On 10/18/2013 11:00 AM, Alan DeKok wrote:
Bertalan Voros wrote:
I have one question, I would like to log a message in radius.log when a
device is rejected based on its mac address.
I would like to put a message saying that the device was unauthorised
and the Calling-Station-Id into the
Can someone tell me if it is possible in FR to cache in memory (for a short
amount of time) Calling-Station-Id from successful machine authentications so
that subsequent user authentications can test whether the user is connecting
from an authorized device? This is a feature that is available
Using EAP? use the EAP cache and populate the entry with whatever is needed.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Fri, Oct 04, 2013 at 09:54:29AM -0400, Garber, Neal wrote:
Can someone tell me if it is possible in FR to cache in memory
(for a short amount of time) Calling-Station-Id from successful
rlm_cache ?
http://wiki.freeradius.org/modules/Rlm_cache
Matthew
--
Matthew Newton, Ph.D.
Garber, Neal wrote:
Can someone tell me if it is possible in FR to cache in memory (for a
short amount of time) Calling-Station-Id from successful machine
authentications so that subsequent user authentications can test whether
the user is connecting from an authorized device? This is a
I'm trying to do what might be an odd configuration.
I'm attempting to digest auth users without caring about their User-name
attribute.
So in other words I want to auth on the Digest-User-Name = testuser
that comes in as part of the Digest-Attributes and a password.
So in the users file I have
-Attributes and a password.
You should be able to do that.
So in the users file I have DEFAULT Cleartext-password :=
password
That will allow ANY user to authenticate using ANY authentication
method, and with that password.
I created a partial digest file but it appears to be ignored
authentication question
Dear, I'm advancing in the Freeradius + AD authenticationjust a
short question: when I want to make the eapol_test tool, I get this
error:
# make eapol_test
/usr/bin/ld: cannot find -lnl
collect2: error: ld returned 1 exit status
make: *** [eapol_test] Error 1
I've
=diamond.ac...@lists.freeradius.org] On Behalf Of
Roberto Carna
Sent: 25 September 2013 14:27
To: FreeRadius users mailing list
Subject: Re: Active Directory authentication question
Dear Stephan, just the last question pleasein your guide you say:
In /etc/raddb/eap.conf, change the ttls
=diamond.ac...@lists.freeradius.org] On Behalf Of
Roberto Carna
Sent: 25 September 2013 14:27
To: FreeRadius users mailing list
Subject: Re: Active Directory authentication question
Dear Stephan, just the last question pleasein your guide you say:
In /etc/raddb/eap.conf, change the ttls
Because your EAP-TLS process works? Remember, you set up EAP-TLS first (which
worked).
You just configured EAP-TTLS with EAP-MSCHAPv2 as an additional authentication
method. Since the default_eap_type is set to ttls, your server *prefers* using
EAP-TTLS with EAP-MSCHAPv2, but it still
But in the EAP-TLS section from eap.conf file, I don't see any
reference to MSCHAPv2and remember the NTLM authentication query is
set up in the MSCHAPv2 module
2013/9/25 stefan.pae...@diamond.ac.uk:
Because your EAP-TLS process works? Remember, you set up EAP-TLS first (which
worked
Well. There's no such thing as EAP-TLS/MSCHAPv2 . So I'd guess that your
Android device is just doing PEAPv0/EAP-MSCHAPv2 or such and your config allows
it to. If you ran in full debug mode when connecting with the Android device
you'd see exactly what's happening
alan
-
List
But in the EAP-TLS section from eap.conf file, I don't see any
reference to MSCHAPv2and remember the NTLM authentication query is
set up in the MSCHAPv2 module
EAP-TLS does not use MSCHAPv2. It uses certificates.
I quote Alan DeKok's response to your question on September 18:
Dear
(and user info in general) in the users file is
important for windows authentication. strangely enough, it doesn't seem
to matter for a linux dialup, though.
thanks to everyone for the help!
regards, paul
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dear, I'm advancing in the Freeradius + AD authenticationjust a
short question: when I want to make the eapol_test tool, I get this
error:
# make eapol_test
/usr/bin/ld: cannot find -lnl
collect2: error: ld returned 1 exit status
make: *** [eapol_test] Error 1
I've followed all the steps
paul trader wrote:
hi phil - thanks for the advice, i figured out that placement of the
$INCLUDE statement (and user info in general) in the users file is
important for windows authentication. strangely enough, it doesn't seem
to matter for a linux dialup, though.
