On 24/10/11 17:17, Andrej wrote:
On 24 October 2011 21:50, Phil Mayersp.may...@imperial.ac.uk wrote:
Hi Phil,
Thanks for taking the time to respond.
Which location?
/usr/lib64/postgresql
/usr/include/postgresql
Hmm.
What does:
pg_config --includedir --libdir
...say for you?
On 10/24/2011 06:51 PM, Andrej wrote:
pg_config --includedir --l
/usr/include
/usr/lib64
This pg_config is the one from the source you built, yes? There isn't
another copy of pg_config / the headers lying around?
Because with those paths, the build really ought to have just worked.
Weird.
On 10/24/2011 07:02 PM, JennyBlunt wrote:
If I put in default authorize section, the called-station-id is present.
What I just don't understand is why it doesn't work in dynamic hosts and
As per the comments in the sample dynamic-clients:
# The request that is processed through this section
On 10/24/2011 08:06 PM, Jennyanydots Napoleon Shoehorn wrote:
The ultimate intention was to use the mac address of the nas and a nas
specific shared secret.
Do you really need a per-NAS secret?
In your opinion, are there better ways to deal with dynamic clients?
It depends. Can you
On 10/24/2011 08:45 PM, JennyBlunt wrote:
Hello Phil
I guess we don't need a per NAS secret but thought it might help block
any customers we don't need.
We have a load of wifi hotspots on dynamic ips. We know all their nas
Ok, that's about the hardest case I'm afraid.
If you have the option
On 10/23/2011 06:03 PM, Andreas Rudat wrote:
another problem, I tried to test the connection with
ntlm_auth --request-nt-key --domain=foo.bar --username=test --password=test
and get the message
NT_STATUS_INVALID_HANDLE: Invalid handle (0xc008)
Samba problem. Consult the samba docs or
On 21/10/11 10:27, Martin Ubank wrote:
Thanks Fajar.
'campus.ads.uwe.ac.uk' is a DNS alias to 6 AD servers and had been working
previously.
I'm amazed. It shouldn't.
If you have a properly setup AD environment, just let the DNS-based
autodiscovery work.
-
List info/subscribe/unsubscribe?
On 21/10/11 11:10, andreapepa wrote:
Hi all,
As you can see from the attached log, i was tring to do some proxy test,
the server crashed attempting to proxy against a not running freeradius
proxy ( i was only testing proxy action not authentication on other FR
servers) is it normal?
On 21/10/11 13:33, andreapepa wrote:
http://packages.debian.org/search?keywords=freeradius
in this link i can't find any version to upgrade from 2.1.10, can you teel
me how to upgrade to 2.1.12?
Install the compiler and development libraries
Download the source
unpack it
./configure
make
make
On 21/10/11 17:03, Andreas Rudat wrote:
Hi,
I'm using samba as pdc and ldap as user database. That all works fine.
Now I want to use the ldap database for user auth. for radius.
But when I'm looking here
http://deployingradius.com/documents/configuration/active_directory.html
and some other
On 10/20/2011 05:10 PM, Fred wrote:
Hi all,
Is there any way to select proxying or not based on client ip ?
I would like to have
* some nas authenticated locally (in fact via ldap)
* some other nas proxyied to another radius.
authorize {
if (Client-IP-Address == x.x.x.x) {
update
On 10/20/2011 05:52 PM, Fred wrote:
Hello Phil,
Your solution is usable for very small number of NAS ; I will have
many hundreds of nas
It's why I talked about having some variable like virtual_server in
You didn't say that in your original email.
clients.conf (or a custom attr like
On 10/20/2011 05:05 PM, Krzysztof Grobelak wrote:
Hello,
I am having some troubles creating templates with wimax attributes for
users. I created files with atributes in them in the form:
Alvarion-R3-IF-Name += CPEL3Mgmt,
Alvarion-PDFID += 1,
WiMAX-Packet-Data-Flow-Id += 1,
On 10/19/2011 08:41 AM, Fajar A. Nugraha wrote:
has the complete safe_characters needed. Turns out FR uses the
safe_characters from the LAST instantiated sql instance. Manually
putting the sql instances in instantiate section of radiusd.conf, with
the one containing safe_characters I want last,
On 17/10/11 12:26, Vincent, Fabien wrote:
F5-Attr-14 = /[Hexa decimal output starting with 0x …]/
This happens when an unknown attribute is found. The attribute is
assumed to be type octets and is rendered at hex.
