On Fri, Mar 26, 2010 at 12:54 PM, Alan Buxey wrote:
> only if you break or play with the config. you shouldnt need to proxy the
> inner-tunnel mschapv2 anywehere - the default server doesnt so you've edited
> the default config.
Which is what I did. Thanks for pointing that out
I'll begin agai
ves for there error
messages, without much success.
In pre-2.x.x versions of freeradius peap-mschapv2 is handled cleanly
and linearly, is there really the need to proxy the inner mschapv2
auth?
Am I doing something wrong? Most probably yes. Am I doing something
silly? Most probably yes
ion channel. as well as the
> automatic assignment/discovery of AAA end point systems.
seems interesting
bye!
Inverse
--
"In a sea of glass shards, I hear you screaming"
--icchan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Feb 18, 2008 11:12 AM, Alan DeKok <[EMAIL PROTECTED]> wrote:
> Yes.
thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
really the inter-university networks).
I would assume that EAP-TLS is highly safe from this point of view, am I right?
Bye
Inverse
--
"In a sea of glass shards, I hear you screaming"
--icchan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Jan 14, 2008 9:15 AM, Marinko Tarlac <[EMAIL PROTECTED]> wrote:
> Hi
>
> We have FreeRadius 1.1.4 and Mikrotik (as a NAS) with MySql as a database.
> Accounting works fine for all users except for one user. Authentication
> works fine and NAS sends updates as I specify for all users and I can't
On 9/18/07, Massimiliano Macrì <[EMAIL PROTECTED]> wrote:
> I'm trying to close the connection of a pre-paid mobile user, after he
> reached a limited amount of traffic (ie. 100 megabytes), the network
> device is a Cisco router.
> I've found may way to rate-limit the traffic bandwidth but not on
and make sure to use check_crl = yes in eap.conf
On 9/18/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Revoke the certificate.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
most probably, radius.conf and the users file are no longer compatible.
You must rebuild them manually.
There error is probably in the users file:
auth: type ""
ERROR: Unknown value specified for Auth-Type. Cannot perform requested
Also look at eap.conf, tls section.
On 9/14/07, mallika <[E
On 9/13/07, mallika <[EMAIL PROTECTED]> wrote:
>
> Thank you very much for your reply.Which freeradius server version will
> support this facility.Because we are implenting it in our product.We are
> using CENT OS -kernel 2.4.20 .Is there any patches are available to upgrade
> freeradius.please he
hi
> rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=194, length=20
>
you should also post the output of radius -X , the relevant contents
of radius.conf, clients.conf, huntgroups and the users file.
without these, it's very difficult to tell anything
-
List info/subscribe/unsubscri
On 7/27/07, Phil Mayers <[EMAIL PROTECTED]> wrote:
> DEFAULT
> Ldap-UserDn = `cn=%{User-Name},ou=whatever,...`
>
> Note that the DN need not be "real"
Hi Phil,
lol, I browsed the source too and I was gonna recompile it to exclude
the hardcoded uid search.
Clearly that would have been use
coded somewhere. Forgive my suckage.
T_T
Bye,
Inverse
On 7/26/07, inverse <[EMAIL PROTECTED]> wrote:
> > >
> > > users file line:
> > > [EMAIL PROTECTED] Auth-Type := EAP, User-Password == "a", Ldap-Group ==
> > > "wifi"
> >
>
> >
> > users file line:
> > [EMAIL PROTECTED] Auth-Type := EAP, User-Password == "a", Ldap-Group ==
> > "wifi"
>
> Totally wrong. You want:
>
> [EMAIL PROTECTED] Cleartext-Password := "a", Ldap-Group == "wifi"
>
Tha
in group wifi.
That's what happens in my production environment. john'doe's login
fails because the first useless search fails.
I know I'm doing something horribly wrong, and I can't find out what's
my major malfunction.
