Hi,
I've setup eap/tls with freeradius in my network.
I'm using certificates signed by a private CA.
Here is my problem:
When i check validate server certificate in client's connection
properties, radius an access challenge and nothing happens:
Sending Access-Challenge of id 3 to
Hello Nicolas,
thanks a lot, this works fine :-)
regards, Michael
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Nicolas Baradakis
Sent: Tuesday, August 16, 2005 5:51 PM
To: FreeRadius users mailing list
Subject: Re: User-Name - Reg Expr -
Ben Thompson wrote:
The trouble is I need to assign different VLAN's to users depending
which access point they connect from. What I would like to know is if it
is possible to use Huntgroups to look up the VLAN id based on something
like the IP address of the access point?
You could
Hi all,
Can anybody tell me what the rlm_x99 modules is and does ?
It's stopping my compile at the moment and ammjust wondering whether I need
it or not.
Cheers
Ian Davies
Software Development Engineer
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi All,
I am using FreeRadius with PostgreSQL and everything is running
like a charm besides a small issue.
I am using session-timeout attribute in radreply
table to control user session time.
I have added a trigger on RADACCT table which subtracts amount
of time used by user from
On Wed, Aug 17, 2005 at 12:35:58AM +0200, Koos Beens wrote:
Koos Beens [EMAIL PROTECTED] wrote:
I am trying to compile a cvs snapshot, in debian with command
dpkg-buildpackage -us -uc -rfakeroot -b
It dies with this message:
Ok... try tomorrow's snapshot.
Alan DeKok.
Thank you, it
Hello there,
I have a little problem with setting up FreeRADIUS with MySQL Support
properly. My Linux Distro is Debian Sarge 3.1. I installed all necessary
libraries and compiled FreeRadius with MySQL enabled. Then I installed all
necessary MySQL tables and configured FreeRadius to do EAP-TLS
Greetings,
Am Mittwoch, 17. August 2005 08:16 schrieb Ceyhun K�:
Hi,
I've setup eap/tls with freeradius in my network.
I'm using certificates signed by a private CA.
Here is my problem:
When i check validate server certificate in client's connection
properties, radius an access challenge
Sebastian Mauer wrote:
I have a little problem with setting up FreeRADIUS with MySQL Support
properly. My Linux Distro is Debian Sarge 3.1. I installed all necessary
libraries and compiled FreeRadius with MySQL enabled. Then I installed all
necessary MySQL tables and configured FreeRadius to
Greetings,
Am Mittwoch, 17. August 2005 12:21 schrieb Sebastian Mauer:
Hello there,
I have a little problem with setting up FreeRADIUS with MySQL Support
properly. My Linux Distro is Debian Sarge 3.1. I installed all necessary
libraries and compiled FreeRadius with MySQL enabled. Then I
Cian Phillips wrote:
If you have any tips or good links for up to date information on how
to set freeradius up to talk to a Cisco WAP I could use the help. grin
I have a howto on LDAP and FreeRADIUS at
http://vuksan.com/linux/dot1x/802-1x-LDAP.html
I have successfully used it for WPA with
Hi,
I have small newbie questions..
I want to configure freeRadius for authentication
authorization. I am able to do proper authentication.
1) I want to configure my users in multiple groups
(depending on their roles). How to do that?
2) And what is the common practice for this? How this
is
Ben Thompson [EMAIL PROTECTED] wrote:
Thanks for that advice. I can see that I could end up with a very large
users file using this method. Is there any limit on the size of the
users file?
Memory. Also, the CPU time required to walk it's internal
representation (linked list).
In the near
Iandc Davies [EMAIL PROTECTED] wrote:
Can anybody tell me what the rlm_x99 modules is and does ?
X9.9 challenge-response token cards.
It's stopping my compile at the moment and ammjust wondering whether I need
it or not.
You probably don't need it. Just delete the whole directory, and
[EMAIL PROTECTED] wrote:
I have added a trigger on RADACCT table which subtracts amount of time
used by user from RADREPLY each time when he logs in.
It does work but when time is below 0 or negative I need to stop user
from getting into my system and I am failing to do so.
rlm_sqlcounter
Here is my goal:
I would like to assign an attribute to certain users in ldap and have
freeradius look for that attribute to determine whether or not to reply
back to the NAS device with an IP address pool name. The users with the
attribute set would not have the Pool sent and the users
On Wed, 2005-08-17 at 10:51 -0400, Alan DeKok wrote:
Ben Thompson [EMAIL PROTECTED] wrote:
Thanks for that advice. I can see that I could end up with a very large
users file using this method. Is there any limit on the size of the
users file?
Memory. Also, the CPU time required to
Joe H [EMAIL PROTECTED] wrote:
Where else do I need to add the new attribute No-Pool in order for
freeradius to use it?
raddb/dictionary See also man dictionary
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ben Thompson [EMAIL PROTECTED] wrote:
This cuts the potential size of my users file down to about 2
entries and the huntgroups file to about 50 entries. Does this sound
reasonable?
