Roberto Carna wrote:
Dear, sorry for my confusion...I need to do te following:
1) Autehnticate and authorize users accesing switches through TELNET
and/or HTTP
2) Authenticate and authorize users accesing Linux servers through SSH
You're about 2 steps removed from RADIUS.
First, find
Dear, sorry for my confusion...I need to do te following:
1) Autehnticate and authorize users accesing switches through TELNET and/or
HTTP
2) Authenticate and authorize users accesing Linux servers through SSH
Thanks again.
Roberto
2013/5/9 Edvin Seferovic | Kolpinghaus St. Pölten
Dear Matt, my second question is:
If I have to authenticate Linux boxes and switches against Freeradius, do I
have to use libpam-radius-auth for both devices or what ???
Thanks again,
Roberto
2013/5/8 Matt Zagrabelny mzagr...@d.umn.edu
On Wed, May 8, 2013 at 3:26 PM, Roberto Carna
You need to rephrase your question. Do you want to:
a.) authenticate and authorize users accessing the console of your switch?
b.) authenticate a machine/user connected to a port of a switch (MAC
auth or 801.x)
c.) Linux boxes are machines... see B
d.) authenticate users accessing the boxes...
On Wed, May 8, 2013 at 3:26 PM, Roberto Carna robertocarn...@gmail.com wrote:
Dear, I'm new at Freeredius as an AAA sever in a Linux box and I need to
authenticate Allied switches and Debian/Centos boxes.
What package/module do I have to install in adition to freeradius ???
For the Debian
Hello Alan,
Thank you for your answer.
I may have not understood what you wrote.
I replaced in /etc/raddb/sql/mysql/dialup.conf
sql_user_name = '%{Stripped-User-Name}'
by
sql_user_name = '%{User-Name}'
Hello lsclrstd,
I have created a second user testuser2 with the
Mik J wrote:
I finally solved my problem. My dialup.conf was empty with the exception of
the statement I added. And dialup.conf is supposed to have some sql queries
inside.
For the test to work, the password should be 'Password' and not
'Cleartext-Password'
NO. ABSOLUTELY NOT.
Hi,
[sql] expand: %{Stripped-User-Name} -
[sql] sql_set_user escaped user -- ''
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: -
[sql] Error generating query; rejecting user
rlm_sql (sql): Released sql socket id: 3
++[sql] returns fail
Stripped-User-Name not populated - so a
[sql] expand: %{Stripped-User-Name} -
[sql] sql_set_user escaped user -- ''
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: -
[sql] Error generating query; rejecting user
rlm_sql (sql): Released sql socket id: 3
++[sql] returns fail
Stripped-User-Name not populated -
[sql] expand: %{Stripped-User-Name} -
[sql] sql_set_user escaped user -- ''
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: -
[sql] Error generating query; rejecting user
rlm_sql (sql): Released sql socket id: 3
++[sql] returns fail
Stripped-User-Name not
Hi,
[sql] expand: %{User-Name} - testuser
[sql] sql_set_user escaped user -- 'testuser'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: -
[sql] Error generating query; rejecting user
seems fair enough - there is no expansion for the query - so I would
now check your
Philippe Schwarz wrote:
Ok, but it's useless only; i can keep it that way , right ?
useless means confusing, unnecessary, and extra work.
You should delete it.
.. Failed to authenticate the user.
You didn't specify a password for the user.
Oh! I should have read more carefully..
I
Philippe Schwarz wrote:
I set up the following config, tried to follow the advices of freeradius
website (don't touch anything you could break in the raddb directory ;-) )
That's good.
The config (in french, sorry) i used :
http://www.openbsd-edu.net/index.php/FreeRadius
Hmm.. that
Le 04/05/2010 19:05, Alan DeKok a écrit :
Philippe Schwarz wrote:
The config (in french, sorry) i used :
http://www.openbsd-edu.net/index.php/FreeRadius
Hmm.. that doesn't look all correct. The certificate stuff isn't
necessary in 2.1.3.
Ok, but it's useless only; i can keep it that way
Gary Gatten wrote:
I have several different type's of clients/NAS's that will be using FR
as the Front End to perform AAA - mostly Authentication, but the Author
and Acct are close behind.
Use virtual servers. See raddb/sites-available/README
Anyway, each of these clients need to perform
@lists.freeradius.org
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Sat Aug 29 04:02:03 2009
Subject: Re: BASIC question, but still having conceptual issues
Gary Gatten wrote:
I have several different type's of clients/NAS's that will be using FR
as the Front End
$hit - I just remembered.
Eventually the Type 1 devices, specifically network switches, will be
doing two different types of auth: vty access for admins only and 802.1x
auth for all users! So, I can't process simply on NAS IP alone. I'm
assuming there will be some diffs in the request packets
Eventually the Type 1 devices, specifically network switches, will be
doing two different types of auth: vty access for admins only and 802.1x
auth for all users! So, I can't process simply on NAS IP alone. I'm
assuming there will be some diffs in the request packets sent to FR for
vty,
Hi,
I have put perl as a module in my radiusd.conf file.
