Hi,
Is that means we have to manually added the client MAC into radius one by
one?
well, you want to restrict it to known devicesso ONE way is to add the
allowed MACs to a DB - they could be added to some other lookup table.
alan
-
List info/subscribe/unsubscribe? See
On 03/12/2013 01:46 AM, Danny Kurniawan wrote:
Is that means we have to manually added the client MAC into radius one
by one?
RADIUS can only act on RADIUS attributes. There's no RADIUS attribute
that says:
Device-Type = Bosses iPad
Most NASes send username and network address of the
Hi Freeradius List,
Why someone will use Unix-Time-Based-Login why not Login-Time FR
attribute? Does it offer more flexibility or control over each other.
Actually, we want to implement login based on time. i am reading mail
archives since yesterday to understand basic functionality of the
Hi, Please mind my mistake
1.) Unix-Time-Based-Login using unlang rather than Login-Time FR
attribute.
On Tue, Mar 12, 2013 at 11:06 AM, Russell Mike radius@gmail.com wrote:
Hi Freeradius List,
Why someone will use Unix-Time-Based-Login why not Login-Time FR
attribute? Does it offer
Danny Kurniawan wrote:
Is that means we have to manually added the client MAC into radius one
by one?
You need *some* method to separate known devices from unknown ones.
How you do it is up to you.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Le 11/03/2013 , freeradius-users-requ...@lists.freeradius.org a écrit :
Date: Mon, 11 Mar 2013 11:50:17 -0400
From: Alan DeKok al...@deployingradius.com
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Subject: Re: troubles with eap-peap mschapv2
Message-ID:
Bertrand Poulet wrote:
I've copied old certs directory to the new server.
It's still not good.
See http://deployingradius.com/
There is detailed documentation for debugging EAP. As in 10-15 pages,
with screen shots, instructions for what to do, comments as to what
typically goes wrong,
On 12/03/13 14:23, Bertrand Poulet wrote:
Tue Mar 12 15:10:20 2013 : Info: # Executing section authorize from file
When you make debug output, please just use:
radiusd -X
Don't use the other arguments; they just create noise and volume
(timestamps) that are basically irrelevant.
Tue Mar
Hi,
I am using
FreeRadius Version 2.1.12 on OpenSuse 12.2.
I have looked at several posting about the same type of problem without
finding the answer to my failure.
Problem described below.
First use of radiusd -X resulted in /var/run/radiusd not found.
Created : mkdir /var/run/radiusd
Now
On 12.03.2013 17:05, Staffan Meijer wrote:
Listening on authentication interface eth0 address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel
I am using FreeRadius for 802.1x on my wireless LAN (cisco WLC device).
This is an older device and as such doesn't allow for guest or restricted
VLANs like a physical switch does.
One solution I saw online in a Cisco forum is to have a default user that
returns the guest VLAN attribute for any
I uncommented the eth0 line in the configuration file when radtest did not
work with the original.
Using the original configuration file I get;
Listening on authentication address * port 1812
and
linux-vdis:/etc/raddb # radtest testing password localhost 0 testing123
radclient:: Failed to find
Le mardi 12 mars 2013 à 18:08 +0100, Staffan Meijer a écrit :
I uncommented the eth0 line in the configuration file when radtest did
not work with the original.
Using the original configuration file I get;
Listening on authentication address * port 1812
and
linux-vdis:/etc/raddb #
On 12.03.2013 18:08, Staffan Meijer wrote:
I uncommented the eth0 line in the configuration file when radtest did
not work with the original.
Using the original configuration file I get;
Listening on authentication address * port 1812
and
linux-vdis:/etc/raddb # radtest testing
What is Yubikey?
---
It's another OTP solution.
Why use it?
* smsotp is rediculously insecure
* otp clients on mobile phones can be compromised
* RSA tokens suck.
I'll expand on the RSA stuff a bit. Here's why RSA sucks:
* You need to install and maintain
Hi,
As I use FreeRadius for my WLAN and LAN I don't want to apply this policy
for the wired network. So, using the users file, can I create a default
user and attributes that apply only for a certain Calling Station/NAS ID?
sure - you could use huntgroups for that policy...or you
Alright, I will start researching that. Never heard of huntgroups.
On Tue, Mar 12, 2013 at 10:51 AM, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
As I use FreeRadius for my WLAN and LAN I don't want to apply this
policy
for the wired network. So, using the users file, can I create a
default
Thanks!
Added line to /etc/hosts:
192.168.1.106 linux-vdis.site linux-vdis
and then radtest works.
/Staffan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Noted. I guess using the AP to do the MAC filtering is the best options for
me
On Tue, Mar 12, 2013 at 9:19 PM, Alan DeKok al...@deployingradius.comwrote:
Danny Kurniawan wrote:
Is that means we have to manually added the client MAC into radius one
by one?
You need *some* method to
Sorry for this beginner question. I have read the man_rlm password but dont
see example how to add the mac address.
can some of you showed to me an example of it? I assume its as simple as
key in the MAC address into some file in Radius conf file or something?
Thanks
Danny
On Wed, Mar 13, 2013
20 matches
Mail list logo