On 15/05/2012 02:34, 全球无线联盟 wrote:
2. We tried to run multiple radiusd at same server while the second
failed. Can anyone advise how to configure the server to run multiple
radiusd simultaneously?
Why do you need to do this? FreeRADIUS has "virtual-server" functionality,
so you can create sep
On 11/05/2012 13:35, Phil Mayers wrote:
On 11/05/12 13:10, sgilmour wrote:
--nt-response=46eb0f981a6121ad65e5726b0ee0e2097d610172204c7f24
Fri May 11 08:08:13 2012 : Debug: Exec-Program output: Access denied
(0xc022)
Fri May 11 08:08:13 2012 : Debug: Exec-Program-Wait: plaintext: Access
deni
On 11/04/2012 17:24, James J J Hooper wrote:
Hi All,
FR 2.1.x Git, doing PEAP against AD via ntlm_auth. I thought that with:
allow_retry = yes [in modules/mschap]
and
send_error = yes [in modules/eap]
...FR has the functionality to take the second password attempt, and
re-try it against AD
Hi All,
FR 2.1.x Git, doing PEAP against AD via ntlm_auth. I thought that with:
allow_retry = yes [in modules/mschap]
and
send_error = yes [in modules/eap]
...FR has the functionality to take the second password attempt, and re-try
it against AD i.e. The scenario outlined in section 9.1.4 of
--- mschap-orig 2012-04-08 00:39:44.0 +0100
+++ mschap-new 2012-04-08 00:41:06.0 +0100
@@ -78,3 +78,3 @@
# ntlm_auth_username = "username: %{mschap:User-Name}"
-# ntlm_auth_domain = "username: %{mschap:NT-Domain}"
+# ntlm_auth_domain = "nt-d
On 24/03/2012 13:13, Alan Buxey wrote:
Hi,
there was never any more on this thread, so just to add some final info
Now, for whatever reason, the Windows box decides to discard some
requests. Unfortunately, the error reporting is pretty weak
("discarding invalid request"). Our Windows guys are
On 25/01/2012 20:35, White III, Joe wrote:
I'm running Freeradius 1.0.1 using MySQL as the database backend.
I need to configure the server so that all users are restricted from using
certain access points (i.e. guest network). It appears I need to use a DEFAULT
user definition in the users
On 01/12/2011 22:41, Piotr wrote:
This is debug from l2tp/ipsec connection:
CHAP-Password = 0x01972f0886c4e5e2f30e32053dbcf67504
[chap] login attempt by "tom3" with CHAP password
[chap] Cleartext-Password is required for authentication
++[chap] returns invalid
Failed to authenticate the
On 27/10/2011 00:51, Toby wrote:
Hi all,
I apologize in advance if this question has been answered previously
but I have searched extensively and cannot find discussion of this
particular topic.
What I am wanting to setup, at least initially, is a WPA2 enterprise
(802.11i) wireless access point
On 23/10/2011 16:02, Andreas Rudat wrote:
Hello,
I understand it correctly, that I can't use peap + mschapv2 with ldap? Im realy
confused atm, what I can realy use, everytime I think its fine, I found another
unsecure thing :/
To use PEAP/MS-CHAPv2, LDAP has to provide FR with either a plai
On 21/10/2011 22:31, Eric Geier wrote:
Thanks for the reply!
Yes, the clients are set with correct time/date.
That command didn't work. Did you mean openssl verify command? I
ran that and both the old cert (still valid for a few days) and
the new cert (already valid) shows correct domain but th
On 21/10/2011 20:44, Eric Geier wrote:
Hi, I’m trying to update my server’s cert, but getting errors
after applying it:
Fri Oct 21 12:26:45 2011 : Error: TLS Alert read:fatal:certificate
expired
Fri Oct 21 12:26:45 2011 : Error: TLS_accept:failed in SSLv3
read client certificate A
Fri Oct 21
On 15/10/2011 12:14, Ray Scholl wrote:
Good morning:
So, I took all of your advice - example constructs, suggestion to do a little
testing etc. I built a duplicate server and my question still remain.
