Sorry, but I only wanted to know why the behaviour has changed and if there is
any way to do it by configuration or access it with unlang...
BTW:
If I remove the client completely, log in normal mode says):
Fri Jul 19 16:32:29 2013 : Error: Ignoring request to authentication address *
port 1812
On 28.03.2013 10:31, Billot wrote:
Ok thanks but is it possible to have it permanently with a config item like
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
debug_level = 4
edit your startup script and add -xl /path/to/my/debugfile
add more x for more debugging
Be aware
When using raddebug or -x option in startup, i can't see logs like
User-Name = nag...@ac-orleans-tours.fr
NAS-IP-Address = 172.21.175.132
NAS-Identifier = hello
NAS-Port = 0
Called-Station-Id = 2C-B0-5D-A4-52-00:WIFI-ACAD
Calling-Station-Id = 8C-77-12-53-62-0E
Framed-MTU = 1400
hi,
just use the other logfiles (detail.log module), do your own line-log or
fire off eg a PERL script to save all the details to a file.
you REALLY dont want to run in 'X' mode - its single threaded so your
performance goes through the floorand its printing out all that stuff
to output
OK thanks a lot for those advices.
Le 28/03/13, a.l.m.bu...@lboro.ac.uk a écrit :
hi,
just use the other logfiles (detail.log module), do your own line-log or
fire off eg a PERL script to save all the details to a file.
you REALLY dont want to run in 'X' mode - its single threaded so
On Tue, Jun 12, 2012 at 08:11:17PM +0200, Billot wrote:
It begins with a a complete request, and the authorize section.
Parsing each authorize mechanism, only eap doesn't return noops.
A first question : the default file says
eap {
return ok
}
EAP request comes with EAP message and
Billot wrote:
A first question : the default file says
eap {
return ok
}
EAP request comes with EAP message and is so captured by the eap
authorize section, right ?
It returns an update of the original request with Auth-Type = EAP
Yes.
I can't understand why there is then one
Hi,
Secondly, why would you need a log file to show an attribute expanding to
nothing? I just told you it is expanding to nothing aka it has no assigned
value once reaching the pre-proxy stage.
as per the mailing list information, no radiusd -X, no help
alan
-
List
I have disabled certificate checking on the Windows machine. Here's the log
from the XP client:
Reason: An internal error has occurred.
Reason code: 327685
Error code: -2147023537
On the switch I see this repeated several times. The ca58 MAC is the Windows
MAC, so this means that it somehow
Guys, anyone?
Do you need more config info? Can you help?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
UPDATE: I istalled the FreeRADIUS certificate and selected it so that the
client will check it when it authenticates. I still get the same error. Now I
will recreate the same scenario with Samba3 to see if it works. By the way, I'm
running FreeRADIUS 2.1.8 and Samba4.0.0alpha12
-
List
Hi,
So Can I ask a question: what is the link between the attributes filter in
Access-Challenge packets and the EAP type?
read the logic in the config file - see how you are activating the filter
and where it is being activated.
You mean I can't do it in EAP-MD5 but only in other EAP types?
Hi,
I also found this command in the Radius E-book by O`reilly.
radiusreport -i 0 -f detail
But this command does not work, i get an error message saying not found.
Please help me.
Regards,
Yagnesh Dave
On Wed, 04 Nov 2009 17:50:55 +0530 wrote
Hi,
Thanks for your quick answer. I am very
Hi Dave,
Radiusreport is a seperate project - see
http://www.pgregg.com/projects/radiusreport/
Ivan posted an SQL statement above which answers your initial query. Simply
execute the query on your SQL server.
For simplified management you may want to take a look at installing and
configuring
On 10/15/2009 10:22 PM, adai...@vl.videotron.ca wrote:
Hi Everyone
I think I am getting ahead but now I got the following error:
[pap] WARNING! No known good password found for the user. Authentication may
fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type)
Thanks John for being so helpful !
I will try to check evrything and review the recommended website
Have a great day !
