Karthik R wrote:
I'm trying to configure freeradius to authenticate against AD for
wireless users. Attached the entire log message for reference.
I was able to narrow down the issue but could not fix it, can someone
help me here.
You edited the default configuration and broke it.
Zahra Bahar wrote:
we have freeradius for accounting of dialup and vpn users. sometimes users
have been stoped but they are online in mysql table .
what's wrong? is there any log of commmands exchange between freeardius and
mysql?
What's wrong is that the NAS isn't telling FreeRADIUS
I considerd row fields in radacct table. all the fields even duration time is
correct but stop field is zero for some users that we know they are
disconnected so they cann't to be conected until passing random time that thay
go to be stoped but the stop-time field is the same as start-time.
Zahra Bahar wrote:
I considerd row fields in radacct table. all the fields even duration time is correct but stop field is zero for some users that we know they are disconnected so they cann't to be conected until passing random time that thay go to be stoped but the stop-time field is the same
Hi all
sorry for my english.
i'm running a freeradius server on FreeBSD and i wanted to test it but it
doesn't work and i don't know why.
i have tried this command :
*radtest yhsina yhsina @IPserver 1 testing123.
*
*yhsina* is a user who is located in a LDAP server.
it give me this thing :
Thks for your help, it s very interesting. I have a little hard to
understand how it works and it help me much.
But I can t made it run :s
When i try with line you have show me. I can't log with any user.
My server openldap say there isn't any connection from freeradius in his log
here is an
Hi.
What am I trying to do:
I would like to authenticate my Windows XP wireless clients against
Active Directory server via Freeradius.
What do I have:
I'm using freeradius 1.1.6 (installed via emerge) on Gentoo, Windows XP Pro
What works:
[WinXP]--[freeradius]--[w2003server]
1.)I'm able to
Hi,
Thanks for the advice..The problem to generae certs was solved.
Now it comes back to existing problem in version 1.1.7 where the client
request to server is on and on and never get connected.
I wonder why NAS-IP-Address = 0.0.0.0 unlike the other as I know got IP
address assigned.
Hi,
Hi all
sorry for my english.
i'm running a freeradius server on FreeBSD and i wanted to test it but it
doesn't work and i don't know why.
i have tried this command :
*radtest yhsina yhsina @IPserver 1 testing123.
radtest username password servername 1812 serversecret
eg
radtest
Thanks for reply.
Is there any specific HOW-TO?
--
Tomáš Janeček
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Tomáš Janeček wrote:
I would like to authenticate my Windows XP wireless clients against
Active Directory server via Freeradius.
,,,
What doesn't work:
When I try to bind phase 1.) and 2.) (ie. send request from winXP to
radius and let radius to authenticate against AD), it returns:
Hangjun He wrote:
If I select EAP-TTLS + use only my certificate for auth will cause
segmentation fault. Others seems OK.
Which version of FreeRADIUS are you using?
Can you put the certificates on a web page where others can test them?
See also doc/bugs
Alan DeKok.
-
List
Hi again,i don't have a graphic mode so i can't run 2 terminal.
i think that my freeradius server is running cause when i make this command
:
*# /usr/local/etc/rc.d/radiusd status*
*Th Mai 24 12:32:00 2008: Info: Starting - reading configuration files ...
*normaly it is running
but i still have
but another fields are true. could radius have true session-duration but didn't
receive stop time?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Do you mean something like:
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
Have a nice day!
Am 20.05.2008 um 12:54 schrieb Tomáš Janeček:
Thanks for reply.
Is there any specific HOW-TO?
--
Tomáš Janeček
-
List info/subscribe/unsubscribe? See
Hi Alan,
Can't it be applied to 1.1.7 release, as there are many changes in the
conf. files between 1.1.7 and 2.0 ??
Thanks
Amr
[EMAIL PROTECTED] wrote:
hi,
just a quick check... the smux.c patches ARE applied to the
2.0.x smux.c (but not part of the last 1.1.7 release).
the
Zahra Bahar wrote:
but another fields are true. could radius have true session-duration but
didn't receive stop time?
The server has session duration until the NAS stops sending packets.
The session MAY continue for a short time after the last packet.
In short, we've been doing this for
Amr el-Saeed wrote:
Can't it be applied to 1.1.7 release, as there are many changes in the
conf. files between 1.1.7 and 2.0 ??
Ask redhat, or whoever is packaging your version of 1.1.7.
All new development, including bug fixes, are on the 2.0 release.
Alan DeKok.
-
List
Tomáš Janeček wrote:
Yes, something like that, but working. I've walked through this exact
article about 10 times during last two months, but never made it:-(
I'm really looking for working howto for months...
Please explain what's going wrong. Use debug output.
