It doesn't hurt to try adding it again :)
I'm pretty sure it needs to be in both:
http://lists.cistron.nl/pipermail/freeradius-users/2011-July/msg00447.html
Yes, that worked. I am now able to authenticate local users with radtest.
Thanks
-
List info/subscribe/unsubscribe? See http://www
Since it's not marked as stable, it's not built by default. Try
rebuilding it, but this time using
./configure --with-experimental-modules | tee configure.log
... then look at configure.log, see what it says about rlm_opendirectory.
Thanks. I now have the opendirectory module working.
OK... you made a change to the file which created that error. Is it a
secret? Or did you think we could guess what you did wrong?
Johan informed me I misunderstood your original instructions and I was
not to put anything under "Authenticate" of the inner-tunnel. I removed
what I h
Read again.
list it in the "authorize" section
not the "authenticate" section
My mistake. I thought the word "And" meant do both, based on my question.
Removed from "authenticate" and listed "opendirectory" under "authorize"
of inner tunnel.
I now get the following error:
/usr/local/e
And then list it in the "authorize" section.
What is the proper syntax for adding the opendirectory module? I am
getting errors when attempting to start radius:
/usr/local/etc/raddb/sites-enabled/inner-tunnel[195]: Entry is not a
reference to a module
/usr/local/etc/raddb/sites-enable
On Mac OS X Server, configure the "opendirectory" module.
Do you mean just enable the module? The module itself says:
# This module is only used when the server is running on the same
# system as OpenDirectory. The configuration of the module is hard-coded
# by Apple, and cannot
uot;Access-Reject" errors when using local credentials. What
documentation specifically addresses authenticating local users?
Raymond
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks for the pointers. Freeradius is working fine now against OD.
How would I disable the old radius start up script and enable the new
one instead?
On 03/04/2011 10:35 AM, Alan DeKok wrote:
Raymond Norton wrote:
Thanks. I understood that. It seems there was an old version of
Thanks. I understood that. It seems there was an old version of
freeradius installed on the server by default. I'm no mac head, and am
trying to figure out how to remove it.
On 03/04/2011 10:10 AM, Alan Buxey wrote:
Hi,
tls: dh_file = "/private/etc/raddb/certs/dh"
tls: random_file =
It seems freeradius 1.3 was already installed automatically when the
server was first setup. and I just installed version 2.1.1 from source.
Do you know off hand how to uninstall the old version?
Not finding how to do that.
On 03/04/2011 09:33 AM, Alan DeKok wrote:
Raymond Norton wrote
I have a tendency to over complicate things with freeradius, so I will
just post my error on my first start up:
I understand the dummy certs are created when launching radiusd -X, but
not sure how to fix the missing dh file without creating new ones. Is
the unknown module "eap" error because
I am trying to install freeradius-2.1.0 on a mac server (10.5.8). Make
runs fine, until it gets to the errors below. I am not a mac guy, so not
sure where to look for the cause of the error.
Making all in rlm_perl...
/usr/bin/make -C rlm_perl all
/Users/raymond/Downloads/freeradius-server
That is the one post I did find, but thought it was based on the users
setup.
Thanks
On 02/28/2011 02:50 PM, Alan Buxey wrote:
Hi,
Is there a good howto on setting up freeradius to work with Open
Directory?
(Freeradius will be on stand alone box)
..needs to be on same box as Open dir
Is there a good howto on setting up freeradius to work with Open
Directory?
(Freeradius will be on stand alone box)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
he tutorial and edit the path and domain items.
On 02/18/2011 10:01 AM, Alan DeKok wrote:
Raymond Norton wrote:
Just curious if the hyphen is supposed to be in front of the domain
name on this line:
Yes. "man unlang". Look for ":-"
ntlm_auth = "*/p
Just curious if the hyphen is supposed to be in front of the domain
name on this line:
ntlm_auth = "*/path/to/ntlm_auth* --request-nt-key
--username=%{mschap:User-Name:-None}
--domain=%{%{mschap:NT-Domain}:-*MYDOMAIN*}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-
I configured both default and inner-tunnel during the tutorial. I will
check into testing MS-CHAP. Just want to verify if this is how it should
look in the enabled sites:
Auth-Type NTLM_AUTH {
ntlm_auth
}
On 02/18/2011 12:45 AM, Alan DeKok wrote:
Raymond Norton
s on 64bit.