Help!
rlm_ldap: ldap_release_conn: Release Id: 0
users: Matched entry [EMAIL PROTECTED] at line 32
Bye,
Inverse.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 7/25/07, Josh Howlett <[EMAIL PROTECTED]> wrote:
> I usually find it simplest to use tcpdump on the RADIUS server, although
> I've used Wireshark in the past on Windows supplicants.
then there's the NDIS interface problem. Most windows drivers have
problems at capturing in promisc and none will
*.it"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 0 length 31
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 122
users: Matched entry DEFAULT at line 159
modcall[authorize]: module "files" returns ok for request 0
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns updated) for request 0
Found Autz-Type LDAP
Processing the authorize section of radiusd.conf
modcall: entering group LDAP for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for [EMAIL PROTECTED]
radius_xlat: '([EMAIL PROTECTED])'
radius_xlat: 'dc=*,dc=it'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap.**.it:636, authentication 0
rlm_ldap: setting TLS mode to 1
rlm_ldap: setting TLS CACert File to /usr/local/etc/raddb/certs/crl/root.pem
rlm_ldap: bind as cn=,ou=servizi,dc=**,dc=it/***
to ldap.**.it:636
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=**,dc=it, with filter
([EMAIL PROTECTED])
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 0
modcall: leaving group LDAP (returns notfound) for request 0
rad_check_password: Found Auth-Type Reject
rad_check_password: Auth-Type = Reject, rejecting user
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 0 to * port 32802
Reply-Message = "Access Denied"
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 469b4247
Nothing to do. Sleeping until we see a request.
PS
Thanks in advance for your help
Bye,
Inverse
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 7/6/07, Alan DeKok <[EMAIL PROTECTED]> wrote:
> Roy Walker wrote:
> I've spent a fair amount of time looking into proper HUP handling. It
> turns out *no one* does it well. Almost all daemons simply restart.
>
> Alan DeKok.
talking again about it..
as you already know, my problem is CRL r
is not the case.
Personally I like sshfs much more than nfs, but it's prone to similar
problems as those above.
So I won't use it.
bye,
inverse
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 6/29/07, Alan DeKok <[EMAIL PROTECTED]> wrote:
> > Accounting start on the fisrt back-end server and the accounting stop
> > on the second backend server.
> > is this a bug or a problem of configuration ?
>
> It's the way load balancing works. It's documented as working this
> way. Requests
On 6/27/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> thing you would need to do there is to add the switch into clients.conf.
and set a secret, and set that secret in the switch too.
Then he might post a tcpdump capture of the conversation, with the
options -vv -s 65535 -X to say one
-
L
On 6/15/07, Francesco Cristofori <[EMAIL PROTECTED]> wrote:
> I'm going to upgrade freeradius from v.1.0.0 to v.1.1.6 and I noticed that
> the database structure has changed.
> Are there any tools to quickly migrate the db?
>
having noticed a few changes myself, I just edited the sql.conf's to
fi
On 6/12/07, Mahalakshmi Vijayakumar <[EMAIL PROTECTED]> wrote:
> Hi,
> i downloaded freeradius-1.0.2 and installed it when i give the cmd
> radiusd -X, i get the foll,
this version is incredibly old, you should download and compile version 1.1.6
-
List info/subscribe/unsubscribe? See http:/
On 6/12/07, Andrew Long <[EMAIL PROTECTED]> wrote:
>
> I am getting slow response time from the server for authentication requests
> (chap/mschap) that eventually fail (users submitting wrong password). The
> problem is that the NAS is sending about 3 requests before getting a
> response. By the
> In our case, using freeradius 1.1.6, if I HUP the radiusd process it
> crashes/stops. Running 'radiusd -X', the tail part shows:
> Mon May 14 13:38:54 2007 : Error: rlm_eap_tls: Error reading certificate
> file
on HUP the radiusd process probably tries to switch to a non-root
user. That might t
On 5/10/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
anoop, please fix your quoting.
Configurations are not interchangeable between the snapshot tree,
1.1.5 and 1.1.6
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> Can we use kill -HUP pid in the latest version or is it still not stable?
from my observations: it somehow works, but the next EAP-TLS
conversation causes a segfault. In short, no.