Al
- Message d'origine -
De: John Dennis jden...@redhat.com
Date: Vendredi, 16 Octobre 2009, 8:02
Objet: Re: Re : Re: Re : Re: Freeradius2 configuration challenges
to authenticate the user.
I was just trying to setup PAP (testuser) on the radius
Would you know what the error could be ?
Thx
- Message d'origine -
De: adai...@vl.videotron.ca
Date: Mercredi, 14 Octobre 2009, 21:16
Objet: Re : Re: Re : Re: Freeradius2 configuration challenges ( Binding
On 10/14/2009 03:45 PM, adai...@vl.videotron.ca wrote:
Thanks John for the quick reply on my questions,
I already checked on Red_Hat_FAQ and I have not seen any answers to my
challenges !
Did you read the section
How do I start and stop the FreeRADIUS service?
Because it's obvious you've
adai...@vl.videotron.ca wrote:
Thanks Alan for your insights, but I am running only one radius server.
Really? The messages you posted have one cause: two RADIUS servers.
Use ps to see what else is running. This is Unix 101.
Yes, I did follow the FAQ ...
No. If you had followed the
Thanks John for your patience !
I appreciate your explanation and will double check everything
Al
- Message d'origine -
De: John Dennis jden...@redhat.com
Date: Mercredi, 14 Octobre 2009, 16:19
Objet: Re: Re : Re: Freeradius2 configuration challenges ( Binding IP address
failure
: Mercredi, 24 Juin 2009, 7h28mn 58s
Objet : Re: Re: Re : Re : Re : Re : Radius+Huwaei switch + auto VLan,
Assignment issue
so Vlan-assignment-mode is Integer.
Where?are the tricks?
Make attempt use Vlan-assignment-mode is string in tuning of switch.
-
List info/subscribe/unsubscribe? See http
@lists.freeradius.org
Envoyé le : Mercredi, 24 Juin 2009, 7h28mn 58s
Objet : Re: Re: Re : Re : Re : Re : Radius+Huwaei switch + auto VLan,
Assignment issue
so Vlan-assignment-mode is Integer.
Where?are the tricks?
Make attempt use Vlan-assignment-mode is string in tuning of switch.
-
List info/subscribe
The Switch documentation said:
If set to Integer the Vlan-assignment-mode allow the switch to use VLAN ID to
tag frames.
If set to String it uses VLAN Name instead. We've set the domain as follow :
[uac_quid002]dis dom uacdom
The contents of Domain uacdom:
State =
The Switch documentation said:
If set to Integer the Vlan-assignment-mode allow the switch to use VLAN ID
to tag frames.
If set to String it uses VLAN Name instead.
So the Vlan-assignment-mode in the domain is Integer. But as the
Access-Accept message return
Vlan ID in this
: Ivan Kalik t...@kalik.net
À : FreeRadius users mailing list freeradius-users@lists.freeradius.org
Envoyé le : Mardi, 23 Juin 2009, 10h51mn 15s
Objet : Re: Re : Re : Re : Radius+Huwaei switch + auto VLan Assignment issue
The Switch documentation said:
If set to Integer the Vlan-assignment-mode
set the MSTP port to an edge port.
Thanks
De : Ivan Kalik t...@kalik.net
À : FreeRadius users mailing list freeradius-users@lists.freeradius.org
Envoyé le : Mardi, 23 Juin 2009, 10h51mn 15s
Objet : Re: Re : Re : Re : Radius+Huwaei switch + auto VLan
You will place use-tunneled-reply=yes in peap config.
This is right config 3Com 4500(V3.03.00):
#
domain default enable company
#
dot1x
dot1x authentication-method eap
undo dot1x handshake enable
#
radius scheme Radius
server-type extended
primary authentication x.x.x.x
primary accounting
-cut = Disable
Self-service = Disable
Messenger Time = Disable
so Vlan-assignment-mode is Integer.
Where are the tricks?
De : Guk Victor v@zaz.zp.ua
À : freeradius-users@lists.freeradius.org
Envoyé le : Mardi, 23 Juin 2009, 15h23mn 40s
Objet : Re: Re
so Vlan-assignment-mode is Integer.
