Re: load balancing radius with F5 devices

nularity in terms > of how the f5 load balances incoming RADIUS requests. You would need to use application layer load balancing on the BigIPs. But I don't think that you can configure this on the BigIPs. The RADIUS protocol is stateless, so there is no criteria in the application tha

Re: Authentication

e of the author > and do not necessarily represent those of 802 Limited or any subsidiary > company of 802 Limited. This email may relate to or be sent from other > members of the 802 Group. All rights reserved. 802 Limited. Registered in > the UK. Company Number. 7962864. -- Mit freundlich

Re: differentiate authoriztion/ authentication in separate ldap modules

http://deployingradius.com/documents/protocols/compatibility.html See also the setup guide for ntlm. The first lines say: "The clear-text passwords are unavailable through Active Directory, so we have to use Samba, and the ntlm_auth helper program". http://deployingradiu

Re: Configuring the DHCP module to forward request to another Radius server.

er interface), using the > radius protocol, to get authorized, and get the IP address to respond with > to the DHCP request. You want to try the DHCP relay agent feature implemented on every "better" router or layer 3 switch. Greetins, -- Mit freundlichen Grüßen, Michael Schwart

Re: TLS-Client-Cert-Expiration date format

gt; That's a Z on the end..? Zulu time. Equals GMT. > It's certainly not seconds since epoch or Jan 01 - 1601 which is seen in > certain other operating systems. YYMMDDhhmmss"Z" -- Mit freundlichen Grüßen, Michael Schwartzkopff -- [*] sys4 AG http:

Re: SNMP support for Free Radius

agent? It executes commands, i.e. radmin, and passes the results as SNMP protocol over the net. And mrtg, cacti or all the other monitoring systems do understand SNMP very well. -- Mit freundlichen Grüßen, Michael Schwartzkopff -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64,

Re: SNMP support for Free Radius

ng SNMP support. FRv1. But you do not want to use that. -- Mit freundlichen Grüßen, Michael Schwartzkopff -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorsta

Re: inactive users can authenticate

e that, my LDAP is rusty), and leave the base_filter commented. I hope this helps, Michael On Fri, Jun 28, 2013 at 9:14 AM, Mathieu Simon wrote: > G'day all, and thanks Phil for your hints > > (Arran I'd want to leave 3.0 as an option of last resort even though it's &

Re: Service Provisioning Using AAA (FreeRadius)

o not want authentication & > Accounting BUT authorization. No. How can you authorize somebody without beeing sure who that user is. Only authentication provides that information. So you need authentication and authorization. -- Mit freundlichen Grüßen, Michael Schwartzkopff -- [*] sys4 AG h

RE: Failure authenticate using IPv6

Using global IPV6 addresses worked. Thanks for the help. Mike > -Original Message- > From: freeradius-users- > bounces+michael.sherman=exfo@lists.freeradius.org > [mailto:freeradius-users- > bounces+michael.sherman=exfo@lists.freeradius.org] On Behalf Of > Alan DeKok > Sent: Frida

RE: Failure authenticate using IPv6

> what does this do... > > client fe80::215:17ff:fed0:d278 { > secret = test > shortname = test-net > nastype = other > } > > ... ? > > alan > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html Same :( radiusd:

Failure authenticate using IPv6

HI All, I'm testing freeradius server version 2.2.0. Worked fine using IPv4. When I switched to IPv6 I got the following error: Ignoring request to authentication address :: port 1812 from unknown client fe80::215:17ff:fed0:d278 port 41189 Here is the entry from the clients.conf: client

Re: Any One-Time password system.

y with consulting ;-) Mit freundlichen Grüßen, Michael Schwartzkopff -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schif

Re: Any One-Time password system.

generator on your smartphone. See: http://sys4.de/en/blog/2013/03/16/otp-freeradius/ -- Mit freundlichen Grüßen, Michael Schwartzkopff -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorst

Re: Config for 802.1x use on network switches

Am Mittwoch, 8. Mai 2013, 12:29:44 schrieb Nikolaos Milas: > On 7/5/2013 2:37 μμ, Michael Schwartzkopff wrote: > > http://vuksan.com/linux/dot1x/802-1x-LDAP.html > > Thank you Michael for your valuable feedback, esp. the link above. > > By the way, I

