Thank you,
it works with simple modification (not too effective):
ldap1
if (ok) {
update reply {
Tunnel-Type = VLAN
Tunnel-Medium-Type = IEEE-802
Tunnel-Private-Group-Id = 1
Hello,
I have Freeradius 2.1.10 with 2 LDAP servers (ldap1 + ldap2) and Ubuntu
12.04
I using it for 802.1x users.
I need switch users from ldap1 to VLAN 1 and users from ldap2 to VLAN 2.
I don't know how can i do it.
My configuration:
/etc/freeradius/modules/ldap:
ldap ldap1 {
...
On 12 Sep 2013, at 18:18, Miroslav Lednicky miroslav.ledni...@fnusa.cz wrote:
Hello,
I have Freeradius 2.1.10 with 2 LDAP servers (ldap1 + ldap2) and Ubuntu 12.04
authorize {
ldap1
if (ok) {
update reply {
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802
It is noticed that some VSAs are sent with Access-Challenge but not with
Access-Accept when PEAP is used.
Is there a way to configure the server such that those attributes are sent with
Access-Accept?
Thank you.-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rosect...@yahoo.com wrote:
It is noticed that some VSAs are sent with Access-Challenge but not with
Access-Accept when PEAP is used.
Is there a way to configure the server such that those attributes are
sent with Access-Accept?
Configure the server to send them in the Access-Accept.
If
On 12/20/2012 05:14 PM, rosect...@yahoo.com wrote:
It is noticed that some VSAs are sent with Access-Challenge but not with
Access-Accept when PEAP is used.
Is there a way to configure the server such that those attributes are
sent with Access-Accept?
use_tunneled_reply = yes under the peap
Hi,
In addition, if you're seeing the VSAs in Access-Challenge, it's
most likely because you're returning them in the authorize second.
Instead, consider returning them in the post-auth section of the
inner-tunnel server, combined with the config above.
dont forget RFC 2865
Or maybe, exist the form to only auth via MySQL and do the Pool via files?
Alan DeKok al...@deployingradius.com escribió:
Rogelio Sevilla Fernandez wrote:
So, If the clients auths from AP1, i need freeradius send DHCP data to
my client using one dinamic IP Pool like 192.168.1.0/24 with
Rogelio Sevilla Fernandez wrote:
So, If the clients auths from AP1, i need freeradius send DHCP data to
my client using one dinamic IP Pool like 192.168.1.0/24 with
DefaultGateway, NetworkMask and DNS server.
It's possible... but not really easy to do right now. Peter Nixon
apparently has
Hi.. Im working with Freeradius 2.1.8 + Mysql Support.
The Auth system works well. The only thing to do its add DHCP support.
This is the Scenario:
Client Connects to AP1.
AP1 do the request/replies from/to FreeRadius Server..
Client get Authenticated and asking IP from DHCP..
I dont want use
Hi ALL!!
I'm trying to get authenticated with mikrotik wireless AP. All works
but only when I add the user into the users file.
The thing is that i want to get the users from mysql.
In this moment the authentication requests are coming from PPPoE
concentrator, and the users are in MySQL database -
hi,in sql.conf did you modify that line :readclients = no to readclients =
yes ?
Date: Wed, 19 May 2010 13:52:59 +0200
Subject: freeradius 2.x EAP-MSCHAPv2 + MySQL
From: mac...@drobniuch.pl
To: freeradius-users@lists.freeradius.org
Hi ALL!!
I'm trying to get authenticated
My NAS-es are located in the clients file and they are working fine
with pppoe auth.
2010/5/19 dorra aa dj_dido2...@hotmail.com:
hi,
in sql.conf did you modify that line :readclients = no to
readclients = yes ?
Date: Wed, 19 ! May 2010 13:52:59 +0200
Subject: freeradius 2.x EAP-MSCHAPv2
and they are working fine
with pppoe auth.
2010/5/19 dorra aa dj_dido2...@hotmail.com:
hi,
in sql.conf did you modify that line :readclients = no to
readclients = yes ?
