Marcel Kraan wrote:
I'am marcel kraan from Holland and i have a problem with Crypt-passwords
in the mysql table.
FreeRadius is working really great with Cleartext-Password but it does
not authenticate with Crypt-password
You can't use Crypt-Password and MS-CHAP.
Yes i want to use PAP (?) but where do i change that?
into my Wifi router ? or in the Freeradius config?
On 29 jul. 2013, at 13:52, Alan DeKok al...@deployingradius.com wrote:
Marcel Kraan wrote:
I'am marcel kraan from Holland and i have a problem with Crypt-passwords
in the mysql table.
Marcel Kraan wrote:
Yes i want to use PAP (?) but where do i change that?
into my Wifi router ? or in the Freeradius config?
No.
You're doing 802.1X to the WiFi router. You *cannot* use PAP.
You cannot pick an authentication protocol and demand that everyone
use it. The AP, client PC,
I very clear understands.. thanks for the help
On 29 jul. 2013, at 14:07, Alan DeKok al...@deployingradius.com wrote:
Marcel Kraan wrote:
Yes i want to use PAP (?) but where do i change that?
into my Wifi router ? or in the Freeradius config?
No.
You're doing 802.1X to the WiFi
By default PAP, CHAP.. are enabled in FR.
You may need to change the authentication settings in your client. i.e Wifi
Router to send PAP enabled access-request.
On Mon, Jul 29, 2013 at 5:25 PM, Marcel Kraan mar...@kraan.net wrote:
Yes i want to use PAP (?) but where do i change that?
into my
On 29/07/13 12:55, Marcel Kraan wrote:
Yes i want to use PAP (?) but where do i change that?
into my Wifi router ? or in the Freeradius config?
On the client.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks… i think my wifi router does not have that option…
On 29 jul. 2013, at 14:15, Navodit Bhardwaj navodit.bhard...@gmail.com wrote:
By default PAP, CHAP.. are enabled in FR.
You may need to change the authentication settings in your client. i.e Wifi
Router to send PAP enabled
On Mon, Jul 29, 2013 at 7:39 PM, Marcel Kraan mar...@kraan.net wrote:
Thanks… i think my wifi router does not have that option…
On 29 jul. 2013, at 14:15, Navodit Bhardwaj navodit.bhard...@gmail.com
wrote:
By default PAP, CHAP.. are enabled in FR.
You may need to change the authentication
Thanks. I have a genius en202 outdoor wifi router and i don't think i can
change it to use PAP.
So i'am only able to use ClearText-Password?
If i'am wrong i will be very happy
--
Marcel Kraan
+31654378837
On 29 jul. 2013, at 15:04, Fajar A. Nugraha l...@fajar.net wrote:
On Mon, Jul
Erik Sellgren wrote:
I am trying to setup wireless authentication through my mikrotik router
using freeradius with mysql and daloradius. I have the server setup and
working, I can use NTradtest from my pc and I get Access-Accept messages
in return with my cleartext user/password, username
Here, is links to logs on pastebin service:
freeradius_debug_log (freeradius -X): http://dpaste.com/831692/
xl2tpd_debug_log (xl2tpd -D): http://dpaste.com/831693/
/etc/xl2tpd/xl2tpd.conf http://dpaste.com/831695/
/etc/ppp/options.xl2tpd http://dpaste.com/831696/
Guys, i just need another eyes
Can't help much, as I didn't set up our system, but have you tried
require authentication = no in xl2tpd.conf? You've got auth in
IPsec (one assumes), and also in PPP (CHAP; we use MSCHAPv2 for
Windows compatibility), so my understanding is you don't need it
in L2TP as well, which goes inside
Fajar A. Nugraha-2 wrote
... and then on authorize section add something like this (just for check)
if ( (request:User-Name == 00:12:23:56:78:9A)
(control:Agent-Circuit-ID != %{request:Agent-Circuit-ID}) ) {
update control {
Auth-Type := Reject
}
}
then use debug mode
Alan DeKok-2 wrote
IVB wrote:
But I don't see in debug output what exactly was returned in SQL query.
