Alan,
Of course I read the radeapclient man page, and in my first e-mail
explained how I was running the radeapclient command.
From my first e-mail to this list: radeapclient -c3 -r1 -s -x 127.0.0.1
auth localhost-secret eapsim-in.txt
The think is, I don't know how but using the debian
pptp and l2tp working fine, if I see radiusplgin source code then these
things are defined there ie.g session-timeout and idle-timeout but since
I am not good in programing i have no idea why they are there, anyone
confirm why they are in code if not supported? I am on v2.1a b1
1/5/2012 11:17 AM,
From the ./UserAuth.cpp file in the radiusplugin code:
/**The method send an authentication packet to the radius server and
* calls the method parseResponsePacket(). The following attributes are
in the packet:
* - User_Name,
* - User_Password
* - NAS_PortCalling_Station_Id,
* -
Does this seem like a doable scenario in the users file it doesn't
return anything but I'm not sure if it is query issue or if those values
are not available in the users file.
DEFAULT Auth-Type = ntlm_auth
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Alan Buxey wrote:
no - it is currently not - mainly because of the new methods
used int he SQL/LDAP etc servers. the current config is now different
to the old config...and the old config will cause the new server
to fail at startup. as the new features are fundamental to its operation,
On 05/01/12 15:24, McSparin, Joe wrote:
Does this seem like a doable scenario in the users file it doesn't
return anything but I'm not sure if it is query issue or if those values
are not available in the users file.
DEFAULT Auth-Type = ntlm_auth
Tunnel-Type = VLAN,
Tunnel-Medium-Type =
First We should know if openvpn is able to create a vpn session for a
certain amount of time and then disconnect the user once time expired...
I am not sure openvpn has such a feature... If it doesn't that mean that
openvpn code would also need to be hacked.
This thread is slightly becomming
On 01/05/2012 10:41 AM, Alan DeKok wrote:
Alan Buxey wrote:
no - it is currently not - mainly because of the new methods
used int he SQL/LDAP etc servers. the current config is now different
to the old config...and the old config will cause the new server
to fail at startup. as the new
With renewed confidence that this would work I found that I just needed
to add the database name and remove the single quotes and it worked. I
am curious about your suggestion to use unlang and post-auth can you
elaborate on that.
Joseph R. McSparin
Network Administrator
Hill Country
Brian Julin wrote:
Add to this, IIRC there are some differences (regressions?) in regexp support
in some ancillary files (e.g. users)
I don't recall that... it *should* be compatible.
and a minor dictionary entry glitch that need to be worked around to use 3.0
in a 2.x config tree.
John Dennis wrote:
Version 3.x is 100% configuration compatible with version 2.x.
No.
Some things have changed. Even 2.2.0 will NOT be 100% compatible with
2.1.12. e.g. the passwd file has a configuration entry *forbidden*.
It used to be marked do not use. People used it. And then
Angelica Delgado wrote:
Freeradius is configured to use peap/mschapv2 with Active Directory. We
created the certificate with the required extensions. Windows 7 is
working but Windows XP with service pack 3 is only working when using
its Intel Proset Wireless utility (with and without
On 05/01/12 16:54, John Dennis wrote:
On 01/05/2012 10:41 AM, Alan DeKok wrote:
Alan Buxey wrote:
no - it is currently not - mainly because of the new methods
used int he SQL/LDAP etc servers. the current config is now different
to the old config...and the old config will cause the new server
If it isn't secret, where is the DHCP functionality on the priority list ?
On 1/4/2012 3:49 PM, Alan DeKok wrote:
The hope is that I can do some small changes for 3.0 which will
finalize the internal state machine. That will make it easier to
separate the RADIUS, DHCP, and VMPS
On 01/05/2012 12:01 PM, Alan DeKok wrote:
John Dennis wrote:
Version 3.x is 100% configuration compatible with version 2.x.
No.
