RE: Cisco WLC - Freeradius Vlan assigment problem

>Hi, > >are you running the preprocess module? if not, then Huntgroups arent looked at >or populated > > >alan Yes, is running, in fact without WLC , work fine. -- -- Silvero Martin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Cisco WLC - Freeradius Vlan assigment problem

> ++- if (!Huntgroup-Name) returns ok ++? if (Huntgroup-Name == "list") > (Attribute Huntgroup-Name was not found) > >the problem seems to be your huntgroup.. Can you post your huntgroup >definitions? >-- >Jens Weibler >IT-Services Hi, In huntgroup I just have: ... # Usuario = xxx xxx l

Cisco WLC - Freeradius Vlan assigment problem

Hi Matthew, I checked that out and it's configured as you suggested. The AAA Override option is enabled. The vlan attributes are these: Tunnel-Type = VLAN Tunnel-Medium-Type = IEEE-802 Tunnel-Private-Group-Id = VLAN_ID It works fine when we use the AP against the radius server, but when we use

Cisco WLC - Freeradius Vlan assigment problem

E-802 Tunnel-Private-Group-Id:0 = "249" EAP-Message = 0x010900221a0109001d10cc9cc5bb2b5812cf48051342472ad3af6663616e616c6573 Message-Authenticator = 0x State = 0xab42e29bab4bf81ef23bc50dea94c334 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 119 to 10.32.2.81 port 32768 EAP-Message = 0x0109004b1900170301004075cf3c75c7a8311c01bc5581aac330e49586ce6e0001e8add345d7773aeeacba61b235c462fe0966e565d9e6279f111bf94fa3d8a4bff8a4ce82ab24d65f9c31 Message-Authenticator = 0x State = 0xcb0bb3aacd02aab2864a9aacb255d323 Finished request 48. Going to the next request Waking up in 4.9 seconds. * Thanks for all. -- -- Silvero Martin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Freeradius with Cisco Wireless Controller

Hi, I use freeradius with cisco access point and vlans assignment, work fine but now I try to use Cisco Wireless Controller and the vlan assignment dont work. Can you help me? I send the logs: Many thanks! Log without acces points and wireless controller: server inner-tunnel { +- entering

Re: Freeradius-Users Digest, Vol 52, Issue 81

ail.gmail.com> > Content-Type: text/plain; charset="iso-8859-1" > > Hi, > > At present our radius servers getting traffic of more than 3 million users. > We have only two radius servers and one mysql server active. The server > crashing whenever more traffic comes. Due to mysql overload and slow I'm > planning to use detail module for accounting and then take these details > and > parse then put in database using program/script. Does this helps? Is there > any script already available in freeradius? > Does palcing one more radius server and using mysql clustering helps? > > Please suggest. > > Thanks, > Rams. > -- next part -- > An HTML attachment was scrubbed... > URL: < > https://lists.freeradius.org/pipermail/freeradius-users/attachments/20090818/bccf1a41/attachment.html > > > > -- > > Message: 7 > Date: Tue, 18 Aug 2009 15:33:09 +0100 > From: Alan Buxey > Subject: Re: accounting through detail module help > To: FreeRadius users mailing list > > Message-ID: <20090818143309.ga32...@lboro.ac.uk> > Content-Type: text/plain; charset=us-ascii > > Hi, > > > At present our radius servers getting traffic of more than 3 million > users. > > We have only two radius servers and one mysql server active. The server > > crashing whenever more traffic comes. Due to mysql overload and slow I'm > > planning to use detail module for accounting and then take these details > and > > parse then put in database using program/script. Does this helps? Is > there > > any script already available in freeradius? > > Does palcing one more radius server and using mysql clustering helps? > > use the detail module and let FR deal with handling the detail module. > > you can speed up the MySQL using eg batter indexing and better storage > engine > > alan > > > > -- > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > End of Freeradius-Users Digest, Vol 52, Issue 81 > > -- -- Silvero Martin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

packet freeradius-mysql for RH

Hi list! I need the packets freeradius-mysql... I have this: freeradius-mysql-1.1.3-1.2.el5.i386.rpm but my freeradius is 2.1.3 and this rpm don´t work. I have Red Hat 5.1 Somebody have any idea where I get this packet? My problem is this: **Could not link driver rlm_sql_mysql: rlm_sql_mysql.

