On 10/10/13 18:32, Phil Mayers wrote:
I've just ported our config to 3.0 and I'm seeing a few error messages;
they don't seem to be critical but are concerning me.
Specifically I'm seeing:
We're also getting:
Info: Invalid operator for item Sql-Group: reverting to '=='
...which is logged to
On 10 Oct 2013, at 18:32, Phil Mayers p.may...@imperial.ac.uk wrote:
I've just ported our config to 3.0 and I'm seeing a few error messages; they
don't seem to be critical but are concerning me.
Specifically I'm seeing:
ERROR: Conditional evaluation failed due to internal sanity
On 10/10/13 18:51, Arran Cudbard-Bell wrote:
possibly if (outer.request
Hmm, no same thing, and worse it's squashing Module-Failure-Message :o(
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Phil Mayers wrote:
I've just ported our config to 3.0 and I'm seeing a few error messages;
they don't seem to be critical but are concerning me.
Specifically I'm seeing:
ERROR: Conditional evaluation failed due to internal sanity check.
That should be fixed. Either it can be deleted,
On 10 Oct 2013, at 22:23, Alan DeKok al...@deployingradius.com wrote:
Phil Mayers wrote:
I've just ported our config to 3.0 and I'm seeing a few error messages;
they don't seem to be critical but are concerning me.
Specifically I'm seeing:
ERROR: Conditional evaluation failed due to
Bill Grant wrote:
I am having trouble starting freeradius at boot on CentOS 6.4. It starts, but
it does not connect to my database; however, if run it manually from the
command the it works fine. I think there is permission issue somewhere. See
the log below:
when I run following command
To: FreeRadius users mailing list
Subject: Re: Error: rlm_sql_unixodbc: SQL down 08S01 [unixODBC][FreeTDS][SQL
Server]Unable to connect: Adaptive Server is unavailable or doesnot
exist
Bill Grant wrote:
I am having trouble starting freeradius at boot on CentOS 6.4. It starts
the problem, thanks again.
From: Bill Grant [wgr...@ebpl.org]
Sent: Saturday, May 25, 2013 8:29 PM
To: FreeRadius users mailing list
Subject: RE: Error: rlm_sql_unixodbc: SQL down 08S01 [unixODBC][FreeTDS][SQL
Server]Unable to connect: Adaptive Server
Hocine M wrote:
Hi everybody,
I always have an error in radius.log file :
Mon Feb 4 16:16:52 2013 : Error: [sql_acct] Couldn't insert SQL
accounting START record - Erreur de syntaxe pr�s de '' � la ligne 1
Don't edit the configuration files and break them.
You do understand what
On 21 Nov 2012, at 13:00, Phil Brown phil.br...@port.ac.uk wrote:
We have started seeing problems our radius server with the Error
Error: [ldap] All ldap connections are in use
We have increased the ldap_connections_number from 5 to 20 which has
largely resolved the issue.
we now
Hi,
I have just untarred the 2.2.0 tarball, and added just one line the users
file: gokul Cleartext-Password:=abcde
at the top of the file...or at the bottom? If you add it to the bottom then
other
things in the file will prevent that user from being seen/used - add your test
On 11/10/2012 03:54 AM, Shravan S G wrote:
Hi all,
I am trying to configure FreeRadius 2.2.0. I am trying to test with the
radtest utility. However, when I run radtest, on my radiusd server, I
get the following error - ERROR: No authenticate method (Auth-Type)
found for the request: Rejecting
Issue is resolved.
I was infact editing the wrong users file. I was editing the users file in
the raddb folder of the uncompressed tarball.
Thanks for the help.
Regards,
Shravan
On Sat, Nov 10, 2012 at 6:54 AM, Phil Mayers p.may...@imperial.ac.ukwrote:
On 11/10/2012 03:54 AM, Shravan S G
On 20 Sep 2012, at 12:23, Tatiana DIBANDA tdiband...@yahoo.fr wrote:
Arran,
Test for this first segmentation fault :
reading pairlist file /usr/local/etc/raddb/hints
Module: Linked to module rlm_realm
Module: Instantiating module suffix from file
/usr/local/etc/raddb/modules/realm
Use your first config to test whether the patch worked (it should generate an
error and exit).
