Hi everybody,,
I have configured a proxy server with 'type=client-port-balance'. I
have configure two backed FR servers(192.168.0.109 and 192.168.0.112).
I am sending requests from a PC to 192.168.0.102 ( acting as proxy
server). But requests are forwarded to only one FR server (i-e
192.168.0.112)
On Wed, Feb 20, 2013 at 10:46:59PM +0100, tabibel sami wrote:
> Hello, i try to make a virtual infrastructure for testing wireless eap
> authtication via freeradius, so i created three virtual machine for
> supplicant, authenticator (point access), radius server
> i installed wpa_supplicant on firs
Adam Moffett wrote:
> Does the output from radius -X display all of the attributes in a
> request from a client?
Yes. FreeRADIUS isn't in the business of hiding information from the
administrator.
> If not, is there a way to see all of the
> attributes in the request? I'm looking for the val
Hello, i try to make a virtual infrastructure for testing wireless eap
authtication via freeradius, so i created three virtual machine for
supplicant, authenticator (point access), radius server
i installed wpa_supplicant on first machine, freeradius on server, but i
have no idea on how can i simul
Does the output from radius -X display all of the attributes in a
request from a client? If not, is there a way to see all of the
attributes in the request? I'm looking for the value of a VSA and I'm
not seeing it. I'm not sure if it's not being displayed in the debug
output or just not ther
Try changing wait to "yes".
Zombies are processes that have ended, but for which the parent has not
"waited" to acknowledge the death of the child.
Their 'slot' in the process table has not been freed for re-use.
-Original Message-
From: steff...@gmx.de
Sent: Wednesday, February 20,
Wow, thank you so much Alan.
It works flawlessly.
Thanks again.
Regards,
*
Oscar Remírez de Ganuza Satrústegui*
Servicios Informáticos (Área de Infraestructuras)
Universidad de Navarra
Tel. +34 948425600 x803130
http://www.unav.es/SI/
On Wed, Feb 20, 2013 at 4:21 PM, Alan DeKok wrote:
> Óscar
Original-Nachricht
> Datum: Wed, 20 Feb 2013 10:59:14 -0500
> Von: Alan DeKok
> An: FreeRadius users mailing list
> Betreff: Re: echo module creating zombies
> steff...@gmx.de wrote:
> > I have a problem regarding the echo module which on my system creates
> zombie processes.
steff...@gmx.de wrote:
> I have a problem regarding the echo module which on my system creates zombie
> processes. I am using the following settings for echo:
>
> wait = no
> program = "/bin/true" (just for testing purposes)
> packet_type = Access-Accept
>
> After echo execs the program in quest
Original-Nachricht
> Datum: Wed, 20 Feb 2013 10:29:07 -0500
> Von: "Craig Campbell"
> An: "FreeRadius users mailing list"
> Betreff: Re: echo module creating zombies
> Try changing wait to "yes".
>
> Zombies are processes that have ended, but for which the parent has not
> "
Óscar Remírez de Ganuza Satrústegui wrote:
> We were able to /bypass/ the ntlm_auth on some users/groups defining on
> the users file the control item "MS-CHAP-Use-NTLM-Auth := No".
>
> But is there a way to configure freeradius such that if
> Cleartext-Password password is available it uses it, a
Quoting a.l.m.bu...@lboro.ac.uk:
you might want to look into 'eduroam CAT' tool - as your NREN
federation/eduroam people about it.
Thanks very much! I'll look into it.
whoa re your instructions aimed at? I worry a great deal about them
because you arent telling them to install/verify a CA or
Good afternoon everybody,
We have configured freeradius to authenticate against Active
Directory/Samba using ntlm_auth, following the instructions on:
http://deployingradius.com/documents/configuration/active_directory.html
Everything works as expected.
Right now on our production server we are u
Hello list,
I have a problem regarding the echo module which on my system creates zombie
processes. I am using the following settings for echo:
wait = no
program = "/bin/true" (just for testing purposes)
packet_type = Access-Accept
After echo execs the program in question there is an undead chi
Thank you very much for the explanation.
Regards,
Ahmed.
--
Scanned by iCritical.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 20/02/13 13:08, ahmed.sa...@stfc.ac.uk wrote:
Hi Phil,
That could be the problem.
