On 10/18/2013 11:00 AM, Alan DeKok wrote:
Bertalan Voros wrote:
I have one question, I would like to log a message in radius.log when a
device is rejected based on its mac address.
I would like to put a message saying that the device was unauthorised
and the Calling-Station-Id into the radius.lo
Garber, Neal wrote:
> Can someone tell me if it is possible in FR to cache in memory (for a
> short amount of time) Calling-Station-Id from successful machine
> authentications so that subsequent user authentications can test whether
> the user is connecting from an authorized device? This is a fe
On Fri, Oct 04, 2013 at 09:54:29AM -0400, Garber, Neal wrote:
> Can someone tell me if it is possible in FR to cache in memory
> (for a short amount of time) Calling-Station-Id from successful
rlm_cache ?
http://wiki.freeradius.org/modules/Rlm_cache
Matthew
--
Matthew Newton, Ph.D.
Systems
Using EAP? use the EAP cache and populate the entry with whatever is needed.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Can someone tell me if it is possible in FR to cache in memory (for a short
amount of time) Calling-Station-Id from successful machine authentications so
that subsequent user authentications can test whether the user is connecting
from an authorized device? This is a feature that is available w
uot;testuser""
> that comes in as part of the Digest-Attributes and a password.
You should be able to do that.
> So in the users file I have "DEFAULT Cleartext-password :=
> "password""
That will allow ANY user to authenticate using ANY auth
I'm trying to do what might be an odd configuration.
I'm attempting to digest auth users without caring about their "User-name"
attribute.
So in other words I want to auth on the "Digest-User-Name = "testuser""
that comes in as part of the Digest-Attributes and a password.
So in the users file I
> But in the EAP-TLS section from eap.conf file, I don't see any
> reference to MSCHAPv2and remember the NTLM authentication query is
> set up in the MSCHAPv2 module
EAP-TLS does not use MSCHAPv2. It uses certificates.
I quote Alan DeKok's response to your quest
Well. There's no such thing as EAP-TLS/MSCHAPv2 . So I'd guess that your
Android device is just doing PEAPv0/EAP-MSCHAPv2 or such and your config allows
it to. If you ran in full debug mode when connecting with the Android device
you'd see exactly what's happening
alan
-
List info/subscribe/
But in the EAP-TLS section from eap.conf file, I don't see any
reference to MSCHAPv2and remember the NTLM authentication query is
set up in the MSCHAPv2 module
2013/9/25 :
> Because your EAP-TLS process works? Remember, you set up EAP-TLS first (which
> worked).
>
> Yo
Because your EAP-TLS process works? Remember, you set up EAP-TLS first (which
worked).
You just configured EAP-TTLS with EAP-MSCHAPv2 as an additional authentication
method. Since the default_eap_type is set to ttls, your server *prefers* using
EAP-TTLS with EAP-MSCHAPv2, but it still
ius.org
>> [mailto:freeradius-users-
>> bounces+stefan.paetow=diamond.ac...@lists.freeradius.org] On Behalf Of
>> Roberto Carna
>> Sent: 25 September 2013 14:27
>> To: FreeRadius users mailing list
>> Subject: Re: Active Directory authentication question
>>
>&g
; [mailto:freeradius-users-
> bounces+stefan.paetow=diamond.ac...@lists.freeradius.org] On Behalf Of
> Roberto Carna
> Sent: 25 September 2013 14:27
> To: FreeRadius users mailing list
> Subject: Re: Active Directory authentication question
>
> Dear Stephan, just the last question pl
7
>> To: FreeRadius users mailing list
>> Subject: Re: Active Directory authentication question
>>
>> Dear, I'm advancing in the Freeradius + AD authenticationjust a
>> short question: when I want to make the eapol_test tool, I get this
>> error:
>>
>&g
paul trader wrote:
> hi alan - well, i did both. at first the $INCLUDE was put at the bottom
> of the users file, and there was 1 entry in the included file, at line 1.
Why do you have a $INCLUDE? You did NOT mention it in your other posts.
The help here presumes that you accurately desc
Or ask your distribution provider why they still provide wpa_supplicant package
without eapol_test tool ;)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Tue, 24 Sep 2013 at 10:36, Alan DeKok opined:
AD: It also contradicts your previous messages. You claimed you put the
AD:"users" file entry at line one of the file. But now you talk about a
AD:$INCLUDE statement.