You now appear to be getting a different segfault
Please provide a backtrace for this segfault.
-Arran
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 19 Sep 2012, at 14:33, Tatiana DIBANDA tdiband...@yahoo.fr wrote:
Arran
My first configuration:
In the default and inner-tunnel file we had eap2 {ok = return} in the
Authorize section,allowed eap2 in the authentication section and eap2 in the
post-process.
When we started my
arnauld ndefo wrote:
i want to implement the freeradius with eap-psk. In many forum it is
recommend to read the experimental.conf for configure the module eap2.
After reading the experimental.conf, i have created the file eap2.conf
which is attached to my email.
Also, in the radius.conf, i
arnauld ndefo wrote:
I am working on a project which is based on EAP_PSK and implement this
is the first part.
Which didn't answer my question.
Seems that in some part of a code, the eap2 module is not allowed.
Do you have an idea about this error please.
Since you're not going to
On 18 Sep 2012, at 13:42, arnauld ndefo ndefo2...@yahoo.fr wrote:
Thank you for your reply Alan.
I am working on a project which is based on EAP_PSK and implement this is the
first part.
As you have recommend, i have used the gdb to debug and see the problem. The
output that i have is
Hi,
Starting program: /usr/local/sbin/radiusd -f
[Thread debugging using libthread_db enabled]
Program received signal SIGSEGV, Segmentation fault.
0x080529d3 in cf_log_err (ci=0x0,
fmt=0x8085210 \%s\ modules aren't allowed in '%s' sections -- they
have no such
mailing list
freeradius-users@lists.freeradius.org
Cc : Alan DeKok al...@deployingradius.com; tatiana dibanda
tdiband...@yahoo.fr; tdibanda2...@yahoo.fr tdibanda2...@yahoo.fr
Envoyé le : Mardi 18 septembre 2012 14h58
Objet : Re: error of segmentation during the implementation of eap2
Hi
; tatiana dibanda tdiband...@yahoo.fr;
tdibanda2...@yahoo.fr tdibanda2...@yahoo.fr; Alan DeKok
al...@deployingradius.com
Envoyé le : Mardi 18 septembre 2012 15h19
Objet : Re: error of segmentation during the implementation of eap2
On 18 Sep 2012, at 13:58, alan buxey a.l.m.bu...@lboro.ac.uk wrote
Hi,
We have built the v2.1.X version. After that i have followed the
experimental.conf file to configure the eap2.conf.
The long term support release. The only changes to this code will
be minor bug fixes. All new development is done in the stable branch.
$ git clone
Hi,
Hi,
We do this before, when we started freeradius compilation.
yes - and now you have to do it again (well, just the git pull) as a patch has
been made
to the repository.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-radiusd.log
which i have attached to the mail.
Thank you
De : Alan DeKok al...@deployingradius.com
À : arnauld ndefo ndefo2...@yahoo.fr; FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Envoyé le : Mardi 18 septembre 2012 14h54
Objet : Re: error
Hi,
My project is to authenticate a client openpana with my radius server. The
authentication method used by the client is based on the EAP-PSK, which is
why I would have a radius server with authtentification method as EAP-PSK.
After apply the instruction of doc/bugs, i have got a
On 18 Sep 2012, at 15:07, arnauld ndefo ndefo2...@yahoo.fr wrote:
My project is to authenticate a client openpana with my radius server. The
authentication method used by the client is based on the EAP-PSK, which is
why I would have a radius server with authtentification method as EAP-PSK.
