Hi,
I am using freeradius-0.9.3 with postgres 7.4.11. I have the following issue:
The radius message from a client has Event-Timestamp displayed as
local EDT time, but when Radiusd proccesses the message, the
Event-Timestamp was converted to UTC time (as shown in the radacct
detail log files). H
the 3COM user site, I am told that MTU setting should be 1514 both on
3COM & freeRADIUS. I am a newbie to freeRADIUS so I need help. Please help
with following:
(1)
How do I change the MTU settings in freeRADIUS to 1514?
Thanks.
Kirti
Hello List:
I am a newbie to freeRADIUS. This is my first attempt to setup. I am
updating/setting "radius.conf" file. One question:
What is RADIUS Clients?
Is it number of users which will be dialing up and will be processed by the
RADIUS server or is it the number of NAS Clients connected serv
Clients would be Nas Devices .. Such as portmasters if you have dialup pool
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kirti S.
Bajwa
Sent: Tuesday, January 06, 2004 11:28 AM
To: '[EMAIL PROTECTED]'
Subject: RE: Settings
Hello Lis
Boisvert [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 06, 2004 11:32 AM
To: [EMAIL PROTECTED]
Subject: RE: Settings
Clients would be Nas Devices .. Such as portmasters if you have dialup pool
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kirti S
"Kirti S. Bajwa" <[EMAIL PROTECTED]> wrote:
> I am a newbie to freeRADIUS. This is my first attempt to setup. I am
> updating/setting "radius.conf" file. One question:
>
> What is RADIUS Clients?
Buy the RADIUS book.
If you don't know what RADIUS clients are, I don't think you need a
RADIUS
, January 06, 2004 12:12 PM
To: [EMAIL PROTECTED]
Subject: Re: Settings
"Kirti S. Bajwa" <[EMAIL PROTECTED]> wrote:
> I am a newbie to freeRADIUS. This is my first attempt to setup. I am
> updating/setting "radius.conf" file. One question:
>
> What is RADIUS C
[EMAIL PROTECTED] wrote on 01/06/2004 11:22:29
AM:
> I have the RADIUS book from O'Rilley & I am reading it. I have read the
book
> about 5-times. If the answer is in the book, kindly point me to the page
> number. I will really appreciate it.
You must be reading the book in sandscrit, because
"Kirti S. Bajwa" <[EMAIL PROTECTED]> wrote:
> I have the RADIUS book from O'Rilley & I am reading it. I have read the book
> about 5-times. If the answer is in the book, kindly point me to the page
> number. I will really appreciate it.
I don't have the book in front of me, but it definitely dis
r, then, please let me
know.
Thanks.
Kirti
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 06, 2004 12:30 PM
To: [EMAIL PROTECTED]
Subject: RE: Settings
[EMAIL PROTECTED] wrote on 01/06/2004 11:22:29
AM:
> I have the RADIUS book from O'Rille
[EMAIL PROTECTED] wrote on 01/06/2004 11:42:41
AM:
> Yes clients are mention all over the book but there is a definition on
Page
> 3, which states:
>
> "When discussing AAA and RADIUS, the terms "clients" and "server" often
> comes up. However, there can be some confusion about which of these
"Kirti S. Bajwa" <[EMAIL PROTECTED]> wrote:
> As I have said, I have read the book about 5 times and there are
> several references to "clients" applicable to the subject being
> discussed.
Ok..
> Please read my question again & if you know the answer, then, please let me
> know.
The problem
, enlighten me!!! What is the answer??
Thanks,
Kirti
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 06, 2004 3:50 PM
To: [EMAIL PROTECTED]
Subject: Re: Settings
"Kirti S. Bajwa" <[EMAIL PROTECTED]> wrote:
> As I have said, I ha
"Kirti S. Bajwa" <[EMAIL PROTECTED]> wrote:
> Max_request setting in "radius.conf" is supposed to be the maximum number of
> requests which the server keeps track of. It is supposed to be 4 * number of
> clients.
