> -Original Message-
> From: freeradius-users-
> bounces+scott=renshawauto@lists.freeradius.org [mailto:freeradius-
> users-bounces+scott=renshawauto@lists.freeradius.org] On Behalf Of
> Commonn Systems
> Sent: Friday, September 09, 2011 4:54 PM
> To: freeradius-users@lists.freeradi
Once you have Samba and AD talking via winbind, it is pretty
straightforward. You can configure all the machines via Group Policy
I have used this post, pretty much to the T:
http://lists.cistron.nl/pipermail/freeradius-users/2009-March/msg00231.html
Good luck
On 9/9/2011 8:51 AM, Scott Hughes
Hi andreapepa,
Thanks for your answer.
If I comment back this line I only see a white screen. This is very
very weird. I've installed thousands of web apps, and almost all php
based. There's no connection error anywhere.
I tried with the php CLI and I only see the same errors from apache2 error.
Hi,
I need your help and I am a freeradius beginner, so please be patient with me.
In our school we have wireless internet-access for laptops via the
copspot-plugin with freeradius behind it (I guess its at least free radius v.
2.0, but I am not sure). Right now Internet-access is limited to teac
You sir are a lifesaver.
If anyone else wants to know, I had to change auto_header = yes in pap section
of radiusd.conf and set the encryption schema to crypt
then
in user file delete all just do single line entry per user which can be
scripted easily from htpasswd.
username Auth-Type :=
Hi,
>Can FR do htpasswd file based auth? Ideally I'd like to define users in
>users file with their crypto password right from htpasswd. Is this
>possible? how would a user file look like. I searched the docs and all I
>found was 'cleartext password' but I won't know that since its
Hi All,
Guess I spoke to soon. I was using radtest and that worked great when I
went to an actual workstation it was a different story. I am getting the old
"[eap] Identity does not match User-Name, setting from EAP Identity." From
reading through the archives it looks like this has bee
Hi All,
NM, you know I have been working on this for the last two days, I post here
and no more the 30 minutes later I have a breakthrough.. Guess that is how it
always works.
Found a good ref on the FreeRadius site on the hints and started messing
with that and came up with
DEFAUL
Hanno,
I'am facing with the same problem than you. Did you finally find a solution
? If yes, could you please tell me what you have done to fix the problem ?
Many thanks
Nicolas
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Problem-with-rml-sqlcounter-with-GigaByte
Can FR do htpasswd file based auth? Ideally I'd like to define users in users
file with their crypto password right from htpasswd. Is this possible? how
would a user file look like. I searched the docs and all I found was 'cleartext
password' but I won't know that since its htpasswd.-
List info/
Hi All,
I hate to post this here, I am sure there is a fairly simple thing to do
this but I have been looking and can't seem to find how to do it.
So we have users that typically login with a relative context. So there is
a base context set to say ou=HS1.o=students, then they type in t
Thank you for the response, but I'd rather not do it that way.
The documentation suggests that what I want is possible, and it would be
ideal for this situation.
Any more ideas?
Many thanks,
Dave
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/LDAP-Authentication-bind
> -Original Message-
> From: freeradius-users-
> bounces+scott=renshawauto@lists.freeradius.org [mailto:freeradius-
> users-bounces+scott=renshawauto@lists.freeradius.org] On Behalf Of
> Phil Mayers
> Sent: Friday, September 09, 2011 10:39 AM
> To: freeradius-users@lists.freeradius.
-Original Message-
From: freeradius-users-bounces+scott=renshawauto@lists.freeradius.org
[mailto:freeradius-users-bounces+scott=renshawauto@lists.freeradius.org]
On Behalf Of Michael Holstein
Sent: Friday, September 09, 2011 10:30 AM
To: FreeRadius users mailing list
Subject: Re: LD
On 09/09/2011 04:23 PM, Scott Hughes wrote:
Also, would it be better to get the AD authentication working BEFORE
I attempt to authenticate prior to login or is it the same either
way?
