Hi,
I've installed freeradius 2.1.8, eap-tls with 3Com Access point
(3CRWE454G72). It's work fine.
Unfortunately, window xp client have been disconnected/reconnected many
time per day. and sometime, during it's trying to connect, I will see
windows popup request the certificate as well. anyway,
i use pptp and freeradius2+mysql
the situation is :
there is a user it set to be Simultaneous-Use := 1
when he login in his ipad, he watch some movie, then he want to login in his
iphone, how can i stop his original connection and start another connection
in freeradius?
--
Spacelee
-
List
Raymond Norton wrote:
I successfully configured freeradius (version 1.x Ubuntu) to use ldap on
a localhost via WPA. I am trying to setup version 2.1 (Ubuntu) to use a
remote ldap server now. The module loads fine and I made what I believed
were the correct changes to connect to the remote
Hello
I have a working config for PAP with LDAP against AD and a working
config for PEAP/MSCHANPv2 with ntlm_auth.
I need the server to do both but when I combine the configs one thing or
another breaks.
Does anyone have such a setup working or know if it is possible/impossible.
Would it be
On 23.06.2010 10:07, freeradius-users-requ...@lists.freeradius.org wrote:
On Mon, Jun 21, 2010 at 07:48:19PM +0300, Alexandru Oprisan wrote:
I'm using freeradius 2.1.6 on gentoo to do decoupled accounting.
I have everything set up, the only problem seems to be the speed of
the
Hi,
Maybe your problem be in your slapd.conf permissions (access to...).
I had same problem, my ldap module loaded fine on freeradius server(debian
lenny), but I got accept-reject ... error when I ran radtest command.
I deleted my access to ... block for freeradius server directory in
slapd.conf
Neil Prockter wrote:
I have a working config for PAP with LDAP against AD and a working
config for PEAP/MSCHANPv2 with ntlm_auth.
I need the server to do both but when I combine the configs one thing or
another breaks.
And debug output says... ?
Does anyone have such a setup working or
On 23.06.2010 10:07, freeradius-users-requ...@lists.freeradius.org wrote:
On Mon, Jun 21, 2010 at 07:48:19PM +0300, Alexandru Oprisan wrote:
I'm using freeradius 2.1.6 on gentoo to do decoupled accounting.
I have everything set up, the only problem seems to be the speed of
the
Tom Leach wrote:
I've set up 4 ldap modules, two different basedn's on two redundant
servers.
This appears to work so far, but am I missing something here that's
going to cause problems down the line???
You should query each server ONLY for requests that will need it.
e.g.
if
Hi,
I've built a FR-2.1.3 (with rlm ldap) on OpenBSD, with credentials on a
OpenLDAP (2.3.30-5+etch3), using EAP-TTLS.
Everything, 's working fine with Iphone,Linux MacOS.
But with Windows (XP, Vista 7), i'm unable to get the SecureW2
(v3.3.3.) client connecting.
1. Downloaded locally both the
ldapsearch -x -b uid=billy,ou=People,dc=lctn,dc=org (on remote ldap server)
Command successfully displays information on user.
radtest raymond password 127.0.0.1 1 testing123 (on freeradius server)
Displays local user info
radtest billy password 127.0.0.1 1 testing123 (on freeradius
Whoops... /modules/ldap is on the local freeradius server, not the the
remote ldap server.
/modules/ldap: (on remote ldap server)
ldap {
server = 10.10.3.1
basedn = dc=lctn,dc=org
filter = (uid=%{Stripped-User-Name:-%{User-Name}})
/etc/ldap/slapd.conf (on remote
On 06/24/2010 10:18 AM, Raymond Norton wrote:
ldapsearch -x -b uid=billy,ou=People,dc=lctn,dc=org (on remote ldap server)
Command successfully displays information on user.
radtest raymond password 127.0.0.1 1 testing123 (on freeradius server)
Displays local user info
My config changes are
Philippe Schwarz p...@schwarz-fr.net wrote:
Everything, 's working fine with Iphone,Linux MacOS. HINT!
[snipped]
Found almost nothing usable either on the Securew2 website or on the
goggled links...
If anyone had an idea..
SecureW2 now is licenced and comes with a
The FAQ says to use radiusd -X debug.txt for debug.
I get the following:
The program 'radiusd' can be found in the following packages:
* radiusd-livingston
* xtradius
* yardradius
Is there another way to launch debug mode in version 2.1?
-
List info/subscribe/unsubscribe? See
Raymond Norton wrote:
The FAQ says to use radiusd -X debug.txt for debug.
I get the following:
The program 'radiusd' can be found in the following packages:
* radiusd-livingston
* xtradius
* yardradius
Is there another way to launch debug mode in version 2.1?
Your OS vendor
Yes, but when I try to use -X , it says:
Usage: /etc/init.d/freeradius start|stop|restart|force-reload
On 6/24/2010 10:18 AM, Alan DeKok wrote:
Raymond Norton wrote:
The FAQ says to use radiusd -X debug.txt for debug.
