Hi,
I am just wondering if I can use freeradius for hotspot and dial up
accounts on same box or does it have to be separate box for hotspot and
dial up accounts?
that would depend on how you configured it and had each function isolated when
not needing same resources etc. we use ours
stefan.pae...@diamond.ac.uk wrote:
We're trying to put together an EAP-TTLS authentication solution with another
open-source authentication server (Jasig CAS). We've found that only the
first authentication process succeeds, but everything else after fails. In
order for us to pinpoint
list
Subject: Re: Question about EAP-TTLS session resumption
stefan.pae...@diamond.ac.uk wrote:
We're trying to put together an EAP-TTLS authentication solution with another
open-source authentication server (Jasig CAS). We've found that only the
first authentication process succeeds
stefan.pae...@diamond.ac.uk wrote:
However, when you go to the bottom of the output, where the request for user
'steve' (who is a valid user, and for whom a correct password was supplied)
is sent, the request fails. The session for 'steve' is partial and stops
prematurely, which leads me to
To: FreeRadius users mailing list
Subject: Re: Question about EAP-TTLS session resumption
stefan.pae...@diamond.ac.uk wrote:
However, when you go to the bottom of the output, where the request for user
'steve' (who is a valid user, and for whom a correct password was supplied)
is sent
The user 'bob' does not exist, so FreeRADIUS does the correct thing (i.e.
rejecting the user). This has not been in doubt at all.
Instantiate a new EAPTTLSAuthenticator() for each authentication session
and you should be fine. The Authenticator class is there to maintain a
context through a
El abr 28, 2013 10:13 p.m., Tim Reichhart t...@nwohiobb.com escribió:
Hey Guys
I am just wondering if I can use freeradius for hotspot and dial up
accounts on same box or does it have to be separate box for hotspot and
dial up accounts?
Tim
-
List info/subscribe/unsubscribe? See
Mathieu Simon wrote:
Telling students how to install a internal CA root isn't going to work,
it already
didn't work for teachers in the past ...
Yes. That is a problem.
But allowing only (internal) devices with certs from the internal CA
through CA_file
would allow us to more easily
Bas Penris wrote:
Everything is working as it should so no worries there, but I'm curious
about something. I configured the proxies and the local realm. When I
did a radtest like this:
radtest che...@localdomain.nl password 127.0.0.1 1 secret
I would get an Accept-Accept.
That's the easy
Hi Alan,
The reason I didn't post the debugs and config files was because I thought
there might be an easy explanation which one of you would be able to spoon up
without any trouble. Especially because nothing is broken and everything works
as it's supposed to.
I'll get back with a debug
Bas Penris wrote:
The reason I didn't post the debugs and config files was because I
thought there might be an easy explanation which one of you would be
able to spoon up without any trouble.
We need certain information to answer questions. One piece of which
is the debug output. That's
Mathieu Simon wrote:
Usually I've seen example for EAP-TLS setups that used a server-side
certificate
issued from the same CA as the one it should allow EAP-TLS clients who
present
their certificate to FR.
Yes.
Am I guessing correctly that CA_file can contain a different list of CA(s)
Hi
Am 11.04.2013 20:08, schrieb Alan DeKok:
snip!
The real-life example would be that people could use PEAP-MSCHAPv2 for
credential-based logins (server certificate being signed by a trusted
external CA)
While that works, it's not recommended. It means that the client will
trust *any*
Hello Stéphane,
can you please send a screenshot of your View Radius Configuration, your
full configuration and the full debugging output which includes an
authentication request from pap_challenge_request.pl and from View.
Cheers,
Thomas
-
List info/subscribe/unsubscribe? See
Hello Stéphane,
It works. Thank you. Yes, the radiusd process listen on some
multiples ports and i was wrong when i put the value 1812 on VMware
View.
for the list. The problem was that View was configured to port 1812
which does not do SMSOTP with my configuration, so we reconfigured it to
b...@indoakses-online.com wrote:
I found same problem of old topic posted back in Feb-2012
For ref :
http://lists.freeradius.org/pipermail/freeradius-users/2012-February/058868.html
...
