yzy-oui-fi wrote:
> Don't know if someone did it, but does a webmin pluggin exist for
> freeradius ?
Not that I know of.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Wed, Jan 25, 2012 at 2:11 PM, Fajar A. Nugraha wrote:
> If not, then you can run something like "bash -x
> /etc/init.d/freeradius start".
Sorry, it should be "bash -x /etc/init.d/radiusd start" (since you
mentioned you started it with "service radiusd start")
--
Fajar
> It should print out
On Wed, Jan 25, 2012 at 1:49 PM, eric.chang wrote:
> when i use radiusd or radiusd -X everything works fine.
>
> but when i use service radiusd start, i have problem connecting with the
> postgresql DB.
Somewhat a long shot, but do you have selinux enabled?
If yes, try disabling it, or make sure
Hi guys,
Whats the different between command:
# Service radiusd start
# radiusd
when i use radiusd or radiusd -X everything works fine.
but when i use service radiusd start, i have problem connecting with the
postgresql DB.
Log:
(radiusd)
Thu Jan 26 08:38:10 2012 : Info: Loaded virtual serv
Hi,
Don't know if someone did it, but does a webmin pluggin exist for
freeradius ?
regards
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
2012/1/17 Sergio Belkin
>
>
>
> 2012/1/16 Alan Buxey
>>
>> Where's the log for when this happens? As MAC auth wouldn't go through EAP
>> tunnel it would suggest that some entry in eg users file is coming into
>> play...
>>
>> alan
>>
>
> Alan, I have three logs,
>
> I have the following parame
2012/1/16 Alan Buxey
>
> Where's the log for when this happens? As MAC auth wouldn't go through EAP
> tunnel it would suggest that some entry in eg users file is coming into
> play...
>
> alan
>
Alan, I have three logs,
I have the following parameter on radiusd.conf:
requests = ${logdir}/rad
At some point, once upon a time, Phil Mayers wrote:
> Frankly this email confused me.
>
> WHICH certificate are you talking about?
Ditto.
On Tue, Jan 24, 2012 at 04:09:57PM -0600, McSparin, Joe wrote:
> The CA cert.
Assuming you mean the CA root certificate: on Windows, untick the
box that say
The CA cert.
Joseph R. McSparin
Network Administrator
Hill Country Memorial Hospital
830 990 6638 phone
830 990 6623 fax
jmcspa...@hillcountrymemorial.org
-Original Message-
From:
freeradius-users-bounces+jmcsparin=hillcountrymemorial.org@lists.freerad
ius.org
[mailto:freeradius-users-b
Travis Dimmig wrote:
> How does freeRadius track requests?
See RFC 5080, Section 2.2.2. I wrote the FreeRADIUS code first, then
the RFC.
> I get errors along the lines of
>
> “Error: Discarding duplicate request from client [IP REDACTED]:49603 -
> ID: 204 due to unfinished request 298385”
>
Hi,
>“Error: Discarding duplicate request from client [IP REDACTED]:49603 - ID:
>204 due to unfinished request 298385”
>
>Far more often than I believe I should. What does it mean for a request
>to be unfinished, and how does freeRadius determine that a request is a
>duplicat
How does freeRadius track requests? I get errors along the lines of
"Error: Discarding duplicate request from client [IP REDACTED]:49603 - ID: 204
due to unfinished request 298385"
Far more often than I believe I should. What does it mean for a request to be
unfinished, and how does freeRadius
On 01/24/2012 08:53 PM, McSparin, Joe wrote:
When I connect a mobile phone or a tablet to my wireless network it
works fine even though they don't have a certificate installed. I am
checking the MAC address and putting them into a public vlan if it is
not found. However when I connect a windows l
When I connect a mobile phone or a tablet to my wireless network it
works fine even though they don't have a certificate installed. I am
checking the MAC address and putting them into a public vlan if it is
not found. However when I connect a windows laptop that does not have a
certificate instal
Hi,
>When I try to add a “Unisphere-Ingress-Policy-Name = 512k” for example in
>the users file I get “invalid integer” error.
512k isnt a valid integer - 'k' means nothing - change that to the real value
in bytes
- whether thats just 512 or 524288 would be down to the kit.
regarding the
Paul,
It means that there are conflicting definitions for an attribute number
associated with the Juniper vendor ID.
Look for an attribute with the same number as defined for
Unisphere-Ingress-Policy-Name in the Juniper dictionary file, and comment it
out.
