Sorry for the wall of tet, I'd rather give too much info than not enough.
Our FreeRADIUS server (version 2.1.8 running on Ubuntu 10.04 LTS x64, installed
from packages) currently does mac-based authentication of hosts onto edge
switches using perl scripts (rlm_perl) talking to the API for our ne
I'm sure I must just be being thick with our FreeRADIUS config, but i've
completed failed to find anything online or in the docs explaining
*what* i'm doing wrong, so i'm posting here.
We've had a FreeRADIUS server set up for some time now, with an SSL
certificate directly signed by one of Verisig
ted
at all, so I assume is still not being handed that Intermediate cert.
Thanks very much for the help so far. Any more would be greatly
appreciated. I can attach full config files if you think that would be
helpful.
Dan
> On Fri, Feb 13, 2009 at 12:11 PM, Meyers, Dan
> wrote:
> &
> >I've actually dropped the -crl_check from this test, as i'm not doing
> >crl checking within FreeRADIUS until i've got it working without it.
> >Also, this command didn't seem to work when my verisign.pem contained
> >
> >1 cert, even after a c_rehash, it only worked if all the certs were
in
> >
> >My client is still giving the same behaviour of not getting the
> >certificate chain, however.
> >
>
> OK. So which certificate signed the client certificate?
Sorry, i'm still getting to grips with this system after the previous
admin of it left. I've adminned FreeRADIUS before, but never done
> >I was incorrect about us doing EAP-TLS. We're doing EAP-PEAP, which
> does
> >not require a client certificate. My understanding however is that
for
> >passing of the server certificate to validate our server to the
> clients
> >the options with the tls subsection of the eap.conf file are still
> >Googling suggested that simply catting the 2 certs (server and
> >intermediate) into a single file (server at top, intermediate at
> bottom)
> >and listing that in the config as the certificate_file should work
>
> No, that's not going to work. Client machine will still look for the
> intermedi
> Dan,
>
> It's unclear to me exactly:
>
> a. what you're expecting to happen
> b. what is happening
>
> We have exactly the same setup - verisign root->intermediate->our
cert.
> What happens with an XP client on our WPA EAP-PEAP network is exactly
> the same as documented here:
>
> http://
> >> It should be running one Perl thread per system thread. The
server
> >> core already manages min/max spare threads, idle threads, etc.
> > I hope this implementation will satisfy Borislav too. Will he be
> > able to
> > instantiate different perl scripts for different needs?
> >
> > So, whe
> -Original Message-
> From: freeradius-users-
> bounces+d.meyers=lancaster.ac...@lists.freeradius.org
> [mailto:freeradius-users-
> bounces+d.meyers=lancaster.ac...@lists.freeradius.org] On Behalf Of
> Kanwar Ranbir Sandhu
> Sent: 17 April 2009 21:52
> To: freeradius-users@lists.freeradius
> I use a PostgreSQL DB form my three AAA server and the DB is enough
> quick for serveral request per second.
Aah. We were wanting to handle 100 or so requests a second. Postgres
might well have done this, but we wanted room for expansion and our
tests with 10'000 requests at ~100 a second showe
I was having this exact same problem for a significant period of time
when I bought a new Verisign cert for our servers which was chained (the
old one being directly root signed, which Verisign no longer do). It
would appear to be a bug/security patch in XP sometime after SP2 that
causes this. Odds
Can I just check, as I can't seen anything about it in the changelog and
the wiki page for it appears to be the same as before - What is the
rlm_perl behaviour with the new version of FreeRADIUS?
As I recall rlm_perl no longer handles its own threading. One of the
issues for several people introdu
I'm having a few issues with FreeRadius 2.1.4 (2.1.6 isn't in ports yet)
and MySQL 5.1 on FreeBSD 6.2.
Specifically, I am using the CLONE method in my perl script to create my
database handles every time a new thread is spawned. If I start radius
and then do 'show processlist' on the MySQL server
> As I told - all working file in freeradius debug mode (with -X), I
> have problems with productional threads pool mode.
I see the same issue with rlm_perl and my perl code. Works fine in
radiusd -X, or if perl is compiled to not use threads, but as soon as I
compile perl for threading and star
Info (For the short version of what I need, skip to the last paragraph):
For a while now we've been running a stable solution for our wireless
system 802.1x auth involving FreeRADIUS. Specifically, when a client
tries to do a PEAP/MSCHAPv2 auth the eap module of FreeRADIUS
successfully negotiates
Still trying to get our FreeRADIUS system working nicely after the AD
upgrade to server 2008. Compiling Samba to version 3.4.3 from source
fixed our ntlm_auth issue, but most users were still unable to connect.
I have 2 examples here, one of a user who failed to connect, one of a
user who succeeded
> > Secondly, my colleague's machine actually responds to the
> > Access-Challenge sent at the end of the packet where the ntlm_auth
is
> > done, whereas my machine does not. This is the crucial point I
think.
> > Without this final response the Access-Accept is never sent back. My
> > colleague is
> > I am perfectly willing to accept that you may be right and this may
> be
> > my issue, I just don't understand how it has suddenly become a
> problem.
>
> Are you using a Cisco Wireless LAN Controller (WLC)? We had a similar
> issue with our Cisco 2112 WLC (EAP conversation stops on the
> NAS
> > It was also my (possibly
> > erroneous) understanding that FreeRADIUS would never get to the
point
> of
> > being able to get the MSCHAPv2 password from the client if the CA
> cert
> > was incorrect, as it would never complete the setup of the EAP
> session
> > inside which the MSCHAPv2 data is
> Given *my* background: I tend to blame everything *other* than
> FreeRADIUS. If there's a bug, it gets fixed pretty quickly. That's
> more than you can say for Microsoft.
Finally got it sorted, and it was indeed nothing to do with FreeRADIUS
but was a combination of several factors all relat
Quick bit of background. We're using FreeRADIUS in combination with
rlm_perl for network access control at our site. Everything was running
fine on FreeBSD 8.0 with FreeRADIUS 2.1.8 compiled from ports and Perl
5.8 compiled to be non-threaded and not support multiplicity. We got new
higher spec ser
ren in the perl accounting method?
Thanks
Dan
> Meyers, Dan wrote:
> > Ran fine for a week or so, but in the last few days we've had it
> crash
> > twice, both times with the same message. The logs initially fill
with
> > messages of the sort:
> >
> > "
23 matches
Mail list logo