Hoping it is just a config option I missed.
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for raymond with NT-Password
[mschap] FAILED: No NT/LM-Password. Cann
I am using Fire Fox. Don't know what to say. All other pages worked
yesterday. The page came up fine today.
Good to go
On 02/17/2011 03:04 AM, Alan DeKok wrote:
Raymond Norton wrote:
I get an empty page for this link:
http://deployingradius.com/documents/configur
I get an empty page for this link:
http://deployingradius.com/documents/configuration/active_directory.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
=umhb@lists.freeradius.org]
*On Behalf Of *Raymond Norton
*Sent:* Wednesday, February 16, 2011 12:04 PM
*To:* FreeRadius users mailing list
*Subject:* wiki question
I am working through the following wiki:
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO#Set_up_the_Linux_server
Make sure that the following lines are uncommented and that the value is
the same as indicated here.
authtype = MS-CHAP
with_ntdomain_hack = yes, etc..
I don't have any of this info in radiusd.conf, so do I add all of it, or is
this info contained elsewhere?
Is there any way to use some sort of revision control for .deb
installs, outside of snapshots on a VM?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Couldn't get "make" or ./bootstrap to work, even though I have
build-essentials installed and am running commands as root.
Plan B for simple eap (If you are getting certificate errors when
starting freeradius):
I know this is a hack, but it worked the first time for me.
Remove all files and
I had installed openssl and freeradius (deb package) on Ubuntu 10.04,
but had made a mess of things and decided to just purge everything and
start over. Freeradius will not start now, because the symlinks and
radiusd.conf file were not reproduced.:
rlm_eap: SSL error error:02001002:system li
t;
I would like to run radtest against the mac address too, so I can be
sure things are working before adding in the wireless AP.
It is erring out because I am not using a password ???
Raymond
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
device, but I am curious if there is a config change I need
to make on freeradius to accommodate passing mac addresses to ldap
rather than user credentials?
(I want to use ldap for authentication instead of adding the host info
to the config of freeradius.)
Raymond
-
List info/subscribe
Got things working (yeah!)
Had to reset the users password with ldappassword. For some reason
freeradius couldn't read what was exported to the ldif file. Once I
changed passwords with ldappassword, radtest and WPA worked perfectly.
Also had to comment out this line in /etc/ldap/slapd.conf:
It happens that way when you're new sometimes :)
The last couple posts helped.
I am now able to get an "Accept" message when connecting with the rootdn
user. Working on getting other users to authenticate now.
Thanks for your patience and help.
Raymond
On 6/24/2010 3:57
I have been reading and looking at similar post non-stop and have an
idea what is wrong, but am not sure how to fix it.
I understand there may be a need to map ldap and radius attributes and I
have found a couple examples, but I am not entirely sure what the
changes should be.
It seems the o
No. This is a new install. Nothing has been copied over.
Thanks for the pointers.
I will keep working at it.
I hope you didn't just copy 1.x configuration over to 2.x, they aren't
compatible.
I see from your debug output you're running 2.1.0 but the current
version is 2.1.9. To the bes
33 AM, John Dennis wrote:
On 06/24/2010 12:21 PM, Raymond Norton wrote:
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that
the user is configured correctly?
You don't have the userPassword mapped in /etc/raddb/ldap.
I misunderstood the instructions. Made the change, and I see now that I
am at least connecting to the ldap server, but still getting rejected.
I changed the basedn to ou=People,dc=lctn,dc=org for this test.