AD:
AD: So... which is it?
hi alan - well, i did both. at first the $INCLU
etow=diamond.ac...@lists.freeradius.org] On Behalf Of
> Roberto Carna
> Sent: 24 September 2013 15:17
> To: FreeRadius users mailing list
> Subject: Re: Active Directory authentication question
>
> Dear, I'm advancing in the Freeradius + AD authenticationjust a
> short que
On 09/24/2013 10:16 AM, Roberto Carna wrote:
> Dear, I'm advancing in the Freeradius + AD authenticationjust a
> short question: when I want to make the eapol_test tool, I get this
> error:
>
> # make eapol_test
> /usr/bin/ld: cannot find -lnl
> collect2: error:
Roberto Carna wrote:
> Dear, I'm advancing in the Freeradius + AD authenticationjust a
> short question: when I want to make the eapol_test tool, I get this
> error:
>
> # make eapol_test
> /usr/bin/ld: cannot find -lnl
> collect2: error: ld returned 1 exit stat
paul trader wrote:
> hi phil - thanks for the advice, i figured out that placement of the
> $INCLUDE statement (and user info in general) in the users file is
> important for windows authentication. strangely enough, it doesn't seem
> to matter for a linux dialup, tho
Dear, I'm advancing in the Freeradius + AD authenticationjust a
short question: when I want to make the eapol_test tool, I get this
error:
# make eapol_test
/usr/bin/ld: cannot find -lnl
collect2: error: ld returned 1 exit status
make: *** [eapol_test] Error 1
I've followed all th
(and user info in general) in the users file is
important for windows authentication. strangely enough, it doesn't seem
to matter for a linux dialup, though.
thanks to everyone for the help!
regards, paul
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-->Please suggest any document which can help in better understanding on
TLS Authentication.
Arvind, I also faced the same issue at beginning , but I would suggest to
read Freeradius own documentation. That is probably the best.
On Mon, Sep 23, 2013 at 7:45 PM, arvind132 . wrote:
> Hi,
On 23/09/2013 18:19, paul trader wrote:
hi phil - ok, here's the full debug for a successful request:
[files] users: Matched entry test at line 1
Versus
and here's the full output of a failed request:
[files] users: Matched entry DEFAULT at line 172
The two request look very similar, but
from
the authentication request shows the username to be "test" and there's
clearly a user named "test" in the users file. every place in the debug
output where it lists the username it's "test". there doesn't seem to be
any domain prepended to it.
wh
paul trader wrote:
> i used a default v2 install and only changed the users and clients.conf
> files. everything else was left alone.
Well, there's no magic. If the "users" file entry doesn't match, it's
because the User-Name isn't "test".
Alan DeKok.
-
List info/subscribe/unsubscribe? Se
On 09/23/2013 02:07 PM, paul trader wrote:
> On Mon, 23 Sep 2013 at 13:31, John Dennis opined:
>
> JD:You still haven't sent the full debug.
>
> hi john - thanks for your reply. i sent the output from running radiusd
> -X, are you saying i need to run -Xxx and send that instead?
No. It means a
Hi,
I am facing some issues with 802.1x EAP-TLS Authentication.
Please suggest any document which can help in better understanding on TLS
Authentication.
Thanks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
noop
++[digest] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
+
hi all - i've recently tried upgrading from v1 to v2. on a centos 6.4 box
w/ all latest updates, i installed freeradius v2, added one username and
password to /etc/raddb/users:
test Cleartext-Password := "testing"
and the radtest command-line authentication works. i then ad
On 09/23/2013 01:19 PM, paul trader wrote:
> eOn Mon, 23 Sep 2013 at 17:52, Phil Mayers opined:
>
> PM:It's difficult to say, because the debug you sent has all the useful
> PM:bits trimmed out - like the original packet, and the full module
> PM:processing chain.
You still haven't sent the ful
On 23/09/13 17:33, paul trader wrote:
am i doing something glaringly wrong, or just going plain crazy?
It's difficult to say, because the debug you sent has all the useful
bits trimmed out - like the original packet, and the full module
processing chain.
Send a full debug, and odds are som
On Mon, 23 Sep 2013 at 13:31, John Dennis opined:
JD:You still haven't sent the full debug.
hi john - thanks for your reply. i sent the output from running radiusd
-X, are you saying i need to run -Xxx and send that instead?
or are you looking for the startup output as well? i only included t
Am Montag, 23. September 2013, 13:53:14 schrieb ken.farrington:
> Just also beware that the MAC and be spoofed also with lots of programs :)
Yes: ip link dev ... set addr ...
