Hi,
We are using Freeradius2 with MySQL at the backend.
I understand that the buffered sql takes care of buffering queries. What is
the best way to stop querying MySQL altogether and return a negative
response, after a certain threshold of processing is reached by the server?
buffered_sql
Hi,
my first post here, a newbie question, thanks for your help.
I'm going to set up two freeradius servers (2.1.7 on RHEL 5.5).
ServerB will be connected to an AP and I want it to proxy all EAP
requests to serverA (TTLS-PAP
will be the only method accepted) which will do authentication using
an
On 05/03/12 09:38, Stefano Zanmarchi wrote:
Hi,
my first post here, a newbie question, thanks for your help.
I'm going to set up two freeradius servers (2.1.7 on RHEL 5.5).
ServerB will be connected to an AP and I want it to proxy all EAP
requests to serverA (TTLS-PAP
will be the only method
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -
/usr/local/var/log/radius/radacct/196.0.4.18/auth-detail-20120305
[auth_log]
/usr/local/var
Mulindwa wrote:
Hallo there, i have an issue with my wimax setup, am trying to have my
users authenticate using the wonderful freeradius but still failing.
Am suing WASN9970 and using freeradius 2.1.12,
When i turn on radius using radius-X, this is what i get, and client
never
/196.0.4.18/auth-detail-20120305
[auth_log]
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/196.0.4.18/auth-detail-20120305
[auth_log] expand: %t - Mon Mar 5 08:59:56 2012
++[auth_log] returns ok
++[chap] returns noop
On 5 Mar 2012, at 12:28, Alan DeKok wrote:
Mulindwa wrote:
Hallo there, i have an issue with my wimax setup, am trying to have my
users authenticate using the wonderful freeradius but still failing.
Am suing WASN9970 and using freeradius 2.1.12,
When i turn on radius using radius-X,
YJZ wrote:
1. I have been compiling Freeradius 3.0.0 or Freeradius 2.x with the
--with-udpfromto flag, until very recently always on Mac OS X 10.4.11. Now I
find OS X 10.7 (Lion) no longer defines SOL_IP for {get,set}sockopt() as
described at http://trac.macports.org/ticket/30403. Inserting
/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -
/usr/local/var/log/radius/radacct/196.0.4.18/auth-detail-20120305
[auth_log]
/usr/local/var/log/radius
Thanks a lot Phil for your kind answer.
Could you please tell me which is the weird part of the configuration?
Do you mean the use of ttls-pap with openldap or the fact that serverB
is there only
to proxy requests to serverA?
On Mon, Mar 5, 2012 at 11:58 AM, Phil Mayers p.may...@imperial.ac.uk
Good afternoon,
I'm new in Radius and I have no clue what happens, can anybody help me? from
the server in the command line works fine, from the wireless client get this
one.
Thanks
Regards
ad_recv: Access-Request packet from host 127.0.0.1 port 35226, id=0, length=200
User-Name
On 05/03/12 12:56, Stefano Zanmarchi wrote:
Thanks a lot Phil for your kind answer.
Could you please tell me which is the weird part of the configuration?
Do you mean the use of ttls-pap with openldap or the fact that serverB
is there only
to proxy requests to serverA?
The latter. I'm sure you
On 05/03/12 13:55, Javier Ruiz Escalante wrote:
Good afternoon,
I'm new in Radius and I have no clue what happens, can anybody help me?
from the server in the command line works fine, from the wireless client
get this one.
Mon Mar 5 12:36:33 2012 : Debug: WARNING: Unprintable characters in
Hi,
the output is quite clear about what is wrong:
Mon Mar 5 12:36:33 2012 : Debug: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
incorrect shared secret
alan
PS there is no such word as 'Authentification'
-
List
Hi Alan,
FreeRADIUS does this in the default install, and contains EAP tests
(src/tests) for all major EAP types.
I actually went and re-read the RFC for PEAP. I noted that a server that
supports PEAP will reply with the highest supported version and the negotiation
will go from there.
Hi,
NOTE the section here:
User-Name = mysqltest
User-Password = O%:snv\nB\334Ξ\300H\035\235e
And here
Mon Mar 5 12:36:33 2012 : Info: [pap] login attempt with password O%:snv
B��?�H??e
Mon Mar 5 12:36:33 2012 : Info: [pap] Using clear text password
Thank you very much, but the password is testsecret, I don't know why it
shows this strange password, I don't know if it is related to the port 443, as
in the server console is working perfectly with the password testsecret
Thanks!!
