Dean, Barry wrote:
I am working on a new radius config and have been trying to avoid the lookup
in LDAP I have been seeing for the outer identity.
I have moved to 2.1.8 with the inner-tunnel virtual host enabled.
I have an authorise section for the relevant virtual server that has:
Sumedh Sathaye wrote:
Run-log from radiusd -X is also included at the end of this message.
Here is the message that indicates that EAP is not computing MSK and EMSK:
[wimax] No EAP-MSK or EAP-EMSK. Cannot create WiMAX keys.
You're using an EAP method that doesn't provide the MSK. Use
It seems that it could not generate EAP-MSK first,maybe you can check that.
On Thu, May 13, 2010 at 2:49 AM, Sumedh Sathaye sath...@us.ibm.com wrote:
Dear all,
I am trying to use FreeRadius 2.1.8 for AAA in a wimax network. The problem
I am facing is that the WiMAX-MSK keys are not generated
Hi All!
I use Freeradius 2.0.4(deb pack) with Mysql 5.0.51.
The online users check not work in the NAS with checkrad script my network.
I read the list and forums but not founded solution.
I have read and followed the step of below comment:
Hi,
I was reading the archives and saw that some of the later versions of
SAMBA had a bug so it couldn't be used for ntlm_auth/Eap-PEAP.
Does anyone know if this is now fixed ?
We are running Fedora core 12 and it ships with SAMBA 3.4.7
Thanks
Colin
--
NAS-IP-Address = 192.168.0.10
server radius {
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -
/log/radacct/192.168.0.10/auth-detail-20100513
[auth_log] /log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
Dean, Barry wrote:
...
[ldap] performing search in OU=UOL,DC=adserer,DC=liv,DC=ac,DC=uk, with
filter (sAMAccountName=user)
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No known good password was found in LDAP. Are you sure that the
sigh
Dean, Barry wrote:
...
[ldap] performing search in OU=UOL,DC=adserer,DC=liv,DC=ac,DC=uk, with
filter (sAMAccountName=user)
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No known good password was found in LDAP. Are you sure
Zheng, Jiajia wrote:
But as I mentioned that the same CA works fine with EAP-TTLS. Why it goes
wrong with EAP-TLS?
EAP-TLS requires that the CA be authorized to sign client
certificates. See the certificate creation scripts in 2.1.8, they may
have fixes for this.
Alan DeKok.
-
List
users: Matched entry DEFAULT at line 153
users: Matched entry abc at line 216
modcall[authorize]: module files returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
rlm_pap: Found existing Auth-Type, not changing it.
rad_check_password: Found Auth-Type
Hi,
I found in users file that line:
DEFAULTAuth-Type = System
comment this line out and restart the daemon
remove calls to 'unix' from your configuration
if you dont want to even think about /etc/passwd
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
server radius {
+- entering group authorize
++[preprocess] returns ok
expand: /log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -
/log/radacct/192.168.0.10/auth-detail-20100513
rlm_detail: /log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to
/log/radacct/192.168.0.10/auth-detail
Date: Thu, 13 May 2010 11:01:10 +0100
From: a.l.m.bu...@lboro.ac.uk
To: freeradius-users@lists.freeradius.org
Subject: Re: Access request-access reject
Hi,
I found in users file that line:
DEFAULTAuth-Type = System
comment this line out and restart the daemon
remove calls
Dean, Barry wrote:
The issue is that the self same configuration in FreeRADIUS 2.0.2 works! But
with 2.1.8 it fails.
Yes... the behavior changed slightly in the past 2 years.
Read raddb/modules/ldap in 2.1.8. Look for auth_type. This is
documented.
FR 2.0.2 reports
I've put pre releases of 2.1.9 on the web:
http://git.freeradius.org/pre/
Please try them, and note any issues. If there aren't problems, we
can release 2.1.9 real soon now.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
yestaerday i create that file:
cd ~
apt-get source freeradius
and i woked in the users of: cd freeradius-1.1.7/
but now i find another freeradius in: /etc/freeradius.
I
don't know how it is created there? and does it have any influence in
my radius, because i do mychanges in file: users of cd
Hi,
yestaerday i create that file:
cd ~
apt-get source freeradius
and i woked in the users of: cd freeradius-1.1.7/
that would just be the original source code of the program.
but now i find another freeradius in: /etc/freeradius.
that would be the directory created and filled with
Hi,
comment this line out and restart the daemon
remove calls to 'unix' from your configuration
if you dont want to even think about /etc/passwd
i commented it like that:
#DEFAULT Auth-Type = System
Fall-Through = 1
comment out both lines.the DEFAULT line and the fall-through
Hi,
I have a query regarding Update-Reason field in PPAQ attribute of
Access-Request for prepaid case.
According to WiMax specification the size of this AVP is 4 byte(including
tag and length).
And according to dictionary.wimax supplied by freeradius size of
Update-Reason field is 4 byte
Galatóczki István wrote:
I use Freeradius 2.0.4(deb pack) with Mysql 5.0.51.