Where?are the tricks?
Make attempt use Vlan-assignment-mode is string in tuning of switch.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sorry for my previous email;)
I was meaning: %{control:Auth-Type}
In my configuration, I use two different auth-type, one for PAP, one
for MS-CHAP.
Regards,
Vincent
Vincent Magnin [EMAIL PROTECTED] a écrit :
Bonjour,
Avez-vous essayé d'utiliser %{Auth-Type} ?
Salutations,
Vincent
Thank you Ivan,
it works as you said.
As i read in documentation Expiration attribute have accept date
values and as in mysql i decide that it is only date.
May be it is good if this is fixed in documentation.
And i don't know how this can be done
Thanks
Bozhan Boiadzhiev
Оригинално
Sorry for the duped messages.. looks like my webmail client freaked
out.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
see the logf there: http://tinypaste.com/5b99b
Your problem is nothing to do with certificates. The PEAP tunnel gets
setup correctly, the MS-CHAP client-server auth succeeds, but the final
server-client (mutual) auth appears to fail.
This could be for a number of reasons, but it's a
Reveal MAP escribió:
But I think this problem do not affect peap because peap do not use
client certs, you only need to install ca.der into client machine and
put the passwords
i refer to that:
so my question is, if the certificate (with server extension) is
missing on the client, could
installing ca.der and putting user pass into client machine, the
authentication doesn't work?
-- no, it doesn't!
you only need ca.der but, if you have an active directory like LDAP,
check if your comunication with AD server also have tls authentication.
Into ldap module you can
nf-vale escribió:
Are you using vista supplicant? By reading the last lines of your radius
debug file it seems so...
See earlier posts with subject: PEAP or TTLS and Microsoft Vista.
Sex, 2008-07-25 às 17:10 +, Reveal MAP escreveu:
installing ca.der and putting user pass into
with winbind. and EAP-TLS
runs Ok
thank you
- Message d'origine
De : Alan DeKok [EMAIL PROTECTED]
À : FreeRadius users mailing list freeradius-users@lists.freeradius.org
Envoyé le : Samedi, 19 Juillet 2008, 19h05mn 33s
Objet : Re: Re : Re : Re : Re : EAP-TLS OK - EAP-PEAP KO!! why
Reveal MAP wrote:
Now i am trying to authenticate via PEAP a user existing onmy sql database:
The debug log doesn't show that.
the output is too long, mailing list parameters won't accept it. i post
part of the output that seem to give the point of misconfiguration. if
it is not
@lists.freeradius.org
Envoyé le : Samedi, 19 Juillet 2008, 17h19mn 58s
Objet : Re: Re : Re : EAP-TLS OK - EAP-PEAP KO!! why that?
Reveal MAP wrote:
Now i am trying to authenticate via PEAP a user existing onmy sql database:
The debug log doesn't show that.
the output is too long, mailing list parameters
Reveal MAP wrote:
user=maman
passwd= maman
is a sql based user.
trying peap with sql based user give error message,
Which... is what? Is it a secret?
but trying it with
Ad_based user give no error message, just don't connect...
FreeRADIUS gives no error message? Or the client?
: Alan DeKok [EMAIL PROTECTED]
À : FreeRadius users mailing list freeradius-users@lists.freeradius.org
Envoyé le : Samedi, 19 Juillet 2008, 18h07mn 43s
Objet : Re: Re : Re : Re : EAP-TLS OK - EAP-PEAP KO!! why that?
Reveal MAP wrote:
user=maman
passwd= maman
is a sql based user.
trying peap
rlm_mschap: Told to do MS-CHAPv2 for glouglou with NT-Password
expand: --username=%{mschap:User-Name} - --username=glouglou
mschap2: 14
expand: --challenge=%{mschap:Challenge:-00} -
--challenge=91426d1805c9df8e
expand: --nt-response=%{mschap:NT-Response:-00} -
I follow your documentation and succeed with the part Configuring FreeRADIUS
to use ntlm_auth
So I want to use Configuring FreeRADIUS to use ntlm_auth for MS-CHAP,
Why? Your client is not using mschap. If you want to test if mschap works
you can send test requests with ntradping or JRadius
pingouin osmolateur wrote:
Thanks Alan for your answer
I follow your documentation and succeed with the part Configuring FreeRADIUS
to use ntlm_auth
So I want to use Configuring FreeRADIUS to use ntlm_auth for MS-CHAP, so I
delete my user in database.
