Tim White wrote:
> I'm wondering if anyone has worked out some way to translate reply
> messages easily?
You don't.
> I'm guessing I probably need to make this happen on the GUI side of my
> application (Grase Hotspot), but what do other people do in a multi
> language environment?
English.
Hello,
this was the same problem for me and i ended up using a cloud based hotspot
service of hotspotsystem.com . They host radius servers and also your splash
pages and provide a multi language environment for the whole process.
This also solved the problem of operating and maintaining servers
On 7 Mar 2012, at 07:11, Tim White wrote:
> I'm wondering if anyone has worked out some way to translate reply messages
> easily?
> I'm guessing I probably need to make this happen on the GUI side of my
> application (Grase Hotspot), but what do other people do in a multi language
> environmen
I'm wondering if anyone has worked out some way to translate reply
messages easily?
I'm guessing I probably need to make this happen on the GUI side of my
application (Grase Hotspot), but what do other people do in a multi
language environment?
Thanks
Tim
-
List info/subscribe/unsubscribe? Se
On Wed, Mar 7, 2012 at 3:09 AM, Stefano Zanmarchi wrote:
> On Tue, Mar 6, 2012 at 8:00 PM, Fajar A. Nugraha wrote:
>>> Instead, you should find out which LDAP attribute stores your
>>> MD5-password, add the correct mapping to ldap.attrmap, and leave
>>> Auth-Type section commented-out.
>
> Hi Faj
>> Can you expand on how this is done? I am a freeradius newbie and don't
>> really understand how all the pieces fit together.
First is authentication - configure with Samba, ntlmauth RE:
http://wiki.freeradius.org/FreeRADIUS-Active-Directory-Integration-HOWTO
Next authorization - configured
Hi,
On Tue, Mar 06, 2012 at 10:01:30PM +, Scott McLane Gardner wrote:
> >You CAN use LDAP as a plain database no matter what authentication
> >method you use (in this case you're simply using it for group check,
> >not for authentication).
>
> Can you expand on how this is done? I am a freera
On 3/6/12 3:59 PM, "Fajar A. Nugraha" wrote:
>On Wed, Mar 7, 2012 at 4:57 AM, Scott McLane Gardner
>wrote:
>>
>>
>> On 3/6/12 3:55 PM, "Fajar A. Nugraha" wrote:
>>
>>>On Wed, Mar 7, 2012 at 4:28 AM, Scott McLane Gardner
>>>wrote:
If anyone cares, I got this working by calling a script t
On Wed, Mar 7, 2012 at 4:57 AM, Scott McLane Gardner wrote:
>
>
> On 3/6/12 3:55 PM, "Fajar A. Nugraha" wrote:
>
>>On Wed, Mar 7, 2012 at 4:28 AM, Scott McLane Gardner
>>wrote:
>>> If anyone cares, I got this working by calling a script that contained
>>>the
>>> following:
>>
>>That's odd. Did y
On 3/6/12 3:55 PM, "Fajar A. Nugraha" wrote:
>On Wed, Mar 7, 2012 at 4:28 AM, Scott McLane Gardner
>wrote:
>> If anyone cares, I got this working by calling a script that contained
>>the
>> following:
>
>That's odd. Did you properly setup the AD as LDAP server in
>raddb/modules/ldap (or whatev
On Wed, Mar 7, 2012 at 4:28 AM, Scott McLane Gardner wrote:
> If anyone cares, I got this working by calling a script that contained the
> following:
That's odd. Did you properly setup the AD as LDAP server in
raddb/modules/ldap (or whatever file name you use)?
> if (`/bin/sh /etc/freeradius
On 06/03/12 20:15, Javier Ruiz Escalante wrote:
Good morning,
I have my freeradius working with SQL but have no software to manage users.
Anybody knows anything?
