On Fri, Oct 29, 2010 at 4:33 PM, Tyler Nally wrote:
> Right... Ok.. so are these different traveling mobile offices in
> documentation of what is called a VLAN (with a dynamic IP to the internet
> side of the router that in turn hands out IP's to it's clients) ?
>
The traveling mobile routers ar
Right... Ok.. so are these different traveling mobile offices in
documentation of what is called a VLAN (with a dynamic IP to the
internet side of the router that in turn hands out IP's to it's clients) ?
Somehow the router authenticates by something secret that only it and
the FreeRadius serv
I am using free-radius version 2.10
I am trying to get the server statistics to be displayed for number of
access-requests, responses etc:
echo "Message-Authenticator = 0x00,FreeRADIUS-Statistics-Type = 1" |
radclient localhost:18120 status testing5
but its only printing the “access accept”
I
Working settings
I will be stating the changes from the default settings that I made to get
it to work. All file names are followed by a colon :
< = notes changes
First you must have your ldap server store password in clear text. They
CANNOT be hashed in any way
eap.conf:
default_e
I am using free-radius version 2.10
I am trying to get the server statistics to be displayed for number of
access-requests, responses etc:
echo "Message-Authenticator = 0x00,FreeRADIUS-Statistics-Type = 1" |
radclient localhost:18120 status testing5
but its only printing the “access acce
Rowley, Mathew wrote:
> Thoughts? Other than I hate AD?
Ask on the Samba list.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
$ sudo net ads join SECLAB -U Administrator
Enter Administrator's password:
Failed to join domain: failed to find DC for domain SECLAB
Where is the DC configured? That¹s in samba.conf, correct?
password server = seclab.security.lab.net //your AD-server
Then I found this:
https://help.ubunt
Hi,
> > I ran across a post on the redhat forums that stated that you must
> > start smbd before winbindd, otherwise even though running ntlm_auth
> > seems to work from the command line. It doesn't work when running
> > FreeRadius.
>
> interesting; do you have a link?
I cant pull out a direct l
Dynamic Clients would only apply to the NAS's (ie the WNR834v2 Access
Points) and not the workstations connecting to the APs. As the Workstations
/ users would just be users.
So either you allow anyone from the internet (or restrict it down to certain
IP addresses which the Mobile Provider issues
Hi,
> In an attempt to integrate Radius with AD, and following the tutorial
> (http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO) I
> have set up an AD server in our lab, and having trouble adding my linux box
> to the domain. Can anyone see what im doing wrong? The error
Hello,
I'm the IT fellow for a bus company that is about to implement WiFi on a
fleet of a couple dozen buses (or so), so that passengers can pull out their
laptops, iPhones, iPads, iWhatevers and connect thru the wandering networks
from inside the comfort of the bus while traveling to their vario
> Now that I have authentication working. I would like to assign users to
> VLANS based on AD group membership.
> Any examples would be appreciated.
Did you look here?
http://wiki.freeradius.org/HP (search for Dynamic VLAN assignment)
There area a number of ways to set reply attributes depending
On 10/28/2010 09:02 PM, Johnson, Neil M wrote:
I ran across a post on the redhat forums that stated that you must
start smbd before winbindd, otherwise even though running ntlm_auth
seems to work from the command line. It doesn't work when running
FreeRadius.
interesting; do you have a link?
-
Now that I have authentication working. I would like to assign users to VLANS
based on AD group membership.
Google searches haven't produced any examples, but I'm assuming that I need to
do something with LDAP ?
Any examples would be appreciated.
Thanks.
-Neil
--
Neil Johnson
Network Engin
OK gentlemen,
After many sleepless nights I finally got it working. I was almost
in tears (lol) but its done. Full authentication and authorization for a mix
of Windows7 x64/Vista x64 clients using WPA2 Enterprise, Freeradius,
389-DS(Fedora Directory Services). I will post the configs in
Ignored netbios-name, but 'netbios name' was accepted, but still, same
error...
On 10/28/10 2:03 PM, "schilling" wrote:
>add netbios-name = MAT-DESKTOP
>
>That's what we have here.
