From: dfds fds srinujob2...@yahoo.com
Subject: EAP-SIM and EAP-AKA support
To: freeradius-users@lists.freeradius.org, freeradius-de...@lists.freeradius.org
Date: Wednesday, November 3, 2010, 6:47 PM
Hi, I am trying to setup a radius server with EAP-SIM and EAP-AKA supportIt
seems to be
Maybe this helps you:
http://agsm.sourceforge.net/eap-sim_aka.html
I'm actually looking for an EAP-SIM implementation that gateways RADIUS
requests to a real HLR via MAP.
From the documentation I can't see that FreeRadius supports this ?!
/To
--
GRATIS! Movie-FLAT mit über 300 Videos.
Hi , I tried to setup configuration from different sources from the
web, but it's not easy
I have cisco vpn access server where are more IPSEC proflles ( groups ).
They should be authenticated against Freeradius.
One profile called Group1 should be authenticated against ntlm_auth_vpn
(
On 04/11/10 10:41, Jevos, Peter wrote:
However this config doesn’t work, debug lokks strange ( takes only first
Cisco Avpair attribute ), probably something wrong In the config
Send the full debug output, as asked frequently on this list.
-
List info/subscribe/unsubscribe? See
On 04/11/10 10:41, Jevos, Peter wrote:
DEFAULT Auth-Type := ntlm_auth_vpn, NAS-IP-Address == 10.1.1.252
Tunnel-Type = ESP,
Tunnel-Private-Group-ID = Group1,
Tunnel-Password = cisco,
Cisco-Avpair=ipsec:dns-servers=10.1.1.6 10.1.1.7,
Cisco-Avpair=ipsec:addr-pool=vpn_pool,
This wrong; you want:
SOrry about this mail Josip, but i checked again my clients.conf, and i put
conf here for u see.
clients.conf
client 127.0.0.1 {
secret = password
shortname = localhost
nastype = other # localhost isn't usually a NAS...
}
client 10.12.60.19 {
I guess you (a) didn't read my message,
Sorry, I did read your message.
and (b) want to debug it yourself.
That's sometimes the thing I end up with.
Exactly.
So I upgraded and things got worse (or better, if you prefer consistency). Now,
it doesn't honor the src_ipaddr setting no matter if I
On 2010/11/04 01:51 PM, eduardo moreira wrote:
and i use this command to test connection:
radtest username 123456 10.12.60.19 1812 0 password
man radtest gives me this:
radtest [-d raddb_directory] user password radius-server nas-port-number
secret [ppphint] [nasname]
Looking at your
Thanks a lot for valuable information. I will try to setup freeradius for
EAP-SIM. I have to still search for configuring EAP-AKA , if anybody knows
about it , please share info
Thanks and RegardsSrinivas
--- On Thu, 11/4/10, tmuehlh...@gmx.net tmuehlh...@gmx.net wrote:
From:
hi johan,
thanks for u reply.
i try with your command,
raddtest -d /etc/freeradius username password ip-server port-server secret
but no works.
but thanks.
2010/11/4 Johan Meiring jmeir...@pcservices.co.za
On 2010/11/04 01:51 PM, eduardo moreira wrote:
and i use this command to test
On 2010/11/04 02:16 PM, eduardo moreira wrote:
raddtest -d /etc/freeradius username password ip-server port-server
secret but no works.
Copy and paste your command.
Do not retype it.
--
Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021) 886-7782
-
List
sorry
radtest -d /etc/freeradius username 123456 10.12.60.19 1812 password any
2010/11/4 Johan Meiring jmeir...@pcservices.co.za
On 2010/11/04 02:16 PM, eduardo moreira wrote:
raddtest -d /etc/freeradius username password ip-server port-server
secret but no works.
Copy and paste your
eduardo moreira wrote:
SOrry about this mail Josip, but i checked again my clients.conf, and i
put conf here for u see.
The debug log you posted contains the solution to the problem.
Read it.
If it's too hard to understand, paste the debug output into this form:
On 2010/11/04 02:37 PM, eduardo moreira wrote:
sorry
radtest -d /etc/freeradius username 123456 10.12.60.19 1812 password any
That should work.
The any is probably unnecesary.
