Hi Ken,
Thanks for the response On this particular server we have not run any
updates to the software stack as it is our policy to only update at regular
intervals so that we can catch these things.
I only sent the e-mail to the list after spending the day in freeradius -X
and -Xx to see if I
Hi C.J.
Thanks for the tip. We do run out config in Git and it has not changed since it
was configured about 2 months ago, this is what is baffling me.
The windows servers were not changed (well that is what the windows admins have
informed us@)
Thanks
Lance
On 15/09/2010 21:10, C.J.
Hi Alan,
Thanks for the response.
We do know about the samba update and it was the first thing I check when
the system broke. We have about 400 ubuntu vm's running on our environment
and we have not yet updated our corporate repo with this update as we have
not tested it yet.
I checked the
Strong, Mark wrote:
http://github.com/alandekok/freeradius-server/blob/v2.1.x/doc/ChangeLog
Yeah, gave that a look didn't see anything definite (as far as memory leaks
go).
Look for the work leak
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[ldap] expand: dc=int-evry,dc=fr - dc=int-evry,dc=fr
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] attempting LDAP reconnection
[ldap] (re)connect to ldapdev.int-evry.fr:389, authentication 0
[ldap] bind as cn=admin,dc=int-evry,dc=fr/admldap
freerad...@corwyn.net wrote:
I'm tinkering with my VPN setup using FreeRadius and AD, and getting
Not possible to verify the identity of the server. Some googling shows
that message can be related to certificates.
Uh... the documentation on setting up EAP describes what you need to
do
Lance Haig wrote:
Thanks for the response On this particular server we have not run any
updates to the software stack as it is our policy to only update at regular
intervals so that we can catch these things.
Well... nothing in the server magically changes it's behavior on a
certain day.
Klaus Laus wrote:
Thanks a lot Alan DeKok, do I have any possibility to permit login only
persons with username/password and client certificate?
All authentications methods works fine on my server, but I´ll only permit
login with username/password and client certificate. Which code I need to
Hi,
Alan DeKok, 2010-09-06 13:58:
It's been a few weeks since the last pre release of 2.1.10. I've
put another one up on the web at:
I tried it, mainly to get rid of the random segfaults we get every few
days (bug #35). Unfortunately, last night it a crashed on one machine
(after running
thanks for your replay
here what i did
in the ldap.attrmap i put
checkItem User-Category eduPersonPrimaryAffiliation
in the user file i did
DEFAULT
Tunnel-Type := VLAN,
Tunnel-Medium-Type := IEEE-802,
Tunnel-Private-Group-Id = 901,
Fall-Through = Yes
Hello,
any idea why I don't see no connection start and stop into mysql
radacct table (other infos are ok) while in the
/var/log/radius/radacct/nas-ip-address/detail-date is ok?
Thanks a lot.
Matteo
This message was sent using
Hi!
I would like to auth my users from my own script.
radiusd -X debug
[otp_auth] expand: %{User-Name} - qtgame
[otp_auth] expand: %{User-Password} - ?O:J?? ?r
[otp_auth] expand: %{reply:Secret} - 8bd1f2fc2c2f68bb
[otp_auth] expand: %{reply:Pin} - 1616
[otp_auth] expand: %{reply:Offset} -
Krisztian Kuti wrote:
radiusd -X debug
[otp_auth] expand: %{User-Name} - qtgame
[otp_auth] expand: %{User-Password} - ?O:J?? ?r
Read the REST of the debug output to see what's going wrong.
Honestly. the answer to your question is *already* in the debug output.
All you need to do is
HI Alan,
Thanks for the response mine are inline
Well... nothing in the server magically changes it's behavior on a
certain day. *Something* changed.
I agree and I am having a hard time finding what.
And... what does the debug output say?
I posted my debug output to the list in
Hi alexander
Le 16/09/2010 00:31, Alexander Clouter a écrit :
Remember that the 'inner-auth' virtual server is a *unique* instance
to your outer layer so 'User-Category' might be defined but only on the
outside whilst it looks like you are calling 'files' *inside*.
Cheers
Well I understand
Hi everybody!
I'm a new subcriber of this list. I'm trying to setup a radius server with LDAP
authentication; I've managed to authenticate a user (from a Cisco Device),
but my fellows from Security Department think that we should have a two-step
authentication:
1. User/password authentication,
Put this into the users file:
DEFAULT EAP-TLS-Require-Client-Cert = yes
I did this, but the clients can login furthermore without any client
certificate for example with PEAP or EAP-TTLS. Here is my users file:
DEFAULT EAP-TLS-Require-Client-Cert = yes
testuser
Hi,
would recommend a review of the docs tomake sure it is easier to follow for
people then your argument would be valid.
personally I foudn the docs weak when I first started with FreeRADIUS 0.x - but
then
have sicne then learnt everything from the actual config files and the man
pages.
