Dear all,
first of all:
The LDAP-Server doesn't contain a clear-text password. They are encrypted
and this isn't allowed to change.
The password field is userPassword.
I was testing my LDAP-Configuration in Freeradius with NTRadPing.
If I make an authentication Request I get a response:
Thank you for your message. I am away until August 7th. I will respond
to your message on my return . For urgent matters, please contact
helpd...@stgeorges.bc.ca .
Cheers,
Gilbert Lo
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 7/8/09 06:11, shivashankar wrote:
ld: fatal: file .libs/sql_mysql.o: wrong ELF class: ELFCLASS32
ld: fatal: File processing errors. No output written to
.libs/rlm_sql_mysql-2.1.6.so
This is a Solaris issue not Freeradius... however the clue is in wrong
ELF class: ELFCLASS32 - GCC is trying
Steffen Langhammer wrote:
The LDAP-Server doesn't contain a clear-text password. They are
encrypted and this isn't allowed to change.
hhttp://deployingradius.com/documents/protocols/compatibility.html
The password field is userPassword.
I was testing my LDAP-Configuration in Freeradius
Hi,
Does anyone knows how to hide passwords in the log file? I have read
some posts about this, but the solution was to edit source, something
that I'm not able to do. I don´t know if the 2.1.6 version has been
implemented any option to do this without edit source.
This is my configuration in
Hi,
The request qoes through all lines but the Alc-Subsc-Prof-Str and
Alc-Subsc-SLA-Str are empty. Obviously, the User-Name matches the regexpr,
therefore, those two string should have returned values of %{1} and %{2}.
obviously? that would assume that the filter engine stores the result
of
Thank you for your reply.
I tested with two hardware (Acer and Dell) and I have reinstalled the OS.
I work with the windows supplicant. I don't see what can do that.
I think it is the server, maybe winbind/samba or freeradius, because I need to
restart these two daemon for going to the end of
Marlon Duksa wrote:
Hi - does anyone know why this does not work:
basic-TPUser-Password == csetestp
User-Name =~ ^([aA-zZ]+)-([aA-zZ]+)$,
$ man users
or
$ man 5 users
The '=~' operator is not allowed to be used there.
If you want that functionality, use unlang to
Hi Alan,
its also possible to use PEAP-GTC (prefered).
If I see this table it should be possible to use also encrypted passwords
with EAP-GTC.
But in this case I never get a working configuration.
2009/8/7 Alan DeKok al...@deployingradius.com
Steffen Langhammer wrote:
The LDAP-Server
Marlon Duksa wrote:
Hi - if there any way to conditionally assign returned variables in
users file?
$ man unlang
Use the right tool for the job.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Unable to execute radtest.
# radiusd -X
FreeRADIUS Version 2.1.6, for host i686-pc-linux-gnu, built on Jul 30 2009
at 07:17:32
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may
Steffen Langhammer wrote:
Hi Alan,
its also possible to use PEAP-GTC (prefered).
If I see this table it should be possible to use also encrypted
passwords with EAP-GTC.
But in this case I never get a working configuration.
Then see the FAQ for it doesn't work
Alan DeKok.
-
List
Have you added 127.0.0.1 in the clients.conf?
2009/8/7 ramesh p rock786...@gmail.com:
Unable to execute radtest.
# radiusd -X
FreeRADIUS Version 2.1.6, for host i686-pc-linux-gnu, built on Jul 30 2009
at 07:17:32
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There
Hi,
Thank you for your reply.
I tested with two hardware (Acer and Dell) and I have reinstalled the OS.
I work with the windows supplicant. I don't see what can do that.
I think it is the server, maybe winbind/samba or freeradius, because I need
to restart these two daemon for going to the
hi,
your debug showed no actual traffic or packets hitting the
freeradius server - so cannot help you.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
* Have you added 127.0.0.1 in the clients.conf?
*yes.
client localhost {
ipaddr = 127.0.0.1
secret = testing123
nastype = other
require_message_authenticator = no
}
Thanks,
Rams.
*
*
On Fri, Aug 7, 2009 at 3:30 PM,
freeradius-users-requ...@lists.freeradius.org wrote:
Could you show us, how you use radtest and if you get any error?