It really depends on the use case. I write the Grase Hotspot interface
for managing SQL users for a hotspot environment (although it
If anyone cares, I got this working by calling a script that contained the
following:
#!/bin/sh
for T in $(wbinfo --user-domgroups `wbinfo -n $1`) ; do wbinfo -s $T |
perl -ne 'chomp and print'; done
Which outputs a string containing all the groups the username is a member
of. I called t
>>
>>I'm having trouble getting unlang to match a string inside a larger
>> string. I have a script that outputs a string of domain groups, like
>>this:
>
>the debug output (radiusd -X) should show you all the values
>as things happen - and thus show you the comparison and how
>ita failing
>
>Alan
Hi,
> I'm having trouble getting unlang to match a string inside a larger
> string. I have a script that outputs a string of domain groups, like this:
the debug output (radiusd -X) should show you all the values
as things happen - and thus show you the comparison and how
ita failing
alan
-
List
I'm having trouble getting unlang to match a string inside a larger
string. I have a script that outputs a string of domain groups, like this:
DOMN\Domain Users 2 DOMN\Wireless Users 2 DOMN\STUsers 2 DOMN\WOCL
Wireless DOMN\WOCL Staff
I have a unlang conditional written like this which I think sh
On Tue, Mar 6, 2012 at 8:00 PM, Fajar A. Nugraha wrote:
>> Instead, you should find out which LDAP attribute stores your
>> MD5-password, add the correct mapping to ldap.attrmap, and leave
>> Auth-Type section commented-out.
Hi Fajar,
thank you for your kind answers, l'll try that out.
One thing
It appears there was another layer to my latest issue.
Sometimes a server using RadSec to proxy to a home server ends up
just waiting around unable to see any more incoming requests,
and not having completed the current request.
In this case the server is 3.0, and is sandwiched
between our inter
Alan DeKok wrote:
> Brian Julin wrote:
> > It appears that a home server entry configured with src_ipaddr will use that
> > source ip address for auth requests, but when directed to do status_check,
> > it sends status request packets using some interface address from some
> > other config item so
On Wed, Mar 7, 2012 at 1:53 AM, Fajar A. Nugraha wrote:
> On Wed, Mar 7, 2012 at 12:32 AM, Stefano Zanmarchi
> wrote:
>> Hi,
>> my aim is to to have eap-ttls/pap working using an openldap user
>> database with MD5
>> hashed passwords. I got it working configuring ldap parameters in
>> /etc/raddb
>
>I found this thread which seems to do what I am asking, but I just don't
>know where to put this statement.
>http://lists.freeradius.org/pipermail/freeradius-users/2012-January/058458
>.
>html Any insight would be appreciated.
Okay, I figured out where to put the "if" statement (in
sites-enable
On Wed, Mar 7, 2012 at 12:32 AM, Stefano Zanmarchi wrote:
> Hi,
> my aim is to to have eap-ttls/pap working using an openldap user
> database with MD5
> hashed passwords. I got it working configuring ldap parameters in
> /etc/raddb/modules/ldap
> and applying two changes in /etc/raddb/sites-availa
>
> You can configure AD as an LDAP server, and then do LDAP group checks.
> See the LDAP documentation for examples.
>
> Alan DeKok.
I think the documentation is saying that LDAP can't be used with EAP. Is
that what it's really saying? It's a little unclear since it says "The
solution is to use
Christoph Litauer wrote:
> ... I don't think this is what I need.
Yes, it is.
> I want some kind of requests (the ones including Colubris-AVPair =
> "ssid:tsunami") to _only_ be handled by dbm, successful or not. I read your
> suggestion as "check against dbm. If successful return, if not ch
Hi,
my aim is to to have eap-ttls/pap working using an openldap user
database with MD5
hashed passwords. I got it working configuring ldap parameters in
/etc/raddb/modules/ldap
and applying two changes in /etc/raddb/sites-available/inner-tunnel:
1) uncommented "ldap" in the authorize section
2) unc
Scott McLane Gardner wrote:
> I've successfully gotten AD auth working, and now I'd like to be able to
> assign VLAN's based on group membership, but I'm having a hard time
> figuring out where and how to do that. Where do I put the "if" statements
> to check group membership? Does AD auth even wor
I found this thread which seems to do what I am asking, but I just don't
know where to put this statement.
http://lists.freeradius.org/pipermail/freeradius-users/2012-January/058458.
html Any insight would be appreciated.