*/++ ATTRIBUTE F5-Attr-14 14 octets/*
This won't help at all. This is
On 10/14/2011 10:43 PM, subcon wrote:
I've searched for this sort of posting, but found issues unrelated that
responded to my search string, so I decided to post it here.
OK, currently I have Radius authenticating LDAP users via PAP. Works great.
Imagine I want to store x509 certificate data
On 10/15/2011 03:17 AM, Christ Schlacta wrote:
I've got a handful of windows clients. I'm most concerned about the
Windows 7 machines, but there are a few Vista, and even an XP client. I
want to deploy Machine account certificates for wifi authentication,
so machines will be able to connect to
On 10/13/2011 09:23 AM, siguillaume wrote:
Hi, We have installed a new freeradius with four servers: 02 for
authentification and 02 for Accounting. This plateform is for worked
interactively with three Alcaltel BAS. After configuration, we try with
one BAS, and it's work very well. But, when we
On 10/13/2011 09:31 AM, tonimanel wrote:
Thanks for your answer Alan.
I haver in modules directory radrelay-detail file with this code:
No you don't
# -*- text -*-
#
# $Id$
# Write a detailed log of all accounting records received.
#
detail {
This is a module called detail
Did you
On 13/10/11 10:20, siguillaume wrote:
Ok, Thanks.
We use mysql as database. Each server has his own database server.
The protocols of authentification which are activated: chap, mschap and
eap. But, we are in a test step, so we least all requests to be accepted
by radius.
Again: WHAT is going
All,
We recently upgraded to 2.1.12 and I have at the same time enabled SSL
fast session resumption; in the last 6 days, FreeRADIUS on the server
that is currently handling most of our auth has consumed 27% of the RAM.
Is anyone else running fast session resumption and seeing these
On 13/10/11 13:31, Alan DeKok wrote:
Phil Mayers wrote:
All,
We recently upgraded to 2.1.12 and I have at the same time enabled SSL
fast session resumption; in the last 6 days, FreeRADIUS on the server
that is currently handling most of our auth has consumed 27% of the RAM.
Is anyone else
On 13/10/11 14:49, Alan DeKok wrote:
Phil Mayers wrote:
I am wondering if it's actually unrelated to fast session resumption;
the CPU use has jumped alarmingly too, and doesn't drop back when I
disable session resumption.
Hmm... I don't recall any new use tons of CPU code in 2.1.12
On 13/10/11 18:29, Guillaume Sigui wrote:
What is going slow?
Answer: The response of BAS's requests by freeradius.
Are you deliberately trying to be difficult?
Please give more information. Be specific.
What is a BAS?
What requests is it making? Authentication or accounting?
What
On 12/10/11 15:39, Sergio Belkin wrote:
Hi,
Ssh users are suffering of broken pipe when NASes use the WPA
Enterprise schema. I wonder is I have something misconfigured that is
causing nosense reconnection or thinks alike. Please could could you
help me and take a look to my config and tell me
On 11/10/11 16:08, Roland Hedberg wrote:
Hi!
I have the following problem. A module I have written uses the inner tunnel
User-Name to find information about the user from an outside source.
This user information must be returned in the outer tunnel.
Is this doable ?
Sure.
Set a variable in
On 06/10/11 14:06, Alex rsm wrote:
Hi,
I was told there is a plugin for FreeRadius that can be used to retrieve
the username/password of the EAP request. Is this true?
No.
As others have said, EAP does not usually send the password.
I would advise you go and read up on EAP, and how EAP
On 06/10/11 14:19, Alex rsm wrote:
I agreed, the EAP message sent from Access Point does not send the
password. The client sends the encrypted password.
I think I should ask, how FreeRadius can retrieve the password in 802.1x
authentication mechanism.
FreeRADIUS can read the password from SQL,
On 10/05/2011 07:16 AM, Arran Cudbard-Bell wrote:
No i've talked about this with Alan. The proposed solution is an
enhancement to the detail writer/reader functionality where the
server automagically spawns new reader instances to listen on per
domain detail files.