I don't file the rlm_perl*.so file in /usr/local/lib/ where all the other
rlm_*.so files are located.
What am I missing?
have you edited experimental.conf to enable PERL and have
you included this file in the radiusd.conf or
On Dec 17, 2008, at 11:54 PM, al pat wrote:
I am trying to use perl module, but when I can't start my server.
I have put perl as a module in my radiusd.conf file.
I don't file the rlm_perl*.so file in /usr/local/lib/ where all the
other rlm_*.so files are located.
What am I missing?
Hi -
Thanks for the replies. I put libperl-dev and that worked.
Rgds
-a
On Thu, Dec 18, 2008 at 4:42 AM, Boian Jordanov bjorda...@orbitel.bgwrote:
On Dec 17, 2008, at 11:54 PM, al pat wrote:
I am trying to use perl module, but when I can't start my server.
I have put perl as a module in my
Doc. Caliban wrote:
All of our public workstations are on this interface so the machines are
verified at the proxy. Now I just need to get the RADIUS piece in place
to validate the users. IPCop can require RADIUS authentication on top
of the MAC filter.
So... how does it do that? EAP?
On 10/31/07, Doc. Caliban [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED]
IPCop is actually pretty good for this as it uses one of it's
interfaces for wireless access based on granting each node specific
access by MAC, but it can be any network node, it doesn't have to be a
wireless device.
Alan DeKok wrote:
Doc. Caliban wrote:
All of our public workstations are on this interface so the machines are
verified at the proxy.
So... how does it do that?
IPCop, the network router, is the NAS in this case.
It has 3 interfaces, the WAN, LAN, and WiFi Access. (Known in
[EMAIL PROTECTED] wrote:
PS. Time to go to bed.
I know the feeling!
Thanks for all the info on doing this properly. You've no doubt saved
me a bunch of time and frustration.
-Doc
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jon Reynolds wrote:
Also, uncheck the Authenticate as computer when information is
available and Enable Fast Reconnect, the latter will drive you
crazy because it will keep resetting your settings back to default.
Jon
Perfect, thank you!
-Doc
-
List info/subscribe/unsubscribe? See
YvesDM wrote:
Alternativley you could install the copspot plugin on ipcop (
http://www.ban-solms.de/t/IPCop-copspot.html )
It implements chillispot and gives you a captive portal which can
talk to you radius for AAA.
Kind regards
Yves
That's a great suggestion,
On 10/31/07, Doc. Caliban [EMAIL PROTECTED] wrote:
YvesDM wrote:
Alternativley you could install the copspot plugin on ipcop (
http://www.ban-solms.de/t/IPCop-copspot.html )
It implements chillispot and gives you a captive portal which can talk
to you radius for AAA.
Kind regards
YvesDM wrote:
Strange, according to the copspot link I've sent you it uses https.
(on non-standard port)
I never used ipcop myself though.
Kind regards
Yves
Oh, weird. It must be in the details somewhere. That's the page I'd
looked at and this line had caught my eye:
Currently the
On 10/31/07, Doc. Caliban [EMAIL PROTECTED] wrote:
YvesDM wrote:
Strange, according to the copspot link I've sent you it uses https. (on
non-standard port)
I never used ipcop myself though.
Kind regards
Yves
Oh, weird. It must be in the details somewhere. That's the page I'd
You haven't configured PEAP in eap.conf. You need to configure tls and
peap sections. You will also need a server certificate and to export
root certificate to XP clients (if you are signing them yourself). Read
instructions in eap.conf, /scripts, wiki (about EAP) and howto for AD
integration
Doc. Caliban wrote:
I hate to ask this, but I'm running out of time on this project and I'm
completely new to RADIUS. I would be really happy if someone could just
point me to a detailed HOW TO for what I need.
http://www.freeradius.org/doc/EAPTLS.pdf
You need EAP-TLS to do PEAP.
I
Hmm... All good info, but it makes me wonder if I'm going about this the
best way.
This is my goal:
Wireless users and desktop computers on the same subnet (IPCop Blue, for
those keeping score at home) will need to log in with a user name and
password, which are kept on the MySQL server.
I
This is my goal:
Wireless users and desktop computers on the same subnet (IPCop Blue, for
those keeping score at home) will need to log in with a user name and
password, which are kept on the MySQL server.
Hm, don't know much about IPCop but I would have some doubts about it
authenticating
[EMAIL PROTECTED] wrote:
Hm, don't know much about IPCop but I would have some doubts about it
authenticating wired users on a local network.
