I was trying to get linelog to log a CSV style log file with the Access
Accept and Reject messages for auditing purposes.
Took a while to see that the Access-Reject verb doesn't work in the
modules/linelog file, it only ever uses the Access-Request since all the
requests are Access-Request
Thanks Fajar,
My users are using EAP-TTLS, is there a possibility to have them connect
without a password
Eric M
From: Fajar A. Nugraha l...@fajar.net
To: Mulindwa meri...@yahoo.com; FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Sent:
On Tue, Mar 6, 2012 at 3:16 PM, Mulindwa meri...@yahoo.com wrote:
Thanks Fajar,
My users are using EAP-TTLS, is there a possibility to have them connect
without a password
See http://wiki.freeradius.org/Protocol%20Compatibility
or to be specific, just the paragraph under the table :)
--
/usr/local/etc/raddb/sites-enabled/default
+- entering group post-auth {...}
[reply_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -
/usr/local/var/log/radius/radacct/196.0.4.18/reply-detail-20120306
[reply_log]
/usr/local/var/log/radius/radacct/%{Client
Dear All,
I also have this info, do i need to have it in my free radius?
Server Root CA Cert. Info
/C=US/O=WiMAX Forum(R)/CN=WiMAX Forum(R) Server Root - CA1
Device Cert. Info
/C=TW/O=MitraStar Technology/OU=WiMAX Forum(R) Devices/CN=0C4C39b7830b WiMAX
Series
Eric M
Mulindwa wrote:
So far looks good only that users are not authenticating yet.
You cannot set Auth-Type := Accept for WiMAX connections. It won't
work. It's impossible.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
Since more than a year we're doing EAP-TTLS to authenticate Wimax Users
on Alcatel and Huawei NASes.
Last week we've migrate Motorola authentication on freeradius. (no more
radiator :-) ).
But then we've experienced freeradius crash.
Informations :
Software : Freeradius 2.1.12
OS :
Thomas Fagart wrote:
Last week we've migrate Motorola authentication on freeradius. (no more
radiator :-) ).
Nice.
But then we've experienced freeradius crash.
Not so nice.
The crash usually happen when home servers (ISP radius) does not
respond, then the radius load goes up to 50/60
On 03/06/2012 02:10 AM, u...@3.am wrote:
On 28/02/12 21:16, u...@3.am wrote:
However, we just noticed that password expiry isn't working. I suspect this is
because we are still using all the original POSIX attributes and none of them
look
like good for mapping to the ones supplied by
Alan Buxey a.l.m.bu...@lboro.ac.uk writes:
At my new working place I have inherited a FR 1.1.3 running on CentOS 5.6.
Beyond being outdated and unsupported, this FR setup is causing a lot of
problems so I plan a migration to RHEL5 and FR 2.1.12.
I've been searching but I cannot find a
Hi Thomas,
How did manage to configure Freeradius with Huawei NAS, its a big challenge to
me, have still failed.
Eric M
From: Thomas Fagart tfag...@brozs.net
To: freeradius-users@lists.freeradius.org
Sent: Tuesday, March 6, 2012 12:19 PM
Subject:
Alan DeKok wrote:
Joe Holden wrote:
Forgive me if I've missed something blatantly obvious here, but is there
a TX/RX speed RADIUS attribute to match the L2TP AVP?
If you can't find it, it doesn't exist.
Can't find
anything that suggests there is - if not, is it best to implement my own
On Tue, Mar 6, 2012 at 4:11 PM, Alan DeKok al...@deployingradius.com wrote:
Mulindwa wrote:
So far looks good only that users are not authenticating yet.
You cannot set Auth-Type := Accept for WiMAX connections. It won't
work. It's impossible.
Ooops. My bad.
Wiki updated.
--
Fajar
-
Good morning,
I have my freeradius working with SQL but have no software to manage users.
Anybody knows anything?
Thanks in advance.
