Hi,
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch31_:_Centralized_Logins_Using_LDAP_and_RADIUS#Configuring_The_.2Fetc.2Fraddb.2Fradiusd.conf_File
Another howto that instructs you to set DEFAULT Auth-Type := LDAP
which is wrong. in the past it worked - and it still does
if
On 23 Apr 2007 at 18:00, Jacob Jarick wrote:
Hubert would you mind showing me how you map the ldap password to the
radius password.
Ive Tried checkItem userPassword User-Password but the radius debug
logs complain that it Needs User-Password still :|
On 4/23/07, Hubert Kupper [EMAIL
Hi,
good docs, link it or shutup).
I will now no longer be replying to you
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jacob Jarick wrote:
I have gone back to ntlm_auth for the time being instead of ldap due
to the incredibly frustrating lack of good documentation (if there are
good docs, link it or shutup).
A large part of the problem is that you seem to be making random
changes, and following various bits
Jacob Jarick wrote:
So the big question is, what Auth-Type do I use ?
You have been told that you should not set it. That means You should
not set it. It does not mean use another value.
If LDAP is not permitted (still confuses me as I only need / want
radius to authenticate against LDAP)
Sigh, I should just tell my employers to buy novell edirectory, it
does look very nice.
On 4/24/07, Hubert Kupper [EMAIL PROTECTED] wrote:
On 23 Apr 2007 at 18:00, Jacob Jarick wrote:
Hubert would you mind showing me how you map the ldap password to the
radius password.
Ive Tried
Sorry to offend,
But I have been seeing alot of Docs warn u of this etc but seeing as
there are so many conflicting documents seeing the generic reply when
I have read / googled high and low is quite frustrating.
On 4/24/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi,
good docs, link it or
Matt Ashfield wrote:
HI,
I have a network switch that I'm trying to configure to allow Console port
authentication via RADIUS.
In the documentation of the switch it says:
To provide each user with appropriate levels of access to the switch, set
the following username attributes on your
Marcelo Augusto Rodrigues Pimentel wrote:
I´m trying to configure freeradius with PEAP + EAP-TLS, but
I´m making some confusion to configure the radiusd.conf (sections
authorize and authentication) and eap.conf.
Have someone implemented this configuration?
Yes.
Jacob Jarick wrote:
Sorry to offend,
But I have been seeing alot of Docs warn u of this etc but seeing as
there are so many conflicting documents seeing the generic reply when
I have read / googled high and low is quite frustrating.
The authors of the program you're using have told you what
Alan,
I try to understand I can only get answers from you guys when
available so yes I do go off and try random howtos (literally anything
I can find) I the hopes I learn a bit more.
But yes, I am now 100% clear on not setting Auth-Type.
Thanks again Alan.
On 4/24/07, Alan DeKok [EMAIL
radiusd -X -f: http://pastebin.ca/455497
Alan, I have been trying todo my groundwork / homework is all, ie
research before asking.
Its simply a case of taking whatever support is available and not
always being aware who the devs are. When nothing you have tried works
try something you havent. Its
Hi all,
I have to find a solution that integrates the use of OTP (One Time Password
) as a second factor authentication in addition to the first factor
authentication (witch is generally username and password) to an existing
authentication System.
This solution should be integrated easily to
For any1 else who might have the same problem, it was resolved by the
following cmd:
chgrp radiusd /var/cache/samba/winbindd_privileged/
original article:
http://www.members.optushome.com.au/~wskwok/poptop_ads_howto_10.htm
Thanks to google and Alan for tipping me off.
Yes I am about to backup
testuser NAS-IP-Address == 172.16.8.30, Cleartext-Password :=
testing, Service-Type ==Administrative-User
Service-Type := Administrative-User
Hmm, not all NAS will request Service-Type 6 (Administrative-User) all
ours Request Service-Type 7 (NAS-Prompt-User) .
But still respect
Hi,
here is a pointer to a useful script I use to fetch updated CRLs for
client-certificate issuing CAs from their http CDPs via cron.
http://dist.eugridpma.info/distribution/util/fetch-crl/
Just add a restart for the radiusd to make it aware of new CRLs.
--
Kind Regards
Reimer Karlsen-Masur
Hi All,
I was wondering if I were to perform authentication using EAP MD5, does it
accommodate for Accounting in FreeRADIUS?
Many Thanks.