Do I have to keep the following line
Hi,
the result of ntlm_auth in command line:
--
aaa:/var/lib/samba #ntlm_auth --username glouglou --domain pluton
password:
NT_STATUS_OK: Success (0x0)
aaa:/var/lib/samba #
I am Sorry,
I have a little problem with english, and i know it might be annoying for you!
but i am not sure to understand what you are adcing me right now.
1- um.. using mschap:User-Name
(how can i do that? in radiusd.conf, mschap section? or in ntlm_ath
configuration files?)
2-
# You can also try setting the user name as:
#
#... --username=%{mschap:User-Name} ...
#
Did you read what you copied? Replace username bit in ntml_auth with
that. Your problem is that you are sending DOMAIN\username and not just
username.
Ivan Kalik
Kalik
@lists.freeradius.org
Envoyé le : Vendredi, 27 Juin 2008, 16h18mn 32s
Objet : Re: Re : Re : Re : Authorization?? pb Authentication against AD
# You can also try setting the user name as:
#
#... --username=%{mschap:User-Name} ...
#
Did you read what you copied
Joel MBA OYONE wrote:
No. VLAN assignment is after SSID association, and after 802.1x
authentication.
OK, is it possible to associate in SSID_1 and be assigned to a different
VLAN than the we are associated in ?
That doesn't make sense. SSID's aren't tied to VLANs, unless you
configure
Joel MBA OYONE wrote:
We all agree that assocation is made before authentication process, in
order to RADIUS to be able to do its stuffs. but the fact is that it
doesn't work,
Then your NAS is broken. Buy a real NAS that supports VLAN assignment.
and i was wondering what would be the
, 17h37mn 46s
Objet : Re: Re : Re : Dynamic VLAN and FreeRadius
Joel MBA OYONE wrote:
We all agree that assocation is made before authentication process, in
order to RADIUS to be able to do its stuffs. but the fact is that it
doesn't work,
Then your NAS is broken. Buy a real NAS that supports VLAN
Um... i think i just sent an empty response, sorry about that and thank you for
this clear explanation. i just will change my NAS!
(but i will call d-link before ).
see ya!
Joel MBA OYONE wrote:
We all agree that assocation is made before authentication process, in
order to RADIUS to be
Ok, we assume my certificates are corrects.
So i have some more questions:
- Certificate should be import for user accounts or for computer account ?
- i use the file users as database for my accounts; when using eap-tls
when trying eap-peap my accounts looks like that:
johndoe
Ok, we assume my certificates are corrects.
So i have some more questions:
- Certificate should be import for user accounts or for computer account ?
Who/what ever is you supplicant trying to authenticate. If the supplicant
can't find the correct certificate it will give up.
- i use the
up!
(never says die)
==
Ok,
i think i really missed something! that config should take less than 15 minutes
but i can't solve my problem for more than a week.
Alan or Ivan, could you give me a half our to help me to fix my RADIUS EAP-TLS
config please. i would like to
Please don't mess with configuration. Default one works. Your problem
was with the user certificate.
http://www.procurve.com/NR/rdonlyres/06538B80-6DB0-4AC6-893E-8E8E12A180C6/0/ConfiguringFreeRADIUSwithIDMbyExample_Dec_07_WW_Eng_Ltr.pdf
On page 52 you have a picture of the Details tab list with
Ok, i am sorry!
all i had to do is yast install make or something like that to be able to run
the command...
ah... Linux !!
MBA OYONE Joël
Lot. El Firdaous
Bât GH20, Porte A 204, Appt 8
2 Oulfa
Casablanca - Maroc
Tél. : +212 69 25 85 70
- Message d'origine
De : Joel MBA OYONE
So the problem is on the nas not my radius server.
