Nolan King wrote:
Due to some Skypilot APs that do not support EAP-TLS
Huh? Access points don't care about the EAP method.
(requiring client certs) i am working on getting tunneled peap happening,
authenticating against AD. After following the excellent READMEs and other
instructional
Christian Rahl wrote:
I would like this information to be added to the radius mysql in a
separate table. This information would include MAC address, last IP, and
if possible the last NAS IP. All I really need to know is how to get a
script to run with the radius so that it requests that
rrperez wrote:
I have set up a FreeRadius 2 Server that authenticates on a Lotus Notes LDAP
Service and it successfully maps. But I'm having a hard time figuring out
what is the encryption method used by the Lotus Notes with their passwords.
...
Can anyone tell me what encryption is this and
Hi,
first, there is no such thing as requesting that information - a
RADIUS client sends a request, and it sends attributes as configured on
the client. There is no previous negotiation phase where the server
would tell give me this piece of info.
However, there is some opportunity to
On 08/17/2010 09:20 PM, Paul Dugas wrote:
On Tue, Aug 17, 2010 at 4:02 PM, Alan DeKokal...@deployingradius.com wrote:
If you do not have clear-text or NT hashed passwords in your LDAP
database, then *no* tool will magically make MS-CHAP work. The problem
is the method used to store the
Hi,
Can anyone tell me what encryption is this and what suitable protocol can I
use?
Few people use Lotus Notes, so I don't know if anyone here can help,
sorry.
Several years ago I tried to use Notes (v5, back then) as a backend. The
documentation contained much blah, but did not give
Do you have any other idea, after I sent out the logs of both servers, the one
where everything works and the other server where it don't work?
Am 17.08.10 21:56, schrieb Alan DeKok:
Andreas Hubert wrote:
I dont know if updating is such a good idea. Mac OS X comes with 2.1.3 and
another
Hello!
I configured freeradius to authenticate my WLAN Clients over Active
Directory. Depending on the Group Membership. Also i configured multiple
SSIDs on my WLAN switch, so a client request in freeradis debug output
includes the following Attributes:
rad_recv: Access-Request packet from
Hi,
-freeradius version: freeradius-2.1.0+dfsg (downloaded from
http://packages.ubuntu.com/source/karmic/freeradius)
-OS: Ubuntu 9.10 (Karmic Koala)
I wanted to use freeradius with PAM. I performed following steps in order:
1) Downloaded freeradius from above given link.
2) Extracted it to
kartik dadwal wrote:
Hi,
-freeradius version: freeradius-2.1.0+dfsg (downloaded from
http://packages.ubuntu.com/source/karmic/freeradius)
-OS: Ubuntu 9.10 (Karmic Koala)
I wanted to use freeradius with PAM. I performed following steps in order:
1) Downloaded freeradius from above given
Hello,
i think it can be done in many ways.
e.g. manage it with a external script:
sites-enabled/default:
post-auth {
if ( Colubris-AVPair == ssid=guest-wlan ) {
setvlan
}
}
module/setvlan:
exec setvlan {
wait = yes
program = .../setvlan
kartik dadwal wrote:
Hi,
-freeradius version: freeradius-2.1.0+dfsg (downloaded from
http://packages.ubuntu.com/source/karmic/freeradius)
-OS: Ubuntu 9.10 (Karmic Koala)
I was unable to download but now i get a page that is not empty.
But, if i check depends of my binary deb :
*Depends:
path issue.
create symlink to the particular files.
ln -s /usr/local/lib/* libfreeradius-radius-2.1.0.so /usr/lib
there may be some more missing files whose symlink you need to do .
Let me know if it works.
*
On Wed, Aug 18, 2010 at 5:53 PM, Fabien COMBERNOUS fcombern...@kezia.comwrote:
thanks you i tired that and it worked great. if you dont mind can you tell
me please why we had to set fail = 1? the reason i ask is that in my
policy i have a 'notfound' statement and it works just fine, but for fail i
have to set it to 'fail = 1'. below is the policy i have in place
ldap
Thank you.
Is it still needed to compile freeradius with rlm_raw, or can it be
freeradius get NAS-Identifier with a standard install?
On Sun, Aug 15, 2010 at 6:15 PM, Alan DeKok al...@deployingradius.comwrote:
tyllerd wrote:
Hi.
I would like to know if its possible to rather define
Okay, I just found out I messed something with the eap.conf on my first
server, I accidental out commented these options:
fragment_size = 1024
include_length = yes
check_crl = yes
CA_path = /path/to/directory/with/ca_certs/and/crls/
check_cert_cn = %{User-Name}
But now the eap.conf is on both
Andreas Hubert wrote:
But now the eap.conf is on both servers nearly the same (without certificate
paths).
I tried to make the problem happen again, mabye now it is easier in the log
files to see the difference.
Or should I maybe add here my complete config folder of booth servers? I
Aqdas Muneer wrote:
thanks you i tired that and it worked great. if you dont mind can you
tell me please why we had to set fail = 1?
doc/configurable_failover
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Use an AP that works.