That's a guideline. The documentation for that setting says you can
set it to larg
[EMAIL PROTECTED] wrote on 01/06/2004 04:48:36
PM:
> Max_request setting in "radius.conf" is supposed to be the maximum
number of
> requests which the server keeps track of. It is supposed to be 4 *
number of
> clients.
>
> In this situation what is a client:
>
> (1) is it number of NAS being
: RE: Settings
[EMAIL PROTECTED] wrote on 01/06/2004 04:48:36
PM:
> Max_request setting in "radius.conf" is supposed to be the maximum
number of
> requests which the server keeps track of. It is supposed to be 4 *
number of
> clients.
>
> In this situation what is a cli
Is it better to have freeradius run using this line as suggested in the
service-radiusd.txt file: fr:23:respawn:/usr/local/sbin/radiusd -f -s
&> /dev/null? I was thinking of running it as a daemon instead of in
the foreground and having multiple threads. Which is more optimal?
Thanks in advanc
Hi all. I promise this is my last question before I flip the switch on
this new installation.
I was using 1.1.7 and I had a number of problems with sqlippool
handing out duplicate IPs, stop records not getting recorded, etc. Only
under many requests (20-30) at one time. It was ok with small l
"Khoa Nguyen" <[EMAIL PROTECTED]> wrote:
> The radius message from a client has Event-Timestamp displayed as
> local EDT time, but when Radiusd proccesses the message, the
> Event-Timestamp was converted to UTC time (as shown in the radacct
> detail log files). How can I disable this? I checked the
; One the 3COM user site, I am told that MTU setting should be 1514 both on
> 3COM & freeRADIUS. I am a newbie to freeRADIUS so I need help. Please help
> with following:
>
> (1) How do I change the MTU settings in freeRADIUS to 1514?
>
> Thanks.
>
> Kirti
>
-
L
CTED] On
> Behalf Of Kirti S. Bajwa
> Messenger, www.riteaid.net, and many many other web sites.
> One the 3COM user site, I am told that MTU setting should be
> 1514 both on 3COM & freeRADIUS. I am a newbie to freeRADIUS
> so I need help. Please help with following:
>
>
"Mike Cisar" <[EMAIL PROTECTED]> wrote:
> Note to Alan... just a thought but given that MTU can be such a tricky
> problem to track down... might it be better to ship FreeRADIUS without a
> forced MTU setting in the sample config file... or at least have it
> commented out instead of active by defa
Mike:
There is another reponse from Jon Matias Fraile [EMAIL PROTECTED]
He indicates that the maximun Framed-MTU is 1500. Many people on the 3COM
list has suggested to change the setting to 1514, which I did. What settings
do you have on your 3CON NAS? What is the best settings for Framed-MTU
t.
Jon
On Mon, 7 Feb 2005, Kirti S. Bajwa wrote:
> Mike:
>
> There is another reponse from Jon Matias Fraile [EMAIL PROTECTED]
> He indicates that the maximun Framed-MTU is 1500. Many people on the 3COM
> list has suggested to change the setting to 1514, which I did. Wha
That configuration will run FreeRADIUS as a daemon. It just means that
init will restart it if/when it dies. I think you are confusing init
with (x)inetd.
On Wed, 2004-02-18 at 18:44, Tin Ly wrote:
> Is it better to have freeradius run using this line as suggested in the
> service-radiusd.txt file
"Tin Ly" <[EMAIL PROTECTED]> wrote:
> I was thinking of running it as a daemon instead of in
> the foreground and having multiple threads. Which is more optimal?
The server has multiple threads because multiple threads allow it to
process more requests in less time.
If the server is a daem
I have a user specified in my users file like this:
isdn Auth-Type = System
Service-Type = Framed,
Framed-Protocol = MPP,
Framed-Routing = None,
Ascend-Maximum-Time = 18000,
Ascend-Idle-Limit =
"Drew Weaver" <[EMAIL PROTECTED]> wrote:
> Can anyone tell me why the radius server is ignoring the isdn entry in
> the users file and instead returning the DEFAULT entry?
