ss-point which doesn't forward
the ip-address to the radius server or the client itself which doesn't send it.
Kind regards
Stefan Puch
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
/logout. Sure I could get the ip-address from logfile of
the dhcp-server, but I would like to do it as easy as possible.
Can anyone tell me why the "Framed-IP-Address" is only shown for some clients
and what I would have to do that it is show for all clients which are connected
to local ne
y NOT connected anymore but radwho shows the
following:
# radwho -R
User-Name = "test2"
Acct-Session-Id = " 6"
NAS-IP-Address = 192.168.XX.XX
NAS-Port = 1
Service-type = Login-User
Framed-IP-Address =
Acct-Session-Time = 10255
Calling-Station-Id = "001302BE"
User-Name = "test2"
Acct-Session-Id = " 16"
NAS-IP-Address = 192.168.XX.XX
NAS-Port = 1
Service-type = Login-User
Framed-IP-Address =
Acct-Session-Time = 8170
Calling-Station-Id = "001302BE"
#
It's shows that the user is still connected...
Does anyone know how this is possible?
Best regards
Stefan Puch
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to get onto all of them (if they use EAP-TLS).
Thanks for the clarification, this is a good argument! In my case there is (and
will be) only one server with uses the CA so it makes no difference, but in many
other cases, you are right, signing with the CA is not what you really want.
Thanks a
Freeradius using EAP-TLS I always found it that way, that the ca cert signs all
other certs and by the way, the HOWTO in the freeradius Wiki (EAPTLS.pdf)
explains it that way, too ;-)
Best regards
Stefan Puch
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
@Arran Cudbard-Bell
> Write a regular expression to strip off the proceeding \
> Heres one I did earlier If I remember correctly it's to escape to
> one \ in the username ... \\ To escape it in the RegExp string, \\ to make \
> literal in the regular expression...
I'm not so familiar with
rt_cn = %{User-Name}" enabled in eap.conf
In short:
How do I specify an empty domain (realm "" {authhost = LOCAL, accthost = LOCAL}
doesn't work)?
What else do I have to configure, when the realm ntdomain is set in radiusd.conf
(I have also set ntdomain in "authorize&quo
tificate, the CA certificate or the server
certificate?
The second question is: Are there any further suggestions or do I have to make
an ethereal trace? Perhaps you can send me some test certs that should really
work, so that I can exclude the certs when debugging/analyzing the rest?
Best regards
Stefan Puch
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
used TinyCA to generate my certificates, now I will try the Makefile
provided in the source-code of freeradius. I think the extendedKeyUsage
"Microsoft Smartcard Logon" should not be set in both variants. Or do you mean
that the extendedKeyUsage "Microsoft Smartcard Logon" must be
blem and not to much work for me when providing useless
informations.
Best regards and thanks in advance
Stefan Puch
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Stefan Puch wrote:
>> Then some people came with their mobile devices which are running Windows
>> Mobile 2003, Windows Mobile 5 (WM5) or Windows Mobile6 (WM6) and the
>> problems began. The same EAP-TLS certificate which worked fine on a Windows
>> XP machine does
11 matches
Mail list logo
