Peter Param wrote:
This is a new installation using openssl0.98j and freeradius 2.1.3.
I get this error when running in debug mode: radiusd: symbol lookup error:
/usr/lib/rlm_eap_tls-2.1.3.so: undefined symbol: SSL_CTX_set_info_callback
You have two different versions of OpenSSL
I've put a mini PEAP howto on the Wiki:
http://wiki.freeradius.org/PEAP_HowTo
It should cover most of the common questions.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Yes, but will that allow me to choose an ldap configuration per NAS in
clients.conf?
If I list both of these in the authorize block, won't that return a
successful result for both NAS if either one of the filters matches?
Thx.
Nils
t...@kalik.net wrote:
I'm looking for the best way of
Le Wednesday 11 March 2009 09:04:37 Alan DeKok, vous avez écrit :
I've put a mini PEAP howto on the Wiki:
http://wiki.freeradius.org/PEAP_HowTo
Great idea !
When I see the facility of the document, I realy don't understand, how I was
wrong such a long time ! :)
by !
-
List
On Tue, Mar 10, 2009 at 7:57 PM, LEOSI rad...@pronetis.fr wrote:
For thoses, who are interested by setting up PEAP/MSHCAP under Freeradius
2.14, I wrote a simple how-to.
I hope it could help someone. :)
Thanks for the how-to.
Sorry if this is such a basic question, but what are the
Yes, but will that allow me to choose an ldap configuration per NAS in
clients.conf?
If I list both of these in the authorize block, won't that return a
successful result for both NAS if either one of the filters matches?
It would. So use unlang to choose which ldap instance will be used for
Hi,
For thoses, who are interested by setting up PEAP/MSHCAP under Freeradius
2.14, I wrote a simple how-to.
I hope it could help someone. :)
Thanks for the how-to.
Sorry if this is such a basic question, but what are the advantages of
using freeradius for this purpose (PEAP/MSCHAP)
Hello, I wonder if there's any particular reason why dictionary.rfc4818
isn't included in the default dictionary? I just stumbled across this
while trying to use FreeRADIUS provide a DHCPv6 server with the prefix
to be delegated.
The same seems to be the case for rfc4849 and rfc5090:
Bjørn Mork wrote:
Hello, I wonder if there's any particular reason why dictionary.rfc4818
isn't included in the default dictionary? I just stumbled across this
while trying to use FreeRADIUS provide a DHCPv6 server with the prefix
to be delegated.
Just an oversight. I'll go fix it.
The
Fajar A. Nugraha wrote:
Sorry if this is such a basic question, but what are the advantages of
using freeradius for this purpose (PEAP/MSCHAP) compared to using
Microsoft's IAS/NPS?
Microsoft's IAS works well with Microsoft machines, and is well
integrated with Active Directory. That's
I was also bitten by the bug where ntlm_auth returns a bad NT_KEY. It took me a
few hours of searching the mailing lists before I stumbled across this thread:
http://marc.info/?l=freeradius-usersm=123455952011812w=2
If there were a warning or mention of the issue on the how-to page, it would
autoreconf on suse does not seem to work and I commented it out in the
specfile.
otp.conf does not seem to exist any longer,
/usr/sbin/raddebug must be applied.
With these little modifications of the suse specfile 2.1.4 builds on
suse 10.3.
bugs.freeradius.org still seems to be unavailable,
Update a server-side attribute when you use the module:
update control {
Tmp-String-0 = ldap-student
}
then in post-auth:
if (control:Tm-String-0 == ldap-student) {
...
}
I'm really grateful for all your help but it still doesn't work and after hours
Thanks that helped. Also thanks to whomever separated the error message
rlm_ldap: object not found and rlm_ldap: got ambiguous search result...
t...@kalik.net wrote:
I've read that, I just can't seem to make it work, I'm missing
something, but can't figure it out.
instantiate {
ldap
And I get:
++[eap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
++? if (control:Tmp-String-0 == ldap-student)
(Attribute control:Tmp-String-0 was not found)
Sending Access-Accept of id 129 to 10.127.240.217 port 1645
Towards the beginning of the debug output is:
I saw that there is a new tar file for the new release so I downloaded
it and tried to build it, alas it won't build because the new tar file
is schizophrenic with multiple identities.
The tar file is named 2.1.4. The tar root directory is named 2.1.4. But
the file
Can you post the whole debug, not just snipetts. Are these
from the same or from different requests in the exchange?
Perhaps you need use_tunneled_reply rather than this.
Here's the complete debug (excluding the server start-up messages). There's
rather a lot of it which is why I tried to
OK.. did you modify ANY code to get it to build on the embedded
system?
No. We had to change our build scripts a bit but haven't touched any
of the freeRADIUS code.
As I said, one of the modules is likely blocking the server.
Can you list the modules you're using?
Here is the output
John Dennis wrote:
I saw that there is a new tar file for the new release so I downloaded
it and tried to build it, alas it won't build because the new tar file
is schizophrenic with multiple identities.
I was trying to fix things...
The tar file is named 2.1.4. The tar root directory is
Chhaya, Harshal wrote:
No. We had to change our build scripts a bit but haven't touched any
of the freeRADIUS code.
Ok... can you say what platform you are running it on?
As I said, one of the modules is likely blocking the server.
Can you list the modules you're using?