...@deployingradius.com; tatiana dibanda
tdiband...@yahoo.fr; tdibanda2...@yahoo.fr tdibanda2...@yahoo.fr
Envoyé le : Mardi 18 septembre 2012 17h57
Objet : Re: error of segmentation during the implementation of eap2
Hi,
My project is to authenticate a client openpana with my radius server
: Re: error of segmentation during the implementation of eap2
Hi,
Concerning the error of segmentation, we have removed in the section authorize
the part eap2{ ok = return} in the default and inner-server file. After that we
have got the output of the radiusd -X which is in the attached file
Hi,
Sorry to spam you, but we have #radtest user1 password 127.0.0.1:1812 0
testing1234 and
#radtest user1 password 127.0.0.1:18120 0 testing1234
and we have got the same result for the client
radtest doesnt send EAP packets
line user1 Auth-Type :=eap2, Cleartext-Password
As Alan B just said, radtest does not send EAP packets, no matter where you
send the RADIUS packets, to the inner tunnel or the outer tunnel, radtest
doesn't send EAP-Message.
You have hardcoded auth-type eap2 in your users file, so when the request
enters the authenticate section, the eap2
De : Arran Cudbard-Bell a.cudba...@freeradius.org
À : arnauld ndefo ndefo2...@yahoo.fr
Cc : FreeRadius users mailing list freeradius-users@lists.freeradius.org
Envoyé le : Mercredi 19 septembre 2012 0h06
Objet : Re: error of segmentation during the implementation of eap2
As Alan B just
ulimit?
-Original Message-
From: freeradius-users-bounces+jmdanner=samford@lists.freeradius.org
[mailto:freeradius-users-bounces+jmdanner=samford@lists.freeradius.org] On
Behalf Of David Peterson
Sent: Tuesday, March 06, 2012 10:04 AM
To: FreeRadius users mailing list
Subject:
David Peterson wrote:
Has anyone run across this:
Couldn't open dictionary /usr/local/share/freeradius/dictionary: Too many
open files
You edited the dictionaries and broke them.
You have a circular loop in loading the dictionaries. So the loading
process is infinite, and never
Gennaro Leo wrote:
How can I configure the freeradius to set error-cause-attributes (e.g.
401 - Unsupported Attribute) when sending a CoA-Nak after receiving an
Accounting Request?
$ man unlang
update reply {
Error-Cause = Unsupported-Attribute
}
This should go into the
Gennaro Leo wrote:
How can I configure the freeradius to set error-cause-attributes (e.g.
401 - Unsupported Attribute) when sending a CoA-Nak after receiving an
Accounting Request?
$ man unlang
update reply {
Error-Cause = Unsupported-Attribute
}
This should go into the
Gennaro Leo wrote:
I added the Attribute-Name Unsupported-Attribute in the dictionary
Did I say to do that?
and modified the send-coa subsection as you suggested. Anyway in the
dictionary the 401 code is not accepted (max 255). Can I modify this
limit?
You need to follow instructions.
Hi,
I began by saying that I am a newbie so you could expect some errors
by me. Fortunately I solved immediately.
Thank you anyway.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
McSparin, Joe wrote:
Get this error when running radiusd -X I checked my passwords in
eap.cnf, ca.cnf, server.cnf and client.cnf
rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied
rlm_eap_tls: Error reading certificate file
/usr/local/etc/raddb/certs/server.pem'
+jmcsparin=hillcountrymemorial.org@lists.freerad
ius.org
[mailto:freeradius-users-bounces+jmcsparin=hillcountrymemorial.org@lists
.freeradius.org] On Behalf Of Alan DeKok
Sent: Friday, December 30, 2011 10:22 AM
To: FreeRadius users mailing list
Subject: Re: Error Reading Certificate file
McSparin
:
freeradius-users-bounces+jmcsparin=hillcountrymemorial.org@lists.freerad
ius.org
[mailto:freeradius-users-bounces+jmcsparin=hillcountrymemorial.org@lists
.freeradius.org] On Behalf Of Alan DeKok
Sent: Thursday, December 22, 2011 5:46 PM
To: FreeRadius users mailing list
Subject: Re: Error when
On Fri, Dec 23, 2011, at 08:52, McSparin, Joe wrote:
It's a package add from FreeBSD ports. I'll try reinstalling it on
another machine and see where it puts it.
http://www.freebsd.org/cgi/cvsweb.cgi/ports/net/freeradius2/files/pkg-message.in?rev=1.2;content-type=text%2Fplain
--
Herbert
-
It's not located in the /usr/local/etc/raddb directory where my install is but
I did a search and it is located here
/usr/local/share/examples/freeradius/raddb/certs/xpextensions.