On Feb 22, 2008, at 10:57 AM, Ivan Kalik wrote:
the user password is fun123 it is clear text.
User-Password = i\374\304U\017\026\264\027:\367PU\262\t\356
That's not what you NAS is sending as password. So radius works fine.
Ivan
That was it thanks.
On Feb 22, 2008, at 3:31 PM, Ivan Kalik wrote:
That looks like a pap request but that's not the cleartext password.
Garbled password suggests that the shared secret in clients.conf and
on
the NAS are not the same (if you are sure you are sending the right
password and not
That looks like a pap request but that's not the cleartext password.
Garbled password suggests that the shared secret in clients.conf and on
the NAS are not the same (if you are sure you are sending the right
password and not this).
Ivan Kalik
Kalik Informatika ISP
Dana 22/2/2008, Dustin
http://lists.freeradius.org/mailman/htdig/freeradius-users/2007-October/066981.html
Dana 21/11/2007, OLIVER Patrice [EMAIL PROTECTED] piše:
Hello,
I don't find the script you talk about.
What's its name ?
Regards.
Cordialement,
Patrice OLIVER
Chef du
90
-Original Message-
From: [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Date: Wed, 21 Nov 2007 12:49:47 +0100
Subject: Re: Re: Re: Re: EAP-TLS does not sendan accessOK.
http
Geoffroy Arnoud wrote:
Ok, the first problem comes that there is no call to fflush.
Fixed, thanks.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Fri 22 Jun 2007, Eshun Benjamin wrote:
RADIUS was *originally* intented to assign IP's. It's been doing that
since at least 1993.
Do you mean radius servers has being doing DHCP since 1993 or IP pool
stuff. What is is the difference?
RADIUS has been assigning IPs to users since it's
Brian Walters wrote:
but the authhost and accthost entries can be listed next to each other
for each realm. I just wanted to make sure there wasn't a short cut of
allowing a home server to be both. Even with adding 2 entries for each
home server (1 auth, 1 acct) it's still a big saving with
yes i have read it, but it´ s not my problem !
[EMAIL PROTECTED] a écrit : Have you read this:
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg33526.html
Isn't that your problem too?
Ivan Kalik
Kalik Informatika ISP
Dana 26/3/2007, elmalhi abdelghani pi¹e:
Hi,
so i
Module: Library search path is /usr/local/lib
*** glibc detected *** radiusd: double free or corruption (fasttop):
0x090fcde8 ***
update your perl and install cvs
$ cvs -d :pserver:[EMAIL PROTECTED]:/source login
CVS password: anoncvs
$ cvs -d :pserver:[EMAIL
if radiusd -X works then
check whether yourpid was created successfully when you run radiusd;
if some folders leading to it are missing create them.
==
Benjamin K. Eshun
- Message d'origine
De : elmalhi abdelghani
Hi,
so i don´t found any PID for radiusd. so too with netstat -tunnelup any PID
!!!
think´s.
Eshun Benjamin [EMAIL PROTECTED] a écrit :
if radiusd -X works then
check whether yourpid was created successfully when you run radiusd;
if some folders
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
peppeska ha scritto:
ma script to start pppoe-server is
debian:~# cat start-pppoe2.sh
#!/bin/bash
MAX=250
BASE=10.67.7.1
NAT=10.67.7.0/24
MYIP=193.205.94.13
iptables -A INPUT -i eth0 -s $NAT -j DROP
iptables -t nat -A POSTROUTING -s
Thibault Le Meur wrote:
I've patched the radiusplugin to add Framed-IP-Address to
the re-auth
request but rlm_ippool still allocates a new IP Address
(I'm using FR
1.1.4).
Ok. It seems like rlm_ippool should be updated to look for
Framed-IP-Address in the request.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ian van Marwijk wrote:
what means plaese this error :
There appears to be another RADIUS server running on the authentication
port 1812
It means that you already have an instance of radiusd running on the
daemon port.
Whats the output of
Whats the output of 'ps auxf' on your box?