I guess that's ok, in that
On 10/05/2011 09:26 AM, Alan DeKok wrote:
Phil Mayers wrote:
I guess that's ok, in that it stops an unresponsive realm blocking other
realms, but wouldn't another solution be to add a config item to the
detail reader to drop packets which areX seconds old?
if (Acct-Delay-Time 3600
On 05/10/11 09:56, Arran Cudbard-Bell wrote:
On 5 Oct 2011, at 10:40, Phil Mayers wrote:
On 10/05/2011 09:26 AM, Alan DeKok wrote:
Phil Mayers wrote:
I guess that's ok, in that it stops an unresponsive realm
blocking other realms, but wouldn't another solution be to add
a config item
On 05/10/11 15:49, Jefferson Davis wrote:
Hi all,
Trying to configure our cisco WLC's to play nice with freeradius...
Looking for some pointers to get the two of them talking. Will have
windows, linux, and personal devices like smartphones connecting, though
I suspect the bulk will be
All,
For a long time, I have had a config with this:
sites-enabled/foo:
listen {
...
}
server {
authorize {
..
}
}
sites-enabled/oldfoo:
client xxx {
virtual_server = oldfoo
}
server oldfoo {
authorize {
..
}
}
That is, an un-named virtual server {} block with the config
On 21/09/11 03:11, Christ Schlacta wrote:
Very true, thank you for pointing that out as well.
Note to anyone following:
If you use a certificate signed by a general authority (verisign for
example) then anyone with a verisign cert will be trusted in your place,
and able to authenticate your
On 21/09/11 17:11, Johan Meiring wrote:
-
[sql] expand: SELECT AccountID, Login, 'Cleartext-Password', Password, ':='
[sql] User found in radcheck table
rlm_sql (sql): Released sql socket id: 1
+++[sql] returns ok
++- else else returns ok
WARNING:
On 09/20/2011 06:15 PM, Francois Gaudreault wrote:
Hi Phil,
It's been a while since we did not receive feedbacks about that SoH and
DHCP enforcement. I am just wandering if you had some news about it.
Sorry; I've no time to look into it at the moment. Personal real-life
issues are consuming
On 19/09/11 11:10, Lorenzo Milesi wrote:
hi. can I make a configuration where I have a radius server which
authenticates over an external radius (basically a proxy), but caches
the successful logins, so that known users won't get asked upstream
(at least for a certain time)?
If the
On 16/09/11 16:59, denizaydin wrote:
Hi,
I am using Version 2.1.11 for broadband PPP authentication. I want to put
the unauthenticated users to a default service. I have to revert the
access-reject message to access-accept because once CISCO ISG get a
access-reject from the AAA server it's
On 14/09/11 16:15, Ian Pilcher wrote:
Has anyone used $SUBJECT configuration? I am considering the WG103 for
my home network, and I would really like to use its RADIUS support to
start using real user IDs, rather than shared keys.
I'm an experienced Linux admin (Red Hat RHCA certified), and
On 09/12/2011 10:42 PM, Fajar A. Nugraha wrote:
On Tue, Sep 13, 2011 at 2:42 AM, Alan DeKokal...@deployingradius.com wrote:
Christ Schlacta wrote:
Even if this has not changed, the advantages of storing NASs in a table
is pretty significant. make changes, call quick restart script, done.
On 09/13/2011 08:43 AM, Phil Mayers wrote:
You could also use exec, rlm_perl/python or whatever, all of which can
themselves call SQL.
Or, perform an SQL query that MUST return some output, parse the results
and call the individual SQL modules directly - like so:
I forgot to add; you should
On 13/09/11 08:59, Fajar A. Nugraha wrote:
That's what we currently do (for another purpose, not for dynamic
client). However:
- I lost load-balancing feature that comes with redundant-load-balance
- imagine having to create 8 if-elsif block to properly catch error
when working with 8 sql
On 13/09/11 10:57, Phil Mayers wrote:
On 13/09/11 08:59, Fajar A. Nugraha wrote:
That's what we currently do (for another purpose, not for dynamic
client). However:
- I lost load-balancing feature that comes with redundant-load-balance
- imagine having to create 8 if-elsif block to properly
On 13/09/11 13:23, Majid Dadashi wrote:
Hi,
I have the following platform:
FreeRadius Version: freeradius-server-2.1.11
Installed from source or package?
