. It's a good habit to first
read list archives, and only ask questions if the question wasn't answered
before already.
Greetings,
Stefan Winter
--
Stefan WINTER
RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
RD Engineer
6, rue Richard Coudenhove
Hi,
Given that this appears to be a FAQ (Especially from SE Asia where they
have IPv6 deployments) I have added it to the FAQ:
Great!
Please feel free to edit the entry for clarity :-)
No need for that. I couldn't have said it any better. Oh, wait... :-)
Stefan
--
Stefan WINTER
RESTENA
aren't that far apart after all, it seems.
Greetings,
Stefan Winter
--
Stefan WINTER
RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
RD Engineer
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: [EMAIL PROTECTED] Tel.: +352 424409-1
,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1
http://www.restena.lu Fax
rlm_sql: Failed to create the pair: Unknown attribute NT_Password
|davide | NT_Password | := |781b0395cf9f8c1e5873eee5d28c38eb
Shouldn't that be NT-Password (dash), not NT_Password (underscore)?
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education
the authentication. This is easy, all you
need to do is proxy all incoming requests to the IAS. See proxy.conf, read
it, try it, and if doesn't work for you ask here again. But in English
please, it's been quite a time since I had Spanish in school.
Greetings,
Stefan Winter
--
Stefan WINTER
RESTENA
mail.starnetusa.net.
[EMAIL PROTECTED] ~ $
are you sure you have configured your DNS resolution correctly?
Greetings,
Stefan
--
Stefan WINTER
RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
RD Engineer
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email
. The built-in
supplicant (not recommended, but working) is using peap.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL
PEAP, it would just be a little m,ore
complicated than I outlined below (ntlm_auth, as the text you quoted
suggested).
Greetings,
Stefan Winter
== You cannot use PAM to answer PEAP/MS-CHAP
requests. You must either have the plaintext password for the user, the NT
-Timeout.
If Exec-Program-Wait returns a non-zero exit status, access will be
denied to the user. With a zero-exit status, access is granted.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche - Ingénieur de
the AP
for 802.1X + dynamic WEP, which is the poor man's variant of decent
encryption with older devices. But without *any* encryption? Never seen that,
sorry.
Greetings,
Stefan
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Web Server
Authentication OID in the cert. Please read the various documentation about
this topic that exists both here in the list archives and n HOWTOs
throughout the web.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
in, that's beyond my experience. Maybe it's
necessary to set Auth-Type to PAP in the users file manually then.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche - Ingénieur de recherche
6, rue Richard Coudenhove
password.
Modify ldap.attrmap so that _your_ attribute is mapped into User-Name, not the
default one.
Stefan
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche - Ingénieur de recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Modify ldap.attrmap so that _your_ attribute is mapped into User-Name, not
the default one.
User-Password of course.
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche - Ingénieur de recherche
6, rue Richard Coudenhove-Kalergi
L-1359
not have to know anything about ntlm_auth. It just needs to
talk MS-CHAP.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche - Ingénieur de recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
-
List
want
to switch to MS-CHAP: uncomment the ntlm_auth line in the mschap module to
tell the FreeRADIUS server to actually use this connection.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche - Ingénieur de
Hi,
I'm probably wrong but didn't it used to be that the fall-through
command was to tell the users file to continue processing if it didn't
find a match?
You're wrong. It was about continuing _even though_ it found a match.
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau
, after reading this output, word by word?
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1
matches. If you don't want that to happen, remove the Fall-Through line in
the isdn user. Then processing will stop directly after isdn has matched, and
its contents will be used.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
Would please anyone recommend for me any interface web package
that allowes me to controll and manage freeradius users ?
I'm on freebsd 6.1, mysql 4.1 ChilliSpot and freeradius.
dialup_admin?
Stefan
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education
Can someone point me to the right direction?
There's a configure switch that allows you to specify the configuration
directory.
Stefan
--
Stefan WINTER
RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
RD Engineer
6, rue Richard Coudenhove-Kalergi
L
username
Framed-IP-Address := 1.2.3.4
and make sure the files module is active in your configuration.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche - Ingénieur de recherche
6, rue Richard
Wow!
Congratulations! The only problem with this is: expect an incredible increase
of number of questions on this list in 3... 2... 1...
Stefan
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche - Ingénieur de recherche
6, rue Richard
I have a class C subnet set of IP addresses. How do I give people IP
addresses when they authenticate against radius?
Are we talking about wireless LAN auth here (answer: use a DHCP server after
authenticaiton) or about PPP auth (answer: use ippools module)?
Stefan
--
Stefan WINTER
,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche - Ingénieur de recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
defining the max bandwidth; the NAS documentation will tell you).
How work?
Send the bandwidth limitation attribute to the NAS along with the
Access-Accept message.
Tks so much
Wlcme.
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la
.
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1
http://www.restena.lu Fax
contains the queries to be executed. Modify them to your liking.
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED] Tel
are confused
about how stuff works.
This was the verbose version of what Phil answered. And to my best knowledge,
he is completely right with it.
