Locnar wrote:
> When a client on a remote device authenticates, they are authenticating
> against the FreeRadius server's address. So I assume FreeRadius is the NAS.
> How do I force the client device's IP to be the one authenticated, not the
> FreeRadius server?
>
> I think I've tried about eve
lth0721 wrote:
> I'd like to recall this because now I also met this problem.
> I also need add Calling-Station-Id to accounting request
> But I can't find how the account part in pam radius source code.
>
> Can anyone help to figure it out and tell me which codes I need added in?
That's a ques
Hi Guys,
I'd like to recall this because now I also met this problem.
I also need add Calling-Station-Id to accounting request
But I can't find how the account part in pam radius source code.
Can anyone help to figure it out and tell me which codes I need added in?
hope hearing from you asap.
ve
Alan Buxey wrote:
>
> go on, join eduroam.
>
I got a @illinois.edu lurker this week here at soas.ac.uk :)
Cheers
--
Alexander Clouter
.sigmonster says: Wagner's music is better than it sounds.
-- Mark Twain
-
List info/subscribe/unsubscribe? See http://www
On 05/24/2011 06:00 PM, Mark Jones wrote:
Here is the latest debug with termination on Aruba turned off:
FreeRADIUS Version 2.1.10, for host i686-pc-linux-gnu, built on Mar 23
Sending Access-Challenge of id 152 to 10.152.0.100 port 32819
EAP-Message =
0x010403fc1940a003020102020900a014abbd42e4
Your email client is mangling the quoting, which makes it really hard to
read your replies. Please fix it!
So this is a full host/name.domain.com now - what did you change?
as per above i added the dns suffix to the computer (under name
change...more)
Just renaming the machine won't help.
On 05/24/2011 05:03 PM, Alan Buxey wrote:
so, in inner-tunnel post-auth, set "outer.reply" to be whatever you want..
you can then, in the outer layer, query/check or use that reply.
Unfortunately, outer.reply is an Access-Challenge.
-
List info/subscribe/unsubscribe? See http://www.freeradius
I have an RSA Securid server that is being proxied by FreeRadius. Everything
works great.
When a client on a remote device authenticates, they are authenticating
against the FreeRadius server's address. So I assume FreeRadius is the NAS.
How do I force the client device's IP to be the one authe
Hi,
> I am using FreeRADIUS to proxy EAP-PEAP authentication as MSCHAPv2 to a
> third-party RADIUS Server. (Terminating the outer tunnel at FreeRADIUS).
> However, I need to send an AVP of "Framed-Ip-Address" to the third party
> RADIUS server ( its a legacy server), for which I tried adding a r
Hi,
...so, when are you going to join eduroam then? you seem to have EAP
and WPA/WPA2 all sorted and client configuration guides for your users
(everyone seems to be reinventing that wheel - especially in th eduroam
community where the settings are have minor difference - some sites
do WPA2/AES a
I note that many of you are implementing WPA Enterprise (or have) as I
have seen some interesting posts on the issue. I'd like to offer up our
configuration and troubleshooting guides here at Georgia Tech. Feel free
to "liberate" them for your own use, customize, enhance, whatever. We
have had
> so, in inner-tunnel post-auth, set "outer.reply"
> to be whatever you want.. you can then, in the
> outer layer, query/check or use that reply.
There's an additional round trip after the failure
which is why Phil said it needs to be saved. I
had a patch to save/restore it; but, it needs
rew
>>> Phil Mayers 5/21/2011 3:08 AM >>>
On 05/20/2011 10:33 PM, Mark Jones wrote:
> Here is the latest debug...Im not sure what to try next.
Latest debug... ok, what has changed?
I added the dns suffix to the computer name
> rad_recv: Access-Request packet from host 10.152.0.100 port 32819,
>
Hi,
I am using FreeRADIUS to proxy EAP-PEAP authentication as MSCHAPv2 to a
third-party RADIUS Server. (Terminating the outer tunnel at FreeRADIUS).
