hi,
ensure you have 'pap' authentication module as the last in your list,
DONT set Auth-Type:= Local
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi,
a couple of my workstations are Ubuntu Linux systems using wpa_supplicant
to EAP auth on the wired and thus get a different VLAN to the other
nearby 'untrusted' systems ;-)
I dont see any reauth every 30 seconds. cisco switches used with FR 2.0.3
alan
-
List info/subscribe/unsubscribe? See
Hi,
> Hi,
>
> I need what is called a Authen/Radius.pm file. for my application
> authentication, does anyone know where I can get one of these from, this is
> to allow my perl script to run Authen::Radius
PERL library
sometimes installable via eg perl-authen-radius.rpm or somesuch,
or downlo
Hi,
>
> Okey, i've searched and searched for a hint, hopefully this isn't one of
> those RTFM messages, and hopefully I didn't read an invalid FM ;-)
>
> I'm trying to "emulate" the edunet network wireless roaming network, which
> primarily uses (in this order):
>
> EAP-TTLS
> PEAP
> EAP-MSCHAPv2
Hi,
> > > > RPM build errors:
> > > > File not found:
> > /var/tmp/freeradius-server-root/usr/share/freeradius-server
> > > >
> > >
> > > [EMAIL PROTECTED] SPECS]$ ls /var/tmp/freeradius-server-root/usr/share/
> > > doc freeradius man
> >
> > freeradius is freeradius-server - so chang
Hi,
> > RPM build errors:
> > File not found:
> > /var/tmp/freeradius-server-root/usr/share/freeradius-server
> >
>
> [EMAIL PROTECTED] SPECS]$ ls /var/tmp/freeradius-server-root/usr/share/
> doc freeradius man
freeradius is freeradius-server - so change the rpmbuild accordingly.
alan
-
Hi,
> I've always had the user enter their username and password, and saved it
> with the configuration though, and I've only used it for wired connections
> only, as PAP does not provide keying material for wireless clients !!
PAP? you can use SecureW2 for proper TTLS/MSCHAPv2 too...
alan
-
L
Hi,
> I have a freeradius-1.1.3-1.2.el5 into a CenOS 5, this is working without
> problem. The radius is for authenticate a wireless network clients.
build a nice new RPM from the 1.1.7 sourceball. you need at least
1.1.4 to fix Vista issues
alan
-
List info/subscribe/unsubscribe? See http://ww
Hi,
> The way your doing things seems very sensible. 'live live live!' accounting
> will always run into problems when there are spikes in the volume of
> accounting packets. Course there are still thread limits on the server, but
> at least you've eliminated one of the major bottlenecks.
>
> W
Hi,
> thank you for your help I was able to find where to enable the sql but now
> I get this error.
>
> rlm_sql (sql): Could not link driver rlm_sql_mysql: rlm_sql_mysql.so:
> cannot open shared object file: No such file or directory
> rlm_sql (sql): Make sure it (and all its dependent librarie
Hi,
> Quite. I believe you'll probably run into problems with MyISAM if you've
> got a loaded RADIUS server. It's taken around 6 months for serious issues
> to occur. We switched over to some new more 'chatty' firmware on our access
> points, and that seemed to push it over the edge. Database e
Hi,
>> Also the index 'acctsessiontime' is missing for the radacct table in the
>> default schema; makes the Accounting-On / Accounting-Off queries very slow
>> doing a table scan on 1.4 million rows... Is this intentional or an
>> oversight ?
>
> In the postgres schema, there's a conditional co
Hi,
> Also the index 'acctsessiontime' is missing for the radacct table in the
> default schema; makes the Accounting-On / Accounting-Off queries very slow
> doing a table scan on 1.4 million rows... Is this intentional or an
> oversight ?
>
> Might be an Idea to specify the default engine as I
Hi,
> > Any suggestion for improving the throughput and accelerating the queries?
>
> Index the tables.
>
> Increasing database performance is usually documented on the database
> web site.
depending on version of PostGreSQL you may also need to 'vacuum' the database
to clean up nodes etc
Hi,
> For Windows supplicants, we will use PEAPv0/MS-CHAPv2.
>
> For non-Windows supplicants, we would use EAP/TTLS and
> MD5 as the inner method.
>
> I am confused as to how to configure FreeRADIUS 2.0.1
> to accomplish this simultaneous behaviour. What causes
> me to be confused is this direct
Hi,
> PC 1: Supplicant.Access by networkManager.