_
Check it out! Windows Live Spaces is here!
http://spaces.live.com/?mkt=en-my Its easy
Hi,
Hi All,
I was wondering if I were to perform authentication using EAP MD5, does it
accommodate for Accounting in FreeRADIUS?
accounting is something that your NAS does. if the NAS does accounting
and can account for such sessions then it'll just work(tm)
alan
-
List
On Mon, Apr 23, 2007 at 04:39:22PM +0200, Alan DeKok wrote:
Kostas Zorbadelos wrote:
If I do
./configure --prefix=/opt/freeradius
the build scripts presume that --enable-developer is true.
That may be an issue only in 1.1.6. You should be able to change it
by doing
Kostas Zorbadelos wrote:
This is exactly what I did. The reason I mention it is because I think
the default should be sane in future releases of freeradius (that is
developer options switched off by default).
That's the intent, yes.
I disagree with you on this one Alan. I discovered all
From time to time a im getting this kind of error ( after for
example serving 2-3k requests), and after tha freeradius just hangs
and takes 90% of CPU.
I am using freeradius 1.1.6 with threads. I tried to make it happen
again and log it but i could not meet such data, that causes the
Ok thanks! I am definitely seeing the NAS request Administrative-User in the
Access-Request packet. I guess I wsen't returning it! Thanks for your help.
Matt
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: April 24, 2007 3:21 AM
To: [EMAIL PROTECTED]; FreeRadius
On Tue, Apr 24, 2007 at 01:12:26PM +0200, Alan DeKok wrote:
Kostas Zorbadelos wrote:
I disagree with you on this one Alan. I discovered all these issues I
mention the hard way, after our radius server stopped running in
random times (after a failure in rad_assert() in request_list.c around
O/H [EMAIL PROTECTED] έγραψε:
Here is the full debug-log.
Airespace-Interface-Name
value in ldap: 310
vlaue in users-file: 777
as you can see, it doesnt override :-(
users-file line 54, which matches:
DEFAULT Called-Station-Id == 00-1A-30-2E-C9-60:Test99,
Kostas Kalevras wrote
O/H [EMAIL PROTECTED] έγραψε:
Here is the full debug-log.
Airespace-Interface-Name
value in ldap: 310
vlaue in users-file: 777
as you can see, it doesnt override :-(
users-file line 54, which matches:
DEFAULT Called-Station-Id ==
If this is already a known issue, forgive me - I did not find
anything in the archives or bug database that appeared relevant.
I'm trying to upgrade from FreeRADIUS 1.1.2 to 1.1.6 - building from
source on Debian Linux (sarge).
The build goes without a hitch, but when running the new
I?m trying to configure freeradius with PEAP + EAP-TLS, but
I?m making some confusion to configure the radiusd.conf (sections
authorize and authentication) and eap.conf.
Have someone implemented this configuration?
Yes. Many people.
In the
The build goes without a hitch, but when running the new version and
using the existing configuration files I get the following (relevant
output from 'radiusd -X'):
the problem IMHO is in using the existing configuration: I had similar
issues until I ported mine to the new configuration
inverse wrote:
The build goes without a hitch, but when running the new version and
using the existing configuration files I get the following (relevant
output from 'radiusd -X'):
the problem IMHO is in using the existing configuration: I had similar
issues until I ported mine to the new
Hi.
Freeradius on wintendo, seems to have problem with accounting.
It send the accounting data as hex values.
Bay-Networks-Attr-196 = 0x73686f77206c6f672066696c65207461696c
Bay-Networks-Attr-196 = 0x65786974
The strange is that this works on Linux and Sun.
And the dictionary.bay doesn't contain
I am getting more of that... What is happening. thread pool isbig
enough, also the pg connection pool.
Tue Apr 24 15:30:13 2007 : Error: rlm_sql_postgresql: PostgreSQL
Query failed Error:
Tue Apr 24 15:30:13 2007 : Auth: Login OK: [CMD chemx001 0126850030
[EMAIL PROTECTED]/no User-Password
Hello all,
I saw there was a bit of talk in 2006 over this issue, but, I wasn't
able to track down a definitive solution. We're running FreeRADIUS
1.1.5 with EAP/TTLS (openSSL 0.9.8d) on Solaris 10. The server will
come up and process clients for a few days, but, every now and
Craig Huckabee wrote:
That is sort of the question - what is there to port ? I don't see
any documentation saying the format of the huntgroups file changed from
1.1.2 to 1.1.6.