Lance Haig wrote:
I posted my debug output to the list in another mail but I will add it to
the end of this mail so they two are on the same page as it were.
What you posted earlier was a *tiny* portion of the debug output. And
the email I'm replying to contains no debug output.
The
mat...@crs4.it wrote:
Hello,
any idea why I don't see no connection start and stop into mysql radacct
table (other infos are ok) while in the
/var/log/radius/radacct/nas-ip-address/detail-date is ok?
Run the server in debugging mode to see.
Alan DeKok.
-
List info/subscribe/unsubscribe?
well i though i have found the answer
i m not sure if it s the right way to do
in the section of peap of the eap file i had
use_tunneled_reply = yes
Le 16/09/2010 13:22, Eric Doutreleau a écrit :
Hi alexander
Le 16/09/2010 00:31, Alexander Clouter a écrit :
Remember that the 'inner-auth'
Hi,
Hello,
any idea why I don't see no connection start and stop into mysql radacct
table (other infos are ok) while in the
/var/log/radius/radacct/nas-ip-address/detail-date is ok?
wild stab in the dark here you have 'detail' enabled in the
accounting {} section of your default
Klaus Laus wrote:
I did this, but the clients can login furthermore without any client
certificate for example with PEAP or EAP-TTLS. Here is my users file:
sigh Is it that hard to show the debug output?
Here's the eap.conf file
Neither the documentation or messages on this list ask
Jakob Hirsch wrote:
I tried it, mainly to get rid of the random segfaults we get every few
days (bug #35). Unfortunately, last night it a crashed on one machine
(after running for about 60h):
Sep 16 04:07:22 radius64-01b kernel: [24863577.558534] ui-freeradius[20331]
general protection
Hi,
I am using freeRadius 2.1.9 version.
I am trying to update proxy-reply message with additional attributes, I want to
do it only if proxy-reply is Access-Accept. I see %{proxy-reply:Packet-Type}
returns Access-Accept but I am not able to form a if condition, I see
following error:
Thu Sep
In article bay154-w6ae2b5874b5015e85e875c0...@phx.gbl you wrote:
I'm a new subcriber of this list. I'm trying to setup a radius server
with LDAP authentication; I've managed to authenticate a user (from a
Cisco Device), but my fellows from Security Department think that we
should have a
On 16/09/10 10:16, Eric Doutreleau wrote:
thanks for your replay
here what i did
in the ldap.attrmap i put
checkItem User-Category eduPersonPrimaryAffiliation
checkItem means put the attribute into the check/config items list.
Looking at the source code, I see that rlm_ldap can't
Le 16/09/2010 15:34, Phil Mayers a écrit :
On 16/09/10 10:16, Eric Doutreleau wrote:
thanks for your replay
here what i did
in the ldap.attrmap i put
checkItem User-Category eduPersonPrimaryAffiliation
checkItem means put the attribute into the check/config items list.
Looking at the
I am running NTLM_AUTH for mschap authentication with an MS AD at the back
end. I suppose that could be the culprit. If so, is upgrading FreeRadius
likely to resolve that (not knowing exactly what the problem is). Anything
I could configure at the FreeRadius end to make that work a bit
On 16/09/10 14:35, Klaus Laus wrote:
ok, this is the debug output:
FreeRADIUS Version 2.1.6, for host i686-pc-linux-gnu, built on Oct 27 2009 at
17:05:49
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
On 16/09/10 15:27, Mike Diggins wrote:
I am running NTLM_AUTH for mschap authentication with an MS AD at the back
end. I suppose that could be the culprit. If so, is upgrading FreeRadius
likely to resolve that (not knowing exactly what the problem is). Anything
I could configure at the
Hi,
I'm using free radius 2.1.9 as a client to connect to a distant server (not
freeradius).
We are facing a problem for Tunnel-Server-Endpoint attribute :
RFC http://www.ietf.org/rfc/rfc2868.txt indicates for Tunnel-Server-Endpoint :
Tag
The Tag field is one octet in length and is
Naoufel wrote:
Hi,
I'm using free radius 2.1.9 as a client to connect to a distant server (not
freeradius).
We are facing a problem for Tunnel-Server-Endpoint attribute :
RFC http://www.ietf.org/rfc/rfc2868.txt indicates for Tunnel-Server-Endpoint :
...
So, there is no explicit
Dear experts,
I configured my Freeradius2.1.7 server to be a proxy server which will
forward the PEAP authentication packages to a remote server. The
authentication part works great.
I configured my switch to send accounting information to the proxy
server. The proxy server is using MySQL
34 matches
Mail list logo