Regards
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -
/usr/local/var/log/radius/radacct/196.0.4.18/auth-detail-20120306
This is part of an OS consolidation project which started some time ago. There
were too many Linux-flavours like Debian, Slackware, Fedora, CentOS, RedHat 4,
Mandriva... thus making maintenance, support and administration more
complicated...
Anyway, this was not the point ;-)
Regards,
Mulindwa wrote:
am still having a challenge and seeking your guidance, i have this
account in my users file as shown below;
However, client still can not connect and this is the log below, what
could be the issue?
The debug output is the same, so the problem is the same.
This question
Thanks Alan,
I have actually changed the my eap.conf file and have it with
default_eap_type = ttls
However still wimax client cannot connect even when i have enabled password for
him, what could i be doing wrong?
Thanks for your support Alan
Eric M
Mulindwa wrote:
I have actually changed the my eap.conf file and have it with
default_eap_type = ttls
However still wimax client cannot connect even when i have enabled
password for him, what could i be doing wrong?
You're not follow instructions. If you don't read the answers on this
On Tue, Mar 6, 2012 at 5:15 PM, Javier Ruiz Escalante
fruiz...@hotmail.com wrote:
Good morning,
I have my freeradius working with SQL but have no software to manage users.
Anybody knows anything?
My favorite was actually phpmyadmin, editing the tables directly :D
If you can get it working,
On Tue, Mar 6, 2012 at 6:13 PM, Martin Mielke mmie...@sapphire.gi wrote:
This is part of an OS consolidation project which started some time ago.
There were too many Linux-flavours like Debian, Slackware, Fedora, CentOS,
RedHat 4, Mandriva... thus making maintenance, support and
Thanks Alan,
The answer i did see which stated that you can not have Wimax users with no
authentication.
However i have not seen the instructions of how to setup a wimax account or
having wimax work with freeradius, i have followed all instruction enabling the
rlm_wimax and anything to do
On Tue, Mar 6, 2012 at 7:27 PM, Javier Ruiz Escalante
fruiz...@hotmail.com wrote:
Hello,
After installing Daloradius I get the following error, could somebody give
me a clue of how to solve it? Befoe everything was working...
Did you read daloradius documentation, just in case it had some
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 249 to 196.0.4.18 port 1812
You're still have EAP-MD5 as default EAP method.
Look thoroughly into eap.conf. There is
Thanks Lliya,
Have done so but still client not able to connected.
Eric M
From: Iliya Peregoudov iperegu...@cboss.ru
To: Mulindwa meri...@yahoo.com; FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Sent: Tuesday, March 6, 2012 3:42 PM
Hi,
I have freeradius installed with mpd for pppoe dialin users. If some users
power off computer without disconnecting than session hangs up. When I run
radwho it shows user is connected where as practically user is disconnected.
Is there any script or utility which can clean up radwho. 2ndly
On Tue, Mar 6, 2012 at 8:50 PM, Mulindwa meri...@yahoo.com wrote:
Thanks Lliya,
Have done so but still client not able to connected.
... and what does the debug log looks like now? Does it still show md5
being used?
Also, to doublecheck, what EAP method do you configure your client to
use?
On 03/06/2012 02:10 AM, u...@3.am wrote:
On 28/02/12 21:16, u...@3.am wrote:
However, we just noticed that password expiry isn't working. I suspect
this is
because we are still using all the original POSIX attributes and none of
them look
like good for mapping to the ones supplied by
Thanks Aman, that could be a very big help if you could take a look. I've
emailed you the log files to your Microsoft address.
Francois, it's good to know that you've also seen this issue.
Dave, I am running Cisco switches with dot1x timeouts, I wonder whether this
could be causing the issue.