(ldapsearch is below)
FreeRADIUS Version 2.1.0, for host i486-pc-linux-gnu, built on
oad
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
}
radiusd: Opening IP addresses and Ports
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
Got debug working with /usr/sbin/freeradius -X
On 6/24/2010 10:32 AM, Raymond Norton wrote:
That brings me back to my first post-no radiusd.
On 6/24/2010 10:26 AM, Phil Mayers wrote:
On 24/06/10 16:23, Raymond Norton wrote:
Yes, but when I try to use -X , it says:
Usage: /etc/init.d
That brings me back to my first post-no radiusd.
On 6/24/2010 10:26 AM, Phil Mayers wrote:
On 24/06/10 16:23, Raymond Norton wrote:
Yes, but when I try to use -X , it says:
Usage: /etc/init.d/freeradius start|stop|restart|force-reload
That's the init script. Run the daemon dir
Yes, but when I try to use -X , it says:
Usage: /etc/init.d/freeradius start|stop|restart|force-reload
On 6/24/2010 10:18 AM, Alan DeKok wrote:
Raymond Norton wrote:
The FAQ says to use radiusd -X> debug.txt for debug.
I get the following:
The program 'radiusd' can be
The FAQ says to use radiusd -X> debug.txt for debug.
I get the following:
The program 'radiusd' can be found in the following packages:
* radiusd-livingston
* xtradius
* yardradius
Is there another way to launch debug mode in version 2.1?
-
List info/subscribe/unsubscribe? See http://
Whoops... /modules/ldap is on the local freeradius server, not the the
remote ldap server.
/modules/ldap: (on remote ldap server)
ldap {
server = "10.10.3.1"
basedn = "dc=lctn,dc=org"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
/etc/ldap/slapd.conf (on re
ldapsearch -x -b uid=billy,ou=People,dc=lctn,dc=org (on remote ldap server)
Command successfully displays information on user.
radtest raymond "password" 127.0.0.1 1 testing123 (on freeradius server)
Displays local user info
radtest billy "password" 127.0.0.1 1 testin
something. Is there a good doc for ldap authentication on a
remote host?
Raymond
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The default supplicant behavior in Windows XP is PEAP using the logged-in
user's credentials. I use 802.1x for VLAN switching and I use other methods to
identify which VLAN a machine should be in, so I don't care to validate a
username/password. Can FreeRADIUS authenticate everyone in an 802.1
Hi,
I'm trying to set my server up to authenticate everyone in an 802.1x/PEAP
environment without regard to the credentials they provide. Can this be done
with FreeRadius? I'm on version 2.1.3.
Thanks!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
t: Re: Force user disconnect on
> NAS> From: [EMAIL PROTECTED]> > J-P Raymond wrote:> >> > Question,> > > > Is
> it possible from the radius server to force a user to disconnect ?> > > > If
> yes what do I need to do that ?> > &g
Question,
Is it possible from the radius server to force a user to disconnect ?
If yes what do I need to do that ?
Normal
Client --> NAS --> Radius server
I would like to send a request
Radius server --> NAS X Client
Thanks for your time
__
FreeRADIUS Version 1.1.6 Rhel3
I hope it's an easy one
I've my server setup authentication is working fine but I have no log in this
directory
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
The Client-IP-Address directory exist (automatic) but I've no detail-xxx files
in
Set "reject_delay" = 0 was my problem !
Thanks for your answer Alan
> Date: Sat, 3 Nov 2007 00:35:14 +0100start vs Radiusd start> > > > When I :
> radiusd -X start the process work fine> > > > When I : radiusd start the
> process times out ???> > Set "reject_delay = 0".> > It's fixed in 2.0-pr
Hi evr,
I'm currently experimenting on freeradius 1.1.6 (on rhl3) my setup seams to be
working fine except a little bug !
I'm using a software to monitor freeradius from the outside this soft is called
(Whistle Blower running on a mac)
This soft attempt to validate a user called Whistle
> > I'm using freeradius 0.9.3 (mandrake 10) to authenticate pppoe users ! > >
> > > > When a juniper equipment try to authenticate it fails! (most other
> > brand > > succed) They told me the field order are not send in the good
> > order...> > First of all, I have no idea what you are doing
Hi, small question
I know my version is old but I didn't had any problem until recently !