That is a *terrible
Roberto Carna wrote:
Dear, I'm advancing in the Freeradius + AD authenticationjust a
short question: when I want to make the eapol_test tool, I get this
error:
# make eapol_test
/usr/bin/ld: cannot find -lnl
collect2: error: ld returned 1 exit status
make: *** [eapol_test] Error 1
On 09/24/2013 10:16 AM, Roberto Carna wrote:
Dear, I'm advancing in the Freeradius + AD authenticationjust a
short question: when I want to make the eapol_test tool, I get this
error:
# make eapol_test
/usr/bin/ld: cannot find -lnl
collect2: error: ld returned 1 exit status
make
...@lists.freeradius.org] On Behalf Of
Roberto Carna
Sent: 24 September 2013 15:17
To: FreeRadius users mailing list
Subject: Re: Active Directory authentication question
Dear, I'm advancing in the Freeradius + AD authenticationjust a
short question: when I want to make the eapol_test tool, I get
On Tue, 24 Sep 2013 at 10:36, Alan DeKok opined:
AD: It also contradicts your previous messages. You claimed you put the
AD:users file entry at line one of the file. But now you talk about a
AD:$INCLUDE statement.
AD:
AD: So... which is it?
hi alan - well, i did both. at first the
Or ask your distribution provider why they still provide wpa_supplicant package
without eapol_test tool ;)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
paul trader wrote:
hi alan - well, i did both. at first the $INCLUDE was put at the bottom
of the users file, and there was 1 entry in the included file, at line 1.
Why do you have a $INCLUDE? You did NOT mention it in your other posts.
The help here presumes that you accurately
in
asterisk the freeradius authentication doesn't work. Even I don't get any
request from asterisk server in radius logs.
My sip.conf configuration is :
[1000]
type=friend
context=test
auth_type=radius
host=dynamic
and user credentials are placed in /usr/local/etc/raddb/users as:
1000 Cleartext
On 23 Sep 2013, at 11:27, Husnain Taseer husnain.tas...@gmail.com wrote:
Even I don't get any request from asterisk server in radius logs.
You're looking at the wrong layer for the problem.
Fire up tcpdump. Do you see any radius traffic leaving the asterisk box? Does
it reach the RADIUS
In tcpdump asterisk not sending request to the freeradius can u tell after
configuring freeradius what configurations are needed to be done in
asterisk.
Regards,
Husnain Taseer
On Mon, Sep 23, 2013 at 4:11 PM, Adam Bishop adam.bis...@ja.net wrote:
On 23 Sep 2013, at 11:27, Husnain Taseer
Dear,
I wonder if the Freeradius to authenticate a client by IP number, without
using login and password, only the IP. If possible, how to do?
thank you
---
Marcelo
-
List info/subscribe/unsubscribe? See
On 23/9/2013 3:14 μμ, Free-Radius wrote:
I wonder if the Freeradius to authenticate a client by IP number,
without using login and password, only the IP. If possible, how to do?
You can authenticate a client based on MAC Address. See
http://wiki.freeradius.org/guide/Mac-Auth for various
Just also beware that the MAC and be spoofed also with lots of programs :)
On 23 September 2013 at 13:46 Nikolaos Milas nmi...@noa.gr wrote:
On 23/9/2013 3:14 μμ, Free-Radius wrote:
I wonder if the Freeradius to authenticate a client by IP number,
without using login and password, only
Husnain Taseer wrote:
In tcpdump asterisk not sending request to the freeradius can u tell
after configuring freeradius what configurations are needed to be done
in asterisk.
You were told to ask this question on the asterisk mailing list.
We are not asterisk, and we know nothing about
Am Montag, 23. September 2013, 13:53:14 schrieb ken.farrington:
Just also beware that the MAC and be spoofed also with lots of programs :)
Yes: ip link dev ... set addr ...
On 23 September 2013 at 13:46 Nikolaos Milas nmi...@noa.gr wrote:
On 23/9/2013 3:14 μμ, Free-Radius wrote:
I
On Mon, 23 Sep 2013 at 13:31, John Dennis opined:
JD:You still haven't sent the full debug.
hi john - thanks for your reply. i sent the output from running radiusd
-X, are you saying i need to run -Xxx and send that instead?
or are you looking for the startup output as well? i only included
On 23/09/13 17:33, paul trader wrote:
am i doing something glaringly wrong, or just going plain crazy?