Read the past recent threads, there are suggestions for alternatives
-
List info/subscribe/unsubscribe? See http:
On 5/5/07, Matt Neumark <[EMAIL PROTECTED]> wrote:
> I have a radius server and it works great for days upon days then all of a
> sudden it stops authenticating users…
>
>
>
> Sat May 5 00:17:07 2007 : Error: rlm_sql_mysql: Couldn't connect socket to
> MySQL server [EMAIL PROTECTED]:freeradius
>
> I am using freeradius-1.1.4 with PEAP-MSCHAPV2. Each session starting from
> Access-Request till Access-Accept it takes more than 250ms to complete. Is
are you doing it against an LDAP server?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>The build goes without a hitch, but when running the new version and
> using the existing configuration files I get the following (relevant
> output from 'radiusd -X'):
the problem IMHO is in using the existing configuration: I had similar
issues until I ported mine to the new configuration f
On 4/20/07, Fiederling, Daniel <[EMAIL PROTECTED]> wrote:
> Hello,
>
> this week I updated to freeradius 1.1.6. We use eap/tls with a crl from a
> Microsoft CA, which is downloaded and converted by a shell script every hour
> or has to be updated manually. If it changes, I have to reload the serve
> Anybody got an idea on how the entry in the users-file has to look like
something like
DEFAULT Auth-Type := Eap, User-Password == "blah"
with deafult eap type set to md5.
I've yet to try it tho, may you report back if it works?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/
> > Maybe we can add features that prevent the need for the HUP, and then
> > remove support for HUP. That would be best, I think.
>
> Do you have in mind a favorite technique for signaling daemons that
> the config files have changed? HUP is a common way to do it, but I'm
> sure there are othe
t;
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "root"
main: group = "root"
main: checkrad = "/usr/local/sbin/checkrad"
main: debug_level = 2
main: proxy_requests = no
log: syslog_facility = "daemon"
proxy server: retry_delay = 5
proxy server: retry_count = 3
proxy server: default_fallback = yes
proxy server: dead_time = 120
proxy server: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = yes
rlm_sql (sql): Closing sqlsocket 19
rlm_sql (sql): Closing sqlsocket 18
rlm_sql (sql): Closing sqlsocket 17
rlm_sql (sql): Closing sqlsocket 16
rlm_sql (sql): Closing sqlsocket 15
rlm_sql (sql): Closing sqlsocket 14
rlm_sql (sql): Closing sqlsocket 13
rlm_sql (sql): Closing sqlsocket 12
rlm_sql (sql): Closing sqlsocket 11
rlm_sql (sql): Closing sqlsocket 10
rlm_sql (sql): Closing sqlsocket 9
rlm_sql (sql): Closing sqlsocket 8
rlm_sql (sql): Closing sqlsocket 7
rlm_sql (sql): Closing sqlsocket 6
rlm_sql (sql): Closing sqlsocket 5
rlm_sql (sql): Closing sqlsocket 4
rlm_sql (sql): Closing sqlsocket 3
rlm_sql (sql): Closing sqlsocket 2
rlm_sql (sql): Closing sqlsocket 1
rlm_sql (sql): Closing sqlsocket 0
main: port = 1812
listen: type = "auth"
listen: ipaddr = *
listen: port = 0
listen: type = "acct"
listen: ipaddr = *
listen: port = 0
client 127.0.0.1: secret = "testing123"
client 127.0.0.1: shortname = "localhost"
client 127.0.0.1: nastype = "other"
***REMOVED REMAINDER OF CONFIGURED NAS / SECRETS***
[1]+ Segmentation fault radiusd -X
[EMAIL PROTECTED] freeradius-server-snapshot-20070410]# radiusd -v
radiusd: FreeRADIUS Version 2.0.0-pre0, for host i686-pc-linux-gnu,
built on Apr 10 2007 at 11:00:16
Copyright (C) 2000-2003 The FreeRADIUS server project.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.
Thanks in advance for your help/comments/insults for being Cpt. Obvious,
Inverse
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
34 matches
Mail list logo