Here is the
Norbert Wegener wrote:
autoreconf on suse does not seem to work and I commented it out in the
specfile.
I have no idea why it doesn't work. In any case, the configure
scripts that are shipped with the server *work*. Why use autoreconf?
otp.conf does not seem to exist any longer,
It's
If it's a help I've attached a unified diff for our spec file showing
the changes I had to make going from 2.1.3 to 2.1.4
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
tmp.spec.patch
Description: application/mbox
-
List
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello All,
I am using freeradius 2.1.1 on Suse 10 SP1. I am trying to integrate Freeradius
with edirectory, but somehow, I am not able to achieve the desired result, the
client just sits while trying to authenticate, I can see the Radius server
No luck.
For some reason unlang does not catch SQL fail return code.
Only if there is no failure I see it is evaluating return code it prints in
debug mode
++? if (fail)
? Evaluating (fail) - FALSE
But when SQL return really fails it does not evaluate this condition and
nothing is printed in
leopold wrote:
No luck.
For some reason unlang does not catch SQL fail return code.
OK...
Only if there is no failure I see it is evaluating return code it prints in
debug mode
++? if (fail)
? Evaluating (fail) - FALSE
And you deleted the lines JUST ABOVE THAT which gave you the value
Jaswinder Kaur wrote:
I am using freeradius 2.1.1 on Suse 10 SP1. I am trying to integrate
Freeradius with edirectory, but somehow, I am not able to achieve the desired
result, the client just sits while trying to authenticate, I can see the
Radius server reading the username and password,
Hi. I have two types of nases: 1) hotspots 2) vpn servers. I need vpn
nases authorize only vpn users and hotspot nases authorize only hotspot
users. How can i divide users into several groups and reject vpn accounts
to login through hotspot and vice versa? I think i must use huntgroups and
radius.conf
-
redundant redundant_sql {
# sql1
sql2
fail - I tried to comment this line but it does not
help
}
sites-enabled/default
-
authorize {
...
redundant_sql
if (fail) {
Ok... can you say what platform you are running it on?
It's an ARM running Montevista Linux.
I'd suspect radutmp and/or radwtmp. Why are you using those?
Do you need them?
Nope. They were around because we didn't know enough to scrub the
config files to remove unused modules. We have
Hi,
The debug output for one such client is below:
(chap/mschap/suffix returns noop. I don't know what that means.)
'no operation' - they had nothing to do, didnt see anything to do
or didnt need to do anything (in basic speak). if your system is
configured for one or 2 types of known auth
Is it just me, or has bugs.freeradius.org died? I've tried from two
different local ISPs without any luck.
bj...@canardo:~$ telnet bugs.freeradius.org 80
Trying 64.24.234.95...
telnet: Unable to connect to remote host: Connection timed out
bj...@canardo:~$ traceroute bugs.freeradius.org
Hello, I just would like to know if there are some hints for compiling the
FreeRADIUS 2.1.4 on the FreeBSD 7.0,
should I compile it with the GNU gmake? what tips can share with me on this?
Thanks,
Aldo
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sending Access-Challenge of id 102 to 192.168.0.232 port 1418
EAP-Message =
Aldo Zavala a écrit :
Hello, I just would like to know if there are some hints for compiling the FreeRADIUS 2.1.4 on the FreeBSD 7.0,
should I compile it with the GNU gmake? what tips can share with me on this?
Thanks,
Aldo
-
List info/subscribe/unsubscribe? See
Here's the complete debug (excluding the server start-up messages). There's
rather a lot of it which is why I tried to post the bits relevant to what I'm
trying (rather unsuccessfully :-) ) to understand.
rad_recv: Access-Request packet from host 10.127.240.217 port 1645, id=36,
length=148
..
Hi. I have two types of nases: 1) hotspots 2) vpn servers. I need vpn
nases authorize only vpn users and hotspot nases authorize only hotspot
users. How can i divide users into several groups and reject vpn accounts
to login through hotspot and vice versa? I think i must use huntgroups and
unlang,
You have two different versions of OpenSSL installed.
Thanks for that Alan.
I've blown everything away and started from scratch and installed openssl 0.98j
and used the following freeradius configuration:
./configure --bindir=/usr/bin \
--sbindir=/usr/sbin \
--sysconfdir=/etc \
Hi Ivan,
I used wireshark and didn't see anything referred about Account Packages. Only
thing I see is Radius-Access Resquest, Access Challenges and Access Accept.
Below are informations from my Zinwell G220 Plus, but away, o receibe an error
as you see. Do you know what mean?
Jan 1
I have a working freeradius2 setup, in which I proxy accounting tickets
to many home_servers using details file writing and detail listeners.
For one of this home_server (let's call it HS1) I want to rewrite the
Acct-(In|Out)put-Octets and Acct-(|n|Out)put-Gigawords with a value*
taken from
I used wireshark and didn't see anything referred about Account Packages. Only
thing I see is Radius-Access Resquest, Access Challenges and Access Accept.
So read Zinwell documentation about enabling accounting.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
Bjørn Mork wrote:
Is it just me, or has bugs.freeradius.org died? I've tried from two
different local ISPs without any luck.
It's down. We're looking into installing a new system.
The reason for wanting to access bugs.freeradius.org is a small
dictionary patch I have. I assume the
41 matches
Mail list logo