It's difficult to say, because the debug you sent has all the useful
bits trimmed out - like the original packet, and the full module
processing chain.
Send a full debug, and odds are
On 09/23/2013 01:19 PM, paul trader wrote:
eOn Mon, 23 Sep 2013 at 17:52, Phil Mayers opined:
PM:It's difficult to say, because the debug you sent has all the useful
PM:bits trimmed out - like the original packet, and the full module
PM:processing chain.
You still haven't sent the full
hi all - i've recently tried upgrading from v1 to v2. on a centos 6.4 box
w/ all latest updates, i installed freeradius v2, added one username and
password to /etc/raddb/users:
test Cleartext-Password := testing
and the radtest command-line authentication works. i then added one
client
DEFAULT at line 172
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No known good password found for the user.
Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting
the user
Hi,
I am facing some issues with 802.1x EAP-TLS Authentication.
Please suggest any document which can help in better understanding on TLS
Authentication.
Thanks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 09/23/2013 02:07 PM, paul trader wrote:
On Mon, 23 Sep 2013 at 13:31, John Dennis opined:
JD:You still haven't sent the full debug.
hi john - thanks for your reply. i sent the output from running radiusd
-X, are you saying i need to run -Xxx and send that instead?
No. It means all
paul trader wrote:
i used a default v2 install and only changed the users and clients.conf
files. everything else was left alone.
Well, there's no magic. If the users file entry doesn't match, it's
because the User-Name isn't test.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
the authentication request shows the username to be test and there's
clearly a user named test in the users file. every place in the debug
output where it lists the username it's test. there doesn't seem to be
any domain prepended to it.
when starting the server, the debug output shows the file
On 23/09/2013 18:19, paul trader wrote:
hi phil - ok, here's the full debug for a successful request:
[files] users: Matched entry test at line 1
Versus
and here's the full output of a failed request:
[files] users: Matched entry DEFAULT at line 172
The two request look very similar,
--Please suggest any document which can help in better understanding on
TLS Authentication.
Arvind, I also faced the same issue at beginning , but I would suggest to
read Freeradius own documentation. That is probably the best.
On Mon, Sep 23, 2013 at 7:45 PM, arvind132 . arvind...@gmail.com
What I mean is that EAP-TLS is easier to me than AD authentication at
this point, because I've just put it to work...and if I want to use AD
auth I have to take EAP-TLS out and start again with NTLM / AD
authenticationis it OK ???
Roberto, you don't have to remove EAP-TLS to support NTLM
Thanks Stepahn for all your important help.
Regards,
Roberto
2013/9/19 stefan.pae...@diamond.ac.uk:
What I mean is that EAP-TLS is easier to me than AD authentication at
this point, because I've just put it to work...and if I want to use AD
auth I have to take EAP-TLS out and start again
Dear, I have several Windows 7 clients over WiFi autheticating throug
EAP-TLS to a Freeradius 2.1 service against a local MySQL database, it
works OK.
Now I have to change the authentication from MySQL to a remote Active
Directory on a Windows 2012 server.
Because I don't know so much about
the authentication from MySQL to a remote Active
Directory on a Windows 2012 server.
FreeRADIUS is an authentication server. MySQL is not. It's a database.
Using the correct terminology menas it's easier to come up with a
solution. Using the wrong terminology means you're lost, and you can't
find
they are checked
against MySQL database (because I see the query in debug mode). Is
this correct or not ???
And finally, if I use EAP-TLS with X.509 certificates, do you mean I
don't need to use the authentication against the active directory
database ??? Maybe this is easier to me because I've put EAP-TLS
on fields in the
cert presented, but it can't be used to store X.509 certificate data.
And finally, if I use EAP-TLS with X.509 certificates, do you mean I
don't need to use the authentication against the active directory
database ??? Maybe this is easier to me because I've put EAP-TLS to
work
authentication at
this point, because I've just put it to work...and if I want to use AD
auth I have to take EAP-TLS out and start again with NTLM / AD
authenticationis it OK ???
I think you have a misconception. The client decides what type of
authentication mechanism it's going to use
Arran, I have a private CA and I've created the server and client
certs of course...and I've generated the .p12 cert (includind the CA
cert) to install in my Windows 7 clientsit works OK.
What I mean is that EAP-TLS is easier to me than AD authentication at
this point, because I've just put
user information.
They don't authenticate users.