Re: Config for 802.1x use on network switches

addresses of your non-802.1x devices. A customer of mine has a data base with 120.000 MAC addresses ... -- Mit freundlichen Grüßen, Michael Schwartzkopff -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht Mü

Re: Cisco av-pair for NX-OS and IOS

to RADIUS they compiled their IOS so that this AV pair does not work. I have a feature request at Cisco to improve the situation. I am really looking forward when Cisco will implement it. Greetings, -- Michael Schwartzkopff -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerst

Re: FTP Error when Radius is UP

On 2/7/2013 13:52 PM, George Innocent wrote: The Scenario: The Nodes (Routers) are authenticated by the Radius. This will then Plot accounting and statistics on another plotter application. Radius will allow FTP connection on some Nodes but not on some yet the Nodes have been configured as a g

Re: Active Directory + LDAP + groups for dynamic VLAN assignment

50044002f00960041000500040015001200090014001100080006000300 > ff01040023 State = 0x2a1689d42a17904c9b87561fac99b7b3 > Message-Authenticator = 0x0a3e365c6cd7a8ae795def8cb962360e > > > But in the final response those attributes are not there. > > Sending Access-Accept of

Re: Different BaseDN for User/Group Objects in rlm_ldap

t; rlm_ldap: performing search in ou=poeple,dc=example,dc=org, with filter > (&(cn=GROUP-NAME-FROM-USERS-FILE)(objectClass=posixGroup)(memberUid=LOGIN-US > ER)) Change the baseDN in the ldap module configuration of FR to "dc=example,dc=org". -- Dr. Michael Schwartzkopff Guardinistr. 63 81375 München Tel: (0163) 172 50 98 Fax: (089) 620 304 13- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: attribute type error

On 1/7/2013 22:48 PM, Yashaswini Sathyanarayana wrote: Hi , By default all standard attribute like user-name, user-password are of type 1 and length 1. But kineto attributes are of type 2 and length 2. So is there a way to make "RFC-2865" dictionary that is added in free

Re: Lost user

u set it up? Did you follow the accounting packets with tcpdump on the line? did you try to run your radius server in debug mode? -- Dr. Michael Schwartzkopff Guardinistr. 63 81375 München Tel: (0163) 172 50 98 Fax: (089) 620 304 13- List info/subscribe/unsubscribe? See http://www.freerad

Re: Freeradius stops. Received HUP signal.

d Debian do that by default once a day in /etc/logrotate.d/freeradius. You should be fine by replacing "/etc/init.d/freeradius reload" with "etc/init.d/freeradius restart" in that file. Disclaimer: untested by me. In my case i upgraded to a more recent version. But this if far mo

Re: Problem with freeradius + openldap for AP authentication

your 802.1x supplicant does not send a User-Password it seems that you configured some kind of EAP (802.1x) in the network authentications settings of your client (notebook). You also have a EAP-Message attribute in your Access- Request packet. And according to the protocol compatibility matrix yo

Re: FreeRadius Novice problems

thenticated users (since this is a > Wifi testing lab we need the user to be in "open" mode and Also enable > accounting) – how? No. not authenticated -> no information in RADIUS. > 3. GUI: is there a management GUI for FreeRadius and if so how do I > inst

Re: Complex eduroam radius design

central radius, taking in account that the > authentication is performed by the central radius. (I'll go for the > central one) EAP tunnel will end on the end system. Attributes from inside the tunnel can be copied to the outside RADIUS protocol. This attributes can be seen from the NAS

Re: User authorize with Perl-Script

h) can do this. -- Dr. Michael Schwartzkopff Guardinistr. 63 81375 München Tel: (0163) 172 50 98 Fax: (089) 620 304 13 signature.asc Description: This is a digitally signed message part. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius AAA running in fail over mode

d > up and running FreeRadius? Install freeradius. Nearly everything works out of the box. -- Dr. Michael Schwartzkopff Guardinistr. 63 81375 München Tel: (0163) 172 50 98 Fax: (089) 620 304 13 signature.asc Description: This is a digitally signed message part. - List info/subscribe/