AD auth is a pre-requisite for machine auth. So yes, it would be better
to do that first!
(Please make your
> This way it binds anonymously, and then fails to do an ldapsearch because of
> insufficient privs. Giving * read to all seems silly, and I would rather not
> go that route.
>
> If anyone has suggestions or comments they would be greatly appreciated.
>
How I did it (assuming your using AD as
-Original Message-
From: Michael Holstein [mailto:michael.holst...@csuohio.edu]
Sent: Friday, September 09, 2011 10:23 AM
To: FreeRadius users mailing list
Cc: sc...@renshawauto.net
Subject: Re: Windows Pre-Login Auth
> On Windows 7 you can configure pre-login authentication (wireless
>
-Original Message-
From: Michael Holstein [mailto:michael.holst...@csuohio.edu]
Sent: Friday, September 09, 2011 10:23 AM
To: FreeRadius users mailing list
Cc: sc...@renshawauto.net
Subject: Re: Windows Pre-Login Auth
> On Windows 7 you can configure pre-login authentication (wireless
>
> On Windows 7 you can configure pre-login authentication (wireless
> connection properties -> Advanced settings) both for computer and user. On
> XP (with native windows client), I don't think that it is possible to do
> that.
>
>
Yes it is .. just check the box for "authenticate as computer
> Upgrade. This was fixed a long time ago.
>
>
Thanks .. that worked. It's even referenced in the config. My google foo
must have failed me searching the error to have not found that in the
changelog.
Cheers,
Michael Holstein
Cleveland State University
-
List info/subscribe/unsubscribe? S
On Fri, Sep 9, 2011 at 8:32 PM, andreapepa
wrote:
> http://freeradius.1045715.n5.nabble.com/file/n4786389/freeradlogdebug
> freeradlogdebug
>
> that is the log.
Then your NAS (in this case, the simulator) is clearly broken (or
perhaps just misconfigured).
It says
"rad_recv: Accounting-Request p
On 9 Sep 2011, at 16:27, Bjørn Mork wrote:
> Arran Cudbard-Bell writes:
>
>> RFC 2866:
>>
>> When a client is configured to use RADIUS Accounting, at the start of
>> service delivery it will generate an Accounting Start packet
>> describing the type of service being delivered and the use
Bjørn Mork wrote:
> No, of course not. But it may be useful in some settings.
That's why FR is configurable. People do all kinds of crazy things
with it. But those things don't make it into the default config.
> And I really cannot see anything in the above RFC quote which forbids
> sending
This is exactly what I want, from the docs:
"If the administrator wishes to use rlm_ldap only for
authentication or does not wish to populate the identity,password
configuration attributes he can set this attribute by other means and
avoid the ldap search completely. For instance it can be set thr
As a matter of fact, this very setup saved my bacon this week. I had to get
into an older Windows7 laptop, and while my domain account was a member of the
admins group, I hadn't logged on since before my most recent password change
(so it had my old password cached). AND the wired settings were
-Original Message-
From: freeradius-users-bounces+scott=renshawauto@lists.freeradius.org
[mailto:freeradius-users-bounces+scott=renshawauto@lists.freeradius.org]
On Behalf Of Phil Mayers
Sent: Friday, September 09, 2011 9:31 AM
To: freeradius-users@lists.freeradius.org
Subject: Re:
-Original Message-
From: freeradius-users-bounces+scott=renshawauto@lists.freeradius.org
[mailto:freeradius-users-bounces+scott=renshawauto@lists.freeradius.org]
On Behalf Of Phil Mayers
Sent: Friday, September 09, 2011 9:21 AM
To: freeradius-users@lists.freeradius.org
Subject: Re:
On 09/09/2011 03:21 PM, nf-vale wrote:
On Windows 7 you can configure pre-login authentication (wireless
connection properties -> Advanced settings) both for computer and user.