FreeRADIUS is an authentication server. Where necessary, it pulls
user information from a database. It also returns user profiles to a
WiFI AP. e.g. VLAN, etc.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
Hello Alan,
Hachmer, Tobias wrote:
- Rewrite DN?
You can rewrite the DN. That's why it's editable, as the LDAP-UserDn
attribute.
How can I do this and how magic could I rewrite the DN?
The local ldap DIT and the AD DIT are totally different (different OU
structure). It is much more
On 4 Sep 2013, at 06:54, Hachmer, Tobias tobias.hach...@stadt-frankfurt.de
wrote:
Hello Alan,
Hachmer, Tobias wrote:
- Rewrite DN?
You can rewrite the DN. That's why it's editable, as the LDAP-UserDn
attribute.
How can I do this and how magic could I rewrite the DN?
The local
How can I do this and how magic could I rewrite the DN?
The local ldap DIT and the AD DIT are totally different (different OU
structure). It is much more than rewrite the base DN.
When there's no way to determine the DN in AD DIT again I think I can
achieve this more easy using ntlm_auth
On 4 Sep 2013, at 13:10, Hachmer, Tobias tobias.hach...@stadt-frankfurt.de
wrote:
How can I do this and how magic could I rewrite the DN?
The local ldap DIT and the AD DIT are totally different (different OU
structure). It is much more than rewrite the base DN.
When there's no way to
responsibility) for User
Authentication.
I have set up an OpenLDAP Master/ Slave construct (syncrepl) for RADIUS
authorization and (fallback) authentication, like:
LDAP Master
(Apr 29 2013 07:47:08)
Here we use Microsoft Active Directory (not in our responsibility) for User
Authentication. I have set up an OpenLDAP Master/ Slave construct
(syncrepl) for RADIUS authorization and (fallback) authentication, like:
LDAP Master
As far as I know it is not possible to use a ldap module to authenticate
agains AD. See this page for protocol compatibility:
Thank you for the answer. But it is possible using simple bind via ldap.
But that's not my problem.
Regards,
Tobias Hachmer
-
List info/subscribe/unsubscribe?
Hachmer, Tobias wrote:
- Rewrite DN?
You can rewrite the DN. That's why it's editable, as the LDAP-UserDn
attribute.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi!
i am kindly asking for help or pointing right way to solve this problem.
Right now we are using LDAP for authentication to IBM products. Last thing
we try to do is use Freeradius on same LDAP schema for wireless purposes
(Cisco network). We didn't have problems with basic authentication
Thank You for reply Alan.
I have working eap-tls for my staff and
Dnia 5 sierpnia 2013 21:52 a.l.m.bu...@lboro.ac.uk napisał(a):
Hi,
gt; In that situation i need to have active, both sql and ldap, authorization
gt; modules in inner-tunnel. So users, who should identify by login/pass in
gt; guest
On 5 Aug 2013, at 08:20, rajeev sr rajee...@gmail.com wrote:
Hello,
I am trying to run the radtest on local machine which is CentOS 6.0. But am
getting the following error while sending the Access Request message from
client which is another machine.
The user name is defined in
Hi,
User-Password = \334a\004\305\355x\321\332G\306\362b\226~\355+
that lineand the following in the debug:
Fri Aug 2 16:45:38 2013 : Debug: WARNING: Unprintable characters in the
password. Double-check the shared secret on the server and the NAS!
are quite clear.
On Mon, Aug 05, 2013 at 12:50:20PM +0530, rajeev sr wrote:
I am trying to run the radtest on local machine which is CentOS 6.0. But am
getting the following error while sending the Access Request message from
client which is another machine.
The user name is defined in users file under
; two groups of users. One group for local staff based on eap-tls, second
gt; group to others based on OpenLdap authentication. My AP's have 2 SSID's
gt; broadcasting. One for the staff, second for others. Is there a
gt; possibility, to use one radius server to handle this scenario?
Yes. Just update
Hi,
In that situation i need to have active, both sql and ldap, authorization
modules in inner-tunnel. So users, who should identify by login/pass in
guest SSID, can be authenticate via inner-tunnel ldap module. I don't want
this.
use whatever you want to use. what do you use
dear guest, i have problem in eap-sim authentication.