It's not. The debug output you posted shows it IS matching the isdn
entry, but that it is ALSO matching the later DEFAULT e
hi,
gosh. its such a wide question (well, the answer
can be very open...). there are many many ways to
optimise the DB - you can chuck more memory
at the server settings - increase the buffers etc.
you can add more index keys to the tables...
you can change the DB engine - eg InnoDB instead
or
ed to the list, I see Alan suggests that
the duplicate requests are related to radiusd not replying quickly
enough due to either having hostname lookups enabled or due to sql
backend slowness. I'm not using sql in my configuration and do not have
hostname lookups enabled.
Are there any settin
eturning reject (again.)
[peap] *** This means you need to read the PREVIOUS messages in the debug
output
[peap] *** to find out the reason why the user was rejected.
[peap] *** Look for "reject" or "fail". Those earlier messages will tell
you.
[peap] *** what went wrong, a
Hi,
we are using FreeRADIUS Version 2.1.12 In FREEBSD v.9.
our logrotate settings like below.
/var/log/freeradius/radius.log {
daily
rotate 8
create
missingok
compress
postrotate
kill -HUP `cat /var/run/freeradius/freeradius.pid
Hi,
I'm trying to use freeradius with EAP-TTLS and multiple ldap setting.
Multiple ldap settings because each of them is looking on a different
access attribute and profile dn attribute. I want to select one of the
ldap sources for the huntgroup used for wireless clients, the other one
Jeremiah Millay wrote:
Hi,
I'm seeing some odd behavior running freeradius-1.1.7 in a freebsd 6.3
environment. I see a lot of these in the radius log:
Tue Apr 22 09:27:44 2008 : Error: Discarding duplicate request from
client arc3.wnskvtao.sover.net:1645 - ID: 208 due to unfinished request
1
Jeremiah Millay wrote:
> I'm seeing some odd behavior running freeradius-1.1.7 in a freebsd 6.3
> environment. I see a lot of these in the radius log:
>
> Tue Apr 22 09:27:44 2008 : Error: Discarding duplicate request from
> client arc3.wnskvtao.sover.net:1645 - ID: 208 due to unfinished request
>
Phil Mayers wrote:
Jeremiah Millay wrote:
Hi,
I'm seeing some odd behavior running freeradius-1.1.7 in a freebsd
6.3 environment. I see a lot of these in the radius log:
Tue Apr 22 09:27:44 2008 : Error: Discarding duplicate request from
client arc3.wnskvtao.sover.net:1645 - ID: 208 due to u
Are you using "wtmp" i.e. "radlast". Don't. It's slow.
Here are some more snippets related to wtmp (from what I can tell):
unix {
cache = no
cache_reload = 600
radwtmp = ${logdir}/radwtmp
}
accounting {
detail
unix
radutmp
}
session {
radutmp
}
I'm guessing it won't
On 01/12/2012 01:23 PM, lmgo5991 wrote:
Hi,
Could someone please shed some light on the where we are going wrong. We
have followed the documentation provided however it is unclear where to
reference our internal ad servers.
Your subject line is a bit confusing. You say "proxy settings&q
00
Proxy-State =3D 0x313933
Waking up in 3.9 seconds.
Cleaning up request 0 ID 193 with timestamp +14
Marking home server 10.1.1.78 port 1812 as zombie (it looks like it is dead=
).
Ready to process requests.
We are trying to locate where we would reference our internal AD within eit=
her proxy.conf and/or clients.conf. or should ntlm do this automatically...=
..
Ps we are not trying to use ldap sorry for the mis leading test user id :).
Thanks
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Help-with-proxy-settings-please-tp5139910p5140289.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 01/12/2012 04:08 PM, lmgo5991 wrote:
Hi Phil,
Thanks for you quick response. Just to clarify what we have succeeded in t=
o date:
1. Install Samba done
2. Join Samba to the domain done
3. Start winbind done
4. Configure FreeRADIUS to use ntlm_auth to check MSCHAP against the
A
hi,
this wasnt proxying an authentication request - it wasdealing with it direct
(and failing when doing the auth)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
r requests to the
NPS box. if the later, configure FR to handle the request - edit mschap module
to call ntlm_auth with your required settings.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Thu, Mar 8, 2012 at 6:04 PM, Selcuk Yazar wrote:
> Hi,
> we are using FreeRADIUS Version 2.1.12 In FREEBSD v.9.
