On Thu, Jul 19, 2012 at 11:28 AM, Kaya Saman wrote:
> On Thu, Jul 19, 2012 at 11:02 AM, alan buxey wrote:
>> Hi,
>>
>>> I am even considering an upgrade of IOS to version 15.0 (if my switch
>>> will run it) as older IOS images tend to occassionally have issues
>>> with certain things I have found
On Thu, Jul 19, 2012 at 11:02 AM, alan buxey wrote:
> Hi,
>
>> I am even considering an upgrade of IOS to version 15.0 (if my switch
>> will run it) as older IOS images tend to occassionally have issues
>> with certain things I have found??
>
> havr been happily doing MAB and 802.1x on cisco switc
Hi,
> I am even considering an upgrade of IOS to version 15.0 (if my switch
> will run it) as older IOS images tend to occassionally have issues
> with certain things I have found??
havr been happily doing MAB and 802.1x on cisco switches running 12.1
and 12.2 as well as 15.
FreeRADIUS , from y
On Thu, Jul 19, 2012 at 10:20 AM, alan buxey wrote:
> Hi,
>
>> radius-server dead-criteria time 30 tries 3
>> radius-server host 10.0.0.90 auth-port 1812 acct-port 1813 non-standard key
>> pass
>> radius-server retransmit 6
>> radius-server timeout 10
>> radius-server vsa send accounting
>> radiu
Hi,
> radius-server dead-criteria time 30 tries 3
> radius-server host 10.0.0.90 auth-port 1812 acct-port 1813 non-standard key
> pass
> radius-server retransmit 6
> radius-server timeout 10
> radius-server vsa send accounting
> radius-server vsa send authentication
>
>
> interface GigabitEther
>
>
> So now for my Cisco lines I have this:
>
>
> radius-server dead-criteria time 30 tries 3
> radius-server host 10.0.0.90 auth-port 1812 acct-port 1813 non-standard key
> pass
> radius-server retransmit 6
> radius-server timeout 10
> radius-server vsa send accounting
> radius-server vsa send a
On Tue, Jul 17, 2012 at 2:55 PM, Kaya Saman wrote:
> [...]
>> # cat users | more
>> 0015c5537baa Cleartext-Password := "0015c5537baa"
>> Tunnel-Type:0 = VLAN,
>> Tunnel-Medium-Type:0 = IEEE-802,
>> Tunnel-Private-Group-Id:0 = "3",
>> Tunnel-Preference = 0x0
[...]
> # cat users | more
> 0015c5537baa Cleartext-Password := "0015c5537baa"
> Tunnel-Type:0 = VLAN,
> Tunnel-Medium-Type:0 = IEEE-802,
> Tunnel-Private-Group-Id:0 = "3",
> Tunnel-Preference = 0x00
>
[...]
I managed to figure the issue of **authentic
Hi Alan,
sorry for the mishaps yesterday..
On Mon, Jul 16, 2012 at 4:20 PM, alan buxey wrote:
[...]
>
>> By placing the entry you suggested at the top of the /etc/raddb/users
>> file and restarting the server I got this:
>
> well, no you didnt...or rather, if you did stick that in the users
Kaya Saman wrote:
>>There is a file in the "raddb" directory named "users".
>
> I **DID** do this... !!
You didn't SAY that. You were told to edit the "users" file.
Instead, you went on a long round-about adventure, looking at other files.
> There's no need to be so severe as the ban
Hi Alan,
I really do apologize for things not working and thank you for your
patience so far!
On 07/16/2012 05:31 PM, Alan DeKok wrote:
Kaya Saman wrote:
On Mon, Jul 16, 2012 at 2:33 PM, alan buxey wrote:
...
put this at the top of the 'users' file and restart the server
...
Poking a
Kaya Saman wrote:
> On Mon, Jul 16, 2012 at 2:33 PM, alan buxey wrote:
...
>> put this at the top of the 'users' file and restart the server
...
> Poking around in the radiusd.conf file I checked the section modules
Follow instructions or you will be unsubscribed and banned from the list.
Th
Hi,
> Poking around in the radiusd.conf file I checked the section modules
> which looks like this:
yes...thats just for the module config - you then need
to call that module - ensure that sql is not commented out in
sites-enabled/default
> The modules look like so:
>
> raddb]# ls modules/
> a
On Mon, Jul 16, 2012 at 2:33 PM, alan buxey wrote:
> Hi,
>
>> > rad_recv: Access-Request packet from host 10.0.0.1 port 1645, id=3,
>> > length=162
>> > User-Name = "0015c5537baa"
>> > User-Password = "0015c5537baa"
>
> note those 2 lines - the USer-Name is the MAC address in that
Hi,
> > rad_recv: Access-Request packet from host 10.0.0.1 port 1645, id=3,
> > length=162
> > User-Name = "0015c5537baa"
> > User-Password = "0015c5537baa"
note those 2 lines - the USer-Name is the MAC address in that format. the
passwors is
the same.
