On 08/25/2010 09:51 PM, mack ragan wrote:
Hi,
I have freeradius v2.0.5. I modified the log{} section of radiusd.conf
to send logs to syslog-ng. In syslog-ng, I filter them out to a log
collector. This seems to be working well. Now, I would like to get
detail and auth to the log collector.
Boian Jordanov bjorda...@orbitel.bg writes:
On Aug 22, 2010, at 3:06 PM, Alexander Kubatkin wrote:
В сообщении от Воскресенье 22 августа 2010 10:48:56 автор Alan DeKok написал:
Alexander Kubatkin wrote:
This isn't working, i'm trying to put 2 dns-servers in dhcp configuration
like this:
mack ragan wrote:
Hi,
I have freeradius v2.0.5. I modified the log{} section of radiusd.conf
to send logs to syslog-ng. In syslog-ng, I filter them out to a log
collector. This seems to be working well. Now, I would like to get
detail and auth to the log collector. Anyone know if this
Hi,
Now I want to test if it is possible for me to do authentication on
wifi-enabled phones? And also, do I need to make additional configurations
on the server?
which method? if eg PEAP/MSCHAPv2 then theres not really anything different -
certainly
no changes to the server...just configure
Hi,
OS: Ubuntu 9.10
Freeradius 2.1.0 (Installed using synaptic packet manager)
I have installed FreeRadius server and now I am testing it with the
r...@kartik-laptop:/usr/local/etc/raddb# *radtest testing password 127.0.0.1
0 testing123*
OUTPUT:
Sending Access-Request of id 248 to 127.0.0.1 port
Hi all,
I have a freeradius 2.1.3 running and I can successfully authenticate users.
I would like to use a users LDAP attribute so I can provide them with
different permissions on the proxy server.
I have currently mapped a RADIUS attribute to the LDAP attribute and it
successfully reads the
Thanks for the response Alan,
if using eg EAP-TTLS/PAP then you would have issues - some phones wont do
that method natively
yes i do use EAP-TTLS/PAP, so does that mean that configurations should done
on the mobile devices and not on the server?
--
View this message in context:
On Thu, Aug 26, 2010 at 2:53 PM, rrperez rrpe...@apc.edu.ph wrote:
Thanks for the response Alan,
if using eg EAP-TTLS/PAP then you would have issues - some phones wont do
that method natively
yes i do use EAP-TTLS/PAP, so does that mean that configurations should done
on the mobile devices
Thanks for the response Fajar,
Are you still authenticating against Lotus Domino LDAP?
Yes, I still do.
Basically to get an authentication method to work, the device needs to
be configured to use it, and the server needs to support it. So you
need to have a method that's supported by both
On Thu, Aug 26, 2010 at 3:24 PM, rrperez rrpe...@apc.edu.ph wrote:
For example, iphone (from Apple's docs) supports EAP-TLS, EAP-TTLS,
EAP-FAST, EAP-SIM, PEAPv0, PEAPv1, and LEAP. I've tried it with
PEAP-GTC, and it works, so you might want to try EAP-TTLS/PAP and see
how it goes. If it doesn't,
Hi,
yes i do use EAP-TTLS/PAP, so does that mean that configurations should done
on the mobile devices and not on the server?
some devices eg symbian nokias wont do EAP-TTLS/PAP (iirc its all of them) -
you can kludge this by using EAP-GTC but then you get request for password
all the time -
Hi,
I tested also an iPhone 2G to my server, but it still uses MS-CHAPv2 even
though I configured my server to do TTLS-PAP.
if the device can do TTLS/MSCHAPv2 then it'll do that. if the device
cant do EAP-TTLS/PAP (any many dont) then theres nothing you can do on the
server
to change that.
Hello list,
I am currently using FreeRADIUS as my AAA server for a WiMAX network.
Authentication is working perfectly, and the server is performing well.
As part of my infrastructure-design I need to be able to forcibly kick
users off the radiolink. As far as I have understood, this needs to
Thanks for the response Fajar,
Regarding your configurations, when I configured mine, my computers are now
unable to connect, my computer clients now are not ask by their username and
password, the server uses the computer name instead.