>
>On Thu, Oct 28, 2010 at 3:49 PM, Rowley, Mathew
> wrote:
>> It would make sense that was the issue due to:
>>
add netbios-name = MAT-DESKTOP
That's what we have here.
On Thu, Oct 28, 2010 at 3:49 PM, Rowley, Mathew
wrote:
> It would make sense that was the issue due to:
>
> server string = %h server (Samba, Ubuntu)
>
> but still getting the same error:
>
> $ sudo net join -w SECLAB -I 10.252.159.137 -
I ran across a post on the redhat forums that stated that you must start smbd
before winbindd, otherwise even though running ntlm_auth seems to work from the
command line. It doesn't work when running FreeRadius.
Issue resolved. Thanks for the help.
-Neil
--
Neil Johnson
Network Engineer
Inf
It would make sense that was the issue due to:
server string = %h server (Samba, Ubuntu)
but still getting the same error:
$ sudo net join -w SECLAB -I 10.252.159.137 -U Administrator
Enter Administrator's password:
[2010/10/28 13:40:07.929859, 0]
utils/net_rpc_join.c:406(net_rpc_join_newsty
put server string = MAT-DESKTOP
On Thu, Oct 28, 2010 at 3:24 PM, Rowley, Mathew
wrote:
> $ hostname
> mat-desktop.security.lab.net
>
>
> Short name is just mat-desktop
>
>
>
> Mathew Rowley
> IIS Network Security Architecture
>
>
>
>
>
> On 10/28/10 12:41 PM, "Sallee, Stephen (Jake)"
> wrote:
>
$ hostname
mat-desktop.security.lab.net
Short name is just mat-desktop
Mathew Rowley
IIS Network Security Architecture
On 10/28/10 12:41 PM, "Sallee, Stephen (Jake)"
wrote:
>I have to ask ... but what is your server's name? The error is saying
>that the name is incompatible with AD, do
I have to ask ... but what is your server's name? The error is saying
that the name is incompatible with AD, do you have and special
characters, any spaces, or any other weirdness in you server's name?
Jake Sallee
Godfather Of Bandwidth
Network Engineer
Fone: 254-295-4658
Phax: 254-295-4221
--
In an attempt to integrate Radius with AD, and following the tutorial
(http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO) I
have set up an AD server in our lab, and having trouble adding my linux box to
the domain. Can anyone see what im doing wrong? The error I keep getti
Dirk Leas wrote:
> Is there a reference for test data given default Ubuntu
> freeradius/freeradius-mysql packages modified to mysql back end
> (successfully verified with trivial radtest test case)? Any other config
> changes required to demonstrate WPA2 Entrprise authentication?
Read http://dep
Could this be the samba bug ? I'm running 3.4.9 of samba. I thought it was
fixed in that release.
-Neil
--
Neil Johnson
Network Engineer
Information Technology Services
The University of Iowa
319 384-0938
neil-john...@uiowa.edu
> -Original Message-
> From: freeradius-users-bounces+n
Hello, I have working setups of mac authentication where I use mysql and use
radgroupreply to hand out the appropriate vlans to my hp procurve switches
based on what mac address is authenticating.
I also have working setups for eap/peap where I use the mschapv2 module to
auth off a samba server vi
Okay, I made those changes, but it still isn't working..
New log output:
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv
Is there a reference for test data given default Ubuntu
freeradius/freeradius-mysql packages modified to mysql back end
(successfully verified with trivial radtest test case)? Any other config
changes required to demonstrate WPA2 Entrprise authentication?
TIA,
D
-
List info/subscribe/unsubscribe?
On 28/10/10 16:22, Johnson, Neil M wrote:
Yes, I did.
Ah. However, the debug output says:
[mschap] expand: %{Stripped-User-Name} ->
[mschap] ... expanding second conditional
[mschap] WARNING: Deprecated conditional expansion ":-". See "man
unlang" for details
[mschap] expand: %{User-Name:-No
Yes, I did.
Thanks.
