Re: [Help] How to eliminate client certificate popup

On 03/05/2013 01:58 AM, Danny Kurniawan wrote: Hello, We are using 802.1x wireless connection from Meraki and using PEAP-MSCHAPv2 for authentication with our LDAP. Everything works fine, it just we want to eliminate this pop-up at the 1st time people connect to it : How can i do that? We are us

Re: [Help] How to eliminate client certificate popup

Hi, > Check https://supportforums.cisco.com/docs/DOC-17544 how many 'how to configure PEAP' documents does the world need? this one has fewer issues than others but still has ambiguityand this guide also contains exactly the same security prompt that the requester DOESNT want ;-) alan - List

Re: [Help] How to eliminate client certificate popup

Hi, >How can i do that? We are using a cert from Global sign and we already >have a root ca in our laptop, but we still need to choose that Terminate / >Connect popup. It doesnt matter if we need to change our cert or etc, but >we just want to eliminate that popup :) its down to t

Re: [Help] How to eliminate client certificate popup

> Hi, > > I mean eliminate it without a need to configure WLAN profile on each > Windows 7 we have or using Intel Pro software etc.. I would like to know > if > anyone ever know how we can eliminate this from let say tweak the cert or > some radius config. > I don\'t think it\'s about radius confi

Re: [Help] How to eliminate client certificate popup

Hi, I mean eliminate it without a need to configure WLAN profile on each Windows 7 we have or using Intel Pro software etc.. I would like to know if anyone ever know how we can eliminate this from let say tweak the cert or some radius config. Thanks Danny On Tue, Mar 5, 2013 at 9:58 AM, Danny Ku

[Help] How to eliminate client certificate popup

Hello, We are using 802.1x wireless connection from Meraki and using PEAP-MSCHAPv2 for authentication with our LDAP. Everything works fine, it just we want to eliminate this pop-up at the 1st time people connect to it : The credentials provided by the server could not be validated. We recommend t

Re: [Help] - How To configure Radius timeout / count retries

Noted, thanks in advance. -Danny On Fri, Mar 1, 2013 at 11:04 PM, Arran Cudbard-Bell < a.cudba...@freeradius.org> wrote: > > > > "Or are you talking about failing over between upstream proxy servers?" > > > > Does this mean a setup of Radius load balancing? I mean a few Radius > server that used

Re: [Help] - How To configure Radius timeout / count retries

> > "Or are you talking about failing over between upstream proxy servers?" > > Does this mean a setup of Radius load balancing? I mean a few Radius server > that used by the same AP ? So from AP point of view i just need to point to > the "master" Ip address of the first radius server? No. Th

Re: [Help] - How To configure Radius timeout / count retries

Arran, >* Let say for example in our Wireless AP (access point) we can put 2 Radius >server in sequence, radiusA and radiusB. I know the AP will eventually look at >the 1st server, and if its not available (let say server is down) then it will >go to the 2nd radius server (I only assume this).

Re: [Help] - How To configure Radius timeout / count retries

No worries, i receive this mailing list on my email now.. OK, so i also understand that we can only configure that from the AP side. But unfortunately we cant find that in the Meraki AP ... let me check with our vendor on it. Thanks Danny On Fri, Mar 1, 2013 at 2:26 PM, Arran Cudbard-Bell < a.cu

Re: [Help] - How To configure Radius timeout / count retries

On 1 Mar 2013, at 00:19, Danny Kurniawan wrote: > Hello, > > This is what i want to do : > > "You're asking whether you can configure FreeRADIUS to inform the access > point that it should fail over to another server server after a given number > of timeouts/retries? " You can't. You confi

Re: [Help] - How To configure Radius timeout / count retries

On 1 Mar 2013, at 00:20, Danny Kurniawan wrote: > Out of topic : All, btw how can i make sure that when i reply in this mailing > list it appears after the previous post ? I dont receieve any of your reply > in my email and i have to go to the archive list to reply this. I'm not sure what yo

Re: [Help] - How To configure Radius timeout / count retries

Out of topic : All, btw how can i make sure that when i reply in this mailing list it appears after the previous post ? I dont receieve any of your reply in my email and i have to go to the archive list to reply this. Thanks -- Best Regards, Danny - List info/subscribe/unsubscribe? See http://ww