--
View this message in context:
Thanks for the response Alan,
you can kludge this by using EAP-GTC but then you get request for password
all the time - as the device is expecting it to be a one time token...
when I configured my server like what Fajar posted, it doesn't ask for
username and password anymore. I'm quite
Thanks for the response Alan,
you can kludge this by using EAP-GTC but then you get request for password
all the time - as the device is expecting it to be a one time token...
when I configured my server like what Fajar posted, it doesn't ask for
username and password anymore. I'm quite
On Thu, Aug 26, 2010 at 4:59 PM, rrperez rrpe...@apc.edu.ph wrote:
Thanks for the response Fajar,
Regarding your configurations, when I configured mine, my computers are now
unable to connect, my computer clients now are not ask by their username and
password, the server uses the computer
rrperez wrote:
I tested also an iPhone 2G to my server, but it still uses MS-CHAPv2 even
though I configured my server to do TTLS-PAP.
The client chooses the authentication method.
Go fix the client.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
kartik dadwal wrote:
OS: Ubuntu 9.10
Freeradius 2.1.0 (Installed using synaptic packet manager)
On the server terminal:
r...@kartik-laptop:/etc/freeradius# *radiusd -X*
I would suggest reading the debug output. The answer to your question
is in there.
Also, try pasting the debug output
Sigurd Foshaug wrote:
I have added the My-Local-LDAP-Comment into the raddb/dictionary file
like this:
ATTRIBUTE My-Local-LDAP-Comment 3000string
...
Now, what I am failing to understand is how I can get the proxy server
to receive the My-Local-LDAP-Comment attribute from
On Thu, Aug 26, 2010 at 3:49 PM, Fajar A. Nugraha fa...@fajar.net wrote:
Using this setup I simply have to select the wifi network name on
iphone, enter username password, and accept the certificate warning.
Scratch that. Perhaps it's because I had connected to the network
previously that it
David Mitchell wrote:
I now have 2.1.10 compiled and running. It seems to work fine. I did
have to make one change to my configuration. I had been using CA_path to
refer to the certificates which can authenticate clients for EAP-TLS
authentication in 2.1.8. In 2.1.10, that doesn't seem to
Kristoffer Milligan wrote:
as a small test. However, %{SQL-User-Name} is an encrypted version of
the username, which of course will not match anything in my database.
Ask the client PC why it's sending an encrypted user name.
How can I get the username in a cleartext format?
Figure out
Hi,
We are using freeradius-2.1.8. After I modify (add/delete a client) our
clients.conf, I will kill SIGHUP to radiusd process. But It does not take
effect. I need to restart the radiusd process. Please give me some advise,
thanks.
John
-
List info/subscribe/unsubscribe? See
Hello
Thank you all for the tips - one put me in the rigth direction :
keeping in mind that SSIDs ARE case sensitive.
And this was my problem - that i created a wireless-lan on the laptop
with false cases and so windows ignores this one and used allways the
default settings.
Also it was
Thanks for the replies. I was afraid that the format of detail wouldn't
allow syslog. I suppose detail can be sent to mysql though, right?
Is it possible within the radius log, where it logs successful or failed
logins, to also include the client's IP address along with the MAC?
On Thu, Aug
gtcoldfire wrote:
Thanks for the replies. I was afraid that the format of detail wouldn't
allow syslog. I suppose detail can be sent to mysql though, right?
No.
Is it possible within the radius log, where it logs successful or failed
logins, to also include the client's IP address along
Trey Scarborough wrote:
Yes I am aware of how it is Documented I followed the documentation but
still is not functioning correctly.
I have a configuration that is similar to as follows
sigh Similar is not the same.
Perhaps you could explain in *detail* what you are trying to do with
The same thing happens during authentication when the CPE intially
enters the network .. but then the username/password is decrypted and
successfully compared in the database.
What's the difference between the accounting and the authentication ..
apart from the info that's exchanged?
