Subnet topology was enabled in openvn conf.
On 1/4/2012 12:49 PM, Marinko Tarlać wrote:
And what was the problem ?
On 1/4/2012 6:55 AM, Azfar Hashmi wrote:
Solved, problem was in openvpn.
On 1/3/2012 3:30 PM, Azfar Hashmi wrote:
I have assigned static ip to some users but users still
Anyone confirm me that openvpn support
session-timout/acct-session-timeout, i want radius to tell my NAS to
disconnect users if they reached their expiration. Currently its not
working.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Wed, Jan 4, 2012 at 3:18 PM, Azfar Hashmi azfar.has...@cloudways.com wrote:
Anyone confirm me that openvpn support
session-timout/acct-session-timeout, i want radius to tell my NAS to
disconnect users if they reached their expiration. Currently its not
working.
Did you ask in openvpn list?
I did but the list has very low activity. Only few posts in numerous
days there.
On 1/4/2012 1:32 PM, Fajar A. Nugraha wrote:
On Wed, Jan 4, 2012 at 3:18 PM, Azfar Hashmi azfar.has...@cloudways.com
wrote:
Anyone confirm me that openvpn support
session-timout/acct-session-timeout, i want
I tried to setup exactly the same things a while ago using the
radiusplugin for openvpn.
It just don't work! Looking at the code of the radiusplugin I could not
find anything that handle Sessiontimeout attribute (I didn't tried with
Acc-Session-Timeout but didn't see anything either).
Even if
Hi Alexandre,
Thanks for sharing your experience.
On 1/4/2012 4:02 PM, Alexandre Chapellon wrote:
I tried to setup exactly the same things a while ago using the
radiusplugin for openvpn.
It just don't work! Looking at the code of the radiusplugin I could
not find anything that handle
One more related question. I have to test this with pptp and lt2p also,
do they support it?
On 1/4/2012 4:14 PM, Azfar Hashmi wrote:
Hi Alexandre,
Thanks for sharing your experience.
On 1/4/2012 4:02 PM, Alexandre Chapellon wrote:
I tried to setup exactly the same things a while ago using
Hi!
We are using 802.1X EAP TTLS to Authenticate Phones in our network. It is
working, but after seeing a tcpdump, the Radius Server is sending all known
CA Certificates to the Client during EAP TLS Negotiation.
Our Config looks like this:
private_key_file = ${certdir}/radius_server.key
pptp does it very well (at least poptop does). Never tried with L2TP
itself but I know ppp sessions inside L2TP tunnels works as expected...
but that inly pppd works ok with session-timeout.
Regards.
Le 04/01/2012 12:19, Azfar Hashmi a écrit :
One more related question. I have to test this
I found how to do what i needed to do
From what i discovered by default it does not do any accounting
regarding user logins.
I have to set in radiusd.conf in log section:
auth = yes
By default was set to no
On 01/03/2012 04:52 PM, Alan DeKok wrote:
Cosmin Neagu wrote:
I already learned how
On Wed, Jan 4, 2012 at 7:52 PM, Cosmin Neagu cosmin.ne...@omnilogic.ro wrote:
I found how to do what i needed to do
From what i discovered by default it does not do any accounting regarding
user logins.
I have to set in radiusd.conf in log section:
auth = yes
By default was set to no
That's
Yes you are right...did some searching on accounting and this is what i
want next. Thanks for clarification.
Cosmin Neagu
On 01/04/2012 03:08 PM, Fajar A. Nugraha wrote:
On Wed, Jan 4, 2012 at 7:52 PM, Cosmin Neagucosmin.ne...@omnilogic.ro wrote:
I found how to do what i needed to do
Phil,
I modified the LDAP module configuration as you suggested:
filter = ((extensionAttribute10=%{control:Tmp-String-0})
(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}))
Also I did change in authorize section of my configuration of default and
inner-tunnel files; But I got confused
Daniel Finger wrote:
We are using 802.1X EAP TTLS to Authenticate Phones in our network. It is
working, but after seeing a tcpdump, the Radius Server is sending all known
CA Certificates to the Client during EAP TLS Negotiation.
That's largely how EAP-TLS works.
CA_file =
It's been 4 months since the last release of the server. Any
objections to a new release?
Are people using the v2.1.x branch in git?