I'm using freeradius 2.2.0, blackberry 9220
here my simtripletsdat. file
1510012660372465,AF6876E748BD46bf853A99DC2032F0A7,95762655,449177635B92bc00
1510012660372465,A1A9AC744E8D49819D27A79B067BCA69,257b31c6,64ff9467DEa1e400
I currently have two auth types (NTLM_AUTH and PAM) in my default site
configuration (using FreeRadius version 2.1.12) - although I would like to
achieve the following:
If the user authenticates against to radius server and fails NTLM_AUTH, the
request will then be authenticated against PAM and
Hi,
If the user authenticates against to radius server and fails NTLM_AUTH,
the request will then be authenticated against PAM and if it still fails
it will be rejected.
use a bit of the unlang construct with the failover method.
http://wiki.freeradius.org/config/Fail%20over
so,
Hi.
I'm new with FreeRadius. I would like to use FreeRadius to authenticate two
groups of users. One group for local staff based on eap-tls, second group to
others based on OpenLdap authentication. My AP's have 2 SSID's broadcasting.
One for the staff, second for others
Marcin wrote:
I'm new with FreeRadius. I would like to use FreeRadius to authenticate
two groups of users. One group for local staff based on eap-tls, second
group to others based on OpenLdap authentication. My AP's have 2 SSID's
broadcasting. One for the staff, second for others
. One group for local staff based on eap-tls, second
gt; group to others based on OpenLdap authentication. My AP's have 2 SSID's
gt; broadcasting. One for the staff, second for others. Is there a
gt; possibility, to use one radius server to handle this scenario?
Yes. Just update the SQL queries
by
deployingradius.comyou can in authenticate computer
accounts. - It required me to tweak the LDAP default config for group-based
authorization, but In case this is what you
are looking for, ping back and I can show you LDAP filters i use.
If you are only into authentication, most likely the public pages will
already
] Creating challenge hash with username: tekan
[mschap] Client is using MS-CHAPv2 for tekan, we need NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
(where tekan is my username)
Thanks for all the help.
David
Here
Tekán Dávid wrote:
Don't want to store cleartext password, so i created for every user an
NT-Password as well beyond the MD5-Password, and it appears in the sql
database as well (also checked the queries when it queries the
rad_check table, it's there in the response as well).
You need to
configuration in clients.conf.
Client fd00:1:1:1::/63{
secret=mykey
}
But it throws the below error when I ran the radius in
debug mode
Ignoring request to authentication address :: port 1812 from unknown client
fd00:1:1:1
Hi,
sorry, I am completely new to Radius …
I want to change a FreeRadius server to authenticate a few hosts by their
hostnames.
The hostnames would be stored in a config file.
How could I do this?
This is the authentication request:
rad_recv: Access-Request packet from host 10.10.10.21 port
Stefan Sticht wrote:
I want to change a FreeRadius server to authenticate a few hosts by their
hostnames.
The hostnames would be stored in a config file.
That's not how RADIUS works.
How could I do this?
You can't.
This is the authentication request:
...
EAP-Message
Yes it does.
We found the solution by creating a rule that maps all the BSSID related
to some SSID and then we do a specific filter to LDAP, so we did it for
every SSID.
Thanks for the help!
Atenciosamente,
Gustavo Vieira Oliveira
GETIC - Gerência de Tecnologia da Informação
SUSERV -
Hi All,
i am new about FreeRadius. I am moving from Cisco ACS Tacacs to FreeRadius.
During LDAP configuration i am getting the follow error :
[ldap] bind as cn=User,ou=people,dc=domain,dc=it/Password to
ldapserver:636
[ldap] waiting for bind result ...
[ldap]
You shouldn't have quotes around your username or domain. You should use
identity = cn=user,ou=people,dc=domain,dc=it
On 19/07/2013 7:05 PM, Marco Aresu marcoar...@gmail.com wrote:
Hi All,
i am new about FreeRadius. I am moving from Cisco ACS Tacacs to
FreeRadius. During LDAP configuration i
Hello
I'm looking for a solution to realize a FreeRadius Server, which can
Authenticate against primary a AD and as second method against AD LDS
(Lightweight Directory from Windows).
We want for our WLAN, that in the Guest-Network employees can use their
AD-Login (I already implemented that
Hi
Store the passwords in nt-hash format. Use guest usernames with a particular
format so that you can use some simple unlang to select the right type of
authentication rather than hitting each method and causing unnecessary load and
delay
alan
-
List info/subscribe/unsubscribe? See http
On Tue, Jul 16, 2013 at 1:02 PM, limacher david limache...@hotmail.comwrote:
Hello
I'm looking for a solution to realize a FreeRadius Server, which can
Authenticate against primary a AD and as second method against AD LDS
(Lightweight Directory from Windows).