However, I need to send an AVP of "Framed-Ip-Address" to the third party
RADIUS server ( its a legacy server), for which I tried adding a realm
e
Hi,
> On 24/05/11 15:23, Martin Goldstone wrote:
>
> > Yes, I have this in both the peap stanza and the ttls stanza. This
> > seems to be fine when access is accepted, for example if I set a
> > Reply-Message saying "Welcome" in the post-auth section of the
> > inner-tunnel config, I see this in
Hi,
> proxy-inner-tunnel:
> server proxy-inner-tunnel {
> authorize {
> update control {
> Proxy-To-Realm := NULL #I want to proxy realm NULL
> }
> }
> authenticate {
> eap
> }
> post-proxy {
> eap
> }
> }
dont set it to NULL - that keeps it very much local. instead set it to FO
On 24/05/11 15:23, Martin Goldstone wrote:
Yes, I have this in both the peap stanza and the ttls stanza. This
seems to be fine when access is accepted, for example if I set a
Reply-Message saying "Welcome" in the post-auth section of the
inner-tunnel config, I see this in the final access-accep
Maglione Roberta wrote:
> What I was trying to do is to configure just the forwarding behavior for each
> authentication request, is it possible to just forward the requests?
No. As I said, the server expects a reply.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.
Student University wrote:
>
> each node (FR+MySQL) is connected to different NAS server like this :
>
> Cisco NAS1 --> Node1 (FR+MySQL) <==> Node2(FR+MySQL) <-- Cisco NAS2
>
> This is what we need to deploy exactly ,
>
Yes, but what do you do with the MySQL database? authentication?
authori
What I was trying to do is to configure just the forwarding behavior for each
authentication request, is it possible to just forward the requests?
Thanks,
Roberta
-Original Message-
From:
freeradius-users-bounces+roberta.maglione=telecomitalia...@lists.freeradius.org
[mailto:freeradius-
Phil Mayers schrieb:
> On 24/05/11 08:35, Simon L. wrote:
>> Phil Mayers schrieb:
>>> On 05/23/2011 06:53 PM, Simon L. wrote:
>>>
Please have a look at my new, attached debug log.
>>>
>>> The server you are proxying to sends a reject. Fix that server.
>>> -
>>>
>>
>> Why accepts the home serve
Maglione Roberta wrote:
> What I would like to do is to configure freeradius as a proxy to forward all
> the authentication requests to another radius server without having to wait
> for an answer from the RADIUS server.
What does that mean?
A proxy will forward a request, and then wait fo
Hello,
I need your help with freeradius proxy configuration.
What I would like to do is to configure freeradius as a proxy to forward all
the authentication requests to another radius server without having to wait for
an answer from the RADIUS server. Could you please help me with this
config
On 24/05/11 12:46, Phil Mayers wrote:
> On 24/05/11 12:16, Martin Goldstone wrote:
>> Hello,
>>
>> Just looking for a bit of advice here. I've been setting up freeradius
>> here recently, and whilst I'm mostly finished, there are a few points
>> that still need to be addressed. The main one is se
On 24/05/11 13:44, Pedro Costa wrote:
Hi,
I'm new to Freeradius and i am trying to figure a way to use Freeradius
to Authenticate a user through a CISCO GGSN in where the GGSN will send
the IMSI to the Freeradius and the Freeradius will connect to a
Postgresql DB doing a SELECT on 2 tables and w
Hi,
I'm new to Freeradius and i am trying to figure a way to use Freeradius to
Authenticate a user through a CISCO GGSN in where the GGSN will send the
IMSI to the Freeradius and the Freeradius will connect to a Postgresql DB
doing a SELECT on 2 tables and will receive a Language that the IMSI/Use
also ,,,
each node (FR+MySQL) is connected to different NAS server like this :
Cisco NAS1 --> Node1 (FR+MySQL) <==> Node2(FR+MySQL) <-- Cisco NAS2
This is what we need to deploy exactly ,
so does the master-master replication is suited enough to accommodates our
needs or there is any better re
On 24/05/11 12:16, Martin Goldstone wrote:
Hello,
Just looking for a bit of advice here. I've been setting up freeradius
here recently, and whilst I'm mostly finished, there are a few points
that still need to be addressed. The main one is sending a (semi)
meaningful reply message when a user
Hello,
Just looking for a bit of advice here. I've been setting up freeradius
here recently, and whilst I'm mostly finished, there are a few points
that still need to be addressed. The main one is sending a (semi)
meaningful reply message when a user is rejected. Unfortunately, I'm
having troub
Student University wrote:
>
> my testing lab like this :
>
> Node1 (FreeRadius+MySQL)
> Node2 (FreeRadius+MySQL)
>
> i am setting Master-Master MySQL Replication between this two node ,
> initially it seems OK ,
>
> now i am going to deploy this in production environment
>
You have not sa
On 24/05/11 08:35, Simon L. wrote:
Phil Mayers schrieb:
On 05/23/2011 06:53 PM, Simon L. wrote:
Please have a look at my new, attached debug log.
The server you are proxying to sends a reject. Fix that server.