Re: [Help] - How To configure Radius timeout / count retries

Hello, This is what i want to do : "You're asking whether you can configure FreeRADIUS to inform the access point that it should fail over to another server server after a given number of timeouts/retries? " Thanks Danny -- Best Regards, Danny - List info/subscribe/unsubscribe? See http://ww

Re: [Help] - How To configure Radius timeout / count retries

> Let say for example in our Wireless AP (access point) we can put 2 Radius > server in sequence, radiusA and radiusB. I know the AP will eventually look > at the 1st server, and if its not available (let say server is down) then it > will go to the 2nd radius server (I only assume this). > >

[Help] - How To configure Radius timeout / count retries

Hi All, Let say for example in our Wireless AP (access point) we can put 2 Radius server in sequence, radiusA and radiusB. I know the AP will eventually look at the 1st server, and if its not available (let say server is down) then it will go to the 2nd radius server (I only assume this). So is t

Re: Help Needed !!! FreeRADIUS Integration with MS AD

pradyumna dash wrote: > Am still struggling to get the accounting details, am not getting any > value-attr pair or Reply message, However authentication works fine. I have no idea what that means. How about running the server in debugging mode, as suggested in the FAQ, "man" page, web pages,

Re: Help Needed !!! FreeRADIUS Integration with MS AD

on't see the > >value-attr or reply message. Please help. Logs attached. > > please do not email me and the freeradius users mailing list. much like > the other Alan, I am already on that list and so choose to read/reply. I'm > not > your contracted support. > &g

Re: Help Needed !!! FreeRADIUS Integration with MS AD

Hi, >Am not able to see my authorization happening because I don't see the >value-attr or reply message. Please help. Logs attached. please do not email me and the freeradius users mailing list. much like the other Alan, I am already on that list and so choose to read/rep

Re: Help Needed !!! FreeRADIUS Integration with MS AD

Hi, Am not able to see my authorization happening because I don't see the value-attr or reply message. Please help. Logs attached. rad_recv: Access-Request packet from host 192.168.0.2 port 39662, id=92, length=62 User-Name = "radiustest" User-Password

Re: Help Needed !!! FreeRADIUS Integration with MS AD

Hi, >Do you mean the below in the "users" file? > >cisco Auth-Type := LDAP > >Service-Type = Administrative-User, >cisco-avpair = "shell:priv-lvl=15" no. cisco Auth-Type := LDAP Service-Type = Administrative-User, cisco-avpair = "shell:priv-lvl=15" (see all th

Re: Help Needed !!! FreeRADIUS Integration with MS AD

pradyumna dash wrote: > But am not able to see the value-attribute pair which i have passed, I > can login to the switch with the AD user account but am landing at the > ">" prompt and the priv showing "1", Where as i have passed the priv > level "15" , So not sure how to fix this. > > PFA the con

Re: Help Needed !!! FreeRADIUS Integration with MS AD

Hi Alan, Thanks for your reply. Do you mean the below in the "users" file? cisco Auth-Type := LDAP Service-Type = Administrative-User, cisco-avpair = "shell:priv-lvl=15" Regards, /Neo On Thu, Jan 24, 2013 at 11:19 PM, wrote: > Hi, > > you need whitspace before the service-type and cisco V

Re: Help Needed !!! FreeRADIUS Integration with MS AD

Hi, you need whitspace before the service-type and cisco VSA lines after your auth line (they are reply items.not check items) - if you run in debug mode (radiusd -X or freeradius -X on some distros) you can confirm from the output that the VSA/TLV are being sent to the client (switch). if t

Re: Help Needed !!! FreeRADIUS Integration with MS AD

the switch with the AD user account but am landing at the ">" prompt and the priv showing "1", Where as i have passed the priv level "15" , So not sure how to fix this. PFA the configuration files. Please help. Regards, /Neo On Wed, Jan 23, 2013 at 12:00 AM,