On XP (with native windows client), I don't think that it is possible to
do that.
This is possible in XP SP3. I can't
Arran Cudbard-Bell writes:
> RFC 2866:
>
>When a client is configured to use RADIUS Accounting, at the start of
>service delivery it will generate an Accounting Start packet
>describing the type of service being delivered and the user it is
>being delivered to, and will send that
On 09/09/2011 03:00 PM, Scott Hughes wrote:
Hello all,
I have been using FreeRadius for several years now and am stuck trying
to make our Windows based wireless system authenticate PRIOR to user login.
I have searched the FreeRadius and Deploying FreeRadius sites as well as
Google, but no luck.
On Windows 7 you can configure pre-login authentication (wireless
connection properties -> Advanced settings) both for computer and user. On
XP (with native windows client), I don't think that it is possible to do
that.
On Fri, 9 Sep 2011 09:00:32 -0500, "Scott Hughes" wrote:
Hello all,
ok , thanks
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/racct-and-radpostauth-tp4782906p4786505.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello all,
I have been using FreeRadius for several years now and am stuck trying to
make our Windows based wireless system authenticate PRIOR to user login.
I have searched the FreeRadius and Deploying FreeRadius sites as well as
Google, but no luck. Here is a brief over-view of my FreeRa
andreapepa wrote:
> a nas send an auth req
> user accepted and logged
> user log off but stop packet doesnt arrive to the server, for a lot of
> reasons.
> user retry to log in ...maybe from another nas, we also have nas that doesnt
> communicate the power on/off state
>
> user is rejected due t
http://freeradius.1045715.n5.nabble.com/file/n4786389/freeradlogdebug
freeradlogdebug
that is the log.
and the config s of jradius simulator
i'm generating a request with jradius simulator with auth and start only
option http://freeradius.1045715.n5.nabble.com/file/n4786389/jradiusreq2.png
htt
On 9 Sep 2011, at 14:23, Bjørn Mork wrote:
> Arran Cudbard-Bell writes:
>
>> As Alan says your NAS won't generate Accounting-Requests if the RADIUS
>> server rejects the user (unless its very broken).
>
> Why would that be broken?
>
> Yes, I do see that you can trigger RADIUS accounting tra
Bjørn Mork wrote:
> Arran Cudbard-Bell writes:
>
>> As Alan says your NAS won't generate Accounting-Requests if the RADIUS
>> server rejects the user (unless its very broken).
>
> Why would that be broken?
A session that doesn't start requires no accounting.
When companies do business ac
> Arran, i'm sorry if you felt alone sometimes ;-)
I'm not the one missing out on radstars :p
> but as i said to Fajar
> i've no control over the NAS devices so i prefer do all the possibleon
> the FR server.
Yes... and you can. The contents of the Class attribute is set in the
Acces
Thnks Alan, but
I modified only the necessary things in conf file to make fr works with sql.
try to think at this situation:
simultaneous user login is active.
a nas send an auth req
user accepted and logged
user log off but stop packet doesnt arrive to the server, for a lot of
reasons.
user
> andreapepa wrote:
>> I said that because in my tests an access-rejected request is still
>> recorded in radacct table with a start time and a NULL stoptime,
That is odd. What does the debug log says?
I'm specifically interested in whether the record in radacct was resulted by
(1) NAS sending a
Arran Cudbard-Bell writes:
> As Alan says your NAS won't generate Accounting-Requests if the RADIUS
> server rejects the user (unless its very broken).
Why would that be broken?
Yes, I do see that you can trigger RADIUS accounting traffic without
authenticating, but the additional load (both
On 9 Sep 2011, at 12:18, Bjørn Mork wrote:
> Arran Cudbard-Bell writes:
>
>> Acct-Session-ID isn't inserted into the postauth table, because it's
>> generally not available in the Access-Request.