> The crendential are: login= [EMAIL PROTECTED] passwd=david EAP=TTLS phase2=PAP
> PC 2: HostAP. It's correctly configured and works fine.
> PC 3: Proxy Freeradius. It has got a realm i2t defined, and proxyes the
> access requests to de PC4.
> PC 4:
Hi,
> who give some data of performace?
what, exactly, are you after - requests per second etc? it all
depends on what you DO in the PERL module. if you make calls
to a DB in the PERL then that would be the bottleneck.
personally we use rlm_perl and i believe it should have been
taken out of 'e
hi,
ensure that the experimental.conf is enabled in the main
config. ensure that the calls you require for PERL are then
enabled in experimental.conf
then simply call 'perl' in the required section of your
enabled servers... eg in authorize, post_auth, authenticate
etc
alan
-
List info/subscribe
Hi,
> I am trying to get a freeradius implementation rolled out for the first
> time and am running into a few issues that I cannot seem to resolve. I
> have a Cisco 2960 in a test lab with a Linux server running freeradius
> 2.0.0 for authentication. There are 2 problems I am running into.
Hi,
> There is another question: How to delete a user from rlm_dbm?
> I delete the user from the users file. and do "rlm_dbm_parser -i users -o
> xxx.db", But the deleted user does not disspear from xxx.db.
according to rlm_dbm_parser,
-r remove user(s) from database
so
rlm_dbm
Hi,
> Tim White wrote:
> > Bummer. Does anyone know how to get a format that doesn't use Words
> > (month Name)?
>
> Edit src/lib/print.c to print dates in a different format. Or, make a
> suggestion for the format you like...
hmm, a feature request? what variable in the config though?
prin
hi,
you cant do this - the request must go through a full EAP
validation cycle - otherwise the client will just barf.
you dont 'need' certs if you want to be insecure on the
client (but thats foolish) but you do need to take the
incoming request and then do a challenge response against
the PEAP/M
Hi,
> [EMAIL PROTECTED] raddb]# rlm_dbm_cat -f users.db
> "hhe4" Cleartext-Password := "hhe123"
> Reply-Message = "Hello"
>
> "hhe123"Cleartext-Password := "hhe123"
> Reply-Message = "Hello"
i have a theory of
Hi,
>
> Yes I did make that change. What in the output
> suggested I didn't?
Auth-Type already set
> I don't know what the deal is, it seems odd that it
> will read the file and proxy my requests but failed to
> authenticate a locally defined user in the file.
its matching on line * (iirc) th
Hi,
> I am trying to setup freeradius 1. I have chap authentication working with
> mysql but pap authentication will not work with mysql. This is what I
> receive from the nas when someone trys to connect.
radius.conf does not contain the full sql details - eg sql.conf,
the required SQL backen
Hi,
>
> No love man.
>
> Changed the huntgroup defination and also changed the
> sites-enabled/SERVER-1760 file to read.
did you edit the users file according to the instructions too?
..the debug logs suggest otherwise
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/li
Hi,
> Ladies and Gentlemen,
>
> I am trying to find out how I can check what options
> the freeradius binary available for download was
> compiled with. I have STFW and RTFM, but still am
> not sure as to how to check. radiusd -X gives some
> information, but
> nothing about what freeradius was
Hi,
> rather than a problem, this is a question.
> I assume you know what eduroam is, but just in case:
> What is eduroam
several members of this list are involved in eduroam at sites
worldwide.
> What happens is that the EAP conversation traverls in cleartext across
> the public internet (reall
Hi,
>
> The wpa_supplicant keeps looping looking for missing keys
> accordint to Jouni. I suspected my Cisco access point was
> not configured properly, but Cisco claims that FreeRADIUS is
> asking the access point about dynamic VLANs which aren't even
> configured in FreeRADIUS (see configurati
Hi,
> I couldn't be able to link the driver of mysql 5 with free radius
> 2.0.2due to this file "rlm_sql_mysql.so". I couldn't locate this file
> in my
> entire system. I've gone througe all the faq's, but it doesn't work. the
> error's still there.
answered every week on this list. your sy
Hi,
> hi Alan,
>
> where is the db_mysql.sql file in 2.0.2?
> i've searched whole, but found nothing.
freeradius-server-2.0.2/raddb/sql/mysql/nas.sql
freeradius-server-2.0.2/raddb/sql/mysql/schema.sql
freeradius-server-2.0.2/raddb/sql/mysql/ippool.sql
alan
-
List info/subscribe/unsubscribe? See
Hi,
> But, I don't understand, how can be shown it if password is encrypted
> in LDAP and I am using EAP-TTLS, is not the password into the tunnel?.