Source I guess.
OS: Ubuntu 11.04
I did all the instructions in http://wiki.freeradius.org/SQL-HOWTO; to
activate mysql in free radius,
On 09/09/2011 03:00 PM, Scott Hughes wrote:
Hello all,
I have been using FreeRadius for several years now and am stuck trying
to make our Windows based wireless system authenticate PRIOR to user login.
I have searched the FreeRadius and Deploying FreeRadius sites as well as
Google, but no
On 09/09/2011 03:21 PM, nf-vale wrote:
On Windows 7 you can configure pre-login authentication (wireless
connection properties - Advanced settings) both for computer and user.
On XP (with native windows client), I don't think that it is possible to
do that.
This is possible in XP SP3. I can't
On 09/09/2011 04:23 PM, Scott Hughes wrote:
Also, would it be better to get the AD authentication working BEFORE
I attempt to authenticate prior to login or is it the same either
way?
AD auth is a pre-requisite for machine auth. So yes, it would be better
to do that first!
(Please make
On 05/09/11 10:06, Fajar A. Nugraha wrote:
On Mon, Sep 5, 2011 at 3:44 PM, waqwaqqay...@gmail.com wrote:
Dear,
Its my requirement to run more than one radius on a single machine
Why?
Using virtual servers is usually easier. They can listen to different
IP/port, and have different
On 01/09/11 14:53, det.explo...@yahoo.com wrote:
Hi,
Is it possible to proxy based on a group the user belongs to? Or
attribute? Or based on NAS from where the request was received?
Aside from REALM, is there any other criteria that can be used to
decide whether or not to proxy a request?
On 30/08/11 22:53, Danner, Mearl wrote:
Might be the LAN Manager authentication level on the 2K8 servers. It needs to be
downgraded. Probably to Send LM and NTLM.
Samba used to put a note about that in the documentation.
That's related to the LM/NT hashes used to authenticate an SMB
On 30/08/11 21:12, Glenn Machin wrote:
Phil - thanks for the feedback.
I just ended up proxying out to the IAS server usernames starting with
DOMAIN\.
Ok. Obviously that will fail if enters their wireless credentials
without a domain.
I configured the freeradius server to not support
On 31/08/11 12:38, 2394263740 wrote:
For example, WIFI AP 26, has the MAC address MAC26. I need ensure one
WIFI user, say user 58, must connect to WIFI AP 26 for the first time.
After the first connection, user 58 can connect to any WIFI AP in the
network.
Can someone give some advice on how to
On 28/07/11 16:12, Garber, Neal wrote:
I’m running FR 2.1.6 (I know - I plan to upgrade later this year). Is
there anything wrong syntactically with the following code or is this a
bug that was fixed since 2.1.6?
if (Client-IP-Address == 172.20.16.28 || Client-IP-Address ==
172.20.204.10)) {
On 26/07/11 12:00, Samantha wrote:
Guys
Looking for some help in the following scenerio
Fred tries to authenticate a 3g mobile broadband device and I don't have
there id on my radius database so I need to send to another provider who has
the account on their radius database. The other
On 26/07/11 13:21, Mehdi wrote:
Hi,
I am running a Debain server on the domain haskell-solutions.com. I
installed freeradius 2.1.11 on that. As the tutorial suggested I added a
user account to the top of users file bob Cleartext-Password :=
hello and on the seperated terminal connecting throw
On 21/07/11 13:45, Tyller D wrote:
Hi
I would like to run a perl script, using rlm_perl, at specific times.
For example, when a Stop request comes in run stop.pl http://stop.pl,
when an interim-update comes in run update.pl http://update.pl.
Can someone tell me where to do this. I am sorry if
On 07/20/2011 03:35 AM, Moe, John wrote:
I hadn't seen or heard of that file before. Thanks for the pointer.
When I unpacked the sources for FreeRadius
(freeradius-server-2.0.5.tar.gz) that Gentoo used to build the server, I
2.0.5 is old. You want to be running a much newer version.
-
List
On 07/20/2011 03:28 AM, Moe, John wrote:
There are various others, but those are the main ones.
