Klaus,
Yes I did mean the server sending the request, not the supplicant. I
misunderstood how to handle adding additional user stores off the same
RADIUS server. I will be requiring the IP of the connecting service.
On Tue, Aug 14, 2012 at 5:43 PM, Klaus Klein wrote:
> Hi Diego,
>
Ok I've re-read the docs.
I'm going to require the client IP. It doesn't look like this know-nothing
approach will work.
Thanks Alan and Fajar.
On Tue, Aug 14, 2012 at 10:37 AM, Diego Matute wrote:
> The attributes I've mentioned are either server domain or IP address.
&
The attributes I've mentioned are either server domain or IP address.
On Tue, Aug 14, 2012 at 10:17 AM, Alan DeKok wrote:
> Diego Matute wrote:
> > "different authentication methods" I really mean different user data
> > stores and different methods like an opti
clients to connect to a
single server and be served off of different user stores.
On Tue, Aug 14, 2012 at 10:16 AM, Alan DeKok wrote:
> Diego Matute wrote:
> > The only attributes passed to the server config are related to the
> > source IP address, which is not enough information to d
client to declare their IP
address. I was hoping for a solution where the client IP is not known and
the right thing is done based on some attributes not cumbersome for a
client to supply.
On Tue, Aug 14, 2012 at 9:58 AM, Fajar A. Nugraha wrote:
> On Tue, Aug 14, 2012 at 8:40 PM, Diego Ma
s approach.
Diego
On Tue, Aug 14, 2012 at 2:52 AM, Alan DeKok wrote:
> Diego Matute wrote:
> > What is the best practice for handling incoming requests which require
> > different policies (i.e. secret keys) whereby the client IP is unknown?
>
> If the client IP is unknown, then
thoughts:
- route based on client configured DNS: SOMEPREFIX.mydomain.com
- accept all and pass other RADIUS attributes down (not preferred)
Thanks,
Diego
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Got it. Thanks.
On Wed, Jun 13, 2012 at 1:57 AM, Alan DeKok wrote:
> Diego Matute wrote:
> > What is the best practice for this? Should the Auth-Type be set in
> > /etc/raddb/users, within the module, /etc/raddb/sites-available/*?
>
> It should be set wherever you
l";
$RAD_CHECK{'Fall-Through'} = "yes";
return RLM_MODULE_OK;
}
Cheers and thanks!
Diego
On Tue, Jun 12, 2012 at 10:16 PM, Fajar A. Nugraha wrote:
> On Wed, Jun 13, 2012 at 6:01 AM, Diego Matute
> wrote:
>
> >> > 2/ How does Auth-T
help
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks for the quick response. Inline.
On Tue, Jun 12, 2012 at 10:44 AM, Alan DeKok wrote:
> Diego Matute wrote:
> > I've installed freeradius and other packages on a vanilla amazon ec2
> > instance and am trying to get the rlm_perl module working. Ultimately
> > the au
yes, that was the idea. It will be too much of a long story to explain why I
needed it to behave that way :)
> Date: Thu, 31 May 2012 19:50:33 +0100
> From: a.l.m.bu...@lboro.ac.uk
> To: freeradius-users@lists.freeradius.org
> Subject: Re: help on proxy
>
> Hi,
>
> > 1. If the server sends ac
Hello...
I am currently using freeRadius to proxy messages between a client and
server as follows:
radius client --freeRadius--radius server
The client normally send access_request messages which are proxyed to the
server. The server can either respond with access-accep
unsubscribe Magusero09= c.diegoraffae...@gmail.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
=206
Message-Authenticator = 0x789bf39c8f59de88701888fc6ed3a2f2
Service-Type = Framed-User
User-Name = "diego\000"
Framed-MTU = 1488
State = 0x734ffec0734ee45437bb08e87fc6420c
Called-Station-Id = "00-15-E9-A3-01-CE:radius"
Calling-Station-Id = "00-15-AF-9F-8D-E0"
NAS-Ide
Dear all:
i managed to install a Debian Lenny with freeradius and i would like
to use Mysql to clients and users data, because i think its better
than radius plain text files; and i would like to use a webadmin to
reporting and management too.