O.K. fair enough, I really wasn't expecting 3.x to be configuration
compatible with 2.x.
This then begs the question: What are the support plans for 2.x once
Does anyone know if there is a way in the users file to set the
Tunnel-Private-Group-id = some_default_vlan if the following sql
statement comes back blank.
DEFAULT Auth-Type = ntlm_auth
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
McSparin, Joe wrote:
Does anyone know if there is a way in the users file to set
the Tunnel-Private-Group-id = some_default_vlan if the
following sql statement comes back blank.
DEFAULT Auth-Type = ntlm_auth
Tunnel-Type = VLAN,
Cool that worked. Thanks.
Joseph R. McSparin
Network Administrator
Hill Country Memorial Hospital
830 990 6638 phone
830 990 6623 fax
jmcspa...@hillcountrymemorial.org
-Original Message-
From:
freeradius-users-bounces+jmcsparin=hillcountrymemorial.org@lists.freerad
ius.org
Alan DeKok [al...@deployingradius.com] wrote:
Brian Julin wrote:
Add to this, IIRC there are some differences (regressions?) in regexp
support in some ancillary files (e.g. users)
I don't recall that... it *should* be compatible.
For example, a
Hello,
The certificate has the following extensions:
Server Authentication (1.3.6.1.5.5.7.3.1)
Client Authentication (1.3.6.1.5.5.7.3.2)
Also, Windows XP with sp3 client does not works even without the
certificate validation.
Thanks.
Angela
On Thu, Jan 5, 2012 at 11:03 AM, Alan DeKok
Hi Every body!
I'm setting up an Eduroam infrastructure authenticating through
a LDAP directory.
I conveniently configure realms for local request and remote request
as well.
But, i'm dealing with empty user attribute issue while attempting
to authenticate with the eduroam user. It seems
I'm doing tests using authentication eap-tls and freeradius response with
Acces-Accept, but internet connectivity is practically nil.. Which can be the
problem? Previously had a warning compatibility certificate.. And I'm doing
the tests from the same machine you configure freeradius.. Help
Hi,
DEFAULT User-Name =~ foo
i reported a similar issue in the attr filter parsing - used to work with 2.x
and now fails...tried all flavours of regex instead eg
DEFAULT User-Name =~ /foo/
just in case...
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
This then begs the question: What are the support plans for 2.x once 3.x
is released?
dependson what you mean by support..and WHAT support. if you are
thinking freeradius-users mailing list, then that depends on the mix
of people on there i think that 2.x is close enough to 3.x
Hi,
to authenticate with the eduroam user. It seems that although the
request is proxied, my server tries to locally check the authorized
attributes of the user against my local ldap server. And since no
such user exists ldap returns : object not found
use unlang to put a
-20120105
Thu Jan 5 21:14:08 2012 : Info: [auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to
/var/log/freeradius/radacct/10.10.65.135/auth-detail-20120105
Thu Jan 5 21:14:08 2012 : Info: [auth_log] expand: %t - Thu Jan 5
21:14:08 2012
Thu Jan 5 21:14
Hi,
to authenticate with the eduroam user. It seems that although the
request is proxied, my server tries to locally check the authorized
attributes of the user against my local ldap server. And since no
such user exists ldap returns : object not found
use unlang to put a
Hi,
realm DEFAULT {
type = radius
authhost = federation_server:1812
accthost =federation_server:1813
secret =
nostrip
}
you really dont want to do it that way - what you want to do is use some unlang
in authorize to ensure that the realm is valid...and then set the 'Realm' to
eg
On Fri, Jan 6, 2012 at 12:01 AM, Alan DeKok al...@deployingradius.com wrote:
John Dennis wrote:
Version 3.x is 100% configuration compatible with version 2.x.
No.
Some things have changed. Even 2.2.0 will NOT be 100% compatible with
2.1.12. e.g. the passwd file has a configuration entry
29 matches
Mail list logo