> I am using securew2 with PAP from windows clients. Does it mean that
> password could be sniffed when radius is not running in debug mode??
the se
Hi,
> Sorry for insist on, but is right that in debug mode show the user
> password, even using tunnel?
yes - if the password is available is a clear format - eg not
a challenge/response method. ALL passwords get printed in clear
text.
alan
-
List info/subscribe/unsubscribe? See http://www.freer
Hi,
> I've been simulating the traffic with JRadiusSimulator and used the
> EAP-TTLS/PAP option. Is there any other simulator you know of which I can
> use to simulate EAP-TTLS/(PAP and MS-CHAPv1)? I appreciate your help.
wpa_supplicant is a good tool
alan
-
List info/subscribe/unsubscribe? Se
Hi,
> Arran Cudbard-Bell wrote:
> > Woah, get that working with SQL and you have an insanely useful feature.
> > Oooo what VLANS does this NAS support, hmm i'll just check the client
> > VLAN tags. Where is this NAS located, hmm i'll just check the
> > arbitrarily populated location tag.
>
> Err
Hi,
> Tue Feb 12 23:45:21 2008 : Error: Warning: Found 2 auth-types on request
> for user '[EMAIL PROTECTED]'
> Tue Feb 12 23:45:21 2008 : Debug: rad_check_password: Auth-Type = Accept,
> accepting the user
whoah. WinXP is very fussy (as should all EAP clients) about getting a proper
EAP re
hi,
a single FreeRADIUS server can do this. simply put each range
of NASs into different groups and then use the group and
groupreply tables in the SQL to do your return code work.
if you cant google for "SQL howto freeradius" then
http://wiki.freeradius.org/SQL_HOWTO#Configuring_FreeRadius_to_u
Hi,
> hi,
> In order to connect to mysql what are the necessary configuration files
> to be changed.
1.x or 2.x ?
generally, you need to edit radiusd.conf and.or sites-enabled/*
to ensure that the sql.conf is loaded. then you need to edit
sql.conf appropriately
alan
-
List info/subscribe/uns
Hi,
> Hello!
>
> i use freeradiusd 1.7, rlm_perl with thread conf:
>
> thread pool {
> start_servers = 100
> max_servers = 1500
> min_spare_servers = 1
> max_spare_servers = 10
> max_requests_per_server = 10
> }
>
> rlm_sql uses mysql.
>
> All works fin
Hi,
> i am sorry, but my server doesn't have any internet-access... so, i can't use
> cvs for updating.
use CVS on another machine, tar up the resulting CVS checkout, copy
it to the server and recompile. it must have networking or some sort
to be a radius server, n'est pas? ;-)
alan
-
List info
hi,
..and i'd like to add that, once again, we are not seeing the whole
picture - eg your configuration files and/or SQL tables. this case
hence drags on and on...
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> Yes this is why I started looking at the debugs to see what was happening
> and found the attribute rewrite issue where it says it cannot find the
> configuration token, if I take the Configuration token out of the radgroup
> reply it shows one, if I take the attrib-rewrites out it only show
Hi,
> Ok but then
>
> The thing about the attr_rewrite module is that it looks at ALL attributes
> in the list. In this case, you have two Configuration-Tokens. One has
> value "SHAPED_NORMAL", and the other "UNSHAPED_NORMAL". It doesn't match
> the first, but it does match the second. After
Hi,
> else you can get into a situation where the compiler assumed the function
> (in this case ldap_get_values) returns an int (32bit), but it actually
> returns a pointer (64bit on 64 bit systems) which can then get truncated
> (which is likely why it always looked the same, because the part
Hi,
> I do not receive any comment about my supplied patch.
>
> I will try to explain my issue better:
I understood what you stated - and the patch does appear
to handle the 'old style' 1.1.x DEFAULT handle properly.
..the old system could just be given a DEFAULT and
stuff would go to it . i'm n
Hi,
> Thank you all.