but, i'm confused.
my installation is "zero", i mean
Dear all:
i have installed debian, mysql server 5.0 (by aptitude install) and
freeradius-server-2.1.7 by wget and "untar -xvfz" , manually.
i have no errors on freeradius run.
i have a 3com RAS with PPP and PPPoE users, i would like to put my
debian-freeradius as a Radius for them (AAA).
Questi
Hi all
Page linked by Johnny R says:
"The photo doesn't exist anymore."
i would like to see the model
greetings
Carlos
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi all
in effect, with a simple Idpatch the problem was solved.
and about radiusd -X already running, sorry. its my first installation :)
now i have this:
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/var/run/ra
When I install the operating system, installed with the LAMP option, which
is supposed to be already installed OpenSSL. Even so, I've re-installed but
it do not work. I have to put something in radiusd.conf to search OpenSSL
libraries?
Thanks
-
List info/subscribe/unsubscribe? See http://www.freera
Hi all ...
i found:
*Author: *Salim Engin
*Date: *2009-09-17 02:46 -400
*To: *FreeRadius users mailing list
*Subject: *Re: Upgrading from 2.1.6 to 2.1.7
Just try to execute "ldconfig" and retry...
i did it, and i get something that i think is debug info...
then i did radtest and i have a respons
Hi all:
I had install Debian lenny. later, mysql, later apache and later, download
freeradius freeradius-server-2.1.7.tar.gz, untar and ./configure, make and
make install. the errors like "checking for gcc... no" was solved.
now, i tried to run famous "radiusd -x" but i have the follow error mess
-Authenticator = 0x789bf39c8f59de88701888fc6ed3a2f2
Service-Type = Framed-User
User-Name = "diego\000"
Framed-MTU = 1488
State = 0x734ffec0734ee45437bb08e87fc6420c
Called-Station-Id = "00-15-E9-A3-01-CE:radius"
Calling-Station-Id = "00-15-AF-9F-8D-E0"
NAS-Identifier = "
hi all.
I would like to apply any kind of authentication for VDSL clients. i am a
ISP.
i have a "3com Total control" wich provides dial up access to another users,
and i think i would use PPPOE in the same 3COM to auth. the other users
(VDSL) because they doesn't use a telephone line to connect t
ida por la
ciudad a traves de fibra optica.
¿Podria crear cuentas para "autenticar" mis "clientes"?
Gracias de antemano
--
= = = = =
Carlos Diego Raffaelli A.
MSN: carlosdiego...@hotmail.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
! ) :(
Me gustaria saber no el "como" lo instalaste en Debian, sino para que
lo estas usando y si estas usando un NAS.,,, una base de datos.
Gracias por tu respuesta.
PD.- Sorry for my.. SPANISH xD
--
= = = = =
Carlos Diego Raffaelli A.
MSN: carlosdiego...@hotmail.com
-
enbsd as pppoe client and i would like to
give AAA for my users.
thanks a lot.
--
Carlos Diego Raffaelli A
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
thank you very much for your answers
proves the 2
--
^^^|
|Linux band wagon|;...,___
|__===|___|__|...,]
"(@)'(@)*|(@)(@ )(@)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hello list
can someone give me a step by step manual to configure freeradius with web
interface
--
^^^|
|Linux band wagon|;...,___
|__===|___|__|...,]
"(@)'(@)*|(@)(@ )(@)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
s
responsible for the configuration of his EAP client. Best regards.
> alan
>
--
Diego Martín Capello
Administrador RedUBA
Centro de Comunicación Científica
Universidad de Buenos Aires
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
gt; point... but let's see what happens using your configuration.