Regards
Javier Ruiz Escalante
Teléfono: 00 34 512 700
We've been using SecureW2's client with our Freeradius server using
EAP-TTLS/PAP authentication. From doing some very preliminary
testing with the Windows 8 consumer preview, I've noticed that MS is now
including EAP-TTLS support directly in windows.
Unfortunately, I haven't had any luck getting
On 5 Mar 2012, at 15:53, Javier Ruiz Escalante wrote:
Sorry,
I have no idea which files to check despite the message is clear.
raddb/clients.conf and the configuration of your NAS. RADIUS uses pre-shared
secret to encrypt parts of the packet and for authenticator hashes.
The pre-shared
I have no idea which files to check despite the message is clear.
Did you set up this server or did someone else? The NAS is a client to the
freeRADIUS server, normally these are setup in clients.conf.
Also, keep in mind that your password will be sent over the network as text and
processed
Can you paste the output of radiusd -X? Please dont use -XX, we dont need
timestamps.
Jake Sallee
Godfather of Bandwidth
Network Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
From:
The password and the secret are two different things. When you set up
FreeRadius you had to put a secret = line in the client clause for your NAS.
You have to put that same secret in the NAS (don't ask us where, that depends
on the NAS.) In your case your NAS is your AP or your LWAP/CWAP
On 5 Mar 2012, at 16:03, Javier Ruiz Escalante wrote:
Thank you very much, but the password is testsecret, I don't know why it
shows this strange password, I don't know if it is related to the port 443,
as in the server console is working perfectly with the password testsecret
Because
Hello,
The secret is set in clients.conf, where has to be se also?
Regards
Javier Ruiz Escalante
Teléfono: 00 34 512 700 524
Skype: fruiz002
From: a.cudba...@freeradius.org
Subject: Re: Double-check the shared secret on the server and the NAS!
Date: Mon, 5 Mar 2012 16:10:37 +0100
To:
But where is the shared secret? I have written the same secret everywhere...
Javier Ruiz Escalante
Teléfono: 00 34 512 700 524
Skype: fruiz002
From: a.cudba...@freeradius.org
Subject: Re: Authentification
Date: Mon, 5 Mar 2012 16:20:43 +0100
To: freeradius-users@lists.freeradius.org
On 05/03/12 15:05, Brian Gold wrote:
We've been using SecureW2's client with our Freeradius server using
EAP-TTLS/PAP authentication. From doing some very preliminary testing
with the Windows 8 consumer preview, I've noticed that MS is now
including EAP-TTLS support directly in windows.
Hopeman, Ward wrote:
This is where I got confused, I missed the foot notes that PEAPv1 was only
available in the experimental build with the eap2 module.
Yes. FR doesn't support PEAPv1 natively.
Don't use PEAPv1. It's even less documented than PEAPv0. It's used by
pretty much no
In nas table in case you're using sql...
On 5.3.2012 16:40, Javier Ruiz Escalante wrote:
Hello,
The secret is set in clients.conf, where has to be se also?
Regards
**
Javier Ruiz Escalante*
*
**Teléfono: *00 34 512 700 524
*
Skype: fruiz002**
I'm using SQL but there is no NAS table...
Javier Ruiz Escalante
Teléfono: 00 34 512 700 524
Skype: fruiz002
Date: Mon, 5 Mar 2012 16:49:03 +0100
From: mangi...@gmail.com
To: freeradius-users@lists.freeradius.org
Subject: Re: Double-check the shared secret on the server and the NAS!
Hi all,
Apologies for being slightly off topic.
Does anyone else get a problem with Windows 7 clients prompting for the radius
credentials 2 or 3 times before finally accepting them? No errors are shown on
the radius side, and I've read that this is a problem with the operating
system, but
Could it be the problem?
# Table to keep radius client info
nas_table = nas
It makes reference to the nas table but there is no nas table in my sql
database... If I uncomment the line #readclients = yes radius gives me an
error.
Regards and thanks
Javier Ruiz Escalante
Hello once again,
Thank you for your help in resolving this problem. I have counters
increasing now after defining Max-Daily-Session for DEFAULT user in the
users file like below and adding the line aaa accounting dot1x default
start-stop group radius suggested by Alan Buxey to config on my
All,
At my new working place I have inherited a FR 1.1.3 running on CentOS 5.6.
Beyond being outdated and unsupported, this FR setup is causing a lot of
problems so I plan a migration to RHEL5 and FR 2.1.12.
I've been searching but I cannot find a procedure describing which steps to
follow in
Hello,
Coonected to the eth1 I have my Mikrotik, and connected to the Mikrotik I have
the computer via Wireless, can it be the Problem?
thanks!!