Yes. But also:
user2 NT-Password := 35C8397B2320E568467904961A2AF40F
Fall-Through = Yes
If
Hi, at the moment i´m planing to build a Network based out of 20 VLAN over 8
Nortel switches. Depending on the given Layout of the Network I need to add
some PC´s to more than one Port based VLAN. Is it posible to give the VLAN
ID over the Radius Server, and is it possible to send more than one
FreeRadius users mailing list freeradius-users@lists.freeradius.org on
August 16, 2005 at 18:18 -0800 wrote:
Thanks Kris!
Everything appeared to compile, install and run without any errors.
If you have any tips or good links for up to date information on how
to set freeradius up to talk to a
Hi, at the moment i´m planing to build a Network based out of 20 VLAN over 8
Nortel switches. Depending on the given Layout of the Network I need to add
some PC´s to more than one Port based VLAN. Is it posible to give the VLAN
ID over the Radius Server, and is it possible to send more than one
Hello all,
I have been successfully providing 802.1x authentication to my
wireless users for approx six months. This was implemented using
ntlm_auth, PEAP, and MSCHAPV2 (windows XP client) against an Active
Directory backend.
We had a power spike, which produced multiple
Is there any news of a approximate release date for the 1.1.0 line of
FreeRADIUS?
Which bugs are currently showstoppers for this line to be released as
stable?
Thanks,
Wes
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I am handing off a qurest from pppd to radius and am failing with a
valid user in the domain.
Here is the output of radiusd -X -A
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:32769, id=39, length=72
Service-Type = Framed-User
Framed-Protocol =
I currently have our wireless users authenticating to our Active
Directory 2003 domain using PEAP and TTLS.
We want to proxy our machine authentications off to something else that
can authenticate them.
Does anyone have any examples of how to do this?
I know all the machine accounts show up on
King, Michael [EMAIL PROTECTED] wrote:
We want to proxy our machine authentications off to something else that
can authenticate them.
Does anyone have any examples of how to do this?
I know all the machine accounts show up on my NAS as
host/machinename
In the users file, do:
DeYoung, Brandon [EMAIL PROTECTED] wrote:
I *believe* this snippet from my debug output shows the problem:
snip-
eaptls_process returned 3
TLS_accept:error in SSLv3 read client certificate A
rlm_eap_peap: EAPTLS_SUCCESS
-snip--
This would *seem* to indicate a
Wesley Spadola [EMAIL PROTECTED] wrote:
Is there any news of a approximate release date for the 1.1.0 line of
FreeRADIUS?
When it's ready. Hopefully in the next month or so.
Which bugs are currently showstoppers for this line to be released as
stable?
The EAP linking issues. Other
Tim P [EMAIL PROTECTED] wrote:
I am handing off a qurest from pppd to radius and am failing with a
valid user in the domain.
No.
The server is failing because it doesn't have a clear-text password.
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in
Jamie Crawford [EMAIL PROTECTED] wrote:
In the statement Odds are they're XP SP2 boxes, where MS broke EAP
what exactly is broken. Will XP SP2 not work with PEAP?
It won't.
This was discussed on the list last week.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Thought it was configured, I beleive I have tested it positive in the
past, I want to use ntlm_auth, I had this in there and had tested it
as far as i know:
Radius.conf
ldap {
server = domcon.company.org
basedn = dc=company,dc=org
filter =
Hello, I am new to Radius and Free Radius, so forgave me if this question
has been asked or it is crazy.We are in process of change all our
authentication and authorization.At the moment every "service" has it's own
user-id/password database. Thus authentication/authorization per service is
Hi everyone,
Finally, have it working.. I did not comment out the radutmp in
radius.conf for the session database. I had uncommented sql, although lots
of good that did.
Thanks again,
Robin
At 03:26 PM 8/16/2005, you wrote:
Robin [EMAIL PROTECTED] wrote:
The detail files appear to be
So just set Auth-Type for the user to
Reject. We do this for suspended (non paying users) until they pay up. No
changing password this way.
Brent
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Behzad Barzideh
Sent: Wednesday, August 17, 2005
4:47 PM
To:
I manged to fix this. Something was whackinated in my certificate
generation process. Followed howto here:
http://www.alphacore.net/contrib/nantes-wireless/eap-tls-HOWTO.html
And all works well, even with XP SP2.
~Brandon
-Original Message-
From: DeYoung, Brandon
Sent: Wednesday,
Hi,
I have to configure an async callback solution using Cisco IOS and
Freeradius.
Up to now, the user can dial in and will be authenticated against my
freeradius server. Anything works fine.
After setting up the callback things on the router and on the radius server,
the user will still be
Sorry.. just something very confuse. I am using a
FreeBsd computer as my NAS, may I know what is the
nastype for this NAS? Is it other? I know when the
nastype is other, the radius server won't call for
the checkrad. Therefore, if I want to use the checkrad
to check for the simultaneous-use, what
Felix Chang [EMAIL PROTECTED] wrote:
Sorry.. just something very confuse. I am using a
FreeBsd computer as my NAS, may I know what is the
nastype for this NAS? Is it other?
Yes.
I know when the nastype is other, the radius server won't call
for the checkrad. Therefore, if I want to use
39 matches
Mail list logo