)
(0) ? Evaluating !(control:Auth-Type) - FALSE
(0) ? if (!control:Auth-Type) - FALSE
(0) detail-vpn_nimas_tk-auth : expand:
/var/log/radius/radacct/vpn_nimas_tk-auth-%Y%m%d -
/var/log/radius/radacct/vpn_nimas_tk-auth-20121116
(0) detail-vpn_nimas_tk-auth :
/var/log/radius/radacct/vpn_nimas_tk
Looking into code I suppose the problem is something with the old NT
hash, but not an expert here. Any help would be apreciated.
Adding some debug to code, this seems really wrong:
(1) mschap-vpn_nimas_tk : old_nt_hash: 3497295200 || Write buf:
old-nt-hash-blob:
On 11/16/2012 10:00 AM, Carlos Velasco wrote:
windows popup in Cisco VPN client, but the change password process fails:
ntlm_auth said: Password-Change: No Password-Change-Error: Wrong
Password . .
Hmm.
Winbind logs also shows:
NT_STATUS_WRONG_PASSWORD
Looking into code I suppose the
On 15 Nov 2012, at 18:21, Phil Mayers p.may...@imperial.ac.uk wrote:
On 15/11/12 17:20, Arran Cudbard-Bell wrote:
Regarding the patches:
* grep works fine if you stick with BREs
Sure, whatever works.
* PCAP_NETMASK_UNKNOWN is actually defined as:
#define PCAP_NETMASK_UNKNOWN
Digging through the rlm_perl source, I stumbled over the following:
1. Is it on purpose that it normally checks USE_ITHREADS and only perl_xlat
checks WITH_ITHREADS?
2. Is it also on purpose that radiusd::radog is newXS'd only after perl_parse()?
That hit me because as it is, you can't log
On 11/16/2012 10:55 AM, Arran Cudbard-Bell wrote:
Done. Yeah there were some pretty poor typos, looks like no one's
actually tried to build that code in a while. We really need to get
an automated build system setup again.
Even if the server is almost completely devoid of unit tests and
Guys,
Same server, i am trying to configure pptpd with radius, please give
advice, why it is not working. Radius auth is succesfull..
/var/log/messages (pppd log): http://dpaste.com/832022/
/etc/pptpd.conf http://dpaste.com/832024/
/etc/ppp/options.pptpd http://dpaste.com/832026/
freeradius
On 11/16/2012 10:00 AM, Carlos Velasco wrote:
windows popup in Cisco VPN client, but the change password process fails:
ntlm_auth said: Password-Change: No Password-Change-Error: Wrong
Password . .
Looking into code I suppose the problem is something with the old NT
hash, but not an expert
I have done poptop+freeraius+AD integration successfully :
But i see you have some sql stuff enabled. I have pptpd server, radius
handles all auth, ippool and accounting -- AD is for user athuentication.
if this is the case buzz me i will try to help you out.
K
On Fri, Nov 16, 2012 at 11:20
On 11/16/2012 11:27 AM, Carlos Velasco wrote:
According to RFC2548, after 0x0701 should be the Encrypted-Hash
16 octects, but they are all 00.
I am trying to find out why, seems a bug in Cisco part. But I think
this works fine with Cisco ACS radius. :S
The CPW packet lets you send the NT
Thank you,
I think, my problem somewhere in pptpd configs.. because freeradius auth
user successfully. Can you please look at my pptpd configs, maby a did
mistake somewhere
16.11.2012 13:29, Khapare Joshi пиÑеÑ:
I have done poptop+freeraius+AD integration successfully :
But i see you
On 11/16/2012 11:27 AM, Carlos Velasco wrote:
According to RFC2548, after 0x0701 should be the Encrypted-Hash
16 octects, but they are all 00.
I am trying to find out why, seems a bug in Cisco part. But I think
this works fine with Cisco ACS radius. :S
The CPW packet lets you send the
Hello,
I have a problem with radwho since I upgraded from 2.1.10 to 2.2.0. The
same configuration (I'm trying now the default configuration installed
from ubuntu packages) works with version 2.1.10 and not with 2.2.0. The
error I get is;
radwho: No configuration information in radutmp
On 16/11/12 11:43, Carlos Velasco wrote:
I don't see LM hashes allowed in the Radius attributes for password
change. Don't seem Cisco using them.
