Re: Freeradius + 2 x LDAP + VLAN

2013-09-16 Thread Miroslav Lednicky
Thank you, it works with simple modification (not too effective): ldap1 if (ok) { update reply { Tunnel-Type = VLAN Tunnel-Medium-Type = IEEE-802 Tunnel-Private-Group-Id = 1

Freeradius + 2 x LDAP + VLAN

2013-09-12 Thread Miroslav Lednicky
Hello, I have Freeradius 2.1.10 with 2 LDAP servers (ldap1 + ldap2) and Ubuntu 12.04 I using it for 802.1x users. I need switch users from ldap1 to VLAN 1 and users from ldap2 to VLAN 2. I don't know how can i do it. My configuration: /etc/freeradius/modules/ldap: ldap ldap1 { ...

Re: Freeradius + 2 x LDAP + VLAN

2013-09-12 Thread Arran Cudbard-Bell
On 12 Sep 2013, at 18:18, Miroslav Lednicky miroslav.ledni...@fnusa.cz wrote: Hello, I have Freeradius 2.1.10 with 2 LDAP servers (ldap1 + ldap2) and Ubuntu 12.04 authorize { ldap1 if (ok) { update reply { Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802

freeRadius 2.x

2012-12-20 Thread rosect190
It is noticed that some VSAs are sent with Access-Challenge but not with Access-Accept when PEAP is used. Is there a way to configure the server such that those attributes are sent with Access-Accept? Thank you.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeRadius 2.x

2012-12-20 Thread Alan DeKok
rosect...@yahoo.com wrote: It is noticed that some VSAs are sent with Access-Challenge but not with Access-Accept when PEAP is used. Is there a way to configure the server such that those attributes are sent with Access-Accept? Configure the server to send them in the Access-Accept. If

Re: freeRadius 2.x

2012-12-20 Thread Phil Mayers
On 12/20/2012 05:14 PM, rosect...@yahoo.com wrote: It is noticed that some VSAs are sent with Access-Challenge but not with Access-Accept when PEAP is used. Is there a way to configure the server such that those attributes are sent with Access-Accept? use_tunneled_reply = yes under the peap

Re: freeRadius 2.x

2012-12-20 Thread A . L . M . Buxey
Hi, In addition, if you're seeing the VSAs in Access-Challenge, it's most likely because you're returning them in the authorize second. Instead, consider returning them in the post-auth section of the inner-tunnel server, combined with the config above. dont forget RFC 2865

Re: Needed Freeradius 2.x + MySQL + Dynamic DHCP.. its possible?

2011-03-22 Thread Rogelio Sevilla Fernandez
Or maybe, exist the form to only auth via MySQL and do the Pool via files? Alan DeKok al...@deployingradius.com escribió: Rogelio Sevilla Fernandez wrote: So, If the clients auths from AP1, i need freeradius send DHCP data to my client using one dinamic IP Pool like 192.168.1.0/24 with

Re: Needed Freeradius 2.x + MySQL + Dynamic DHCP.. its possible?

2011-03-20 Thread Alan DeKok
Rogelio Sevilla Fernandez wrote: So, If the clients auths from AP1, i need freeradius send DHCP data to my client using one dinamic IP Pool like 192.168.1.0/24 with DefaultGateway, NetworkMask and DNS server. It's possible... but not really easy to do right now. Peter Nixon apparently has

Needed Freeradius 2.x + MySQL + Dynamic DHCP.. its possible?

2011-03-17 Thread Rogelio Sevilla Fernandez
Hi.. Im working with Freeradius 2.1.8 + Mysql Support. The Auth system works well. The only thing to do its add DHCP support. This is the Scenario: Client Connects to AP1. AP1 do the request/replies from/to FreeRadius Server.. Client get Authenticated and asking IP from DHCP.. I dont want use

freeradius 2.x EAP-MSCHAPv2 + MySQL

2010-05-19 Thread Maciej Drobniuch
Hi ALL!! I'm trying to get authenticated with mikrotik wireless AP. All works but only when I add the user into the users file. The thing is that i want to get the users from mysql. In this moment the authentication requests are coming from PPPoE concentrator, and the users are in MySQL database -