Re: Freeradius CoA - Need Help

Nasser Heidari wrote: > Can Anybody help me with this issue? To send CoA packets, read raddb/sites-available/originate-coa You choose the attributes to send like you choose any attributes to send. Use "unlang", or a module... Alan DeKok. - List info/subscribe/unsubscr

RE: Freeradius CoA - Need Help

Can Anybody help me with this issue? > -Original Message- > From: freeradius-users-bounces+nasser=rasana@lists.freeradius.org > [mailto:freeradius-users-bounces+nasser=rasana@lists.freeradius.org] On > Behalf Of Nasser Heidari > Sent: Tuesday, January 22, 20

Re: Help Needed !!! FreeRADIUS Integration with MS AD

Hi, > Thanks I have now configured the freeradius and the Cisco switch is now > getting authenticated against the AD user but I can't see the commands > executed in the switch by this user in the radius account log. follow the cisco docs for configuring your device for RADIUS accounting.and

Re: Help Needed !!! FreeRADIUS Integration with MS AD

;> switch and exexuted a command "Show config" that should be captured in the >> accounting information. > > Cisco switches. their RADIUS for such stuff is weak and usually non existant. > use TACACS+ > >> Do i need a DB like MySQL for accounting or AD

Freeradius CoA - Need Help

Hi, I'm going to setup Freeradius CoA Virtual Server, I have already gone through originate-coa document, but need some help. This is the way that I traditionally originate CoA or POD packets: - I have wrote a Perl scripts that it listens on port 1810. - when I want to disconnect a user ,

Re: help with proxy settings for EDUROAM

hi, as already mentined, there is the eduroam confluence wiki for further documentation. your request was proxied offbut not answered. ask for someone to check the logs on the next hop - or at the final target RADIUS to see if they got the requests through however, your eduroam user-

Re: help with proxy settings for EDUROAM

On 21.01.2013 16:39, Hocine M wrote: > Hello, > > Could anyone help me? > > I'm trying setting up freeradius 2.1.12 for eduroam. > The local auth works well, but the proxy part not so. First you should have a look at https://confluence.terena.org/display/H2eduroam/How+to

help with proxy settings for EDUROAM

Hello, Could anyone help me? I'm trying setting up freeradius 2.1.12 for eduroam. The local auth works well, but the proxy part not so. here is the configuration : RADIUSD.CONF : prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = /var sbindir = ${exec_prefix}/sbin l

Re: Help Needed !!! FreeRADIUS Integration with MS AD

heir RADIUS for such stuff is weak and usually non existant. use TACACS+ >Do i need a DB like MySQL for accounting or AD LDAP DB will help in doing >so? I'd advise using SQL for accounting records but its not necessary. a plain flat file will do just as well in the beginning.

Re: Help Needed !!! FreeRADIUS Integration with MS AD

On 20 Jan 2013, at 07:31, pradyumna dash wrote: > Hi Team, Were a community. > I need a help, am new to RADIUS and i need the below to be configured. > > I. FreeRADIUS integration with Microsoft AD http://wiki.freeradius.org/guide/FreeRADIUS-Active-Directory-Integratio

Help Needed !!! FreeRADIUS Integration with MS AD

Hi Team, I need a help, am new to RADIUS and i need the below to be configured. I. FreeRADIUS integration with Microsoft AD II. Cisco switches needs to be the client II. The accounting information should also contain the commands executed in the Switch as well, Example If a used called "

HELP !! Access Period Attribute FreeRadius

Dear List Members, i have working setup of FreeRadius 2x (freeradius-2.1.12-4.el6_3.x86_64) including "rlm_sqlcounter" (Max-Daily-Session). User are logged off alright when "Max Session Timeout" is reached. But users can re login to gain access. The username and passwords are for hotspot. We do

Need Help - Problem Working With Session Time Out

Hi Dear List Members, Radius do not send session timeout attribute in result user do not log off after time expired. Can anyone help please? what i have done. enabled cunters.sql in "radius.conf & sql.sonf" my counters. sqlcounter noresetcounter { counter-name = Max-Al

Re: Need Help to Troubleshoot MySQL Auth FreeRadius 2.1.X

Prabhpal S. Mavi wrote: > This is new implementation. Can someone help me to troubleshoot why > freeradius mysql authentication is failing. i have cross check every > expect but still seem that something is not in place. You haven't read the documentation which says to run