The construct I have -
if ( clients_ldap-Ldap-Group ==
"%{FreeRadius-Cli
On 15/10/2011 01:18, OzSpots - Carl Sawers wrote:
Hi All, I have searched high and low for a Radacct Terminate cause
description for Freeradius, the terminate cause states “Lost-Session” ,
anyone know what it refers too?
Please set a subject when posting to a mailing list.
http://freeradius.or
On 14/10/2011 16:13, Martin Ubank wrote:
Here’s the full output from ‘radiusd –X’:
The bit at the top that tells us what radiusd has read from the config
files is missing.
It's not executing ntlm_auth by the looks of what you posted, so you need
to look at why. The first bit of radiusd -X w
On 13/10/2011 21:35, James J J Hooper wrote:
On 13/10/2011 21:16, Kevin Chan wrote:
Hi all,
hopefully i got to the right group of people.
We are trying to use Freeradius to do PEAP/MSCHAPv2
authentication against Active Directory (2003). Our realm is
abc.acme.edu, but since Eduroam doesn&#
ID is generally stripped before it
goes to ntlm_auth against your AD).
Regards,
James
--
James J J Hooper
Senior Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Alan et al,
I'm having trouble getting FR by git (was previously working):
$ grep url .git/config
url = git://git.freeradius.org/freeradius-server.git
$ git pull origin v2.1.x:v2.1.x
fatal: The remote end hung up unexpectedly
Is there an issue with git.freeradius.org? (Is anyone else
On 20/09/2011 11:38, denizaydin wrote:
I can not see its giving this error while starting. Do I have to change
installation directory or the library dirctory in the radiusd.conf?
[10:15:39.9] gmake[11]: Entering directory
`/home/network/Downloads/freeradius-server-2.1.12/src/modules/rlm_sql/driv
On 17/09/2011 01:56, Alan DeKok wrote:
James J J Hooper wrote:
Above won't work since:
https://github.com/alandekok/freeradius-server/commit/1a00da32c13fb979e11748250da469c7ac4474a8
-James
https://github.com/alandekok/freeradius-server/commit/1a00da
In fact this dictionary change b
Don't do that.
Instead, don't reject the in the first place. For example:
authorize {
...
sql
if (notfound) {
update control {
Auth-Type := Accept
}
}
}
Above won't work since:
https://github.com/alandekok/freeradius-server/commit/1a00da32c13fb979e11748250da469c7ac4474a8
-James
https://g
On 16/09/2011 17:24, Phil Mayers wrote:
On 16/09/11 16:59, denizaydin wrote:
Hi,
I am using Version 2.1.11 for broadband PPP authentication. I want to put
the unauthenticated users to a default service. I have to revert the
access-reject message to access-accept because once CISCO ISG get a
acce
On 06/09/2011 00:36, Rob Turner wrote:
Default in modules/acct_unique:
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port"
}
The man page for rlm_acct_unique shows:
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Port"
}
Anyone k
On 29/08/2011 15:13, Alan DeKok wrote:
I've put some pre releases of 2.1.12 on the web site:
http://git.freeradius.org/pre/
Please let me know if there are any problems. If not, this can become
2.1.12.
All seems good so far.
-James
radmin> show version
FreeRADIUS Version 2.1.12, for
On 24/08/2011 19:11, Arran Cudbard-Bell wrote:
radclient -xs -f /tmp/disconnect.txt 172.17.107.210:3799 disconnect secret
Sending Disconnect-Request of id 7 to 172.17.107.210 port 3799
User-Name = "testu...@bristol.ac.uk"
Calling-Station-Id = "89:c6:65:99:39:52"
Servic
CK packet from host 172.17.107.210 port 3799, id=7,
length=20
Total approved auths: 1
Total denied auths: 0
Total lost auths: 0
...so it seems you need User-Name, Calling-Station-Id and Service-Type.