Filter ldap group´s

Hi my problem is I am trying to configure authentication with ldap + VLAN. according to the group the user is connected to what I want to send a VLAN, you need to know to begin testing is where I set this filter, I set in to ldap file? I already created some rules in the authorize section of inne

Re: Rules in policy.conf

for example in the policy file type: permit_only_eap { if (Calling-Station-Id==001f.3c22.674a) { ... here, depending on the mac, is due to the user a VLAN } this would be after the auntenticacion for PEAP-MSCHAPv2 with us

Rules in policy.conf

Hi list. I want to know if I can handle VLAN's on file policies and create a conditions with Calling-Station-Id this should be make after the authentication with user and pass. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Conf PEAP

>- and how, exactly, does the EAP tunnel get set up if you dont >have a common certificate to enable such a construct? you've got >to have a CA - and, if done properly, you've got to have the validate >check as well! Suppose a person who comes from outside the company, and wants to conne

Re: Conf PEAP

>>[peap] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca >>TLS Alert read:fatal:unknown CA >>TLS_accept:failed in SSLv3 read client certificate A >But your problem has nothing to do with the user. You haven't imported >the ca certificate onto the users machine. At least not the correct one.

Conf PEAP

Hello gentlemen I am configuring PEAP and there is not much information about it, Should I add a user in the user file alone? If default is configured with EAP, what should I modify another file? thanks. logout: rad_recv: Access-Request packet from host 10.10.1.21 port 1645, id=220, length=15

Re: Radius log files

Hi I have the same logout when I do "radiusd -X" If I find a solution or some I telll you. if you find some tellme =) Bye! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

My error:

Hello! but this log are of Radius, you tell me a problem is in the supplicant? but I try with many supplicant and I have the same error. Ever had a case like this? because I come with this problem long ago and do not get results despite dealing with various forms and follow the documentation. t

My error:

rad_recv: Access-Request packet from host 10.0.16.4 port 1645, id=6, length=136 User-Name = "test" Framed-MTU = 1400 Called-Station-Id = "0019.2fdb.9d00" Calling-Station-Id = "001f.3c22.44c5" Service-Type = Login-User Message-Authenticator = 0x8185244

Re: Problems in TLS

then what I want to say is that this configuration is for users who are not in a domain. But if users are in a domain? besides, I need is a certified master who serves me, or for users who are not in a domain. What sugeris me? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/u

Re: Problems in TLS

But that means that the authentication is successful? If I have the NAS and Supplicant improperly set, I do not understand because it rejects the response radius. What do these lines?: rlm_realm: No '@' in User-Name = "cert", looking up realm NULL rlm_realm: No such realm "NULL" Thank

Problems in TLS

Good day. After testing several options, I got this error: Does anyone have any suggestions? thank you very much. rad_recv: Access-Request packet from host 10.0.31.40 port 1645, id=1, length=136 User-Name = "user" Framed-MTU = 1400 Called-Station-Id = "0019.2fdb.9e00

any other suggestions?

I want to achieve is to create a certificate for several machines and use TLS - I created all the certificates as they said in README, I tried and nothing. - I created the certificates according to README and follow some tips here: https: / / lists.freeradius.org/pipermail/freeradius-users/2008-

Error in the negotiations certificates

Hello again (I was sick) > There is an EAP-TLS "howto" on the FreeRADIUS web site (type "EAP-TLS > howto" into google). It may help. Alan ok, this is the HOWTO I was watching and following to create the certificates and that's why I try to find some other suggestions to the problem for me, >

Error in the negotiations certificates

I mean, what I want to achieve is to use tls with certificates for the PC's that want to connect AP of entry, this creates certificates with the following reference: https://lists.freeradius.org/pipermail/freeradius-users/2008-October/msg00553.html license = certificates for tls , sorry my english