You should really upgrade to 2.1.8.
The online users check not work in the NAS with checkrad script my network.
I read the list and forums but not founded solution.
I have read and followed the step of below
Vijay Badola wrote:
I have a query regarding Update-Reason field in PPAQ attribute of
Access-Request for prepaid case.
According to WiMax specification the size of this AVP is 4
byte(including tag and length).
*Which* WiMAX specification?
The geniuses involved in WiMAX *changed* the
yestaerday i create that file:
cd ~
apt-get source freeradius
and i woked in the users of: cd freeradius-1.1.7/
that would just be the original source code of the program.
but now i find another freeradius in: /etc/freeradius.
that would be the directory created and filled
Hi!
It is possible in freeradius to have one user who has full privilege level
to one equipment (one cisco router privilege lvl15), and limited privilege
level to other equipment (other router with smaller privilege e.g. lvl10
which will be configured on router)?
How to separate it?
My current
no plz sorry i'm not so well in english.
thank you Alan :))) it's working now
see it:
r...@pfe-laptop:/home/pfe# radtest abc 123 localhost 1812 testing123
Sending Access-Request of id 185 to 127.0.0.1 port 1812
User-Name = abc
User-Password = 123
NAS-IP-Address = 255.255.255.255
Hi all.
It's posible to when a user disconnect from the directive
Session-Timeout deny connect again in the following 30 Min?
Thanks in advance!!
Hermidio
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 05/13/2010 06:57 AM, Alan DeKok wrote:
I've put pre releases of 2.1.9 on the web:
http://git.freeradius.org/pre/
Please try them, and note any issues. If there aren't problems, we
can release 2.1.9 real soon now.
Thank you for your hard work Alan! I'd like to thank you and everyone
You're not meaning something like coova-chilli (a captive portal)
http://www.coova.org/ are you ?
Timothy
On 07/05/2010 20:46, VU VAN HUNG wrote:
sunhualing wrote:
hostapd as a NAS, authenticator
wpa-supplicant as a supplicant
On Fri, May 7, 2010 at 1:31 AM, Jeff Voskamp
On 2010/05/13 12:57 PM, Alan DeKok wrote:
I've put pre releases of 2.1.9 on the web:
http://git.freeradius.org/pre/
Please try them, and note any issues. If there aren't problems, we
can release 2.1.9 real soon now.
Builds fine on debian lenny using dpkg-buildpackage
There is a log
On Thu, May 13, 2010 at 06:52:28PM +0200, Johan Meiring wrote:
After building I end up with various packages.
freeradius-common
freeradius-mysql
etc
When building previous versions (tried 2.1.7), the packages were different.
freeradius(note - no -common)
freeradius-mysql
etc
On Thu, May 13, 2010 at 03:23:37PM +0200, Michał Dopierała wrote:
It is possible in freeradius to have one user who has full privilege level
to one equipment (one cisco router privilege lvl15), and limited privilege
level to other equipment (other router with smaller privilege e.g. lvl10
which
On 2010/05/13 07:16 PM, Josip Rodin wrote:
Simply install *both* packages, like the dependencies tell you to...
OOPS...
Idiot mode.
I didn't look properly.
The one without -common *does* exist.
Apologies for time wasting..
--
Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Hi,
I am using a radius-openldap-EAP/TTLS|EAP/PEAP scheme and often I've got the
following error from a Windows 7 client trying to connect using EAP/PEAP.
Client lacked CA cert, but I've found clients that are able to import it.
Finally client connected using EAP/TTLS with SecureW2. But I wonder
hi
i installed mysql.
and i modify in /etc/freeradius/sql.conf:
readclients=yes
also, i decommented in /etc/freeradius/radiusd.conf:
accounting
{
sql}
authorize
{...
sql}
i run again freeradius -X:
but it seems failed because of sql: this is the output
[...]
sql: postauth_query = INSERT
Alan DeKok wrote:
Zheng, Jiajia wrote:
But as I mentioned that the same CA works fine with EAP-TTLS. Why it
goes wrong with EAP-TLS?
EAP-TLS requires that the CA be authorized to sign client
certificates. See the certificate creation scripts in 2.1.8, they may
have fixes for this.
dorra aa dj_dido2...@hotmail.com :
and ther is nothing in the output of radiusd -X
I think your computer is not clean and you cant figure out how to work
with it.
My advices:
- Take a clean Linux install
- Use the packages providede with the distribution
- Optionally, change school...
--
Johan Meiring wrote:
There is a log of warnings though.
Small subset says this.
-
dpkg-shlibdeps: warning: symbol radlog used by
debian/freeradius/usr/lib/freeradius/rlm_checkval-2.1.9.so found in none
of the libraries.
It's in the
John Dennis wrote:
It passes basic sanity checking. It builds, installs, and runs. I have
tested with radtest and with each of the eapol_test scripts. I do not
have a stress testing environment, I think others do and it would be
good to hear from them.
OK.
The Changelog notes several
37 matches
Mail list logo