On Thu, 3 Mar 2011, Phil Mayers wrote:
Date: Thu, 3 Mar 2011 17:09:42
From: Phil Mayers
Reply-To: FreeRadius users mailing list
To: freeradius-users@lists.freeradius.org
Subject: Re: MS-CHAP-V2 with no retry
It has been reported that if the Microsoft NPS server is configured
for no ret
Interestingly, when I launch freeradius -X for debug mode, I see the
following in the startup info:
...
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
r
Phil Mayers wrote:
>
> Are you sure the mschap client is using the right password, and matches
> the password in the domain?
>
> Can you do a plaintext auth with the password you expect it to be?
>
> ntlm_auth --username= --password=
>
Works fine with plaintext auth:
root@FREERADIUS:/etc/fr
Hi there! I'm running FreeRADIUS 2.1.7, I was wondering if it is possible to
forward accounting packets to another server while also keeping the packets on
the local machine. I'm working on integrating a Netsweeper appliance and the
company is saying that I need to forward accounting packets to
On 03/03/2011 11:07 PM, robert22 wrote:
McNutt, Justin M. wrote:
Also check that winbind is working like this:
wbinfo --all-domains
If you don't see a list of all valid NT-style domains, winbind is broken
and you'll have to fix that first.
that command displays all the domains correctly.
It has been reported that if the Microsoft NPS server is configured
for no retries (E=691 R=0) that mac/iphones/ipads then act like
windows xp machines in that they report to the user that the password
needs attention.
Would it be possible to modify rlm_mschap.c to be conigured as to how
many
McNutt, Justin M. wrote:
>
> Also check that winbind is working like this:
>
> wbinfo --all-domains
>
> If you don't see a list of all valid NT-style domains, winbind is broken
> and you'll have to fix that first.
>
that command displays all the domains correctly.
However, running the ntlm_a
Hi guys,
Sorry for so many questions ... Everything was working fine until I was told to
not use the SQL DB but use the users file instead... That's why I start to have
all these questions...
Anyway I need to proxy some requests to remote home server. I also need to
assign the users to specifi
Hi,
> csahwreg4:/users/mboyle/ws/gash_main/testsuites/dot1x[84]> radtest -d
> /users/mboyle/ws/gash_main/testsuites/dot1x/raddbs/default/ testuser
> whatever localhost 1812 testing123
> Sending Access-Request of id 4 to 127.0.0.1 port 1812
> User-Name = "testuser"
> User-Password =
According to RFC2759 section 9.1.3 - 9.1.5 an authentication failure can return
(E=691 R=0) --- failure no retry or (E=691 R=1) failure, disable short timeout
and allow a retry with ++ID.
freeradius apparently only returns (E=691 R=1) in three different places in
src/modules/rlm_mschap/rlm_msch
Hi,
I'm having a problem with my radius server with TLS and TTLS
authentication protocols. My current configuration works with simple
MD5 and PEAP but fails with TLS and TTLS. I am using freeradius
v2.1.10.
Previously I was using freeradius v2.1.9 on a different linux box and
didn't have the sa
Hi experts,
Another quick question: Can I group users in the "users" file and assign the
group reply attributes instead of to each individual user? I tried the
following config but failed (which maybe completely nonsense)...
"test" Cleartext-Password := "test"
Group := abc
Fall
Phil Mayers wrote:
> I'm not sure. It should work; it seems like the expansion:
>
> Cleartext-Password := "%{User-Name}"
>
> ...wasn't being acted on. Are you sure you didn't have a typo somewhere?
The "control" items aren't expanded in the "hints" or "users" file.
Use "unlang".
Alan D
On 03/03/11 18:11, Difan Zhao wrote:
Thanks Phil! It works! It definitely fits what I need! However just be curious,
why my setting won't work?
I'm not sure. It should work; it seems like the expansion:
Cleartext-Password := "%{User-Name}"
...wasn't being acted on. Are you sure you didn't
Thanks Phil! It works! It definitely fits what I need! However just be curious,
why my setting won't work?
Thanks!
-Original Message-
From: freeradius-users-bounces+difan.zhao=guest-tek@lists.freeradius.org
[mailto:freeradius-users-bounces+difan.zhao=guest-tek@lists.freeradius.o
Here at Georgia Tech, I had to design a system to do VLAN steering based
on a number of criteria (including hashing based on MAC). Because I know
MySQL and the like MUCH better than freeradius configuration, that's
where we moved the logic to by using stored functions.
This system also has the
On 03/03/11 16:10, Difan Zhao wrote:
Hi experts,
I want to try another way to authenticate devices by their MAC
addresses. I don’t really care about the security and just try to make
the configuration easy. Here is my configuration:
hints =
DEFAULT User-Name =~ "001422.*"
Hint = "STB
Randy Wilson wrote:
>
>> We anycast our FreeRADIUS servers and have had great success with this.
