On 24/05/13 17:19, Alan Buxey wrote:
The only difference I can see is that the first example uses a
plain-text password, and the RADIUS on the LNS is using CHAP?
The backend database has "=" in the 'op' field (and not ":="), so the
returned attribute is "Auth-Type = Reject" and not "Auth-Type :
Show us the radius server debug
alan
--
This smartphone uses eduroam for free WiFi access around the world. Now that's
what I call smart.
Original message
From: Matthew Melbourne
Date: 24/05/2013 17:10 (GMT+00:00)
To: freeradius-users@lists.freeradius.org
Subject:
Hi,
I
Hi,
I have an interesting scenario where a broadband user has
"Auth-Type=Reject" configured as an attribute in the back-end database
of FreeRADIUS, and this sppears to be working, as radtest and
radclient confirm (the Access-Reject packet is received):
[root@radius-one radius]# echo
"User-Name=mm
Using global IPV6 addresses worked. Thanks for the help.
Mike
> -Original Message-
> From: freeradius-users-
> bounces+michael.sherman=exfo@lists.freeradius.org
> [mailto:freeradius-users-
> bounces+michael.sherman=exfo@lists.freeradius.org] On Behalf Of
> Alan DeKok
> Sent: Frida
Dan Lietz wrote:
> I’m pretty much a noob when it comes to freeradius as I still don’t
> completely understand what files are used for authorization and
> authentication and where to put different certain pieces of configuration.
Rule 1: don't touch anything. The configuration is complicated, b
Stefan Winter wrote:
> I don't *know* why this doesn't work, but it does with our global-scope
> addresses just fine, so I'm guessing it's the address type.
>
> Especially since link-local addresses are only valid with an interface
> scope.
Exactly.
> is the valid address. I don't know if the
Arvind Bahuguni wrote:
> Hi,
> Need help in resolving radius issues. My radius server is not
> processing accounting packets, radius server is sending access-accept
> but not proceeding further with accounting, it will send access-accept
> and start waiting for another request.
This is in the F
On Friday, May 24, 2013 01:47:36 PM Pieter Hulshoff wrote:
> I guess that if we want to use AEAD cyphers we'll need to find another TLS
> library or adapt/contribute to OpenSSL?
It seems some people are way ahead of me:
http://en.wikipedia.org/wiki/Comparison_of_TLS_Implementations#Encryption_Algo
On 24/05/13 12:47, Pieter Hulshoff wrote:
I guess that if we want to use AEAD cyphers we'll need to find another TLS
library or adapt/contribute to OpenSSL?
I think they're supported as of OpenSSL 1.0.1, so merely compiling
against that should be sufficient, but both ends then need to use TLS
On Friday, May 24, 2013 12:21:47 PM Phil Mayers wrote:
> On 24/05/13 11:44, Pieter Hulshoff wrote:
> > Hello all,
> >
> > Does FreeRADIUS support AES-GCM in EAP-TLS? I couldn't find the term in
> > the
> > documentation, the wiki or the mailinglist archives, but perhaps I'm
> > looking in the wron
On 24/05/13 11:44, Pieter Hulshoff wrote:
Hello all,
Does FreeRADIUS support AES-GCM in EAP-TLS? I couldn't find the term in the
documentation, the wiki or the mailinglist archives, but perhaps I'm looking
in the wrong place?
Typically this is down the TLS libraries; it's not usually the case
Hello all,
Does FreeRADIUS support AES-GCM in EAP-TLS? I couldn't find the term in the
documentation, the wiki or the mailinglist archives, but perhaps I'm looking
in the wrong place?
Kind regards,
Pieter Hulshoff
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htm
Ah, I forgot about rlm_cache. The primary group will always be the same
strangely enough, so I only need to look it up once.
I'll look into the cache
Thanks
Andy
-Original Message-
From:
freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org
[mailto:freeradius-users-bounces+
On 05/24/2013 09:12 AM, Pieter Hulshoff wrote:
Hello all,
I'm new to the list, relatively new to authentication, and I'm trying to figure
out some details regarding the RFCs. I was hoping some of you might be able
and willing to help me out here.
As I understand it, using TLS you can authentica
Hello all,
I'm new to the list, relatively new to authentication, and I'm trying to figure
out some details regarding the RFCs. I was hoping some of you might be able
and willing to help me out here.
As I understand it, using TLS you can authenticate the server and optionally
the client, negot
On 05/24/2013 05:18 AM, Stefan Winter wrote:
simply isn't an IPv6 address
Very true.
"fe80::215:17ff:fed0:d278%eth0"
is the valid address. I don't know if the FreeRADIUS address parser is
prepared to handle such interface-scoped addresses. There's not much use
case for this.
Not sure I co
On 05/23/2013 07:43 PM, Franks Andy (RLZ) IT Systems Engineer wrote:
Seems a bit excessive to do it each request. I know it’s not something
likely to changegidoften but would like to not have to update itat all
should it change. We have an “over zealous” AD administrator..
But primary group is
17 matches
Mail list logo