Javier Ruiz Escalante
Teléfono: 00 34 512 700 524
Skype: fruiz002
Date: Mon, 5 Mar 2012 16:49:03 +0100
From: mangi...@gmail.com
To:
Javier Ruiz Escalante wrote:
Hello,
Coonected to the eth1 I have my Mikrotik, and connected to the Mikrotik
I have the computer via Wireless, can it be the Problem?
You are asking too many questions.
This usually indicates you're trying random things, rather than trying
to understand
Sorry that I confuse you, I just wanted to give you more information just in
case... It's clear for me that the secret has to be the same everywhere, but
where do I write the secret in the NAS? the NAS is the AP connected to the
Radius Server ethernet 1, is it the Wireless client?
Javier
Hello,
It's already working, the NAS is my Chillispot, and the problem was that
theUAMSECRET wa commented...
Javier Ruiz Escalante
Teléfono: 00 34 512 700 524
Skype: fruiz002
Date: Mon, 5 Mar 2012 16:49:03 +0100
From: mangi...@gmail.com
To: freeradius-users@lists.freeradius.org
Javier Ruiz Escalante wrote:
Sorry that I confuse you, I just wanted to give you more information
just in case... It's clear for me that the secret has to be the same
everywhere, but where do I write the secret in the NAS? the NAS is the
AP connected to the Radius Server ethernet 1, is it
Hi,
But where is the shared secret? I have written the same secret
everywhere...
on the FreeRADIUS server its in clients.conf (or, if you have configured
SQL to have NAS tables then in the nas table)
on your AP its in the configuration section. note that 'clients' as you know
them
Hi,
At my new working place I have inherited a FR 1.1.3 running on CentOS 5.6.
Beyond being outdated and unsupported, this FR setup is causing a lot of
problems so I plan a migration to RHEL5 and FR 2.1.12.
I've been searching but I cannot find a procedure describing which steps to
follow
Hi,
Does anyone else get a problem with Windows 7 clients prompting for the
radius credentials 2 or 3 times before finally accepting them? No errors
are shown on the radius side, and I’ve read that this is a problem with
the operating system, but wondered whether anyone in this
On 05/03/12 16:16, Morris, Andi wrote:
Hi all,
Apologies for being slightly off topic.
Does anyone else get a problem with Windows 7 clients prompting for the
radius credentials 2 or 3 times before finally accepting them? No errors
are shown on the radius side, and I’ve read that this is a
Hi,
On 05/03/12 16:16, Morris, Andi wrote:
Hi all,
Apologies for being slightly off topic.
Does anyone else get a problem with Windows 7 clients prompting for the
radius credentials 2 or 3 times before finally accepting them? No errors
are shown on the radius side, and I’ve read
I've seen such things if the authentication takes an extraordinary
length of time. Windows EAP client expects a round trip on the order
of 30 seconds (or 60, ummm my memory is already fading...) and if EAP
doesn't come back in that time, could abort the authentication.
Typically another
I've uploaded the radius -X output to http://pastebin.com/Fgr60hXr since it was
pretty long.
-Original Message-
From: freeradius-users-bounces+bgold=simons-rock@lists.freeradius.org
[mailto:freeradius-users-bounces+bgold=simons-
rock@lists.freeradius.org] On Behalf Of Phil
Hello all,
I'm trying to figure out how to access vendor specific attributes from JRADIUS
via my FreeRADIUS server. I have defined the dictionary file and have included
them in FreeRADIUS and JRADIUS. Using wireshark I can verify that the
attributes that I've defined are included in the
Hello,
I just had a freeradius server (2.1.12, prebuilt for
x86_64-redhat-linux-gnu) setup for development testing purpose.
However I couldn’t configure this server for TCP connection. By the
email thread dated back 09/2009, freeradius should have TCP
transportatation support. Can you please shed
hi,
right. interesting. I've just been looking into Windows 8 and I found
that if I chose a non-EAP method with TTLS (eg PAP or MSCHAP) then it
didnt work. but if I chose an EAP method with TTLS - eg EAP-MSCHAPv2 then
it worked fine. so more needs to be looked at there.
based on the UI it seems
On 03/05/2012 06:31 PM, Brian Gold wrote:
I've uploaded the radius -X output to http://pastebin.com/Fgr60hXr since it was
pretty long.
Weird; that all looks good to me. I guess the problem must be on the
Windows side, but I'm not super familiar with TTLS so am not sure what
it might be.
-
On 03/05/2012 07:39 PM, Wenjuan Lin wrote:
Hello,
I just had a freeradius server (2.1.12, prebuilt for
x86_64-redhat-linux-gnu) setup for development testing purpose.
