logging a known value at that point should be trivial...
Why would you want to log the password from the database? You can
always look it up in the database, if you care what it is.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
in FreeRADIUS 0.9.0. It doesn't use that option to
look for OpenSSL.
Try the latest CVS snapshot, and do:
./configure --prefix=/usr/local/freeradius
--with-open-ssl-inc=/usr/local/ssl/include --with-openssl-lib=/usr/local/ssl/lib ...
and it should be better.
Alan DeKok.
-
List info/subscribe
for 'md5', just like the default
'radiusd.conf'. List 'ttls' after 'md5', just like the default
'radiusd.conf'
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the Makefiles.
Each 'Makefile' for the modules is about 10 lines. The 'configure'
scripts are there only as an easy short-hand, in 99% of the normal
cases. If 'configure' is too hard to use, edit the 'Makefile' by
hand.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
?
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Octavio Ramirez Rojas [EMAIL PROTECTED] wrote:
for LDAP user's autentification, i need the certificates?
No.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
original message.
Please be sure you understand which protocols are used where in the
network. If you don't, your network design implementation will be
wrong.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the right version of crypt() ?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
names I forget. Xsupplicant has not been tested.
If you have any questions or comments, please post them here.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
better only if people submit patches.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
/pam_radius_auth.so
debug I have Password accepted.
So everybody accept the password.
But on the client trying to ssh It says connection Reset by remote host.
Try building the module with the extra 'paranoid' flags in the
Makefile. I've heard that doing that helps on RH 9.
Alan DeKok.
-
List info
??? Someone ???
They work. They don't go out of their way to do stupid things.
I'm willing to change the code in FreeRADIUS, but I would rather
not. The AP should be thrown in the garbage, (or upgraded) instead.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Broussard Philippe [EMAIL PROTECTED] wrote:
I have found this :
...
Can you explain the meaning of this syntax ?
doc/configurable_failover
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
' to
see where the packets are going.
It's possible make the users authentification using LDAP like user's
database?
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
really know.
Submit patches, if it's important to you.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
why.
What the heck is the 'radacct' protocol?
And %f is the Framed-IP-Address from the reply packet. So it won't
work for Accounting-Requests. Try:
...
Exec-Program = /usr/local/bin/mydemoscript %u
%{request:Framed-IP-Address} %I
Alan DeKok.
-
List info/subscribe
.0.9.7a = /lib/libssl.so.0.9.7a
You need 0.9.7b, don't ask me why.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a problem like
this.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
activity.
I would also suggest running 0.9.0, as it contains a number of bug
fixes over 0.8
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to the server. Fix
that, and it should work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
already processes accounting requests through the 'hints'
file.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Nicolas Baradakis [EMAIL PROTECTED] wrote:
I don't understand why you say it's a busy loop: it isn't going to
take 100% CPU time.
But it's using more than 0% CPU time, therefore it's a busy loop.
I'll take a look at touching it up, and adding it to the server.
Alan DeKok.
-
List info
will
probably be cleanups minor maintenance. The basic features of the
server seem to be OK.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
+ accounting to RADIUS. It should probably be part of the
FreeRADIUS distribution...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Peter P. Benac [EMAIL PROTECTED] wrote:
Has anyone tried to get SASL to authenticate to Free Radius or to get
Sendmail to authenticate to Free Radius..
Not that I've heard, but it shouldn't be too hard to do.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
than what might
be reasonably expected to be in an access-request packet, so it never dawned
on me that it just might be as simple as expiration:=when
Yes, that's an issue. The server-side attributes desperately need
to be documented.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
Zoup [EMAIL PROTECTED] wrote:
can you please tell my what we will got on 1.0 ?
what will be this basic feature ? :)
I'm not sure what you mean by that.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
with busy loops.
It prolly shouldn't be an L_ERR either... That seems too
severe for something that loops every 1000us.
Absolutely.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
consumable for one
month) im trying to install with
--with-experimental-modules and here my log:
Nothing in what you posted shows what the error is.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ulrich Walcher [EMAIL PROTECTED] wrote:
I just wrote some new help pages for dialup-admin and altered
user_edit.attrs.
Where to should I mail the diff and the pages?
Put them in a 'tar' file on a web page, and mail the URL to the
list.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
login, ssh login,
etc.) radius requests.
Wait a few months. With the discussions on -devel about TTLS
PEAP, I'm sure they will be in FreeRADIUS before January.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Roy [EMAIL PROTECTED] wrote:
How can I make rlm_mysql support L2TP accounting ?