Greetings,
Stefan Winter
(hoping that I have the right to answer to you, wherever your definition of
having the right to answer you comes from)
--
Stefan
attribute and that's it (leaving out
all the really painful stuff with expiring leases, renewals and whatnot; it
would be a non-trivial task).
The remaining question really is: Why on earth would you _want_ to do that?
rlm_ippool exists and works.
Greetings,
Stefan
--
Stefan WINTER
Stiftung
. User 005001 is first caught with the first
expression, but later overridden with the second one and thus needs to
authenticate.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
it
in the users file with
NAS-IP-Address == your-b2bua-ns, Auth-Type := Accept
Session-Timeout := whatever
Do keep in mind that everyone who is authenticating via this IP address is
*always* *accepted*
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau
Hi,
I've been watching the logs and my question is why localhost takes part in
the process.
Inner workings of FreeRADIUS. The inner authentication (within the EAP TLS
tunnel) counts as a new request, coming from localhost.
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau
certificates, your
certificate needs to have another OID present: Microsoft Web Client
Authentication. So even if you don't validate the server credentials, you'll
have to have an MS-friendly certificate on the client side.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau
as the FAQ tells you and send a
*complete* *debug* log.
So does someone have a working freeradius configuration to share with me
? Or some tips to get it working ?
I would exchange tipps for a decent debug log.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique
only bind if it has the user's
password. When using MS-CHAP the password is already hashed when the server
gets it, so how could he possibly perform the bind operation?
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la
it.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1
http://www.restena.lu
into line 173 of the users file, and you will see what's in there.
Nothing spectacular, I guess.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche - Ingénieur de recherche
6, rue Richard Coudenhove-Kalergi
L-1359
, others _did_ have the same question. Reading the list archives would
have helped.
.1X authentication and DHCP have *nothing* to do with each other. If you have
a DHCP server and it doesn't talk to your authenticated clients, that's a
completely FreeRADIUS unrelated problem.
Stefan
--
Stefan
want usernames to be important at all, use EAP-TLS. The
client certificate will identify you, no matter what garbage you put into the
user name.
Captive portals are a step back with regards to security.
Greetings,
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de
for the hardcore paranoid people, right. But if you are happy with
SecureW2 and EAP-TTLS: that's perfectly fine.
Thanks again for all your help - i'm feeling pretty happy with my setup
now,
Great!
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale
. Install openssl and the corresponding development libraries (often
called openssl-devel) and recompile the server.
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche - Ingénieur de recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. I've tried googling but haven't found a good guide
that matches our setup.I can, of course, give more information if needed.
Really? WPA2 is quite a wide-spread scenario. And using LDAP as backend is
quite common as well.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau
that goes
through.
BTW: please ask via the mailing list. Others may have the same question.
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E
, searching the archives and the FR website
will help you get along. There's also a great tutorial on the topic, which is
referenced here quite often by Charles Schwartz, see the archives for that
one as well.
Greetings,
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education
convince
the server then. I wouldn't bet on it though.
Further messages via private mail will be ignored, ask the _mailing list_.
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard
session timeout
you like. Your problem is solved by that.
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED] Tel
default time and
the NAS's IP address, let the perl script calculate the Session-Timeout and
return that to the RADIUS server.
Greetings,
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue
help. I guess reading Simultaneous Use in
the documentation directory might help.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche - Ingénieur de recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
to the list in that case as well so that they can be
incorporated into the next release.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche - Ingénieur de recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Hi,
i have Freeradius 1.0.5 and using MYSQL backend
how can i disble a user from logging in?
Add an entry in radcheck: Auth-Type := Reject
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche - Ingénieur de
what field do i put this into?
Well, add a line into the MySQL table radcheck:
UserName - the name of the guy to disable
Attribute - Auth-Type
op - :=
Value - Reject
Fairly straightforward.
Stefan
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
I need some help with implementing Throttle on Cap Usage type feature for
Could you elaborate a bit what this Throttle on Cap Usage is supposed to do?
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur
,
Stefan Winter
Am Freitag, 30. Juni 2006 09:37 schrieb Kun Niu:
Dear all,
I've just installed freeradius 1.0.2 on my debian3.1 system.
I've got two radius clients.
One can be authorized normally and the other one failed to be authorized.
Here's my log.
Would anyone be kind enough to analyze
IP address as attribute. If it doesn't, and is
directly connected, use Client-IP-Address instead).
That way, you can set Session-Timeout on a per-NAS basis.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
://www.freeradius.org/business/
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1
http
clear text passwords.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1
http
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1
http://www.restena.lu Fax: +352
Can I set Autz-Type in users? but leave EAP to set Auth-Type??
Sure.
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL
.
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche - Ingénieur de recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
is. OMG, an error! is
not enough to effectively help you.
Please stick to the common, well-documented process of posting your log files.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
Hi,
does anyone knows what rlm_exec module does?
it executes commands. You can feed it with AVPs via environment variables so
that it does whatever magic you want it to.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la
,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche - Ingénieur de recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
things up.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche - Ingénieur de recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
Any links to documentation on
how to achieve this with freeradius
would be appreciated.
? Have you taken a look at proxy.conf? Should all be there...