-
Kristoffer Milligan wrote:
The same thing happens during authentication when the CPE intially
enters the network .. but then the username/password is decrypted and
successfully compared in the database.
What's the difference between the accounting and the authentication ..
apart from the
Following on an earlier thread:
http://lists.freeradius.org/pipermail/freeradius-users/2010-June/msg00116.html
Of which I couldn't get any answer unfortunately..
I am experiencing a similar problem.
I am running freeradius that comes installed and configured with MacOS
10.6 server.
A Windows
David Mitchell wrote:
I misread that page thinking that v2.1.x would just give me 2.1.9 and
that master would be 2.1.10. Either way, I was able to get v2.1.x (aka
2.1.10) to configure openssl using the LIBS=-ldl addition. I'm not
sure what's changed in the master that configure seems to figure
John wrote:
Hi,
We are using freeradius-2.1.8. After I modify (add/delete a client) our
clients.conf, I will kill SIGHUP to radiusd process. But It does not
take effect. I need to restart the radiusd process. Please give me
some advise, thanks.
Clients are not reloaded on HUP.
As
freerad...@corwyn.net wrote:
I tracked down where this is different.
In huntgroups I have:
VPN_Huntgroup NAS-IP-Address == x.x.x.x
In users I have:
DEFAULT Huntgroup-Name == VPN_Huntgroup, Ldap-Group == VPN_Users
Reply-Message := Authorized Users Only
For a normal
I really hope someone at some point implements this. It would be a big
win for us.
Just adding my +1 to the want list.
Jeff
On 8/26/10 9:17 AM, Alan DeKok wrote:
John wrote:
Hi,
We are using freeradius-2.1.8. After I modify (add/delete a client) our
clients.conf, I will kill SIGHUP to
Jean-Yves Avenard wrote:
I am running freeradius that comes installed and configured with MacOS
10.6 server.
A Windows XP can connect just fine using Microsoft Protected EAP.
iPhone, mac os client connect just fine using EAP-TTLS
Windows 7 will connect fine using Securew2 EAP-TTLS
Jeffrey Collyer wrote:
I really hope someone at some point implements this. It would be a big
win for us.
Just adding my +1 to the want list.
Put the clients in SQL. Then, configure dynamic clients. This works
*today*.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Alan DeKok wrote:
David Mitchell wrote:
I misread that page thinking that v2.1.x would just give me 2.1.9 and
that master would be 2.1.10. Either way, I was able to get v2.1.x (aka
2.1.10) to configure openssl using the LIBS=-ldl addition. I'm not
sure what's changed in the master that
Alan DeKok wrote:
David Mitchell wrote:
I now have 2.1.10 compiled and running. It seems to work fine. I did
have to make one change to my configuration. I had been using CA_path to
refer to the certificates which can authenticate clients for EAP-TLS
authentication in 2.1.8. In 2.1.10, that
My 2.1.10 server I got compiled has a problem where it hangs after a few
hours. I'm not sure if it's related to the number of requests it's
processed or not. It's happened three times so far. Restarting the
server always gets it working again. Using tcpdump I can confirm that
it's receiving
David Mitchell wrote:
My 2.1.10 server I got compiled has a problem where it hangs after a few
hours. I'm not sure if it's related to the number of requests it's
processed or not. It's happened three times so far. Restarting the
server always gets it working again. Using tcpdump I can confirm
Alan DeKok wrote:
David Mitchell wrote:
My 2.1.10 server I got compiled has a problem where it hangs after a few
hours. I'm not sure if it's related to the number of requests it's
processed or not. It's happened three times so far. Restarting the
server always gets it working again. Using
Hi
On Thursday, August 26, 2010, Alan DeKok al...@deployingradius.com wrote:
Jean-Yves Avenard wrote:
I am running freeradius that comes installed and configured with MacOS
10.6 server.