On Mon, Mar 05, 2012 at 05:36:24PM +, Phil Mayers wrote:
On 05/03/12 16:16, Morris, Andi wrote:
Does anyone else get a problem with Windows 7 clients prompting for the
radius credentials 2 or 3 times before finally accepting them? No errors
are shown on the radius side, and I’ve read that
On Tue, Mar 6, 2012 at 9:20 PM, u...@3.am wrote:
++? if (control:Shadow-Current control:Shadow-Expires)
Failed parsing control:Shadow-Expires: Unknown value control:Shadow-Expires
for
attribute Shadow-Current
Try
if (control:Shadow-Current %{control:Shadow-Expires})
--
Fajar
-
List
On Tue, Mar 06, 2012 at 02:22:04PM +, Morris, Andi wrote:
Dave, I am running Cisco switches with dot1x timeouts, I wonder
whether this could be causing the issue. I'll do some testing.
Turn off Excessive 802.1X Authentication Failures if you've got
such a thing and it's enabled. We had it
On Tue, Mar 6, 2012 at 8:54 PM, Fazal Ahmed Malik f...@solacetel.com wrote:
Is there any script or utility which can clean up radwho.
radzap?
Personally I just remove all reference to *radutmp in
sites-available/* since I don't use it anyway.
2ndly how can I
disconnect connected users by
I'm currently testing this on a wired network, so signal definitely isn't the
issue.
I also don't think that this is an issue with freeradius, but I figured this
mailing list would be full of people who may have seen this before and have
resolved it.
Andi
-Original Message-
From:
Dear freeradius users,
maybe you can help me with a - probably simple - problem in authorizing wlan
users. I am using freeradius 1.1.7 (on SLES 10sp4).
My working configuration is able to authorize users with modules dbm and ldap.
Dbm is used for mac-authentication, ldap for
Christoph Litauer wrote:
maybe you can help me with a - probably simple - problem in authorizing wlan
users. I am using freeradius 1.1.7 (on SLES 10sp4).
Upgrade to 2.1.12.
My working configuration is able to authorize users with modules dbm and
ldap. Dbm is used for mac-authentication,
On Tue, Mar 6, 2012 at 9:20 PM, u...@3.am wrote:
++? if (control:Shadow-Current control:Shadow-Expires)
Failed parsing control:Shadow-Expires: Unknown value control:Shadow-Expires
for
attribute Shadow-Current
Try
if (control:Shadow-Current %{control:Shadow-Expires})
That did it!
Oddly problem.
freeradius 2.1.12 up and running
authentication ntlm sql
no problem to authenticate users (ntlm on AD and local on mysql ), both from
radtest and from NAS work fine
I start to work with sql with the idea to set up some local users with a well
defined expiration date.
I
Alan,
thanks for your quick response!
Am 06.03.2012 um 16:21 schrieb Alan DeKok:
Christoph Litauer wrote:
maybe you can help me with a - probably simple - problem in authorizing wlan
users. I am using freeradius 1.1.7 (on SLES 10sp4).
Upgrade to 2.1.12.
Ah, OK. I think I will try that,
Has anyone run across this:
Couldn't open dictionary /usr/local/share/freeradius/dictionary: Too many
open files
| David Peterson | Senior Engineer | Wireless Connections |
| Office: 419.660.6100 ext 2287 | Cell: 419.706.7355| Fax: 419.668.4077 |
www.wirelessconnections.net |
| 166 Milan Ave |
ulimit?
-Original Message-
From: freeradius-users-bounces+jmdanner=samford@lists.freeradius.org
[mailto:freeradius-users-bounces+jmdanner=samford@lists.freeradius.org] On
Behalf Of David Peterson
Sent: Tuesday, March 06, 2012 10:04 AM
To: FreeRadius users mailing list
Subject:
I've successfully gotten AD auth working, and now I'd like to be able to
assign VLAN's based on group membership, but I'm having a hard time
figuring out where and how to do that. Where do I put the if statements
to check group membership? Does AD auth even work like this, or do I need
to be using
David Peterson wrote:
Has anyone run across this:
Couldn't open dictionary /usr/local/share/freeradius/dictionary: Too many
open files
You edited the dictionaries and broke them.
