Hi,
In another recent email Alan mentioned that you cannot override a reject in
Post-Auth
post-auth {
Post-Auth-Type REJECT {
# attr_filter.access_reject
Auth-Type := Accept
}
}
It's too late to over-ride the reject at that
I am setting up freeradius 2.1.6 and seem to be stuck on how do I go about
setting up my ldap module to search multiple basedn if the user is not found
in the first? I have four that I need to search in my LDAP tree but cannot
figure out the correct way to make it search more than one. I feel
hello,
I have found some errors in my freeradius server logs. It seems that some
clients are having problems to authenticate againts them. I'm using
PEAP/MSCHAPv2 with the latest freeradius version and SUSE OS.
Mon Mar 29 14:20:56 2010 : Error: TLS Alert write:fatal:protocol version
Mon Mar 29
Hi,
What OS is the client machine running?
It would seem like an issue with the client to me.
Regards,
Matt Harlum
On 31/03/2010, at 8:31 PM, Christian Pinedo Zamalloa wrote:
wrong version num
ber
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I will be out of the office starting Wed 03/31/2010 and will not return
until Thu 04/01/2010.
I will have limited email and voicemail access during the week at the
Phoenix Contact Kickoff meetings. If this is an urgent issue, please
contact our Tech Support group at 800-586-5525.
Thanks,
Dan
2010/3/30 Julien Savoie julien.sav...@usainteanne.ca:
Check if you have this enabled in radiusd.conf
mschap {
with_ntdomain_hack = yes
}
realm ntdomain {
format = prefix
delimiter = \\
ignore_default
Sergio Belkin wrote:
and proxy.conf
realm DEFAULT {
strip
}
If you only have one domain this will work. If you have different domains
you'll need to setup the individual realms. Sounds like in your case you
don't though.
Hi Julien, file
Hi all,
I have several clients connected to my freeradius server, but these clients
have dynamic IPs. I have setup scripts on the clients for sending their IPs
to the server and scripts on the server to restart freeradius when an IP
address has changed. The problem is that there is always someone
Hi,
I'm about to change the CA of my radius server certificate. At the same
time I've installed a new wifi network and plan to change the SSID as
well (authentication is EAP-TTLS or EAP-PEAP).
In order to avoid a complete breakout when I change the certificate of
my radius server (because a
2010/3/31 Julien Savoie julien.sav...@usainteanne.ca:
Sergio Belkin wrote:
and proxy.conf
realm DEFAULT {
strip
}
If you only have one domain this will work. If you have different
domains
you'll need to setup the individual realms. Sounds like in your case
Hi,
I have freeradius for WPA2 Enterprise authentification in small
network in library, it is stable version (2.0.4) on Debian Lenny
compiled from sources with OpenSSL support..
Everything seems to be OK, but when I try to connect to AP from laptop
with Windows XP after I enter name and password I
Sergio Belkin wrote:
Really thanks, but the problem is that users use their personal
notebooks, they are students, not employees, so Windows login
usernames are not the same that ldap ones. It seems that Vista wants
to use SSO and sends their credential before. Because of that subject
is
Bruno Kremel wrote:
My configuration is pretty much default except of enabling MySQL and
setting paths and passwords to certificates (generated with make
script in /etc/freeradius/certs, so they should be OK) and addresses
of clients.
And what did you put in SQL?
expand: %{User-Name} -
Thibault Le Meur wrote:
In order to avoid a complete breakout when I change the certificate of
my radius server (because a manual operation is required on the
supplicant side to select the new CA), I'd like to configure FR so that:
* when the WiFi client connects to the SSID1, the server uses
Christian Pinedo Zamalloa wrote:
hello,
I have found some errors in my freeradius server logs. It seems that
some clients are having problems to authenticate againts them. I'm using
PEAP/MSCHAPv2 with the latest freeradius version and SUSE OS.
Mon Mar 29 14:20:56 2010 : Error: TLS Alert
Fahd Kasri wrote:
Hi all,
I have several clients connected to my freeradius server, but these
clients have dynamic IPs. I have setup scripts on the clients for
sending their IPs to the server and scripts on the server to restart
freeradius when an IP address has changed. The problem is that
Just wanted to thank everyone for their help. I've gotten the issue
resolved.
Apparently Freeradius was working 100%, what wasn't working, however, was my
Cisco routing. We had our network worked on several weeks back, and all
seemed to be working ok, but it never dawned on me to check if my
On Wednesday 31 March 2010 21:28:48 Alan DeKok wrote:
Bruno Kremel wrote:
My configuration is pretty much default except of enabling MySQL and
setting paths and passwords to certificates (generated with make
script in /etc/freeradius/certs, so they should be OK) and addresses
of clients.
Bruno Kremel wrote:
Why did you put Auth-Type = Accept in SQL?
It's breaking the server. Delete it.
What should be there?
The user's password?
Beacuse I don't know I am using Daloradius web interafce for adding data to
database, so I just loaded default daloradius sql which was
On 01/04/2010, at 7:39 AM, Bruno Kremel wrote:
On Wednesday 31 March 2010 21:28:48 Alan DeKok wrote:
What should be there?
Beacuse I don't know I am using Daloradius web interafce for adding data to
database, so I just loaded default daloradius sql which was intendet
(according to readme
Hi,
In WiMAX certificate CN apparently contains MAC address and model name
of the device for example FF1234567890 USB1234.
WiMAX standard says and I quote The MAC (from the CN) SHALL be
compared with the MAC
address in the Calling-Station-Id of the RADIUS Access Request message.
If they do
Greetings!
I am at a road block here. I know setting up WPA2 Enterprise
PEAPv0/EAP-MSCHAPv2 / 802.1X should be simple. It just isn't working!
Perhaps I am suffering from green screen syndrome :)
I have followed directions from: http://tldp.org/HOWTO/html_single/8021X-HOWTO/
Aside from
22 matches
Mail list logo