Re: freeRadius against Active Directory

ave to add it on the fly from your FreeRADIUS configuration. Greetings, -- Dr. Michael Schwartzkopff Guardinistr. 63 81375 München Tel: (0163) 172 50 98 Fax: (089) 620 304 13 signature.asc Description: This is a digitally signed message part. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Cloud Radius Server

Thank you all for your input. I would be managing the Radius servers hosted by like HostGator or Rackspace or someone like that. On Thu, Sep 27, 2012 at 4:39 AM, Phil Mayers wrote: > On 09/26/2012 11:42 PM, Michael Geary wrote: > >> Good Evening, >> >> We have severa

Cloud Radius Server

Internet failed there, that no one on the separate networks would be able to authenticate. Has anyone had any experience with using a Radius server in the cloud to authenticate users? Thank you very much, -- Michael Geary GAW High-Speed Internet 72 Shaker Rd. Enfield, CT 06082 www.GAW.com <h

Re: Reporting from logs

gt; Cheers > Paulo Hi, you could use the status server to get the interesting figures: http://wiki.freeradius.org/config/Status With a simple script/cronjob you can feed these data into a RRD and generate nice graphs. Greetings, -- Dr. Michael Schwartzkopff Guardinistr. 63 81375 München

Re: Radius Config and Router

e has credentials that i have not created. > Thanks to assist According to you log you messed up your config. Please restore the users file with the help of the original file. Then add the correct entries copying the samples from the original file. Greetings, -- Dr. Michael Schwartzkopff Gu

Re: Accounting pakets on layer 2

pakets? > > Thank you! > > Andreas > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html See section "Security Settings - WPA-802.1x" or section "Security Settings - 802.1x" of the ALLNET manual. -- Dr. Michael Schwart

Re: New FreeRADIUS Deployment

backend storage. use replication scheme of the SQL database. Or use DRBD to replicate disk partitions. > 3. Any recommendations to the backup policy? Ordinary backup solution of the SQL database. -- Dr. Michael Schwartzkopff Guardinistr. 63 81375 München Tel: (0163) 172 50 98 F

RE: Radius reject the request

Pretty sure when you installed it the users file that is being used is not in your home directory. I am pretty sure that if you were to look in output.txt you would be able to see what users file is being used. Michael

RE: dalo(free)radius authentication problem

Not sure why you are posting about daloradius on a FreeRADIUS list, but a 2 second look says you have the port numbers wrong. Michael -- Michael J. Hartwick, VE3SLQ <mailto:hartw...@hartwick.com> hartw...@hartwi

Re: Auth-Type :- Reject in users file matches inner tunnel request but sends Access-Accept

was a reply item and therefore went on the second line. Thank you for your assistance. Michael -- http://michael.gorven.za.net PGP Key ID 1E016BE8 signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Auth-Type :- Reject in users file matches inner tunnel request but sends Access-Accept

ser-Name) length=9 Value: 'mgorven' ... SUCCESS Behaviour is the same with PEAP/MSCHAPv2 and TTLS/PAP. I tried setting copy_request_to_tunnel and use_tunneled_reply to yes in the PEAP and TTLS sections, but this didn't make a difference. How do I actually reject an inner tunnel request?

Re: How to configure Solaris 10 Radius Authentication client.

a directory service for Solaris. - - Michael -BEGIN PGP SIGNATURE- Version: PGP Desktop 10.0.3 (Build 1) Charset: windows-1252 wsBVAwUBT80NGZbfnpCg64TVAQHd4ggArN/0myf0kzlm1eSp+uMZuUl/s4Zi2Ua3 2nhocQZ6psuKwsDXphEkZqOeR5ZOjms8I3HiljLs8Cg6W7iE6ykF

Re: Address already in use but server is not running

yep, killing the offending process worked just fine. thanks for the help! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Address already in use but server is not running

I could if I knew how. manually sifting the output of lsof doesn't appear to include anything pertaining to that socket - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Address already in use but server is not running

I recently had to install debian 6.0 on one of my servers after a hard drive crash, and while I had freeradius running before, I can't seem to get it running now. I ran sudo apt-get install freeradius and hit enter to accept the additional packages, and I also installed dialup admin with the inten

Re: Server Starts, but rejects test user

I feel stupid now, I was editing the wrong users file... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Server Starts, but rejects test user

