There is no WiMAX-MSK attribute in Access-Accept. You need to call
rlm_wimax module from post-auth section of default virtual server:
# raddb/sites-enabled/default
post-auth {
...
wimax
...
}
This module will add WiMAX-MSK and remove MS-MPPE-Send-Key and
MS-MPPE-Recv-Key.
Rathod Su
> You don't enable it. The NAS is responsible for sending RADIUS
> packets, and originating CHAP requests. CHAP doesn't use a RADIUS
> challenge-response, despite it's name.
Ho ok, so I think I haven't good understand CHAP, my bad, sorry.
> CHAP doesn't work that way. The NAS sends a challenge to t
On Thu, Mar 15, 2012 at 11:21 AM, Shreya Shah wrote:
> Hi,
>
> How can we rotate radius.log file ?
Depends on how you installed it.
Distro-bundled ones should already have a log rotate config setup on
/etc/logrotate.d. If you install it from source, see the included
examples on source tarball. F
On Thu, Mar 15, 2012 at 12:21 PM, Rathod Subhashchandra
wrote:
> Wireshark logs @ ASN-GW
>
>
>
>
>
> I could not attach wireshark pcap logs due to size constraint. I have took
> print screen of only ACCESS-ACCEPT message copied to MS word.
While that information might be interesting for ASN
supp
check if u r having server.cnf, ca.cnf & client.cnf in certs directory. If
yes run bootstrap , to make client cert run make client.
On Wed, Mar 14, 2012 at 8:09 PM, suggestme wrote:
> I tried: openssl dhparam -out dh 1024 as you suggested and dh file is
> created
> as below:
>
> #openssl dhpar
Hi,
How can we rotate radius.log file ?
-Shreya.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
> FreeRADIUS doesn't read OpenSSL configuration files.
>
> Alan DeKok.
Gosh, I feel like a dummy. Thanks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> Doesn't it just use server.cnf to set the password for the key and the CSR?
server.cnf is for openSSL - applications such as FreeRADIUS
and Apache have their own configuration files for private certificate
keys etc - eap.conf in your case
alan
-
List info/subscribe/unsubscribe? See http:
Scott McLane Gardner wrote:
> Doesn't it just use server.cnf to set the password for the key and the CSR?
To *make* the certificates, yes.
For EAP, you need to configure the passwords in eap.conf. This is
documented.
server.cnf is an OpenSSL configuration file.
FreeRADIUS doesn't read
On 3/14/12 4:05 PM, "Alan DeKok" wrote:
>Scott McLane Gardner wrote:
>> Okay, I followed the instructions in the certs README, created the CSR
>>and
>> got a certificate from GeoTrust. When I install it and try to start the
>> server, I get the following error messages:
>>
>> rlm_eap: SSL err
Scott McLane Gardner wrote:
> Okay, I followed the instructions in the certs README, created the CSR and
> got a certificate from GeoTrust. When I install it and try to start the
> server, I get the following error messages:
>
> rlm_eap: SSL error error:06065064:digital envelope
> routines:EVP_Dec
Just to get the server running, I tried moving all the things out of that
directory, then doing the ./bootstrap thing and it still gives that error
when trying to start the server.
-Scott
On 3/14/12 3:44 PM, "Scott McLane Gardner" wrote:
>Okay, I followed the instructions in the certs README, c
Okay, I followed the instructions in the certs README, created the CSR and
got a certificate from GeoTrust. When I install it and try to start the
server, I get the following error messages:
rlm_eap: SSL error error:06065064:digital envelope
routines:EVP_DecryptFinal_ex:bad decrypt
rlm_eap_tls: Er
Excellent, thank you.
>
> The default configuration does this. You shouldn't need to do anything.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mercier Valentin wrote:
> But with some research we made, we have an another question.
> We want to enable on free radius the Access Request --> Access Challenge
> --> Access Request --> Access Accept / Reject, with CHAP, but we don't
> know how to do this, and if you can help us it would be great
On Wed, Mar 14, 2012 at 2:24 PM, Alan DeKok wrote:
> Judd Maltin wrote:
>> I'm compiling my pam_radius_auth on x86_64 source and getting the
>> following in my logs:
> ...
>> Mar 14 12:57:30 app2 sshd[12858]: pam_radius_auth: Got password ^M^?INCORRECT
>
> Another PAM module is butchering the pas
Scott McLane Gardner wrote:
> But I use a certificate authority, so later on in the documentation, it
> says:
>
> If you have an existing certificate authority, and wish to create a
> certificate signing request for the server certificate, edit
> server.cnf as above, and type the following c
Excellent. Thanks Arran, works like a treat, I knew I was overlooking
it. I need to brush up on regex :)
On Wed, Mar 14, 2012 at 3:28 PM, Arran Cudbard-Bell
wrote:
>
> On 14 Mar 2012, at 20:18, John Corps wrote:
>
>> Hello All,
>>
>> I have had this setup (http://wiki.freeradius.org/Mac-Auth) for
On 14 Mar 2012, at 20:18, John Corps wrote:
> Hello All,
>
> I have had this setup (http://wiki.freeradius.org/Mac-Auth) for a long
> time and it has been working well. Now I am experiencing an issue with
> the rewrite of the called station id to extract the SSID from the
> wireless. Anyone know
In the beginning of the cert documentation, it says:
The Microsoft "XP Extensions" will be automatically included in the
server certificate. Without those extensions Windows clients will
refuse to authenticate to FreeRADIUS.