Error in the negotiations certificates

well! it worked! Now my problem is that since the notebook I get an error: "Server mistaken identity - failed authentication" The truth is that I followed the steps recommended me to create the certificates, the amount to the notebooks, but the error continues. that is, I know it is wrong license

Error in the negotiations certificates

ok, this is out when i write "radiusd -X -x" : Mon Oct 20 12:08:36 2008 : Info: FreeRADIUS Version 2.0.5, for host x86_64-unknown-linux-gnu, built on Sep 3 2008 at 17:32:08 Mon Oct 20 12:08:36 2008 : Info: Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. Mon Oct 20 12:08:3

Error in the negotiations certificates

In that case, disable the module md5 because I just want to use tls? Why does the error that I showed you? certificates? thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Error in the negotiations certificates

Good day mate. Well, finally understood what I recomendastes and I did, I created a package with server.pem ca.pem and then convert it to. der, the amount to the notebook but this time gave an error with the validation of the server: rad_recv: Access-Request packet from host 10.0.31.40 port 1645

Error in the negotiations certificates

I know, but what he does not understand is how to referee when you talk about "cabundle" because what I have in / cert are the certificates that I made in the steps of README, which I did not serve for windows, that the back to delete? when I run the command openssl x509-inform PEM-in-outform DER c

Error in the negotiations certificates

Do you referred to this line? ca.der: ca.pem openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Error in the negotiations certificates

Good day, I was watching the file cert/Makefile to be able to solve my problem but the truth is that according to what I saw I could not understand must be done to achieve conversion certificates, is it a script? tell me if I am wrong: XP does not rely on the certificate then we must convert, fol

Error in the negotiations

Is this the issue that you say?: Re: CA.all and CA.certs in Freeradius 2.x - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Error in the negotiations

Any suggestions for this topic guys? thanks!!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Error in the negotiations

This is the error when the user tries to connect seems an error of certificates but are well installed: thanks!!! Going to the next request Waking up in 2.9 seconds. rad_recv: Access-Request packet from host 10.0.31.40 port 1645, id=68, length=144 User-Name = "msilvero" Fram

The client does not connect _*_*_*_

I apologize to you for not knowing English well, I live in Argentina and my native language is spanish (I doubt you know Spanish), if you are unable to interpret what I am trying to say is your problem with your gray matter , but please if I express ticket that I am not wrong understanding and can

The client does not connect _*_*_*_

yes, I imported "client.p12" and "ca.der" to the notebook, the checked again and are fine - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

The client does not connect _*_*_*_

Well, monitoring and testing in the log have this: Going to the next request Waking up in 2.9 seconds. rad_recv: Access-Request packet from host 10.0.31.40 port 1645, id=68, length=144 User-Name = "msilvero" Framed-MTU = 1400 Called-Station-Id = "0019.2fdb.9e00" C

The client does not connect _*_*_*_

ok tnt, I try that with the application, testing and do you notice. Thank you very much! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

The client does not connect _*_*_*_

the problem is... when I want to connect from the notebook to the network radius, asking me to configure the profile to the type of authentication, and so on. what set everything is ready and when I try to connect but does not connect to the server and are not recorded requests. on the server are

The client does not connect _*_*_*_

I do not understand what I want to say - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

The client does not connect _*_*_*_

hello!! Well, as was the theme for the month so again clarify the principle also returned thread. The server is installed and tested it with the "test" and walk in perfect condition. I configured the radius in the client (access point) and a local user testing, the user is in a notebook in whic

The client does not connect _*_*_*_

ruteables. Pinging responds well. What could be the problem? -- -- Silvero Martin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

The client does not connect _*_*_*_

el access point tiena la IP 10.0.31.40 y esta incluida dentro de raddb/client.conf, olvidemos la IP 10.0.42.250 porque me conecte a esa red para otro tema. El servidor esta en la 10.30.1.x y no hace falta que esté en la misma red porque son VLAN ruteables. Haciendo ping responde bien. ¿cual podria

