On 6/28/2011 01:52, Marco Londero wrote:
On Tue, 28 Jun 2011 10:28:45 +0200, Alan DeKok
wrote:
Use the correct certificates.
I re-generated client certificate and signed it w/ CA one instead of
server (default Makefile conf) and worked.
Sorry for the noise.
I always thought it was odd that
On 06/28/2011 08:15 PM, Alexander Clouter wrote:
I keep meaning to do this for the sql module (well, postgresql) but it
can be done for libldap too. Open the socket directly in freeradius,
using SOCK_NONBLOCK -> connect() -> SO_RCVTIMEO/SO_SNDTIMEO and then
pass that all to ldap_init_fd().
Phil Mayers wrote:
>
> Unfortunately, when you supply >1 LDAP server, this is handled
> internally by libldap, and libldap tries the LDAP servers in series, not
> in parallel. So there will always be some outage.
>
> FreeRADIUS does not currently have connection pools, and they're a bit
> har
On 28/06/11 16:12, jan.gnep...@t-systems.com wrote:
Problem: radius is using always the same ldap server for group extends.
If this (one!) server fails, radius authentication is not possible.
Very bad, because we have "redundancy" configured, and expected to have zero
outage.
Sorry. The "ldap
On 28/06/11 16:22, Tiberiu Breana wrote:
Hello.
I'm using freeRADIUS to authenticate SIP requests and I'm having
problems processing the users.
In a request I receive a User-Name that isn't useful, and a Sip-URI-User
value which contains the real User-Name that I need.
I've tried
if(Sip-URI-User
Tiberiu Breana wrote:
> in default's authorize section, but it says "request returns notfound".
Your configuration is close, but wrong:
if (Sip-URI-User) {
update request {
User-Name = "%{Sip-URI-User}"
}
}
That will work. Ignore the return code. If it says "request return
Hello.
I'm using freeRADIUS to authenticate SIP requests and I'm having problems
processing the users.
In a request I receive a User-Name that isn't useful, and a Sip-URI-User
value which contains the real User-Name that I need.
I've tried
if(Sip-URI-User) {
update request {
User-Name
Hi,
We use radius (freeradius2-2.1.7-7.el5) for user authentication/authorization
on network devices.
Therefore we use a mapping from huntgroups to ldap groups.
We have three ldap server running, and wanted to use "redundant" or
"redundant-load-balance".
I have tested two cases till now, becau
On 28/06/11 15:16, adzhuma wrote:
Hello,
how it's possible change EAP-PEAP Accept-reject to Accept-Accept?
It's impossible. EAP is a challenge-response protocol. If the client
doesn't receive a valid response, which requires valid crypto and
therefore valid passwords, it will not connect.
-
Hello,
how it's possible change EAP-PEAP Accept-reject to Accept-Accept?
I tried with unlang in ms-chap authenticate in inner-tunnel config, but read
the documentation for the unlang that the Auth-Type := "Accept" can't be
used with EAP.
I tried with such config:
MSCHAP authentication.
Phil
you examples was straight on, and very helpful. I ended up using SQLgroup
within "/etc/freeradius/users + huntgrousps" and the groups that I've created
& it worked the very 1st time, & with no problems. To answer your other
question, this is with freeradius version;
root@TACACS:/etc/ini
Hi,
I install freeradius on Debian machine. I have my user in ldap
and I use that directory to authentication.But when I want
to use SSL or TLS in connections between radius and ldap, I have that error
in radius log. (Freeradius -X)
-
[ldap] ldap_get_conn: Checki
On Tue, 28 Jun 2011 15:00:18 +0200, Alan DeKok
wrote:
> See raddb/sites-available/default. Look for "tls"
>
> You will need to write your own policies to enforce this. FreeRADIUS
> provides the pieces, you need to put them together.
Thank you, Alan.
--
mandi, Marco
-
List info/subscribe/unsu
Marco Londero wrote:
> Hi folks,
>
> is it possible to bind a SSL certificate (used for EAP-TLS auth) to a
> specific LDAP user instead of using user's LDAP-stored password?