It sounds like the conflicting attr
Paul Stewart wrote:
> I’m trying to get an understanding on a FreeRadius installation how to
> enable the unisphere.dictionary. There are specific attributes in that
> file that we need such as “Unisphere-Ingress-Policy-Name”. By default,
> this dictionary file is commented out due to “attribute
Hi there..
I'm trying to get an understanding on a FreeRadius installation how to
enable the unisphere.dictionary. There are specific attributes in that file
that we need such as "Unisphere-Ingress-Policy-Name". By default, this
dictionary file is commented out due to "attribute conflicts".
Thank you - appreciate the response.
Have it working now and it ends up being a JunOS code issue - geesh..
Sorry for the noise...
Paul
-Original Message-
From: freeradius-users-bounces+paul=paulstewart@lists.freeradius.org
[mailto:freeradius-users-bounces+paul=paulstewart@lists
Paul Stewart wrote:
> The minute we add a static IP address, things go weird with the MX
> platform. The user authenticates and obtains the correct IP address but
> no traffic will pass. JTAC says this is an attributes related issue and
> we are back and forth.
RADIUS isn't magic. Take the at
Hi there..
We have an existing FreeRadius setup that works perfectly for our Cisco BRAS
devices etc.
I am trying to get some Juniper MX working properly. If I add a user to our
system it works fine (dynamic IP assignment etc).
The minute we add a static IP address, things go weird with
Hi,
> I installed all the these libraries. Again build the code. and install but
> its coming same. i am putting all debugging message over here.
outut of the ./configure stage? once again, no OpenSSL support - so you built
without the OpenSSL headers/includes for the server and/or you didn
On Tue, Jan 24, 2012 at 9:55 PM, Harish Mandowara wrote:
> Hi,
>
> I installed all the these libraries.
> Again build the code. and install but
No, you didn't. You either:
- didn't have development headers installed (e.g. you have libssl, but
not libssl-dev), OR
- didn't re-run configure, OR
- ha
2012/1/24 Marinko Tarlać :
> Hi Fajar
>
> Thank you very much for your time.
>
> I'm using CentOS so I'll try with the latest 2.1.x from git
Some of the config files in my ppa might be useful for you as well.
These two files are a bit different to the one in Alan's tree, but it
might help you crea
Hi,
I installed all the these libraries. Again build the code. and install but
its coming same. i am putting all debugging message over here.
main {
allow_core_dumps = no
}
including dictionary file
/home/harish/Desktop/source/freeradius-server-2.1.12/raddb/dictionary
main {
nam
Stefan Winter wrote:
> Is there really much point in calling it 2.2.0 then? If people don't
> like a "13" patch-level number, it could also be called 2.1.14 :-)
Perhaps.
> Cranking up the minor version number just leads to many people asking
> the kind of "can I upgrade" questions we've just go
Hi,
>when i changed the authentication to use peap, i got the problem. I
>launched the server in debug mode ( freeradius -X ) and all that i can see
>is that all my requests are rejected.
i'm sorry, I've lost my ability to read minds. It would actually
be quite handy if you, for examp
Sorry, I was wrong. I have sent the eap.conf for my eap-ttls
authentication. But in fact , i thought that i just needed to change
the default_eap_type to peap and that's all. I have configured an
Access Point to use radius authentication and i have tested the
eap-ttls on my linux machine (debi
Hi,
> I have configured a freeradius + mysql server and i would like to use
>the PEAP authentication. I have tried the EAP-TTLS and it worked fine, but
>when i have tested the PEAP authentication all my requests were rejected
how are you testing this? what client are you using? yo
Hi Fajar
Thank you very much for your time.
I'm using CentOS so I'll try with the latest 2.1.x from git
The problem which bothers me is that I need more than classic ip-mac
pairing. Beside the IP address I need to return a few other parameters
to cable modems/MTA.
For example ISC DHCP confi
Hi,
> 2.2.0 is explicitly compatible with 2.1.12. The only change is to fix
> something which was *broken* in 2.1.12.
Is there really much point in calling it 2.2.0 then? If people don't
like a "13" patch-level number, it could also be called 2.1.14 :-)
Cranking up the minor version number ju
Hi,
> Ignoring EAP-Type/tls because we do not have OpenSSL support.
> Ignoring EAP-Type/ttls because we do not have OpenSSL support.
> Ignoring EAP-Type/peap because we do not have OpenSSL support.
built within OpenSSL support - install the DEVELOPMENT libraries/headers
(eg ssl-dev, openssl-devel
On Tue, Jan 24, 2012 at 6:48 PM, Harish Mandowara wrote:
> Thank you alan,
>
> I want to use PEAP-MSCHAP.
> Ignoring EAP-Type/peap because we do not have OpenSSL support.
