Ryan Garrett wrote:
There must be something I am not understanding, as I am unclear on what
I need to be adding to proxy.conf.
You need to inform the server that u...@realm should be treated the
same as user.
And from what I can tell,
inner-tunnel doesn't need to be touched with the way I
There is no version 1.2.3
I`m sorry, I`m using pfSense release 1.2.3, with freeradius package 1.1.2_1
(latest)
Below I describe my configuration;
1. pfSense with freeradius 1.1.2_1
2. Access Point Linksys WRT54G
3. Clients Windows XP SP3 and Windows 7
My goal was to create WiFi access with
Krzysztof Srokowski wrote:
I`m sorry, I`m using pfSense release 1.2.3, with freeradius package 1.1.2_1
(latest)
Uh... upgrade. 1.1.2 is *very* old. It's very likely that it won't
work with recent versions of Windows. Fixes to work around Windows
issues went into later versions of the
Hi,
what is your MTU set to for EAP packets - you may need to reduce this
to eg 1024
to stop UDP fragmentation of such traffic
Bingo, thanks Alan
Best regards, Peter
-Oorspronkelijk bericht-
Date: Thu, 14 Oct 2010 09:35:25 +0100
From: Alan Buxey a.l.m.bu...@lboro.ac.uk
Subject: Re:
Hi.
auth-server reply attribute Delegated-IPv6-Prefix, but proxy recognize
Attr-123 = 0x00401234567890abcdef.
I used ntradping-1.5 and freeradius-2.1.10.
--hosts--
ntradping-1.5 10.233.55.200
proxy (freeradius-2.1.10) 10.233.36.101
auth-server (freeradius-2.1.10)
On 10/19/2010 10:37 PM, Cannady, Mike wrote:
Our AD (2003) setup has the domain name as htc.com. The pre-windows
2000 domain name is HORRY.
Uh oh. Then I think you're going to have problems. ntlm_auth when it
expands %{mschap:NT-Domain} assumes that the username will be of the form:
Hi,
I have following setup
where windows host is connected to Cisco 2960 which is connected to
Microsoft AD via RADIUS proxy
Windows host (XP SP3) - Cisco 2960 - freeRADIUS proxy (2.1.10) -
Microsoft AD (2003)
In the above setup user authentication goes fine. I am using PEAP v1
Hi,
I've got some trouble with freeradius 2.0.4 and mysql on debian when i want to
connect from a remote host. Locally I can do following command successfully:
radtest guest guest 127.0.0.1 0 radiussecret
When I connect from my NAS using chilli on openwrt I get the following error:
auth: No
This isn't a comment on FreeRadius, but in our recent experiences with 802.1x
and Windows XP clients it was a total waste of time. The built-in XP dot1x
client is not up to the job. We had contractors in trying to make it work and
everything was perfect on the network setup. In the end, Windows
Bereos OHG Michael Spinnenhirn wrote:
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [guest/MM\250f\375 \241Ñ?\247\007\242Ë?i\316] (from
client nas01 port 2 cli 00-0C-29-00-71-20)
WARNING:
ichiro tanaka wrote:
auth-server reply attribute Delegated-IPv6-Prefix, but proxy recognize
Attr-123 = 0x00401234567890abcdef.
Fix the proxy so that it's using the dictionaries from 2.1.10. The
debug *claims* it's 2.1.10, but the Delegated-IPv6-Prefix attribute *is*
defined
Brian Candler wrote:
This was more of a wish than an actual usage. The question I meant was: is
there any sort of operator to match an IP address against a subnet?
No.
As always, patches are welcome.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Hi
My freeradius + MySQL + EAP_TLS is working, but I have a problem.
I assumed that without an entry in MySQl database, the client can not
authenticate, but I forgot to create one user's database entry and the
laptop was able to join the network.
It is possible a client authentication without a
Esteban TALAVERA wrote:
My freeradius + MySQL + EAP_TLS is working, but I have a problem.
