On 04/18/2012 07:04 PM, Ivo Vastert wrote:
Hi Phil,
Thank you for your answer.
I just try'd your rule but this one is refused aswell (Freeradius won't start
with it, giving a parse error).
Framed-IP-Address =~ /^172\.(1[6-9]|2[0-9]|3[01])\./
I still have the feeling ( ) is not accepted, when
Hi,
Actually what was helpful is reading the comments in radiusd.conf .
Location of ldap config changed starting 2.0.0 .
I successfully configured it
Thanks.
Wassim C. Zaarour
Systems Network Engineer
On 4/18/12 11:12 PM, Mark Holmes mark.hol...@nuffield.ox.ac.uk wrote:
I think
Dear Folks,
I've did some changes in my radius configuration (adding some
scripts and modules) and now I'm going to test it.
I've checked in my test env with several packets and it looks
working, but I'm afraid of It's functioning in Real world. Is there
any
On Thu, Apr 19, 2012 at 08:54:51AM +0100, Nasser Heidari wrote:
Dear Folks,
I've did some changes in my radius configuration (adding some scripts
and modules) and now I'm going to test it. I've checked in my test
env with several packets and it looks working, but I'm afraid of It's
Hello,
I'm using Replicate-To-Realm to replicate packets. Read the
modules/replicate file. It works only in new releases, 2.11+ if I
remember...
Andrea
Il 19/04/2012 10:04, Ben Brown ha scritto:
On Thu, Apr 19, 2012 at 08:54:51AM +0100, Nasser Heidari wrote:
Dear Folks,
I've did some changes
O.K. Thanks everybody. It would appear that the shared secret was being
passed incorrectly by NAS. It now behaves as it should. Don't understand
why FR1 worked with exactly the same NAS though.
--
View this message in context:
Tobias Hachmer wrote:
During FreeRADIUS performance test as described in
/usr/share/doc/freeradius/performance-testing.gz I noticed that FR does
for the ldap-group query above (Ldap-Group ==
cn=radius.users,ou=Groups,dc=test,dc=local) no load-balancing or
fall-through to other ldap modules.
Hi List,
I have set up Freeadius 2.1.10 to authenticate with ldap.
I have a cisco switch and using my Mac Laptop to connect.
If I try to connect using ldap credentials the authentication fails, though
the same credentials work if I use them with radtest on the localhost
If I try to connect
Wassim Zaarour wrote:
If I try to connect using ldap credentials the authentication fails,
though the same credentials work if I use them with radtest on the localhost
Read the debug output to see WHY the user is being rejected. This is
documented in the FAQ, README, web pages, man page,
Hi everyone... I have a lan and wireless network... The wireless network i
want to use a captive portal (coovachilli) but in places that i don't have
wireless i need to use access points to access to the lan network... I use
freeradius with mysql... I configure 2 clients in clients.conf the
Thanks Alan,
I have read what you mentioned, still can't figure it out, I guess the
important part in the debug is:
ERROR: No Authenticate method (Auth-Type) found for the request: Rejecting
the user
I configured the MAC OS TTLS/CHAP (earlier I tried TTLS/EAP and still it
doesn't work)
I
Am 19.04.2012 13:44, schrieb Alan DeKok:
Tobias Hachmer wrote:
During FreeRADIUS performance test as described in
/usr/share/doc/freeradius/performance-testing.gz I noticed that FR
does
for the ldap-group query above (Ldap-Group ==
cn=radius.users,ou=Groups,dc=test,dc=local) no load-balancing
Hi,
I have read what you mentioned, still can't figure it out, I guess the
important part in the debug is:
ERROR: No Authenticate method (Auth-Type) found for the request: Rejecting
the user
yes but we arent mind readers.the question will be 'why is no auth type
found?'
and the
On 4/19/12 3:31 PM, alan buxey a.l.m.bu...@lboro.ac.uk wrote:
Hi,
I have read what you mentioned, still can't figure it out, I guess the
important part in the debug is:
ERROR: No Authenticate method (Auth-Type) found for the request:
Rejecting
the user
yes but we arent mind
but i have problems to the ap... The didn't login...
Do you really think this is enough information for someone to help you?
Did you read the FAQ?
http://wiki.freeradius.org/FAQ#It+still+doesn%27t+work%21
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Wassim Zaarour wrote:
Hi Alan, and thanks for your reply, I don't want to paste the output here
coz its large, should I attach it or paste here anyways or??