Sorry yes ignore me; I'm being dumb.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 16/11/12 11:20, Dmitry Korzhevin wrote:
Guys,
Same server, i am trying to configure pptpd with radius, please give
advice, why it is not working. Radius auth is succesfull..
RADIUS is fine, this isn't a question for the FR list.
/etc/ppp/options.pptpd http://dpaste.com/832026/
I think
Hello,
Just a quick question, before I loose too much time on this. Is the
debian build system on the master repository working ? I'm getting hard
time to build the deb packages.
git clone from yesterday, ubuntu 12.04 LTS
Olivier
--
Olivier Beytrison
Network Security Engineer, HES-SO
hello everybody,
i ve got trouble with encrypted password. I want to manage users with password
wich are more longer than 8 caracters.
When i use radcrypt (based on crypt), it doesn't work. It's normal due to
limitation of crypt. I must cut password to 8 caracters for make running.
When i
On 16 Nov 2012, at 12:58, Olivier Beytrison oliv...@heliosnet.org wrote:
Hello,
Just a quick question, before I loose too much time on this. Is the
debian build system on the master repository working ?
I've had issues with it, but haven't had time to track down the cause, what
problems
On 16.11.2012 14:21, Arran Cudbard-Bell wrote:
On 16 Nov 2012, at 12:58, Olivier Beytrison oliv...@heliosnet.org wrote:
Hello,
Just a quick question, before I loose too much time on this. Is the
debian build system on the master repository working ?
I've had issues with it, but
/vpn_nimas_tk-auth-%Y%m%d -
/var/log/radius/radacct/vpn_nimas_tk-auth-20121116
(17) detail-vpn_nimas_tk-auth :
/var/log/radius/radacct/vpn_nimas_tk-auth-%Y%m%d expands to
/var/log/radius/radacct/vpn_nimas_tk-auth-20121116
(17) detail-vpn_nimas_tk-auth : expand: %t - Fri Nov 16
14:19:36 2012
(17
vazoumana fofana wrote:
When i use radcrypt (based on crypt), it doesn't work. It's normal due
to limitation of crypt. I must cut password to 8 caracters for make running.
That's how crypt works.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 16 Nov 2012, at 11:11, Phil Mayers p.may...@imperial.ac.uk wrote:
On 11/16/2012 10:55 AM, Arran Cudbard-Bell wrote:
Done. Yeah there were some pretty poor typos, looks like no one's
actually tried to build that code in a while. We really need to get
an automated build system setup
Hi there,
I'm new to this list, but anyway I hope I can ship all information you need.
I had to compile the newest Version (2.2.0) of the FreeRadius-server
today at work on a openSuse server (I think it's 11 or 12, 64 bit).
There were 2 or 3 compiler warnings because in xlat.c[0] some
Matthias Beyer wrote:
I had to compile the newest Version (2.2.0) of the FreeRadius-server
today at work on a openSuse server (I think it's 11 or 12, 64 bit).
There were 2 or 3 compiler warnings because in xlat.c[0] some functions
could not be referenced.
I'm not sure what that means.
Guys, does anybody know something about maximum username length and user
password lengt?
I try to use next login passwords without success (checked with radtest):
http://dpaste.com/832115/
Best Regards,
Dmitry
---
Dmitry KORZHEVIN
System Administrator
STIDIA S.A. - Luxembourg
e:
here is my option files if this helps :
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 192.168.1.1
ms-dns 192.168.1.2
ms-wins 192.168.1.3
proxyarp
debug
lock
nobsdcomp
novj
novjccomp
nologfd
auth
nodefaultroute
plugin radius.so
plugin radattr.so
On
Arran Cudbard-Bell wrote:
These were originally added by a guy at Mancala networks,
Uh, no. I wrote most of them, including the test framework Others
contributed a few tests.
they test basic functionality and have caught some issues in the past. It
might be good to expand them.