It didn't, but the parser got more careful. It used to accept (and
ignore) things that the server didn't
Marcelo Augusto Rodrigues Pimentel wrote:
OK. But I´m trying to use peap to make an encrypted tunnel validating the
server certificate and then I want to authenticate the clients whith EAP-TLS
using client/server certificate. The TLS tunnel is working fine, but the
second part of EAP-TLS
Peder Bach wrote:
Freeradius on wintendo, seems to have problem with accounting.
It send the accounting data as hex values.
No. It's *printing* them as hex, because it doesn't know what they are.
Bay-Networks-Attr-196 = 0x73686f77206c6f672066696c65207461696c
Bay-Networks-Attr-196 =
Hi,
I'm having a small problem with radwho/libradius.
When I give a 'radwho' command, I receive the following error:
radwho: error while loading shared libraries: libradius-1.1.6.so: cannot
open shared object file: No such file or directory
I've installed FreeRadius following the guidelines for
Marcelo Augusto Rodrigues Pimentel wrote:
OK. But I?m trying to use peap to make an encrypted tunnel validating the
server certificate and then I want to authenticate the clients whith EAP-TLS
using client/server certificate. The TLS tunnel is working fine, but the
second part of EAP-TLS
I strongly suspect its a Fedora problem, not a Freeradius
problem. (Or else I made a boo-boo configuring the OS)
Alan DeKok replied to matthew zeier:
Let me clear: I cannot reproduce this problem here.
No one else has
seen the same problem.
May or may not be relevant, but I've got two
On Tue 24 Apr 2007, Dariusz Dwornikowski wrote:
I am getting more of that... What is happening. thread pool isbig
enough, also the pg connection pool.
This is probably because your backend is getting too slow to keep up. Check
that your indexes are correct, and that you have autovacuum
On 2007-04-24, at 21:55, Peter Nixon wrote:
On Tue 24 Apr 2007, Dariusz Dwornikowski wrote:
I am getting more of that... What is happening. thread pool isbig
enough, also the pg connection pool.
This is probably because your backend is getting too slow to keep
up. Check
that your
How do I setup users tester-a to use /etc/shadow for authentication?
Currently I have
tester-a Auth-Type := Local, User-Password == superuser
cisco-avpair = shell:priv-lvl=15,
Service-Type = Administrative-User
Norman
-
List info/subscribe/unsubscribe? See
Norman Zhang wrote:
How do I setup users tester-a to use /etc/shadow for authentication?
Currently I have
tester-a Auth-Type := Local, User-Password == superuser
cisco-avpair = shell:priv-lvl=15,
Service-Type = Administrative-User
I would start by reading radiusd.conf. Look
Dennis Skinner wrote:
Norman Zhang wrote:
How do I setup users tester-a to use /etc/shadow for authentication?
Currently I have
tester-a Auth-Type := Local, User-Password == superuser
cisco-avpair = shell:priv-lvl=15,
Service-Type = Administrative-User
I would start by
Roberto Greiner wrote:
When I give a 'radwho' command, I receive the following error:
radwho: error while loading shared libraries: libradius-1.1.6.so: cannot
open shared object file: No such file or directory
Try doing: ldd radwho
The mentioned libradius file is in /usr/lib/freeradius
Marcelo Augusto Rodrigues Pimentel wrote:
I said two parts, because those parts of my configuration uses TLS:
The first part is making the encrypt tunnel using PEAP -- Only validates
server certificate to create the tunnel.
The second part is the authenticathion inner the tunnel with
accounting is something that your NAS does. if the NAS does accounting
and can account for such sessions then it'll just work(tm)
I notice that there are accounting section in some of the configuration
files such as, radius.conf. If accounting is performed by my NAS, then
what does the
Hello list
Have anybody of you manage to configure freeradius to pull authorization
iformation from MySQL and MSSQL (via ODBC/freetds) at the same time??
I have presently a working configuration
Freeradius + Mysql + passwd + userfiles + NIS (via PAM)
And I'm actually able to do
Freeradius +
I'm running pam_radius 1.3.16 on Solaris 10 using a Cisco ACS backend that
authenticates to an MS AD server.
I'm running into an issue where a user will fail a single login attempt (one
username/password challenge with a bad password) and the ACS will record 3
attempts from the client (the
48 matches
Mail list logo