>
> our logrotate settings like below.
>
> /var/log/freeradius/radius.log {
> daily
> rotate 8
> create
>
: Thursday, March 08, 2012 12:04 PM
To: freeradius-users@lists.freeradius.org
Subject: FreeRadius Logrotate settings for FreeBSD
Hi,
we are using FreeRADIUS Version 2.1.12 In FREEBSD v.9.
our logrotate settings like below.
/var/log/freeradius/radius.log {
daily
rotate 8
create
Hello,
Could anyone help me?
I'm trying setting up freeradius 2.1.12 for eduroam.
The local auth works well, but the proxy part not so.
here is the configuration :
RADIUSD.CONF :
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /
Hello again,I got the DialupAdmin/SQL problem fixed (Thanks) but now I'm running into a problem with FreeRADIUS. I've tried following several different guides I've found on the net for setting up FreeRADIUS and MySQL and each time, I get the same results. Whenever, I enable anything regarding
Arne Brutschy <[EMAIL PROTECTED]> wrote:
> So I thought the request will be go through the authorize section, first
> preprocessing the huntgroups, then selecting the DEFAULT entry in the
> users file, adding Autz-Type as check-items and selecting the
> appropriate Autz-Type based on that item.
med-User,
Framed-Protocol = PPP,
Filter-Id = "ISDN",
Fall-Through = no
...
---
Example: huntgroups
ISDNNAS-IP-Address == 128.165.254.254, NAS-Port == 4473-4495
User-Name == 085407
On Thu, 2004-02-26 at 08:55, Arne Brutschy wrote:
> Hi,
>
Alan DeKok wrote:
Arne Brutschy <[EMAIL PROTECTED]> wrote:
>
Did you see that DEFAULT entry in the "users" file match for the
tunneled session? If not, it never set Autz-Type.
It did not, and it never matched my huntgroup. It turned out that I had
to switch copy_request_to_tunnel in the ttls se
Kenneth Grady <[EMAIL PROTECTED]> wrote:
> I find it difficult to get things authorized (Autz-type) because an
> entry that is not in LDAP does not get rejected.
So... edit radiusd.conf to change the default behaviour. See
doc/configurable_failover.
In something like this should work:
autho
Any one has an idea of getting rid of
"The server certificate is not trusted because there are no explicit trust
settings"
on MAC OSX 10.4.9 without selecting "always trust this certificate"
==
Benjamin K. Eshun
---
On 21.01.2013 16:39, Hocine M wrote:
> Hello,
>
> Could anyone help me?
>
> I'm trying setting up freeradius 2.1.12 for eduroam.
> The local auth works well, but the proxy part not so.
First you should have a look at
https://confluence.terena.org/display/H2eduroam/How+to+deploy+eduroam+on-site+
hi,
as already mentined, there is the eduroam confluence wiki for
further documentation.
your request was proxied offbut not answered. ask for someone to check the
logs on the next hop - or at the final target RADIUS to see if they got the
requests through
however, your eduroam user-
Hello,
Are there any instruction, step-by-step on how to
build the RADIUS server for WPA and WPA2
(802.11a/b/g).
And would there be possible to install the RADIUS
server separate from DHCP server? if yes, how to?
the Client is Windows XP, which has support for 802.1x
client.
Thanks,
Timolthy
RADIUS server Shared Secret? or can I
use a default Shared Secret in Free Radius?
2. Users
I will be using WPA Enterprise on my workstation and not sure of the
following settings on in the 'users". DHCP is used for wireless users.
If needed I could reserve an test address and place it here
Hi,
I would like to setup LDAP module with different settings for different
clients.
How can I do this?
Can I setup multiple LDAP module settings and specify which one I would like
to use for a site or client?
