[EMAIL PROTECTED] wrote:
Could I also do:
bob password = neil, Calling-Station-Id != 0001, Auth-Type :=
Reject
So that both pieces of information have to be present to be authenticated?
No, that would always reject the user. You could do this:
bob Calling-Station-Id != 0001,
Looks good, i was also wondering
if this could be done with mysql as backend ?!
Cheers, Collen
Phil Mayers wrote:
[EMAIL PROTECTED] wrote:
Could I also do:
bobpassword = neil, Calling-Station-Id != 0001,
Auth-Type :=
Reject
So that both pieces of information have to be present to
Hi,
we have deployed an OpenSource MAC based solution which optionally tied to
FreeRadius. With this you can have better control of the MAC addresses that you
have in your network.
- For non 802.1x capable devices, we have the option of using VMPS or
performing a MAC-Auth-Bypass if your
Collen Blijenberg wrote:
Looks good, i was also wondering
if this could be done with mysql as backend ?!
Probably. I don't use the SQL backends so I couldn't say for sure, but
it doesn't really do anything special.
-
List info/subscribe/unsubscribe? See
OK, I've made progress. I now appear to be connecting to my Postgres
database, as I'm receiving syntax errors in the database log file when
trying a freeRadius authentication. The debug radius output is as
follows (I now have queries against the radius_xlat line):
rad_recv: Access-Request
I am having some problems lately with freeradius 1.1.2 + mysql, and
users staying online past their session timeout value (4 hours). Can
anyone shed some light on the matter?
I had similar trouble recently; running in debug mode, I was able to
see that the session-timeout attribute was not
Did any of you guys already configured a freeRADIUS and AD with LDAP ?
Is this posible?
Yes, if the incoming request from the user contains his password in cleartext.
No, if he is using any sort of non-reversible encryption.
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alan DeKok wrote:
Martin Gadbois [EMAIL PROTECTED] wrote:
Why the Auth-Type PAP { } construct? I tried RTFM and RTFC, but I have
not seen an actual description of why that is there.
It's not strictly necessary, but it doesn't hurt to have it.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robert wrote:
Hi
I want that my freeRadius validates users against Active Directory with LDAP.
For configuration reasons, I can't use NTLM.
Did any of you guys already configured a freeRADIUS and AD with LDAP ?
Is this posible?
Thanks in
hey,
Vista now working with freeRADIUS?
any debugging information needed?
ca mIke
Alan DeKok schrieb:
Pedro Ribeiro [EMAIL PROTECTED] wrote:
The Radiator people are talking about problems with SSL empty
fragments handing in Windows Vista ...
I've tried to compile FreeRADIUS with
Hi,
Thanks, it worked :)
Just for the record, redhat's RPMS doesn't bring doc/Acct-Type :)
Nuno Fernandes
On Friday 24 November 2006 16:50, Alan DeKok wrote:
Nuno Pais Fernandes wrote:
Hi,
Does someone have any info on this? Is it possible with freeradius? Does
anyone have this setup
Hi,
searching through the mail archive and the Freeradius bugzilla on
Freeradius support for EAP-AKA authentication I found this :
http://bugs.freeradius.org/show_bug.cgi?id=386
(Yes, I know that this Wiki page http://wiki.freeradius.org/EAP does not
include EAP-AKA in the list of supported
I used the rpmbuild -ta command to build an rpm of freeradius-1.1.3 and
all went well with the build. I then installed the rpm, and I'm getting the
following error message after running radiusd -X.
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config:
Is it possible to enable Acct-Status-Type Alive for pptp vpn?
If so how..
Best regards
Jóhann B.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello Alan,
I can confirm it's working now!!!
When I've seen the comment in the release notes of Radiator I thought
it was a conditional compiling (#ifdef) flag, thanks for the help!
Tuesday, November 28, 2006, 10:06:11 PM, you wrote:
Pedro Ribeiro [EMAIL PROTECTED] wrote:
The Radiator people
All sorted!
I copied a fresh-install postgresql.conf file from another server, and
bingo, all is working fine. Must have made a mistake while editing this
file - note to self, make copies of the file BEFORE editing it!
Thanks for everyones help.
Ross
-Original Message-
From:
[EMAIL
On Wednesday 29 November 2006 05:52, Ross McOwat wrote:
radius_xlat: 'SELECT id, UserName, Attribute, Value, Op
#?authorize_check_query = '
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op
#?authorize_check_query =
Ian Walker wrote:
I used the rpmbuild -ta command to build an rpm of freeradius-1.1.3
and all went well with the build. I then installed the rpm, and I'm
getting the following error message after running radiusd -X.
...
radiusd: symbol lookup error: radiusd: undefined symbol: udpfromto_init
Jóhann B. Guðmundsson wrote:
Is it possible to enable Acct-Status-Type Alive for pptp vpn?
If so how..
Read the VPN documentation. If it doesn't say how, it's impossible.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The
Thanks Kevin - you were right, the issue was with the SQL query in
postgresql.conf. I replaced my existing file with a default file on
another server, and everything worked fine.
Many thanks for your help!
Ross
-Original Message-
From:
[EMAIL PROTECTED]
org
[mailto:[EMAIL PROTECTED]
On Wednesday 29 November 2006 10:36, Ross McOwat wrote:
All sorted!
I copied a fresh-install postgresql.conf file from another server, and
bingo, all is working fine. Must have made a mistake while editing this
file - note to self, make copies of the file BEFORE editing it!
Thanks for
Alan DeKok wrote:
Jóhann B. Guðmundsson wrote:
Is it possible to enable Acct-Status-Type Alive for pptp vpn?
