan and Stephen, I am closer to a solution. I realized the scrambled
password was due to hotspotlogin.php (I need to study Chillispot more), so for
now I commented out its uamsecret line, which -- although it still fails on the
123 account -- provides different output in debugging mod
I have in post-auth:
If(outer.NAS-IP-Address == x.x.x.x)
{
Cisco-AVPair += "http:url-redirect=http://www.cisco.com";
}
Since Cisco's documentation doesn't provide any information for url-redirect
aside from inside Cisco ACS, I don't know where exactly to put this code.
The only thing I kn
Hi Alan,
Thank you for the quick response! I read again and tried and this one
worked!!
realm "~\.gtcorp\.com"
However I did try the one which is same syntax as the example in the
proxy.conf file:
realm "~*\\.gtcorp\\.com$"
The radiusd -X can't start and I got this.
realm ~*\.gtcorp\.com$ {
Nathan McDavit-Van Fleet wrote:
> Okay,
>
> So my config is failing to even allow freeradius to initialize. I get the
> following errors in my radius.log
>
> Thu Sep 9 11:46:11 2010 : Error:
> /etc/raddb/sites-enabled/inner-tunnel[161]: Failed to parse "elsif"
> subsection.
So... what does t
Okay,
So my config is failing to even allow freeradius to initialize. I get the
following errors in my radius.log
Thu Sep 9 11:46:11 2010 : Error:
/etc/raddb/sites-enabled/inner-tunnel[161]: Failed to parse "elsif"
subsection.
Thu Sep 9 11:46:11 2010 : Error: /etc/raddb/sites-enabled/inner-tun
Am 09.09.2010 17:59, schrieb Sean Wingert:
WARNING: Unprintable characters in the password.Double-check the shared
secret on the server and the NAS!
Read this message and check the shared secret
Stephan
smime.p7s
Description: S/MIME Cryptographic Signature
-
List info/subscribe/uns
Hi,
> In my testing lab (yes, I'm new to FreeRadius), usernames entered (e.g. with
> attribute User-Password in sql radcheck table) via my NAS (dd-wrt with
> Chillispot) refuse to authenticate (error below), whereas attribute=Auth-Type
> (what DaloRadius calls a "PIN") works fine. I'm using the
0,Client-IP-Address =
192.168.0.72,NAS-IP-Address = 0.0.0.0,Acct-Session-Id =
"4c890e89",User-Name = "4321"'
rlm_acct_unique: Acct-Unique-Session-ID = "d3e9d3ef96f2f8d9".
++[acct_unique] returns ok
rlm_realm: No '@' in User-Name = "4321
UPDATE: I istalled the FreeRADIUS certificate and selected it so that the
client will check it when it authenticates. I still get the same error. Now I
will recreate the same scenario with Samba3 to see if it works. By the way, I'm
running FreeRADIUS 2.1.8 and Samba4.0.0alpha12
-
List info/subs
Ww, is THAT really the problem?! I will test it as soon as I finish
writing this post. I have disabled the client to check the server and it still
needs the FreeRADIUS certificate?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 09/09/2010 01:42 PM, Alan DeKok wrote:
Alan Buxey wrote:
Hi,
I seems that FreeRADIUS is sending an Access-Challenge but does not get a
reply. What can be the source of the problem?
..as per the list archives - this is a client problem. ensure that client
has the CA for the RADIUS server
Alan Buxey wrote:
> Hi,
>
>> I seems that FreeRADIUS is sending an Access-Challenge but does not get a
>> reply. What can be the source of the problem?
>
> ..as per the list archives - this is a client problem. ensure that client
> has the CA for the RADIUS server installed
2.1.10 has a nice
Hi,
> I seems that FreeRADIUS is sending an Access-Challenge but does not get a
> reply. What can be the source of the problem?