Joseph R. McSparin
Network Administrator
Hill Country Memorial Hospital
830 990 6638 phone
830 990 6623 fax
McSparin, Joe wrote:
It's not located in the /usr/local/etc/raddb directory where my install is
but I did a search and it is located here
/usr/local/share/examples/freeradius/raddb/certs/xpextensions.
Find out who created the packaged (RPM, DEB, etc.) for your system,
and file a bug. The
McSparin, Joe wrote:
It's not located in the /usr/local/etc/raddb directory where my install is
but I did a search and it is located here
/usr/local/share/examples/freeradius/raddb/certs/xpextensions.
That's weird. What OS/distro is this?
OS packages would usualy put them in
Alan,
I updated the ports tree in FreeBSD which upgraded FreeRadius to 2.1.12 from
2.1.10. After installation I am successful on doing basic PAP
Authentication. It solved this issue.
Thank You so much!
--
View this message in context:
Hi,
on server startup after reboot freeradius not start and show error
Error: /etc/freeradius/proxy.conf[667]: Failed looking up hostname
radius.easyzonecorp.net.
but when i try to start by hand /etc/init.d/freeradius start, it 's OK.
Why freeradius fail to looking up hostname only on
suggestme wrote:
I was successful to install Freeradius 2.1.10
Upgrade to 2.1.12.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Det Det wrote:
I have Activation attribute in radcheck table (which has a date VALUE)
in old RADIUS server. I don't find this attribute in FreeRADIUS. I get
this error. any idea?
What is Activation?
It's not a standard RADIUS attribute. FreeRADIUS doesn't support it.
Alan DeKok.
-
On Fri, Sep 9, 2011 at 9:50 AM, Det Det det.explo...@yahoo.com wrote:
Hi,
I have Activation attribute in radcheck table (which has a date VALUE) in
old RADIUS server. I don't find this attribute in FreeRADIUS. I get this
error. any idea?
What radius server is that?
If it's also a freeradius
yes i've passed the same issue after dialup admin installation.
but what you reporting is not an error it is only the debug info on top of
the pages that will remain there (and shows all the sql behind) until you
dont remove the sql debug in admin.conf:
# Uncomment to enable sql debug
#
Hi andreapepa,
Thanks for your answer.
If I comment back this line I only see a white screen. This is very
very weird. I've installed thousands of web apps, and almost all php
based. There's no connection error anywhere.
I tried with the php CLI and I only see the same errors from apache2
Hi,
I seem to have the same issue as described in this thread, I also have
XP/Novell legacy clients, and I want to move to AD from eDir.
Re: Error: User-Name is not the same as MS-CHAP
namehttps://lists.freeradius.org/pipermail/freeradius-users/2011-June/msg00070.html
The last mention I can see
On Jul 15, 2011, at 4:26 PM, Edge wrote:
Exec-Program output: Exec-Program: FAILED to execute
/usr/local/etc/raddb/modules/ntlm_auth: Permission denied
Exec-Program-Wait: plaintext: Exec-Program: FAILED to execute
/usr/local/etc/raddb/modules/ntlm_auth: Permission denied
Helps to actually
Exec-Program output: Exec-Program: FAILED to execute
/usr/local/etc/raddb/modules/ntlm_auth: Permission denied
Exec-Program-Wait: plaintext: Exec-Program: FAILED to execute
/usr/local/etc/raddb/modules/ntlm_auth: Permission denied
Your path to ntlm auth is wrong. You need to specify the path to
: Contents of Freeradius-Users digest...