The client does not connect _*_*_*_

Yes, tried to ping and responds quickly and without losses. Also I did from the server and also responds. What could be the problem? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

The client does not connect _*_*_*_

in fact this IP (10.0.42.250) is another network which is connected to the notebook, which I have done now is to disconnect from the network and try to connect to the radius of the outcome this time is that in the radius server does not There is movement and the tool NTRadPing I get: "no response f

The client does not connect _*_*_*_

The firewall is disabled, and probe with the tool NTRadPing and the result in the radius is as follows: Thu Sep 25 12:49:16 2008 : Debug: Ignoring request to authentication address * port 1812 from unknown client 10.0.42.250 port 1083 Thu Sep 25 12:49:16 2008 : Debug: Ready to process request

The client does not connect _*_*_*_

Good morning! I am with a new problem, I feel like I'm close. My problem now is that set in a notebook the connection to authenticate with tls but not connecting, I am not showing any error, just does not connect, you run into the radius with "-x" and is waiting for requests. Why is this wrong?

WARNING! No "known good" password found for the user

Is what we mean is that access point is wrong? Is this bad set? Is this bad or configured in the notebook user? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

WARNING! No "known good" password found for the user

Hello comrades again. I have been presented the following problem and by what I see is a user problem, teachme if I am wrong. The theme is already created certificates and installed on the user as I read in the howto but does not connect to the network. I put all passwords equally by the doubts, w

Problems with the authentication TLS

TNT perfect!! thank colleagues for their help, and we want to try it in my next doubt! thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Problems with the authentication TLS

already achieved what !, restart the service, I started from scratch, cree certificates again. said the error was like your . was the password, which is in eap.conf Now I have a doubt AT THE howto tls two files that need to install the computer user is "root.der" and "cert-clt.p

Problems with the authentication TLS

I wrote the documentation as redundancy, forgiveness if disturbed. What can be wrong password CA file? I got one at random, should be like any other? thanks!! -- -- Silvero Martin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Problems with the authentication TLS

the truth is that follow in the footsteps of the file certs / readme I looked at the howto -> http://freeradius.org/doc/EAPTLS.pdf and says nothing of the buildup of certificates. I follow these steps: README ***

error when created client certificates

hello again!! =) when i run "make client.pem", according the file certs/README, have this error: [EMAIL PROTECTED] certs]# make client.pem openssl req -new -out client.csr -keyout client.key -config ./client.cnf Generating a 2048 bit RSA private key ..

Problems with the authentication TLS

t; ca.der and client.key? why is the extension of certificates than used for the users? thanks!! -- -- Silvero Martin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Problems with the authentication TLS

locking = no log_packet_header = no } Module: Instantiating attr_filter.accounting_response attr_filter attr_filter.accounting_response { attrsfile = "/usr/local/etc/raddb/attrs.accounting_response" key = "%{User-Name}" } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } } radiusd: Opening IP addresses and Ports listen { type = "auth" ipaddr = * port = 0 ERROR: Failed to open socket: cannot bind socket: Address already in use /usr/local/etc/raddb/radiusd.conf[236]: Error binding to port for 0.0.0.0port 1812 Why is this wrong? I triyin with user root -- -- Silvero Martin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Problems with the authentication of users and certificates TLS

oh ok! but the user whit i trying to run radiusd is root, why say that? is posible? thanks you! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Problems with the authentication of users and certificates TLS

alan!! and install the new version and the probe, probe with radtest and I get this: Sending Access-Request of id 236 to 127.0.0.1 port 1812 User-Name = "test" User-Password = "testing123" NAS-IP-Address = 10.30.1.104 NAS-Port = 1812 rad_recv: Access-Accept packet f

Problems with the authentication of users and certificates TLS

ouch!! ok, change the version and started again :S Like thank you very much! -- -- Silvero Martin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Problems with the authentication of users and certificates TLS