> > On 23 September 2013 at 13:46 Nikolaos Milas wrote:
> >
> > On 23/9/2013 3:14 μμ, Free-Radius wrote:
> > > I wonder
Husnain Taseer wrote:
> In tcpdump asterisk not sending request to the freeradius can u tell
> after configuring freeradius what configurations are needed to be done
> in asterisk.
You were told to ask this question on the asterisk mailing list.
We are not asterisk, and we know nothing about
Just also beware that the MAC and be spoofed also with lots of programs :)
> On 23 September 2013 at 13:46 Nikolaos Milas wrote:
>
> On 23/9/2013 3:14 μμ, Free-Radius wrote:
>
> >
> > I wonder if the Freeradius to authenticate a client by IP number,
> > without using login and password, only the
On 23/9/2013 3:14 μμ, Free-Radius wrote:
I wonder if the Freeradius to authenticate a client by IP number,
without using login and password, only the IP. If possible, how to do?
You can authenticate a client based on MAC Address. See
http://wiki.freeradius.org/guide/Mac-Auth for various sce
Dear,
I wonder if the Freeradius to authenticate a client by IP number, without
using login and password, only the IP. If possible, how to do?
thank you
---
Marcelo
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/user
In tcpdump asterisk not sending request to the freeradius can u tell after
configuring freeradius what configurations are needed to be done in
asterisk.
Regards,
Husnain Taseer
On Mon, Sep 23, 2013 at 4:11 PM, Adam Bishop wrote:
> On 23 Sep 2013, at 11:27, Husnain Taseer wrote:
>
> > Even I
On 23 Sep 2013, at 11:27, Husnain Taseer wrote:
> Even I don't get any request from asterisk server in radius logs.
You're looking at the wrong layer for the problem.
Fire up tcpdump. Do you see any radius traffic leaving the asterisk box? Does
it reach the RADIUS server?
If no traffic is l
ister peer in
asterisk the freeradius authentication doesn't work. Even I don't get any
request from asterisk server in radius logs.
My sip.conf configuration is :
[1000]
type=friend
context=test
auth_type=radius
host=dynamic
and user credentials are placed in /usr/local/etc/raddb/users
Thanks Stepahn for all your important help.
Regards,
Roberto
2013/9/19 :
>> What I mean is that EAP-TLS is easier to me than AD authentication at
>> this point, because I've just put it to work...and if I want to use AD
>> auth I have to take EAP-TLS out and sta
> What I mean is that EAP-TLS is easier to me than AD authentication at
> this point, because I've just put it to work...and if I want to use AD
> auth I have to take EAP-TLS out and start again with NTLM / AD
> authenticationis it OK ???
Roberto, you don't have to rem
tabase. They store user information.
They don't authenticate users.
FreeRADIUS is an authentication server. Where necessary, it pulls
user information from a database. It also returns user profiles to a
WiFI AP. e.g. VLAN, etc.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://
Arran, I have a private CA and I've created the server and client
certs of course...and I've generated the .p12 cert (includind the CA
cert) to install in my Windows 7 clientsit works OK.
What I mean is that EAP-TLS is easier to me than AD authentication at
this point, because I
-TLS is easier to me than AD authentication at
> this point, because I've just put it to work...and if I want to use AD
> auth I have to take EAP-TLS out and start again with NTLM / AD
> authenticationis it OK ???
I think you have a misconception. The client decides what type of
aut
orm lookups based on fields in the
cert presented, but it can't be used to store X.509 certificate data.
> And finally, if I use EAP-TLS with X.509 certificates, do you mean I
> don't need to use the authentication against the active directory
> database ??? Maybe this is easi
e they are checked
against MySQL database (because I see the query in debug mode). Is
this correct or not ???
And finally, if I use EAP-TLS with X.509 certificates, do you mean I
don't need to use the authentication against the active directory
database ??? Maybe this is easier to me because I
ave to change the authentication from MySQL to a remote Active
> Directory on a Windows 2012 server.
FreeRADIUS is an authentication server. MySQL is not. It's a database.
Using the correct terminology menas it's easier to come up with a
solution. Using the wrong terminology me
Dear, I have several Windows 7 clients over WiFi autheticating throug
EAP-TLS to a Freeradius 2.1 service against a local MySQL database, it
works OK.