My idea would be to release this version as 2.2.0. It's stable, and
doing 2.2.0 would probably be better than 2.1.13. :)
I'd also like to release 3.0 in
Hi!
As far as I can see the Server does not send the full certificates, but only
announces the certificates the server knows. I did not read the RFC yet, but
I assume that this only informs the client which certificates can be
requested to verify the server certificate chain.
Am 04.01.2012
Hi,
For a big test for 9 000 requests with radperf, I have got the message :
Radperf: received response to request we did not send. (id=125 socket 19) (
500 lines)
Serge
-Message d'origine-
De : freeradius-users-bounces+stoussaint=netprest@lists.freeradius.org
On 01/04/2012 09:49 AM, Alan DeKok wrote:
I'd also like to release 3.0 in the next few months. I know I've been
saying that for a while. The delays have been due to some intended
design changes which haven't yet been implemented.
Will 3.0 be configuration compatible with 2.0?
--
John
I have put the following into my users files
DEFAULT Auth-Type = ntlm_auth
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-id = 1001
I have told my access point to Allow RADIUS Override on the VLAN
Assignment however the
Yes clients are configured properly, they are working fine to
authorize correctly, its just not showing anything in debug about
accounting requests. I am stumped.
On Tue, Jan 3, 2012 at 4:32 PM, Christ Schlacta li...@aarcane.org wrote:
are the clients also properly configured?
On 1/3/2012
The first order of business would be to freeradius in debug mode, or launch an
eapol_test client against it, and look to see whether the attribute is being
sent. If you do not know whether the attribute is being sent, you cannot
determine whether it is the AP or the freeradius server that
Issue has been fixed. Not to sure why, but reconfiguring the clients
to do accounting has solved itvery strange.
On Wed, Jan 4, 2012 at 11:18 AM, John Corps env...@gmail.com wrote:
Yes clients are configured properly, they are working fine to
authorize correctly, its just not showing
Hi,
Will 3.0 be configuration compatible with 2.0?
no - it is currently not - mainly because of the new methods
used int he SQL/LDAP etc servers. the current config is now different
to the old config...and the old config will cause the new server
to fail at startup. as the new features are
Freeradius is configured to use peap/mschapv2 with Active Directory. We
created the certificate with the required extensions. Windows 7 is working
but Windows XP with service pack 3 is only working when using its Intel
Proset Wireless utility (with and without certicate validation). It does
not
Add to this, IIRC there are some differences (regressions?) in regexp support
in some ancillary files (e.g. users) and a minor dictionary entry glitch that
need to be worked around to use 3.0 in a 2.x config tree. I managed to future
proof most of my configs already by installing 3.0 in a
Hi,
I have put the following into my users files
DEFAULT Auth-Type = ntlm_auth
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-id = 1001
okay - thats a CHECK item - if the Auth-Type = ntlm_auth,
Here is my radiusd -X it looks to me like the Access-Accept is not
returning the vlan with it.
# Executing section post-auth from file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
} # server inner-tunnel
[peap] Got tunneled reply code 2
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0
If I removed the Auth-Type part would it process it for all requests for
testing purposes?
Joseph R. McSparin
Network Administrator
Hill Country Memorial Hospital
830 990 6638 phone
830 990 6623 fax
jmcspa...@hillcountrymemorial.org
-Original Message-
From:
Hi,
Here is my radiusd -X it looks to me like the Access-Accept is not
returning the vlan with it.
copy_request_to_tunnel = yes
in your eap.conf
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
A few things -- I do note the case doesn't match (-id vs -Id) in your original
paste. Second, even though the value of 16 is not what you want, even if you
get that fixed, note that it is not being copied to the outer reply (e.g. with
use_tunelled_reply in peap, or maybe you are filtering it
WooHoo! That got it. Thanks.
Joseph R. McSparin
Network Administrator
Hill Country Memorial Hospital
830 990 6638 phone
830 990 6623 fax
jmcspa...@hillcountrymemorial.org
-Original Message-
From:
freeradius-users-bounces+jmcsparin=hillcountrymemorial.org@lists.freerad
ius.org
I am gonna try it now.
On 1/4/2012 5:49 PM, Alexandre Chapellon wrote:
pptp does it very well (at least poptop does). Never tried with L2TP
itself but I know ppp sessions inside L2TP tunnels works as
expected... but that inly pppd works ok with session-timeout.
Regards.
Le 04/01/2012
32 matches
Mail list logo