Need Help to Troubleshoot MySQL Auth FreeRadius 2.1.X

Dear Freeradius Hackers, This is new implementation. Can someone help me to troubleshoot why freeradius mysql authentication is failing. i have cross check every expect but still seem that something is not in place. What is i have done: installed Freeradius + MySQL Databases Configured

Re: help with DHCP server functionality

On Fri, Nov 2, 2012 at 6:30 AM, Duane Cox wrote: > OK, that solved my dilemma of no Pool-Name defined, thanks! Hmmm ... this just arrived in my mailbox. Anyway, in case you still need the response ... > What are other operators doing to determine the appropriate pool? What do you mean? > Sh

RE: help with DHCP server functionality

: freeradius-users-bounces+duanecox=gmail@lists.freeradius.org [mailto:freeradius-users-bounces+duanecox=gmail@lists.freeradius.org ] On Behalf Of Fajar A. Nugraha Sent: Thursday, November 01, 2012 4:58 PM To: FreeRadius users mailing list Subject: Re: help with DHCP server functionality On Fri

Re: help with DHCP server functionality

Thanks Fajar, that did help me get past this hurdle. Pressing forward with the dhcp side... Thanks, Duane Sent from my iPad by Verizon Wireless On Nov 1, 2012, at 4:59 PM, "Fajar A. Nugraha" wrote: > On Fri, Nov 2, 2012 at 3:19 AM, Duane Cox wrote: >> List: >>

Re: help with DHCP server functionality

On Fri, Nov 2, 2012 at 3:19 AM, Duane Cox wrote: > List: > > Hello. I have been working on this for a few days and have turned here > for help. > > The server is listening on port 67 and when a DHCP packet comes in the > server processes it, but in debug mode it give a

help with DHCP server functionality

List: Hello. I have been working on this for a few days and have turned here for help. The server is listening on port 67 and when a DHCP packet comes in the server processes it, but in debug mode it give an error "No Pool-Name defined". I have done some reading and I have added the

RE: Query help

Magic thank you this has sorted the problem with excellent results. Please tell me where you would like some money to be sent as your help pointed me in the right direction. -Original Message- From: freeradius-users-bounces+jonathan.bastin=peerpointinternet.co.uk@lists.freer adius.org

Re: Query help

On 10/12/2012 09:16 AM, Jonathan Bastin wrote: Issue with doing it that way is you would get decimal values returned which freeradius can't deal with. As others have pointed out - that's trivially dealt with. Hell, use right-shift if you want: select limit >> 10 select quota >> 10 ...it does

Re: Query help

On Mon, Oct 15, 2012 at 7:35 AM, Fajar A. Nugraha wrote: > If yes, it should be MUCH quicker to simply do the comparison INSIDE > the sql statement. Something like (untested, should work for mysql): > > if ("%{sql: ( (SELECT radgroupcheck.value FROM radusergroup Inner Join > radgroupcheck ON radus

Re: Query help

On Fri, Oct 12, 2012 at 3:16 PM, Jonathan Bastin wrote: > Issue with doing it that way is you would get decimal values returned which > freeradius can't deal with. > > I am posting a bounty of $200 Good to hear that. Hopefuly someone will be able to help you. > to someone

Re: Query help

On 12 Oct 2012, at 09:16, Jonathan Bastin wrote: > Issue with doing it that way is you would get decimal values returned which > freeradius can't deal with. > So use round()... http://www.w3schools.com/sql/sql_func_round.asp -Arran - List info/subscribe/unsubscribe? See http://www.freeradiu

RE: Query help

users@lists.freeradius.org Subject: Re: Query help On 10/10/12 15:25, Jonathan Bastin wrote: > To me it looks like the value is wrapping. Is this due to that even > the interpreter in the site config file is 32-bit only. If this is the > case I presume my only resort it perl. If this is the case c

Re: Query help

On 10/10/12 15:25, Jonathan Bastin wrote: To me it looks like the value is wrapping. Is this due to that even the interpreter in the site config file is 32-bit only. If this is the case I presume my only resort it perl. If this is the case could someone help me convert this? You could divide

RE: Query help

@lists.freer adius.org [mailto:freeradius-users-bounces+jonathan.bastin=peerpointinternet.co.uk@lis ts.freeradius.org] On Behalf Of Alan DeKok Sent: 10 October 2012 15:36 To: FreeRadius users mailing list Subject: Re: Query help Jonathan Bastin wrote: > To me it looks like the value is wrapping.