-Neil
--
Neil Johnson
Network Engineer
Information Technology Services
The University of Iowa
319 384-0938
neil-john...@uiowa.edu
From: freeradius-users-bounces+neil-johnson=uiowa@lists.freeradius.org
[mailto:freeradius-users-bounces+neil-johnson=uiowa@lists.freerad
On 28/10/10 16:14, Sallee, Stephen (Jake) wrote:
Did you enable the “WITH NT DOMAIN HACK” in your MSCHAP module?
Oops, well spotted - disregard my email. Jake is right - you have
"DOMAIN\user" going into ntlm_auth, which may be messing up the
challenge/response calculation.
-
List info/subsc
On 28/10/10 15:48, Johnson, Neil M wrote:
I've been following the reciepe on the "Deploying RADIUS" web site, but
I have been unable to get an iPhone or Laptop to authenticate to wireless.
It appears from the log that ntlm_auth is behaving correctly but the the
challenge continues.
I'm running
Did you enable the "WITH NT DOMAIN HACK" in your MSCHAP module?
Jake Sallee
Godfather Of Bandwidth
Network Engineer
Fone: 254-295-4658
Phax: 254-295-4221
From: freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org
[mailto:freeradius-users-bounces+jake.sallee=umhb@
I've been following the reciepe on the "Deploying RADIUS" web site,
but I have been unable to get an iPhone or Laptop to authenticate to
wireless.
It appears from the log that ntlm_auth is behaving correctly but the
the challenge continues.
I'm running 2.1.9 on Fedora 12 using the demon
Phil Mayers wrote:
> On 28/10/10 12:34, Sven Hartge wrote:
>> Phil Mayers wrote:
>>> On 28/10/10 11:48, Maurice James wrote:
OK here are the logs from the latest test. As you will see the
password is stored in cleartext, but still no dice
>>
>>> The "ldap" module isn't running at all i
Murray Long writes:
> Would it be possible to control which realm freeradius proxies to,
> from within the rlm_perl module?
$RAD_CHECK{'Proxy-To-Realm'} = 'foo';
Bjørn
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi All,
Would it be possible to control which realm freeradius proxies to,
from within the rlm_perl module?
-Murray
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks all I will try that tonight
-Original Message-
From: freeradius-users-bounces+midnightsteel=msn@lists.freeradius.org
[mailto:freeradius-users-bounces+midnightsteel=msn@lists.freeradius.org] On
Behalf Of Sven Hartge
Sent: Thursday, October 28, 2010 7:34 AM
To: freeradius-us
On 28/10/10 12:34, Sven Hartge wrote:
Phil Mayers wrote:
On 28/10/10 11:48, Maurice James wrote:
OK here are the logs from the latest test. As you will see the
password is stored in cleartext, but still no dice
The "ldap" module isn't running at all in the "inner-tunnel" virtual
server AF
Phil Mayers wrote:
> On 28/10/10 11:48, Maurice James wrote:
>> OK here are the logs from the latest test. As you will see the
>> password is stored in cleartext, but still no dice
> The "ldap" module isn't running at all in the "inner-tunnel" virtual
> server AFACIT.
> You need to enable ldap
On 28/10/10 11:48, Maurice James wrote:
OK here are the logs from the latest test. As you will see the password is
stored in cleartext, but still no dice
The "ldap" module isn't running at all in the "inner-tunnel" virtual
server AFACIT.
You need to enable ldap in /etc/raddb/sites-enabled/in
OK here are the logs from the latest test. As you will see the password is
stored in cleartext, but still no dice
-Original Message-
From: freeradius-users-bounces+midnightsteel=msn@lists.freeradius.org
[mailto:freeradius-users-bounces+midnightsteel=msn@lists.freeradius
We use the same sort of setup, have a look through your radius.log at
the same time that the unclosed accounting session went bad, you'll
probably find that you have a lot of duplicate discarded records.
We're looking into some solutions ourselves, as mikrotik will often take
requests from fau
Hi list,
I have an installation with freeradius 2.1.9, postgresql like db and
pppoe server more than one mikrotik routerboards.
Like now I'm making some test and, a part that all seem to work well
(users can connected to the chain pppoe-server mikrotik -> freeradius ->
db), I see a strange thing i
44 matches
Mail list logo