>>
>> It is theoretically possible to pre-assign an Acct-Session-ID, and its
>> supported by the s
andreapepa wrote:
> I said that because in my tests an access-rejected request is still
> recorded in radacct table with a start time and a NULL stoptime,
That's unnecessary, and a bad idea.
> but nothing
> can link this record to the record in radpostauth,
You've modified the default behav
Arran Cudbard-Bell writes:
> Acct-Session-ID isn't inserted into the postauth table, because it's
> generally not available in the Access-Request.
>
> It is theoretically possible to pre-assign an Acct-Session-ID, and its
> supported by the standards, but no NAS vendors do it because it
> require
yes i've passed the same "issue" after dialup admin installation.
but what you reporting is not an error it is only the debug info on top of
the pages that will remain there (and shows all the sql behind) until you
dont remove the sql debug in admin.conf:
# Uncomment to enable sql debug
#
#sql_d
Thanks Fajar,
i'll try to implement this way, i dont want to query the nas by snmp, i
have so many nas ( and of various vendor) and i'm not responsible of their
configurations and so many concurrent connections that i prefer not to rely
on this.
Arran, i'm sorry if you felt alone sometimes ;-)
Arran Cudbard-Bell wrote:
> On 9 Sep 2011, at 10:51, Alan DeKok wrote:
>> As Arran said, you can't. This is RADIUS. It's not perfect.
>
>
> You know being ignored is like my third favourite pass time, right behind
> spanking cats, and plotting world domination...
It's possible... sometimes
On Fri, Sep 9, 2011 at 3:51 PM, Alan DeKok wrote:
> andreapepa wrote:
>> Finally.. i also can check fro time to time the packets or byte fields to
>> see if the sessios is still alive...but this metod would not be better than
>> matching with replies in radpostauth , ...i believe.
>
> Ask the NAS
On 9 Sep 2011, at 10:51, Alan DeKok wrote:
> andreapepa wrote:
>> Ok, but that field is not present in radpostauth too...and i mean
>> ...correlate between tables
>
> As Arran said, you can't. This is RADIUS. It's not perfect.
You know being ignored is like my third favourite pass time, rig
andreapepa wrote:
> Ok, but that field is not present in radpostauth too...and i mean
> ...correlate between tables
As Arran said, you can't. This is RADIUS. It's not perfect.
>> How do you know?
>
> doing the tests with jradius i've noticed that if you send an auth + start
> request withou
Acct-Session-ID isn't inserted into the postauth table, because it's generally
not available in the Access-Request.
It is theoretically possible to pre-assign an Acct-Session-ID, and its
supported by the standards, but no NAS vendors do it because it requires
additional effort and adds needless
>> My question is about the correlation beetwen the tables in subject, how
can
>> i correlate records without using timestamp but maybe a unique session
>> id?
>
> Use the unique session ID.
Ok, but that field is not present in radpostauth too...and i mean
...correlate between tables
>> I think
On Fri, Sep 9, 2011 at 9:50 AM, Det Det wrote:
> Hi,
> I have Activation attribute in radcheck table (which has a date VALUE) in
> old RADIUS server. I don't find this attribute in FreeRADIUS. I get this
> error. any idea?
What radius server is that?
If it's also a freeradius installation, the o
Det Det wrote:
> I have Activation attribute in radcheck table (which has a date VALUE)
> in old RADIUS server. I don't find this attribute in FreeRADIUS. I get
> this error. any idea?
What is "Activation"?
It's not a standard RADIUS attribute. FreeRADIUS doesn't support it.
Alan DeKok.
-
Michael Holstein wrote:
> FreeRADIUS Version 2.0.4
...
> rlm_ldap: ldap_search() failed: Operations error
Upgrade. This was fixed a long time ago.
> Related question .. is there an easier way to pass plaintext (to Radius)
> credentials into AD (and determine group membership) like auth_ntlm
>
55 matches
Mail list logo