Today's Topics:
1. Re: Error with AD/freeradius config (Arran Cudbard-Bell)
2. Re: Stripped-User-Name Problems (Re: Unmatched ( or \(, and,
?more?broadly, setting Stripped-User-Name) (Alexander Clouter)
3. RE: Error with AD/freeradius config
-4221
-Original Message-
From: freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org
[mailto:freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org] On
Behalf Of Edge
Sent: Friday, July 15, 2011 10:42 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: Error
10:53 AM
To: FreeRadius users mailing list
Subject: RE: Error with AD/freeradius config
If I may interject... if Gary's hint does not pan out I would suggest also
checking that the ntlm_auth binary is accessible to the FR daemon, I had an
issue on my box that the file permissions were correct
On 14/07/11 16:04, Edge wrote:
My /sites-enabled/default file - I have just copied the authentication
section as everything else in the file is at default settings
Not necessary or helpful. Full debug (which you didn't provide; you
trimmed the start) is what's needed.
rad_recv:
On Jul 14, 2011, at 5:18 PM, Gary Gatten wrote:
I don’t think you need braces and such, this is not as much an auth type as a
method
Try just a single line that reads: ntlm_auth
Also, I actually had to set my default auth-type to ntlm_auth. You know the
part where it says “…for
] On
Behalf Of Arran Cudbard-Bell
Sent: Thursday, July 14, 2011 10:34 AM
To: FreeRadius users mailing list
Subject: Re: Error with AD/freeradius config
On Jul 14, 2011, at 5:18 PM, Gary Gatten wrote:
I don't think you need braces and such, this is not as much an auth type as a
method
Try just
replying, please edit your Subject line so it is more specific than
Re: Contents of Freeradius-Users digest...
Today's Topics:
1. Re: Error with AD/freeradius config (Phil Mayers)
2. Re: SoH - FR 2.1.11 (Phil Mayers)
3. RE: Error with AD/freeradius config (Gary Gatten
] On
Behalf Of Edge
Sent: Thursday, July 14, 2011 11:18 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: Error with AD/freeradius config
Thanks for the quick reply Gary
I changed the /usr/local/etc/raddb/sites-enabled/default file to
# MSCHAP authentication.
Auth-Type MS-CHAP
On 14/07/11 16:34, Arran Cudbard-Bell wrote:
http://wiki.freeradius.org/NTLM+Auth+with+PAP+HOWTO
How about what I've just put there?
Needs testing, but it should work.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Subject: Re: Error with AD/freeradius config
On Jul 14, 2011, at 5:18 PM, Gary Gatten wrote:
I don’t think you need braces and such, this is not as much an auth type as a
method
Try just a single line that reads: ntlm_auth
Also, I actually had to set my default auth-type
On Jul 14, 2011, at 6:29 PM, Phil Mayers wrote:
On 14/07/11 16:34, Arran Cudbard-Bell wrote:
http://wiki.freeradius.org/NTLM+Auth+with+PAP+HOWTO
How about what I've just put there?
Neat :) Looks good. Tweaked a few bits and pieces and converted it back to RST.
I wanted this to be
On 07/14/2011 06:11 PM, Arran Cudbard-Bell wrote:
How about what I've just put there?
Neat :) Looks good. Tweaked a few bits and pieces and converted it
back to RST. I wanted this to be bundled with general AD
Back to? There was just an empty page there when I visited, or am I
missing your
On Wed, Jun 29, 2011 at 6:32 PM, Jean Carlos Oliveira Guandalini
jean.guandal...@corp.visaonet.com.br wrote:
Hello, i'm using version 1.1.8, my OS is Linux (Gentoo).
The usual response would be upgrade. 1.x is not supported anymore.
My server stop and log this:
Error: FATAL: Thread create
Unfortunately I not update a version because one module what we use was
not run correctly in newer versions
If I use Mysql(InnoDB) instead MyISAM, maybe help with table lock and
consequently better performance?
Thanks
Jean
Em 29-06-2011 10:10, Fajar A. Nugraha escreveu:
On Wed, Jun 29, 2011
On Wed, Jun 29, 2011 at 8:29 PM, Jean Carlos Oliveira Guandalini
jean.guandal...@corp.visaonet.com.br wrote:
Unfortunately I not update a version because one module what we use was
not run correctly in newer versions
That sucks :P
If I were you I'd start investing in reeimplementing that
Thank for your advices, I really think what have a problem with DB.
Because the problem only happens when have many authentication requests
simultaneously.
Thanks again.