-
Why accepts the home server a proxied request from radtest but not from
a wpa
On 24/05/11 09:57, Alexandros Gougousoudis wrote:
Hi Phil,
I got the point and it works! Thank you!
BTW, any idea why this failes?
DOMAIN\username -> username
The command:
radtest -t mschap VERWALTUNG\gougousoudis testpwd 127.0.0.1:1812 0
testing123
gives this output. It seems, that
El 23/05/11 14:30, Alan DeKok escribió:
Angel L. Mateo wrote:
...
reference = "%{%{Packet-Type}:-format}"
Which is *always* the request packet. Use %{reply:Packet-Type} for
the reply.
You'll have to find a way to switch the reference based on request or
reply. Maybe configure
Simultaneous-Use op should be := and not =
On 05/24/2011 10:32 AM, Fajar A. Nugraha wrote:
On Tue, May 24, 2011 at 3:20 PM, john decot wrote:
SELECT id, username, attribute, value, op FROM radcheck
WHERE username = BINARY 'bob' ORDER BY id;
+-+--+-
Hi Alan,
> files
> if (noop) {
> reject
> }
thanks a lot, that's the solution! :-)
> $ man unlang
Sorry I know that, but for me
it is hard to understand.
Kind regards,
Thomas
> -Ursprüngliche Nachricht-
> Von:
> freeradius-users-bounces+thomas.dohl=2
Thats it .. Problem was in operator I changed it to := and it works.
Thankyou Fajar
From: Fajar A. Nugraha
To: FreeRadius users mailing list
Sent: Tue, May 24, 2011 2:17:51 PM
Subject: Re: Authentication Problem
On Tue, May 24, 2011 at 3:20 PM, john decot w
thomas.d...@24-7-it-services.de wrote:
> What I want to do is:
> 1. freeradius get an request
> 2. freeradius should look into his user file
> 2.1. if user found, next step
> 2.2. if user is not found, interrupt -> reject
$ man unlang
This is documented. There are examples.
files
Hi Phil,
I got the point and it works! Thank you!
BTW, any idea why this failes?
> DOMAIN\username -> username
The command:
radtest -t mschap VERWALTUNG\gougousoudis testpwd 127.0.0.1:1812 0
testing123
gives this output. It seems, that the "\" doesn't come through (i use
bash-shell). Even
Hi Alexander,
thanks for your answer. This works nearly perfect.
My problem now is that:
[files] users: Matched entry DEFAULT at line 11
++[files] returns ok
...
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> u8867
attr_filter:
On Tue, May 24, 2011 at 3:40 PM, Student University wrote:
> Hi,
>
> my testing lab like this :
>
> Node1 (FreeRadius+MySQL)
> Node2 (FreeRadius+MySQL)
>
> i am setting Master-Master MySQL Replication between this two node ,
Master-Master seems easy, but needs proper care. For example:
- have you
Hi,
my testing lab like this :
Node1 (FreeRadius+MySQL)
Node2 (FreeRadius+MySQL)
i am setting Master-Master MySQL Replication between this two node ,
initially it seems OK ,
now i am going to deploy this in production environment
i asked if any one have further investigation (issues , re
On Tue, May 24, 2011 at 3:20 PM, john decot wrote:
>> SELECT id, username, attribute, value, op FROM radcheck
>> WHERE username = BINARY 'bob' ORDER BY id;
> +-+--++-++
> | id | username | attribute | value | op |
>
> SELECT id, username, attribute, value, op FROM radcheck
> WHERE
>username = BINARY 'bob' ORDER BY id;
+-+--++-++
| id | username | attribute | value | op |
+-+--++-
thomas.d...@24-7-it-services.de wrote:
>
> in the section "authorize" I include the module "file".
> (/etc/raddb/users)
> At the moment I get an noop if a user is not found in the file.
> How can I change it to return a reject, if a user is not found?
>
> Now:
> ++[files] returns noop
> Destinat
Phil Mayers schrieb:
> On 05/23/2011 06:53 PM, Simon L. wrote:
>
>> Please have a look at my new, attached debug log.
>
> The server you are proxying to sends a reject. Fix that server.
> -
>
Why accepts the home server a proxied request from radtest but not from
a wpa supplicant.
The home server
What do you get when you run this query?
SELECT id, username, attribute, value, op FROM radcheck WHERE
username = BINARY 'bob' ORDER BY id
From: john decot [mailto:johnde...@yahoo.com]
Sent: Monday, May 23, 2011 11:24 PM
To: tim.sylves...@networkradius.com; Free
46 matches
Mail list logo