Re: Query help

Jonathan Bastin wrote: > To me it looks like the value is wrapping. Is this due to that even the > interpreter in the site config file is 32-bit only. Yes. All numbers in RADIUS are 32-bit. I think v3 will extend the internal code in the server to use 64-bit numbers. Alan DeKok. - List i

RE: Query help

cket id: 4 ++[sql] returns ok [attr_filter.access_reject] expand: %{User-Name} -> 0208...@peerpointinternet.co.uk attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 3 for 1 seconds Going to the next request Waking up in 0

Re: Query help

On 10/10/12 14:23, Jonathan Bastin wrote: I have been looking at this further am I am having trouble finding the answer. Is anyone able to point me into the right direction. You might find it a bit easier to debug if you perform the two SQL queries (for the quota, and the current limit) separ

RE: Query help

list' Subject: RE: Query help This is the full dump I get rad_recv: Access-Request packet from host 193.000.221.00 port 1645, id=213, length=141 Framed-Protocol = PPP User-Name = "02085000...@peerpointinternet.co.uk" CHAP-Password = 0x045f3e13da52ac

RE: Query help

urns noop Sending Access-Accept of id 213 to 193.000.221.00 port 1645 Framed-Protocol = PPP Framed-Compression = Van-Jacobson-TCP-IP Framed-IP-Address = 193.000.221.00 Service-Type = Framed-User Framed-MTU = 1500 Cisco-AVPair = "ip:dns-server

Re: Query help

CURDATE())DAY));}") returns ok > > *It doesn’t actualy update the reply biased on what the outcome is of > the SQL query. Any help would be very much appreciated.* a) you're using "radiusd -xX". That's not necessary. Just use "radiusd -X" b)

Query help

acct WHERE UserName='%{User-Name}' AND AcctStartTime > (DATE_SUB(CURDATE(),INTERVAL DAYOFMONTH(CURDATE())DAY));}") returns ok It doesn't actualy update the reply biased on what the outcome is of the SQL query. Any help would be very much appreciated. --

Re: help - simultaneous accounting

On 2012/10/09 02:21 AM, 劉君羿 wrote: I am using *Chillispot* on my NAS. But it doesn't seem to support CoA. Can you suggest other AP controllers? By the way, I though concurrent accounting was a feature that should be supported. I wonder why it's not supported by the major AAA protocols. Afaik c

Re: help - simultaneous accounting

Sorry, my fault.. I just take a look at ChilliSpot radius.h, and there's code about coa. Thank you! 2012/10/9 Fajar A. Nugraha > On Tue, Oct 9, 2012 at 7:21 AM, 劉君羿 wrote: > > I am using Chillispot on my NAS. But it doesn't seem to support CoA. > > Really? How did you determine that? > > > Can

Re: help - simultaneous accounting

On Tue, Oct 9, 2012 at 7:21 AM, 劉君羿 wrote: > I am using Chillispot on my NAS. But it doesn't seem to support CoA. Really? How did you determine that? > Can you > suggest other AP controllers? http://lmgtfy.com/?q=chillispot%20coa%20disconnect See top result -- Fajar - List info/subscribe/uns

Re: help - simultaneous accounting

I am using *Chillispot* on my NAS. But it doesn't seem to support CoA. Can you suggest other AP controllers? By the way, I though concurrent accounting was a feature that should be supported. I wonder why it's not supported by the major AAA protocols. - List info/subscribe/unsubscribe? See http://w

Re: help - simultaneous accounting

劉君羿 wrote: > I want to allow simultaneous use of accounts. > However, *RFC 2866 *says that the* Acct-Session-Time* > > can only be present in Accounting-Request records where the > Acct-Status-Type is set to Stop [Page 17] > > > Does this mean that RADIUS protocol can not manage simult

