Hi,
I have some problems with Freeradius and EAP
I use freeradius version 2.1.11 on debian 5
When I start the radius server in debug mode (radiusd -xX), there are no error
(file debug1.txt)
When eduroam server enable connexion on your freeradius server, I have some
errors (file debug2.txt)
On 07/20/2011 03:35 AM, Moe, John wrote:
I hadn't seen or heard of that file before. Thanks for the pointer.
When I unpacked the sources for FreeRadius
(freeradius-server-2.0.5.tar.gz) that Gentoo used to build the server, I
2.0.5 is old. You want to be running a much newer version.
-
List
On 07/20/2011 03:28 AM, Moe, John wrote:
There are various others, but those are the main ones.
So then, when matching an entry in users, does it look at the request
items, or the config items? When creating an entry, you specify first
things to match against on one line separated by commas,
On 07/20/2011 09:22 AM, DENJEAN Didier wrote:
Hi,
I have some problems with Freeradius and EAP
I use freeradius version 2.1.11 on debian 5
When I start the radius server in debug mode (radiusd -xX), there are no error
(file debug1.txt)
When eduroam server enable connexion on your freeradius
Il 20/07/11 10.19, Fajar A. Nugraha-2 [via FreeRadius] ha scritto:
On Wed, Jul 20, 2011 at 3:07 PM, m4xmr [hidden email]
/user/SendEmail.jtp?type=nodenode=4615111i=0 wrote:
Hello,
I'm trying to make working LDAP as authentication backend for RADIUS.
I verified that the data are right and the
Hi,
I have noticed that when authenticating using TTLS/MSCHAPv2 that the
outer-identity is used in the RADIUS reply packet even if the
use_tunneled_reply is set to yes for TTLS in eap.conf
Does anyone know the reason for this?
Thanks
Scott Armitage
PGP.sig
Description: This is a digitally
Moe, John wrote:
Seriously though, I've found one on PAP, one on ntlm_auth/AD, one on HP,
one on Cisco, but when I've followed each one, they doesn't seem to work
together properly.
So ask *specific* questions about what you expect, what's happening,
and what you think is going wrong.
Scott Armitage s.p.armit...@lboro.ac.uk wrote:
I have noticed that when authenticating using TTLS/MSCHAPv2 that the
outer-identity is used in the RADIUS reply packet even if the
use_tunneled_reply is set to yes for TTLS in eap.conf
Does anyone know the reason for this?
TLS session
On 20/07/11 11:26, Scott Armitage wrote:
Hi,
I have noticed that when authenticating using TTLS/MSCHAPv2 that the
outer-identity is used in the RADIUS reply packet even if the
use_tunneled_reply is set to yes for TTLS in eap.conf
That's not what we see:
[ttls] Using saved attributes from the
On 20 Jul 2011, at 13:39, Phil Mayers wrote:
On 20/07/11 11:26, Scott Armitage wrote:
Hi,
I have noticed that when authenticating using TTLS/MSCHAPv2 that the
outer-identity is used in the RADIUS reply packet even if the
use_tunneled_reply is set to yes for TTLS in eap.conf
That's not
On 20 Jul 2011, at 12:49, Alexander Clouter wrote:
Scott Armitage s.p.armit...@lboro.ac.uk wrote:
I have noticed that when authenticating using TTLS/MSCHAPv2 that the
outer-identity is used in the RADIUS reply packet even if the
use_tunneled_reply is set to yes for TTLS in eap.conf
Hello, i'm using backcounter (rlm_backcounter) module. This module set a
attribute and this attribute is compared in USERS file. Freeradius
version 2.1.11.
users file:
DEFAULT Monthly-Time-Exceeded == 1
Framed-Pool = exceeded,
Fall-Through = Yes
The problem is what the freeradius
On 20/07/11 14:27, Scott Armitage wrote:
[ttls] Using saved attributes from the original Access-Accept
Reply-Message = Authenticated by Test ORPS
Ok, looking at the debug the reason this is happening is that you are
doing TTLS/MSCHAP, as opposed to TTLS/EAP-MSCHAP.
[ttls] Got
On 20 Jul 2011, at 15:40, Phil Mayers wrote:
On 20/07/11 14:27, Scott Armitage wrote:
[ttls] Using saved attributes from the original Access-Accept
Reply-Message = Authenticated by Test ORPS
Ok, looking at the debug the reason this is happening is that you are
doing TTLS/MSCHAP,
You're using LDAP with POSIX type users, including shadow passwords. I'm pretty
sure this means you cannot use CHAP on the client end, but must use PAP.
Somebody
can correct me if I'm wrong about this.
While they are at it, maybe they can let me know how to get FreeRADIUS to
respect
the
As you can see, there is a try with PAP after LDAP.
Is there something I have to modify, in your opinion?
Thanks,
Max
Wed Jul 20 13:35:25 2011 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Wed Jul 20 13:35:25 2011 : Info: ++[ldap] returns ok
Wed Jul 20 13:35:25 2011 : Info: ++[expiration]
Hi,
I am trying to make the SoH statements to work using the FreeRADIUS
DHCP. However, I have issues to get the SoH values from the NAP
client. Maybe someone will be able to help.
On the client side, the DHCP NAP policy is set to enabled.
Thanks!
sites-enabled/dhcp :
listen {
ipaddr
On 07/20/2011 06:07 PM, Francois Gaudreault wrote:
Hi,
I am trying to make the SoH statements to work using the FreeRADIUS
DHCP. However, I have issues to get the SoH values from the NAP client.
Maybe someone will be able to help.
On the client side, the DHCP NAP policy is set to enabled.
-Original Message-
So ask *specific* questions about what you expect, what's happening,
and what you think is going wrong.
Ask small questions, instead of long ones. It really makes a
difference.
Well, ok, I'll start again, go as far as I can, and then ask questions about
Let me TRY to address a couple points here.
1.) Admins logging in to network devices: telnet, ssh, etc.
The Network Device, if properly configured, sends a RADIUS request to the
RADIUS server. If you run FR in debug mode you'll see the request come in and
all the attributes thereof. FR,
Syntax of 2.x is really is quite different from 1.y _
That was my problem, thanks an regards.
Max
Il 20/07/11 18.07, u...@3.am ha scritto:
You're using LDAP with POSIX type users, including shadow passwords. I'm
pretty
sure this means you cannot use CHAP on the client end, but must use
-Original Message-
From: freeradius-users-bounces+jmoe=hatch.com...@lists.freeradius.org
[mailto:freeradius-users-
bounces+jmoe=hatch.com...@lists.freeradius.org] On Behalf Of Gary
Gatten
Sent: Thursday, 21 July 2011 9:29 AM
To: 'FreeRadius users mailing list'
Subject: RE: Trying
Greetings,
We are trying to authenticate user request coming from many APs. The plan is
to authenticate the APs as well as the users centrally using freeradius. We
were hoping if we could configure clients.conf with MAC-address instead of
IP address for every AP. This will ensure MAC-address with
-Original Message-
1.) Use only ntlm_auth. If necessary you can use require-membership-
of (I forget exact syntax) to ensure only members of Network Admins
can get a cli on your network gear. It will also work for 802.1x
From what I've read, require-membership-of is a switch to
24 matches
Mail list logo