-James
--
James J J Hooper
Senior Network Sp
pending on how you are
generating the CoA this may be problematic, but is easily solved with a
line in your iptables config:
*nat
-A POSTROUTING -p udp --dport 3799 -d -j SNAT --to-source
:
COMMIT
-James
--
James J J Hooper
Senior Network Specialist, University of Br
On 05/08/2011 17:00, John Dunning wrote:
Greetings all,
We've been running freeradius 1.x on Debian Lenny for some time with great
success authenticating against Novell eDirectory/LDAP.
Our Linux guru has moved on to exciting new opportunities and while the rest of
us are decent at linux we'r
On 01/08/2011 22:08, d.tom.schm...@l-3com.com wrote:
Currently running 1.1.3 on CentOS 5.x.
Upgrade
I am currently using the flat file option and it works just fine as long
as the permissions on the file are:
664 RW-RW-R—
Record in the file looks like:
Tom Auth-Type := Local, User-Passwor
On 12/07/2011 02:50, Nick Kartsioukas wrote:
I've been looking through the wiki and staring at the config files and
I'm...confused.
I've successfully gotten our Cisco WLC to authenticate against
ActiveDirectory as well as a Sun LDAP server (just one at a time) via
FreeRADIUS for a single test SSI
On 19/05/2011 21:00, Garber, Neal wrote:
I found a similar user in an old thread who submitted a patch:
(http://freeradius.1045715.n5.nabble.com/Capturing-ntlm-auth-failure-
reasons-in-rlm-mschap-td2791760.html)
And it appears that this patch made it into the rlm_mschap.c module code:
I submitt
On 17/05/2011 22:28, Frank Dornheim wrote:
Dear FreeRADIUS users,
i try to migrate my radius setup to LDAP.
I use mainly the informations from "Frank Ranner"
(http://lists.cistron.nl/pipermail/freeradius-users/2007-September/msg00205.html).
Today i have a problem to understand the xlat statemen
On 09/05/2011 12:22, Alan DeKok wrote:
Alexander Clouter wrote:
Updating to git's v2.1.x to go on a post-Easter bughunt and found the
following accounting packet[1] seems to segfault freeradius:
...
#1 0x403075d8 in fnmatch () from /lib/libc.so.6
#2 0x409da598 in do_detail (instance=0x114e50
On 04/05/2011 11:37, Phil Mayers wrote:
On 04/05/11 10:42, James J J Hooper wrote:
Hi All,
Sorry for the sketchy details
We got an
ASSERT FAILED xlat.c[1048]: outlen > 0
with a PEAP user. The bit of the -X I have is as below, and the soh
virtual server config is attached. I have
On 04/05/2011 11:24, Phil Mayers wrote:
On 04/05/11 10:42, James J J Hooper wrote:
[updated] returns updated
+++- if ((Calling-Station-Id) && "%{Calling-Station-Id}" =~
/^%{config:policy.mac-addr}$/i) returns updated
+++ ... skipping else for request 750: Preced
uroam"
NAS-Port = 29
NAS-IP-Address = 172.17.107.207
NAS-Identifier = "wism7"
Airespace-Wlan-Id = 3
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Me
On 10/04/2011 12:57, James J J Hooper wrote:
On 10/04/2011 12:39, James J J Hooper wrote:
On 10/04/2011 12:16, James J J Hooper wrote:
On 10/04/2011 07:03, Alan DeKok wrote:
James J J Hooper wrote:
I've may have mis-understood the code, but I think the EAP MS-CHAP-v2
Failure packet, s
On 10/04/2011 12:39, James J J Hooper wrote:
On 10/04/2011 12:16, James J J Hooper wrote:
On 10/04/2011 07:03, Alan DeKok wrote:
James J J Hooper wrote:
I've may have mis-understood the code, but I think the EAP MS-CHAP-v2
Failure packet, should be an EAP *request* (currently it's E
On 10/04/2011 12:16, James J J Hooper wrote:
On 10/04/2011 07:03, Alan DeKok wrote:
James J J Hooper wrote:
I've may have mis-understood the code, but I think the EAP MS-CHAP-v2
Failure packet, should be an EAP *request* (currently it's EAP failure)??