>
> But how do I do this? Does any one has a tutorial about it?
add the required parts to the radius config files to enable
krb5 (direct password check) against the AD - you will also need to ensure
your kerberos environment is sane and works
eg run the command
kinit your_
hi,
spending more time posting pseudo-insults and complaints to people posting
bahaviour RATHER than the config/file-debug etc as requested aint going to
help anyone. sure, some sarcastic comments arent necessary, but the
basic method of using this list doesnt change.
as previously mentioned
Hi,
> hi,
> I am trying to use mysql database with free radius 2.0.0 for the first
> time. I am using centOS 4.5 and mysql 4.1.2.The authentication works fine if
> I am using the unix username and password. I modified some configurations
> in radiusd.conf and sql.conf but it doesn't work. Ple
Hi,
> But when it checks for the attribute in the reply packet, it says it can't
> find it, but it still does the attrib-rewrite changes the values and then
> moans it couldn’t find the value pair. This is obviously not normal in my
> opinion, and thus I asked about a specific problem. I only a
Hi,
> I add the following line to the /etc/init.d/radiusd :
> start)
># Palliatif au pb du non-demarrage de radiusd apres reboot
># cf freeradius-users@lists.freeradius.org thread "no start of
> radiusd after reboot : mysql connection error"
>ping -c 1 ntp.domain.com
>
>
Hi,
> Or, delete the sql_log queries, and use the ones from rlm_sql that are
> known to work.
yes.i was thinking about why we have the stuff defined twice.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi,
I've been looking at the current state of the default (commented
out ready for use) radsqlrelay commands in radiusd.conf . for a
quick reminder they look like this:
# sql_log {
# path = "${radacctdir}/sql-relay"
# acct_table = "radacct"
# postau
Hi,
> Yes I already check that, SELINUX is disabled
>
> [EMAIL PROTECTED] ~]# cat /etc/selinux/config
> SELINUX=disabled
> SELINUXTYPE=targeted
> SETLOCALDEFS=0
>
> another idea ? perhaps something with permissions on binaries ?
what happens if you start the daemon from the command line
with
Hi,
> Do you mean that I must allow my user on the mysql server ? I don't think
> so, since there is no traffic from the freeradius to mysql at boot time.
> And furthermore, the user *is* allowed to connect to database from the
> free-radius host
> There are perhaps permissions problems on the
Hi,
> Wed Feb 6 10:43:04 2008 : Error: rlm_eap: Failed to remember handler!
> Wed Feb 6 10:43:07 2008 : Error: rlm_eap: Failed to remember handler!
> and
> Wed Feb 6 10:43:07 2008 : Error: rlm_eap_tls: Unexpected ACK received
>
>
> the reason i am looking over these logs right now is because th
Hi,
you are using 2.0.0 ...
they output you posted is not complete...
> Ready to process requests.
...which is the LAST line of output before the server is ready -
the output before gives us a lot of information.
can you connect to the mysql database from the command
line using the credential
hi,
we use FR with the VMPS module - and i can see the gotchas
with trying to run it through some of the other modules.
what we have is the VMPS calling post-auth - which runs
a PERL module. the PERL module does our dirty work (check
validity, return the correct VLAN etc) - but theres
no reason w
Hi,
> Deepak,
> Have you considered using a ldap or sql backend instead of flat-file?
those , too, will need to be refreshed via a server restart - the SQL
clients are only read upon start.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> When installing FreeRadius 2.0.1, the only thing you should need is to add
> this to /etc/raddb/users
>
> username Cleartext-Password := "thepassword"
..and the clients file (and maybe even the firewall on the server! ;-) )
so that the AP acting as a NAS can talk to FR :-)
> ...and i
Hi,
> I have been working with freeradius v.2.0.1 and a
> Cisco 1200 Series Access Point (version 12.3 IOS) for many months now
> with no success to getting this working. I am doing research on
> freeradius product for a univeristy campus that I go to for
> implementation in the near future. I a
hi,
you are still pre-proxy attr filtering?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> Hello,
> I have successfully configured freeradius 2.x to do AAA for my Cisco
> Catalyst 3560. Using modules rlm_detail I am able to log when the session
> starts and ends, however I am also interested in logging exactly what
> commands were issued by the user. Does anyone know how I c
Hi,
> Hi again and thanks,
>
> EAP-TTLS/PAP is the defaultI tried configuring the TTLS-PAP inner and
> outer tunnel but it will not work.
>
> EAP-TTLS/PAP ended
>
> A. If an incoming user conn. against the FreeRadius Server (Nr1) is
> belonging to "OTHER" (LOCAL) domain then
> the EAP-TTLS tunne
Hi,
> There is a history of this mailing list, but searching something is a
> nightmare.
>
> Imho forum would be great for that.