Use a client PC that works.
The strange thing is, both work, but only together with the second server, not
with the first one.
On the AP I can enter two RADIUS servers, in case one gets down, what I also
want to use. I also switched them in the configuration with
Hi,
@Fablen:
I first used synaptic packet manger to install free radius as it synaptic
pkt. manger takes care of the dependencies. After insatlling freeradius
through the synaptic pkt. manger I could not find any of the freeradius
subdirectories.
So, I removed freeradius completely again using
Andreas Hubert wrote:
I really have no clue, why the AP and client should work with the second
server and not with the first one :(
It's a networking issue.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
But all packets are coming trough, I think.
Both servers are on the same subnet, with same gateway.
Am 18.08.10 15:53, schrieb Alan DeKok:
Andreas Hubert wrote:
I really have no clue, why the AP and client should work with the second
server and not with the first one :(
It's a networking
kartik dadwal wrote:
Hi,
@Fablen:
I first used synaptic packet manger to install free radius as it
synaptic pkt. manger takes care of the dependencies. After insatlling
freeradius through the synaptic pkt. manger I could not find any of
the freeradius subdirectories.
So, I removed
I am attempting to edit the ldap module to pass the mac address from the
wireless client as the user. I have changed the basedn, but not sure how
to change the filter.
Here is what I have :
ldap {
#
# Note that this needs to match the name in the LDAP
# server
Hello!
I'm trying to modify a working configuration to add one more
authentication service in FreeRadius.
I already have one configuration to authenticate users in ldap to use
wireless network. See the radiusd.conf:
radiusd.conf
prefix = /usr
Thanks for your reply, and your time, Alan. Apparently these APs do care, has
been tested and is stated in Skypilot documentation. i have moved on.
I jumped the gun with my post to the board out of frustration- restarting
winbind on the server, a last minute flail of desperation, magically
Hi, All
I have to develope redius client to full fill the follwing requrment.
Plz which radius client lib/stack i should use for windows.
simulate Radius and dot1x type of client flows
The radius tool should allow us to specify authentication type and it should
support all EAP methods
On 8/18/2010 02:48 AM, Alan DeKok wrote:
Nolan King wrote:
Due to some Skypilot APs that do not support EAP-TLS
Huh? Access points don't care about the EAP method.
Apart from the OP's particular problem, you can be assured that
there are APs that unfortunately do care about the EAP method
Hi,
Currently I am using freeradius2-2.1.8-2 to load balance radius traffic between
two hosts, I have a single realm DEFAULT setup which proxies the radius traffic
between the two servers and that works great, however now I have an unusual
need to proxy auth/acct radius traffic to non standard
Hi,
I have ubuntu 9.10. Can you please tell me
1)Before running radius -X what all steps should be completed?
2)what should be the subdirectory structure for freeradius and where it
should be formed in the directory structure?
3)which sub directory should I give the radius -X command.
I guess
1)Before running radius -X what all steps should be completed?
... www.deployingradius.com, follow the how to ... and really and I mean
REALLY read the documentation in the conf files ... all of them. Print
them out in color ... all of them. Spread them out all over your work
surface, make
David Mitton wrote:
Apart from the OP's particular problem, you can be assured that
there are APs that unfortunately do care about the EAP method in use.
We should put a list of them on the Wiki as broken APs. It's
ridiculous for them to be inspecting the EAP transport later.
Certainly
Douglas Caro wrote:
I'm trying to modify a working configuration to add one more
authentication service in FreeRadius.
What's an authentication service ?
I already have one configuration to authenticate users in ldap to use
wireless network. See the radiusd.conf:
Please don't post
Sallee, Stephen (Jake) wrote:
Alan, I hope it is ok to plug your site, I found it an invaluable tool : )
Yes. That's why I wrote it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Brian Carpio wrote:
Currently I am using freeradius2-2.1.8-2 to load balance radius traffic
between two hosts, I have a single realm DEFAULT setup which proxies the
radius traffic between the two servers and that works great, however now I
have an unusual need to proxy auth/acct radius
Thanks for the response Alan and Stefan, I also figure out it now that it is
somewhat impossible.
I might test my last theoretical solution, that is to make LDAP as the
primary directory and also I'll keep on searching the net for any other ways
to make this close to possible. :-)
--
View this
On Thu, Aug 19, 2010 at 2:51 PM, rrperez rrpe...@apc.edu.ph wrote:
Thanks for the response Alan and Stefan, I also figure out it now that it
is
somewhat impossible.
I might test my last theoretical solution, that is to make LDAP as the
primary directory and also I'll keep on searching the
Thanks Peter, your a savior, I commented out pap in the authorize and
authenticate section in my sites-enabled default and inner-tunnel and it did
work.
But then again, when I tested it out, it only works locally with linux
platforms but when I tried to test it with the wifi router and windows
38 matches
Mail list logo