However I couldn’t configure this server for TCP connection. By the
email thread dated back 09/2009, freeradius should have TCP
I'm attempting to follow the guide at http://deployingradius.com/ Things
were going very well until I tried to set up Active Directory
authentication. Testing with ntlm_auth, I get a success:
$ ntlm_auth --request-nt-key --domain=MYDOMAIN --username=myuname
--password=mypass
NT_STATUS_OK: Success
Hello everybody, I have a freeradius that autenticate users using mysql
database.
When I use the command radwho I saw a lot of users wich are old users.
The question is, How should I disconnect those users so don't showed up with
the radwho command?
Regards
Carina
Mon Mar 5 14:45:55 2012 : Debug: Exec-Program-Wait: plaintext: winbind
client not authorized to use winbindd_pam_auth_crap. Ensure permissions
on
/var/run/samba/winbindd_privileged are set correctly. (0xc022)
Did you spot this?
--
Sent from my phone. Please excuse brevity and typos.
-
Hi Andi,
I did see the behavior, and it appears to be a bug with the windows
supplicant. Apparently, the credentials are not even passed to the EAP
module to initiate the session with the NAS...
We do not have any kind of contact at Microsoft to open a bug, so I
believe you are stuck with
Huh... It seems you're firing with closed eyes and you're expecting to
hit something...
Check this five blog posts and you'll see that RADIUS is not black box
when you want to read something...
http://www.serveradminblog.com/category/freeradius/
On 3/5/2012 6:20 PM, Alan Buxey wrote:
Hi,
Migrating from CentOS5 to RHEL5 ? Whats the point ?
Especially when CentOS6.x/RHEL6.x is already here...
On 3/5/2012 5:38 PM, Martin Mielke wrote:
All,
At my new working place I have inherited a FR 1.1.3 running on CentOS 5.6.
Beyond being outdated and unsupported, this FR setup is causing a
Hi,
2 things
Mon Mar 5 14:45:54 2012 : Info: [mschap] No NT-Domain was found in the
User-Name.
Mon Mar 5 14:45:54 2012 : Info: [mschap] expand: %{mschap:NT-DOMAIN} -
Mon Mar 5 14:45:54 2012 : Info: [mschap] ... expanding second conditional
Mon Mar 5 14:45:54 2012 : Info:
Mon Mar 5 14:45:55 2012 : Debug: Exec-Program-Wait: plaintext: winbind
client not authorized to use winbindd_pam_auth_crap. Ensure permissions
on
/var/run/samba/winbindd_privileged are set correctly. (0xc022)
Did you spot this?
This was definitely it. Thank you so much.
-Scott
-
On 28/02/12 21:16, u...@3.am wrote:
However, we just noticed that password expiry isn't working. I suspect this
is
because we are still using all the original POSIX attributes and none of them
look
like good for mapping to the ones supplied by FreeRADIUS. I see: checkItem
Expiration
On Tue, Mar 6, 2012 at 9:10 AM, u...@3.am wrote:
I put your 'update control' here, in the authorize :
redundant LDAP{
ldap1
ldap2
update control {ETC
}
}
The above allows us to define two LDAP servers in radiusd.conf.
Hi guys
I am from the Microsoft EAP team, and we have not seen this issue. Can
you please send the following logs to me for investigating at
aman.arn...@microsoft.com
From an elevated command prompt :
Netsh ras set tr * en
run scenario
Netsh ras set tr * di
Also, you can consider me a Microsoft
Hi Alan
I am from the Microsoft EAP team for windows 8 , if you face any issues
or need clarity on any of our features please feel free to email me at
aman.arn...@microsoft.com
BTW we have tested our TTLS with freeradius successfully !
also thanx for the feedback I am processing it and will
Hi Alan,
Seems NAS is rejecting my request, what do you think could be the issue?
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
Sorry, forgot to add, I need the output stored under
Sytemdrive\Windows\Tracing
On Tue, Mar 6, 2012 at 8:48 AM, Aman Arneja arneja.a...@gmail.com wrote:
Hi guys
I am from the Microsoft EAP team, and we have not seen this issue. Can
you please send the following logs to me for investigating at
Hi there,
How can i use my free radius to authenticate users of a certain realm with them
using any password
EM
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Tue, Mar 6, 2012 at 2:28 PM, Mulindwa meri...@yahoo.com wrote:
Hi there,
How can i use my free radius to authenticate users of a certain realm with
them using any password
Start by reading
http://wiki.freeradius.org/FAQ#How+do+I+permit+access+to+any+user+regardless+of+password%3F
--
66 matches
Mail list logo