Re: help - simultaneous accounting

On Sat, Oct 6, 2012 at 2:38 PM, 劉君羿 wrote: > I want to allow simultaneous use of accounts. > However, RFC 2866 says that the Acct-Session-Time >> >> can only be present in Accounting-Request records where the >> Acct-Status-Type is set to Stop [Page 17] > Look for "Interim Accounting Updates". P

help - simultaneous accounting

I want to allow simultaneous use of accounts. However, *RFC 2866 *says that the* Acct-Session-Time* > can only be present in Accounting-Request records where the > Acct-Status-Type is set to Stop [Page 17] Does this mean that RADIUS protocol can not manage simultaneous use of an account? For ex

Re: Help with 802.1x Certificate

You have three possible issues. 1). You need to chain all of the certs into one file. 2). MS requires that the cert have a "special purpose". This is documented and needs to be included in the CSR. BS, but that's MS for you. 3). MS might not like wild cards. Not sure about this but it may be

Re: Help with 802.1x Certificate

Tyller D wrote: > Is there a reason for that? Godaddy is in the list of servers to > validate against? Because Windows has certain magical requirements on certificates. If the godaddy cert doesn't have them, authentication will fail. Alan DeKok. - List info/subscribe/unsubscribe? See http://

Re: Help with 802.1x Certificate

On 14/09/12 15:38, Tyller D wrote: On Fri, Sep 14, 2012 at 4:07 PM, Alan DeKok mailto:al...@deployingradius.com>> wrote: Tyller D wrote: > I have everything configured and working when I disabled "validate > server Certificate" on windows. > I have a wildcard certificate pur

Re: Help with 802.1x Certificate

On Fri, Sep 14, 2012 at 4:07 PM, Alan DeKok wrote: > Tyller D wrote: > > I have everything configured and working when I disabled "validate > > server Certificate" on windows. > > I have a wildcard certificate purchased from godaddy.com. > > I'm not sure that will work. > Is there a reason for

Re: Help with 802.1x Certificate

Tyller D wrote: > I have everything configured and working when I disabled "validate > server Certificate" on windows. > I have a wildcard certificate purchased from godaddy.com. I'm not sure that will work. > I had a problem when using it with apache as I had to add the > intermediate chain in

Re: Help with 802.1x Certificate

On 14/09/12 14:46, Tyller D wrote: Hi all, I would like to use FreeRadius to do 802.1x EAP-PEAP for wireless users. I have everything configured and working when I disabled "validate server Certificate" on windows. I have a wildcard certificate purchased from godaddy.com .

Help with 802.1x Certificate

Hi all, I would like to use FreeRadius to do 802.1x EAP-PEAP for wireless users. I have everything configured and working when I disabled "validate server Certificate" on windows. I have a wildcard certificate purchased from godaddy.com. I had a problem when using it with apache as I had to add

Re: Help needed configuring MAB on FreeRADIUS and Cisco switch

site FAQ/Wiki etc.... I just wish it was easier > so that I didn't need to look as bad as I do already :-( > > > Regards, > > > Kaya Finally I got everything working. Thanks so much Alan for all your help in this :-) I overconfig'ed the switch and managed

Re: Help needed configuring MAB on FreeRADIUS and Cisco switch

On Thu, Jul 19, 2012 at 11:02 AM, alan buxey wrote: > Hi, > >> I am even considering an upgrade of IOS to version 15.0 (if my switch >> will run it) as older IOS images tend to occassionally have issues >> with certain things I have found?? > > havr been happily doing MAB and 802.1x on cisco switc

Re: Help needed configuring MAB on FreeRADIUS and Cisco switch

Hi, > I am even considering an upgrade of IOS to version 15.0 (if my switch > will run it) as older IOS images tend to occassionally have issues > with certain things I have found?? havr been happily doing MAB and 802.1x on cisco switches running 12.1 and 12.2 as well as 15. FreeRADIUS , from y