I'm using freeradius 0.9.3 (mandrake 10) to authenticate pppoe users !
When a juniper equipment try to authenticate it fails! (most other brand
succed) They told me the field order are not send in t
Hi Michael + group,
Tanks! It works great now. I properly just need another cup of coffee...
\raymond
-Original Message-
From: Michael Markstaller [mailto:[EMAIL PROTECTED]
Sent: 10. september 2004 11:41
To: [EMAIL PROTECTED]
Subject: RE: Logging Access-Reject in SQL
sure, nothing is
Hi group,
Is it possible to get FreeRadius to log Access-Reject
in the radpostauth sql table? Any hints are welcome.
\raymond
Hi group,
I’m currently in the process of testing FreeRadius
with MySQL backend.
Is it possible by some Attribute in the DB, only to
allow a user to log on from one NAS? Or is it possible to find another workaround
to this. All URLs and comments are welcome.
\raymond
> hi all ,
>
> i am trying to use radius with apache.
> i have tried the method that on
> http://www.freeradius.org/mod_auth_radius/
> i have configured without any error
> but when i run the radius and apache
> anybody can enter the web srever without any Authorization Request
> i don't know which
hi all ,
i am trying to use radius with apache.
i have tried the method that on
http://www.freeradius.org/mod_auth_radius/
i have configured without any error
but when i run the radius and apache
anybody can enter the web srever without any Authorization Request
i don't know which part i done wro
anyone explain it for me, please?
Best regards,
Raymond
Hi
Would anyone tell me what is the unit of AcctInputOctets, AcctOutputOctets in table radacct?
Is it byte, kbyte, mbyte?
Thanks,
Raymond
='username1'
Then sum caculate AccInputOctets and
AccOutputOctets for both download and upload.
Regards,
Raymond
libraries!)
are in the search path of your system's ld.radiusd.conf[14]: sql: Module
instantiation failed.
Does anyone know the reason of it?
Regards,
Raymond
Hi,
Does anyone know how radius does authentication? Is
there any program that do authentication. Or should we manually
authentication program in radius.
And same kind question is how radius records
usage into accounting table.
Many thanks,
Raymond
Hi,I am tring to write a PHP script for daily
download and upload usage meter.I just wondering if I can find an
existing script or example that I can follow.Or anyone can public an SQL
for quering script for download/upload usage.Best
regards,Raymond
HI,
Can I follow you doc to install free radius in MANDRAKE 9.2
Cheers,
Raymond
- Original Message -
From: "Laurent RAYSSIGUIER" <[EMAIL PROTECTED]>
To: "FREERADIUS" <[EMAIL PROTECTED]>
Sent: Thursday, February 19, 2004 2:51 AM
Subject: FREERADIUS WIT
Hi Jeff,
It looks nice.
Could you please let us know how to install evild.
Regards,
Raymond
- Original Message -
From: "Jeff Warnica" <[EMAIL PROTECTED]>
To: "freeradius" <[EMAIL PROTECTED]>
Sent: Thursday, February 19, 2004 10:28 AM
Subject: Re:
Hi,
I am tring to write a PHP script for daily download and upload usage meter.
I just wondering if I can find an existing script or example that I can
follow.
Or anyone can send me an SQL for quering download/upload usage.
Best regards,
Raymond
-
List info/subscribe/unsubscribe? See http
Does anyone have any experience with confirgure radius and ADSL. Where can
I get specific intruction of setting up radius and mysql for ADSL.
Regards
Raymond
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I am beginer of radius.
How does radius record user download usage.
In radius accounting table, which field does record user download usage.
CREATE TABLE radacct (
RadAcctId bigint(21) NOT NULL auto_increment,
AcctSessionId varchar(32) NOT NULL default '',
AcctUniqueId varchar(32) NOT NULL
66 matches
Mail list logo