Have you tried running the SQL queries from an SQL client on the
command line?
That's why they're printed out in debugging mode: so you can see them,
and re-run them yourself.
IVB wrote:
Yes, I run queries by hand and see results as strings, non-printable chars
not printed, but attribute itself has non-zero length.
You can't put binary data into an ASCII string field.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok-2 wrote
You can't put binary data into an ASCII string field.
But that was my question!
FreeRADIUS offers following schema for radcheck table:
CREATE TABLE radcheck (
id int(11) unsigned NOT NULL auto_increment,
username varchar(64) NOT NULL default '',
attribute
IVB wrote:
But that was my question!
...
How I can put Opt82 attributes (which contains non-printable bytes) into
database to offer it later for FreeRADIUS using SELECT statement?
You don't.
The database is intended for ASCII data.
You could also edit the dictionaries to make the data
Hello Alan,
Monday, April 2, 2012, 1:59:03 PM, you wrote:
AD IVB wrote:
But that was my question!
AD ...
How I can put Opt82 attributes (which contains non-printable bytes) into
database to offer it later for FreeRADIUS using SELECT statement?
AD You don't.
Are you kidding?
AD The
Igor Belikov wrote:
AD You don't.
Are you kidding?
If you insist on going down that path, you'll be unsubscribed and
banned. I'm tried of people who can't read the documentation, and who
use that ignorance to put me down.
Do you mean that FreeRADIUS can't accept non-ASCII data from
Hello Alan,
Monday, April 2, 2012, 2:53:15 PM, you wrote:
AD2vF Igor Belikov wrote:
AD You don't.
Are you kidding?
AD2vF If you insist on going down that path, you'll be unsubscribed and
AD2vF banned. I'm tried of people who can't read the documentation, and who
AD2vF use that
IVB wrote:
Hello Alan,
Yes, I will be very happy to read how to represent 'octets' data in
DB. And I ask about this several times. I don't find this info in
documentation, sorry.
Please give me link to right place.
I gave you a hint, and you deleted it.
Good luck.
Alan DeKok.
-
This is incorrect:
IVB wrote
INSERT INTO
`radcheck` ( `UserName`, `Attribute`, `Value`, `op` )
VALUES
( '00:12:23:56:78:9A', 'Cleartext-Password', 'Redback', ':=' ),
( '00:12:23:56:78:9A', 'Agent-Circuit-ID', x'000403fc0001', '==' ),
( '00:12:23:56:78:9A', 'Agent-Remote-ID',
IVB wrote:
But I don't see in debug output what exactly was returned in SQL query.
Have you tried running the SQL queries from an SQL client on the
command line?
That's why they're printed out in debugging mode: so you can see them,
and re-run them yourself.
Alan DeKok.
-
List
On Fri, Mar 30, 2012 at 4:29 PM, IVB i...@is.ua wrote:
I need help.
Software: FreeRADIUS v2.1.11, MySQL v5.1.61.
Hardware: RB SE100 under SEOS-6.4.1.4-Release
BRAS sends Opt-82 related attributes in following format:
What format?
Attributes Agent-* described in radius dictionary as
Fajar A. Nugraha-2 wrote
On Fri, Mar 30, 2012 at 4:29 PM, IVB lt;ivb@gt; wrote:
I need help.
Software: FreeRADIUS v2.1.11, MySQL v5.1.61.
Hardware: RB SE100 under SEOS-6.4.1.4-Release
BRAS sends Opt-82 related attributes in following format:
What format?
Agent-Remote-Id =
Debug mode help me nothing.
When I try to connect without Agent-* attributes in DB, I see in debug
output 'User found in radcheck table' after performing check SQL. And
finally I login successfully.
When I try to connect with Agent-* attributes in DB, I don't see message
'User found in radcheck
On Fri, Mar 30, 2012 at 6:12 PM, IVB i...@is.ua wrote:
Agent-Circuit-Id = 0x000403fc0001
let's start with that one.