See raddb/sites-available/default. Look for "tls"
You will need to write your own policies to enforce this. FreeRADI
Hi folks,
is it possible to bind a SSL certificate (used for EAP-TLS auth) to a
specific LDAP user instead of using user's LDAP-stored password?
Thank you!
--
mandi, Marco
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Tiberiu Breana wrote:
> I'm not using databases at the moment, just the plain "users" files. I
> was wondering if it was possible to keep some received attributes on the
> server (without using databases), but now it seems impossible.
>
> Thanks for your answers, I'll try configuring some database
Hi,
>I'm not using databases at the moment, just the plain "users" files. I was
>wondering if it was possible to keep some received attributes on the
>server (without using databases), but now it seems impossible.
you can log the received attributes in many ways - the 'detail' module
On 28 June 2011 13:09, Alan DeKok wrote:
>
> > Is this possible? Furthermore, how could I keep the user's data, seeing
> > how unlang doesn't support creating new variables?
>
> I have no idea what that means.
>
> Alan DeKok.
I'm not using databases at the moment, just the plain "users" file
Tiberiu Breana wrote:
> What I'd like to do: copy the user entry to the AAAF (username,
> password, check items, reply items) so that the AAAF can later
> authenticate the user without having to forward the request.
Sure. Copy the user database.
If you can't copy the user database, it's pret
On Tue, Jun 28, 2011 at 3:55 PM, Tiberiu Breana
wrote:
> Hello.
>
> Is it possible to copy user entries from a server to another?
> I have a user that connects to a "foreign" Radius server (AAAF). The AAAF
> detects his realm and forwards the request to the realm's appropriate Radius
> server (AAA
On 06/27/2011 09:29 PM, Ken Felix wrote:
Can anybody post a simple howto with regards to using groups within
freeradius? What we would like todo is restricted some user from
logging into various firewalls. I've created usergroups and defined
Which version of FreeRADIUS are you using?
Anyway
Hello.
Is it possible to copy user entries from a server to another?
I have a user that connects to a "foreign" Radius server (AAAF). The AAAF
detects his realm and forwards the request to the realm's appropriate Radius
server (AAAH).
The AAAH authenticates the user and returns the result.
What I
On Tue, 28 Jun 2011 10:28:45 +0200, Alan DeKok
wrote:
> Use the correct certificates.
I re-generated client certificate and signed it w/ CA one instead of
server (default Makefile conf) and worked.
Sorry for the noise.
--
mandi, Marco
-
List info/subscribe/unsubscribe? See http://www.freeradi
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 06/28/2011 08:41 AM, Marco Londero wrote:
Hi folks,
I have a problem in my freeradius setup and I'm looking for some hints
about that.
Scenario:
1) GNU/Linux client w/ WPA supplicant configured to request access through
EAP-TLS using a certificate (in order to achieve 802.1x ethernet
authen
Marco Londero wrote:
> Freeradius debug log of the issue is here:
The certificate produced by the client is unknown to the server.
> Any tips? Thank you!
Use the correct certificates.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Blake Hodder wrote:
> Hi,
>
> The file in '/var/log/freeradius/' radwtmp, can this file be removed
> every so often as it becomes quite large? Also what is it used for exactly.
$ man radlast
If you don't know what it's for and aren't using it, edit
raddb/sites-available/default. Look for "wtm
Hi folks,
I have a problem in my freeradius setup and I'm looking for some hints
about that.
Scenario:
1) GNU/Linux client w/ WPA supplicant configured to request access through
EAP-TLS using a certificate (in order to achieve 802.1x ethernet
authentication)
2) 802.1x enabled switch where client
On 11.06.28 13:44, Fajar A. Nugraha wrote:
On Tue, Jun 28, 2011 at 12:27 PM, Tseveendorj wrote:
Hello,
The accounting information not logged in
/var/log/freeradius/radacct/IPADDRESS/detail-x.log and also in MySQL
table radacct. How to solve this ?
Does your NAS send accounting packets? Se
29 matches
Mail list logo