What does freeradius -X now say?
--
Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021) 886-7782
What I could try later is using another interface's (one not having an alias)
address as src_ipaddr and see if that is honoured or not.
With that, I still get the Failed binding to proxy address messages.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
same message, but one message desappears:
Thu Nov 4 09:30:02 2010 : Debug: WARNING: Unprintable characters in the
password. Double-check the shared secret on the server and the NAS!
before this message appears this:
Thu Nov 4 10:58:52 2010 : Debug:
Failed binding to proxy address port 1000: Permission denied
(note there are two spaces here^^
I' unsure why ip_ntoh fails (I don't get any ip_ntoh: errors), but turning
off dns_lookups shows the default IP (the one to be used without ip_srcaddr)
here.
-
List info/subscribe/unsubscribe? See
Phil Mayers thanks it works !!!
But after auth radius going down with message Segmentation fault.
AS-IP-Address = 172.100.50.24
NAS-Port = 1
Framed-MTU = 1388
NAS-Port-Type = Wireless-802.11
Service-Type = Authenticate-Only
Called-Station-Id =
On 04/11/10 10:41, Jevos, Peter wrote:
DEFAULT Auth-Type := ntlm_auth_vpn, NAS-IP-Address == 10.1.1.252
Tunnel-Type = ESP,
Tunnel-Private-Group-ID = Group1,
Tunnel-Password = cisco,
Cisco-Avpair=ipsec:dns-servers=10.1.1.6 10.1.1.7,
Cisco-Avpair=ipsec:addr-pool=vpn_pool,
This wrong; you
[Apparently the usenet gateway is not bidirectional, so I re-post here, sorry]
Hello,
AFAIK, there's nothing in the RADIUS protocol allowing you to ask
a RADIUS server which user is currently using a given IP address... or
am I missing something? The only thing you can do is
FreeRADIUS-specific
On 04/11/10 15:25, Jevos, Peter wrote:
On 04/11/10 10:41, Jevos, Peter wrote:
DEFAULT Auth-Type := ntlm_auth_vpn, NAS-IP-Address == 10.1.1.252
Tunnel-Type = ESP,
Tunnel-Private-Group-ID = Group1,
Tunnel-Password = cisco,
Cisco-Avpair=ipsec:dns-servers=10.1.1.6 10.1.1.7,
Edgar Fuß wrote:
So I upgraded and things got worse (or better, if you prefer consistency).
Now, it doesn't honor the src_ipaddr setting no matter if I start with -sfxx
-l stdout or whatever.
Hmm... this *was* tested in 2.1.10. Your configuration must be doing
something odd.
What I gain
On 04/11/10 15:31, Guido De Rosa wrote:
[Apparently the usenet gateway is not bidirectional, so I re-post here, sorry]
Hello,
AFAIK, there's nothing in the RADIUS protocol allowing you to ask
a RADIUS server which user is currently using a given IP address... or
am I missing something? The
Guido De Rosa wrote:
AFAIK, there's nothing in the RADIUS protocol allowing you to ask
a RADIUS server which user is currently using a given IP address... or
am I missing something?
No. Use a database for this kind of query.
I'm configuring DansGuardian web content filtering
Влад Власов wrote:
Phil Mayers thanks it works !!!
But after auth radius going down with message Segmentation fault.
...
Thu Nov 4 19:42:55 2010 : Info: [eap] Final reply from tunneled session code
2
Service-Type = Framed-User
Framed-Protocol = PPP
Session-Timeout
Cisco-AVpair += 2nd:attribute
This is documented in the manpage and docs.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Thank you, it helped but it still doesn't work as I wished:
All I need is:
When request comes from 10.1.1.252 and
I'm using the Juniper Odyssey Access Client, you can download a trial from
the Juniper website. So far it's the only supplicant I've come across that
allows for PEAP or TTLS with client certificates. Drawback being you have
to buy licenses for each instance of it running inside the company,
On 04/11/10 15:52, Jevos, Peter wrote:
Dear Phil , thank you ,
I removed Fall through parameter, it works partially, when user comes
from the address 10.1.1.252 and Tunnel-Private-Group-ID is not Group1,
it takes the Auth-Type := ntlm_auth_vpn ( which is wrong ), and not
Auth-Type :=
On 04/11/10 15:52, Jevos, Peter wrote:
Dear Phil , thank you ,
I removed Fall through parameter, it works partially, when user
comes
from the address 10.1.1.252 and Tunnel-Private-Group-ID is not Group1,
it takes the Auth-Type := ntlm_auth_vpn ( which is wrong ), and not
Auth-Type :=
On 04/11/10 16:15, Jevos, Peter wrote:
Thank fo your reply, hoever as you can see from my previous posts, I did
it:
Frankly I find your posts confusing; your email client doesn't quote
properly and mangles the text wrapping, so I had no way to be sure.