Yes, thanks.
Also, args to
On 10/04/2011 07:03, Alan DeKok wrote:
James J J Hooper wrote:
I've may have mis-understood the code, but I think the EAP MS-CHAP-v2
Failure packet, should be an EAP *request* (currently it's EAP failure)??
Yes, thanks.
Also, args to pairmove2 are wrong way around, as attache
On 08/04/2011 08:54, Alan DeKok wrote:
Phil Mayers wrote:
+1 - In my experience it's necessary to cater for windows' weirdness
*first*. Most other clients have sane behaviours. I'm concerned about
the "we didn't do much windows testing" line...
Yup.
I've just pushed some changes to the
On 07/04/2011 13:33, James J J Hooper wrote:
--On Wednesday, April 06, 2011 15:42:11 -0500 john.hayw...@wheaton.edu wrote:
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
I don't know if this should be sent to the developers list instead.
=== Backg
--On Thursday, April 07, 2011 13:33:33 +0100 James J J Hooper
wrote:
Attached are the two 'git diff' that I ended up with.
gzipped so they don't get messed up.
-James
p1.txt.gz
Description: Binary data
p2.txt.gz
Description: Binary data
-
List info/subscribe/unsubs
#x27; that I ended up with.
-James
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
index c512018..3f3fc46 100644
--- a/src/modules/rlm_mschap/rlm_mschap.c
+++ b/src/modules/rlm_mschap/rlm_mschap.c
@@ -1239,9 +1239,2
On 02/04/2011 18:29, ziko wrote:
Hello.
I am using Freeradius 2 with openldap 2.3.43 on my CentOS 5.
My OPenldap works grate without freeradius, and freeradius works without ldap.
But i cant connect ldap and freeradius.
my ldapsearch output:
ldapsearch -x
# extended LDIF
#
# LDAPv3
# base (d
On 02/04/2011 11:48, Alan DeKok wrote:
Raheel Itrat wrote:
I am getting the subjected error when I try to authenticate. I am
attaching the relevant files.
So... configure the IP address as a client in clients.conf.
... and make sure that's /etc/freeradius/clients.conf
(and restart radiu
On 30/03/2011 22:59, Robert Roll wrote:
Freeradius Version 2.1.10
I'm trying to return a vendor attribute, but I don't seem to be seeing it in
the access-accept ?
I am inner tunneling to Peap, and you can see the attribute is there...
Airespace-Interface-Name = "wifi-chem-uconnect
On 07/03/2011 22:18, Arran Cudbard-Bell wrote:
On Mar 7, 2011, at 4:05 PM, James J J Hooper wrote:
On 07/03/2011 21:42, John Dennis wrote:
I changed "default_eap_type=md5" to "default_eap_type=ttls" and now the
Macs are able to authenticate without Certs or any configu
e mechanism, as long as you
configure it properly.
Some EAP clients do not let you specify a CN to match, so using a
self-signed cert, and setting the client just to trust that CA mitigates
the public CA vector.
-James
--
James J J Hooper
Network Specialist, University of Bri
o rogue AP/credential stealing attacks etc. This may be
acceptable in your environment, but if not, you'll still need to actively
configure the client.
-James
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubsc
; 40% by doing this. N.B Resumed
sessions will not touch your inner-tunnel config, so you have to make sure
that you pay attention when (re-)assigning VLANs / other returned
attributes based on username.
-James
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wir
--On Friday, March 04, 2011 13:32:35 +0100 Alan DeKok
wrote:
Alan DeKok wrote:
James J J Hooper wrote:
rlm_eap_mschapv2.c: In function `mschapv2_authenticate':
rlm_eap_mschapv2.c:658: error: called object is not a function
rlm_eap_mschapv2.c:658: error: too few arguments to fun
--On Friday, March 04, 2011 12:04:51 + James J J Hooper
wrote:
--On Friday, March 04, 2011 11:49:50 +0100 Alan DeKok
wrote:
James J J Hooper wrote:
That could be fixed for 2.1.11, I guess. If someone can test it...