Date: Wed, 19 ! May 2010 13:52:59 +0200
Subject: freeradius 2.x EAP-MSCHAPv2 + MySQL
From: mac...@drobniuch.pl
Hi,
so, its an EAP request and therefore gets proxied into inner-tunnel...
} # server inner-tunnel
[peap] Got tunneled reply code 3
MS-CHAP-Error = \010E=691 R=1
^
nice.
EAP-Message = 0x04080004
Message-Authenticator =
Maciej Drobniuch wrote:
The freeradius server while authenticating is not searching in the sql
database. Why that?
You didn't configure it.
What does the debug log say?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Maybe you did not understand me, but when the mario user is in files
all works fine but when not the freeradius isn't asking the sql.
I'm using EAP PEAP MSCHAPv2
The sql is enabled and it works fine with pap,chap,mschap, mschapv2 on
pppoe concentrators, but while using EAP it isn't working.
Here
Maciej Drobniuch wrote:
Maybe you did not understand me, but when the mario user is in files
all works fine but when not the freeradius isn't asking the sql.
Because you didn't configure it to ask SQL.
I'm using EAP PEAP MSCHAPv2
Did you edit raddb/sites-available/inner-tunnel?
The sql
Hi,
Maybe you did not understand me, but when the mario user is in files
all works fine but when not the freeradius isn't asking the sql.
I'm using EAP PEAP MSCHAPv2
The sql is enabled and it works fine with pap,chap,mschap, mschapv2 on
pppoe concentrators, but while using EAP it isn't
Thanks Alan, I did not knew about the inner-tunnel.
Now everything works fine.
BIG THANKS TO ALL!!
2010/5/19 Alan DeKok al...@deployingradius.com:
Maciej Drobniuch wrote:
Maybe you did not understand me, but when the mario user is in files
all works fine but when not the freeradius isn't
Alexander wrote:
Hello all,
I have a new setup with Freeradius 2.1.7, Dialup Admin 1.80 and MySQL 5.0.77
running under Red Hat ES 5.4. Access from Freeradius to MySQL is working fine
but user 'dummy' does not get authenticated. After hours of searching through
my setup it seems to me
--- On Thu, 1/14/10, Alan DeKok al...@deployingradius.com wrote:
See your users file:
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 70
That entry is forcing Auth-Type := System.
Don't do that.
Alan DeKok.
Hello Alan,
thanks for your hint which
hi,
sorry for my late answer: in short:
Am Donnerstag, den 05.03.2009, 10:05 +0100 schrieb t...@kalik.net:
Queries are in raddb/sql/mysql/dialup.conf. Have you made changes to that
file?
no, it was commented out from myself ..., bad idea. Undo it, was the
trick. :-)
My long answer follows
hi,
i tried to get coopa chilli running, but i have problems with radius and
mysql. Radius works with users from files, but not with mysql. I can
only see on startup some mysql messages (connect) but no queries at all.
The system Debian Lenny.
sql.conf
sql {
database = mysql
=networkradius@lists.freer
adius.org] On Behalf Of Denny Schierz
Sent: Thursday, March 05, 2009 12:40 AM
To: freeradius-users@lists.freeradius.org
Subject: No MySQL queries with freeradius 2.x from Lenny
hi,
i tried to get coopa chilli running, but i have problems with radius and
mysql. Radius
i tried to get coopa chilli running, but i have problems with radius and
mysql. Radius works with users from files, but not with mysql. I can
only see on startup some mysql messages (connect) but no queries at all.
..
Wed Mar 4 20:00:03 2009 : Debug: modsingle[authorize]: calling sql
(rlm_sql)
3. Send all of the debug output from the radius server. The useful
information is missing from this section of the debug output:
Wed Mar 4 20:00:03 2009 : Debug: ++[unix] returns notfound
Wed Mar 4 20:00:03 2009 : Debug: modsingle[authorize]: calling sql
(rlm_sql) for request 1
Wed Mar 4
[EMAIL PROTECTED] schrieb:
Hi,
I have build the rpm's without errors. Before I had to edit the
freeradius.spec file and comment out autoreconf.
