Hello Alan,
Thanks for your reply,
> > I understand your view here and I don't disagree. My point is to
> > firstly see which of them are being used in practice and then try to
> > identify why. In certain instances some of them are more
> > convenient/secure/etc than others, but when yo
Hi Phil,
Thanks for your reply.
> Sorry, but you're misunderstanding the stats, or reading too much into
them.
>
> These are EAP types from EAP *packets*, not sessions. And, as I said, it
> excludes our *own* users (i.e. it's just visitors) which removed several
> hundred thousand PEAP
> Panagiotis Georgopoulos wrote:
> > At first you said that 99.9% is PEAP and practise says that 75% is
> > PEAP (even in just 4 hours). Essentially this is what I am after, to
> > see whether what I am reading online is also what happens in practice
(in
> terms of deploym
Hello Stefan,
Thanks for your reply.
> Subject: Re: Statistics on EAP methods widely used
>
> Hi,
>
> > I've been searching all morning for NRPS statistics but I have been
> > unable to find any online. I know there are eduroam people in this list...
> > could
> they help?
>
> In ed
Hi Phil,
> > I've been searching all morning for NRPS statistics but I have been
> > unable to find any online. I know there are eduroam people in this list...
> > could
> they help?
>
> As Stefan has said, it's a lot of work, and you'll need to justify it.
>
> However, in the spirit of being
Hi Olivier,
> >
> > I've been searching all morning for NRPS statistics but I have been
> > unable to find any online. I know there are eduroam people in this list...
> > could
> they help?
> >
>
> On our side we support eap-peap/mschapv2 and eap-ttls/mschapv2. We're
> providing
> documentatio
> Subject: Re: Statistics on EAP methods widely used
>
> From my own experience PEAP (aka PEAPv0/mschapv2) is the most common EAP
> method
> in use (probably due to it being supported in most clients and backend
> authentication systems)
>
> alan
Thanks for your reply Alan. I've also read that
> Panagiotis Georgopoulos wrote:
> > I am trying to find some statistics on what is the
> > most commonly deployed/used EAP method using FreeRadius (or RADIUS in
> > general).
>
> That's hard. It requires organizations to tell peo
Hello all,
I apologize for the "spam" but I thought that you would be able
to give me
a couple of pointers on the following.
I am trying to find some statistics on what is the most commonly
deployed/used EAP method using FreeRadius (or RADIUS in general).
Hi Phil,
Thanks for your reply. Please see below.
> On 07/11/11 16:24, Panagiotis Georgopoulos wrote:
> > Hello all,
> >
> > I have a policy in my post-auth that calculates a hash function based
> > on the real-identify of the user. The idea is that if the req
Hello all,
I have a policy in my post-auth that calculates a hash function
based on
the real-identify of the user. The idea is that if the request is EAP-TTLS then
I want to
use the User-Name property of the inner tunnel, whereas if the request is for
EAP-TLS I
want to use th
> > I am trying to implement CUI in EAP-TLS and I would like
> > to get a handle on the CN of the clients certificate in my default.
> > Basically I need to use the CN of the certificate, since there is no
> > User-Name attribute in EAP-TLS.
>
> Read raddb/sites-available/default. Look for TLS.
Hello all,
I am trying to implement CUI in EAP-TLS and I would like to get
a handle
on the CN of the client's certificate in my default. Basically I need to use
the CN of the
certificate, since there is no User-Name attribute in EAP-TLS.
What module handles the TLS certifi
> Panagiotis Georgopoulos wrote:
> > Am I right in thinking that if I leave enabled only the EAP-TLS, the
> > EAP-TTLS and PEAP parts in my eap.conf file, I would basically achieve
> > what I want? In order words, essentially disable md5, leap, gtc,
> > mschapv2 in th
Hello all,
I want to get my FR configuration to allow only EAP-TLS based
authentications.
Am I right in thinking that if I leave enabled only the EAP-TLS, the
EAP-TTLS and PEAP parts in my eap.conf file, I would basically achieve what
I want? In order words, essentially disa
Thank you Alan^2 for your reply!
Cheers,
Panos
Ps. it's good to know that RADSecProxy works fine and is stable..
> -Original Message-
> From: freeradius-users-
> bounces+panos=comp.lancs.ac...@lists.freeradius.org [mailto:freeradius-
> users-bounces+panos=comp.lancs.ac...@lists.freeradi
Hello there,
Judging from the website and the archives in the mailing
list, native support for Radsec is planned on FR. Is there anyone actively
working on this? Is there any timescale for this to be streamed on the main
codebase?
Thanks a lot in advance,
s do more
testing to see if it affects other things...
Cheers,
Panos
> -Original Message-
> From: freeradius-users-
> bounces+panos=comp.lancs.ac...@lists.freeradius.org [mailto:freeradius-
> users-bounces+panos=comp.lancs.ac...@lists.freeradius.org] On Behalf Of
> Panagiot
Hello all,
I am experiencing the following problem when using EAP-TLS and
session resumption. When my client tries to authenticate for the 2nd time
and FR recognizes that it has a valid session for it, it goes on and adds a
cached attribute to the reply (User-Name) thus ending up with two
Hello all,
I am using EAP-TTLS/EAP-MSCHAPv2 to authenticate clients
with a FR 2.1.10 backend AAA server. Requests go over an Access Point
(playing the role of the NAS), then get forwarded to a Proxy AAA FR 2.1.10
server and finally get routed to my backend server. My client is u
Hello everyone,
I am running ubuntu 10.04 that comes with openssl 0.9.8k.