>>
>> http://www.digriz.org.uk/ha-ospf-anycast
>
> Very interesting. Many thanks for that. May look into deploying this,
> especially for DNS.
>
The most surprising helpful and unexpected tool I got
Hi experts,
I want to try another way to authenticate devices by their MAC addresses. I
don't really care about the security and just try to make the configuration
easy. Here is my configuration:
hints =
DEFAULT User-Name =~ "001422.*"
Hint = "STB"
= users =
DEFAULT Hi
> I am trying to setup freeRadius to process requests from our Wireless
> Controller. The controller uses the wireless devices MAC
> address as the
> username, and a predefined password. These MAC addresses all excist in
> Active Directory as user accounts, with the same password
> set. This work
> Found Auth-Type = MSCHAP
> +- entering group MS-CHAP {...}
> [mschap] Told to do MS-CHAPv1 with NT-Password
> [mschap]expand: --username=%{mschap:User-Name:-None} ->
> --username=001E52805980
> [mschap] No NT-Domain was found in the User-Name.
> [mschap]expand: %{mschap:NT-Domain}
> > Im using Samba version 3.5.4 and FreeRADIUS Version 2.1.9
> on Ubuntu 10.10.
I'm using 3.5.4 and FreeRADIUS 2.1.7. Should be okay.
--J
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok wrote:
> But for accounting, and PAP/CHAP authentication, it will work fine.
>
Fantastic. Many thanks for the confirmation.
REW
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alexander Clouter wrote:
> We anycast our FreeRADIUS servers and have had great success with this.
>
> http://www.digriz.org.uk/ha-ospf-anycast
>
Very interesting. Many thanks for that. May look into deploying this,
especially for DNS.
REW
-
List info/subscribe/unsubscribe? See http://www.free
You can get hiredis library from https://github.com/antirez/hiredis.
Second, let’s build the files and copy them to the corresponding directory:
make
sudo mkdir /usr/include/hiredis/
sudo cp hiredis.h /usr/include/hiredis/
sudo cp sds.h /usr/include/hiredis/
sudo cp libhiredis.so /usr/lib/
201
Александр Подрезенко wrote:
> Hello all.
> I tried to configure freeradius to operate as dhcp server.
> I have one problem. Freeradius receives DHCP-Discover and DHCP-Request
> packets,
> but replies are not sent. In logs all OK, but strace output contains error
> EINVAL (Invalid argument) in pa
Kristoffer Milligan wrote:
> Due to the need for nested TLVs I'm trying to compile FreeRADIUS from
> the master branch:
...
> The configuration works fine, but when I try to compile the project, it
> fails:
...
> /root/freeradius-server/src/modules/rlm_redis/rlm_redis.h:35:29: error:
> hiredis/hire
Due to the need for nested TLVs I'm trying to compile FreeRADIUS from
the master branch:
git clone git://git.freeradius.org/freeradius-server.git
Also, I'm using FR for a WiMAX network, so I need the experimental modules:
./configure --with-experimental-modules
The configuration works fine, b
On 03/03/11 11:52, Matt Langthorpe wrote:
Hi list,
I'm pretty sure this issue is straight forward but I've searched the
list and cant come up with an answer.
I'm usuing freeradius 2.19 on cent OS 5.5
Im trying to auth users from a NAC box (Bradford campus manager)
against an AD domain using fr
returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/129.67.147.204/auth-detail-20110303
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/129.67.147.204/auth-d
Thanks Alex,
that was spot on and fixed the issue, much appreciated.
-Original Message-
From:
freeradius-users-bounces+matt.langthorpe=pmb.ox.ac...@lists.freeradius.org
[mailto:freeradius-users-bounces+matt.langthorpe=pmb.ox.ac...@lists.freeradius.org]
On Behalf Of Alexander Clouter
S
Hi,
> Im using Samba version 3.5.4 and FreeRADIUS Version 2.1.9 on Ubuntu 10.10.
same 3.5.x early releases had wierd bugs. believe this is fixed since samba
3.5.6
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan Buxey wrote:
>
> Hi,
>
>> program = "/usr/bin/ntlm_auth --request-nt-key --domain=MY.ACTUAL.DOMAIN
>> --username=%{mschap:User-Name} --password=%{User-Password}"
>>
>> I havent changed anything to the users file except adding in a test local
>> user as part of the initial FreeRadius instal
Hello all.
I tried to configure freeradius to operate as dhcp server.
I have one problem. Freeradius receives DHCP-Discover and DHCP-Request packets,
but replies are not sent. In logs all OK, but strace output contains
error EINVAL (Invalid argument) in packet sending via sendmsg.
Freeradius vers
Hi,
> program = "/usr/bin/ntlm_auth --request-nt-key --domain=MY.ACTUAL.DOMAIN
> --username=%{mschap:User-Name} --password=%{User-Password}"
>
> I havent changed anything to the users file except adding in a test local
> user as part of the initial FreeRadius install guide, and uncommenting the
>
35 matches
Mail list logo