Netstat will tell you what's using which port.
Do instead:
# netstat -tnp | grep 1812
example output:
tcp0 0 192.168.30.107:49182192.168.30.1:5222
ESTABLISHED 5938/gaim
And better if you have the lsof binary installed,
Hi!
elmalhi abdelghani said the following, On 22-Mar-07 15:49:
Hi,
so i have tryed with ps auxf but no way ! so too with grep.
what means plaese this error :
There appears to be another RADIUS server running on the authentication
port 1812
It means that you already have an instance
You can do:
netstat -an | grep 1812
or
netstat -a | grep radius
Qui, 2007-03-22 às 11:16 -0400, Martin Gadbois escreveu:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ian van Marwijk wrote:
what means plaese this error :
There appears to be another RADIUS server running on the
hi , output of ps auxf:
[EMAIL PROTECTED] radius]# ps auxf
USER PID %CPU %MEMVSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.2 2032 620 ?Ss 10:13 0:02 init [5]
root 2 0.0 0.0 0 0 ?S10:13
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thibault Le Meur ha scritto:
Have you setup ppp to use mschap (require-mschap-v2 option) ? Are
you using the radiusclient library ?
refuse-pap
refuse-chap
require-mschap
require-mschap-v2
require-mppe
Ok so that your NAS don't
and in the dictonary file:
$INCLUDE /etc/radiusclient/dictionary.microsoft
$INCLUDE /etc/radiusclient/dictionary.ascend
$INCLUDE /etc/radiusclient/dictionary.compat
$INCLUDE /etc/radiusclient/dictionary.merit
$INCLUDE /usr/share/freeradius/dictionary
Don't write $INCLUDE but
MMM damn! why freeradius don't want work with me?
It's not a Freeradius issue, but a ppp/radiusclient issue ;-)
P.S.
without the Deafult Auth-Type in the users file...it's the
same... If I put $INCLUDE instead INCLUDE... work like before...
Very strange I've got several
I've been using OpenVPN + Ralf's Radiusplugin for several months and
recently moved away from server-side IP assignment. However, while I did use
it, I found that in my configuration FreeRADIUS only assigned new IPs when
the accounting for that user had stopped (ie, if it recieved a STOP packet).
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ok!!!
Now I have this configuration
INCLUDE /etc/radiusclient/dictionary.microsoft
INCLUDE /etc/radiusclient/dictionary.ascend
INCLUDE /etc/radiusclient/dictionary.compat
INCLUDE /etc/radiusclient/dictionary.merit
$INCLUDE
peppeska wrote:
Ok!!!
Now I have this configuration
INCLUDE /etc/radiusclient/dictionary.microsoft
INCLUDE /etc/radiusclient/dictionary.ascend
INCLUDE /etc/radiusclient/dictionary.compat
INCLUDE /etc/radiusclient/dictionary.merit
$INCLUDE /usr/share/freeradius/dictionary
No.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alan DeKok ha scritto:
peppeska wrote:
Ok!!!
Now I have this configuration
INCLUDE /etc/radiusclient/dictionary.microsoft
INCLUDE /etc/radiusclient/dictionary.ascend
INCLUDE /etc/radiusclient/dictionary.compat
INCLUDE
peppeska wrote:
...
Sending Access-Accept of id 50 to 127.0.0.1 port 1028
...
Mar 21 19:21:41 applejack pppd[18529]: MS-CHAP authentication failed:
PPPD is broken.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
but plog:
[EMAIL PROTECTED]:/home/peppeska# plog
Mar 21 19:21:18 applejack pppd[18527]: Plugin rp-pppoe.so loaded.
Mar 21 19:21:18 applejack pppd[18529]: pppd 2.4.4 started by root, uid 0
Mar 21 19:21:19 applejack pppd[18529]: PPP session is 6
Mar 21 19:21:19 applejack pppd[18529]: Using
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alan DeKok ha scritto:
peppeska wrote:
...
Sending Access-Accept of id 50 to 127.0.0.1 port 1028
...
Mar 21 19:21:41 applejack pppd[18529]: MS-CHAP authentication failed:
PPPD is broken.