If so how..
Read the VPN documentation. If it doesn't say how, it's impossible.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
Hi,
I'm a newbie for Freeradius.
I've implemented this type of structure:
APPLICATION -- PAM -- FREERADIUS -- SQL
I want substitute SQL with a LDAP backend; I don't need any type of
accounting; I just want that application check userid and password on my
LDAP server.
How can
Module: Instantiated mschap (mschap)
Module: Loaded eap
eap: default_eap_type = peap
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Daniel Romero wrote:
Module: Instantiated mschap (mschap)
.. snip..
tls: certificate_file = (null)
any ideas???
Don't you need to specify the certificate, signed by the CA?
- --
==
Martin Gadbois wrote:
Does it mean if(Auth-Type == PAP) then { call pap } ?
No. When the authenticate section is run, the Auth-Type is used to
choose a particular module or section. It is NOT more general than that.
Is it general purpose? Could I do Group == staff { pap } in the
Michael Messner wrote:
Vista now working with freeRADIUS?
No idea.
any debugging information needed?
Yes, someone to test it would be nice. I don't have Vista, so I can't
test it.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
hi all,
is it possible to have multiple ldap servers for lookup for redundancy
purposes in a similar way below?
ldap {
server = ldap1.myorg.com, ldap2.myorg.com,
ldap3.myorg.com
login= cn=admin,o=myorg,c=au
password = mypass
}
Ramm-Ericson, Johannes wrote:
(Yes, I know that this Wiki page http://wiki.freeradius.org/EAP does not
include EAP-AKA in the list of supported methods)
Does anyone have any input on the status of this code? Is it stable,
does it need further testing?
If you can test it and see if it
Alan DeKok schrieb:
Michael Messner wrote:
Vista now working with freeRADIUS?
No idea.
any debugging information needed?
Yes, someone to test it would be nice. I don't have Vista, so I can't
test it.
I think you have not seen the mail from [EMAIL PROTECTED] with
subject:
Hi,
so my question is when there will be the next freeRADIUS release with
included vista support?
right now with CVS and the one-liner patch ;-)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I'm hoping somebody can shed a little light on this, I found it very
strange.
btw:
we're talking about freeradius version 1.1.3 here.
We currently run some lesser radius server on our network, and I have been
engaged in converting the environment to freeradius (yea!).
I believe we have worked
Hi.
I'm istalling freeradius on a debian machine, with OpenSSL 0.9.8d 28 Sep
2006, but i'm having some problems (i'm a newbie in radius)
eap.conf
eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
Michael Messner wrote:
I think you have not seen the mail from [EMAIL PROTECTED] with
subject:
Re[4]: Windows Vista doing PEAP - WORKING!!!
Hmm... I have noticed the occasional email show up in the list
archives, but not in my inbox. Oh well.
I've added the patch to 1.1.4 CVS head.
First question. Did you install from source, did you create your own
binaries, or did you use debian provided binaries.
Debian provided Binaries do not include SSL support. (Violation of SSL
license terms I believe)
Creating your own binaries are easily done
Daniel Romero wrote:
I'm istalling freeradius on a debian machine, with OpenSSL 0.9.8d 28 Sep
2006, but i'm having some problems (i'm a newbie in radius)
eap.conf
...
tls {
private_key_password = radiusUDP
private_key_file = ${raddbdir}/certs/cert- srv.pem
Peter Param wrote:
hi all,
is it possible to have multiple ldap servers for lookup for redundancy
purposes in a similar way below?
ldap {
server = ldap1.myorg.com, ldap2.myorg.com,
ldap3.myorg.com
You can do:
ldap ldap1 {
server = ldap1
}
Lin Richardson wrote:
Our lesser radius server lives on two physical boxes and listens on
ports 1645/1646 AND 1812/1813 (can freeradius mimic this and listen on
both sets of ports?)
Yes. See listen in radiusd.conf.
What we saw were requests coming into freeradius, being processed as
Hi.
freeradius fully compiled on my machine...
The problem was solved... i't was a misstyped secret on the key.
But now there is another problem: the suplicant send the access-request and
freeradius anwer with a Access-Challenge, but the handshake stop here:
rad_recv: Access-Request packet
Hi freeradius-users!
Your friend romel from , just invited you to his online photo albums and
journals at Zorpia.com.
About romel :
Know Me Know Fun
No Me No Fun
So what is Zorpia?
It is an online community that allows you to upload unlimited amount of photos,
write journals and make
Alan and Phil,
Thanks a lot for all the help in getting this set up. I now have a
username/password pair as well as also requiring the MAC to be present in the
authentication. Your help was invaluable to me for getting this working right
and for clearing up some of the assumptions I had made
Cool deal. I have also been able to confirm that adding the
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS option to the CTX makes Vista
work. This is good news for us since we have a volume license deal
and now have release copies beginning to be installed. :)
--Mike
On Nov 29, 2006, at 5:00 PM,
Hi Alan,
Thanks for taking a look at this.
A quick clarification.
The configuration of freeradius in this situation has already been tested
and is not really the basis for my question. It is not a standard
configuration, but it does work.
Freeradius is installed on the same physical machine
Lin Richardson wrote:
We want to move all facilities to freeradius now for production use. We
would like to use the standard ports of 1812/1813 in an effort to keep
things somewhat industry standard, and also because all the clients are
already configured for those ports. We would have to
Daniel Romero wrote:
But now there is another problem: the suplicant send the access-request
and freeradius anwer with a Access-Challenge, but the handshake stop here:
See the FAQ.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
45 matches
Mail list logo