Now I have to change the authentication from MySQL to a remote Active
Directory on a Windows 2012 server.
Because I don't know so much
On 4 Sep 2013, at 13:10, "Hachmer, Tobias"
wrote:
>>> How can I do this and how "magic" could I rewrite the DN?
>>> The local ldap DIT and the AD DIT are totally different (different OU
>>> structure). It is much more than rewrite the base DN.
>>> When there's no way to determine the DN in AD
>> How can I do this and how "magic" could I rewrite the DN?
>> The local ldap DIT and the AD DIT are totally different (different OU
>> structure). It is much more than rewrite the base DN.
>> When there's no way to determine the DN in AD DIT again I think I can
>> achieve this more easy using
On 4 Sep 2013, at 06:54, "Hachmer, Tobias"
wrote:
> Hello Alan,
>
>>> Hachmer, Tobias wrote:
>>> - Rewrite DN?
>> You can rewrite the DN. That's why it's editable, as the LDAP-UserDn
>> attribute.
>
> How can I do this and how "magic" could I rewrite the DN?
> The local ldap DIT and t
Hello Alan,
>>Hachmer, Tobias wrote:
>> - Rewrite DN?
> You can rewrite the DN. That's why it's editable, as the LDAP-UserDn
> attribute.
How can I do this and how "magic" could I rewrite the DN?
The local ldap DIT and the AD DIT are totally different (different OU
structure). It is muc
Hachmer, Tobias wrote:
> - Rewrite DN?
You can rewrite the DN. That's why it's editable, as the LDAP-UserDn
attribute.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> As far as I know it is not possible to use a ldap module to authenticate
> agains AD. See this page for protocol compatibility:
Thank you for the answer. But it is possible using simple bind via ldap.
But that's not my problem.
Regards,
Tobias Hachmer
-
List info/subscribe/unsubscribe? S
22:51
>
> - OpenLDAP: slapd 2.4.23 (Apr 29 2013 07:47:08)
>
> Here we use Microsoft Active Directory (not in our responsibility) for User
> Authentication. I have set up an OpenLDAP Master/ Slave construct
> (syncrepl) for RADIUS auth
responsibility) for User
Authentication.
I have set up an OpenLDAP Master/ Slave construct (syncrepl) for RADIUS
authorization and (fallback) authentication, like:
LDAP Master
Hi!
i am kindly asking for help or pointing right way to solve this problem.
Right now we are using LDAP for authentication to IBM products. Last thing
we try to do is use Freeradius on same LDAP schema for wireless purposes
(Cisco network). We didn't have problems with basic authentic
Thank You for reply Alan.
I have working eap-tls for my staff and
Dnia 5 sierpnia 2013 21:52 a.l.m.bu...@lboro.ac.uk napisał(a):
Hi,
> In that situation i need to have active, both sql and ldap, authorization
> modules in inner-tunnel. So users, who should identify by login/pass in
> guest SSID, ca
Hi,
>In that situation i need to have active, both sql and ldap, authorization
>modules in inner-tunnel. So users, who should identify by login/pass in
>guest SSID, can be authenticate via inner-tunnel ldap module. I don't want
>this.
use whatever you want to use. what do you use
henticate
> two groups of users. One group for local staff based on eap-tls, second
> group to others based on OpenLdap authentication. My AP's have 2 SSID's
> broadcasting. One for the staff, second for others. Is there a
> possibility, to use one radius server to handle thi
On Mon, Aug 05, 2013 at 12:50:20PM +0530, rajeev sr wrote:
> I am trying to run the radtest on local machine which is CentOS 6.0. But am
> getting the following error while sending the Access Request message from
> client which is another machine.
>
> The user name is defined in users file under /
Hi,
> User-Password = "\334a\004\305\355x\321\332G\306\362b\226~\355+"
that lineand the following in the debug:
>Fri Aug 2 16:45:38 2013 : Debug: WARNING: Unprintable characters in the
>password. Double-check the shared secret on the server and the NAS!
are quite clear.
On 5 Aug 2013, at 08:20, rajeev sr wrote:
> Hello,
>
>
> I am trying to run the radtest on local machine which is CentOS 6.0. But am
> getting the following error while sending the Access Request message from
> client which is another machine.
>
>
> The user name is defined in users file
dear guest, i have problem in eap-sim authentication.