We want for our WLAN, that in
limacher david wrote:
I'm looking for a solution to realize a FreeRadius Server, which can
Authenticate against primary a AD and as second method against AD LDS
(Lightweight Directory from Windows).
Follow this guide:
http://deployingradius.com/documents/configuration/active_directory.html
Considering that LDS will still be running Active Directory, give your
reception login(s) the permission to administer the Guest-Network OU (i.e.
add/delete/edit users), and continue to use the NTLM authentication you use
with the primary AD.
Active Directory uses MS-CHAPv2, so using
Hello!
I need some help with RADIUS regarding Wireless authentication with
RADIUS + LDAP.
I need to check if the user has permission to connect to a specific
SSID, so we check a LDAP attribute for that.
By that, we need to know from which SSID the authentication is being
requested so we
On 12.07.2013 17:03, Gustavo Vieira Oliveira wrote:
I need some help with RADIUS regarding Wireless authentication with
RADIUS + LDAP.
Hello. which version of freeradius are you running ?
I need to check if the user has permission to connect to a specific
SSID, so we check a LDAP attribute
- SC
Fone (48) 32314699 - Ramal 44699
http://www.sistemafiesc.com.br
Em 12/07/2013 12:14, Olivier Beytrison escreveu:
On 12.07.2013 17:03, Gustavo Vieira Oliveira wrote:
I need some help with RADIUS regarding Wireless authentication with
RADIUS + LDAP.
Hello. which version of freeradius are you
Olivier,
You don't need to set radius-server vsa send in the AP so it sends the
SSID in the authentication request?
Atenciosamente,
Gustavo Vieira Oliveira
GETIC - Gerência de Tecnologia da Informação
SUSERV - Superintendência de Serviços Compartilhados
Sistema FIESC
Rod. Admar Gonzaga
Look at the requests coming from your AP in debug mode. You should see
information there that can be used eg called station id with SSID appended or a
VSA with the SSID name or number in it. Use that with your policy
alan
-
List info/subscribe/unsubscribe? See
We got it working, the AP is sending the SSID with the calling station
ID but only setting radius-server vsa send in the Access-point.
The problem is that we have to do it manually (the Controller doesn't
support it) in the AP, so when it reboots for some reason it cannot
authenticate cause
On Fri, Jul 12, 2013 at 12:48:48PM -0300, Gustavo Vieira Oliveira wrote:
The problem is that we have to do it manually (the Controller
doesn't support it) in the AP, so when it reboots for some reason it
cannot authenticate cause the RADIUS doesn't receive the SSID. So,
we need an alternative
Good day,
I have a problem wherein daloradius doesn't read the freeradius log file.
Do I need to chown or chmod anything? Am using CentOS 6.4, and log file is
located in /var/log/radius/radius.log. I already chmod'ded 777 the log file
and it still wouldn't open thru daloradius interface. I can
Sorry for not including it in the first post, freeradius version used is
the latest in CentOS repo.
The output on the first post is for the web-based login, I forgot that I
only configured it on console login
Here is the output:
Ready to process requests.
rad_recv: Access-Request packet from
Hi,
Ready to process requests.
rad_recv: Accounting-Request packet from host 10.141.1.129 port 49154,
id=0, length=84
snip thats an accounting packet
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Sending Access-Accept of id 0 to 10.141.1.129 port 49154
^^
Access-Accept sent from the server. the RADIUS server has done
its thing. if the NAS isnt working then you have missed some
configuration option on the NAS
alan
-
Hi, thanks for the reply.
(Sorry if this is OT) As I understand, I couldn't use 802.1x authentication
on just the switches themselves? Since a client must have certificates to
authenticate to a server. What i just wanted to accomplish is to
authenticate the switches only on the radius server, so
Hi,
(Sorry if this is OT) As I understand, I couldn't use 802.1x
authentication on just the switches themselves? Since a client must have
certificates to authenticate to a server. What i just wanted to accomplish
is to authenticate the switches only on the radius server, so
-server vsa send* [*accounting* | *authentication*]
Enables the network access server to recognize and use VSAs as defined
by RADIUS IETF attribute 26.
The thing is, the APs can only authenticate if this command is issued in
the AP by cli and we need that the Wireless Controller can
1 - 100 of 4769 matches
Mail list logo