2009/8/7 ramesh p rock786...@gmail.com:
Have you added 127.0.0.1 in the clients.conf?
yes.
client localhost {
ipaddr = 127.0.0.1
secret = testing123
nastype = other
require_message_authenticator = no
/users.html
End of Freeradius-Users Digest, Vol 52, Issue 36
-- next part --
An HTML attachment was scrubbed...
URL:
https://lists.freeradius.org/pipermail/freeradius-users/attachments/20090807/65c37413
://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 52, Issue 36
-- next part --
An HTML attachment was scrubbed...
URL:
https://lists.freeradius.org/pipermail/freeradius-users/attachments/20090807
Hello!
I upgraded Freeradius to version 2.1.6. as suggested and now sometimes
i get some diferent EAP errors.
My eap.conf is configured like this:
eap {
default_eap_type = mschapv2
timer_expire = 60
ignore_unknown_eap_types = yes
When i execute as root user it's working..
[r...@localhost bin]# radtest root xxx localhost 1813 testing123 other
Sending Access-Request of id 26 to 127.0.0.1 port 1812
User-Name = root
User-Password = ast4roslab
NAS-IP-Address = 255.255.255.255
NAS-Port = 1813
Hi All,
I'm trying start freeradius process like the following:
/usr/local/fnmt/radius2/sbin/radiusd
ps -eaf|grep radius
root 14524 1 0 06:39 ?00:00:00 radiusd
Is this the correct way start it?
Thanks,
Rams.
-
List info/subscribe/unsubscribe? See
if you have installed from rpm it will create a script int
/etc/init.d/freeradius o /etc/init.d/radiusd
the best way to start freeradius is using this scripts
2009/8/7 ramesh p rock786...@gmail.com:
Hi All,
I'm trying start freeradius process like the following:
Rokkhan wrote:
Hello!
I upgraded Freeradius to version 2.1.6. as suggested and now sometimes
i get some diferent EAP errors.
...
And the errors i get are:
Fri Aug 7 13:27:19 2009 : Error: rlm_eap_mschapv2: Response is of
incorrect length 16
The supplicant on the PC does not do EAP
Rokkhan wrote:
Hi,
Does anyone knows how to hide passwords in the log file?
Turn off auth_goodpass.
I have no problems when users are authenticated by PEAP, because the
log file doesn´t shows the passwords, but now, i want to configure a
virtual server to work like tacacs+ on a Cisco ASA
Hi,
Stock Freeradius version 2.1.6, compiled with dpkg-buildpackage.
Using default sites-avaialable/vmps virtual server.
Also using dynamic clients with clients in postgresql.
Getting this error on every VMPS request:
Failed encoding packet: Failed to find VQP-Packet-Type in response packet.
Its a bad system and solution in this case.
Because a cleartext-match isn't the same as a ldap-bind.
I was checking Cisco ACS and there an option handles different LDAP Sources
with encrypted fields.
Maybee as idea...
Steffen
2009/8/7 Alan DeKok al...@deployingradius.com
Steffen Langhammer
Steffen Langhammer wrote:
Its a bad system and solution in this case.
The only problem is the failure to understand limitations.
I didn't say FreeRADIUS couldn't do it.
I said it's impossible.
Because a cleartext-match isn't the same as a ldap-bind.
That isn't news.
I was checking
Hi!
I thought that, if I don't enable auth_goodpass, the correct
authentications will not appear in the log, not that only the onyl
thing that will not appear, will be the password.
Ok, thanks for all, now i have set auth_goodpass = no, and the
passwords are not shown in the log.
Thanks for all!
2009/8/7 Alan DeKok al...@deployingradius.com:
Rokkhan wrote:
Hello!
I upgraded Freeradius to version 2.1.6. as suggested and now sometimes
i get some diferent EAP errors.
...
And the errors i get are:
Fri Aug 7 13:27:19 2009 : Error: rlm_eap_mschapv2: Response is of
incorrect length 16
Rokkhan wrote:
Is there anyway to locate from which machine or at least from which
nas is this machine trying to validate with incorrect supplicant
without running freeradius in debug mode?