> Sent from my BlackBerry® wireless device
forums suck imho
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> i have OS RHEL5
it looks like it didnt build with the required debug parts - once
again, as you are using the SPEC for your distro they could have other
things that mess it up - I can only help if you build
from the source and leave package management stuff alone.
alan
-
List info/subscribe
hi,
turn on the SQL debug logging in FreeRADIUS and see
what the output of the SQl was
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
>1. Proxy authorization as well - it's not clear how to do this. Can you?
> I'd really just like to forward the entire request elsewhere, before
> anything else happens, so I'd like to check the realm FIRST, and not do
> anything if it's not a local realm.
yes, thats exactly what you d
Hi,
> hi all,
>
> Can someone give me an insigth into how a user can authenticate from
> hotspot with 10digit PIN number not username and password.
make the hotspot login only ask for a PIN, then send that as the User-Name
with a password of the same value, or whatever via a RADIUS - as per norma
Hi,
> I am using version 2.0.2-pre
> I would like to use ldap for freeradius authentication.
> I couldn't find anything on web about this topic.
> I have ldap module in the authorize section in my default virtual server.
> I see in the debug that ldap module returns ok during authorization
> plea
Hi,
> In working to get my new radius server working I have run into a snag. I
> need to authenticate using a SQL database or system password file depending
> on where the request comes from, however the user may exist in both, with
> different passwords. How do I tell it to use the MySQL u
Hi,
> Trying to run radclient to test if I have things set up correctly and I get
> this.
>
> Only similar thing I could find on the net was libcrypt being missing which
> was pointed at being an incorrect installation of openLDAP (I think).
>
> I downloaded the src and compiled from there with
Hi,
> well the previous info regarding this only being read at startup was
> specific to data in SQL, so I suppose a kill -HUP should work.
> But I haven't tested it :P, maybe someone else on the list can tell us,
> otherwise give it a go by manually updating the clients.conf and
> try a kill -
Hi,
> My radius server is not implemented yet, but i am wondering of a performance
> of it before it starts, I will need to simulate a performance test, My idea
> is to generate packet to analize the server.
doc/performance-testing
its in the freeradius archive - eg freeradius-server-2.0.1.tar.g
Hi,
> Please don't be angry. I'm trying to fix this issue because it works
> perfectly on FR1.1.7
if you've copied the config files direct from 1.1.7 to a 2.0.0
system then there will be quirks.
wheres the full debug log?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/li
Hi,
FR 1.1.6, 1.1.7 and 2.0.0/2.0.1 work fine with vista (without any special
non windows-update KBs installed)
are you using source from www.freeradius.org, or some distribution package?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> i followed the bugs file.
> i recompiled the freeradius with --enable-developer actually i made RPM
> file with ( rpmbuild -ta freeradius-1.1.7.tar.gz )
are you SURE That this worked fine - as if you used the standard
SPEC then you wouldnt enable the developer stuff.
> (no debuggi
Hi,
> I have installed MySQL and Freeradius2.0.0.
>
> I have updated the schema for MySQL and set the location, username and
> password in sql.conf.
> When I start radiusd -X I get the following output. I cannot see any mention
> of connecting to mysql.
you arent using sql for authentication, au
Hi,
> Can u tell me about stability in freeradius 2.0.0. I am preparing a project
> for servers wchich will have to serve more than few milion entries (users) and
> i am concercn using "lastests" versions
personally I would go for 2.0.0 - its been in beta for a long long
time, it handles the pack
Hi,
> Hi there... i am new to free radius. I already successfully installed
> freeradius 1.1.7 with mysql5.1. The point is NAS's IPs and secrets are
> configured in clients.conf. I cannot find anything how to put those data to
> SQL database. Sql.conf doesn't describe any table or value for client
Hi,
> HP ProCurve edge series can only dynamically assign a single untagged VLAN
> to any one switch port.
> It is not possible to create dynamic VLAN trunks. It may be possible to
> create a VLAN trunk statically, then leave the switch to do VLAN
> assignment, and just deny/allow access via th
Hi,
several folk run FreeRADIUS on MacOSX already - and Apple even
have added code themselves - I believe FR is the fundamental
EAP system in eg latest airport/timecapsule product (though
I may be wrong on that aspect of usage! ;-) )
> 2] Is perl only a build dependency for rlm_perl, or does the
Hi,
> thanks, Ive looked at this and its a good guide to initial install but
> doesnt seem to provide any detailed info on how to administer the data in the
> tables. IE there is a sample of some data from a test system but this doesnt
> even mention the "NAS" table, how are other people admi
Hi,
> I am not sure why, I inherited this setup and I am still trying to understand
> it. The LDAP server is eDirectory (FreeRADIUS compiled with -with-edir)
>
> The "-X" output says:
>
> WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
> expand: (cn=%{Strip
Hi,
> This can be done if we use the attribute Called-Station-Id
> (or NAS-Identifier) with the operator '=~' and a value like
> this: (00-1b-d1-36-e2-85|11-1b-d1-36-e2-86|22-1b-d1-36-e2-87)
> This is a regular expression that will match the attribute
> if its value is one of them that are listed.