Yes.
op should be := and (not ==)
On 16.11.2012 16:45, Dmitry Korzhevin wrote:
Guys, does anybody know something about maximum username length and
user password lengt?
I try to use next login passwords without success (checked with radtest):
http://dpaste.com/832115/
Best Regards,
Dmitry
---
Olivier Beytrison wrote:
With those activated, it fails at linking rlm_sql_log.la
LINK rlm_sql_log.la rlm_sql_log.lo
libtool: link: warning: `-release' is ignored for convenience libraries
Well, that's minor.
ar:
Khapare Joshi wrote:
here is my option files if this helps :
No.
This is the FreeRADIUS mailing list. Questions about interactions
between FreeRADIUS and other programs are on topic. Questions about how
to configure something else aren't.
Alan DeKok.
-
List info/subscribe/unsubscribe?
Dmitry Korzhevin wrote:
Guys, does anybody know something about maximum username length and user
password lengt?
The RFCs say 253 octets for user name, and 128 for password.
I try to use next login passwords without success (checked with radtest):
http://dpaste.com/832115/
Which is
Angel L. Mateo wrote:
Hello,
I have a problem with radwho since I upgraded from 2.1.10 to 2.2.0.
The same configuration (I'm trying now the default configuration
installed from ubuntu packages) works with version 2.1.10 and not with
2.2.0. The error I get is;
radwho: No configuration
On 16 Nov 2012, at 15:46, Alan DeKok al...@deployingradius.com wrote:
Arran Cudbard-Bell wrote:
These were originally added by a guy at Mancala networks,
Uh, no. I wrote most of them, including the test framework Others
contributed a few tests.
Ah sorry. Well technically you were also
Edgar Fuß wrote:
Digging through the rlm_perl source, I stumbled over the following:
1. Is it on purpose that it normally checks USE_ITHREADS and only perl_xlat
checks WITH_ITHREADS?
No. It should be fixed.
2. Is it also on purpose that radiusd::radog is newXS'd only after
On 16/11/12 14:08, Carlos Velasco wrote:
On 16/11/12 11:43, Carlos Velasco wrote:
I don't see LM hashes allowed in the Radius attributes for password
change. Don't seem Cisco using them.
Sorry yes ignore me; I'm being dumb.
Ok. After further findings... it is a bug in Cisco IOS router
EF Is it also on purpose that radiusd::radog is newXS'd only after
perl_parse()?
AdK No idea.
I'm not familiar with the FreeRADIUS project: Is there something like a
maintainer of the rlm_perl module I could ask this question?
AdK Well, patches are welcome.
That would be trivial: move the
brad wrote:
On proxy radius –X shows:
User-Name = “root”
Yes, because that's the user being authenticated.
Is there a way to get the client to send the id of the person logging in
through sudo su - to show as “Bob” rather than “root”.
I don't think so.
If there is a way, see the PAM
Edgar Fuß wrote:
EF Is it also on purpose that radiusd::radog is newXS'd only after
perl_parse()?
AdK No idea.
I'm not familiar with the FreeRADIUS project: Is there something like a
maintainer of the rlm_perl module I could ask this question?
On this list.
Alan DeKok.
-
List
On 16.11.2012 16:55, Alan DeKok wrote:
Olivier Beytrison wrote:
With those activated, it fails at linking rlm_sql_log.la
LINK rlm_sql_log.la rlm_sql_log.lo
libtool: link: warning: `-release' is ignored for convenience libraries
Well, that's minor.
ar:
Hi Alan,
I can achieve similar results through sudo and allowed exceptions, was just
hoping for an easier and more straight forward approach with sudo root.
Thanks for answering.
-Original Message-
From: Alan DeKok
Sent: 11/16/2012 11:59 AM
To: FreeRadius users mailing list
Subject:
Tried with my git clone from yesterday but still got a weird error at
the begining of the package creation. cloned a fresh copy, added a few
arguments to debian/rules. Compilation is ok, weird error persist.
see http://pastebin.com/JDHm5dWq
Yes i've been working on this too today as I
41 matches
Mail list logo