After radiusd -X I get the following errors:
yep - you build it without openssl-devel package installed -
it clearly says in the log
I used i386 version of SLES10SP1. Are you using that one or x86_64
version? If using the latter, try the former.
On Wed, Oct 29, 2008 at 3:01 PM, Hubert Kupper [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] schrieb:
Hi,
I have build the rpm's without errors. Before I had to edit the
Did you rebuild from source obtained from freeradius.org or a src.rpm?
The RPMs are maintained by Suse.
Sent from my iPhone
On 29 Oct 2008, at 07:01, Hubert Kupper [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] schrieb:
Hi,
I have build the rpm's without errors. Before I had to edit the
Anders Holm schrieb:
Did you rebuild from source obtained from freeradius.org or a src.rpm?
The RPMs are maintained by Suse.
Sent from my iPhone
On 29 Oct 2008, at 07:01, Hubert Kupper [EMAIL PROTECTED] wrote:
I tried both. The source from freeradius.org and a FR2.0.5 rpm from suse.
Boert
This a 64 bit system that also has 32 bit libs?
Sent from my iPhone
On 29 Oct 2008, at 08:09, Hubert Kupper [EMAIL PROTECTED] wrote:
Anders Holm schrieb:
Did you rebuild from source obtained from freeradius.org or a
src.rpm? The RPMs are maintained by Suse.
Sent from my iPhone
On 29 Oct
Anders Holm schrieb:
This a 64 bit system that also has 32 bit libs?
Sent from my iPhone
On 29 Oct 2008, at 08:09, Hubert Kupper [EMAIL PROTECTED] wrote:
No, it's a 32 bit system.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Graham Marsh wrote:
Interesting the getting page only links to the old 1.x versions - an
omission?
Nothing should point to the getting page any more. The download
link points to the download page, which links to 2.x.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Hi,
found a 1.1.6-2.1 rpm and installed it. Now I will update to a newer
version but there is no rpm for SLES 10 available. When I try to compile
freeradius v. 2.x then there are problems with shared libraries they are
not available in SLES. On a Opensuse 11.0 machine the 2.0.5 version
Graham Marsh schrieb:
I am running FR 2.1.0 OK on SLES10SP1 against edir LDAP backend.
The way I did it, I installed the C/C++ Compiler and Tools in the Yast
patterned setup. This takes care of a number of dependencies. If you
don't want to do this, simply install the required deps later but
No idea, sorry. You say this is SLES10SP2 which I haven't used, have you
tried
- FR2.1.0?
- clean slate install perhaps in a VM?
- fall back to SLES10SP1?
Other than that I have nothing to suggest
- Original Message - rlm_eap: Ignoring EAP-Type/tls because we do
not have OpenSSL
You probably need to link to openssl in configure. Something like:
http://www.mail-archive.com/[EMAIL PROTECTED]/msg19160.html
Ivan Kalik
Kalik Informatika ISP
Dana 28/10/2008, Graham Marsh [EMAIL PROTECTED] piše:
No idea, sorry. You say this is SLES10SP2 which I haven't used, have you
tried
Graham Marsh schrieb:
No idea, sorry. You say this is SLES10SP2 which I haven't used, have
you tried
- FR2.1.0?
- clean slate install perhaps in a VM?
- fall back to SLES10SP1?
Other than that I have nothing to suggest
where can I get FR2.1.0 source?
Boert
-
List info/subscribe/unsubscribe?
Hi,
I have build the rpm's without errors. Before I had to edit the
freeradius.spec file and comment out autoreconf.
After radiusd -X I get the following errors:
yep - you build it without openssl-devel package installed -
it clearly says in the log
rlm_eap: Ignoring EAP-Type/tls because
@lists.freeradius.org
Sent: Tuesday, October 28, 2008 9:08 PM
Subject: Re: Suse SLES 10SP2 with freeradius 2.x
Graham Marsh schrieb:
No idea, sorry. You say this is SLES10SP2 which I haven't used, have you
tried
- FR2.1.0?