Jean
Em 29-06-2011 10:46, Fajar A. Nugraha escreveu:
On Wed, Jun 29, 2011 at 8:29 PM, Jean Carlos Oliveira Guandalini
On 13/06/11 14:44, Angus JIANG Jian wrote:
we found the following error messages in the RADIUS log Error:
rlm_ldap: All ldap connections are in use on redhat workstation 5
OS.
Error: Discarding duplicate request from client AP1840-4:1031 - ID:
72 due to unfinished request 1017 7:05pm - Tried to
...@lists.freeradius.org] On
Behalf Of Phil Mayers
Sent: Monday, June 13, 2011 10:12 PM
To: freeradius-users@lists.freeradius.org
Subject: Re: Error: rlm_ldap: All ldap connections are in use
On 13/06/11 14:44, Angus JIANG Jian wrote:
we found the following error messages in the RADIUS log Error:
rlm_ldap: All
Jian
Sent: Monday, June 13, 2011 10:53 PM
To: FreeRadius users mailing list
Subject: RE: Error: rlm_ldap: All ldap connections are in use
Hi,
Our ldap server is Novell edirectory 8.6 , the radius is taking with
edirectory8.6.
Regards
Angus
ITU Systems
Ext: 6551
-Original Message
On 02/06/11 14:47, Francois Gaudreault wrote:
Did you have a chance to look at it?
Ironically I'm having trouble finding a windows XP install CD...
I have a link to a torrent, just send me a email at pau...@mail.com
-
List info/subscribe/unsubscribe? See
On 03/06/11 13:10, Paul Harris wrote:
On 02/06/11 14:47, Francois Gaudreault wrote:
Did you have a chance to look at it?
Ironically I'm having trouble finding a windows XP install CD...
I have a link to a torrent, just send me a email at pau...@mail.com
Or not.
I'm not downloading a
On 2011/06/03 02:15 PM, Phil Mayers wrote:
I'm not downloading a torrent of copyrighted software to fix someone else's
problem.
As long as you dont get a key, it is legal.
--
Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021) 886-7782
Before acting on
Johan Meiring wrote:
As long as you dont get a key, it is legal.
No.
This list is not the place to discuss non-FreeRADIUS software.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 03/06/11 15:09, Johan Meiring wrote:
On 2011/06/03 02:15 PM, Phil Mayers wrote:
I'm not downloading a torrent of copyrighted software to fix someone
else's
problem.
As long as you dont get a key, it is legal.
This is getting farcical...
Not picking on any one specific person here, but
Hi Phil,
What I really want to understand is, whether the check is too strict
and FreeRADIUS should be fixed, or whether Windows XP is just buggy.
I will try to check this tomorrow.
e.g. maybe the check should be:
if eap.username == mschap.username:
ok
elif not mschap.domain:
if
On 02/06/11 14:47, Francois Gaudreault wrote:
Did you have a chance to look at it?
Ironically I'm having trouble finding a windows XP install CD...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Thu, Jun 2, 2011 at 9:01 PM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 02/06/11 14:47, Francois Gaudreault wrote:
Did you have a chance to look at it?
Ironically I'm having trouble finding a windows XP install CD...
This might help:
On 05/29/2011 03:10 PM, Francois Gaudreault wrote:
Hi Phil,
On 11-05-29 6:16 AM, Phil Mayers wrote:
Ok, so as before what we're seeing is that the host is sending
STIC08862\TechRMC
...in the EAP-Identity response, but:
TechRMC
...in the MSCHAP packet (the hex above decodes to that)
This
Hi Phil,
Forget about all that. Adding Realm's and fiddling with the packet
won't help; the check is hard-coded into the mschap module as a fairly
obvious security measure.
For example - suppose I have an environment with two separate domains:
STAFF
STUDENTS
...if the mschap module did
On Mon, May 30, 2011 at 07:54:01AM -0400, Francois Gaudreault wrote:
There's no guarantee that STAFF\john and STUDENT\john at the same
person; you can't just ignore the fact that the client has changed
their username.