If the NAS is doing
Yes, something like that, but working. I've walked through this exact
article about 10 times during last two months, but never made it:-(
I'm really looking for working howto for months...
--
Tomáš Janeček
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Hi again,i don't have a graphic mode so i can't run 2 terminal.
i think that my freeradius server is running cause when i make this command
who uses graphics? man screen - you can pop between multiple
console sessions with ease...with a single window.
you MUST run radiusd in proper, full
Hi,
Yes, something like that, but working. I've walked through this exact
article about 10 times during last two months, but never made it:-(
I'm really looking for working howto for months...
I checked through it and had a working config.
alan
-
List info/subscribe/unsubscribe? See
Hi,
what is wrong in this configuration:
# A standard realm entry. A request from [EMAIL PROTECTED] will be
# sent to radius.company.com as user, unless the 'nostrip'
# configuration item is specified. If the 'nostrip' configuration
# item is specified, then the request will be proxied as
#
Hi,
what is wrong in this configuration:
you havent configured your SQL to use the Stripped-UserName,
you have the default configuration that uses the UserName
SQL-User-Name = %{User-Name} or somesuch.
depending on your version of radiusd, simply check the sql.conf
or dialup.conf file to find
Hi.
I didn't want to say, that this howto is somehow wrong or bad... It just
didn't worked in my case. (understand: I did/I'm doing something wrong)
Now I'm focusing on what you wrote in first e-mail: do MS-CHAP instead
of CHAP for AD auth. (Thanks for advice)
I see a progress, because I
Hi,
I see a progress, because I have 0xC06A error in my AD log (wrong
password). That is a good message, because radius server (understand: my
wrong configuration of the server) finally communicates with AD.
Hurray!
yay! now , dont forgert, depending on how you talk to
you rAD you'll
Hi,
Can't it be applied to 1.1.7 release, as there are many changes in the
conf. files between 1.1.7 and 2.0 ??
it probably could be applied to 1.1.7 source archive if
you build it yourself. your distro package maintainer, otherwise,
could release a 1.1.7 package with these patches in.
It
thank for you response.
i started my radiusd and then i tried : ps aux | grep radius
i have no proccess running even radiusd server is starting
regards,
uness
2008/5/20 [EMAIL PROTECTED]:
Hi,
Hi again,i don't have a graphic mode so i can't run 2 terminal.
i think that my freeradius server
Hi,
thank for you response.
i started my radiusd and then i tried : ps aux | grep radius
i have no proccess running even radiusd server is starting
okay. now run, as the user that you have configured radiusd
to run as (eg 'radiusd') the radiusd eg
su - radiusd
radiusd -x
this will show you
Whene i run this command :
radiusd -x
in the end i have : *Ready to process requests*
it means that the server is running corrcetly and waiting for requests .
but i still don't know why the test doesnt work
this will show you why its failing. as said before, suspect
100% file permissions
Hi,
Whene i run this command :
radiusd -x
in the end i have : *Ready to process requests*
did you do that as root, or as the user defined in radiusd.conf?
if done as root, then it would work.
which permission shoud i give to these files and how can i do it ?
thank you for your help
i did this as root .
for information i have an ldap server wich contains my users.
i have find an error in my log file :
*rlm_ldap: connection attempt failed*
*rlm_ldap: could not start TLS can't contact ldap server*
regards,
uness
-
List info/subscribe/unsubscribe? See
Hi,
i did this as root .
do you run the server as root though? what does radiusd.conf
say? what do your init scripts say?
for information i have an ldap server wich contains my users.
i have find an error in my log file :
*rlm_ldap: connection attempt failed*
*rlm_ldap: could not start TLS
Alan DeKok said:
It is impossible to use CHAP to authenticate to AD. You MUST use
MS-CHAP, or PAP.
When testing my Radius server with AD and XSupplicant I found that EAP-TTLS
with MD5 inner auth and EAP-MD5 as well as EAP-TTLS with CHAP inner auth all
failed.
So you have explained why
@Zahra
Check the connection between NAS and your radius server. Problem can be
caused if your connection is unstable and sometimes radius server didn't
receive stop packages.
So, just like Alan said.. RS server works fine and you don't need to fix it
:)
On Tue, May 20, 2008 at 1:09 PM, Alan
i run the server as root .
i can't give you c coupy f my radiusd.conf file, because i'm running the
server in a machine with no graphic mode.
for init script, i hav this thing :
Tue May 20 16:06:03 2008: Info: Starting - reading configuration files ...
thank for your help ,
uness
-
List
Am 20.05.2008 um 16:05 schrieb Dean, Barry:
Alan DeKok said:
It is impossible to use CHAP to authenticate to AD. You MUST use
MS-CHAP, or PAP.