1 root root 2764 Aug 20 15:44 root.pem should they have to install certificates is not what (I Wxp service pack 3) they occur any idea? -- -- Silvero Martin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

TLS_accept:error in SSLv3 read client certificate A

the method is eap+tls, ticket that need to know and what post. thanks!!! -- -- Silvero Martin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

TLS_accept:error in SSLv3 read client certificate A

failed in a system call (-1), TLS session fails. Thu Aug 21 11:14:56 2008 : Error: rlm_eap_tls: BIO_read failed in a system call (-1), TLS session fails. someone could give me a hand please, thank you very much now. -- -- Silvero Martin - List info/subscribe/unsubscribe? See http

Re: Sending Access-Request of id 42 to 10.0.6.29 port 1812 User-Name = "test" User-Password = "testing123" NAS-IP-Address = 10.30.1.104 NAS-Port = 1812 rad_recv: Access-Reject packet from host 10.0.6.

hi ! to firts alan my server is 10.30.1.104 no 10.0.6.29 and when i write this: radiusd -i 10.30.1.104 -p 1812 -x -X : Thu Aug 14 17:36:15 2008 : Info: FreeRADIUS Version 2.0.5, for host x86_64-unknown-linux-gnu, built on Jul 24 2008 at 10:54:31 Thu Aug 14 17:36:15 2008 : Info: Copyright (C) 1999

Sending Access-Request of id 42 to 10.0.6.29 port 1812 User-Name = "test" User-Password = "testing123" NAS-IP-Address = 10.30.1.104 NAS-Port = 1812 rad_recv: Access-Reject packet from host 10.0.6.29 p

ect packet from host 10.0.6.29 port 1812, id=42, length=88 State = 0xb58bf2bf2470c7b33a07ab72ff21378e Message-Authenticator = 0x53f17e1045e6a2f65d3a3f48704ea2c9 ¿? could you help me -- -- Silvero Martin - List info/s

What is the certificate that I installed on the notebook?

/certs/ in the folder many licences, what is that I installed on the notebook and as set? thanks!!! -- -- Silvero Martin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

ERROR: Failed to open socket: cannot bind socket: Address already in use

]: Error binding to port for 0.0.0.0 port 1812 what is? thanks!! -- -- Silvero Martin -- -- Silvero Martin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Where to put EAP-TLS-Require-Client-Cert = Yes ?

for example mi have this problem: when I run radiusd-X -x strip me this mistake even if the PATH're ok. what is? > > > > > Tue Aug 5 11:00:31 2008 : Error: rlm_eap: SSL error error:06065064:digital > envelope routines:EVP_DecryptFinal_ex:bad decrypt > Tue Aug 5 11:00:31 2008 : Error: rlm_eap_tl

question

initializing modules it seems to me like a certificate`s password problem. take a look at server.cnf ca.cnf and clients.cnf. or read the document that came with the package how to remove all certificates and create the 3some ( :) ) of them. 2008/8/5 Martin Silvero <[EMAIL PROTECTED]>: &

Problems with FREERADIUS configurations

ng modules im need help please!! many thanks!!! -- -- Silvero Martin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: question

Hello my name is martin and I'm from Argentina. I'm trying to configure for use with FreeRADIUS eap + tls and ldap, but recently started doing this and I am wrong in the first configurations, what I did was set a cleinte which is a AP's and when I run radiusd-X -x strip me this mistake even if the

Re: HLP -> Linux client && Cisco WAP

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday 19 May 2004 19:26, Alan DeKok wrote: > open1x.org, look for "xsupplicant" Thank you very much!!! =) - -- Giuseppe A. Mangano a.k.a. SilveRo W3: http://www.silvero.net GPG Key [ID: 0x57E53252] available @ pgp.mit.e

HLP -> Linux client && Cisco WAP

ly figure out the commands from the --help) . I won't post my "radius.conf" because I left the "default" settings, except removing the comments for EAP-TLS. I am using freeradius-0.9.3-r1 (Gentoo). Thank you very much. =) - -- Giuseppe A. Mangano a.k.a. SilveRo W