Yes please, and will do.
Try this patch. You should see
--On Friday, March 04, 2011 11:49:50 +0100 Alan DeKok
wrote:
James J J Hooper wrote:
That could be fixed for 2.1.11, I guess. If someone can test it...
Yes please, and will do.
Try this patch. You should see "MSCHAP Failure" in the debug log,
where it wasn't there
fixed for 2.1.11, I guess. If someone can test it...
Yes please, and will do.
-James
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
have] and your ntlm_auth line has to have an appropriately formatted
User-Name bit e.g. %{mschap:User-Name} (the mschap module will take
host\\computer.domain.name and turn it in to computer$ automatically).
-James
--
James J J Hooper
Network Specialist, University of Bristol
tabase are there other methods for
achieving this?
Configure RADIUS to send the inner User-Name "b...@wimax.com" back in the
outer Access-Accept. Your NAS should then use this User-Name when
Accounting (if it doesn't, you need to refer to your NAS manufacturer).
Regards,
James
--
om an accounting packet though. Use a
DB to match things up.
Regards,
James
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sting it:
echo 'User-Name = "現年快樂"' | radclient -x 137.222.253.91:16010 auth
SECRET
Sending Access-Request of id 161 to 137.222.253.91 port 16010
User-Name = "現年快樂"
rad_recv: Access-Accept packet from host 137.222.253.91 port 16010, id=161,
length=20
sed it though.
Hi Brett,
It sounds like the linelog module may do what you need, in conjunction
with unlang for the conditionals:
<https://github.com/alandekok/freeradius-server/blob/v2.1.x/raddb/modules/linelog>
Regards,
James
--
James J J Hooper
Network Specialist
Information Serv
-roaming/sussex-freeradius-case-study.pdf
Regards,
James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 11/10/2010 22:14, James J J Hooper wrote:
On 11/10/2010 12:37, Phil Mayers wrote:
On 09/10/10 15:01, Garber, Neal wrote:
Thanks to a lot of work by Phil Mayers, the server now has support for
Microsoft SoH in PEAP, normal RADIUS (MS VPN gateway), and in DHCP.
Wow! That *must* have been a
On 07/11/2010 10:32, mic...@casa.co.cu wrote:
Hello
Gentlemen, there are problems on the list and everyone is on vacation or
just moved to see activity on the list?
I repeat my previous message, only this time I'm more brief
The silence was your answer:
You would like FreeRADIUS to return an
*/
home->state = HOME_STATE_ZOMBIE;
home->zombie_period_start.tv_sec = home->last_packet;
home->zombie_period_start.tv_sec = USEC / 2;
{Apologies if I'm totally going in the wrong direction}
Regards,
James
--
James J J Hooper
On 11/10/2010 22:14, James J J Hooper wrote:
On 11/10/2010 12:37, Phil Mayers wrote:
On 09/10/10 15:01, Garber, Neal wrote:
Thanks to a lot of work by Phil Mayers, the server now has support for
Microsoft SoH in PEAP, normal RADIUS (MS VPN gateway), and in DHCP.
Wow! That *must* have been a
with
patches]
... Therefore patch attached {"confd-by=" format only a suggestion}.
-James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
--- soh.c-orig 2010-10-11 20:54:28.0 +
+++
debug_pair_list(fake->reply->vps);
if (fake->reply->code != PW_AUTHENTICATION_ACK) {
RDEBUG2("SoH was rejected");
-James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wirel
--On Tuesday, September 28, 2010 17:48:39 +0200 Alan DeKok
wrote:
James J J Hooper wrote:
Hi Alan,
I'm getting a make error. I tried ./configure --without-radsniff but
still the same... Is there a switch to disable building radsniff or do I
have to get the PCAP libraries :(
Th
--On Tuesday, September 28, 2010 16:19:46 +0100 James J J Hooper
wrote:
Hi Alan,
I'm getting a make error. I tried ./configure --without-radsniff but
still the same... Is there a switch to disable building radsniff or do I
have to get the PCAP libraries :(
...which in fact I al
se for stability,
documentation, and ease of use.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 15/09/2010 19:43, John Dennis wrote:
On 09/15/2010 02:21 PM, Alan Buxey wrote:
Hi,
seems okay
For certificate, do we need a server certificate for both radius1 and
radius2 if we want supplicant to verify the server certificate?