Post full debug output of a failing
On 04/11/10 16:15, Jevos, Peter wrote:
Thank fo your reply, hoever as you can see from my previous posts, I
did
it:
Frankly I find your posts confusing; your email client doesn't quote
properly and mangles the text wrapping, so I had no way to be sure.
Post full debug output of a failing
Which OS?
David
On Thu, Nov 4, 2010 at 9:00 AM, rdeboer rem...@gmail.com wrote:
I'm using the Juniper Odyssey Access Client, you can download a trial from
the Juniper website. So far it's the only supplicant I've come across that
allows for PEAP or TTLS with client certificates. Drawback
2010/11/4 Phil Mayers p.may...@imperial.ac.uk:
FreeRADIUS-specific like issuing the
radwho command which shows you a list of currently
logged users, their IP addresses and other informations. Another
option
is querying the FreeRADIUS database (MySQL/whatever...), which is
actually what some
Hi All,
We had ntPassword hash in our ldap server, now the authentication from
peap from windows computer and radtest -t mschap fail. Attached please
find the full debug information. My username is sding for the testing.
Thanks,
[r...@auth2 opt]# ./sbin/radiusd -X
FreeRADIUS Version 2.1.10,
2010/11/4 Alan DeKok al...@deployingradius.com:
Guido De Rosa wrote:
I'm configuring DansGuardian web content filtering
(http://dansguardian.org) which has the possibility to configure
several
filter groups each with different filtering rules. I would like to
match filter groups by RADIUS
I have clients multiple clients on the following networks:
192.168.89.0/24
192.168.90.0/24
192.168.91.0/24
I have two users:
test1
test2
I would like to grant test1 access to clients on 192.168.89.0/24 and
192.168.90.0/24 but not 192.168.91.0/24.
I would like to grant test2 access to clients
Mostly windows 7 but linux and OSX would be nice too..
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/PEAP-TTLS-and-Client-certificates-tp3238845p3250786.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See
I've solved it with huntgroups with individual client IP's but I need to do
it by subnet.
I thought the following would work but it didn't.
/etc/raddb/huntgroups
hunt1NAS-IP-Address =~ /^192\.168\.(89|90|91)\..*$/
This appears to have been fixed by putting quotes around the regex
Your configuration must be doing something odd.
Yes. As specifying multiple identical src_ipaddr values for several home
servers resulted in 2.1.7 not to start up properly, I (mis)understood the
comment
# The rest of the configuration items listed here are optional,
# and do not have to
I put the debug into the form
http://networkradius.com/freeradius.html
and got the following for the first packet.
My LDAP entry
dn: uid=sding,ou=People,dc=fsu,dc=edu
ntPassword: 771CFDFE02A8C15E15B3E0E4974602FA
smbencrypt of my password, they are the same as in ldap query.
LM Hash
Can anyone please help on this as I've googled as cannot find a solution to
the issue I've outlined below.
Thx
Nev
Hi Everyone,
Here is some Debug if anyone can help explain or correct the
[monthlytraffic] Counter calculation.
Sat Oct 30 22:39:39 2010 : Info: [monthlytraffic] expand:
schilling wrote:
Found Auth-Type = EAP
WARNING: Unknown value specified for Auth-Type. Cannot perform
requested action.
You have edited the default configuration and broken it. Don't do that.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi
I currently work with freeradius version 2.1.7, my users are in mysql.
mysql SELECT * FROM `radusergroup`;
+++--+
| username | groupname | priority |
+++--+
| joseph | Desarrollo |1
43 matches
Mail list logo