Look like The device didn\'t send :
...
If so, How to fix it ?
Fix the device.
You can't fix it by
...
Look like The device didn\\\'t send :
...
If so, How to fix it ?
Fix the device.
You can\'t fix it by poking FreeRADIUS.
Alan DeKok.
Dear Alan
What I want to know is it common for device telling AAA that it use
EAP-SIM but it don\'t send RAND,SRES, and KC ?
I Asking this
b...@indoakses-online.com wrote:
What I want to know is it common for device telling AAA that it use
EAP-SIM but it don\'t send RAND,SRES, and KC ?
Read RFC 4186. Those fields are required for EAP-SIM to work.
If it common, I think it\'ll be great if FreeRadius can adjut to this.
but if
Read RFC 4186. Those fields are required for EAP-SIM to work.
If it common, I think it\\\'ll be great if FreeRadius can adjut to this.
but if it un-common, I think I\\\'ll need to find new device.
Some device manufacturers don\'t bother reading the specifications.
You should ask for
b...@indoakses-online.com wrote:
My Apologize.
I think all the needed data is there.
The EAP-SIM code disagrees with you.
And since you haven't bothered read the specifications, or the code,
or running the server in debugging mode as suggested in the FAQ, web
pages, man page, and daily on
Dear Alan and All
I Really sorry
b...@indoakses-online.com wrote:
My Apologize.
I think all the needed data is there.
The EAP-SIM code disagrees with you.
And since you haven\'t bothered read the specifications, or the code,
or running the server in debugging mode as suggested in the
You see to have a problem understanding me. I will try one last time to
explain. If you keep arguing, you will be be unsubscribed, and banned from the
list.
FreeRADIUS says that data is missing from EAP-SIM. It needs that data to do
EAP-SIM.
If you don't understand that, then you
On 17/01/13 11:29, Tiago wrote:
Hello everyone,
I'm struggling with something that should be simple to fix.
I have a rp-pppoe NAS server here that correctly understand a few
attributes (radreply) that come from freeradius 1.x (w/mysql
database). Example:
Download (for download rates) attribute
Hello Phil,
Thanks for your answer.
I have these:
ATTRIBUTE Download78 integer
ATTRIBUTE Upload 79 integer
On /etc/freeradius/dictionary file that is being included as debug showed.
including dictionary file /etc/freeradius/dictionary on freeradius v2.
Tiago wrote:
I have these:
ATTRIBUTE Download78 integer
ATTRIBUTE Upload 79 integer
On /etc/freeradius/dictionary file that is being included as debug showed.
They are wrong. Delete them.
including dictionary file /etc/freeradius/dictionary on
Alan,
Sorry, I did that. But I think I didn't understod it correctly, maybe
due english not being my first lang.
From man I have:
The names
have no meaning outside of the RADIUS server itself, and are
never exchanged between server and clients.
That is, editing the
Tiago wrote:
From man I have:
Please don't quote the documentation here. I've read it.
May I ask you a bit of patience helping me on this? So, can I conclude
that adding attributes to dictionary file will not make freeradius to
send those to NAS?
That is what the documentation says.
Alan,
2013/1/17 Alan DeKok al...@deployingradius.com:
Tiago wrote:
From man I have:
Please don't quote the documentation here. I've read it.
May I ask you a bit of patience helping me on this? So, can I conclude
that adding attributes to dictionary file will not make freeradius to
On 17/01/13 12:42, Tiago wrote:
Hello Phil,
Thanks for your answer.
I have these:
ATTRIBUTE Download78 integer
ATTRIBUTE Upload 79 integer
On /etc/freeradius/dictionary file that is being included as debug showed.
including dictionary file
Tiago wrote:
Alan,
Please also learn to edit the messages to this list. There is NO need
to quote the entire message again.