you can use the same server certificate - so that the client
--On 14 September 2010 08:15 +0100 James J J Hooper
wrote:
--On 14 September 2010 17:01 +1000 "Strong, Mark"
wrote:
Hi Guys,
I have free radius 2.1.6, and it has quite a chunk of memory inuse at
the moment, are there any known issues with this version and memory
le
;
Total memory usage = 23MB
Regards,
James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
}
reject = return
}
}
...
}
-James
--
James J J Hooper
University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[1] Maemo: After configuring, you need to click the Advanced-settings
button, change to the EAP page, select 'Use manual user name' and enter
whatever you want in the box.
(
<http://www.wireless.bris.ac.uk/getconnected/services/eduroam/go-anything/#anomalies>
)
Regards,
Ja
HI,
Wed Jul 14 10:51:16 2010 : Info: [mschap] expand:
--nt-response=%{mschap:NT-Response:-00} ->
--nt-response=a3492c6411f5548251a05606aa028964d34b69c58e61c7d5
Wed Jul 14 10:51:16 2010 : Debug: Exec-Program output: winbind client not
authorized to use winbindd_pam_auth_crap. Ensure permi
http://www.google.co.uk/search?q=freeradius+commercial+support&btnI=1
??
On 16/06/2010 23:03, Jackal Admin wrote:
Even if you aren't able to provide support, I'd be interested in any
suggestions for where to get support from.
Jackal Admin wrote:
We have a a hotspot authentication system b
On 10/06/2010 22:42, James J J Hooper wrote:
On 10/06/2010 22:20, Alan Buxey wrote:
Hi,
OK. I fixed both problems. Thanks for tracking it down, it made the
fix much simpler.
Do a 'git pull' for the v2.1.x branch, and re-build. It should now be
OK.
hmm, this is interesting...Jam
On 10/06/2010 22:20, Alan Buxey wrote:
Hi,
OK. I fixed both problems. Thanks for tracking it down, it made the
fix much simpler.
Do a 'git pull' for the v2.1.x branch, and re-build. It should now be
OK.
hmm, this is interesting...James, do you use COA at all? we dont but
this code
--On Thursday, June 10, 2010 10:10:05 +0200 Alan DeKok
wrote:
James J J Hooper wrote:
OK - GDB log attached. This is from git branch v2.1.x, up to and
including 0e9ae1698ba55b16b149 (Cleaned up debug output to be readable -
about 7 hours ago), but with c703fd595cb86f51e309 (Install
On 09/06/2010 21:17, James J J Hooper wrote:
On 09/06/2010 17:56, James J J Hooper wrote:
Hi Alan, All,
Since upgrading to 2.1.9, FR is segfaulting frequently (every 20 minutes
with load, every ~8 hours with less load).
Attached -X at startup, and the last 100 lines before segfault.
If
On 09/06/2010 17:56, James J J Hooper wrote:
Hi Alan, All,
Since upgrading to 2.1.9, FR is segfaulting frequently (every 20 minutes
with load, every ~8 hours with less load).
Attached -X at startup, and the last 100 lines before segfault.
If someone can explain how to drive GDB (or any other
On 25/05/2010 06:30, Robert Wilkinson wrote:
I feel defeated. I was able to get an access-accept result. During my
attempt to use MySQL it appears that I broke my configuration.
I am using freeradius 2.1.8 on ubuntu 10.4 server.
Here is my freeradius -X debug output:
> WARNING: Empty section.