In the latest versions of the server, you can get debugging messages
without running the entire server
I can't run man unlang:
/etc/freeradius$ man unlang
No manual entry for unlang
On Fri, Aug 7, 2009 at 2:36 AM, Alan DeKok al...@deployingradius.comwrote:
Marlon Duksa wrote:
Hi - if there any way to conditionally assign returned variables in
users file?
$ man unlang
Use the right tool
Marlon Duksa wrote:
I can't run man unlang:
/etc/freeradius$ man unlang
No manual entry for unlang
Hmm, that's sort of your problem (not Alan's) but maybe this will get you
started? (it took me all of half a minute to find)
http://freeradius.org/radiusd/man/unlang.html
~c
On
Hello there!
I´m using freeradius 2.1.6 and use a ldap-group to reject some users. The
problem is, when the ldap-servers are
not responding when doing the search for the ldap-dn or when doing the search
for the dn in the group
the files-Module returns ok because the user abc matches for the next
Sorry - by my posting I meant to imply that 'unlang' module might be
required but not installed, do I need to install it, is it part of original
FR installation, etc.
I'll find out when I start applying commands...
Thanks,
Marlon
On Fri, Aug 7, 2009 at 10:08 AM, charlie derr cd...@simons-rock.edu
Marlon Duksa wrote:
Sorry - by my posting I meant to imply that 'unlang' module might be
required but not installed, do I need to install it, is it part of
original FR installation, etc.
It's installed as part of the normal server installation.
If you don't have it, you are running a
Thanks. We installed our freeradius about 6 months ago.But still, the
'unlang' is giving me some trouble, I can't start freeradius, probably the
condition below is wrong, something with the syntax?
This is what freeradius is complaining about:
/etc/freeradius/users[99]: Parse error (reply) for
Hi,
And here is mu unlang section:
DEFAULT User-Name =~ ^([aA-zZ]+)-([aA-zZ]+)$, Cleartext-Password :=
csetestp
Alc-Subsc-ID-Str := %{NAS-Port-Id},
Alc-Subsc-Prof-Str := %{1},
Alc-SLA-Prof-Str := %{2},
Alc-MSAP-Serv-Id := 100,
Is all this explained anywhere?
On Fri, Aug 7, 2009 at 12:03 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
Hi,
And here is mu unlang section:
DEFAULT User-Name =~ ^([aA-zZ]+)-([aA-zZ]+)$, Cleartext-Password
:=
csetestp
Alc-Subsc-ID-Str := %{NAS-Port-Id},
hi,
works as root because it matches the password in /etc/passwd
- ie you used your real root username/password?
in this case, i'd advise, for security, you change your root
password.
this, check the users file, line 172 matched in your debug.
i think you've got some
DEFAULT Auth-type :=
Hi,
Is all this explained anywhere?
man unlang
the first basic paragraphs state:
The goal of the language is to allow simple policies to be written
with minimal effort.
Those policies are then applied when a request is being processed.
Requests are processed
Marlon Duksa wrote:
Is all this explained anywhere?
The format of the users file is documented in the comments at the
top of the users file, and in the man page for the users file.
You were already told this.
If you put text into the users file that does NOT match the
documented format,
Marlon Duksa wrote:
Thanks. We installed our freeradius about 6 months ago.
Let me guess... this means you're running 1.1.x, because you haven't
bothered to check the version of the software that you're running?
If you don't have a man unlang page, it's because the version you're
running
you two Alans crack me up :)
Anyways - you're right, I'm running 1.1.7, just checked. So I'll upgrade
before I proceed with this, then I hope I'll have mode documentation
available to tell me how to run this.
On Fri, Aug 7, 2009 at 1:21 PM, Alan DeKok al...@deployingradius.comwrote:
Marlon
Also the problem is that the most recent FR source code for Ubuntu is 1.1.7,
just checked.
On Fri, Aug 7, 2009 at 2:10 PM, Marlon Duksa mdu...@gmail.com wrote:
you two Alans crack me up :)
Anyways - you're right, I'm running 1.1.7, just checked. So I'll upgrade
before I proceed with this,
Hi,
Also the problem is that the most recent FR source code for Ubuntu is 1.1.7,
just checked.
i built 2.1.6 on an ubuntu box last week. downloaded the source
code from www.freeradius.org and compiled it (after installing
build-essentials and various devel packages to ensure OpenSSL/EAP
etc
46 matches
Mail list logo