See that error? Fix that.
What OS/distro are you using? if you're having problem building FR
with ssl, ready-to-use package
Hi all,
I have configured a freeradius + mysql server and i would like to
use the PEAP authentication. I have tried the EAP-TTLS and it worked
fine, but when i have tested the PEAP authentication all my requests
were rejected by freeradius. I saw that both of PEAP and EAP-TTLS used
TLS and
Thanks very much for that Alan.
On 23/01/12 20:16, Alan Buxey wrote:
Hi,
Hello all,
I just wanted to ask how could I make FR to use either users file or sql
to send attributes based on the NAS ip address.
I suspect that I would need to use ulang for that. Something like:
Thank you alan,
I want to use PEAP-MSCHAP. So that i did change in eap.conf. I did not
change in raddb/sites-enabled. Even in radiusd.conf, its there.
but its giving right now
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file
/usr/local/etc/raddb/eap.conf
eap {
On 24 Jan 2012, at 09:05, NdK wrote:
> Il 24/01/2012 08:48, Arran Cudbard-Bell ha scritto:
>
>>> But how do I set Tunnel-Private-Group-Id from an
>>> exec-ed script?
>> Just execute it using a backticks expansion, store the result in
>> Tmp-String-0 then use regular expression matches over the
Harish Mandowara wrote:
> but its giving
...
> WARNING: Empty authorize section. Using default return values.
You edited the default configuration and broke it. Don't do that.
Check the raddb/sites-enabled directory. Make sure that ONLY the
"default" and "inner-tunnel" servers are there.
Claude Brown wrote:
> We didn't try this.
That would fix it.
> Our design goal is:
> - 250K users all needing to get on the network at the same time
> - each user performing 7 authentications during EAP negotiation
That should be fixed, too. There is NO NEED to do 7 SQL queries. You
can pu
On 01/24/2012 08:48 AM, Arran Cudbard-Bell wrote:
[snip]
IIRC the LDAP Module is actually smart enough to figure out whether you passed in a DN as
a group or just a groupname, so in theory if you have the filters and search depth set
correctly you can just use Ldap-Group == "mygroup".
-Arran
Claude Brown wrote:
> My original reply was confusingly brief. I've clarified below, and I've also
> put the module we wrote into github in case it helps:
>
> https://github.com/claudebrown/freeradius-server/compare/master...rlm_tagfiles
OK. It's... odd.
> We avoided both "fastfile" and relo
Hi,
> - each user performing 7 authentications during EAP negotiation
ummm, why? with correctly configured server and 'protection' of the
authentication
type, you should only hit your authentication server just once inside the
EAP tunnel when the identity is set/known.
alan
-
List info/subscri
I am using network manager with radius server. I put this config in this
files
eap.conf
default_eap_type = peap
create new certificate as per http://deployingradius.com
and network manager side i put ca.der
but its giving
Ready to process requests.
rad_recv: Access-Request packet from host 192.
>
> --
>
> Message: 2
> Date: Tue, 24 Jan 2012 13:53:10 +1100
> From: Claude Brown
> Subject: RE: Cannot control attribute ordering via "rlm_perl"
> To: FreeRadius users mailing list
>
> Message-ID:
> <5D6D54E9C21AB94EB5620F1078C21C14379D535B98@POSTOFFICE
>
>
> Message: 3
> Date: Tue, 24 Jan 2012 08:23:45 +0100
> From: NdK
> Subject: Re: LDAP Group assign to vlan after AD user authentication
> To: FreeRadius users mailing list
>
> Message-ID: <4f1e5c81.9080...@gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Il 23/01/2012 14:
On Sat, Jan 7, 2012 at 5:55 AM, Marinko Tarlac wrote:
> I'm not a developer but I will try to help as much as I can.
>
@Marinko: If you use Ubuntu, I've just uploaded a new package to my
unofficial ppa: https://launchpad.net/~freeradius/+archive/testing-2.x
The master (3.0) branch is still missi
On Tue, Jan 24, 2012 at 9:53 AM, Claude Brown
wrote:
> Our design goal is:
> - 250K users all needing to get on the network at the same time
> - each user performing 7 authentications during EAP negotiation
> - one hour duration to get everyone sorted
>
> This is about 486 authentications per seco
Il 24/01/2012 08:48, Arran Cudbard-Bell ha scritto:
>> But how do I set Tunnel-Private-Group-Id from an
>> exec-ed script?
> Just execute it using a backticks expansion, store the result in Tmp-String-0
> then use regular expression matches over the result to figure out whether it
> contains a c
48 matches
Mail list logo