Did I miss some ?
No. The sql module doesn't currently handle Tunnel-Link-Stop
messages.
It shouldn't be hard to add, though.
Alan DeKok.
-
List info/subscribe/unsubscribe
in BOOTP/DHCP, but do you
think something like this would be possible?
It should be possible, but I don't know off-hand if any AP's work
that way.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the 'detail' module in the latest CVS snapshot. It will create
detail style files for authentication requests, responses, proxied
packets, and replies from a home server.
It won't log all of the information you see in debugging mode, but
it will log a fair amount of useful data.
Alan DeKok
be obvious what to type
in.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
that if an EAP client has a user name, it
MUST include that in the EAP-Identity, and also in the User-Name of a
RADIUS packet.
The latest CVS snapshot is a little more forgiving, in that it
allows *SOME* EAP authentication types without a User-Name.
Alan DeKok.
-
List info/subscribe/unsubscribe
but not the others,
Yes. Not all of the MIB information is updated by the server.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
in groupcmp () from /usr/lib/rlm_unix-0.9.0.so
It will be fixed in the CVS snapshot from Tuesday, and in 0.9.1.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
?
No. But other portions of the packet are used. See the RFC's.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to authenticate
also to our Domain Controller. This is where we are having our problem,
That sounds like you want TTLS, which the server does not currently
support.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, PAP, CHAP, MS-CHAP, Kerberos, LDAP
and I don't know what else, and nowhere have I found a simple and complete
answer. It seems some people are doing this, can anyone help me?
rlm_smb
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ron Wahler [EMAIL PROTECTED] wrote:
Not sure if your email is working Alan.
Email, lights, power...
The East Coast of North America is now known as Welcome to the 1800's
Maybe we'll enter the 19th century on Monday.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
Ed H [EMAIL PROTECTED] wrote:
Any word on when the 0.9.1 release might be out?
Not this weekend.
If no one else has issues with 0.9.0, probably in a week or so.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
' file.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
editing src/modules/rlm_eap/Makefile:
#
STATIC_OBJS += $(shell ls -1 types/rlm_eap_md5/rlm_eap_md5.a
types/rlm_eap_leap/rlm_eap_leap.a 2/dev/null)
#
And drop the changes to 'src/main/Makefile', as they don't seem to
work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
Ed H [EMAIL PROTECTED] wrote:
Which file from the CVS should I download?
Don't. Grab the whole snapshot in a day or two.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
method you'll be able to use is
EAP-MD5, even if the EAP module is updated.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
for FreeRADIUS says this.
Since the Client-IP-Address value is not there, the packet keeps
looping between the two servers.
I think you're using Cistron radiusd, not FreeRADIUS.
Miquel is on vacation right now, so I don't know if you'll get much
help on the cistron list.
Alan DeKok
that to the list.
Put them on a web page, and post the URL to the list. The majority of
what you posted was taken without change from the default confguration
of the server, which means that there was no reason to post it to the
list, as it's already well-known.
Alan DeKok.
-
List info
the *correct* 'users' file?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
NOT be
occuring.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to the
detail file, and put it into the DB later.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
questions but you could be little nicer.
shrug The information you needed to solve this problem was right
in front of you in the debug log messages, and in the FAQ.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
) the password which just happens to be the MAC address.
For another AP, you add a different password.
Another option is to modify the modcall[authorize] sql statement to
say something like if Username = MacAddress OR Username =
SharedSecret.
That is by far and away too complicated.
Alan DeKok
.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the internals of the EAP module, which doesn't
affect the sub-modules much.
A few data structures have changed, so the sub-modules were updated,
but that's very minor.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
is needed by the modules you use.
Another question, In doing so, is there any issues that I should be
aware of (like the library dependency, path_to_install, etc) ?
No.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
piece of software!
You're welcome.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
in the standard
input, is it correct?
That's what you told it to do. Don't use '-x', and there will be
nothing printed to standard out, and the log files will be used. See
the 'man' page.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I would wait
until Friday before trying it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. It's insecure,
though.
EAP-TLS requires client certificates, but is more secure.
Or, you can try using LEAP.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jason Coutermarsh [EMAIL PROTECTED] wrote:
Is there a specific procedure for going from a regular release version
of freeRadius to a CVS version?
No.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
at that instead of mysql? Someone please help me here...
In the 'check' table.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sevcik Berndt [EMAIL PROTECTED] wrote:
We also have an running OpenLDAP Server running which has entries for
all of our users. Is it possible to move all TLS certificates to LDAP
and then let Freeradius look for them there?