-Scott
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/lis
David Peterson wrote:
> Has anyone run across this:
>
> Couldn't open dictionary "/usr/local/share/freeradius/dictionary": Too many
> open files
You edited the dictionaries and broke them.
You have a circular loop in loading the dictionaries. So the loading
process is infinite, and never fi
I've successfully gotten AD auth working, and now I'd like to be able to
assign VLAN's based on group membership, but I'm having a hard time
figuring out where and how to do that. Where do I put the "if" statements
to check group membership? Does AD auth even work like this, or do I need
to be usin
ulimit?
-Original Message-
From: freeradius-users-bounces+jmdanner=samford@lists.freeradius.org
[mailto:freeradius-users-bounces+jmdanner=samford@lists.freeradius.org] On
Behalf Of David Peterson
Sent: Tuesday, March 06, 2012 10:04 AM
To: FreeRadius users mailing list
Subject: Er
Has anyone run across this:
Couldn't open dictionary "/usr/local/share/freeradius/dictionary": Too many
open files
| David Peterson | Senior Engineer | Wireless Connections |
| Office: 419.660.6100 ext 2287 | Cell: 419.706.7355| Fax: 419.668.4077 |
www.wirelessconnections.net |
| 166 Milan Ave |
Alan,
thanks for your quick response!
Am 06.03.2012 um 16:21 schrieb Alan DeKok:
> Christoph Litauer wrote:
>> maybe you can help me with a - probably simple - problem in authorizing wlan
>> users. I am using freeradius 1.1.7 (on SLES 10sp4).
>
> Upgrade to 2.1.12.
Ah, OK. I think I will try
Oddly problem.
freeradius 2.1.12 up and running
authentication ntlm & sql
no problem to authenticate users (ntlm on AD and local on mysql ), both from
radtest and from NAS work fine
I start to work with sql with the idea to set up some "local" users with a well
defined expiration date.
I imp
> On Tue, Mar 6, 2012 at 9:20 PM, wrote:
>> ++? if (control:Shadow-Current > control:Shadow-Expires)
>> Failed parsing "control:Shadow-Expires": Unknown value control:Shadow-Expires
>> for
>> attribute Shadow-Current
>
> Try
>
> if (control:Shadow-Current > "%{control:Shadow-Expires}")
>
That d
Christoph Litauer wrote:
> maybe you can help me with a - probably simple - problem in authorizing wlan
> users. I am using freeradius 1.1.7 (on SLES 10sp4).
Upgrade to 2.1.12.
> My working configuration is able to authorize users with modules dbm and
> ldap. Dbm is used for mac-authenticatio
Dear freeradius users,
maybe you can help me with a - probably simple - problem in authorizing wlan
users. I am using freeradius 1.1.7 (on SLES 10sp4).
My working configuration is able to authorize users with modules dbm and ldap.
Dbm is used for mac-authentication, ldap for 802.1x-authenticati
I'm currently testing this on a wired network, so signal definitely isn't the
issue.
I also don't think that this is an issue with freeradius, but I figured this
mailing list would be full of people who may have seen this before and have
resolved it.
Andi
-Original Message-
From: free
On Tue, Mar 6, 2012 at 8:54 PM, Fazal Ahmed Malik wrote:
> Is there any script or utility which can clean up radwho.
radzap?
Personally I just remove all reference to *radutmp in
sites-available/* since I don't use it anyway.
> 2ndly how can I
> disconnect connected users by force.
Your NAS ne
On Tue, Mar 06, 2012 at 02:22:04PM +, Morris, Andi wrote:
> Dave, I am running Cisco switches with dot1x timeouts, I wonder
> whether this could be causing the issue. I'll do some testing.
Turn off "Excessive 802.1X Authentication Failures" if you've got
such a thing and it's enabled. We had
On Tue, Mar 6, 2012 at 9:20 PM, wrote:
> ++? if (control:Shadow-Current > control:Shadow-Expires)
> Failed parsing "control:Shadow-Expires": Unknown value control:Shadow-Expires
> for
> attribute Shadow-Current
Try
if (control:Shadow-Current > "%{control:Shadow-Expires}")
--
Fajar
-
List inf
On Mon, Mar 05, 2012 at 05:36:24PM +, Phil Mayers wrote:
> On 05/03/12 16:16, Morris, Andi wrote:
> >Does anyone else get a problem with Windows 7 clients prompting for the
> >radius credentials 2 or 3 times before finally accepting them? No errors
> >are shown on the radius side, and I’ve read
Thanks Aman, that could be a very big help if you could take a look. I've
emailed you the log files to your Microsoft address.
