On 02/28/2012 07:54 AM, Mohit Aron wrote:
TLS_accept: failed in SSLv3 read client certificate A
rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
unknown ca
SSL: SSL_read failed inside of TLS (-1), TLS session fails.
You have failed to setup the required certs on
On Tue, Feb 28, 2012 at 2:34 PM, Mohit Aron extpr...@gmail.com wrote:
Hello,
I'm using the freeradius 2.10 server that comes with Ubuntu 11.10. I'm unable
to set it up so as to authenticate incoming requests from the Unix
username/passwords stored in /etc/{passwd, shadow}.
Here is a
You shouldn't need to do that. The files should have freerad group
ownership (at least it does last time I look on Natty), so freerad
user will be able to read it. Did you test it and it didn't work, or
did you THINK it wouldn't work so you do a chown manually?
If it's the first, file a bug
On Tue, Feb 28, 2012 at 3:26 PM, Mohit Aron extpr...@gmail.com wrote:
You shouldn't need to do that. The files should have freerad group
ownership (at least it does last time I look on Natty), so freerad
user will be able to read it. Did you test it and it didn't work, or
did you THINK it
Thank you very much! The problem is solved!
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Internal-sanity-check-failed-After-adding-second-Home-Server-tp5521049p5521274.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List
-proxy {...}
[pre_proxy_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d
- /usr/local/var/log/radius/radacct/10.215.30.81/pre-proxy-detail-20120228
[pre_proxy_log]
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d
expands
Hi,
When i do radiusd -X, i have this :
rad_recv: Access-Request packet from host 10.215.30.81 port 1645, id=165,
length=88
snip
[suffix] Proxying request from user gdanobrega to realm NULL
[suffix] Preparing to proxy authentication request to realm NULL
snip
Sending Access-Request of
Hi,
Thank you very much! The problem is solved!
I note you are usiong the DEFAULT realm for sending things upstream.
as a federation operator this concerns me - as it means all kinds of junk gets
sent upstream for the remote proxy to deal with. I would strongly advise that
you
rename that
Hi ,
I have configured radius for arm32 bit for EAP, it was running fine. Now
when I am running the server for mips(64 bit ) it strucks after
initializing EAP -TLS module.
Certificates are made on host using Makefile provided with radius server
and then loaded in certs directory. I am using
Prateek Kumar wrote:
I have configured radius for arm32 bit for EAP, it was running fine. Now
when I am running the server for mips(64 bit ) it strucks after
initializing EAP -TLS module.
What could be wrong ?
You'll need to use gdb to figure it out.
Alan DeKok.
-
List
Hi,
Is there a way to use PEAP or EAP-TTLS without Cleartext-Password since I
don't want to have this field in my openldap since it is clear password.
Regards.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Tue, Feb 28, 2012 at 8:48 PM, Omer Faruk SEN omerf...@gmail.com wrote:
Hi,
Is there a way to use PEAP or EAP-TTLS without Cleartext-Password since I
don't want to have this field in my openldap since it is clear password.
Sure.
- use eap-gtc or ttls-pap
- make sure your client supports
Hi,
Hi,
Is there a way to use PEAP or EAP-TTLS without� Cleartext-Password since I
don't want to have this field in my openldap since it is clear password.
NTHASH
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Omer Faruk SEN wrote:
Is there a way to use PEAP or EAP-TTLS without Cleartext-Password since
I don't want to have this field in my openldap since it is clear password.
http://deployingradius.com/documents/protocols/compatibility.html
Alan DeKok.
-
List info/subscribe/unsubscribe? See
I have sql declared in accounting module. I have followed
examples from http://wiki.freeradius.org/Rlm_sqlcounter, but my counter
doesn't still increase.? What am I missing please.
Do you have accounting records for that user in radacct?
mmm. no Fajar, I have checked from mysql and do
Thank you for the short answer Alan. Always short and simple answers you
have :)
Regards.
On Tue, Feb 28, 2012 at 4:16 PM, Alan DeKok al...@deployingradius.comwrote:
Omer Faruk SEN wrote:
Is there a way to use PEAP or EAP-TTLS without Cleartext-Password since
I don't want to have this
Hi everbody,
I have a freeradius+openldap working well, but I'd like to make some changes.
Below are the ldap module configuration:
server = ldap.mycompany.br
identity = cn=Admin,dc=univates,dc=br
password = xx
basedn =
On Tue, Feb 28, 2012 at 9:32 PM, pamela pomary ppom...@gmail.com wrote:
I have sql declared in accounting module. I have followed
examples from http://wiki.freeradius.org/Rlm_sqlcounter, but my counter
doesn't still increase.? What am I missing please.
Do you have accounting records
examples from http://wiki.freeradius.org/Rlm_sqlcounter, but my
counter
doesn't still increase.? What am I missing please.
Do you have accounting records for that user in radacct?
mmm. no Fajar, I have checked from mysql and do not have any record for
service type=
On Tue, Feb 28, 2012 at 10:30 PM, pamela pomary ppom...@gmail.com wrote:
What could be the reason why accounting records are not captured in
radacct
for a Framed-User?
Does your NAS send accounting packets?