Can I define some of the LDAP settings inside the site or client config?
thanks
Hello all,
I've done a radiusd -X to do some testing and was rather shocked by what
happened when I'm attempting to make some changes to make one specific NAS (our
DSL group) to have no timeouts. Here's a snippet of my config:
DEFAULT Auth-Type = System, NAS-IP-Address == ip.add.re.ss, Simult
[EMAIL PROTECTED] wrote:
> I've tried following several different guides I've found on the net
> for setting up FreeRADIUS and MySQL and each time, I get the same
> results. Whenever, I enable anything regarding SQL in radiusd.conf
> and start up radiusd in debug mode (radiusd -X), FreeRADIUS
> s
Hi,
Have you installed the MySQL development extensions? They are essential.
You also need to compile FreeRadius with experimental modules to enable
MySQL.
Regards,
Sean
http://swarmhotspots.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
I use the python module which works fine. Now I have to setup a second virtual
host with different configuration of the python module.
How I can tell freeradius to have one python module with setup a and one with
setup b?
Is it possible to import a module with new name?
With best rega
Timolthy Keithy <[EMAIL PROTECTED]> wrote:
> Are there any instruction, step-by-step on how to
> build the RADIUS server for WPA and WPA2
> (802.11a/b/g).
http://www.freeradius.org/doc/
> And would there be possible to install the RADIUS
> server separate from DHCP server? if yes, how to?
Fr
hi
Are there any instruction, step-by-step on how to
build the RADIUS server for WPA and WPA2
(802.11a/b/g).
yes, there are. today, it should work "out of the box" (well, there is
no box, but still).
the good news from the pov of the radius server is that all these things
you mentioned are tran
Thanks Artur and Alan.
> http://www.freeradius.org/doc/
> FreeRADIUS has no connection to any DHCP server.
> They are always completely independent.
I have not built the RADIUS server yet, i will use
Redhat or Mandrake Linux to build one (I am very new
to Linux world, that is why I need to
hi
However, how to direct or tell the authenticated
Radius client/station go to get the IP address from
the DHCP server, in other words, is in the RADIUS
server where to indicate the DHCP server IP address
(or point to my DSL router 192.168.1.1).
no. radius is used till to the point when the auth
> just for the case: no, it is
> NOT possible to assign IP addresses by 802.1X; you have to do DHCP after
> the authentication (yes, it is strange).
A clever AP could support this:
1. Serving DHCP to the wireless netowork only
2. Getting the Framed-IP-Address from the radius Access-Accept, and
p
add to it: forward the DHCPDISCOVER to the DS if no internal table entry
for this MAC is found. yapp, that would be even very easy to integrate.
but i don't think that _any_ AP does that.
ciao
artur
Damjan wrote:
just for the case: no, it is
NOT possible to assign IP addresses by 802.1X; you hav
Damjan <[EMAIL PROTECTED]> wrote:
> A clever AP could support this:
> 1. Serving DHCP to the wireless netowork only
> 2. Getting the Framed-IP-Address from the radius Access-Accept, and
> putting it in a internal table (MAC -> IP)
> 3. Serving that exact IP via DHCP when the subsciber asks for a le
Hi.
I was using freeradus-2.1.10 as radius proxy server.
proxy.conf says this.
# Also, the mapping of host name to address is done ONCE
# when the server starts. If DNS is later updated to
# change the address, FreeRADIUS will NOT discover that
# until after a re-start, o
Herbert Fischer wrote:
> I would like to setup LDAP module with different settings for different
> clients.
>
> How can I do this?
Either set up a different virtual server for each client, OR use
"unlang" to check "if client X, use ldap X"
> Can I setu
her wrote:
> > I would like to setup LDAP module with different settings for different
> > clients.
> >
> > How can I do this?
>
> Either set up a different virtual server for each client, OR use
> "unlang" to check "if client X, use ldap X"
>
ood the connection between the users
> file and the virtual server conf.