Francois, it's good to know that you've also seen this issue.
Dave, I am running Cisco switches with dot1x timeouts, I wonder whether this
could be causing the issue.
> On 03/06/2012 02:10 AM, u...@3.am wrote:
>>> On 28/02/12 21:16, u...@3.am wrote:
However, we just noticed that password expiry isn't working. I suspect
this is
>> because we are still using all the original POSIX attributes and none of
>> them look
like good for mapping to the o
On Tue, Mar 6, 2012 at 8:50 PM, Mulindwa wrote:
> Thanks Lliya,
>
> Have done so but still client not able to connected.
... and what does the debug log looks like now? Does it still show md5
being used?
Also, to doublecheck, what EAP method do you configure your client to
use? Have you set the
Hi,
I have freeradius installed with mpd for pppoe dialin users. If some users
power off computer without disconnecting than session hangs up. When I run
radwho it shows user is connected where as practically user is disconnected.
Is there any script or utility which can clean up radwho. 2ndly
Thanks Lliya,
Have done so but still client not able to connected.
Eric M
From: Iliya Peregoudov
To: Mulindwa ; FreeRadius users mailing list
Sent: Tuesday, March 6, 2012 3:42 PM
Subject: Re: Wimax with Free radius
> +- entering group authenticate {...}
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 249 to 196.0.4.18 port 1812
You're still have EAP-MD5 as default EAP method.
Look thoroughly into eap.conf. There is default_ea
On Tue, Mar 6, 2012 at 7:27 PM, Javier Ruiz Escalante
wrote:
>
>
> Hello,
>
> After installing Daloradius I get the following error, could somebody give
> me a clue of how to solve it? Befoe everything was working...
Did you read daloradius documentation, just in case it had some warnings?
Did yo
Thanks Alan,
The answer i did see which stated that you can not have Wimax users with no
authentication.
However i have not seen the instructions of how to setup a wimax account or
having wimax work with freeradius, i have followed all instruction enabling the
rlm_wimax and anything to do wi
On Tue, Mar 6, 2012 at 6:13 PM, Martin Mielke wrote:
> This is part of an OS consolidation project which started some time ago.
> There were too many Linux-flavours like Debian, Slackware, Fedora, CentOS,
> RedHat 4, Mandriva... thus making maintenance, support and administration
> more complic
On Tue, Mar 6, 2012 at 5:15 PM, Javier Ruiz Escalante
wrote:
>
> Good morning,
>
> I have my freeradius working with SQL but have no software to manage users.
> Anybody knows anything?
My favorite was actually phpmyadmin, editing the tables directly :D
If you can get it working, diaulup-admin (
Mulindwa wrote:
> I have actually changed the my eap.conf file and have it with
> default_eap_type = ttls
>
> However still wimax client cannot connect even when i have enabled
> password for him, what could i be doing wrong?
You're not follow instructions. If you don't read the answers on thi
Thanks Alan,
I have actually changed the my eap.conf file and have it with
default_eap_type = ttls
However still wimax client cannot connect even when i have enabled password for
him, what could i be doing wrong?
Thanks for your support Alan
Eric M
From:
Mulindwa wrote:
> am still having a challenge and seeking your guidance, i have this
> account in my users file as shown below;
>
> However, client still can not connect and this is the log below, what
> could be the issue?
The debug output is the same, so the problem is the same.
This questi
This is part of an OS consolidation project which started some time ago. There
were too many Linux-flavours like Debian, Slackware, Fedora, CentOS, RedHat 4,
Mandriva... thus making maintenance, support and administration more
complicated...