I think you are using sef-signed ssl certificates in the freeradius server
and the windows XP client is trying to "validate" them; if that is right
try to configure windows xp client to not to validate them. Best r
612e6172
>> FreeRADIUS-Proxied-To = 127.0.0.1
>> User-Name = "di...@ccc.uba.ar"
>
> See? No NAS-IP-Address.
Yes, I see! And lot of thanks..
> Alan DeKok.
>
--
Diego Martín Capello
Administrador RedUBA
Centro de Comunicación Científica
Universidad de Buenos Aires
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ss}" {
case 192.168.168.11 {
ldap_ccc
}
case {
ldap_uba
}
}
Freeradius does expand the Client-IP-Address attribute, however, I would
like to know why it doesn't expand the NAS-IP-Adress attribute.
Sorry for my english and lot of thanks.
--
Diego Martín Capello
Administrador RedUBA
Centro de Comunicación Científica
Universidad de Buenos Aires
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
2007/9/19, [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
> Groups are a part of authorization so there is no conflict with any
> authentication method. You can use ldap (Ldap-Group), sql(Sql-Group),
> unix (Group) ...
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 19
2007/9/19, Alan DeKok <[EMAIL PROTECTED]>:
> Diego Woitasen wrote:
> > That entry/configuration I read the FAQ and I can't see nothing
> > interesting. The question is, radius uses nsswitch to check group
> > membership using PAM authenticacion?
>
> Q:
2007/9/19, Alan DeKok <[EMAIL PROTECTED]>:
> Diego Woitasen wrote:
> ...
> > That doesn't work.
>
> And what do you mean by that?
>
> See the FAQ.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users
27;t
user the rlm_ldap now, we are in transition).
What am I missing?
regards,
diegows
--
---
Diego Woitasen
---
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
)
rad_recv: Access-Request packet from host 10.0.0.72:1645, id=8, length=76
Why the password is garbage? What am I missing?
regards,
diegows
--
---
Diego Woitasen
---
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
8
Processing the authorize section of radiusd.conf
Diego Torto
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I'm authing about 60 3com 4400 switch with mysql. Everithing goes ok until
the switch sends a
particular request to the server. This is the request:
rad_recv: Access-Request packet from host 10.10.0.219:2049, id=57, length=87
User-Name = "a3Com"
User-Password = "a3Com"
ers? Or was it thought to make only one part
of the users' creation?
Sorry for my english.
Thanks in advance,
-- Diego
-- Forwarded Message --
Subject: NT domain names and SQL authentication
Date: Monday 11 April 2005 22:59
From: "Diego M. Vadell&q
Thank you Jim! Interesting thread. Although it doesnt enterely solves my
problem, I think Im getting near.
-- Diego.
On Monday 11 April 2005 23:34, Jim Seymour wrote:
> "Diego M. Vadell" <[EMAIL PROTECTED]> wrote:
> > Hi,
> > I've been fighting my ign
: Failed to validate the user.
Login incorrect: [DOMAIN\\username] (from client localhost port 0)
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
And thus ends.
So, my question is: should I set an NT-Password attribute in the users file?
Thanks,
-- Diego.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
I'm using eap/ttls with md5 to authenticate a Windows XP client (secureW2),
but I have a problem with configuration.
I've uncommented tls and ttls modules.
In eap.conf, in the ttls module i type : default_eap_type := md5
In users :
"test" Auth-Type := Local, User-Password == "mypassword"
b
Hello,
I'm doing test with eap-tls beetween a WinXP Client and a Linux server. When I type
'radiusd -X -A' everything seems to be ok, and the client receives an EAP-Success. I
have uncommented in radiusd.conf all the istructions about 'logging' but I have not a
detailed log of all accounting rec
Hello:
In a EAP/TTLS request i have the next error:
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/ttls
rlm_eap: processing type tls
./radiusd: error while loading shared libraries:
/usr/local/lib/rlm_eap_tls-1.0.0-pre0.so: undefined
symbol: SS
46 matches
Mail list logo