I wanted to upgrade openssl to 1.0.0a, but I have to do this manually as my
OS does not have openssl 1.0.0a in its repository. So I downloaded, build
and installed openssl 1.0.0a from source to /usr/loca
Hi Alexander, all,
Please see below...
> Panagiotis Georgopoulos wrote:
> >
> > #Debug: SSL: adding session
> > 5705534d65ddd08de3b8649528274c1bc4e3d648bef7b643ffaf0f647afcac73 to
> > cache ... what I never ever see though is to try and do session
resumpt
Hello Alexander, all,
Please see inline.
(snip)
> >> >
> >> Have you considered comparing the difference in the RADIUS packets
> >> going to-and-fro in both cases; the one where authentication works and
the
> >> one where it does not? What do you see?
> >
> > Yes I did, although I mostly
Forgot to mention that my FR's full log is here :
http://pastebin.com/VWEaYAhP
Cheers,
Panos
> Hello Alexander, all,
>
> Please see my comments inline...
>
>
> > From: Alexander Clouter [mailto:a...@digriz.org.uk]
> > Hi,
> >
> > * Panag
Hello Alexander, all,
Please see my comments inline...
> From: Alexander Clouter [mailto:a...@digriz.org.uk]
> Hi,
>
> * Panagiotis Georgopoulos [2010-09-24
> 22:33:14+0100]:
> >
> > I wish it was that simple! It seems that when I do
> "use_tunnele
FreeRadius output: http://pastebin.com/p1V1XEVm
> -Original Message-
> From: freeradius-users-
> bounces+panos=comp.lancs.ac...@lists.freeradius.org [mailto:freeradius-
> users-bounces+panos=comp.lancs.ac...@lists.freeradius.org] On Behalf Of
> Panagiotis Georgopoulos
> S
astebin.com/7u1tjbYE
> -Original Message-----
> From: Panagiotis Georgopoulos [mailto:pa...@comp.lancs.ac.uk]
> Sent: Friday, September 24, 2010 04:17
> To: 'FreeRadius users mailing list'; 'Alexander Clouter'
> Subject: RE: Session Resumption fails
>
> Hi Ale
Hi Alexander, all
Thanks a lot for your reply. Please see my comments below...
> Panagiotis Georgopoulos wrote:
> >
> > I have a client machine that authenticates to FreeRadius using
> > EAP-TTLS over Access_Point_1 just fine. When I roam the client to
> >
Hello all,
I have a client machine that authenticates to FreeRadius
using EAP-TTLS over Access_Point_1 just fine. When I roam the client to
Access_Point_2 and tries to authenticate again to FreeRadius, session
resumption seems to be failing with the following error.
Wed
> Subject: Re: Enabling Session Resumption in FreeRadius
>
> Panagiotis Georgopoulos wrote:
> > Then a full EAP-TTLS exchange follows from the
> beginning
> > that succeeds. However, the failure message above Forcibly stopping
> > session resumptio
Hello all,
I have a client that uses EAP-TTLS to authenticate to a
FreeRadius (2.1.8) over different access networks. After some handovers from
one network to another, I see in my FR log that session resumption fails,
and specifically I see :
Debug: SSL C
Hi Alan,
> Panagiotis Georgopoulos wrote:
> > I guess the emphasis on my question above is on *at the same
> time*.
> >
> > Now radiusd.conf explicitly says :
> >
> > # OR, you can use an IPv6 address, but not both
> > # at th
Hello Alan,
Thanks for your replies, they are helpful.
Regarding the last question...
> > c) Is there a plan to get a dual stack FreeRadius? It would be
> > really advantageous to be able to run FreeRadius in both ipv4 and
> ipv6 at the same time.
>
> Uh... it's *alread
Hello all,
I am running FreeRadius 2.1.8 with two NAS clients and a
couple of end devices being authenticated successfully with EAP-TTLS. My
setup was running just fine on IPv4 and I would like to jump to IPv6. My
first trial seems ok, but not ideal, so here are my IPv6 related
Hello John, Alan, all,
>
> John Dennis wrote:
> > We also just discovered a bug with IPv6 usage in radclient (and
> > radtest), you may want to take a look at these two bugzilla's:
> >
> > https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=80
>
> The better fix is to take unknown options st
ne 2010 09:27
> To: FreeRadius users mailing list
> Subject: Re: radtest and IPv6 support
>
> Panagiotis Georgopoulos wrote:
> > I am trying to use radtest to test my freeradius
> > configuration over IPv6. I have configured IPv6 on my freeradius
> server
> >
Hello all,
I am trying to use radtest to test my freeradius
configuration over IPv6. I have configured IPv6 on my freeradius server and
a client machine from which I am firing radtest. However when I issue
"radtest bob hello 2001:db95::100 100 testing123" on my client I get a
37 matches
Mail list logo