Thanks, can I add an attribute to dictionary.roaringpenguin besides
the ones listed there? I'm asking that to avoid broking my production
environment.
Are you in
2013/1/17 Phil Mayers p.may...@imperial.ac.uk:
On 17/01/13 12:42, Tiago wrote:
Hello Phil,
Thanks for your answer.
I have these:
ATTRIBUTE Download78 integer
ATTRIBUTE Upload 79 integer
On /etc/freeradius/dictionary file that is being included as
On 12/27/2012 06:20 AM, Fajar A. Nugraha wrote:
On Thu, Dec 27, 2012 at 1:00 PM, ichiro tanaka i_tan...@hotmail.co.jp wrote:
I made a set of 'safe-character' connection config of the sql.conf.
However,the safe-character's being used in connection is the last(B)
(When I use the A.but B will be
On 12/27/2012 06:00 AM, ichiro tanaka wrote:
Hello
I'm using freeradius 2.1.12. I'm trying to set up sql.conf.
But there is one question.
I made a set of 'safe-character' connection config of the sql.conf.
However,the safe-character's being used in connection is the last(B)
(When I use the
On Thu, Dec 27, 2012 at 1:00 PM, ichiro tanaka i_tan...@hotmail.co.jp wrote:
I made a set of 'safe-character' connection config of the sql.conf.
However,the safe-character's being used in connection is the last(B)
(When I use the A.but B will be used in this case)
Do you think there is a
Zach Simpson wrote:
What I'm having issues with is creating user file rules for each group of
devices. I have a few rules in the users file that look like this:
DEFAULT Ldap-Group == Switch Admins
Reply-Message = Welcome Switch Admin!
DEFAULT Ldap-Group == Router Admins
Am 31.08.2012 19:22, schrieb Zach Simpson:
What I'm having issues with is creating user file rules for each group of
devices. I have a few rules in the users file that look like this:
DEFAULT Ldap-Group == Switch Admins
Reply-Message = Welcome Switch Admin!
DEFAULT Ldap-Group == Router
Am 31.08.2012 20:35, schrieb Klaus Klein:
... long text ...
-
Ups, to late.
Next time I try to type faster. ;-)
Klaus
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks Fajar!!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Wed, Aug 8, 2012 at 8:34 PM, Andres Gomez Ruiz
andres.go...@urbalink.co wrote:
I have some users that I need to reject their sessions at midnight, because
of that Im using the dailycounter...
IIRC that's not what dailycounter is for.
but I need that user can't login again
(the user is
On Sat, Jun 23, 2012 at 08:35:31AM +0800, John wrote:
With this solution, both Ip phone or other device will be marked
as 'voice', right?
Yes
Can we distinguish it is a 'voice' device? then add
Cisco-AVPair = device-traffic-class=voice . otherwise, don't
add this attribute.
I hit exactly
On Sat, Jun 23, 2012 at 06:24:40AM +0800, John wrote:
Is there a way that freeradius can tell it is a VOICE device?
Like ACS server: Cisco-AVPair = device-traffic-class=voice.
man unlang
update reply {
cisco-avpair := device-traffic-class=voice
}
Matthew
--
Matthew Newton, Ph.D.
...@leicester.ac.uk 写道:
发件人: Matthew Newton m...@leicester.ac.uk
主题: Re: Question on Cisco-AVPair = device-traffic-class=voice
收件人: FreeRadius users mailing list freeradius-users@lists.freeradius.org
日期: 2012年6月23日,周六,上午6:52
On Sat, Jun 23, 2012 at 06:24:40AM +0800, John wrote:
Is there a way
Hi,
We are trying to setup eap for different mobile devices. We don't need
certificates for each user, we want to authorize againt the radius with
username and password only.
With self signed certificates its working if the mobile devices installs
the root ca certifcate.
We tried
It's a section, just like any other section. This is documented in
man unlang. You put modules or unlang rules there. This is
documented in man unlang.