When testing my Radius server with AD and XSupplicant I found that
EAP-TTLS with MD5 inner auth and EAP-MD5 as well as EAP-TTLS with
CHAP
Dean, Barry wrote:
Alan DeKok said:
It is impossible to use CHAP to authenticate to AD. You MUST use
MS-CHAP, or PAP.
When testing my Radius server with AD and XSupplicant I found that EAP-TTLS
with MD5 inner auth and EAP-MD5 as well as EAP-TTLS with CHAP inner auth all
failed.
Hi,
i can't give you c coupy f my radiusd.conf file, because i'm running the
server in a machine with no graphic mode.
I dont want a copy of the radiusd.conf - just what the user/group
entries state in that file.
and to send someone a copy, simply copy the config to the system you are
Nicolas Goutte wrote:
Am 20.05.2008 um 16:05 schrieb Dean, Barry:
Alan DeKok said:
It is impossible to use CHAP to authenticate to AD. You MUST use
MS-CHAP, or PAP.
When testing my Radius server with AD and XSupplicant I found that
EAP-TTLS with MD5 inner auth and EAP-MD5 as well as
Am 20.05.2008 um 16:20 schrieb Arran Cudbard-Bell:
Dean, Barry wrote:
Alan DeKok said:
It is impossible to use CHAP to authenticate to AD. You MUST use
MS-CHAP, or PAP.
When testing my Radius server with AD and XSupplicant I found that
EAP-TTLS with MD5 inner auth and EAP-MD5 as
Hi,
I successfully done my authentication and authorization with the perl
and digest with mix mode, and it reply access accept packets from the radius
server. But when i tried to call through asterisk, the server again try to
authenticate again and rejected. The auth type is turned into local
Hey,
I need a java client for Radius. it need to work with all vendors.
I saw two open sources: JRadius, radius-client.
Does someone compare them?
Does someone can recommend?
Thank you
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hey,
I need to have simple Radius server in order to test a Radius client.
I want to test authentication and authorization.
I add a new user in the user file and test authentication and it work.
Now i need to test authorization, where I assign role to this user and how? can
someone give me a
Hi Avihai,
I use the client that comes with the jradius server on my Mac and it's
great. I don't use a particularly wide range of the features, I'm
sure I barely scratch the surface, if I'm honest, but it does what I
need (and it works flawlessly on my Mac :-)
I've not tried radius-client so I
Do you know if its also support other vendors?
I understand (and i might understand wrong) that you need to configure (or
install) something in the server side in order to work with JRadius. I need to
work against all Radius servers and i cant change or add to the Raidus server.
- Original
2008/5/20 avihai marchiano [EMAIL PROTECTED]:
Do you know if its also support other vendors?
JRadius client is java. I initially had some problems because of the
environment used to build jradius-client but I contacted the author
and he fixed it really quickly. I don't know of any reason why
Hello list,
I use the mod_auth_radius module in both Apache1 and Apache2. These
modules work fine, but a remarkable difference between the two is that
the variable AuthRadiusCookieValid (which is set to 1, which means
one minute) is working well when the Apache1 is visited, but is not
working at
From the subject, you can probably guess that its just barely a Freeradius
problem :) Anyway...
Using the Build (http://wiki.freeradius.org/Build) instructions for Debian, i
have compiled FreeRADIUS with python support. I copied the example module
configuration for python out of
All,
I am trying to get the RADIUS server to not only authenticating the
supplicant, but providing the NAS with a VLAN ID. I have tried certain
resources and haven't been able to receive the VLAN ID. Can any provide any
help in this area?
Thanks
William E. W. Russell
Member of Technical Staff
Hello everybody!!
I have FreeRADIUS 1.1.7 + openldap using EAP-PEAP authentication, perfectly
working.
Now, I want to use the same openldap database, but with FreeRADIUS 2.0.4, but I
can't get success authentication.
is it necesary additional parameters of configuration for Freeradius 2.0.4?
Alan,
I reconfigured freeradius from scratch and when generated the ca.der
certificate it generates the certificate valid for only 30 days. The
default days mentioned in ca.cnf has been modified to 730 days, but still no
luck. Additionally modified openssl.cnf too for 730 days.
default_days
Hi Jester
A few things.
1. I've never been able to get python to work correct on a debian
system, this is for both Sarge and Etch. We currently have to use Centos
5 for our proxy radius systems which use python.
2. I do not believe that loading a mysql connection each time you
recived a
William E. Russell schrieb:
All,
I am trying to get the RADIUS server to not only authenticating the
supplicant, but providing the NAS with a VLAN ID. I have tried certain
resources and haven't been able to receive the VLAN ID. Can any provide any
help in this area?
Thanks
William
54 matches
Mail list logo