( '00:12:23:56:78:9A', 'Agent-Circuit-ID', x'000403fc0001', '==' ),
Does that work? Shouldn't it be something like
( '00:12:23:56:78:9A', 'Agent-Circuit-ID', 0x000403fc0001,
Fajar A. Nugraha-2 wrote
On Fri, Mar 30, 2012 at 6:12 PM, IVB lt;ivb@gt; wrote:
Agent-Circuit-Id = 0x000403fc0001
let's start with that one.
( '00:12:23:56:78:9A', 'Agent-Circuit-ID', x'000403fc0001', '==' ),
Does that work?
No. And this is the problem.
Fajar A. Nugraha-2
On Sat, Jan 28, 2012 at 3:03 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
What??
You dont need that kind of hardware for job, sure. Throwing that kind of
horsepower might fix the speed but this is a DBA question.
Look at your mysql configuration and see how it can be adjusted (my.cnf)
look
YvesDM wrote:
Just wondering, do you see performance increase using postgres instead
of mysql?
Yes.
MySQL can be higher performance than older versions of PostGreSQL, if
you don't do database writes. Newer versions of Postgres have similar
performance to MySQL, with the benefit of
On Sun, Jan 29, 2012 at 11:36 AM, Alan DeKok al...@deployingradius.comwrote:
YvesDM wrote:
Just wondering, do you see performance increase using postgres instead
of mysql?
Yes.
MySQL can be higher performance than older versions of PostGreSQL, if
you don't do database writes. Newer
Hi,
Sorry to pick into this with a short question.
Just wondering, do you see performance increase using postgres instead of
mysql?
yes. I am a postgreSQL convert. though, that said - out of the box you get
slightly better and safer performance - but you'll still have to configure
On 01/28/2012 09:57 AM, Morteza Milani wrote:
Hi,
Our company is using freeradius as a VPN authentication
authorization system. In worse-case say we would have 1 Million users. Beside
scaling our market, we are going to develop an application to analyze
users with data mining algorithms.
Dear,
i've got same problem in the first time that i use freeradius,
first of all, you need to tune your mysql ( my.cnf ) with right
optimization, you can enable slow query logging in order to check if is
mysql or freeradius problem.
when your mysql works fine, you can tune freeradius, like
On Sat, Jan 28, 2012 at 6:10 PM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 01/28/2012 09:57 AM, Morteza Milani wrote:
Hi,
Our company is using freeradius as a VPN authentication
authorization system. In worse-case say we would have 1 Million users.
Beside
scaling our market, we are
What??
You dont need that kind of hardware for job, sure. Throwing that kind of
horsepower might fix the speed but this is a DBA question.
Look at your mysql configuration and see how it can be adjusted (my.cnf) look
at the engine in use and see if you can use better..(eg innodb instead of
1 mil of users and one server... ???
Good luck...
On 1/28/2012 10:57 AM, Morteza Milani wrote:
Hi,
Currently we use a server with the following features:
* RAM: 4 GB
* Processor: 1x E8400 3.0 GHz
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
It's do-able. Though I would be worried about failover and resiliancy.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I have configured a freeradius + mysql server and i would like to use
the PEAP authentication. I have tried the EAP-TTLS and it worked fine, but
when i have tested the PEAP authentication all my requests were rejected
how are you testing this? what client are you using? your
Sorry, I was wrong. I have sent the eap.conf for my eap-ttls
authentication. But in fact , i thought that i just needed to change
the default_eap_type to peap and that's all. I have configured an
Access Point to use radius authentication and i have tested the
eap-ttls on my linux machine
Hi,
when i changed the authentication to use peap, i got the problem. I
launched the server in debug mode ( freeradius -X ) and all that i can see
is that all my requests are rejected.
i'm sorry, I've lost my ability to read minds. It would actually
be quite handy if you, for
I found the sollution some time ago.
This might be helpful for beginners like me.
The PEAP authentication is done using the site-enable/inner-tunnel virtual
server configuration by default.
So in the site-enabled/inner-tunnel in the section authorize add these:
==
sql
if
Hi,
This configuration is correctly? Nowadays, could I use this to copy acct to
a remote server?
Thanks.