Re: Help needed configuring MAB on FreeRADIUS and Cisco switch

On Thu, Jul 19, 2012 at 10:20 AM, alan buxey wrote: > Hi, > >> radius-server dead-criteria time 30 tries 3 >> radius-server host 10.0.0.90 auth-port 1812 acct-port 1813 non-standard key >> pass >> radius-server retransmit 6 >> radius-server timeout 10 >> radius-server vsa send accounting >> radiu

Re: Help needed configuring MAB on FreeRADIUS and Cisco switch

Hi, > radius-server dead-criteria time 30 tries 3 > radius-server host 10.0.0.90 auth-port 1812 acct-port 1813 non-standard key > pass > radius-server retransmit 6 > radius-server timeout 10 > radius-server vsa send accounting > radius-server vsa send authentication > > > interface GigabitEther

Re: Help needed configuring MAB on FreeRADIUS and Cisco switch

> > > So now for my Cisco lines I have this: > > > radius-server dead-criteria time 30 tries 3 > radius-server host 10.0.0.90 auth-port 1812 acct-port 1813 non-standard key > pass > radius-server retransmit 6 > radius-server timeout 10 > radius-server vsa send accounting > radius-server vsa send a

Re: Help needed configuring MAB on FreeRADIUS and Cisco switch

On Tue, Jul 17, 2012 at 2:55 PM, Kaya Saman wrote: > [...] >> # cat users | more >> 0015c5537baa Cleartext-Password := "0015c5537baa" >> Tunnel-Type:0 = VLAN, >> Tunnel-Medium-Type:0 = IEEE-802, >> Tunnel-Private-Group-Id:0 = "3", >> Tunnel-Preference = 0x0

Re: Help needed configuring MAB on FreeRADIUS and Cisco switch

[...] > # cat users | more > 0015c5537baa Cleartext-Password := "0015c5537baa" > Tunnel-Type:0 = VLAN, > Tunnel-Medium-Type:0 = IEEE-802, > Tunnel-Private-Group-Id:0 = "3", > Tunnel-Preference = 0x00 > [...] I managed to figure the issue of **authentic

Re: Help needed configuring MAB on FreeRADIUS and Cisco switch

urce' of the Radius service: # find / -name users /usr/bin/users /etc/selinux/targeted/contexts/users /etc/raddb/users /var/www/daloradius/contrib/configs/freeradius-1.1.7/cfg1/freeradius/users Will disabling SElinux help, could that be blocking things as it usually does with TFTP??? Regar

Re: Help needed configuring MAB on FreeRADIUS and Cisco switch

Kaya Saman wrote: >>There is a file in the "raddb" directory named "users". > > I **DID** do this... !! You didn't SAY that. You were told to edit the "users" file. Instead, you went on a long round-about adventure, looking at other files. > There's no need to be so severe as the ban

Re: Help needed configuring MAB on FreeRADIUS and Cisco switch

se to do or say to make you understand that I am not ignoring things and/or doing things at will without regard for those who **ARE** trying to help! I don't see a mysql module in there. Were you told to do things with mysql? No. The ONLY reason to ask questions on this list is t

Re: Help needed configuring MAB on FreeRADIUS and Cisco switch

Kaya Saman wrote: > On Mon, Jul 16, 2012 at 2:33 PM, alan buxey wrote: ... >> put this at the top of the 'users' file and restart the server ... > Poking around in the radiusd.conf file I checked the section modules Follow instructions or you will be unsubscribed and banned from the list. Th

Re: Help needed configuring MAB on FreeRADIUS and Cisco switch

Hi, > Poking around in the radiusd.conf file I checked the section modules > which looks like this: yes...thats just for the module config - you then need to call that module - ensure that sql is not commented out in sites-enabled/default > The modules look like so: > > raddb]# ls modules/ > a

Re: Help needed configuring MAB on FreeRADIUS and Cisco switch

On Mon, Jul 16, 2012 at 2:33 PM, alan buxey wrote: > Hi, > >> > rad_recv: Access-Request packet from host 10.0.0.1 port 1645, id=3, >> > length=162 >> > User-Name = "0015c5537baa" >> > User-Password = "0015c5537baa" > > note those 2 lines - the USer-Name is the MAC address in that