RE: freeradius 2.x EAP-MSCHAPv2 + MySQL

2010-05-19 Thread dorra aa
hi,in sql.conf did you modify that line :readclients = no to readclients = yes ? Date: Wed, 19 May 2010 13:52:59 +0200 Subject: freeradius 2.x EAP-MSCHAPv2 + MySQL From: mac...@drobniuch.pl To: freeradius-users@lists.freeradius.org Hi ALL!! I'm trying to get authenticated

Re: freeradius 2.x EAP-MSCHAPv2 + MySQL

2010-05-19 Thread Maciej Drobniuch
My NAS-es are located in the clients file and they are working fine with pppoe auth. 2010/5/19 dorra aa dj_dido2...@hotmail.com: hi, in sql.conf did you modify that line :readclients = no to readclients = yes ? Date: Wed, 19 ! May 2010 13:52:59 +0200 Subject: freeradius 2.x EAP-MSCHAPv2

Re: freeradius 2.x EAP-MSCHAPv2 + MySQL

2010-05-19 Thread Maciej Drobniuch
and they are working fine with pppoe auth. 2010/5/19 dorra aa dj_dido2...@hotmail.com: hi, in sql.conf did you modify that line :readclients = no to readclients = yes ? Date: Wed, 19 ! May 2010 13:52:59 +0200 Subject: freeradius 2.x EAP-MSCHAPv2 + MySQL From: mac...@drobniuch.pl

Re: freeradius 2.x EAP-MSCHAPv2 + MySQL

2010-05-19 Thread Alan Buxey
Hi, so, its an EAP request and therefore gets proxied into inner-tunnel... } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = \010E=691 R=1 ^ nice. EAP-Message = 0x04080004 Message-Authenticator =

Re: freeradius 2.x EAP-MSCHAPv2 + MySQL

2010-05-19 Thread Alan DeKok
Maciej Drobniuch wrote: The freeradius server while authenticating is not searching in the sql database. Why that? You didn't configure it. What does the debug log say? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius 2.x EAP-MSCHAPv2 + MySQL

2010-05-19 Thread Maciej Drobniuch
Maybe you did not understand me, but when the mario user is in files all works fine but when not the freeradius isn't asking the sql. I'm using EAP PEAP MSCHAPv2 The sql is enabled and it works fine with pap,chap,mschap, mschapv2 on pppoe concentrators, but while using EAP it isn't working. Here

Re: freeradius 2.x EAP-MSCHAPv2 + MySQL

2010-05-19 Thread Alan DeKok
Maciej Drobniuch wrote: Maybe you did not understand me, but when the mario user is in files all works fine but when not the freeradius isn't asking the sql. Because you didn't configure it to ask SQL. I'm using EAP PEAP MSCHAPv2 Did you edit raddb/sites-available/inner-tunnel? The sql

Re: freeradius 2.x EAP-MSCHAPv2 + MySQL

2010-05-19 Thread Alan Buxey
Hi, Maybe you did not understand me, but when the mario user is in files all works fine but when not the freeradius isn't asking the sql. I'm using EAP PEAP MSCHAPv2 The sql is enabled and it works fine with pap,chap,mschap, mschapv2 on pppoe concentrators, but while using EAP it isn't

Re: freeradius 2.x EAP-MSCHAPv2 + MySQL

2010-05-19 Thread Maciej Drobniuch
Thanks Alan, I did not knew about the inner-tunnel. Now everything works fine. BIG THANKS TO ALL!! 2010/5/19 Alan DeKok al...@deployingradius.com: Maciej Drobniuch wrote: Maybe you did not understand me, but when the mario user is in files all works fine but when not the freeradius isn't

Re: Freeradius 2.x + MySQL: Failed to authenticate the user

2010-01-14 Thread Alan DeKok
Alexander wrote: Hello all, I have a new setup with Freeradius 2.1.7, Dialup Admin 1.80 and MySQL 5.0.77 running under Red Hat ES 5.4. Access from Freeradius to MySQL is working fine but user 'dummy' does not get authenticated. After hours of searching through my setup it seems to me

Re: Freeradius 2.x + MySQL: Failed to authenticate the user

2010-01-14 Thread Alexander
--- On Thu, 1/14/10, Alan DeKok al...@deployingradius.com wrote:   See your users file: ++[unix] returns notfound [files] users: Matched entry DEFAULT at line 70   That entry is forcing Auth-Type := System.   Don't do that.   Alan DeKok. Hello Alan, thanks for your hint which

