On Fri, Jan 22, 2010 at 12:13 AM, Huckle Berry huck.be...@gmail.com wrote:
Will report later.
I installed the new certs (I checked in the details tab on windows that both
the server and client have the correct xpextentions) however the client
still fails to respond. Just to be sure, I hopped
On Thu, Jan 21, 2010 at 1:48 AM, Alan DeKok al...@deployingradius.comwrote:
If you're not going to bother reading the messages here, I don't see
why you're asking questions.
I thought the golden rule around here was Don't Touch the Conf's, it should
just work. Using that information, I
Ok so I sent that last email off a little too prematurely, Some how in my
various remakings of my certs, I ended up with no xpextensions Don't
have time to test it now as I have to give the network back soon. Will
report later.
~Huckle Berry
-
List info/subscribe/unsubscribe? See
OK so the message was blocked for length, here is ~ 450 lines, after this it
basically repeats with new ID's several (hundred) times.
FreeRADIUS Version 2.0.4, for host i486-pc-linux-gnu, built on Jan 19 2010
at 01:20:58
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
Huckle Berry wrote:
OK so the message was blocked for length, here is ~ 450 lines, after
this it basically repeats with new ID's several (hundred) times.
If you're not going to bother reading the messages here, I don't see
why you're asking questions.
I said:
Try using a user from
hi,
I'm not sure what you've done to the default config...I've just untarred,
./configure, make, make install a fresh copy of 2.1.8
on a virtual server . then i edited the users files to make a test account
and, straight away, did an EAP request to u...@example.com and it just worked.
alan
-
Huckle Berry wrote:
For all I know, the top of the output could be 10,000 (or more) lines
up. Funny thing about endless loops, they tend to go on for quite a
while.
Would re-directing the output to a file work?
Like I said before though, I am running the default config (except for
the
I sent out a message this morning w/ the log file output. But even that
was 700+ lines and it needed approval before it was forwarded. Haven't heard
anything back from the mod about it yet so I'm assuming it went through. If
it didn't, let me know and I'll try to trim some of the output that
So I reverted to the default conf by copying the confs from the source
package. I was forced to alter two lines.
$diff eap.conf /etc/freeradius/eap.conf
155c155
private_key_file = ${certdir}/server.pem
---
private_key_file = ${certdir}/server.key
$diff users
So I reverted to the default conf by copying the confs from the source
package. I was forced to alter two lines.
$diff eap.conf /etc/freeradius/eap.conf
155c155
private_key_file = ${certdir}/server.pem
---
private_key_file = ${certdir}/server.key
$diff users
hi,
nostrip in the example.com in proxy.conf
set the auth to LOCAL
this will then get handled locally and the inner-tunnel will
deal with the EAP properly.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I edited proxy.conf to include:
realm example.com {
nostrip
}
and I edited users to read:
user Auth-Type := Local
but no beans, back to the 200+ Proxy-State attributes and a DoS. I also
tried a few capitalizations of the word 'local' just in case it was
sensitive to that,
Huckle Berry wrote:
I edited proxy.conf to include:
realm example.com http://example.com {
nostrip
}
and I edited users to read:
user Auth-Type := Local
Delete that. You don't need it.
but no beans, back to the 200+ Proxy-State attributes and a DoS.
Sorry but
Huckle Berry wrote:
Maybe proxy to itself was a bad way to describe it, you can interpret
the output yourself if you'd like. I took the last 4096 lines of output
... from an endless loop which repeats the same thing.
Why not send the *top* of the output, before it starts to loop back to
For all I know, the top of the output could be 10,000 (or more) lines up.
Funny thing about endless loops, they tend to go on for quite a while. If
you want, I'll post my conf files, which should be the same as the top of
the output, no? The example.com realm should be in proxy.conf if you want
Huckle Berry wrote:
First off, forgive me if this has been asked before on this list (I did
do a search first, yet no results proved useful).
I am on a fact finding mission to see whether freeradius is going to be
feasible to deploy in my environment (~50 users over ~40 windows and
linux
At this point, I'm wondering if I should put eap.conf back to it's original
conf. Every tutorial I've seen has recommended those changes, but none of
them were really for the 2.x.x version of freeradius.
It's either that or the users file as those are the only two I've touched.
Certainly most of
Huckle Berry wrote:
At this point, I'm wondering if I should put eap.conf back to it's
original conf. Every tutorial I've seen has recommended those changes,
but none of them were really for the 2.x.x version of freeradius.
The documentation for FreeRADIUS says explicitly: nearly every third
Hi,
First off, forgive me if this has been asked before on this list (I did do a
search first, yet no results proved useful).
I am on a fact finding mission to see whether freeradius is going to be
feasible to deploy in my environment (~50 users over ~40 windows and linux
desktops). On
On Sun, Jan 17, 2010 at 3:33 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
okay. EAP user-name doesnt match the original identity...and no user
found either.
2 things you need to ensure
1) in proxy.conf you have 'nostrip' defined for example.com
This was beginning to occur to me.
Huckle Berry wrote:
This was beginning to occur to me. Initially I ignored proxy.conf
because i figured I would never need to proxy anything, but I now see FR
proxies to itself...
It treats the inner tunnel session as a (largely) independent RADIUS
request. This makes server design
First off, forgive me if this has been asked before on this list (I did do a
search first, yet no results proved useful).
I am on a fact finding mission to see whether freeradius is going to be
feasible to deploy in my environment (~50 users over ~40 windows and linux
desktops). On a test network
22 matches
Mail list logo