Thanks!! That is exactly what I needed. I did not know to look in that man
page. Awesome!
If there is documentation on
Well I eventually found and switched to using linelog to log access rejects
since I can define my own variables that are logged. Oddly enough
freeradius was showing a packet-type of Access-Request for eap
authentication failures. Since I was calling linelog only from the
post_auth_reject spot I
Hi,
being a mooch. The only reason I can think of such short and erroneous
replies is that some people helping on the list are generally annoyed by
any questions. That is too bad. A quick reply of use linelog would have
been helpful. Why not help people?
...or it could be that
Ok. I did follow this advice:
snip
Ok I went back, looked at the config, and used some common sense to
figure
part of it out. I have it now logging replys for rejects using the
...to remind you what Alan said:
�Read raddb/sites-available/default. �Look for Post-Auth-Type Reject.
Josh Hiner wrote:
...to remind you what Alan said:
�Read raddb/sites-available/default. �Look for Post-Auth-Type Reject.
�This is documented.
in post-auth section
Post-Auth-Type REJECT {
attr_filter.access_reject
}
*This* is the cause of
Josh Hiner wrote:
Im not sure why people kept telling me to read the spot
above the Post-Auth-Type Reject section.
Because it describes how the Post-Auth-Type Reject section works.
Note: no text saying it magically doesn't log User-Names
Here is a paste of the text
above that section.
Ok I went back, looked at the config, and used some common sense to figure
part of it out. I have it now logging replys for rejects using the
reply_log section of ./modules/detail.log (I also enabled copy tunneled
reply to the outer tunnel in eap.conf). In the logged rejections Im not
getting the
Along with enabling user_tunneled_reply=yes etc.. I am also updating the
outer tunnel with the inner tunnel username like this:
update outer.reply {
User-Name = %{request:User-Name}
}
in ./sites-enabled/inner-tunnel
Watching radius debug I can even see
Hi,
Ok I went back, looked at the config, and used some common sense to figure
part of it out. I have it now logging replys for rejects using the
...to remind you what Alan said:
�Read raddb/sites-available/default. �Look for Post-Auth-Type Reject.
�This is documented.
Alan. Thanks for the reply. One of my previous emails I did put
reply_log in the post auth reject spot. Im also copying the user from
the inner tunnel to the outer tunnel. I am getting reject logs but
without the username. I swear I have read the section above the post
auth reject spot in my
Josh Hiner wrote:
Hello. Im running freeradius 2.1.6 and logging to /var/log/radius in
file/detail format. Currently connection logging is working if the user
authenticates correctly. I cant get access rejects to log though. Ive
turned on reply detail but that is only showing successful
Scott McLane Gardner wrote:
But I use a certificate authority, so later on in the documentation, it
says:
If you have an existing certificate authority, and wish to create a
certificate signing request for the server certificate, edit
server.cnf as above, and type the following
Excellent, thank you.
The default configuration does this. You shouldn't need to do anything.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Tue, Jan 31, 2012 at 4:31 PM, Krzysztof Grobelak
kgrobe...@airspeed.ie wrote:
Hello all,
Can somebody shed some light what the 'You probably need to lower min'
means. I just installed fresh freeradius from git. All my settings are the
same as in the last version but apart from the radiusd
Krzysztof Grobelak wrote:
Can somebody shed some light what the 'You probably need to lower min'
means.
See raddb/modules/sql in the latest git repository. The values and
functionality are documented there.
I just installed fresh freeradius from git. All my settings are
the same as in
Krzysztof Grobelak wrote:
I did lower it, as it recommends but i did not have to do it in previous
versions and I wanted to understand what has changed in the new release.
Read raddb/mods-available/sql
Really. You managed to edit that file. This means you saw the
comments in that file
Andreas Rudat wrote:
I'm a little bit confused, I configure radius with self signed cert,
peap+mschap, so if I tried to connect with an android or apple device I
get the question if I want to accept the server cert, thats ok, but with
windows or linux I get the error that there is no cert, but
No your check will not iterate over every instance of a value.