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Freeradius-mysql-acct-copy-tp4272880p4942524.html
Sent from the FreeRadius - User mailing list archive at
On Thu, Oct 27, 2011 at 8:19 PM, Daniel Menezes lis...@dmnzs.com.br wrote:
Fajar,
I had radutmp and SQL commented out in account {}.
I don't know why, a possible mistake.
After mark radutmp and restart freeradius I don't see new errors in log.
So you mean radutmp was the root cause of your
On Wed, Oct 26, 2011 at 10:08 PM, Daniel Menezes lis...@dmnzs.com.br wrote:
I read something about slow backend, tables indexes and other things.
I've used the backend script 'mysqltuner.pl' to adjust the performance.
It's better now, but the warnings and erros persists.
Can anyone help me on
On Wed, Oct 26, 2011 at 10:08 PM, Daniel Menezes lis...@dmnzs.com.br wrote:
Tue Oct 25 15:43:20 2011 : Error: WARNING: Unresponsive child for request
784, in module radutmp component accounting
Another thing to try, are you using radutmp? If no (e.g.
session/simultaneous use check is using
Hi Daniel,
I have a FreeRadius + MySQL setup with MikroTik as NAS.
And a few days ago I have some warnings and errors in the log:
Tue Oct 25 04:02:41 2011 : Info: Released IP xxx.xxx.xxx.xxx (did
via-pppoe-01 cli xx:xx:xx:xx:xx:xx user dmnzs-test) Tue Oct 25 05:30:36
2011 :
Error: Received
On Thu, Oct 27, 2011 at 12:13 AM, Daniel Menezes lis...@dmnzs.com.br wrote:
Yes, there is a large number of rows in the radacct and radposauth tables.
The attribute 'Acct-Interim-Interval' works very well but makes many
records.
Interim update aren't suppose to add records, they simply update
Lumir Lindovsky wrote:
How do I give access to wifi users who authenticate with username pass
over PEAP only to a group of users?
See the FAQ. You can create a group, and limit them based on group
membership. You can use SQL-Group. See doc/rlm_sql
Alan DeKok.
-
List
Lumir Lindovsky wrote:
How do I give access to wifi users who authenticate with username pass
over PEAP only to a group of users?
See the FAQ. You can create a group, and limit them based on group
membership. You can use SQL-Group. See doc/rlm_sql
Alan DeKok.
-
List
Hello,
I would like to help with this:
I have Freeradius version 2.1.6
I have it running with SQL and DialupAdmin.
How do I give access to wifi users who authenticate with username pass over
PEAP
only to a group of users?
I mean that authorised would be only users from group WIFI and not
I would think something like this in your users file: DEFAULT NAS-Ip-Address
== your.wifi.nas.ip, Group == WIFI DEFAULT NAS-Ip-Address == your.wifi.nas.ip,
Auth-Type = Reject -
Thank you for the answer but I do not use any users file - I use mysql and
users are stored in radcheck table and
Um yes, it's 'encrypted' using the shared secret between the NAS and the
RADIUS server... this is described in RFC 2865.
On 2 Aug 2011, at 07:31, gary wrote:
Hi All
I configure the NAS client as pap method for user authentication.
But through the packet analysis by wireshark it appears
Hi All
Thanks very much for your reply.
Best Regards
Gary
- Original Message -
From: Arran Cudbard-Bell
To: FreeRadius users mailing list
Sent: Tuesday, August 02, 2011 2:54 PM
Subject: Re: [freeradius+mysql]pap method
Um yes, it's 'encrypted' using the shared secret
On 1 Aug 2011, at 10:34, gary wrote:
Hi to all
Anybody give me some guideline?
I would like to add new field in mysql table, how to configure freeradius
recognize the field and fill out the correct value that I want?
Edit the queries in raddb/sql/your db/dialup.conf
-Arran
Arran
2011/8/1 gary gary.y...@browan.com:
Hi to all
Anybody give me some guideline?
I would like to add new field in mysql table, how to configure freeradius
recognize the field and fill out the correct value that I want?