So then, when matching an entry in users, does it look at the request
items, or the config items? When creating an entry, you specify first
things to match against on one line separated by commas,
On 07/20/2011 09:22 AM, DENJEAN Didier wrote:
Hi,
I have some problems with Freeradius and EAP
I use freeradius version 2.1.11 on debian 5
When I start the radius server in debug mode (radiusd -xX), there are no error
(file debug1.txt)
When eduroam server enable connexion on your freeradius
On 20/07/11 11:26, Scott Armitage wrote:
Hi,
I have noticed that when authenticating using TTLS/MSCHAPv2 that the
outer-identity is used in the RADIUS reply packet even if the
use_tunneled_reply is set to yes for TTLS in eap.conf
That's not what we see:
[ttls] Using saved attributes from the
On 20/07/11 14:27, Scott Armitage wrote:
[ttls] Using saved attributes from the original Access-Accept
Reply-Message = Authenticated by Test ORPS
Ok, looking at the debug the reason this is happening is that you are
doing TTLS/MSCHAP, as opposed to TTLS/EAP-MSCHAP.
[ttls] Got
On 07/20/2011 06:07 PM, Francois Gaudreault wrote:
Hi,
I am trying to make the SoH statements to work using the FreeRADIUS
DHCP. However, I have issues to get the SoH values from the NAP client.
Maybe someone will be able to help.
On the client side, the DHCP NAP policy is set to enabled.
On 07/19/2011 05:20 AM, Moe, John wrote:
1) When a RADIUS request gets received by the server, it first looks up
the device in the clients.conf file. If it doesn't exist there, it
ignores the request (with a message being logged saying it ignored the
request).
More or less.
The full version
(|((objectClass=group)(member=/var/log/radiusdap-UserDn}))((objectClass=top)(uniquemember=)))
This is obviously wrong you have a typo somewhere. Probably you have:
%Ldap-UserDN
You should have:
%{Ldap-UserDN}
--
Sent from my phone. Please excuse brevity and typos.
-
List
Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
Ok. I'm not saying these things to be an asshole. The point of moving
to Gollum was that users would be able to contribute to the bundled
documentation. The wiki now serves as a repository for server docs (or
will do once we figure out
Jacob Dawson daw...@vt.edu wrote:
Unfortunately, when you set nostrip in the config, it doesn't add a
Stripped-User-Name attribute to the request, but when you unset it,
rlm_realms adds a Stripped-User-Name attribute and also updates the
User-Name attribute to the same value.
I am 90% sure
On 14/07/11 08:45, Johan Meiring wrote:
On 2011/07/13 06:51 PM, Phil Mayers wrote:
If you are using Samba as your domain controllers, then you have
access to
the SAM and can extract the LM/NT hash from whatever backend you use.
So you can just feed that info straight to FreeRADIUS. No need
On 14/07/11 13:09, Serge van Namen wrote:
Hi,
I'm working on a proof-of-concept for 802.1x and dynamic vlan's on switches.
All this works perfectly with user@realm, but now I want to read the vlan ID from a ldap
attribute and then send the radius request with that value in
On 14/07/11 13:34, Phil Brown wrote:
As far as I can tell, from the reply-detail log below wirehark, Radius
is returning the values. But the support guy is not seeing them on his
wireless server. The first packets he sees are the MS-MPPE- packets.
Can anyone advise as to to get this working.
On 14/07/11 14:30, Palmer J.D.F. wrote:
Hi,
We've started to look at SoH with the intention to implement it for the
new academic session in September, but are having an issue.
Cool (I wrote it)
The server is setup using the example soh-server, but find that the
condition in the example
On 14/07/11 15:31, Arran Cudbard-Bell wrote:
Example condition...
if (SoH-MS-Windows-Health-Status =~ /antivirus (warn|error) /) {
I'm not sure alternate submatches are supported.
I'm fairly sure they are; we use them locally.
-
List info/subscribe/unsubscribe? See
On 14/07/11 15:24, Phil Mayers wrote:
I thought that the =~ regexp operator tried all attributes on the
left-hand side; that is, I thought it looped through until it got
first-match.