As requested: DeepBlue:raddb michaelaldridge$ radiusd -X FreeRADIUS Version 2.1.9, for host i386-apple-darwin10.8.0, built on Dec 9 2011 at 18:58:07 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICUL

Server Starts, but rejects test user

I set up the server with gracious help from the community, and now it starts without errors. The problem comes in trying to get the test user to work. The server simply replies with Access-Reject and awaits the next user. Here is the dump from radtest: DeepBlue:~ michaelaldridge$ radtest testin

Re: Can't start server on mac OS X

your were right, the directory didn't exist. It now loads correctly, I just have to get the server configured now in case anyone else has this problem, you have to have it writeable to the system user 'everyone' and the user that you are logged into the terminal as. - List info/subscribe/unsubsc

Re: Radius testing.

> Anybody knows a tool to test radius performance? > > Vasco's radius simulator. It runs in Wine under Linux just fine. Regards, Michael Holstein Cleveland State University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

VMPS

All, I've got a Freeradius server I'm testing for VMPS. My mac2vlan file needs to be dynamically updated. Right now I have a cron job that does that and then stops/starts Freeradius so the new mac2vlan file is read. Is there a better way to do this? Thanks much, Mike - List info/s

Certificate Validation Process

All, I have one minor issue to ask the group about. Using Freeradius to authenticate 802.1X wireless clients, I noticed that if I try to connect to the wireless network and I purposely put in a bad password I still get the popup to validate the server certificate. On the other radius impleme

RE: LDAP/MSCHAP

I wanted to say thanks to everybody from this list who has given me a hand over the past few weeks. I have successfully configured Freeradius to authenticate 802.1X wireless clients from an AD domain and assign them the appropriate VLAN tag based on AD/LDAP group membership. Many thanks to eve

LDAP/MSCHAP

All, I am really close to a successful Freeradius implementation for 802.1X wireless using LDAP authentication on the back end. Here is what I have: - RADTEST / clear text Freeradius password from "users" file / WORKS GREAT - Windows XP 802.1X PEAP/MS-CHAPv2 wi

RE: AD integration

ces+jake.sallee=umhb@lists.freeradius.org] On Behalf Of Whitlow, Michael Sent: Friday, October 28, 2011 3:18 PM To: freeradius-users@lists.freeradius.org Subject: AD integration Hello, I just got Freeradius running on Ubuntu and have successfully configured integration Active Directory

AD integration

Hello, I just got Freeradius running on Ubuntu and have successfully configured integration Active Directory using Samba and NTLM_AUTH. When I run "radtest" against Freeradius and put in AD credentials, it is successful. My next goal is to configure Freeradius to assign 802.1X VLANs f

RE:

Check your NAS' documentation. The NAS sends that to FreeRADIUS to log. Michael ------ Michael J. Hartwick, VE3SLQ hartw...@hartwick.com Hartwick Communications Consulting (519

RE: Dynamic Attributes Based on NAS Type !

It may not be pretty, but why not just sent all 3 sets of VSA's. If the NAS doesn't recognize it won't it just ignore the attribute? From: freeradius-users-bounces+hartwick=hartwick@lists.freeradius.org [mailto:freeradius-users-bounces+hartwick=hartwick@lists.freeradius.org] On Behalf O

[no subject]

http://bestserv.ae/go.php - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: LDAP Authentication bind as user issue

ry=person)(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}))" .. } Cheers, Michael Holstein Cleveland State University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Windows Pre-Login Auth

e box for "authenticate as computer account" in the wireless properties (in XP). IIRC this was introduced when they finally fixed the supplicant in sp2. The credentials come across as COMPUTERNAME$ Regards, Michael Holstein Cleveland State University > On Fri, 9 Sep 2011 09:00:32 -0500, &q

Re: Odd issue with auth-type:ldap

> Upgrade. This was fixed a long time ago. > > Thanks .. that worked. It's even referenced in the config. My google foo must have failed me searching the error to have not found that in the changelog. Cheers, Michael Holstein Cleveland State University - List info/subscri