But I use a certificate authority, so later on in the documentation,
Hello All,
I have had this setup (http://wiki.freeradius.org/Mac-Auth) for a long
time and it has been working well. Now I am experiencing an issue with
the rewrite of the called station id to extract the SSID from the
wireless. Anyone know how I can update the rewrite called station id
function t
Hello All,
I've got a question about the settings for limiting access/authenticating to
a specific LDAP group. I have setup a group on my OpenLDAP called "RADIUS"
and I want the users in there to be the only ones that have access. The
problem I am having is with the filters. Below is my /etc/raddb
Judd Maltin wrote:
> I'm compiling my pam_radius_auth on x86_64 source and getting the
> following in my logs:
...
> Mar 14 12:57:30 app2 sshd[12858]: pam_radius_auth: Got password ^M^?INCORRECT
Another PAM module is butchering the password, before it is sent to
pam_radius_auth. Go fix that.
>
Hi Folks,
I'm compiling my pam_radius_auth on x86_64 source and getting the
following in my logs:
Mar 14 12:57:29 app2 sshd[12858]: pam_radius_auth: Got user name
jmaltin@
Mar 14 12:57:29 app2 sshd[12858]: pam_radius_auth: Sending RADIUS request code 1
Mar 14 12:57:29 app2 sshd[12858]: pam_radius
I tried: openssl dhparam -out dh 1024 as you suggested and dh file is created
as below:
#openssl dhparam -out dh 1024
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
...+...++.
Thanks Alan
On Wed, Mar 14, 2012 at 7:07 PM, Alan DeKok wrote:
> Prateek Kumar wrote:
> > When I am starting my freeradius in debug mode then I am getting this
> > message
> >
> > rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
> > rlm_ldap: LDAP radiusTunnelPrivateGroup
Hi,
Normally your bootstrap script runs "make" command first, if make is not
supported then it runs the script.
Script creates
1. random , 01.pem ca.pem & server.pem & other files in different format.
If your opessl command is not working properly or you have some .cnf file
missing in the direc
Prateek Kumar wrote:
> When I am starting my freeradius in debug mode then I am getting this
> message
>
> rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
> rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS
> Tunnel-Private-Group-Id
> conns: 0xb7897598 <---
suggestme wrote:
> Also I tried "./bootstrap" going
> inside the same certs directory; it also doesn't do anything.
Running a shell script doesn't work? It doesn't generate errors?
Your OS is completely broken.
Or, *something* happened, and you ignored it.
Alan DeKok.
-
List info/subsc
Hi,
I am trying to create certificates in Freeradius going inside
/usr/local/etc/raddb/certs. I need these certificates for EAP-TTLS
authentication for wireless access points. As suggested in
deployingradius.com and README inside /usr/local/etc/raddb/certs; I tried to
create "Test Certificates" fo
ZhenJoey wrote:
> I want to know,ignore the security issues, does all clients use the same
> single entry will effect the performance of the radius server?
No.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello Dirk:
I read this article, it is really helpful, thank you very much.
Before reading it, my solution is set a single client entry in clients.conf
like this
client allAP
{
ipaddr=0.0.0.0
netmask=0
sercet=something
...
}
right now ,it works fine for multiple NAS.
I want to kn
it is really helpful,thank you very much.
> Date: Wed, 14 Mar 2012 03:47:31 -0700
> From: dirkvanderw...@gmail.com
> To: freeradius-users@lists.freeradius.org
> Subject: Re: multiple NAS behind multiple NAT with one radius server.
>
> Hi,
>
> You may want to look at this discussion that took
Hi,
You may want to look at this discussion that took place on the mailing list
about the same issue and possible solutions to handle the problem:
http://freeradius.1045715.n5.nabble.com/Authorising-Clients-by-Calling-Station-ID-Not-IP-tc4883866.html
http://freeradius.1045715.n5.nabble.com/Author
On 13/03/12 21:41, Fabricio Flores wrote:
Hello... I Have a question... Which captive portal is the best? I
tried to configure in CentOS coovachilli and is very hard to install
and configuring... Grase Hotspot is easier?
Grase Hotspot uses Coova Chilli internally, but does the work of setting
Things get more weired,
after the first success connected,no matter what username i use(a invalid
user),and no matter what password i use(a invalid password),it will connect
successful by the first valid user account!
both nas netgear and compex got the same situation.
Joey
> Date: Wed, 14
Hi Cornelius and Tim,
First I want to apologize for my response pending, lot of things to do. Then
thank you so much for your advices, but for now we think that the OTP system is
not good for our implementation.
But with some research we made, we have an another question.
We want to enabl
37 matches
Mail list logo