Anyway, this was not the point ;-)
Regards,
Martin
%Y%m%d ->
/usr/local/var/log/radius/radacct/196.0.4.18/auth-detail-20120306
[auth_log]
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/196.0.4.18/auth-detail-20120306
[auth_log] expand: %t -> Tue Mar 6 14:18:26 201
Good morning,
I have my freeradius working with SQL but have no software to manage users.
Anybody knows anything?
Thanks in advance.
Regards
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Tue, Mar 6, 2012 at 4:11 PM, Alan DeKok wrote:
> Mulindwa wrote:
>> So far looks good only that users are not authenticating yet.
>
> You cannot set "Auth-Type := Accept" for WiMAX connections. It won't
> work. It's impossible.
>
Ooops. My bad.
Wiki updated.
--
Fajar
-
List info/subscrib
Alan DeKok wrote:
Joe Holden wrote:
Forgive me if I've missed something blatantly obvious here, but is there
a TX/RX speed RADIUS attribute to match the L2TP AVP?
If you can't find it, it doesn't exist.
Can't find
anything that suggests there is - if not, is it best to implement my own
ve
Hi Thomas,
How did manage to configure Freeradius with Huawei NAS, its a big challenge to
me, have still failed.
Eric M
From: Thomas Fagart
To: freeradius-users@lists.freeradius.org
Sent: Tuesday, March 6, 2012 12:19 PM
Subject: Freeradius crash during EAP
Alan Buxey writes:
>
>> At my new working place I have inherited a FR 1.1.3 running on CentOS 5.6.
>> Beyond being outdated and unsupported, this FR setup is causing a lot of
>> problems so I plan a migration to RHEL5 and FR 2.1.12.
>> I've been searching but I cannot find a procedure describing
On 03/06/2012 02:10 AM, u...@3.am wrote:
On 28/02/12 21:16, u...@3.am wrote:
However, we just noticed that password expiry isn't working. I suspect this is
because we are still using all the original POSIX attributes and none of them
look
like good for mapping to the ones supplied by FreeR
Thomas Fagart wrote:
> Last week we've migrate Motorola authentication on freeradius. (no more
> radiator :-) ).
Nice.
> But then we've experienced freeradius crash.
Not so nice.
> The crash usually happen when home servers (ISP radius) does not
> respond, then the radius load goes up to 50
Hello,
Since more than a year we're doing EAP-TTLS to authenticate Wimax Users
on Alcatel and Huawei NASes.
Last week we've migrate Motorola authentication on freeradius. (no more
radiator :-) ).
But then we've experienced freeradius crash.
Informations :
Software : Freeradius 2.1.12
OS :
Mulindwa wrote:
> So far looks good only that users are not authenticating yet.
You cannot set "Auth-Type := Accept" for WiMAX connections. It won't
work. It's impossible.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dear All,
I also have this info, do i need to have it in my free radius?
Server Root CA Cert. Info
/C=US/O=WiMAX Forum(R)/CN=WiMAX Forum(R) Server Root - CA1
Device Cert. Info
/C=TW/O=MitraStar Technology/OU=WiMAX Forum(R) Devices/CN=0C4C39b7830b WiMAX
Series
Eric M
___
/sites-enabled/default
+- entering group post-auth {...}
[reply_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/196.0.4.18/reply-detail-20120306
[reply_log]
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/re
On Tue, Mar 6, 2012 at 3:16 PM, Mulindwa wrote:
> Thanks Fajar,
> My users are using EAP-TTLS, is there a possibility to have them connect
> without a password
See http://wiki.freeradius.org/Protocol%20Compatibility
or to be specific, just the paragraph under the table :)
--
Fajar
-
List info/
Thanks Fajar,
My users are using EAP-TTLS, is there a possibility to have them connect
without a password
Eric M
From: Fajar A. Nugraha
To: Mulindwa ; FreeRadius users mailing list
Sent: Tuesday, March 6, 2012 10:35 AM
Subject: Re: Wimax with Free radius
I was trying to get linelog to log a CSV style log file with the Access
Accept and Reject messages for auditing purposes.
Took a while to see that the "Access-Reject" verb doesn't work in the
modules/linelog file, it only ever uses the Access-Request since all the
requests are Access-Request messa
70 matches
Mail list logo