In order to do that you'll need to use FreeRADIUS 3.x and use the foreach
unlang construct or perl.
Plus the way you're doing policies is weird. Why don't you just use the policy
module (policy.conf)? It'd be way more memory
Thanks Arran for those answers,
No your check will not iterate over every instance of a value.
In order to do that you'll need to use FreeRADIUS 3.x and use the foreach
unlang construct or perl.
hmm, FreeRADIUS 3.x? Is it suitable for production environnement ? Or
i'll simply fall back to
On 2 Sep 2011, at 16:25, Olivier Beytrison wrote:
Thanks Arran for those answers,
No your check will not iterate over every instance of a value.
In order to do that you'll need to use FreeRADIUS 3.x and use the foreach
unlang construct or perl.
hmm, FreeRADIUS 3.x? Is it suitable for
Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
No your check will not iterate over every instance of a value.
In order to do that you'll need to use FreeRADIUS 3.x and use the
foreach unlang construct or perl.
Last time I checked[1] it seemed trivial to backport to 2.1.x.
Cheers
[1]
On 2 Sep 2011, at 23:16, Alexander Clouter wrote:
Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
No your check will not iterate over every instance of a value.
In order to do that you'll need to use FreeRADIUS 3.x and use the
foreach unlang construct or perl.
Last time I
On Fri, Jul 8, 2011 at 10:14 AM, Jamshid Abedi udptele...@gmail.com wrote:
Hello,
I've got Mobile OTP to work with FreeRadius, I'd like to take this one step
further and turn this into a two phase process. The objective is to first
take the pin, authenticate that and then communicate to the
Yes, it works this way. But the requirements are for a two phase authentication.
Sent from my iPhone
On Jul 8, 2011, at 2:11 AM, Fajar A. Nugraha l...@fajar.net wrote:
On Fri, Jul 8, 2011 at 10:14 AM, Jamshid Abedi udptele...@gmail.com wrote:
Hello,
I've got Mobile OTP to work with
Michael Arndt wrote:
i try to get a better grip in understanding the virtual server for inner eap
tunnel.
The TLS-based EAP methods involve setting up a TLS tunnel between the
client PC and the RADIUS server. Processing of the TLS tunnel is done
by the default virtual server. Just the same
matteo wrote:
Hello list,
suppose I want to authenticate a device capable of using PEAP with
EAP-MS-CHAP v2 or EAP-GTC and TTLS with EAP-MS-CHAP v2 or MS-CHAPv2 and
I have user password stored in LDAP (linux) with the crypt scheme and
freeradius server 2.1.9.
Is there any mechanism to
Adrien Demarez wrote:
I wish to deploy FreeRadius on a WiMAX setup, ...
Lots of people do this, I'm not sure why. :(
INSERT INTO `radgroupreply` (`id`, `groupname`, `attribute`, `op`, `value`)
VALUES
(1, 'Gold', 'WiMAX-Packet-Flow-Descriptor-v2', ':=', '??')
(2, 'Gold',
--On Tuesday, February 01, 2011 08:41:54 -0800 Brett Littrell
blittr...@musd.org wrote:
Hi All,
Real quick and I am sure easy question here. I read through the
unlang man page, really helped in getting a clue. One thing I was
wondering though, is there a way to output text to the
Hi James,
That looks perfect for the tech logs, thanks. The debugging side was a
little different, I was thinking about inputting text strings in the middle of
unlang scripts. Usually when I write say a C program I will pop in a lot of
printf's with variables so I know what a variable
Hi,
as James says...unlang with linelog module.. if you want to do more,
then thats easy too - just use PERL module and use unlang with a call
to a logging PERL module - the world is your oyster at that stage regarding
what you can do - with your printf's etc :-)
alan
-
List
Thanks Alan,
Did not think about calling the perl module, that should work very well...
thanks
Brett Littrell
Network Manager
MUSD
CISSP, CCSP, CCVP, MCNE
On Tuesday, February 01, 2011 at 10:15 AM, in message
20110201181525.ga9...@lboro.ac.uk, Alan Buxey a.l.m.bu...@lboro.ac.uk
The debugging side was a little different, I was thinking about inputting
text strings in the middle of unlang scripts
If you run radiusd -X you will see the output of expansions, so you can do
if (DEBUG: I am looking at %{foo} and %{bar}) {
}
and you'll see the text in the log.