..as per the list archives - this is a client problem. ensure that client
has the CA for the RADIUS server installed
alan
-
List info/subscribe/unsubscribe? See http:/
On 09/09/2010 12:59 PM, Бисер Миланов wrote:
Hello!
We have a problem with a FreeRADIUS and Active Directory (Samba4)
installation. After following:
I seems that FreeRADIUS is sending an Access-Challenge but does not
get a reply. What can be the source of the problem?
The client stops respond
Hello!
We have a problem with a FreeRADIUS and Active Directory (Samba4) installation.
After following:
http://deployingradius.com/documents/configuration/active_directory.html
ntlm_auth is working correctly when I try to authenticate a WinXP SP3 client,
however, the authentication fails here
> Uh... eapol-test supports TTLS. See the FreeRADIUS source:
> src/tests/eap-ttls-*.conf
Ugh.. I should have checked the doc. I should be able to do the TTLS change
independently (i.e., you can ignore the post to the devel list related to
this). Thanks for enlightening me :-)
-
List info/su
John Horne wrote:
> We don't have that exact scenario, but, for whatever reason, we were
> seeing the home servers being marked dead/zombie extremely frequently -
> usually every few minutes.
Network packet loss, etc. ...
> With the later git version (dated 1 September in the changelog file) we
On Tue, 2010-09-07 at 22:26 +0200, Alan DeKok wrote:
> John Horne wrote:
> > We have been running 3 servers with 2.1.10 (taken from git a while ago)
>
> The proxy change went in August 4.
>
> > for some time with no problems. They act as a proxy, receiving requests
> > from wireless lan control
Kevin Ehlers wrote:
> I found a solution that works in the mean-time by writing a perl module.
> I'm using the perl module during the authorize section in the
> inner-tunnel virtual server. What it does is query ldap, and get the
> nt-password attribute from our ldap server. It then does a $nt-p
Difan Zhao wrote:
> So I guess my first question is that, is it possible to have wildcard
> (e.g. “*”) in the realm name?
Read raddb/proxy.conf. Look for "regex"
> realm *~"*.gtcorp.com"* {
That isn't the correct syntax.
Go back and read the example in proxy.conf again.
Alan DeKok.
-
Garber, Neal wrote:
> You are a gentleman and a scholar! I have made the changes as you suggested
> for PEAP and tested PEAP-MSCHAPv2. It works! I am now able to log the
> output from ntlm_auth and MS-CHAP-Error. I'm also excited about the improved
> TLS logging in 2.1.10.
:)
> I will ad
I got same issue in another linux server. I think there are configration
wrong. Can you give me some advise, Thanks.
[r...@device-fc12 ~]# radiusd -X
FreeRADIUS Version 2.1.9, for host i686-pc-linux-gnu, built on Jun 28 2010 at
08:46:11
Copyright (C) 1999-2009 The FreeRADIUS server project and
John wrote:
> 2010-09-09 07:42:10 err
> /usr/local/etc/raddb/sites-enabled/default[1]: Errors parsing authorize
> section.
> 2010-09-09 07:42:10 err /usr/local/etc/raddb/policy.conf[10]: Failed
> to parse "handled" entry.
> 2010-09-09 07:42:10 err /usr/local/etc/raddb/policy.conf[10]: F
2010-09-09 07:42:10 err /usr/local/etc/raddb/sites-enabled/default[1]:
Errors parsing authorize section.
2010-09-09 07:42:10 err /usr/local/etc/raddb/policy.conf[10]: Failed to
parse "handled" entry.
2010-09-09 07:42:10 err /usr/local/etc/raddb/policy.conf[10]: Failed to
load module
file: No such file or directory in Unknown on line 0
PHP Warning: Unknown(): Unable to load dynamic library
'/usr/lib/php/extensions/ldap.so' - libldap-2.2.so.7: cannot open shared
object file: No such file or directory in Unknown on line 0
PHP Warning: Unknown(): Unable to load dynamic li
35 matches
Mail list logo