Re: No MySQL queries with freeradius 2.x from Lenny

2009-03-06 Thread Denny Schierz
hi, sorry for my late answer: in short: Am Donnerstag, den 05.03.2009, 10:05 +0100 schrieb t...@kalik.net: Queries are in raddb/sql/mysql/dialup.conf. Have you made changes to that file? no, it was commented out from myself ..., bad idea. Undo it, was the trick. :-) My long answer follows

No MySQL queries with freeradius 2.x from Lenny

2009-03-05 Thread Denny Schierz
hi, i tried to get coopa chilli running, but i have problems with radius and mysql. Radius works with users from files, but not with mysql. I can only see on startup some mysql messages (connect) but no queries at all. The system Debian Lenny. sql.conf sql { database = mysql

RE: No MySQL queries with freeradius 2.x from Lenny

2009-03-05 Thread Tim Sylvester
=networkradius@lists.freer adius.org] On Behalf Of Denny Schierz Sent: Thursday, March 05, 2009 12:40 AM To: freeradius-users@lists.freeradius.org Subject: No MySQL queries with freeradius 2.x from Lenny hi, i tried to get coopa chilli running, but i have problems with radius and mysql. Radius

Re: No MySQL queries with freeradius 2.x from Lenny

2009-03-05 Thread tnt
i tried to get coopa chilli running, but i have problems with radius and mysql. Radius works with users from files, but not with mysql. I can only see on startup some mysql messages (connect) but no queries at all. .. Wed Mar 4 20:00:03 2009 : Debug: modsingle[authorize]: calling sql (rlm_sql)

RE: No MySQL queries with freeradius 2.x from Lenny

2009-03-05 Thread tnt
3. Send all of the debug output from the radius server. The useful information is missing from this section of the debug output: Wed Mar 4 20:00:03 2009 : Debug: ++[unix] returns notfound Wed Mar 4 20:00:03 2009 : Debug: modsingle[authorize]: calling sql (rlm_sql) for request 1 Wed Mar 4

Re: Suse SLES 10SP2 with freeradius 2.x

2008-10-29 Thread Hubert Kupper
[EMAIL PROTECTED] schrieb: Hi, I have build the rpm's without errors. Before I had to edit the freeradius.spec file and comment out autoreconf. After radiusd -X I get the following errors: yep - you build it without openssl-devel package installed - it clearly says in the log

Re: Suse SLES 10SP2 with freeradius 2.x

2008-10-29 Thread Graham Marsh
I used i386 version of SLES10SP1. Are you using that one or x86_64 version? If using the latter, try the former. On Wed, Oct 29, 2008 at 3:01 PM, Hubert Kupper [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] schrieb: Hi, I have build the rpm's without errors. Before I had to edit the

Re: Suse SLES 10SP2 with freeradius 2.x

2008-10-29 Thread Anders Holm
Did you rebuild from source obtained from freeradius.org or a src.rpm? The RPMs are maintained by Suse. Sent from my iPhone On 29 Oct 2008, at 07:01, Hubert Kupper [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] schrieb: Hi, I have build the rpm's without errors. Before I had to edit the

Re: Suse SLES 10SP2 with freeradius 2.x

2008-10-29 Thread Hubert Kupper
Anders Holm schrieb: Did you rebuild from source obtained from freeradius.org or a src.rpm? The RPMs are maintained by Suse. Sent from my iPhone On 29 Oct 2008, at 07:01, Hubert Kupper [EMAIL PROTECTED] wrote: I tried both. The source from freeradius.org and a FR2.0.5 rpm from suse. Boert

Re: Suse SLES 10SP2 with freeradius 2.x

2008-10-29 Thread Anders Holm
This a 64 bit system that also has 32 bit libs? Sent from my iPhone On 29 Oct 2008, at 08:09, Hubert Kupper [EMAIL PROTECTED] wrote: Anders Holm schrieb: Did you rebuild from source obtained from freeradius.org or a src.rpm? The RPMs are maintained by Suse. Sent from my iPhone On 29 Oct