Hi,
the first request looks like this.NOTE the test order...
> rad_recv: Access-Request packet from host 192.168.1.64 port 32775, id=35,
> User-Name = "test"
> +- entering group authorize
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[unix] returns
Hi,
> > > option is to 'exec' external scripts to perform more complex queries, am
> > > I right?
> > It's an option, but not the only one. You can use Perl or Python, too.
>
>
> Sorry if this seems studpid, but, do you mean that I can embed Perl in
> radiusd.conf?
no - you can call PERL from
Hi,
> Thierry CHICH wrote:
> > freeradius Version 1.1.3 ??? I can't believe it ! I thank I was using the
> > version 1.1.6 ! Is it possible it change the beahvior if I upgrade ?
>
> In 1.1.x you can set the User-Name inside of the tunnel, and then set
> "use_tunneled_reply = yes" in the EAP con
Hi,
> Hi,
>
> I'm working with Freeradius in production enviroment (start up), at this
> time is working with only two users, they can connect whitout problems and
> all seems to work fine but looking into radius.log i found this messages:
you dont state what platform you are using or what versi
Hi,
> > If malloc() is core dumping, then something else is going wrong. i.e.
> >some other part of the server is over-writing memory.
>
> when you say "the server" i assume you mean freeradius not another app.??
no - i'd read that as some other part of your 64bit x86 box is trashing
the memor
Hi,
> if the website is old where should i go buddy
>
> http://www.aerospacesoftware.com/radius.html
theres a bunch of docs that come in the freeradius tar archive
(they'll end up in /usr/local/share/doc/freeradius or wherever
you're chosen path during configure ; make ; make install
theres als
Hi,
> i have to install freeRADIUS 1.1.7 on fedora core 7 ,but i am unable to add
> users to the 'users' file .
why? 2.0.0 is out now
> i am getting help from the website : www.aerospacesoftware.com/radius.html
way way way out of date and it doesnt follow current best practice either.
> john
Hi,
> hi alan,
>
> i searched the freeradius.org for the debug instructions, but i found
> nothing.
> what do you mean exactly by debug instructions
> i already have this in the radius debug mode
read doc/bugs in the distribution tar file. i can send you a copy if
your archive doesnt contain it.
Hi,
> Hello,
> I`ve installed freeradius on OpenWRT (http://openwrt.org/) on RouterBoard 1xx
> platform.
> I`m having a problem with running package freeradius_1.1.1-1
> (freeradius_1.1.2-1 does the same error). When I type command "radiusd" I get
> this error:
i'm surpised that you done alread
Hi,
> it this a bug or it should be like that ( Client-IP-Address same as
> NAS-IP-Address. ) ?
what makes you think they would be different? the client is your
NAS, yes?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> He should not have to compile it as there are numerous rpms available on the
> net. In any case I am fairly sure fedora ships with freeradius..
yes - and old version
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi,
I'd like to add into this that if you upgrade
to 2.0 then the EAP is simpler and quicker - and
your LDAP wont get hit with each request. it'll
only get the bare required outside and then the
essential inner tunnel stuff.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/li
Hi,
FR 2.0.0 is more fussy - there is no Client-IP-Address in
the accounting request. therefore it cannot use it in the hash
(you will see the blank entry on the line following 44 (,,)
simply change the rlm_acct_uniq has to use something that IS being sent...eg
Framed-IP-Address
alan
-
List i
Hi,
> That road is painful. What we've come up so far with is supplying
> pre-configured supplicants (SecureW2) that bring the proper CA certificate
> along and set the expected CN automatically. It can even be preconfigured to
> auto-discard any other certificates, which doesn't give the user
hi,
known SNMP issues with 64bit and that version of SNMP.
you will need to follow the debug instructions to help debug
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> Hi,
> I can't still figure it out why I can't access from Linux clients.
> I use version 1.1.7 of freeradius. Linux client is a Fedora 8 system.
what is the linux client config?
i see the following in your debug
rlm_eap: Request found, released from the list
rlm_eap: EAP/md5
rlm_eap:
901 - 1000 of 1557 matches
Mail list logo