You have a circular loop in loading the dictionaries. So the loading
process is infinite, and never
I found this thread which seems to do what I am asking, but I just don't
know where to put this statement.
http://lists.freeradius.org/pipermail/freeradius-users/2012-January/058458.
html Any insight would be appreciated.
-Scott
-
List info/subscribe/unsubscribe? See
Scott McLane Gardner wrote:
I've successfully gotten AD auth working, and now I'd like to be able to
assign VLAN's based on group membership, but I'm having a hard time
figuring out where and how to do that. Where do I put the if statements
to check group membership? Does AD auth even work
Hi,
my aim is to to have eap-ttls/pap working using an openldap user
database with MD5
hashed passwords. I got it working configuring ldap parameters in
/etc/raddb/modules/ldap
and applying two changes in /etc/raddb/sites-available/inner-tunnel:
1) uncommented ldap in the authorize section
2)
Christoph Litauer wrote:
... I don't think this is what I need.
Yes, it is.
I want some kind of requests (the ones including Colubris-AVPair =
ssid:tsunami) to _only_ be handled by dbm, successful or not. I read your
suggestion as check against dbm. If successful return, if not check
You can configure AD as an LDAP server, and then do LDAP group checks.
See the LDAP documentation for examples.
Alan DeKok.
I think the documentation is saying that LDAP can't be used with EAP. Is
that what it's really saying? It's a little unclear since it says The
solution is to use the
On Wed, Mar 7, 2012 at 12:32 AM, Stefano Zanmarchi zanmar...@gmail.com wrote:
Hi,
my aim is to to have eap-ttls/pap working using an openldap user
database with MD5
hashed passwords. I got it working configuring ldap parameters in
/etc/raddb/modules/ldap
and applying two changes in
I found this thread which seems to do what I am asking, but I just don't
know where to put this statement.
http://lists.freeradius.org/pipermail/freeradius-users/2012-January/058458
.
html Any insight would be appreciated.
Okay, I figured out where to put the if statement (in
On Wed, Mar 7, 2012 at 1:53 AM, Fajar A. Nugraha l...@fajar.net wrote:
On Wed, Mar 7, 2012 at 12:32 AM, Stefano Zanmarchi zanmar...@gmail.com
wrote:
Hi,
my aim is to to have eap-ttls/pap working using an openldap user
database with MD5
hashed passwords. I got it working configuring ldap
Alan DeKok wrote:
Brian Julin wrote:
It appears that a home server entry configured with src_ipaddr will use that
source ip address for auth requests, but when directed to do status_check,
it sends status request packets using some interface address from some
other config item somewhere
It appears there was another layer to my latest issue.
Sometimes a server using RadSec to proxy to a home server ends up
just waiting around unable to see any more incoming requests,
and not having completed the current request.
In this case the server is 3.0, and is sandwiched
between our
On Tue, Mar 6, 2012 at 8:00 PM, Fajar A. Nugraha l...@fajar.net wrote:
Instead, you should find out which LDAP attribute stores your
MD5-password, add the correct mapping to ldap.attrmap, and leave
Auth-Type section commented-out.
Hi Fajar,
thank you for your kind answers, l'll try that out.
I'm having trouble getting unlang to match a string inside a larger
string. I have a script that outputs a string of domain groups, like this:
DOMN\Domain Users 2 DOMN\Wireless Users 2 DOMN\STUsers 2 DOMN\WOCL
Wireless DOMN\WOCL Staff
I have a unlang conditional written like this which I think
Hi,
I'm having trouble getting unlang to match a string inside a larger
string. I have a script that outputs a string of domain groups, like this:
the debug output (radiusd -X) should show you all the values
as things happen - and thus show you the comparison and how
ita failing
alan
-
List
I'm having trouble getting unlang to match a string inside a larger
string. I have a script that outputs a string of domain groups, like
this:
the debug output (radiusd -X) should show you all the values
as things happen - and thus show you the comparison and how
ita failing
Alan
Turns out
If anyone cares, I got this working by calling a script that contained the
following:
#!/bin/sh
for T in $(wbinfo --user-domgroups `wbinfo -n $1`) ; do wbinfo -s $T |
perl -ne 'chomp and print'; done
Which outputs a string containing all the groups the username is a member
of. I called
On 06/03/12 20:15, Javier Ruiz Escalante wrote:
Good morning,
I have my freeradius working with SQL but have no software to manage users.