All queries are customizable. By default it's on raddb/sql/mysql/dialup.conf
Hi Arran, Fajar
I've try and thank you so much.
Best Regards
Gary
- Original Message -
From: Fajar A. Nugraha l...@fajar.net
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Monday, August 01, 2011 4:41 PM
Subject: Re: [freeradius+mysql]new field
2011/8/2 gary gary.y...@browan.com
Hi All
I configure the NAS client as pap method for user authentication.
But through the packet analysis by wireshark it appears Encrypted.
To debug radius problems, it's much easier and informative to run
debug mode (radiusd -X) instead of using packet
Hi,
i have the exact same problem here with a Linksys access point. The Access
list to the AP works fine allowing the client to connect. But the
authentication fails. When i enter the client with it's login in the users
file like this
myclientuser Cleartext-Password := myclientspassword
Is it right that my freeradius go down after home server was down?
Regards,
Alexander.
2011/3/31 Fajar A. Nugraha l...@fajar.net
On Thu, Mar 31, 2011 at 2:45 PM, Alexander Kosykh avkos...@gmail.com
wrote:
Hi.
I need to copy acct packets to my billing server and save acct in
standart
On Thu, Mar 31, 2011 at 2:45 PM, Alexander Kosykh avkos...@gmail.com wrote:
Hi.
I need to copy acct packets to my billing server and save acct in standart
freeradius radacct table in mysql. I'm saving acct in radacct table now, but
can't duplicate them to other (billing) radius server.
Alexander Kosykh wrote:
I need to copy acct packets to my billing server and save acct in
standart freeradius radacct table in mysql. I'm saving acct in radacct
table now, but can't duplicate them to other (billing) radius server.
I've tried to use copy-acct-to-home-server but no success.
On Thu, Mar 31, 2011 at 4:00 PM, Alan DeKok al...@deployingradius.com wrote:
Alexander Kosykh wrote:
As I
understand, virtual server from copy-acct-to-home-server use a detail
files to read acct information from default server. Is the way to don't
use detail file and use mysql?
No.
Fajar A. Nugraha wrote:
Can you confirm that this is bug, that it shouldn't behave like that
(since the example proxy.conf doesn't mention anything about two
accthost line).
In 1.1.3, multiple accthost lines do fail-over from one to the other.
Another thing, while reading
Hi,
did you just copy the original example (framed-ip etc?) rather
than put your required attributes into the table? ;-)
the list should be used to give you the helpful pointer...not
do ALL your work for you :-)
alan
-
List info/subscribe/unsubscribe? See
You have to use radreply table for that. For example:
select * from radreply;
++--+---++---+
| id | username | attribute | op | value |
++--+---++---+
| 1 | test | Framed-IP-Address | = |
Thanks Ömer. I think that you understood my problem wrongly but i tried what
you suggested.
However it did not work.
I had asked some people who uses Enterasys switches and they confirmed that
i have to use Filter-Id but that guys dont know how it can be done under
freeradius/unix.
So i'm still
PM
To: FreeRadius users mailing list
Subject: Re: Freeradius + Mysql + Enterasys management-access
Thanks Ömer. I think that you understood my problem wrongly but i tried what
you suggested.
However it did not work.
I had asked some people who uses Enterasys switches and they confirmed
=
networkradius@lists.freeradius.org] *On Behalf Of *Yücel Türkistan
*Sent:* Saturday, February 05, 2011 1:49 PM
*To:* FreeRadius users mailing list
*Subject:* Re: Freeradius + Mysql + Enterasys management-access
Thanks Ömer. I think that you understood my problem wrongly but i tried
what
Well I been working on this system in some form or another for about a
month, which when done is going to be able (so I am told) to limit the
bandwidth that the connected users (be it wired or wireless clients) can
use using squid/squish/hostapd/freeradius/daloradius (so when I leave
someone
Surprising, put it back to the condition it is in when you first install
it and started with the Basic configuration HOWTO and then moved on to
the SQL HOWTO and it worked for the test with the username and
password in the users file and then again with a different user in the
database. The
I changed the /etc/raddb/sites-available/default to the following and
changed Auth-Type to SQL in the radcheck table, and it still rejects the
user.