I am using LDAP to get user information. getent passwd works okay
everytime I have system to use LDAP for accounting. Do I have to
set it up in FreeRadius as well? Or shall I do either or?
I don't unders
On 20/02/13 13:31, Dominique Frise wrote:
Hi Phil,
Here below a debug output :
==
rad_recv: Access-Request packet from host 127.0.0.1 port 11148, id=74,
length=94
User-Name = "dfrise"
User-Password = "276988"
Ok, so the PIN is appended to the password. In
Hi,
> Eventually, though, it turned out that the most important issue was
> with OS X 10.7 (Lion). With this particular version of Apple's OS,
yes, I know. Apple suck for doing this. I manage campus network at
Loughborough university and eduroam federation in the UK
and so am well aware of OSX a
Quoting a.l.m.bu...@lboro.ac.uk:
SSL certs can be in various formats. Ones that are 'usable'
depends on the underlying code, but the useful types are
usually PEM, DER (also known as CER) and P12these are
all active certs. CSR is a certificate signing request file
and isn't a valid cert for c
Srinu Bandari wrote:
> Alan,
>
> We had tried with latest build, now it sends Access-Challenge and there is a
> segmentation fault.
>
> Please find debug log for the latest ones as below.
Whoops. Please do a "git pull". It should work now.
Alan DeKok.
-
List info/subscribe/unsubscribe? S
Hi Phil,
Here below a debug output :
==
rad_recv: Access-Request packet from host 127.0.0.1 port 11148, id=74,
length=94
User-Name = "dfrise"
User-Password = "276988"
NAS-IP-Address = 13.22.27.94
NAS-Identifier = "sshd"
NAS-Port = 101
Hi,
> I run the server in debugging mode using -X.
thats good. keep it to yourself, that'll help.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Oliver Warda wrote:
> Now, I have the demand to implement RADIUS Proxy also.
> As I understand MAC Auth is done before RADIUS Proxy.
Yes.
> But I do not want to administrate about 5.000 RADIUS Proxy clients in my
> authorized_macs file (RADIUS Proxy is using 802.1x only).
>
> Is there a way
Hi Phil,
That could be the problem.
I am using LDAP to get user information. getent passwd works okay everytime
I have system to use LDAP for accounting. Do I have to set it up in FreeRadius
as well? Or shall I do either or?
Regards,
Ahmed.
--
Scanned by iCritical.
-
List info/subscribe/u
On 20/02/13 11:53, ahmed.sa...@stfc.ac.uk wrote:
Hi,
I can authenticate using Kerberos, by running radius in debugging mode.
I can see that I get Access-Accept packet but SSH doesn’t gets logged in.
I get following in /var/log/messages
pam_radius_auth: DEBUG: getservbyname(radius, udp) returne
On 20/02/13 12:47, Phil Mayers wrote:
...and then:
authorize {
Damn, sorry this is not right. The 2nd "update" will squash the return
values.
You'll need:
authorize {
# first, just check the cache, don't
# create entries or set reply attrs
update control {
Cache-Status-Only = ye
On 20/02/13 08:38, Dominique Frise wrote:
Hi,
We would like to configure a freeradius proxy-server v. 2.2.0 under
RHEL6 with users caching.
The scenario we would like to achieve is the following:
1. client sends username/OTP to freeradius-proxy that relays to central
radius server.
Central rad
Hi,
I can authenticate using Kerberos, by running radius in debugging mode. I can
see that I get Access-Accept packet but SSH doesn't gets logged in.
I get following in /var/log/messages
pam_radius_auth: DEBUG: getservbyname(radius, udp) returned -562132672.
pam_radius_auth: RADIUS server 127.0
Do you mean the server file?
Its /etc/raddb/server
127.0.0.1 testing123 3
I run the server in debugging mode using -X.
Regards,
Ahmed.
-Original Message-
From: freeradius-users-bounces+ahmed.sajid=stfc.ac...@lists.freeradius.org
[mailto:freeradius-users-bounces+ahmed.saji
Hi,
>pam_radius_auth: DEBUG: getservbyname(radius, udp) returned -562132672.
>pam_radius_auth: RADIUS server 127.0.0.1 failled to respond
>pam_radius_auth: All RADIUS servers failed to respond.
is the RADIUS server actually running when you are trying this? what does
/etc/pam_radius_
Hello everybody,
I'm using FR 2.1.12 on CentOS 6.3
802.1x and MAC Auth as described in WiKi is working fine.