If it doesn't, then the idea of squeezing all the SoH data into a
multiple instances of a single text attribute
On 14/07/11 16:04, Edge wrote:
My /sites-enabled/default file - I have just copied the authentication
section as everything else in the file is at default settings
Not necessary or helpful. Full debug (which you didn't provide; you
trimmed the start) is what's needed.
rad_recv:
On 14/07/11 15:59, Palmer J.D.F. wrote:
Thanks Phil Arran,
I keep starting reply emails and another arrives before I get to send
them.
Hehe.
I've tried array hack, that fails even with 'firewall' as the condition.
if (%{SoH-MS-Windows-Health-Status[*]} =~ /firewall/), where as if
On 14/07/11 16:14, Phil Mayers wrote:
On 14/07/11 15:59, Palmer J.D.F. wrote:
Thanks Phil Arran,
I keep starting reply emails and another arrives before I get to send
them.
Hehe.
I've tried array hack, that fails even with 'firewall' as the condition.
if (%{SoH-MS-Windows-Health-Status
On 14/07/11 16:34, Arran Cudbard-Bell wrote:
http://wiki.freeradius.org/NTLM+Auth+with+PAP+HOWTO
How about what I've just put there?
Needs testing, but it should work.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 07/14/2011 06:09 PM, Arran Cudbard-Bell wrote:
1. HTML tags like 'pre' will not be parsed by all renderers, just
because it works in Gollum, doesn't mean it will work with a proper
renderer for that markup format.
For markdown its 3 spaces or a tab in front of every line, for RST
it's
On 07/14/2011 06:11 PM, Arran Cudbard-Bell wrote:
How about what I've just put there?
Neat :) Looks good. Tweaked a few bits and pieces and converted it
back to RST. I wanted this to be bundled with general AD
Back to? There was just an empty page there when I visited, or am I
missing your
On 07/13/2011 04:20 PM, sgilmour wrote:
I just want to make sure I understand this. The only way is to be able to
login to my PC with a Domain is to incorporate freeradius with an Active
Directory server. There isn't a way to do this without using Active
Directory and to have freeradius do
On 07/13/2011 05:40 PM, Johan Meiring wrote:
Just for interest sake...
We use a lot of Samba Domain Controllers (samba3, NT4 style domain)
I should have been more precise: my comments apply to Microsoft domain
controllers.
If you are using Samba as your domain controllers, then you have
On 07/13/2011 06:04 PM, Axford M.F. wrote:
Hi
I'm currently setting up a radius server to authenticate EAP based requests
against Active Directory.
Using Alan Dekok's guide I've got this authenticating mschap based EAP requests
successfully.
I also want to authenticate ttls/pap requests and
On 07/13/2011 05:40 PM, jan.gnep...@t-systems.com wrote:
Access Reject (3), id: 0x17, Authenticator: 436530c99d29615e3a35aa878275a97d
Is it possible that this causes my problem?
No, this is just due to checksum offload. Ignore it.
Jan
Huntgroups:
nexus
On 07/11/2011 10:59 PM, Jacob Dawson wrote:
We're trying to get FreeRADIUS to get at the user info in our Oracle
DB, and it does not appear to be respecting the read_groups = yes
setting in sql.conf.
Are you setting Fall-Through = Yes in radreply?
You need to.
-
List
On 07/12/2011 09:21 AM, Fajar A. Nugraha wrote:
On Tue, Jul 12, 2011 at 2:59 PM, Phil Mayersp.may...@imperial.ac.uk wrote:
On 07/11/2011 10:59 PM, Jacob Dawson wrote:
We're trying to get FreeRADIUS to get at the user info in our Oracle
DB, and it does not appear to be respecting the
On 12/07/11 13:34, Jacob Dawson wrote:
I'll have the time to test it today, but according to this comment in sql.conf,
I shouldn't have to set that, and I'd prefer not to have to set it on every
user in production.
# If set to 'yes' (default) we read the group tables
# If set
On 12/07/11 14:29, Jacob Dawson wrote:
That doesn't make a lot of sense from my quick skim of the config and
the code, as I don't see anywhere that group_membership_query is
group_membership_query is defined in the default configs; or is that not
what you mean?