On 16/05/2010 10:26, John Raja wrote:
Hi,
I have installed freeradius server in centos. I am trying to test with
below mentioned command i am getting the error output as given below ,
Please help me out...
I have created the username in the user file "bobCleartext-Password
:= "hello"
_Command
plies (COA or otherwise) won't work.
-James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"un"
++[suffix] returns noop
As seen, there is no any data in %{Realm}.
Refer to man rlm_realm
...realms have to be defined in proxy.conf for suffix to recognise them:
realm un {
...
}
Alternatively, use a regex in unlang to split the username as you wish.
-James
--
Ja
ng are wrong above...
if (control:Auth-Type == "EAP") {
update control {
Proxy-To-Realm := "xyz.com"
}
}
-James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
-
--On Wednesday, January 27, 2010 05:11:26 PM + Mark Smith
wrote:
Please see attached radiusd -X dump file as requested.
Mark Smith
Systems Engineer
-Original Message-
From: Alan Buxey [mailto:a.l.m.bu...@lboro.ac.uk]
Sent: 27 January 2010 14:39
To: mark.sm...@abelalarm.co.uk;
--On Thursday, January 21, 2010 10:05:36 AM + Alexander Clouter
wrote:
James J J Hooper wrote:
<
How did you get around the "my policy rejects you now, but i've already
sent a tunneled success TLV in the TLS tunnel and you're now ignoring my
EAP-Failure messages&qu
On 20/01/2010 23:36, Arran Cudbard-Bell wrote:
On 1/17/2010 8:37 AM, Alexander Clouter wrote:
James J J Hooper wrote:
In order to also return e.g. VLAN IDs (that could be computed from the
inner User-Name in a non-session-resumption enabled config), I can move
the config that sets the VLAN to
On 20/01/2010 21:08, Коньков Евгений wrote:
Hi
If program runned from cron run another process like:
curl or wget or anithign else located at PATH
it says: can not find curl etc.
NOTICE: when programm is runned from cron there is no PATH environment
variable
Does any know how to pass env
On 17/01/2010 20:22, Alan Buxey wrote:
Hi,
One thing to remember, is for *your* users roaming at other universities
to remember to remove the reply:User-Name attribute to protect the
guilty. :)
the best thing to do for this is to create a new virtual server - eg 'eduroam' -
which is identical
Hi All,
When a client does session resumption:
cache { enable = yes} in eap.conf
The session User-Name (from previous access-accept) is restored from the
cache e.g:
[ttls] Skipping Phase2 due to session resumption
[ttls] Adding cached attributes to the reply:
User-Name = "ab1234"
ession-Resumed yes 1
Apologies if I have misunderstood the code.
-James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
-
List info/subscribe/unsubscribe? See
--On 08 January 2010 22:24 + James J J Hooper
wrote:
--On 08 January 2010 17:14 -0500 freerad...@corwyn.net wrote:
I had everything working fine, and now it's not. (I use the ldap module
to auth)
When I look through the logs, I'm getting a winbindd_privileged error.
I&#x
o ls -la /var/cache/samba/winbindd_privileged
say on your system?? Perhaps you have lost the execute bit on your
directory permissions?
-James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk http://www.jam
Accept should include Attribute Go="Service1"
BUT IF;
A request comes with User-Name: "XXX", Password: "YYY" and Attribute
A = "Go2"
The Access-Accept should include Attribute Go="Service2"
Is this possible?
It is.
<http://freeradius.or
-Auth := 0
}
mschap
...
}
... you could use unlang to wrap it in an if statement if you wanted to be
selective about when to apply it.
-James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
to be sure). Don't know about a patch, but the
source comes with instructions for building a debian package.
Regards,
James
--
James J J Hooper
Information Services
University of Bristol
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 22 Sep 2006, at 20:26, Alan DeKok wrote:
http://deployingradius.com/documents/configuration/
active_directory.html
It describes a minimal set of steps to take to get authentication
working against Active Directory. It works in my limited tests, but
if anyone runs into problems, please e
1 - 100 of 117 matches
Mail list logo