Authentication is done local
Now, I have the demand to implement RADIUS Proxy also.
As I understand MAC Auth is done before RADIUS Proxy.
But I do not want to administrate about 5.000 R
On 2/20/13, a.l.m.bu...@lboro.ac.uk wrote:
> Hi,
>
>> be used if a proxy server become down). So i can configure multiple
>> Proxy servers, which are load balancing among same Freeradius servers.
>> hopefully u understand the scenario. Thanks
>
> okay. so back to the other questions - how many cli
Hi,
> be used if a proxy server become down). So i can configure multiple
> Proxy servers, which are load balancing among same Freeradius servers.
> hopefully u understand the scenario. Thanks
okay. so back to the other questions - how many clients and what sort of
auths/sec speed are you lookin
On 2/20/13, a.l.m.bu...@lboro.ac.uk wrote:
> Hi,
>
>> Is there any other way to do this??? suppose i have hundreds of NAS,
>> how their requests can be sent in parallel, to different FR??? Is FR
>> support such a mechanism without using REALM and PROXY???
>> If yes., what is it???
>
> 1)
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
(But the essence of it is, to unsubscribe, go here:
http://lists.freeradius.org/mailman/listinfo/freeradius-users)
--
Jon "The Nice Guy" Spriggs
On 20 February 2013 10:29, Andrew Long wrote:
> unsubscribe
> -
> Lis
Hi,
> Is there any other way to do this??? suppose i have hundreds of NAS,
> how their requests can be sent in parallel, to different FR??? Is FR
> support such a mechanism without using REALM and PROXY???
> If yes., what is it???
1) why would you want to send a request from a NAS in pa
On 2/20/13, a.l.m.bu...@lboro.ac.uk wrote:
> Hi,
>
>> Basic purpose is 'load-balancing' on a cluster of Freeradius servers.
>
> why? do you need to load-balance in this manner? can your clients
> not do any load balancing? the FR balance code worksas you say, if you
> only
> have 2 NAS then
unsubscribe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> Basic purpose is 'load-balancing' on a cluster of Freeradius servers.
why? do you need to load-balance in this manner? can your clients
not do any load balancing? the FR balance code worksas you say, if you only
have 2 NAS then you only get 50/50 - with more it will spread.
apart f
On 2/20/13, a.l.m.bu...@lboro.ac.uk wrote:
> Hi,
>
>> My primary goal is to configure a fast system to authenticate EAP-TLS
>> requests. For this purpose i used proxy (to distribute requests to
>> different freeradius servers). Now i just wanna confirm
>> NumberOfRequests/second , handled by my sy
Hi,
> My primary goal is to configure a fast system to authenticate EAP-TLS
> requests. For this purpose i used proxy (to distribute requests to
> different freeradius servers). Now i just wanna confirm
> NumberOfRequests/second , handled by my system.
what is fast? (I can make a RADIUS server fa
On 2/20/13, a.l.m.bu...@lboro.ac.uk wrote:
> Hi,
>
>> requests to two backend servers. in 'proxy.conf' i have configured
>> 'type=client-balance' so that it can work with EAP.
>
> client-port-balance
>
>> Now i wanna do load testing of this configuration with EAP-TLS.
>> So with configuration i ne
Hi,
We would like to configure a freeradius proxy-server v. 2.2.0 under
RHEL6 with users caching.
The scenario we would like to achieve is the following:
1. client sends username/OTP to freeradius-proxy that relays to central
radius server.
Central radius server accepts and replies to freera
On 2/20/13, a.l.m.bu...@lboro.ac.uk wrote:
> Hi,
>
>> requests to two backend servers. in 'proxy.conf' i have configured
>> 'type=client-balance' so that it can work with EAP.
>
> client-port-balance
>
>> Now i wanna do load testing of this configuration with EAP-TLS.
>> So with configuration i ne
Hi,
> requests to two backend servers. in 'proxy.conf' i have configured
> 'type=client-balance' so that it can work with EAP.
client-port-balance
> Now i wanna do load testing of this configuration with EAP-TLS.
> So with configuration i need to have a lot of NAS, with different
> IP's. But I o
45 matches
Mail list logo