True. But I don't think it is possible to send a different Username in
: Re: Error: User-Name is not the same as MS-CHAP name
On Mon, May 30, 2011 at 07:54:01AM -0400, Francois Gaudreault wrote:
There's no guarantee that STAFF\john and STUDENT\john at the same
person; you can't just ignore the fact that the client has changed
their username.
True. But I don't think
Hi,
On 11-05-30 9:55 AM, Phil Mayers wrote:
On Mon, May 30, 2011 at 07:54:01AM -0400, Francois Gaudreault wrote:
There's no guarantee that STAFF\john and STUDENT\john at the same
person; you can't just ignore the fact that the client has changed
their username.
True. But I don't think it
On 05/28/2011 06:33 PM, Francois Gaudreault wrote:
Sending tunneled request
EAP-Message =
0x020700421a0207003d3187ddf68b18fb1dce4cdd5b001c06abc09a7812e4d4a1f425347de951e68fac50054fd8ff32d403fa0054656368524d43
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name
Hi Phil,
On 11-05-29 6:16 AM, Phil Mayers wrote:
Ok, so as before what we're seeing is that the host is sending
STIC08862\TechRMC
...in the EAP-Identity response, but:
TechRMC
...in the MSCHAP packet (the hex above decodes to that)
This is obviously broken, but here's where I get confused:
On 05/27/2011 09:04 PM, Francois Gaudreault wrote:
Hi,
I had a look at this issue with him since he is one of our client.
Machine authentications are working flawlessly, windows 7 authentication
as well (no hostname is sent with the username).
I honestly lost track of this issue; the guy had
Hi Phil, and Alan,
I will get you the debug output for Windows XP SP3 boxes (likely Monday).
I will summarise what we have. Basically, this is a setup where the
client is using eDirectory to authorize the users using the rlm_ldap
module. On the windows boxes, it is configured to do PEAP
Hi,
Here is the complete debug log :
rad_recv: Access-Request packet from host 10.220.30.5 port 29010,
id=194, length=179
User-Name = STIC08862\\TechRMC
NAS-IP-Address = 10.220.30.5
NAS-Port = 0
Called-Station-Id = 58-16-26-AA-F7-A1:AVAYA-RESEAU
Hi,
I had a look at this issue with him since he is one of our client. Machine
authentications are working flawlessly, windows 7 authentication as well (no
hostname is sent with the username).
The problem is when the HOSTNAME is sent along with the username under windows
XP. I tried to set a
Francois Gaudreault wrote:
We are using mschap:user-name in the LDAP filter and in the ntlm_auth
line. Again, we are *NOT* rewriting the User-Name.
We need other ideas here.
Post the debug output.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Thank's Alan, it works!
We had the same issue with python auths being serialized that we had
with pam, but running out of debug mode fixed the issue. Pam probably
would have worked if we tried that, but it was a pam_python module
anyway so it is better going directly to python.
Thanks again,
Jim Whitescarver wrote:
But, after sucessfully calling our python module the user is rejected
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Don't edit the default configuration and break it.
Below is the complete log.
Any ideas of what we may be
On Tue, May 17, 2011 at 3:08 PM, Alan DeKok al...@deployingradius.com wrote:
Jim Whitescarver wrote:
But, after sucessfully calling our python module the user is rejected
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Don't edit the default
Jim Whitescarver wrote:
The only thing we want is python authentication. I just commented out
everything else. I will start again and try to minimize edits. I am
rather clueless about the nature the minimum edits should have.
Add what you need. The default configuration *works*.
It
If the User-Name is being rewritten it is not intentional.
Now, I reinstalled from scratch, save the default configuration, join the
server to the domain, modified clients.conf, attr_rewrite, ldap, mschap and
inner-tunnel and ran diff. I can see in the debug output of the server that
User-Name =
On 05/10/2011 03:35 PM, Robert Mc Cready wrote:
If the User-Name is being rewritten it is not intentional.
Now, I reinstalled from scratch, save the default configuration, join the
server to the domain, modified clients.conf, attr_rewrite, ldap, mschap and
inner-tunnel and ran diff. I can see
1 - 100 of 620 matches
Mail list logo