You can follow instructions, or you can be unsubscribed and banned
from the list.
When we ask for the debug log TWICE, the response
On 4/19/12 4:18 PM, Alan DeKok al...@deployingradius.com wrote:
Wassim Zaarour wrote:
Hi Alan, and thanks for your reply, I don't want to paste the output
here
coz its large, should I attach it or paste here anyways or??
You can follow instructions, or you can be unsubscribed and banned
-Original Message-
Tobias Hachmer
Am 19.04.2012 13:44, schrieb Alan DeKok:
Tobias Hachmer wrote:
During FreeRADIUS performance test as described in
/usr/share/doc/freeradius/performance-testing.gz I noticed that FR
does
for the ldap-group query above (Ldap-Group ==
thaks for the answer... yes i said that freeradius with coovachilli works
but with the access point i think send another request so it fails.. is
possible that the access points and coovachilli use the same way to
authenticate?
El 19 de abril de 2012 07:49, Garber, Neal
Am 19.04.2012 15:46, schrieb Brian Julin:
Create a single RRDNS entry for your LDAP servers and use a single
LDAP definition. The DNS name(s) in the LDAP definition is sent to
directly to the underlying LDAP library and should be looked up for
each connection instantiated; FreeRADIUS does not
A cursory look suggests we may use some of the effected codepaths
in CVE-2012-2110
(http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/086585.html)
and given that FreeRADIUS often deals with certificates from
sources that are not under direct control of administrators (dot1x clients,
Thanks for that suggestion. Sounds quite simple to achieve fail-over for
ldap-queries.
But I have one problem when I enter my ldap servers like you mentioned
because the common name in the ldap server certificate
won't match the new defined dns name.
I will test this scenario with the
Tobias Hachmer wrote:
Am 19.04.2012 15:46, schrieb Brian Julin:
Create a single RRDNS entry for your LDAP servers and use a single
LDAP definition. The DNS name(s) in the LDAP definition is sent to
directly to the underlying LDAP library and should be looked up for
each connection
Brian Julin wrote:
A cursory look suggests we may use some of the effected codepaths
in CVE-2012-2110
(http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/086585.html)
and given that FreeRADIUS often deals with certificates from
sources that are not under direct control of
Hi... I worked in my perl script... i did the conection to the web service
and it works... I configure freeradius (add perl and sql) in auth section,
I made a debug with freeradius -X but I don´t know if freeradius read the
perl script before work with mysql... i have this output:
rad_recv:
hi,
quick look seems to show that you dont have a suitable authorise
section in the inner tunnel.
the tunnel gets started...your client rejects the default md5
the server sent - and EAP-TTLS gets done...the username/password
gets sent but has nothing to go against so I suggest
you add
Hi,
Hi... I worked in my perl script... i did the conection to the web service
and it works... I configure freeradius (add perl and sql) in auth section,
I made a debug with freeradius -X but I don�t know if freeradius read the
perl script before work with mysql... i have this
Hi Aman,
(I'm copying freeradius-users to feedback to the thread, but
as it's not really a FR issue I'm happy for you to take this
off-list if you want any more details/testing).
On Mon, Mar 05, 2012 at 08:19:15PM +, Alan Buxey wrote:
right. interesting. I've just been looking into Windows
Hi,
We've been digging into this a bit more and testing the TTLS
support with Windows 8. Really nice to see more options than just
PEAP at last :-)
thanks for the further testing/verification Matthew :-)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ok i start the freeradius with freeradius -x and i have this error:
Can't load '/usr/lib/perl5/auto/DBI/DBI.so' for module DBI:
/usr/lib/perl5/auto/DBI/DBI.so: undefined symbol: PL_memory_wrap at
/usr/lib/perl/5.12/DynaLoader.pm line 192.
I read in another post that is an error because i use dbi
attachment was scrubbed...
URL:
http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120419/c221d954/attachment-0001.html
--
Message: 2
Date: Thu, 19 Apr 2012 16:53:42 +0100
From: alan buxey a.l.m.bu...@lboro.ac.uk
To: FreeRadius users mailing list
freeradius
Thanks Alan, it worked like a charm!!
But it worked using TTLS/PAP, now Windows OS natively supports PEAP, and
when I tried it with TTLS/PEAP it didn't authenticate and gave the
following debug:
I guess from the below what's important is this section
.
.
.
[eap] processing type mschapv2
32 matches
Mail list logo