Odd issue with auth-type:ldap

t freeradius to use that as an auth-type. TIA, Michael Holstein Cleveland State University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

can policy.conf be used to create an access control list

Hi, I am using version freeRadius 1.1.7. I am trying to create an access control list via radius, to prevent specific PC's/locations from accessing my network. Please see my policy.conf example below. My freeRadius server keeps sending an access-accept, when I try to login in from my offic

question re inner tunnel / virtual server

Hi *, i try to get a better grip in understanding the virtual server for inner eap tunnel. Please forgive if any of the following statements represents misunderstanding of concepts from my side. Which of the following statements describe the inner tunnel virtual server for EAP wrong / correct ?

no authenticate step ...

hello * i try to transfer a working configuration from an very old (1.x) freeradius version to a more recent radius version: FreeRADIUS Version 2.1.10, for host x86_64-pc-linux-gnu, built on Nov 14 2010 at 21:14:10 My problem: after authenticate against ldap and auth-type = ldap is set, no auth

Re: Strip off the domain part from the User-Name

The MSCHAPs include the given name when calculating the hashes. Stripping the domain will therefore not work. The client is using the domain\name in the hash and you're asking the server to use just the name. On 3/23/2011 15:08 PM, Thomas Wunder wrote: Hi, I'm currently trying to configure my

Re: The decoded content is not same as command in CoA

Perhaps the character value of the string for zero ('0') is 30 in hex (0x30). On 1/12/2011 23:33 PM, Xiaochen wrote: Dear all, I am using Fedora 12 + Freeradius to do some CoA tests. One is : AAA sends Disconnect request to Client. My packet.txt content is as: WiMAX-DM-Action-Code="0" Bu

Re: multiple usergroups failing; freeradius 2.1.10 + Cisco-AVPairs

Released sql socket id: 4 If I run the 3rd query manually, it does pickup VRF-TEST and QOS-PROFILE usergroups, however looking at the above groupcheck/groupreply query, it is only running it for the first instance. bug perhaps in rlm_sql_mysql? -Michael On Thu, 16 Dec 2010 11:33:46 +1100, wrot

multiple usergroups failing; freeradius 2.1.10 + Cisco-AVPairs

Hi, During a rebuild of our Radius servers from an old freeradius 1.x install to 2.1.10, we've lost ability to push multiple usergroups to our Cisco LNS: MySQL: radcheck: id UserNameAttribute op Value 9791t...@realm Password:= {clear}somepass radgrou

No NAS Port seen ?

Hello * -is the error belwo caused by fault of the NAS -or a stupid mistake of mine within setup ? rlm_radutmp: No NAS-Port seen. Cannot do anything. rlm_radumtp: WARNING: checkrad will probably not work! -other attributes are sent correctly -device is a lancom 315-agn TIA Micha - Li

Re: Re: LDAP auth success / User reject

rns for both entries before failed. I resolved the reason, It was a Bug in the LDAP Tree of customer for this site, not noticed by me before. Michael - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Re: LDAP auth success / User reject

Alan, >Use "-X". You've added an additional "-x", which makes the output harder to read. ok, understood, attached below > Thu Nov 18 11:20:52 2010 : Debug: rad_check_password: Found Auth-Type > Reject > Thu Nov 18 11:20:52 2010 : Debug: rad_check_password: Auth-Type = Reject, > reject

LDAP auth success / User reject

users DEFAULT Called-Station-Id =~ ".*:LIBRARY" , Ldap-group == "cn=city,cn=Groups,l=Stadt,dc=de,o=Organisation" thx for any hints :-) I have anonymized the ldap Attributes Michael - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Doubt - Freeradius + Ldap

"There's many a slip 'twixt the cup and the lip" I promise you'll want to kick yourself when you find the simple difference after so many messages. Many of us have the grace to go through this necessarily humbling exercise in private. On 2010-11-05 2:47 PM, Eduardo Moreira wrote: sorry, but

Re: No authenticate method (Auth-Type) configuration found

too, with success. So it has to be a problem with the radclient on the openwrt box, doesn't it? Alan DeKok schrieb: Bereos OHG Michael Spinnenhirn wrote: The remote radclient gives the following debug output: rad_recv: Access-Request packet from host 172.16.20.10 port 56195

Re: No authenticate method (Auth-Type) configuration found

-20 15:47:40') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'guest', 'guest', 'Access-Accept', 