>
> best regards
>
> On Fri, May 13, 2011 at 2:28 AM, Alan DeKok wrote:
>
>> Herbert Fischer wrote:
>> > I would like to setup LDAP module with different settings for different
>> > clie
On 05/13/2011 07:34 PM, Herbert Fischer wrote:
if (ldap_group-LDAP-Group != "somegroup") {
You can't do this.
You can only test for group membership i.e.
if (ldap_group-LDAP-Group == somegroup) {
# do nothing
}
else {
# ...whatever
}
The != and other operators don't work for the virtual
Thanks Phil!
On Fri, May 13, 2011 at 3:43 PM, Phil Mayers wrote:
> On 05/13/2011 07:34 PM, Herbert Fischer wrote:
>
> if (ldap_group-LDAP-Group != "somegroup") {
>>
>
> You can't do this.
>
> You can only test for group membership i.e.
>
>
> if (ldap_group-LDAP-Group == somegroup) {
> # do noth
> add to it: forward the DHCPDISCOVER to the DS if no internal table entry
> for this MAC is found. yapp, that would be even very easy to integrate.
>
> but i don't think that _any_ AP does that.
Well, an AP that does 802.1x + chillispot is all you need :)
You get the accounting, bandwidth shapp
"Curt LeCaptain" <[EMAIL PROTECTED]> wrote:
> From what I understand, if people come from the NAS-IP-Address of
> ip.add.re.ss, it should be stopping everything, giving them their IP
> and not continuing on due to the Fall-Through = No. Perhaps I'm
> getting this wrong, but I'm trying to make it s
As always, run it in debugging mode. You would see the answer.
In this case, NAS-IP-Address is an attribute in the RADIUS packet.
So if the NAS doesn't send it, it doesn't match that entry.
Okay, so I'm looking at my radiusd -X output and here's what I get on a
access-request:
rad_recv: Acce
"Curt LeCaptain" <[EMAIL PROTECTED]> wrote:
> I'm just asking this for my understanding, am I still going to want to use
> Client-IP-Address even though from what I can see here, the NAS-IP-Address
> attribute is appearing within the output of debugging?
I would suggest using Client-IP-Address
>> I'm just asking this for my understanding, am I still going to want
to >>use Client-IP-Address even though from what I can see here, the
NAS-IP-
>> Address attribute is appearing within the output of debugging?
> I would suggest using Client-IP-Address, unless you know that the
>NAS will alw
Jonathan De Graeve wrote:
How do you explain this then?
I have a NAS that DOESN'T sent NAS-IP-Address attribute to the radius
server (only nas-identifier) but all my huntgroups based on
NAS-IP-Address work without any problem...
Is this then somewhere in the code?
If (!NAS-IP-Address && Cl
Christoph Thielecke wrote:
> I use the python module which works fine. Now I have to setup a second
> virtual
> host with different configuration of the python module.
>
> How I can tell freeradius to have one python module with setup a and one with
> setup b?
>
> Is it possible to import a mo
ichiro tanaka wrote:
> So, I send to freeradius "kill -HUP".
> But authhost and accthost was not reloaded to new ip-address.
Proxy settings aren't reloaded on HUP.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 8/7/06, Yan Cai <[EMAIL PROTECTED]> wrote:
tls: check_cert_cn = "%{User-Name}"
rlm_eap_tls: Loading the certificate file as a chain
Segmentation fault
Hi,
hm, would you care to check if (from your eap.conf)
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
are acce
1, installed openssl-0.9.7-stable-SNAP-20060731, which is downloaded from
www.openssl.org.
2, completed the necessary settings in openssl, which is locaed in
/usr/local/openssl/ssl.
rlm_eap_tls: Loading the certificate file as a chain
Segmentation fault
Seg Fault humm... I usually get this
. Hoercher
Sent: Monday, August 07, 2006 1:55 PM
To: FreeRadius users mailing list
Subject: Re: a question about settings for EAP-TLS authentication
On 8/7/06, Yan Cai <[EMAIL PROTECTED]> wrote:
>
> tls: check_cert_cn = "%{User-Name}"
>
> rlm_eap_tls: Loading the
Hi,
> I'm probably wrong but didn't it used to be that the fall-through
> command was to tell the users file to continue processing if it didn't
> find a match?