A Windows XP can connect just fine using Microsoft Protected EAP.
iPhone, mac os client connect just fine
check the capitalization of username. I have seen instances where xp clients
sends all lower, and win7 capitalised the first two characters.
nolan
--
Nolan King
Moulton Niguel Water District
27500 La Paz Rd.
Laguna Niguel, CA 92677
(949) 425-3542
24hr: (949) 831-2500
On 8/26/2010 at 11:44
On 27 August 2010 05:19, Nolan King nk...@mnwd.com wrote:
check the capitalization of username. I have seen instances where xp clients
sends all lower, and win7 capitalised the first two characters.
What do you do in this case then?
Have a script run by freeradius putting all characters as
Alan DeKok wrote:
Trey Scarborough wrote:
Yes I am aware of how it is Documented I followed the documentation but
still is not functioning correctly.
I have a configuration that is similar to as follows
sigh Similar is not the same.
Perhaps you could explain in *detail* what
Hi,
Thanks for the replies. I was afraid that the format of detail wouldn't
allow syslog. I suppose detail can be sent to mysql though, right?
No.
unless, eg using the buffered-sql virtual server. in which case detail
files can go to SQL
Is it possible within the radius log, where
Alan Buxey wrote:
unless, eg using the buffered-sql virtual server. in which case detail
files can go to SQL
Well, no. Accounting can go to SQL. But that doesn't mean writing
the detail files to SQL. And it doesn't need the buffered-sql virtual
server.
Alan DeKok.
-
List
Trey Scarborough wrote:
All I am trying to do is run the radius auth querys on a database on one
machine and the accounting on another in another database. The problem I
am seeing is that when the additional sql configuration is put in for
the accounting database it begins to use that
Alan DeKok wrote:
Trey Scarborough wrote:
All I am trying to do is run the radius auth querys on a database on one
machine and the accounting on another in another database. The problem I
am seeing is that when the additional sql configuration is put in for
the accounting database it begins
Thanks for the response Alan,
I think also that the clients are the ones that is needed to be configured.
--
View this message in context:
http://old.nabble.com/Wifi-Enabled-Phones-%2B-FreeRadius-tp29538516p29548673.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
Thanks for the response Fajar,
I don't have problem with my server using my previous configuration to
authenticate with wifi computers. But when I reconfigured my server, thats
the time it fails.
My previous config which is running smoothly was default_eap_type = gtc only
and the others are
On Fri, Aug 27, 2010 at 8:32 AM, rrperez rrpe...@apc.edu.ph wrote:
My previous config which is running smoothly was default_eap_type = gtc only
and the others are left as it is. Testing your posted configuration, the
authentication for the computers don't ask for username and password
anymore,
Thanks for the response Fajar,
Did you try leaving everything the way it was when it works and only
comment-out mschapv2 section?
Yes i tried that yesterday, and it still works.
Did you try configuring iphone to use WPA2 enterprise security?
I did that also, but I've never tried to do both at
On Fri, Aug 27, 2010 at 9:05 AM, rrperez rrpe...@apc.edu.ph wrote:
Thanks for the response Fajar,
Did you try leaving everything the way it was when it works and only
comment-out mschapv2 section?
Yes i tried that yesterday, and it still works.
Did you try configuring iphone to use WPA2
Hi all
I have a network with switches Extreme working with FreeRadius
(Authentication), on documentation of Extreme
http://www.extremenetworks.com/libraries/services/ExtremeXOSConceptsGuideSoftwareVersion12_3_rev2.zipexplain
that is possible implement with authorization, but I could not
Thanks for the response Fajar,
Finally it worked out, I commented out the mschapv2 and configured the peap
to do gtc, and on the gtc to do auth type ldap. Thanks for the big help.
Now I'm trying to test different kind of mobile phones. I'm just confused
with iPhone because the certificate was
On Fri, Aug 27, 2010 at 11:49 AM, rrperez rrpe...@apc.edu.ph wrote:
Now I'm trying to test different kind of mobile phones. I'm just confused
with iPhone because the certificate was sent when I tried to connect to the
network, while with the other phones, the certificates are installed
58 matches
Mail list logo