Stefan
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche - Ingénieur de
are mentioned in chapter 10 (examples on cert generation earlier in
the document); the server OID is the same for TTLS.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard
for your card that *do* support TTLS. *hint* SecureW2
*hint*
Anyone Can help-me or give-me another solution...
Here you are. BTW, adding unnecessary exclamation marks to the subject is not
likely to make you friends.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau
, though.
thank you very much for your help.
I'll enjoy free wireless LAN if I ever come to Florence. That's enough of a a
revenue :-)
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
\000: fix the
NAS. It is not RFC-compliant then.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED
with
this unknown attribute. It the problem persists after fixing that one, please
get back to the list.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard
MUST be able to deal with embedded nulls.
RADIUS implementers using C are cautioned not to use strcpy() when
handling strings.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung
without certs on the client side. You will need one for your
server though.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail
. Which I told him in my
previous reply.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED] Tel
certificate to identify itself to the clients. It does
not have to be a from a real CA, you can generate one from openssl yourself.
You just have to configure the client to accept the certificate that is
presented by the server during authentication.
Greetings,
Stefan Winter
--
Stefan WINTER
what client exactly this is...
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1
http
me again.
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1
http://www.restena.lu
roaming service for the education and
research community:
http://www.terena.nl/activities/index.php?action=set_filtersfilters[topic_id]=2
Later on, it is hopefully good enough to be considered as worthy of getting an
(informational?) RFC number at the IETF.
Greetings,
Stefan Winter
--
Stefan
hack the vendor of that other strange NAS/RADIUS server to not artificially
require an 8-Bit integer.
I'm still interested in the name of the product that behaves like that. Just
to make sure I won't accidently buy it.
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de
Stripped-User-Name = ppp1
Realm = example.com
Since you _want_ the \000 to be sent, I don't see why it seems to work here?
Maybe the only thing that would really give clarity about what is really
happening is a pcap capture with ethereal or similar.
Greetings,
Stefan
--
Stefan WINTER
into the
MS-CHAP-Chellenge? Just to make sure it's not the notation or something, like
that MS-CHAP-Challenge transmits the four characters 0,x,0,0. Or something
similar. Still an ethereal capture would be great.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau
knowledge. Maybe someone with more karma can
jump in here? Especially if it's even *desired* to generate \000 octet
values...
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6
to it after it sees
the server certificate. If you wish, send me the public part of the
certificate via PM and I'll look if the required OIDs are in it.
Greetings,
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung
were answered by the
client.
HTH,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche - Ingénieur de recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
-
List info/subscribe/unsubscribe? See http
if
this might force Auth-Type Local. If it does, comment it out.
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED] Tel
for Tunnel Accounting
15 Reserved for Failed
So, your NAS shouldn't even send 15: it's _reserved_.
Conclusion: go get a sane NAS device.
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche - Ingénieur de recherche
6, rue Richard
working on a formal specification of RadSec right now, of which I hope it
will somehow find a way into the Informational RFC track. There is a lot more
potential in it than the OSC Whitepaper suggests.
It would be really great to get an implementation of this in FR.
Greetings,
Stefan Winter
::lib(0):func(0):reason(0)
Info: rlm_eap_mschapv2: Issuing Challenge
Auth: Login OK: [EMAIL PROTECTED] (from client localhost port 0)
these new errors in rlm_eap are somewhat intriguing. Anyone a clue?
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de
asking here.
I ask because of the two lines below, which is _not_ business as usual.
Oh, I should have mentioned initially: it's OpenSSL 0.9.8a. Unchanged in FR
1.1.1, but 1.1.1 didn't spit out these errors.
Greetings,
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de
don't _know_, but my guess is that this message is quite clear: get a
shared .so of ltdl.
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E
Hi,
Are you proxying requests? If so, try the patch from bug #331.
Is this patch going into 1.1.2?
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359
source code modification. One of the early packet parsing
checks is whether the ports match or not. Take away that check and it should
work.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung
Is there a way to redirect a authenticated user to a specific web address
depending on there login information?
Captive Portal
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove
submitted some time ago because otherwise hints will ignore
those acct packets without User-Name.
Stefan
--
Stefan WINTER
RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
RD Engineer
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: [EMAIL PROTECTED
that). In your case you may want to add your realm as attribute value,
so that the packet later gets caught by the realm processing.
Greetings,
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue
DSL - das All-Inclusive-Paket für clevere Doppel-Sparer,
nur 44,85 inkl. DSL- und ISDN-Grundgebühr!
http://www.arcor.de/rd/emf-dsl-2
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de
As this line tells you.
Send a MS-CHAP request, and look what happens then.
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED
this
morning, as Alan suggested elsewhere in the thread. I hope it will be
responsive enough so I can keep it running for a few hours until the error
eventually occurs...
Greetings,
Stefan
--
Stefan WINTER
RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de
la
a notification.
Greetings,
Stefan Winter
--
Stefan WINTER
RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
RD Engineer
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: [EMAIL PROTECTED] Tel.: +352 424409-1
http://www.restena.lu
301 - 400 of 495 matches
Mail list logo