Not currently.
Alan DeKok.
-
List info/subscribe/unsubscribe
either
choose this computer or a certain domain and after it its going to
check the certificate. Can we reverse the process?
That's a question for XP, and my guess is that the answer will be
no.
Alan DeKok.
C
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
for this?
No.
Are there any code snippets and an advice on how to call during the auth
process?
scripts/exec-program-wait
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
from the AP? If it's 500, then
we can fix the EAP module to pay attention to that, which should help.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
in debugging mode, and sending it
packets, to see what's going on?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to this to start
looking...
Type up a step-by-step howto guide for debugging problems like
this, and I'll include it in the server documentation. But don't
expect it to answer many of these questions... the people who need it
the most won't bother to read it.
Alan DeKok.
-
List info/subscribe
. The server continues sending EAP
packets, so they're not a problem.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Rudramuni PH [EMAIL PROTECTED] wrote:
Full Debug in formation
...
sigh Go back and read it. The answer to your question is in the
debug log you posted to the list.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
is that the client is sending two
different kinds of requests.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
right there. Somehow, the nas ip address isn't
being properly set, and as a result the request does not match the
huntgroup.
The NAS-IP-Address is set to whatever is in the RADIUS packet.
Debugging mode will show this. Run 'tcpdump' to see it in another
format.
Alan DeKok.
-
List info
information than less.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FOR RADTEST???
Have you tried reading the 'man' page for it?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
this information, but in the detail files, every hour.
The detail file is for accounting messages. If you're not getting
accounting messages, then there will be nothing in the detail file.
This is a FAQ.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(except for the passwords!), and you will
end up with a certificate structure just like the one in the doc.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
it really.
There was a patch for certificate revocation checking on the
server. You could use that...
Our Access Point also support EAP-TTLS. Will freeradius support this in
future?
That's the hope.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
that there is an 'array index out of bound' bug
in src/modules.c :
Fixed, thanks.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
= dnsservers
will not authenticate anyone, even when the access request matches
everything in the dnsservers huntgroup,
Look for 'Huntgroup-Name' in the sample 'users' file, and see what
you're doing differently from those examples.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
of characters to 255.255.255.255,
It doesn't, unless DNS is broken. That address is the official 'no
such address' marker.
Using the hostname in radtest works. It's one of the requirements,
that hostnames are looked up, and converted to addresses.
Alan DeKok.
-
List info/subscribe
one of you radius gurus
(not Alan).
You're welcome.
It's NOT a RADIUS problem. In fact, the problem has nothing
whatsoever to do with RADIUS. It's a local configuration issue, and
one which isn't particularly difficult to solve, once you focus on the
problem, and not on the solution.
Alan
, then the
password will be set to the User-Name, which will work for the other
AP's.
That's 4 solutions.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Chris van Meerendonk [EMAIL PROTECTED] wrote:
As far as I can see now the problem is that in the acct_users I've got
the following:
DEFAULT Huntgroup-Name == huntgroup, Replicate-To-Realm := realmname
Replicate-To-Realm doesn't work. Don't use it.
Use Proxy-To-Realm.
Alan DeKok
it, you can add 'rlm_eap_md5.a' to the list of objects in
src/main/Makefile, for 'radiusd'. You'll probably have to put in a
full pathname, but it should work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
everything to the 'detail' file,
and post-process it to copy the data to postgresql.
That will give you better control over bad situations.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
That depends on what you want to do with it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Chris van Meerendonk [EMAIL PROTECTED] wrote:
Is it possible to filter attributes that are sent by using radius proxy
to the home-server? Something like attr_filter in the pre-proxy stage?
If attr_filter doesn't already have a pre-proxy stage, it should be
~2 minutes to add one.
Alan DeKok
doesn't have this problem. (But it has other
issues.)
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
and README's?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the EAP module verified that the users credentials were
valid.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
be any externally visible changes, as the module
will still do EAP.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problems with the AP/client.
With the wireless clients I've used, I sometimes see it
authenticate, wait ~3 seconds, and try again. The second time always
succeeds.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
say where you got this idea from? The RADIUS RFC's say
nothing about that.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
of the radiusd.conf and the users
file.
If you can configure the server to do PAP authentication by using
LDAP for 'authorize', and NOT using LDAP for 'authenticate', then that
should also work for LEAP.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the server. Find out why.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
601 - 700 of 2612 matches
Mail list logo