You're wrong. It was about continuing _even though_ it found a match.
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformat
Hi,
> Can anyone tell me why the radius server is ignoring the isdn entry in
> the users file and instead returning the DEFAULT entry?
All of your entries specify Fall-Through = 1 / Yes (which is the same, AFAIK).
So, the entries of isdn get read, but then overwritten by the later DEFAULT
matc
August 17, 2006 1:37 PM
To: FreeRadius users mailing list
Subject: Re: user specific settings in users file overwritten by
DEFAULTsettings?
"Drew Weaver" <[EMAIL PROTECTED]> wrote:
> Can anyone tell me why the radius server is ignoring the isdn entry in
> the users file an
"Drew Weaver" <[EMAIL PROTECTED]> wrote:
> I'm probably wrong but didn't it used to be that the fall-through
> command was to tell the users file to continue processing if it didn't
> find a match?
Nope. The reply items are looked at ONLY if there's a match, so
Fall-Through is looked at only if
ecking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as cn=Manager,o=My Org,c=UA/hsuan to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: LDAP login failed: check identity, passwo
>rlm_ldap: LDAP login failed: check identity, password settings in ldap
>section of radiusd.conf
>
Slightly missleading - should say:
rlm_ldap: LDAP login failed: check identity, password settings in ldap
module configuration - raddb/modules/ldap
You haven't configured ldap mo
ldap: LDAP login failed: check identity, password settings
in ldap section of radiusd.conf
>rlm_ldap: LDAP login failed: check identity, password settings in ldap
>section of radiusd.conf
>
Slightly missleading - should say:
rlm_ldap: LDAP login failed: check identity, password settings in l
>I have set the radius.conf about ldap as follows :
>
>ldap {
>
>server = "localhost"
>identity = "cn=ManagerĄAdc=exampleĄAdc=orgĄAdc=tw"
>password = hsuan
>basedn = "dc= exampleĄAdc=orgĄAdc=tw"
>filter =
>(&(!(objectClass=alias))(uid=%{Stripped-User-Name:-%{
}"
password_attribute =User-Password
timeout = 4
timelimit = 3
net_timeout = 1
}
But still have the error message ""rlm_ldap: LDAP login failed: check
identity, password settings in ldap section of radiusd.conf"
Regards,
Vicky
-
5
>password_header = "{crypt}"
>password_attribute =User-Password
>timeout = 4
> timelimit = 3
> net_timeout = 1
>}
>But still have the error message ""rlm_ldap: LDAP login failed: check
>identit
AM
To: FreeRadius users mailing list
Subject: **SPAM MAIL by NCHC** RE: rlm_ldap: LDAP login failed: check
identity, password settings in ldap section of radiusd.conf
>I have check the file (in raddb/modules/ldap), the config file is set the
>ldap section as follows :
>ldap {
>
>
>I am sorry ! I don't know what are you talking about ?
>Can you make it clear for me ? thank you very much !
>
You have more than one freeradius installation. Freeradius instance that
you are running is not using the configuration files you are changing.
There is probably a default installation
connect to localhost:389, authentication 0
rlm_ldap: bind as cn=Manager??dc=nchc??dc=org??dc=tw/hsuan to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: LDAP login failed: check identity, password settings in ldap
section of radiusd.conf
rlm_ldap: (re)connection attempt failed
[ld
esult ...
>
>rlm_ldap: LDAP login failed: check identity, password settings in ldap
>section of radiusd.conf
>
>rlm_ldap: (re)connection attempt failed
>
Nothing misterious now. Looks like that identity is wrong (strange
characters). Use english keyboard to type those detail
, radius being an ou inside admins.
I get this error when freeradius trys to confirm the user/passwd
against the ADS.
"rlm_ldap: LDAP login failed: check identity, password settings in
ldap section of radiusd.conf"
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How did u resolve this issue?
thanks
SB
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
1 - 100 of 101 matches
Mail list logo