dynamic clients

2011-07-17 Thread YvesDM
Hi, I try to configure dynamic clients on FR2.1.8. I use as good as default configuration in my testing. Somehow it always looks at FreeRADIUS-Client-Virtual-Server = something even the dynamic_client_server is defined in client dynamic. As I understand it right, it shouldn't look at that

Re: LDAP Not working properly

2011-07-17 Thread Alan Buxey
Hi, I have changed from %Ldap-UserDN to %{Ldap-UserDN} but still not able to login from my cisco switch. Sending Access-Accept of id 184 to 172.17.3.210 port 1645 Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 184 with timestamp +14 Ready

Re: dynamic clients

2011-07-17 Thread Alan DeKok
YvesDM wrote: I try to configure dynamic clients on FR2.1.8. I use as good as default configuration in my testing. Somehow it always looks at FreeRADIUS-Client-Virtual-Server = something even the dynamic_client_server is defined in client dynamic. Because that's what you told it to do. The

Re: dynamic clients

2011-07-17 Thread Alan DeKok
Alan DeKok wrote: YvesDM wrote: I try to configure dynamic clients on FR2.1.8. I use as good as default configuration in my testing. Somehow it always looks at FreeRADIUS-Client-Virtual-Server = something even the dynamic_client_server is defined in client dynamic. Because that's what

how to get this logentry correct

2011-07-17 Thread Cor Bosman
Hey all, ive set up a radius daemon to verify OTPs. It's all working just fine, except for the log entries on failure to give the correct OTP. Here is the virtual server ive set up: server oath { client { secret = XX shortname = oath

Re: how to get this logentry correct

2011-07-17 Thread Arran Cudbard-Bell
Hmm yes, pretty out of date way of doing things, the problem is you're explicitly forcing authentication to succeed, and calling the exec module really late... Get rid of the files call, or just use it to set the reply message i.e. Don't use Auth-Type = Accept. See here for a guide:

Re: how to get this logentry correct

2011-07-17 Thread Cor Bosman
Hey Arran, Hmm yes, pretty out of date way of doing things, the problem is you're explicitly forcing authentication to succeed, and calling the exec module really late... Yeah, the author of multiotp doesnt seem to know about the out of date method, his docs still mention the old method.

radius.log test?

2011-07-17 Thread OzSpots - Carl Sawers
Hi all, I have suddenly started seeing this in the radius.log ( 2.2) Mon Jul 18 11:36:23 2011 : Auth: Login incorrect: [TEST/+\253\362\023\213\223-~\272\257]$\003\033\211] (from client localhost port 0) All seems well besides this. It started happening a day ago every 30 seconds. Anyone