- clean slate install perhaps in a VM?
- fall back to SLES10SP1?
Other
Hi,
Interesting the getting page only links to the old 1.x versions - an
omission? In any case you can just get the old 2.x from here
ftp://ftp.freeradius.org/pub/freeradius/old/
getting an older version wont help - it'll also fail the OpenSSL stuff
simply because its a compilation problem.
Hello,
has anyone running freeradius v. 2x running on SLES 10 against edirectory?
Best regards
Boert
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I am running FR 2.1.0 OK on SLES10SP1 against edir LDAP backend.
The way I did it, I installed the C/C++ Compiler and Tools in the Yast
patterned setup. This takes care of a number of dependencies. If you
don't want to do this, simply install the required deps later but
there will be quite a few
* Vegard Svanberg [EMAIL PROTECTED] [2008-10-07 12:16]:
Perhaps you should bother reading the mysteriously named file README in
/certs directory before asking questions.
Seems the file got lost during the transition from 1.x. Thanks!
Hm, something is not working right, but I'm not sure
Try with ca-server bundle:
cat ca.pem server.pem cabundle.pem
Use that as CAfile and export (appropriate version) to the clients.
Ivan Kalik
Kalik Informatika ISP
Dana 8/10/2008, Vegard Svanberg [EMAIL PROTECTED] piše:
* Vegard Svanberg [EMAIL PROTECTED] [2008-10-07 12:16]:
Perhaps you
* [EMAIL PROTECTED] [EMAIL PROTECTED] [2008-10-08 15:03]:
Try with ca-server bundle:
cat ca.pem server.pem cabundle.pem
Use that as CAfile and export (appropriate version) to the clients.
Worked great, thanks!
Perhaps the Makefile should be updated?
--
Vegard Svanberg [EMAIL
That's just the ad-hoc solution for the error you reported (error 20 -
incomplete chain). It might not be the best way of doing things. I
don't use certificates that much. Others might know a better way of
sorting this out.
Ivan Kalik
Kalik Informatika ISP
Dana 8/10/2008, Vegard Svanberg [EMAIL
The CA.all and CA.certs scripts seem to not be included in the
Freeradius 2.x tarball anymore. Have they just been forgotten, or have
they been replaced by other scripts, or are there other recommended ways
of handling/generating certs in 2.x?
--
Vegard Svanberg [EMAIL PROTECTED] [EMAIL
* [EMAIL PROTECTED] [EMAIL PROTECTED] [2008-10-07 12:13]:
Perhaps you should bother reading the mysteriously named file README in
/certs directory before asking questions.
Seems the file got lost during the transition from 1.x. Thanks!
--
Vegard Svanberg [EMAIL PROTECTED] [EMAIL PROTECTED]
Perhaps you should bother reading the mysteriously named file README in
/certs directory before asking questions.
Ivan Kalik
Kalik Informatika ISP
Dana 7/10/2008, Vegard Svanberg [EMAIL PROTECTED] piše:
The CA.all and CA.certs scripts seem to not be included in the
Freeradius 2.x tarball
Hi there,
I wonder if there's an easy way/guide to reproduce the
freeradius 1.x radrelay behavior?
I'm afraid that the copy-to-home-server solution does not
execute the accounting requests, but only relays them. Am I right?
I want to execute accounting requests and relay these packets to
Hi
I'm not sure what you mean by 'execute' but you can configure a
virtual server that simply reads a detail file. Packets 'received'
this way are treated as any other packets received over the network.
If you make multiple copies of the packets (to multiple detail files)
you can process them
Pshem Kowalczyk wrote:
I'm not sure what you mean by 'execute' but you can configure a
virtual server that simply reads a detail file. Packets 'received'
this way are treated as any other packets received over the network.
If you make multiple copies of the packets (to multiple detail files)
54 matches
Mail list logo