Brett Littrell wrote:
For freeradius I was not sure if there was similar
functionality. I am guessing there is not, I was kind of thinking it
may be a stretch to add something like that in a config file.
See radmin, and raddebug. They can print full debugging logs for
a particular user,
On 01/25/2011 11:18 PM, Brett Littrell wrote:
with inner-tunnel requests. So my question is wether naming the server
inner-tunnel causes it to exclusively handle inner-tunnel requests, in
other word is inner-tunnel a hard coded name that has to be used for
handling inner-tunnel requests?
No.
Gary Gatten ggat...@waddell.com wrote:
And I don't have control over what our half dozen email processors do
to my email after I send it.
You live in a country that prevents you using any other SMTP server
other than the one allocated to you? Unable to get a freebie email
address (Gborg)
freeradius-users@lists.freeradius.org
Sent: Wed Jan 26 02:56:23 2011
Subject: OT: email fail [was Re: Question on Virtual Servers and inner-tunnel]
Gary Gatten ggat...@waddell.com wrote:
And I don't have control over what our half dozen email processors do
to my email after I send it.
You live
Brett Littrell wrote:
Hope this is not to stupid of a question but I have been checking
out the inner-tunnel virtual server under sites-enabled. I read up a
little on virtual servers and it looks like the inner-tunnel virtual
server is just a regular old virtual server
Yes.
yet in
Hi All,
You guys really explained it well, appreciate it. I really wanted to know
to try and get an idea of how this works and figure out the best way to set
this up and clarifying that really helped.
And yes I did get Gary joking and I do not mind a little eldow in the ribs
Brett Littrell blittr...@musd.org wrote:
PS: What is up with Garys email? or is it my threaded view? Gary's
email keeps popping up as a new email and not as a threaded response?
I guess corporate policy is to use a broken email client as well as an
SMTP server that adds a
Must have been a really old version of GW, I use GW here and it seems to thread
fine but we are on the latest version.
Thanks again..
Brett Littrell
Network Manager
MUSD
CISSP, CCSP, CCVP, MCNE
On Wednesday, January 26, 2011 at 8:48 AM, in message
vrv518-hm1@chipmunk.wormnet.eu,
That's a stupid question for someone with so many certs! ;) jus givn ya $hit.
AKAIK it's not hard coded. In a config file somewhere is probably something
like: if request type is 'x' then server inner-tunnel. Its been some time since
I looked at the conf files so I can't say for sure which one
-users@lists.freeradius.org
Sent: Tue Jan 25 17:50:53 2011
Subject: Re: Question on Virtual Servers and inner-tunnel
So I guess the follow up question is then, if I want to create multiple
virtual servers, I am going to have to find this config file if I want those
servers to deal
+wiechman.lists=gmail.com@lists.freeradius.o
rg] On Behalf Of Brett Littrell
Sent: Tuesday, January 25, 2011 5:51 PM
To: 'freeradius-users@lists.freeradius.org'
Subject: Re: Question on Virtual Servers and inner-tunnel
So I guess the follow up question is then, if I want to create multiple
Gary Gatten ggat...@waddell.com wrote:
[-- multipart/alternative, encoding 7bit, 1 lines --]
[-- text/plain, encoding base64, charset: utf-8, 38 lines --]
That's a stupid question for someone with so many certs! ;) jus givn ya $hit.