I'm using freeradius 2.2.0, blackberry 9220
here my simtripletsdat. file
1510012660372465,AF6876E748BD46bf853A99DC2032F0A7,95762655,449177635B92bc00
1510012660372465,A1A9AC744E8D49819D27A79B067BCA69,257b31c6,64ff9467DEa
Hi,
>If the user authenticates against to radius server and fails NTLM_AUTH,
>the request will then be authenticated against PAM and if it still fails
>it will be rejected.
use a bit of the unlang construct with the failover method.
http://wiki.freeradius.org/config/Fail%20over
so,
I currently have two auth types (NTLM_AUTH and PAM) in my default site
configuration (using FreeRadius version 2.1.12) - although I would like to
achieve the following:
If the user authenticates against to radius server and fails NTLM_AUTH, the
request will then be authenticated against PAM and if
users. One group for local staff based on eap-tls, second
> group to others based on OpenLdap authentication. My AP's have 2 SSID's
> broadcasting. One for the staff, second for others. Is there a
> possibility, to use one radius server to handle this scenario?
Yes. Just update
Marcin wrote:
> I'm new with FreeRadius. I would like to use FreeRadius to authenticate
> two groups of users. One group for local staff based on eap-tls, second
> group to others based on OpenLdap authentication. My AP's have 2 SSID's
> broadcasting. One for the staff,
Hi.
I'm new with FreeRadius. I would like to use FreeRadius to authenticate two
groups of users. One group for local staff based on eap-tls, second group to
others based on OpenLdap authentication. My AP's have 2 SSID's broadcasting.
One for the staff, second for oth
Tekán Dávid wrote:
> Don't want to store cleartext password, so i created for every user an
> NT-Password as well beyond the MD5-Password, and it appears in the sql
> database as well (also checked the queries when it queries the
> rad_check table, it's there in the response as well).
You need t
NT-Password.
[mschap] Creating challenge hash with username: tekan
[mschap] Client is using MS-CHAPv2 for tekan, we need NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
(where tekan is my username)
Thanks for all the help.
scribed by
deployingradius.comyou can in authenticate computer
accounts. - It required me to tweak the LDAP default config for group-based
authorization, but In case this is what you
are looking for, ping back and I can show you LDAP filters i use.
If you are only into authentication, most likely the public pages wi
Yes it does.
We found the solution by creating a rule that maps all the BSSID related
to some SSID and then we do a specific filter to LDAP, so we did it for
every SSID.
Thanks for the help!
Atenciosamente,
Gustavo Vieira Oliveira
GETIC - Gerência de Tecnologia da Informação
SUSERV - Super
Stefan Sticht wrote:
> I want to change a FreeRadius server to authenticate a few hosts by their
> hostnames.
> The hostnames would be stored in a config file.
That's not how RADIUS works.
> How could I do this?
You can't.
> This is the authentication request:
Hi,
sorry, I am completely new to Radius …
I want to change a FreeRadius server to authenticate a few hosts by their
hostnames.
The hostnames would be stored in a config file.
How could I do this?
This is the authentication request:
rad_recv: Access-Request packet from host 10.10.10.21 port
configuration in clients.conf.
Client fd00:1:1:1::/63{
secret=mykey
}
But it throws the below error when I ran the radius in
debug mode
Ignoring request to authentication address :: port 1812 from unknown client
fd00:1:1:1
You shouldn't have quotes around your username or domain. You should use
identity = "cn=user,ou=people,dc=domain,dc=it"
On 19/07/2013 7:05 PM, "Marco Aresu" wrote:
> Hi All,
> i am new about FreeRadius. I am moving from Cisco ACS Tacacs to
> FreeRadius. During LDAP configuration i am getting the
Hi All,
i am new about FreeRadius. I am moving from Cisco ACS Tacacs to FreeRadius.
During LDAP configuration i am getting the follow error :
[ldap] bind as cn="User",ou=people,dc="domain",dc=it/"Password" to
"ldapserver":636
[ldap] waiting for bind result ...
[ldap] cn="user",ou=people,dc="
Considering that LDS will still be running Active Directory, give your
reception login(s) the permission to administer the Guest-Network OU (i.e.
add/delete/edit users), and continue to use the NTLM authentication you use
with the primary AD.
Active Directory uses MS-CHAPv2, so using the
limacher david wrote:
> I'm looking for a solution to realize a FreeRadius Server, which can
> Authenticate against primary a AD and as second method against AD LDS
> (Lightweight Directory from Windows).