And wath I most do now?
@Thibault Le Meur
I use
SQL refuses to start when I comment out the INCLUDE line with clients.conf.
Is there anything else I have to change so that it knows to look to SQL for
a table of acceptable NAS's and to get it to run other than commenting out
this INCLUDE statement?
tzieleniewski wrote:
Yes I checked it.
Hi,
SQL refuses to start when I comment out the INCLUDE line with clients.conf.
Is there anything else I have to change so that it knows to look to SQL for
a table of acceptable NAS's and to get it to run other than commenting out
this INCLUDE statement?
last time I looked, you still had to
Yes I checked it.
You may comment it out from the radiusd.conf file.
Is there anything I have to config so it doesn't touch the config files? How
do I move the server onto pure SQL for the NAS list? Can the clients.conf
file be totally empty?
tzieleniewski wrote:
What I managed to
But actually there is one place where U will need clients.conf.
If U use log_badlogins from dialup_admin/bin scripts you are going to need it
if to have the nasipaddress logged too. It will be than display in the failed
logins dialup_admin screen. Still it will be displayed in the form of name
On Mon 05 Feb 2007 23:03, Guilherme Franco wrote:
Sorry Mr. Geoffroy, your message arrived only now in my e-mail.
Somehow, every list message takes a large amount of time to come into my
e-mail.
I am also have big delays on some emails from the list (Up to 5 days!) while
others arrive within
Could you post this file ?
I have only:
eap {
default_eap_type = tls
tls {
tls_cacertfile = /etc/freeradius/cert/ca.pem
tls_certfile = /etc/freeradius/cert/radius.crt
tls_keyfile = /etc/freeradius/cert/radius.key
}
}
BR,
Rafal
Could you post this file ?
I have only:
eap {
default_eap_type = tls
tls {
tls_cacertfile = /etc/freeradius/cert/ca.pem
tls_certfile = /etc/freeradius/cert/radius.crt
tls_keyfile = /etc/freeradius/cert/radius.key
Here's the scenario.
I'd like to make one username for all users having/sharing same service (e.g.
users w/ service A all have username 'foo' with unique password for every
user). Now, the problem arises with accounting, or, to be more precise,
session reports that will be available for them to
-Message d'origine-
De :
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
.org] De la part de Marco Stuhl
Envoyé : vendredi 15 décembre 2006 13:47
À : FreeRadius users mailing list
Objet : Re: RE : RE : rlm_sql: Password in Accounting Packet
Here's the scenario.
I'd like to make one
décembre2006 13:47
À : FreeRadius users mailinglist
Objet : Re: RE : RE : rlm_sql: Password in AccountingPacket
Here's the scenario.
I'd like to make one username for all usershaving/sharing same service
(e.g. users w/ service A all have username 'foo'with unique password
I think part of my problem is that I do not have the vlans defined in the
Access Point. I incorrectly assumed that the AP would receive the vlan info
from the Radius server, and tag all outgoing packets from the wireless
client with that tag. However, I'm starting to think that that is
Olá a todos, Como faço para transformar o Freeradius num cliente do IAS? Existe algum tutorial, ou artigo? Se for sem passar pelo servidor freeradius eu já configurei o radiusclient para ir direto ao IAS, mas não deu certo, nada acontece, e o pior de tudo que não tenho nem como debugar o problema
Phil Mayers [EMAIL PROTECTED] a écrit: Mitaine Yoann wrote: */Michael Mitchell <[EMAIL PROTECTED]>/* a écrit : Client-IP-Address is an internal freeRADIUS attribute, and is not defined in the RFC's. Hence it is never proxied to another server.Yes, I am aware of that. I said that, in
Mitaine Yoann wrote:
*/Michael Mitchell [EMAIL PROTECTED]/* a écrit :
Client-IP-Address is an internal freeRADIUS attribute, and is not
defined in the RFC's. Hence it is never proxied to another server.
Yes, I am aware of that. I said that, in fact.
In fact, the
1 - 100 of 107 matches
Mail list logo