> > [eap] No EAP-Message,
On Mon, Jul 16, 2012 at 11:47 AM, Kaya Saman wrote:
> On Mon, Jul 16, 2012 at 11:03 AM, alan buxey wrote:
>> Hi,
>>
>>> i tried this, I used 'debug radius verbose' but the log doesn't come
>>> up with anything at all; just:
>>
>> debug mab all
>> debug dot1x all
>>
>>
>> however, you are just doi
On Mon, Jul 16, 2012 at 11:03 AM, alan buxey wrote:
> Hi,
>
>> i tried this, I used 'debug radius verbose' but the log doesn't come
>> up with anything at all; just:
>
> debug mab all
> debug dot1x all
>
>
> however, you are just doing MAB IIRC - and thats just like PAP - very basic
> and
> simpl
Hi,
> i tried this, I used 'debug radius verbose' but the log doesn't come
> up with anything at all; just:
debug mab all
debug dot1x all
however, you are just doing MAB IIRC - and thats just like PAP - very basic and
simple and I'm sure you also have to add 'mab' to your interface config e
On Mon, Jul 16, 2012 at 9:20 AM, alan buxey wrote:
> Hi,
>
>> Issuing 'radius -X' still isn't showing anything :-(
>
> radiusd -X ?
>
> please ensure you are trying to runt he right command
Sorry that was a typo!!
This is the output I get when command run:
radiusd: Opening IP address
Hi,
> Issuing 'radius -X' still isn't showing anything :-(
radiusd -X ?
please ensure you are trying to runt he right command
if you dont see anything on the output when client connection attempts are made,
then you have a problem elsewhere on the network or on the NAS you could
try r
On Fri, Jul 13, 2012 at 8:09 PM, alan buxey wrote:
> Hi,
>
> you have defined the usual bits eg
>
> aaa new-model
> !
> !
> aaa authentication dot1x default group radius
> aaa accounting dot1x default start-stop group radius
> aaa accounting dot1x system start-stop group radius
>
> and you've got
Hi,
you have defined the usual bits eg
aaa new-model
!
On Fri, Jul 13, 2012 at 6:43 PM, Alan Buxey wrote:
> If you get no output to screen then it doesn't matter if the RADIUS server
> config is wrong as you've got problem elsewhere. Ha e you checked your
> firewall on the server, I don't give answers to be randomly skipped over. To
> verify you can s
If you get no output to screen then it doesn't matter if the RADIUS server
config is wrong as you've got problem elsewhere. Ha e you checked your firewall
on the server, I don't give answers to be randomly skipped over. To verify you
can send radius requests from another computer..eg using radte
On 13/07/12 18:26, Kaya Saman wrote:
On Fri, Jul 13, 2012 at 5:43 PM, Alan Buxey wrote:
Hi,
The very last line of startup output will say
Ready to process requests
If you get NOTHING else then the server is not getting any packets through
to it...which is either something simple such as th
On Fri, Jul 13, 2012 at 5:43 PM, Alan Buxey wrote:
> Hi,
>
>
> The very last line of startup output will say
>
> Ready to process requests
>
>
> If you get NOTHING else then the server is not getting any packets through
> to it...which is either something simple such as the built in firewall of
>
Hi,
The very last line of startup output will say
Ready to process requests
If you get NOTHING else then the server is not getting any packets through to
it...which is either something simple such as the built in firewall of cents
(edit the firewall using your favourite method to allow UDP 1
On Fri, Jul 13, 2012 at 5:35 PM, Alan Buxey wrote:
> radiusd -X
>
>
> ...will print all output to the terminal it wad run in. That will show you
> the workings
>
> alan
>
Yep, I did suggest this previously that I used this.
It doesn't show anything at all apart from claiming that RADIUS
radiusd -X
...will print all output to the terminal it wad run in. That will show you the
workings
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I've created a server running CentOS 6.2 and FreeRADIUS 2.1.10-5. I
also have installed the latest DaloRADIUS on the system to provide a
web UI since ultimately that is where people will be provisioning
systems from of which I believe it is installed correctly.
I also have a Cisco 3560G swit
30 matches
Mail list logo