I assumed that without an entry in MySQl database, the client can not
authenticate,
That's not how EAP-TLS works.
but I forgot to create one user's database entry and the
laptop was able to join
I did delete the client from clients.conf and tried radclient from the remote
host:
echo User-Name=guest,Password=guest | radclient 172.
16.30.6:1812 auth radiussecret
I get the following error.
Ignoring request to authentication address * port 1812 from unknown client
172.16.20.10 port
Thanks!
On Wed, Oct 20, 2010 at 9:19 AM, Alan DeKok al...@deployingradius.comwrote:
Esteban TALAVERA wrote:
My freeradius + MySQL + EAP_TLS is working, but I have a problem.
I assumed that without an entry in MySQl database, the client can not
authenticate,
That's not how EAP-TLS
On Wed, Oct 20, 2010 at 9:22 AM, Esteban TALAVERA etalave...@gmail.comwrote:
Thanks!
On Wed, Oct 20, 2010 at 9:19 AM, Alan DeKok al...@deployingradius.comwrote:
Esteban TALAVERA wrote:
My freeradius + MySQL + EAP_TLS is working, but I have a problem.
I assumed that without an entry in
Hi
I use freeradius to authenticate the VTY sessions to Cisco devices (Switch
router) with Freeradius MySQL. The server authenticates the users but do
not create an accounting info.
Thera is a Howto guide to configure the freeradius server to creates MySql
entrys with accounting info.
I
Bereos OHG Michael Spinnenhirn wrote:
The remote radclient gives the following debug output:
rad_recv: Access-Request packet from host 172.16.20.10 port 56195,
id=36, length
User-Name = guest
sigh You're not including a User-Password in the request. It needs
one.
What else
Hi,
Is it fine to do some jugglery with the user-name and convert it to a format
which can be proxied to home server ?
Thanks,
Chidanand
On Wed, Oct 20, 2010 at 4:52 PM, Chidanand Gangur
chidanand.gan...@gmail.com wrote:
Hi,
I have following setup
where windows host is connected to
I can see the difference between the working one on the server and the other one
from the remote client. But I executed the same command on both machines.
echo User-Name=guest,Password=guest | radclient 172.16.30.6:1812 auth
radiussecret
I have tried it from another debian server, too, with
Ok. i made an upgrade, but when i test it without certificate verification
Windows 7 is not asking me for user and password, but sends
host/name_of_the_host. I unchecked in connect properities to use same
login and password as I log in into machine..
-Original Message-
From:
On 20/10/10 12:22, Chidanand Gangur wrote:
Hi,
I have following setup
where windows host is connected to Cisco 2960 which is connected to
Microsoft AD via RADIUS proxy
Windows host (XP SP3) - Cisco 2960 - freeRADIUS proxy (2.1.10) -
Microsoft AD (2003)
In the above setup user
It may be just me, but when they told you to upgrade they probably meant
to the latest 2.X release.
Is there a specific reason that you need to stay on a 1.X release? I
only ask because you may be needlessly complicating your life by using
ancient software.
Jake Sallee
Godfather Of Bandwidth
I have 2 NAS with different requirements in their WiMax handling. One
requires me to have:
update request {
WiMAX-MN-NAI = %{User-Name}
}
update reply {
WiMax-MN-NAI = %{User-Name}
Hello
I'm getting myself confused with unlang and hoping somebody can help.
I have read the docs but just don't fully get it.
I'm trying to filter requests by part of the calling-station-id and
update/rewrite the reply depending on what group it is in. The below
is what I've got in the config
Bereos OHG Michael Spinnenhirn wrote:
I can see the difference between the working one on the server and the
other one from the remote client. But I executed the same command on
both machines.
echo User-Name=guest,Password=guest | radclient 172.16.30.6:1812 auth
radiussecret
I have tried
Wayne Lee wrote:
I'm getting myself confused with unlang and hoping somebody can help.
I have read the docs but just don't fully get it.
unlang is just a simple set of comparisons and logic.