Anybody knows anything?
It really depends on the use case. I write the Grase Hotspot interface
for managing SQL users for a hotspot environment (although
On Wed, Mar 7, 2012 at 4:28 AM, Scott McLane Gardner sgar...@uark.edu wrote:
If anyone cares, I got this working by calling a script that contained the
following:
That's odd. Did you properly setup the AD as LDAP server in
raddb/modules/ldap (or whatever file name you use)?
if (`/bin/sh
On 3/6/12 3:55 PM, Fajar A. Nugraha l...@fajar.net wrote:
On Wed, Mar 7, 2012 at 4:28 AM, Scott McLane Gardner sgar...@uark.edu
wrote:
If anyone cares, I got this working by calling a script that contained
the
following:
That's odd. Did you properly setup the AD as LDAP server in
On Wed, Mar 7, 2012 at 4:57 AM, Scott McLane Gardner sgar...@uark.edu wrote:
On 3/6/12 3:55 PM, Fajar A. Nugraha l...@fajar.net wrote:
On Wed, Mar 7, 2012 at 4:28 AM, Scott McLane Gardner sgar...@uark.edu
wrote:
If anyone cares, I got this working by calling a script that contained
the
On 3/6/12 3:59 PM, Fajar A. Nugraha l...@fajar.net wrote:
On Wed, Mar 7, 2012 at 4:57 AM, Scott McLane Gardner sgar...@uark.edu
wrote:
On 3/6/12 3:55 PM, Fajar A. Nugraha l...@fajar.net wrote:
On Wed, Mar 7, 2012 at 4:28 AM, Scott McLane Gardner sgar...@uark.edu
wrote:
If anyone cares, I
Hi,
On Tue, Mar 06, 2012 at 10:01:30PM +, Scott McLane Gardner wrote:
You CAN use LDAP as a plain database no matter what authentication
method you use (in this case you're simply using it for group check,
not for authentication).
Can you expand on how this is done? I am a freeradius
Can you expand on how this is done? I am a freeradius newbie and don't
really understand how all the pieces fit together.
First is authentication - configure with Samba, ntlmauth RE:
http://wiki.freeradius.org/FreeRADIUS-Active-Directory-Integration-HOWTO
Next authorization - configured as
On Wed, Mar 7, 2012 at 3:09 AM, Stefano Zanmarchi zanmar...@gmail.com wrote:
On Tue, Mar 6, 2012 at 8:00 PM, Fajar A. Nugraha l...@fajar.net wrote:
Instead, you should find out which LDAP attribute stores your
MD5-password, add the correct mapping to ldap.attrmap, and leave
Auth-Type section
I'm wondering if anyone has worked out some way to translate reply
messages easily?
I'm guessing I probably need to make this happen on the GUI side of my
application (Grase Hotspot), but what do other people do in a multi
language environment?
Thanks
Tim
-
List info/subscribe/unsubscribe?
On 7 Mar 2012, at 07:11, Tim White wrote:
I'm wondering if anyone has worked out some way to translate reply messages
easily?
I'm guessing I probably need to make this happen on the GUI side of my
application (Grase Hotspot), but what do other people do in a multi language
environment?
Hello,
this was the same problem for me and i ended up using a cloud based hotspot
service of hotspotsystem.com . They host radius servers and also your splash
pages and provide a multi language environment for the whole process.
This also solved the problem of operating and maintaining
Tim White wrote:
I'm wondering if anyone has worked out some way to translate reply
messages easily?
You don't.
I'm guessing I probably need to make this happen on the GUI side of my
application (Grase Hotspot), but what do other people do in a multi
language environment?
English.
70 matches
Mail list logo