IPCop is actually pretty good for this as it uses one of it's interfaces
for wireless access based on granting each node specific access by MAC,
but
IPCop can require RADIUS authentication on top of the MAC filter.
Fine. Enable it then. I assume it uses 802.1x for wired too.
I just need to find the easiest way possible for my users to deal with the
RADIUS piece of the model.
Simplest thing for your users with Win XP/Vista would be PEAP.
PS. Time to go to bed.
Clear the Automatically use Windows logon blah, blah box.
Confirm everything and you are done.
Ivan Kalik
Kalik Informatika ISP
Dana 31/10/2007, Doc. Caliban [EMAIL PROTECTED] piše:
[EMAIL PROTECTED] wrote:
Hm, don't know much about IPCop but I would have some
[EMAIL PROTECTED] wrote:
PS. Time to go to bed.
Clear the Automatically use Windows logon blah, blah box.
Confirm everything and you are done.
Ivan Kalik
Kalik Informatika ISP
Also, uncheck the Authenticate as computer when information is
available and Enable Fast Reconnect, the latter
PS. Oops, sent mail too early.
Authentication method should be EAP-MSCHAPv2/click on Configure button/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Rainer Brinkmann [EMAIL PROTECTED] wrote:
we wonder, how a freeradius can request a client to use a fixed EAP-Method:
so its defined:
Client starts with EAP-Start-Msg
Radius wants EAP-Identity
Client answers with Username or Hostname NOT using a special EAP-Method
That isn't how EAP works.
On 29 Jun 2006, at 17:23, Rainer Brinkmann wrote:
Hello,
we wonder, how a freeradius can request a client to use a fixed EAP-
Method:
so its defined:
Client starts with EAP-Start-Msg
Radius wants EAP-Identity
Client answers with Username or Hostname NOT using a special EAP-
Method
Radius
Rainer Brinkmann wrote:
Hello,
we wonder, how a freeradius can request a client to use a fixed EAP-Method:
so its defined:
Client starts with EAP-Start-Msg
Radius wants EAP-Identity
Client answers with Username or Hostname NOT using a special EAP-Method
Radius now starts communiucating with
Ah. The include line in raddb/dictionary was wrong (pointing to the
dictionary directory, not dictionary/dictionary). Auth-Type := Accept seems
to be working now, so hopefully I can manage it from here (if not, I'm sure
you'll hear from me again).
Thanks a ton!
Alan DeKok wrote:
Geoff Silver
Geoff Silver [EMAIL PROTECTED] wrote:
Forgive me if I'm missing something incredibly obvious, but I absolutely can't
get auth to work. ever. For starters, here's what I see when running
'radiusd -AX':
rad_recv: Access-Request packet from host 127.0.0.1:34193, id=136, length=61
tonix (Antonio Nati) [EMAIL PROTECTED] wrote:
Or does radtest just test autentication without
bothering with accounting or other logging informations?
Read the documentation for radtest. It answers your question.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Gingell, Shane [EMAIL PROTECTED] wrote:
I have just installed Free-Radius for my first time as a
previous FUNK user and I am having stupid errors when testing initial
authentication. Here is hat is happeneing: Any help is greatly
appreciated.
Run the server in debugging mode as
Update:
before freeRADIUS states that message, it gives me an certificate:
unsupported purpose message.
Problem solved.
The client certificate needed to be signed as a client certificate (not just
simply signed).
with an additional file named 'ext' containing
[ client ]
extendedKeyUsage =
Martin Olsson wrote:
The length field is 16-bit, but is it big-endian or little-endian? If
i receive the two bytes for the length as AB should I use the value
256*A+B or should I use the value A+B*256?
You can just convert your short int from host-byte-order to
network-byte-order using the
Before I go jumping off the deep end, what OS would be the best and
easiest to
use for Free Radius?
Fedora Core 2
FreeBSD
Debian
Mandrake
Or ???
I'm a linux and Freeradius newbie and I'm using Freeradius for two month
on a mandrake 9.2, it's not to hard to congigure and it works very
Joel Eddy [EMAIL PROTECTED] wrote:
Before I go jumping off the deep end, what OS would be the best and easiest to
use for Free Radius?
I'm partial to NetBSD, but that's just me.
For most purposes, it doesn't rally matter. Use what you're
familiar with.
Alan DeKok.
-
List
On Sat, 8 May 2004, Michael Markstaller wrote:
Mark,
I'm in a similar process right now, setting up a new radius-environment
all running on Debian Woody consolidating three old servers.
I'm planning to use dialup-admin for individual users to see
their account-status and customer-admins to
On Sat, 8 May 2004, Mark Constable wrote:
I'm just starting out with changing over from xtRadius to
freeRadius and testing things for the next few days. I'll be
looking hard at dialup_admin and just now I've got it up on
my own test box and I can see there are a few basic and obvious
mods
52 matches
Mail list logo