The call graph is as follows:
On 08/07/11 11:20, Nitin Bhardwaj wrote:
However, one doubt: Shouldn't this code be conditional based on whether
use_tunneled_reply is yes/no. Presently the outer PEAP
does take care of it, is this taken care of in this callback
(mschap_postproxy) ?
No. The code doesn't need to be
On 08/07/11 16:30, Paulo Maia wrote:
Ow i cannot authenticate just the mac-address ? i must have user
and pass ?
Yes. EAP is a challenge/response protocol. You must send correct
responses, and this means you must know the password.
-
List info/subscribe/unsubscribe? See
In 3.x code, We are returning a RLM_MODULE_NOOP from eap_post_proxy() :
582 /*
583 * Just in case the admin lists EAP in post-proxy-type Fail.
584 */
585 if (!request-proxy_reply) return RLM_MODULE_NOOP;
But we are not doing so in 2.1.11 code. We call the MSCHAPv2 callback,
i.e.
On 07/07/11 07:55, Nitin Bhardwaj wrote:
/
Nitin Bhardwaj wrote:
Hi,
Please edit your posts. It's not nice to go through hundreds of lines
of garbage in order to read the *real* content of the message.
/Alan,
I posted the output of radiusd -X in the previous message as is the
Yes. Then,
On 07/07/11 09:51, Equin Nix wrote:
Hi,
I am trying to set up something very basic (at least from my point of
view): I would like to have a User with multiple passwords (two
actually). How would I do this? I tried the following:
/alice Auth-Type=Local, Cleartext-Password := test1
alice
On 07/07/11 13:18, Equin Nix wrote:
Hi Phil,
thanks a lot for the fast answer! Unfortunatelly your radius-skills seem
to be far far from mine, but I think I get the point.
I tried to add the following to /sites-enabled/default/ (int authorize
section) (Its not a full copy of your text, I
On 07/07/11 14:43, Nitin Bhardwaj wrote:
Thanks Phil.
I found this recent patch added to 2.x, regarding inner-MSCHAP broken:
https://lists.freeradius.org/pipermail/freeradius-users/2011-April/msg00295.html
Yes, that's what I was thinking of.
I think this patch fixed the original issue,
On 07/05/2011 02:52 PM, jan.gnep...@t-systems.com wrote:
Defining all three server whithin one section in modules/ldap
ldap { server = IP ldap-1 IP ldap-2 IP ldap-3 .}
And setting just ldap within authorize and authenticate:
With this config an other ldap server is choosen, if the one
On 07/05/2011 06:03 PM, Nitin Bhardwaj wrote:
Hello All,
I'm using FreeRADIUS 2.1.11 as a proxy for authenticating PEAP
clients with RADIUS server not supporting EAP.
All is working well except that when I use
proxy_tunneled_request_as_eap = no in eap.conf, FreeRADIUS is not
passing back all
Does anyone know if it's possible to persuade ./configure to work from
within subdirs? I keep flipping back and forth between master and v2.1.x
and it would be nice to be able to re-use builds without having to have
two git repos associated hassles.
I've seen syntax like this work on some
On 30/06/11 15:59, Alan DeKok wrote:
Phil Mayers wrote:
Does anyone know if it's possible to persuade ./configure to work from
within subdirs? I keep flipping back and forth between master and v2.1.x
and it would be nice to be able to re-use builds without having to have
two git repos
On 06/29/2011 03:46 PM, jan.gnep...@t-systems.com wrote:
What is your net_timeout set to?
net_timeout = 1
timelimit = 2
timeout = 4
For testing i added a hostroute to an other gateway (=host unreachable)
Unfortunately, when you supply1 LDAP server, this is handled
internally by libldap,
On 06/28/2011 08:41 AM, Marco Londero wrote:
Hi folks,
I have a problem in my freeradius setup and I'm looking for some hints
about that.
Scenario:
1) GNU/Linux client w/ WPA supplicant configured to request access through
EAP-TLS using a certificate (in order to achieve 802.1x ethernet
On 06/27/2011 09:29 PM, Ken Felix wrote:
Can anybody post a simple howto with regards to using groups within
freeradius? What we would like todo is restricted some user from
logging into various firewalls. I've created usergroups and defined
Which version of FreeRADIUS are you using?
801 - 900 of 1979 matches
Mail list logo