No authenticate method (Auth-Type) configuration found

_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop expand: %{User-Name} -> guest rlm_sql (sql): sql_set_user escaped user --> 'guest' rlm_sql (sql): Reserving sql socket id: 4 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'guest' ORDER BY id WARNING: Found User-Password == "...". WARNING: Are you sure you don't mean Cleartext-Password? WARNING: See "man rlm_pap" for more information. expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'guest' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 rlm_sql (sql): User guest not found ++[sql] returns notfound ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [guest/MM\250f\375 \241Ñ?\247\007\242Ë?i\316] (from client nas01 port 2 cli 00-0C-29-00-71-20) WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> guest attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 13 to 172.16.20.10 port 42793 Waking up in 4.9 seconds. Cleaning up request 0 ID 13 with timestamp +7 Ready to process requests. Many Thanks. Michael - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: doubt regarding free-radius

gutil -a freeradius pkgutil -i freeradius # if there are problems with generating certs following worked for me cd /opt/csw/etc/raddb/certs/ date > ./random ./bootstrap radiusd -X Michael Am 29.09.2010 14:33, schrieb vijay: > Hi, >i saw your posting regarding segmentation-fa

Re: Re: radius client / send NAS IP ?

Hello Alan, sorry, my fault :-) radclient saves my day, indeed i can send any attribute / value pair i like thanks for your help Micha - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Re: radius client / send NAS IP ?

Nachricht - Subject: Re: radius client / send NAS IP ? Date: Sa 25 Sep 2010 15:01:49 CEST From: Alan DeKok To: FreeRadius users mailing list<freeradius-users@lists.freeradius.org> Michael Arndt wrote: > is there a radtest client where i can send those attribute / value pairs > i

radius client / send NAS IP ?

Hello *, at the time beeing i have to use an old radius version for different reasons. freeradius-client-1.1.5-36 freeradius-devel-1.1.6-47 freeradius-1.1.6-47 freeradius-client-devel-1.1.5-36 freeradius-client-libs-1.1.5-36 for real logins at WLAN Hot Spot the DEFAULT NAS-IP-Address == "192.1

rlm_exec: Wait=yes but no output defined

Hello *, radiusd -X in different places announces rlm_exec: Wait=yes but no output defined. Did you mean output=none? Will freeradius fall back internally to output=none without inserting this attribut / value in the config ? Or should i mandatory add output=none ? TIA Micha - List info/subsc

Re: still not working (newbie for radius)

will have two more duplicated messages besides the first one. why is that? I am really new on this. thanks for the help... --- On Sun, 9/19/10, Michael Lecuyer wrote: From: Michael Lecuyer Subject: Re: still not working (newbie for radius) To: "FreeRadius users mailing list" Date:

Re: still not working (newbie for radius)

By the looks of it you have two problems. The User-Password name 'bob' isn't matched by the response Juniper-Local-User-Name 'labrat'. Perhaps ssh cares. Your broken client sends the identical packet for the new authentication attempt when it must send a brand new packet (different id, socket

Solved: interpret check-Item and change reply-item to set VLAN

@ Phil: My problem is that the value of ldap-attribute is not correspond to the vlan name in our cisco switch at this time. LG Michael Am 13.09.2010 16:10, schrieb Alan DeKok: > Michael Bathe wrote: > >> is there any how_to or solution to interpret the ldap checkItem and >> c

interpret check-Item and change reply-item to set VLAN

user." Tunnel-Private-Group-Id:0 = "sec11" User-Name = "user" MS-MPPE-Recv-Key = 0x611ed2d5955bded1d3302045c5930fd4aad610a0b6f5aa1045ba0477f12b7eee MS-MPPE-Send-Key = 0xc38e1cad9590596e3902a46a40706ad8bde70f05bde110698b631b503c00f51b EAP-Message = 0x030a0004 Message-Authenticator = 0x Finished request 10. ... thanks and beste Gruesse Michael - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Construction of Response-Authenticator

No one here is going to do your homework for you. RFC 2865 is pretty clear on how this is calculated. A Message-Authenticator attribute in the response attributes will require more work. Perhaps you can get extra credit for figuring it out. On 2010-09-12 1:25 PM, Theresa Otte wrote: Hello,