Follow this guide:
http://deployingradius.com/documents/configuration/active_directory.htm
On Tue, Jul 16, 2013 at 1:02 PM, limacher david wrote:
> Hello
>
> I'm looking for a solution to realize a FreeRadius Server, which can
> Authenticate against primary a AD and as second method against AD LDS
> (Lightweight Directory from Windows).
> We want for our WLAN, that in the Guest-Network
Hi
Store the passwords in nt-hash format. Use guest usernames with a particular
format so that you can use some simple unlang to select the right type of
authentication rather than hitting each method and causing unnecessary load and
delay
alan
-
List info/subscribe/unsubscribe? See http
Hello
I'm looking for a solution to realize a FreeRadius Server, which can
Authenticate against primary a AD and as second method against AD LDS
(Lightweight Directory from Windows).
We want for our WLAN, that in the Guest-Network employees can use their
AD-Login (I already implemented that wi
On Fri, Jul 12, 2013 at 12:48:48PM -0300, Gustavo Vieira Oliveira wrote:
> The problem is that we have to do it manually (the Controller
> doesn't support it) in the AP, so when it reboots for some reason it
> cannot authenticate cause the RADIUS doesn't receive the SSID. So,
> we need an alternat
We got it working, the AP is sending the SSID with the calling station
ID but only setting "radius-server vsa send" in the Access-point.
The problem is that we have to do it manually (the Controller doesn't
support it) in the AP, so when it reboots for some reason it cannot
authenticate cause
Look at the requests coming from your AP in debug mode. You should see
information there that can be used eg called station id with SSID appended or a
VSA with the SSID name or number in it. Use that with your policy
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/u
Olivier,
You don't need to set "radius-server vsa send" in the AP so it sends the
SSID in the authentication request?
Atenciosamente,
Gustavo Vieira Oliveira
GETIC - Gerência de Tecnologia da Informação
SUSERV - Superintendência de Serviços Compartilhados
Sistema FIESC
Rod
- SC
Fone (48) 32314699 - Ramal 44699
http://www.sistemafiesc.com.br
Em 12/07/2013 12:14, Olivier Beytrison escreveu:
On 12.07.2013 17:03, Gustavo Vieira Oliveira wrote:
I need some help with RADIUS regarding Wireless authentication with
RADIUS + LDAP.
Hello. which version of freeradius are you
On 12.07.2013 17:03, Gustavo Vieira Oliveira wrote:
> I need some help with RADIUS regarding Wireless authentication with
> RADIUS + LDAP.
Hello. which version of freeradius are you running ?
> I need to check if the user has permission to connect to a specific
> SSID, so we
Hello!
I need some help with RADIUS regarding Wireless authentication with
RADIUS + LDAP.
I need to check if the user has permission to connect to a specific
SSID, so we check a LDAP attribute for that.
By that, we need to know from which SSID the authentication is being
requested so we
Good day,
I have a problem wherein daloradius doesn't read the freeradius log file.
Do I need to chown or chmod anything? Am using CentOS 6.4, and log file is
located in /var/log/radius/radius.log. I already chmod'ded 777 the log file
and it still wouldn't open thru daloradius interface. I can ope
Hi,
>(Sorry if this is OT) As I understand, I couldn't use 802.1x
>authentication on just the switches themselves? Since a client must have
>certificates to authenticate to a server. What i just wanted to accomplish
>is to authenticate the switches only on the
Hi, thanks for the reply.
(Sorry if this is OT) As I understand, I couldn't use 802.1x authentication
on just the switches themselves? Since a client must have certificates to
authenticate to a server. What i just wanted to accomplish is to
authenticate the switches only on the radius serve
Hi,
>Sending Access-Accept of id 0 to 10.141.1.129 port 49154
^^
Access-Accept sent from the server. the RADIUS server has done
its thing. if the NAS isnt working then you have missed some
configuration option on the NAS
alan
-
Li
Hi,
>Ready to process requests.
>rad_recv: Accounting-Request packet from host 10.141.1.129 port 49154,
>id=0, length=84
thats an accounting packet
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sorry for not including it in the first post, freeradius version used is
the latest in CentOS repo.
The output on the first post is for the web-based login, I forgot that I
only configured it on console login
Here is the output:
Ready to process requests.
rad_recv: Access-Request packet from h
Those are VSA that you are getting from the NAS. You're WiFi kit is centrally
managed so config is pushed from the controller
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
1 - 100 of 5112 matches
Mail list logo