I get the following:
The program 'radiusd' can be found in the
On 24/06/10 16:23, Raymond Norton wrote:
Yes, but when I try to use -X , it says:
Usage: /etc/init.d/freeradius start|stop|restart|force-reload
That's the init script. Run the daemon directly:
/usr/sbin/radiusd -X
-
List info/subscribe/unsubscribe? See
That brings me back to my first post-no radiusd.
On 6/24/2010 10:26 AM, Phil Mayers wrote:
On 24/06/10 16:23, Raymond Norton wrote:
Yes, but when I try to use -X , it says:
Usage: /etc/init.d/freeradius start|stop|restart|force-reload
That's the init script. Run the daemon directly:
Got debug working with /usr/sbin/freeradius -X
On 6/24/2010 10:32 AM, Raymond Norton wrote:
That brings me back to my first post-no radiusd.
On 6/24/2010 10:26 AM, Phil Mayers wrote:
On 24/06/10 16:23, Raymond Norton wrote:
Yes, but when I try to use -X , it says:
Usage:
On 24/06/10 16:32, Raymond Norton wrote:
That brings me back to my first post-no radiusd.
Well, maybe it's in a different location.
What OS are you using? Have you queried the package manager for your OS
to find the location of the binaries?
If you didn't use a package manager, and
On 06/24/2010 11:32 AM, Raymond Norton wrote:
That brings me back to my first post-no radiusd.
What system are you working on?
You said there was a /etc/init.d/freeradius init script. Look in it to
see what it's invoking. /usr/sbin/freeradius by any chance?
--
John Dennis
Debug:
FreeRADIUS Version 2.1.0, for host i486-pc-linux-gnu, built on Sep 17
2009 at 17:22:02
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of
rad_recv: Access-Request packet from host 127.0.0.1 port 50670, id=151,
length=57
User-Name = billy
User-Password = password
NAS-IP-Address = 127.0.1.1
NAS-Port = 1
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
I misunderstood the instructions. Made the change, and I see now that I
am at least connecting to the ldap server, but still getting rejected.
I changed the basedn to ou=People,dc=lctn,dc=org for this test.
(ldapsearch is below)
FreeRADIUS Version 2.1.0, for host i486-pc-linux-gnu, built on
On 06/24/2010 12:21 PM, Raymond Norton wrote:
[ldap] looking for reply items in directory...
WARNING: No known good password was found in LDAP. Are you sure that
the user is configured correctly?
You don't have the userPassword mapped in /etc/raddb/ldap.attrmap
But even if you did, ldap has
Thanks for the info. I'm not sure how to determine what to use in
ldap.attrmap, but will see what I can figure out.
One question though; before attempting this current setup, I installed
freeradius_1.1.0-1ubuntu2.1_i386.deb and ldap on the same localhost..
radtest and authenticating via WPA
On 06/24/2010 02:04 PM, Raymond Norton wrote:
Thanks for the info. I'm not sure how to determine what to use in
ldap.attrmap, but will see what I can figure out.
This issue has been covered a lot on this list, search the archives.
One question though; before attempting this current setup, I
No. This is a new install. Nothing has been copied over.
Thanks for the pointers.
I will keep working at it.
I hope you didn't just copy 1.x configuration over to 2.x, they aren't
compatible.
I see from your debug output you're running 2.1.0 but the current
version is 2.1.9. To the
On Thu, Jun 24, 2010 at 12:33:10PM -0400, John Dennis wrote:
But even if you did, ldap has this:
userPassword:: e1NIQX13ak83dXhlS3FYR0NFVlhPTEVzVUo4OW9DWFE9
They aren't the same are they? The LDAP entry looks like a hash, you'll
have to figure out which kind. Note it does not contain a
On Thu, Jun 24, 2010 at 11:21:47AM -0500, Raymond Norton wrote:
I misunderstood the instructions. Made the change, and I see now that I
am at least connecting to the ldap server, but still getting rejected.
[ldap] performing user authorization for billy
++[ldap] returns ok
No authenticate
I have been reading and looking at similar post non-stop and have an
idea what is wrong, but am not sure how to fix it.
I understand there may be a need to map ldap and radius attributes and I
have found a couple examples, but I am not entirely sure what the
changes should be.
It seems the
Raymond Norton wrote:
I have been reading and looking at similar post non-stop and have an
idea what is wrong, but am not sure how to fix it.
Sorry... but the symptoms here are clear. Many, many, posts, full of
confused what do I do now questions.
It's not that hard. Stop fighting it,
It happens that way when you're new sometimes :)
The last couple posts helped.
I am now able to get an Accept message when connecting with the rootdn
user. Working on getting other users to authenticate now.
Thanks for your patience and help.
Raymond
On 6/24/2010 3:57 PM, Alan DeKok
On 06/24/2010 04:21 PM, Josip Rodin wrote:
No, the two colons in ldapsearch output just indicate that the attribute
value is MIME-encoded.
Good catch Josip.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See
35 matches
Mail list logo