Re: Suse SLES 10SP2 with freeradius 2.x

2008-10-29 Thread Hubert Kupper
Anders Holm schrieb: This a 64 bit system that also has 32 bit libs? Sent from my iPhone On 29 Oct 2008, at 08:09, Hubert Kupper [EMAIL PROTECTED] wrote: No, it's a 32 bit system. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Suse SLES 10SP2 with freeradius 2.x

2008-10-29 Thread Alan DeKok
Graham Marsh wrote: Interesting the getting page only links to the old 1.x versions - an omission? Nothing should point to the getting page any more. The download link points to the download page, which links to 2.x. Alan DeKok. - List info/subscribe/unsubscribe? See

Re: Suse SLES 10SP2 with freeradius 2.x

2008-10-28 Thread A . L . M . Buxey
Hi, found a 1.1.6-2.1 rpm and installed it. Now I will update to a newer version but there is no rpm for SLES 10 available. When I try to compile freeradius v. 2.x then there are problems with shared libraries they are not available in SLES. On a Opensuse 11.0 machine the 2.0.5 version

Re: Suse SLES 10SP2 with freeradius 2.x

2008-10-28 Thread Hubert Kupper
Graham Marsh schrieb: I am running FR 2.1.0 OK on SLES10SP1 against edir LDAP backend. The way I did it, I installed the C/C++ Compiler and Tools in the Yast patterned setup. This takes care of a number of dependencies. If you don't want to do this, simply install the required deps later but

Re: Suse SLES 10SP2 with freeradius 2.x

2008-10-28 Thread Graham Marsh
No idea, sorry. You say this is SLES10SP2 which I haven't used, have you tried - FR2.1.0? - clean slate install perhaps in a VM? - fall back to SLES10SP1? Other than that I have nothing to suggest - Original Message - rlm_eap: Ignoring EAP-Type/tls because we do not have OpenSSL

Re: Suse SLES 10SP2 with freeradius 2.x

2008-10-28 Thread tnt
You probably need to link to openssl in configure. Something like: http://www.mail-archive.com/[EMAIL PROTECTED]/msg19160.html Ivan Kalik Kalik Informatika ISP Dana 28/10/2008, Graham Marsh [EMAIL PROTECTED] piše: No idea, sorry. You say this is SLES10SP2 which I haven't used, have you tried

Re: Suse SLES 10SP2 with freeradius 2.x

2008-10-28 Thread Hubert Kupper
Graham Marsh schrieb: No idea, sorry. You say this is SLES10SP2 which I haven't used, have you tried - FR2.1.0? - clean slate install perhaps in a VM? - fall back to SLES10SP1? Other than that I have nothing to suggest where can I get FR2.1.0 source? Boert - List info/subscribe/unsubscribe?

Re: Suse SLES 10SP2 with freeradius 2.x

2008-10-28 Thread A . L . M . Buxey
Hi, I have build the rpm's without errors. Before I had to edit the freeradius.spec file and comment out autoreconf. After radiusd -X I get the following errors: yep - you build it without openssl-devel package installed - it clearly says in the log rlm_eap: Ignoring EAP-Type/tls because

Re: Suse SLES 10SP2 with freeradius 2.x

2008-10-28 Thread Graham Marsh
@lists.freeradius.org Sent: Tuesday, October 28, 2008 9:08 PM Subject: Re: Suse SLES 10SP2 with freeradius 2.x Graham Marsh schrieb: No idea, sorry. You say this is SLES10SP2 which I haven't used, have you tried - FR2.1.0? - clean slate install perhaps in a VM? - fall back to SLES10SP1? Other

Re: Suse SLES 10SP2 with freeradius 2.x

2008-10-28 Thread A . L . M . Buxey
Hi, Interesting the getting page only links to the old 1.x versions - an omission? In any case you can just get the old 2.x from here ftp://ftp.freeradius.org/pub/freeradius/old/ getting an older version wont help - it'll also fail the OpenSSL stuff simply because its a compilation problem.