I'm trying to filter requests by part of the calling-station-id and
update/rewrite the reply
Hi everyone,
I have a small problem where the counter is not working how I would like it
two work.
sqlcounter monthlytraffic {
counter-name = Monthly-Traffic
check-name = Max-Monthly-Traffic
reply-name = Session-Octets-Limit
sqlmod-inst =
David Peterson wrote:
I have 2 NAS with different requirements in their WiMax handling. One
requires me to have:
...
Enabled in order to work and the other requires those commented out. Is
there a way to identify the NAS type to elegantly have those properly set?
What is different
I am not 100% sure why this happens. I will see if I can capture some debug
information, but I do know that if I don't comment that text out of
sites-available/default then the one NAS just retries the auth over and over
again. The inverse is true on the other NAS if it is commented out.
David
You're doing greater than or equal checks on a string?
I was due to my lack of understanding, using the regex now and it's
working much better.
It's always better *not* add attributes, rather than adding them and
later deleting them.
The provider is sending foo or bar (depends on the LTS)
Thanks Phil.
I am still not clear.. I just want to proxy the host authentication request
to the actual RADIUS server which is Microsoft AD. In such cases what
configuration is required on proxy server? Can it be done?
Well I mentioned realm type as IPASS as IPASS type is of format
realm/username
Hi,
I am trying to create IPv6 Ascend Data Filter in Free radius. but
unfortunately its not happening. Any help?
I have created Ascend-Data-Filter 242 abinary attribute in dictinary
filter.
Following is the record I am trying to parse.
ipv6 Password := test
Service-Type =
David Peterson wrote:
OK here is the debug output from the NAS requiring those two entries
commented out. The CPE are authenticated and the Framed-Filter-Id is sent
back properly but the subscribers never receive service.
Does this mean you're willing to read the debug output to see what
Hi All,
Can I have one virtual server listening on 1812/1813 for
authenticating with ms-chapv2 against AD, and then another virtual
server listening on 1814/1815 authenticating with ms-chapv2 against
LDAP with ntpassword hash?
We are able to get a instance running for against AD, but not able to
janardhan madabattula wrote:
Hi,
I am trying to create IPv6 Ascend Data Filter in Free radius. but
unfortunately its not happening. Any help?
See the FAQ for it doesn't work.
I have created Ascend-Data-Filter 242 abinary attribute in dictinary
filter.
Why? The attribute is already
Hello
I am trying to get Freeradius to authenticate end-user using Active
Directory. The end-user will be using be there AD username and password to
login to network devices. Would some please help me? I have embedded a
copy of the debug log from the radius server.
rad_recv: Access-Request
On 10/20/2010 05:38 PM, Rashard Roberts wrote:
Hello
I am trying to get Freeradius to authenticate end-user using Active
Directory. The end-user will be using be there AD username and password
to login to network devices. Would some please help me? I have
embedded a copy of the debug log
I was able to configure FreeRadius/AD differently than most tutorials – just
using Kerberos as an authentication mechanism (sorry for any weird formatting,
coming from a wiki):
All sample configuration will be for cada dev ula environment
*Pre-Requisite:*
# You have a keytab file for the
thanks Alan.
(i couldn't get your reply to my mailbox. so, i made a new mail. sorry...)
Fix the proxy so that it's using the dictionaries from 2.1.10. The
debug *claims* it's 2.1.10, but the Delegated-IPv6-Prefix attribute *is*
defined in the dictionaries for 2.1.10.
Alan DeKok.
My
Hi.
i have a problem proxy.
Proxying to auth-server, and NAS-IP-Address was automatically added by proxy.
can I stop it?
I used ntradping-1.5 and freeradius-2.1.10.
--hosts--
ntradping-1.5 10.233.55.200
proxy (freeradius-2.1.10) 10.233.36.101
auth-server (freeradius-2.1.10) 10.233.36.100
42 matches
Mail list logo