authorize {
preprocess
mschap
sql
}
authenticate {
Auth-Type MS-CHAP {
mschap
}
}
preacct {
account_unique
}
Todd Bateman wrote:
I have been trying to get freeradius + mysql to play nice together for
the past few days and no mater what HOW TO or Tutorial I follow the end
result is the same when I run radtest from the command line I get
Access-Reject. In the HOW TO/Tutorials I have followed I was
Steve Staples wrote:
there were some other attributes that get these =HEX values passed and
stored, and what I am wondering is, is that in the flat files, it gets
stored as
connect-progress=LAN Ses Up ('=3D' translates to '=')
but in MySQL, it gets parsed/translated to the '=3D' style.
On Thu, 2010-12-16 at 16:15 +0100, Alan DeKok wrote:
Steve Staples wrote:
there were some other attributes that get these =HEX values passed and
stored, and what I am wondering is, is that in the flat files, it gets
stored as
connect-progress=LAN Ses Up ('=3D' translates to '=')
Dynamic Clients would only apply to the NAS's (ie the WNR834v2 Access
Points) and not the workstations connecting to the APs. As the Workstations
/ users would just be users.
So either you allow anyone from the internet (or restrict it down to certain
IP addresses which the Mobile Provider
Right... Ok.. so are these different traveling mobile offices in
documentation of what is called a VLAN (with a dynamic IP to the
internet side of the router that in turn hands out IP's to it's clients) ?
Somehow the router authenticates by something secret that only it and
the FreeRadius
On Fri, Oct 29, 2010 at 4:33 PM, Tyler Nally tna...@technally.com wrote:
Right... Ok.. so are these different traveling mobile offices in
documentation of what is called a VLAN (with a dynamic IP to the internet
side of the router that in turn hands out IP's to it's clients) ?
The traveling
Esteban TALAVERA wrote:
My freeradius + MySQL + EAP_TLS is working, but I have a problem.
I assumed that without an entry in MySQl database, the client can not
authenticate,
That's not how EAP-TLS works.
but I forgot to create one user's database entry and the
laptop was able to join
Thanks!
On Wed, Oct 20, 2010 at 9:19 AM, Alan DeKok al...@deployingradius.comwrote:
Esteban TALAVERA wrote:
My freeradius + MySQL + EAP_TLS is working, but I have a problem.
I assumed that without an entry in MySQl database, the client can not
authenticate,
That's not how EAP-TLS
On Wed, Oct 20, 2010 at 9:22 AM, Esteban TALAVERA etalave...@gmail.comwrote:
Thanks!
On Wed, Oct 20, 2010 at 9:19 AM, Alan DeKok al...@deployingradius.comwrote:
Esteban TALAVERA wrote:
My freeradius + MySQL + EAP_TLS is working, but I have a problem.
I assumed that without an entry in
Thanks, yoy're rigth. I'ill continue this way, the problem is not the
effort, but I was trying to complete the picture
Freeradius+MySql+EAP_TLS+Cisco AP without success.
Keep trying...
On Tue, Sep 14, 2010 at 5:25 AM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
Hi,
I´ll like to know if there
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 9/13/10 3:40 PM, Esteban TALAVERA wrote:
I´ll like to know if there is a way to configurates a Radius server + Mysql
to authenticate Wireless clients via a Cisco AP without certificates (EAP
TLS), only a username and password
Are you using an
Thanks
Is an autonomous AP.
I'll try Freeradius+MySql+EAP-TLS schema.
On Tue, Sep 14, 2010 at 11:06 AM, Kevin Ehlers ke...@uoregon.edu wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 9/13/10 3:40 PM, Esteban TALAVERA wrote:
I´ll like to know if there is a way to configurates a
On 09/14/2010 11:53 AM, Esteban TALAVERA wrote:
Thanks
Is an autonomous AP.
I'll try Freeradius+MySql+EAP-TLS schema.
Huh? What's that?
As has been pointed previously you must have a server cert if you're
doing TLS.