Yes i found some accounting packets, but only for telnet logins users. My
NAS
Hi,
logins for Cisco wont do decent accounting for login sessions -
for authenticated sessions on edge ports they can sent accounting...eg
aaa accounting dot1x default start-stop group RADIUS
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hope you can help us out. First time dealing with RADIUS servers. Following
your instructions. Seem to have missed something along the way.
We are running FreeRadius(Version 2.1.1) on a SLES version 11 server. The
serve has a static IP address.
We have tried both of the following
Hi,
At http://wiki.freeradius.org/EAP-Clients it states that SecureW2 is an
open-source product but as far as i see (correct me if i am wrong) they
havechanged policy and this software is not open source anymore.
Regards.
-
List info/subscribe/unsubscribe? See
hi,
you have configured your server to listen for authentications on IP
10.0.8.9
..but then you try sending a request to 127.0.0.1 (localhost)
of course it isnt going to work.
either configure the server to listen on all interfaces (*) as a
default install would, or use 10.0.8.9 as the
Firewall is turned off on the server at this time.
From: freeradius-users-bounces+jdeluca=wiu.k12.pa...@lists.freeradius.org
[mailto:freeradius-users-bounces+jdeluca=wiu.k12.pa...@lists.freeradius.org] On
Behalf Of hashim zayed
Sent: Tuesday, February 28, 2012 2:16 PM
To: FreeRadius users
Hi,
Hi,
At [1]http://wiki.freeradius.org/EAP-Clients� it states that SecureW2 is
an open-source product but as far as i see (correct me if i am wrong) they
havechanged policy and this software is not open source anymore.
depends on which version - the old version is. the new
Changed the radtest to
radtest bob hello 10.0.8.9 0 testing123
Now in the terminal windows where we ran radiusd -X we get the following error
Ignoring request to authentication address 10.0.8.9 port 1812 from unknown
client 10.0.8.9 port 56524
The terminal session we ran the
radtest bob
James DeLuca wrote:
Changed the radtest to
radtest bob hello 10.0.8.9 0 testing123
Now in the terminal windows where we ran radiusd -X we get the following error
Ignoring request to authentication address 10.0.8.9 port 1812 from unknown
client 10.0.8.9 port 56524
So... what do you
Hi,
radtest bob hello 10.0.8.9 0 testing123
Now in the terminal windows where we ran radiusd -X we get the following error
Ignoring request to authentication address 10.0.8.9 port 1812 from unknown
client 10.0.8.9 port 56524
is 10.0.8.9 listed in clients.conf ?
you will see no response
Hi:
We've been running various versions of FreeRadius for years, currently 2.1.10 in
this application. A while ago, we switched from PAM (unix) auth to LDAP auth.
Everything worked fine after the switch...POSIX attributes for group membership
correctly allocated the right ippools, etc.
u...@3.am wrote:
However, we just noticed that password expiry isn't working. I suspect this
is
because we are still using all the original POSIX attributes and none of them
look
like good for mapping to the ones supplied by FreeRADIUS. I see:
checkItem Expiration
On Wed, Feb 29, 2012 at 1:56 AM, Omer Faruk SEN omerf...@gmail.com wrote:
Hi,
At http://wiki.freeradius.org/EAP-Clients it states that SecureW2 is an
open-source product but as far as i see (correct me if i am wrong) they
havechanged policy and this software is not open source anymore.
Page
On Wed, Feb 29, 2012 at 4:16 AM, u...@3.am wrote:
Hi:
We've been running various versions of FreeRadius for years, currently 2.1.10
in
this application. A while ago, we switched from PAM (unix) auth to LDAP auth.
Everything worked fine after the switch...POSIX attributes for group
On Wed, Feb 29, 2012 at 6:11 AM, Fajar A. Nugraha l...@fajar.net wrote:
On Wed, Feb 29, 2012 at 4:16 AM, u...@3.am wrote:
Hi:
We've been running various versions of FreeRadius for years, currently
2.1.10 in
this application. A while ago, we switched from PAM (unix) auth to LDAP
auth.
u...@3.am wrote:
However, we just noticed that password expiry isn't working. I suspect this
is
because we are still using all the original POSIX attributes and none of them
look
like good for mapping to the ones supplied by FreeRADIUS. I see:
checkItem Expiration
On Wed, Feb 29, 2012 at 4:16 AM, u...@3.am wrote:
Hi:
We've been running various versions of FreeRadius for years, currently
2.1.10 in
this application. A while ago, we switched from PAM (unix) auth to LDAP
auth.
Everything worked fine after the switch...POSIX attributes for group
On Wed, Feb 29, 2012 at 8:37 AM, u...@3.am wrote:
On Wed, Feb 29, 2012 at 4:16 AM, u...@3.am wrote:
Our LDAP attributes use the following POSIX attributes to determine expiry:
shadowMax: 90
shadowLastChange: 15215
With the first being the maximum age of the password and the second being
Hi Alan,
It was not the problem with freeradius server. Openssl that I was including
was not configured for 64 bit arch so there was this problem.
Thank you for your quick response.
Regards,
Prateek
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
38 matches
Mail list logo