Re: Help needed configuring MAB on FreeRADIUS and Cisco switch

Hi, > > rad_recv: Access-Request packet from host 10.0.0.1 port 1645, id=3, > > length=162 > > User-Name = "0015c5537baa" > > User-Password = "0015c5537baa" note those 2 lines - the USer-Name is the MAC address in that format. the passwors is the same. > > [eap] No EAP-Message,

Re: Help needed configuring MAB on FreeRADIUS and Cisco switch

On Mon, Jul 16, 2012 at 11:47 AM, Kaya Saman wrote: > On Mon, Jul 16, 2012 at 11:03 AM, alan buxey wrote: >> Hi, >> >>> i tried this, I used 'debug radius verbose' but the log doesn't come >>> up with anything at all; just: >> >> debug mab all >> debug dot1x all >> >> >> however, you are just doi

Re: Help needed configuring MAB on FreeRADIUS and Cisco switch

On Mon, Jul 16, 2012 at 11:03 AM, alan buxey wrote: > Hi, > >> i tried this, I used 'debug radius verbose' but the log doesn't come >> up with anything at all; just: > > debug mab all > debug dot1x all > > > however, you are just doing MAB IIRC - and thats just like PAP - very basic > and > simpl

Re: Help needed configuring MAB on FreeRADIUS and Cisco switch

Hi, > i tried this, I used 'debug radius verbose' but the log doesn't come > up with anything at all; just: debug mab all debug dot1x all however, you are just doing MAB IIRC - and thats just like PAP - very basic and simple and I'm sure you also have to add 'mab' to your interface config e

Re: Help needed configuring MAB on FreeRADIUS and Cisco switch

On Mon, Jul 16, 2012 at 9:20 AM, alan buxey wrote: > Hi, > >> Issuing 'radius -X' still isn't showing anything :-( > > radiusd -X ? > > please ensure you are trying to runt he right command Sorry that was a typo!! This is the output I get when command run: radiusd: Opening IP address

Re: Help needed configuring MAB on FreeRADIUS and Cisco switch

Hi, > Issuing 'radius -X' still isn't showing anything :-( radiusd -X ? please ensure you are trying to runt he right command if you dont see anything on the output when client connection attempts are made, then you have a problem elsewhere on the network or on the NAS you could try r

Re: Help needed configuring MAB on FreeRADIUS and Cisco switch

On Fri, Jul 13, 2012 at 8:09 PM, alan buxey wrote: > Hi, > > you have defined the usual bits eg > > aaa new-model > ! > ! > aaa authentication dot1x default group radius > aaa accounting dot1x default start-stop group radius > aaa accounting dot1x system start-stop group radius > > and you've got

Re: Help needed configuring MAB on FreeRADIUS and Cisco switch

Hi, you have defined the usual bits eg aaa new-model !

Re: Help needed configuring MAB on FreeRADIUS and Cisco switch

On Fri, Jul 13, 2012 at 6:43 PM, Alan Buxey wrote: > If you get no output to screen then it doesn't matter if the RADIUS server > config is wrong as you've got problem elsewhere. Ha e you checked your > firewall on the server, I don't give answers to be randomly skipped over. To > verify you can s

Re: Help needed configuring MAB on FreeRADIUS and Cisco switch

If you get no output to screen then it doesn't matter if the RADIUS server config is wrong as you've got problem elsewhere. Ha e you checked your firewall on the server, I don't give answers to be randomly skipped over. To verify you can send radius requests from another computer..eg using radte

Re: Help needed configuring MAB on FreeRADIUS and Cisco switch

On 13/07/12 18:26, Kaya Saman wrote: On Fri, Jul 13, 2012 at 5:43 PM, Alan Buxey wrote: Hi, The very last line of startup output will say Ready to process requests If you get NOTHING else then the server is not getting any packets through to it...which is either something simple such as th

Re: Help needed configuring MAB on FreeRADIUS and Cisco switch

ed login authentication - of course I went to the MAB portion. I have attached the Cisco config to my initial posting and I know it would be off-topic here but since it is relevant I thought that maybe somebody could help :-) Regards, Kaya - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

<    1   2   3   4   5   6   7   8   9   10   >