In addition the server cert should be signed by a trusted CA and the
Hi,
I´ll like to know if there is a way to configurates a Radius server + Mysql
to authenticate Wireless clients via a Cisco AP without certificates (EAP
TLS), only a username and password
yes. we use Cisco APs - we used to use them in autonomous mode but moved to the
lightweight LWAPP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 9/14/10 11:38 AM, Alan Buxey wrote:
Hi,
I´ll like to know if there is a way to configurates a Radius server + Mysql
to authenticate Wireless clients via a Cisco AP without certificates (EAP
TLS), only a username and password
yes. we use
Hi,
I agree for the most part. However, captive portals will still be in
use for guest access. There's less administrative and helpdesk overhead
for this type of deployment.
On windows machines, the CA/cert trust has to be explicitly enabled.
This can be a barrier for un-managed and
Hi Esteban,
this can be done via EAP-PEAP or EAP-TTLS, but not directly via TLS.
Regards,
Marten Pape
Esteban TALAVERA schrieb:
Hi
I´ll like to know if there is a way to configurates a Radius server +
Mysql to authenticate Wireless clients via a Cisco AP without
certificates (EAP TLS),
Hi Marten
You mean configuring freeradius for EAP-PEAP its not necessary to creates
certificates?
Its possible to use with CISCO AP as NAS?
Thanks
On Mon, Sep 13, 2010 at 6:23 PM, Marten Pape marten.p...@pape-hn.de wrote:
Hi Esteban,
this can be done via EAP-PEAP or EAP-TTLS, but not
jorge88 wrote:
I have a serious problem, see if you can help. It just can not authenticate
any user. The throwing error is:
WARNING: Please update your configuration, and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules instead.
User-Password in the request does NOT match
Hello Alan,
Thank you very much for you request.
Using Cleartext-Password: = message still appears:
WARNING: unprintable characters in the password. Double-check the shared
secret on the server and the NAS!
And the user is not logged in successful, the encrypted key.
What could be the
Using Cleartext-Password: = message still appears:
WARNING: unprintable characters in the password. Double-check the shared
secret on the server and the NAS!
And the user is not logged in successful, the encrypted key.
What could be the problem?
You need to read the error message and
Hi,
this:
User-Password = L] \ 357DK \ 027 \ 304 \ 033 \ 376Hx. \ 342Ö \ 336
and this:
WARNING: unprintable characters in the password. Double-check the shared
secret on the server and the NAS!
are clear signs that the shared secret on the NAS is wrong - or
you've entered the
Natr Brazell wrote:
I've set up FR2 to log acct data to mysql and that appears to be
working. I'm curious about how to enable the logging of specific
attributes that are being sent by the NAS. Specifically:
Edit the schema queries.
As you can see in the Accounting-Request packet above
I was simply using the debian package manager version, seams to work file for
what I need.
is version of freeradius supplied by distro or package manager?
have you uncommented calls to sql - eg in the default
server or inner-tunnel (look in the required/needed sections, eg
authorize,
Ski Mountain wrote:
Hi everybody,
I am trying to set up freeradius so that it authenticates off a myql
database. sql.conf is being included in the config. But the rlm_sql is
never loaded and I have been trying to figure out why. It does not
appear to even try to connect to the database and
Hi,
I am trying to set up freeradius so that it authenticates off a myql
database. sql.conf is being included in the config. But the rlm_sql is
never loaded and I have been trying to figure out why. It does not appear to
even try to connect to the database and I am stumped as to why.
On 05/06/2010 03:17 AM, shirkavand wrote:
Hi,
Can i use freeradius + mysql + ssl certficates at the same time for
autenticating users...or this does not make sense? I am a bit confused
if i have to use one of them(mysql or ssl certificates) for
autentication purposes.
I have read tutorials for
Jonathan Wood wrote:
I have been contacted by a local ISP to upgrade their current radius server
(currently running V 1.x)
They have multiple databases running for their clients with one radius
server, I have looked around Google, the archives and through the
documentation with the current
1 - 100 of 302 matches
Mail list logo