Re: Of accounting data and security

g 8, 2010 at 10:01 PM, Michael Lecuyer <mailto:m...@iterpacis.org>> wrote: TACACS+ uses an MD5 pad based on the session ID, shared secret, TACACS+ version, and packet sequence number. This is XOR'd over the packet. The pad is in multiples of the MD5 hash length. The

Re: Of accounting data and security

TACACS+ uses an MD5 pad based on the session ID, shared secret, TACACS+ version, and packet sequence number. This is XOR'd over the packet. The pad is in multiples of the MD5 hash length. The header is sent plain text and includes the sequence number, the session ID and version number. Enco

Re: Master key and Pairwise Master Key encryption

I'm not sure it would help you to know how the Master Keys are generated or encoded - it's not simple. It's a process involving the accumulated TLS handshake messages, random number generation, various sorts of key exchanges, cryptographic hashes, and the PRF function described in the TLS RFC'

Re: speed of detail reader server

d plans to modify the reader to transmit non-serially, but so far have not had the tuits to apply to the problem. I'm not sure I would recommend the proxy solution, but if you can manage it, it may be a reasonable stop-gap. -- Michael Fowler www.shoebox.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dynamic assignment of VLANs from LDAP via freeradius to WLAN-Clients doesn't work properly

stion doesn't have anything to do with this list, did you try: copy running-config startup-config ? Greetings, -- Dr. Michael Schwartzkopff MultiNET Services GmbH Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany Tel: +49 - 89 - 45 69 11 0 Fax: +49 - 89 - 45 69 11 21 mob: +49 - 174

Re: Looking for an editor for FreeRADIUS documentation

or to check my writing. And I have some experience in artice and book writing. Perhaps with the help of all the volunteers we can finish the book. You define the structure and people contribute text. Greetings, -- Dr. Michael Schwartzkopff MultiNET Services GmbH Addresse: Bretonischer Ring 7

Re: Encrypted password with FR+LDAP+Wireless Network

The password is encoded for PAP (when a User-Password is present). Its the only authentication method that uses decodable passwords. FR is displaying it in plain text for your convenience. Inýcio Alves wrote: Good Morning to all. I would like if is possible use FR+LDAP with Use-Password encr

Re: VMPS logging

Am Montag, 3. Mai 2010 16:56:23 schrieb Alan DeKok: > Michael Schwartzkopff wrote: > > Strange. I added a line > > Access-Accept = "Accepted %{User-Name}" > > > > But I only see entries from the Access-Request part of the linelog > > module. > >

RE: R: Re: R: Re: R: rlm_ippool: No available ip addresses in pool

en it is still in use. The best solution would be to fix the NAS to send the packets or fix the network to make sure they get delivered. Michael ------ Michael J. Hartwick, VE3SLQ hartw...@hartwic

Re: VMPS logging

Am Montag, 3. Mai 2010 13:29:24 schrieb Alan DeKok: > Michael Schwartzkopff wrote: > > Am Sonntag, 2. Mai 2010 12:22:57 schrieb Jens Link: > > I also got problems logging Access-Accept details through linelog. Is it > > possible at all? > > Yes... what's going

Re: VMPS logging

ile or syslog? > > > > rlm_linelog > > Either I'm to tired or to stupid to get it up an running. Is there an > example on how to use it? > > thanks > > Jens hi, I also got problems logging Access-Accept details through linelog. Is it possible at al

freeradius-1.1.7-sol10-x86-local from sunfreeware on solaris 10 x86

s: reading clients read_config_files: reading realms radiusd: entering modules setup Segmentation Fault (core dumped) Can somebody help me, please? best regards Michael smime.p7s Description: S/MIME Cryptographic Signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: NAS-IP vs srcIP

Plenty of reasons - but one you won't have control over even in CoA is that it could be proxied. The NAS-IPAddress is used in the CoA request packet to tell the NAS which client should receive the packet. Marlon Duksa wrote: Hi everyone - Can anyone think of a reason why the NAS-IP and the s

Re: Radpostauth question

It's a one-way hash of the password. What you're seeing is the CHAP password value. Only PAP uses a reversible password. Sallai Janos wrote: Hi, Does anyone knows how I could save the CHAP password into radpostauth pass in a VISIBLE format, in mysql ? Actually I can correctly log both the su

  1   2   3   4   5   6   7   8   9   10   >