Suse SLES 10SP2 with freeradius 2.x

2008-10-27 Thread Hubert Kupper
Hello, has anyone running freeradius v. 2x running on SLES 10 against edirectory? Best regards Boert - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Suse SLES 10SP2 with freeradius 2.x

2008-10-27 Thread Graham Marsh
I am running FR 2.1.0 OK on SLES10SP1 against edir LDAP backend. The way I did it, I installed the C/C++ Compiler and Tools in the Yast patterned setup. This takes care of a number of dependencies. If you don't want to do this, simply install the required deps later but there will be quite a few

Re: CA.all and CA.certs in Freeradius 2.x

2008-10-08 Thread Vegard Svanberg
* Vegard Svanberg [EMAIL PROTECTED] [2008-10-07 12:16]: Perhaps you should bother reading the mysteriously named file README in /certs directory before asking questions. Seems the file got lost during the transition from 1.x. Thanks! Hm, something is not working right, but I'm not sure

Re: CA.all and CA.certs in Freeradius 2.x

2008-10-08 Thread tnt
Try with ca-server bundle: cat ca.pem server.pem cabundle.pem Use that as CAfile and export (appropriate version) to the clients. Ivan Kalik Kalik Informatika ISP Dana 8/10/2008, Vegard Svanberg [EMAIL PROTECTED] piše: * Vegard Svanberg [EMAIL PROTECTED] [2008-10-07 12:16]: Perhaps you

Re: CA.all and CA.certs in Freeradius 2.x

2008-10-08 Thread Vegard Svanberg
* [EMAIL PROTECTED] [EMAIL PROTECTED] [2008-10-08 15:03]: Try with ca-server bundle: cat ca.pem server.pem cabundle.pem Use that as CAfile and export (appropriate version) to the clients. Worked great, thanks! Perhaps the Makefile should be updated? -- Vegard Svanberg [EMAIL

Re: CA.all and CA.certs in Freeradius 2.x

2008-10-08 Thread tnt
That's just the ad-hoc solution for the error you reported (error 20 - incomplete chain). It might not be the best way of doing things. I don't use certificates that much. Others might know a better way of sorting this out. Ivan Kalik Kalik Informatika ISP Dana 8/10/2008, Vegard Svanberg [EMAIL

CA.all and CA.certs in Freeradius 2.x

2008-10-07 Thread Vegard Svanberg
The CA.all and CA.certs scripts seem to not be included in the Freeradius 2.x tarball anymore. Have they just been forgotten, or have they been replaced by other scripts, or are there other recommended ways of handling/generating certs in 2.x? -- Vegard Svanberg [EMAIL PROTECTED] [EMAIL

Re: CA.all and CA.certs in Freeradius 2.x

2008-10-07 Thread Vegard Svanberg
* [EMAIL PROTECTED] [EMAIL PROTECTED] [2008-10-07 12:13]: Perhaps you should bother reading the mysteriously named file README in /certs directory before asking questions. Seems the file got lost during the transition from 1.x. Thanks! -- Vegard Svanberg [EMAIL PROTECTED] [EMAIL PROTECTED]

Re: CA.all and CA.certs in Freeradius 2.x

2008-10-07 Thread tnt
Perhaps you should bother reading the mysteriously named file README in /certs directory before asking questions. Ivan Kalik Kalik Informatika ISP Dana 7/10/2008, Vegard Svanberg [EMAIL PROTECTED] piše: The CA.all and CA.certs scripts seem to not be included in the Freeradius 2.x tarball

radrelay freeradius 2.x

2008-07-29 Thread Raffael Himmelreich
Hi there, I wonder if there's an easy way/guide to reproduce the freeradius 1.x radrelay behavior? I'm afraid that the copy-to-home-server solution does not execute the accounting requests, but only relays them. Am I right? I want to execute accounting requests and relay these packets to

Re: radrelay freeradius 2.x

2008-07-29 Thread Pshem Kowalczyk
Hi I'm not sure what you mean by 'execute' but you can configure a virtual server that simply reads a detail file. Packets 'received' this way are treated as any other packets received over the network. If you make multiple copies of the packets (to multiple detail files) you can process them

Re: radrelay freeradius 2.x

2008-07-29 Thread Alan DeKok
Pshem Kowalczyk wrote: I'm not sure what you mean by 'execute' but you can configure a virtual server that simply reads a detail file. Packets 'received' this way are treated as any other packets received over the network. If you make multiple copies of the packets (to multiple detail files)