[snipped]
font size=1
div
-bounces+ggatten=waddell@lists.freeradius.org
freeradius-users-bounces+ggatten=waddell@lists.freeradius.org
To: freeradius-users@lists.freeradius.org
freeradius-users@lists.freeradius.org
Sent: Wed Jan 26 00:49:27 2011
Subject: Re: Question on Virtual Servers and inner-tunnel
Gary Gatten ggat
Ali Majdzadeh wrote:
Hello All
I am using freeradiusclient in combination with PPP in order to setup
RADIUS authentication for PPTP users. Actually, I managed to
authenticate users using RADIUS but I noticed that the NAS-Port
attribute which is sent to RADIUS server is always 0. Is this
Alan,
Thanks a lot.
Warm Regards
Ali Majdzadeh Kohbanani
2010/10/8 Alan DeKok al...@deployingradius.com
Ali Majdzadeh wrote:
Hello All
I am using freeradiusclient in combination with PPP in order to setup
RADIUS authentication for PPTP users. Actually, I managed to
authenticate users
Alan,
Sorry for this extra post, but, what about Interim-Update attribute? Is
there anyway to instruct the PPTP VPN connection to send interim accounting
packets to the RADIUS server?
Warm Regards
Ali Majdzadeh Kohbanani
2010/10/8 Ali Majdzadeh ali.majdza...@gmail.com
Alan,
Thanks a lot.
Alan,
Sorry for this third post, I managed to instruct PPTP VPN server (NAS) to
send Interim-Update packet by adding the following line to
/etc/radiusclient/dictionary:
ATTRIBUTEAcct-Interim-Interval 85 integer
Of course, I had set Acct-Interim-Interval attribute to 60 for the specific
James S. Smith wrote:
I'm trying to get FreeRadius to authenticate against the local server's
usernames and passwords. I have a fresh installation and I've confirmed that
authentication is working with a test entry in the /etc/raddb/users file.
I've also tested authentication from another
On Tue, Sep 21, 2010 at 12:41:08PM +0100, Alan Buxey wrote:
Hi,
is it possible to send attributes based on the used SSID?
yes. as that can be gained from RADIUS attributes sent to the
RADIUS server . where you do them, and how you do them - ie unlang,
users, SQL huntgroups etc etc is
Aiko Barz a...@chroot.de wrote:
Now I am able to ask various Active Directory servers by using
Net::LDAPS. This enables me to put the following parameters into
relation:
- DOMAIN
- username
- SSID
And it makes me more flexible when I have to deal with complex Active
Directory forest
柴崎 昌一 wrote:
We want to re-send Accounting-Request again by using the Proxy server.
Because our NAS doesn't send Accounting-Request again.
We want to set it to Synchronous=no.
Can I make it to Synchronous=no?
No.
See raddb/sites-available/robust-proxy-accounting
Alan DeKok.
-
Ana Gallardo wrote:
I want to return an error code if my freeradius can't contact with the
backend.
Here is my authorize section:
authorize {
. . .
switch %{Realm} {
...
}
if (fail) {
That won't work, unfortunately. The return codes of *modules* can be
Difan Zhao wrote:
So I want to make all rest devices to be authenticated. It will be even
better if I can assign them to a specific VLAN. I was reading
./sites-avaliable/default and I found that forcibly accept the user
(Auth-Type := Accept). Where do I put it? I tried:
post-auth {
:
freeradius-users-bounces+difan.zhao=guest-tek@lists.freeradius.org
[mailto:freeradius-users-bounces+difan.zhao=guest-tek@lists.freeradi
us.org] On Behalf Of Alan DeKok
Sent: Tuesday, March 30, 2010 4:43 PM
To: FreeRadius users mailing list
Subject: Re: Question: How do I forcibly accept all
Difan Zhao wrote:
However if you can fool the NAS to let it believe that the device is
authenticated, will the switch also send an EAP success message to the
laptop to fool him as well?
No. Even if it does, the laptop will ignore it. There is no
substitute for running the authentication
1 - 100 of 346 matches
Mail list logo