...
rlm_ldap: Added password {SSHA}F8XliBuxscoShNf0k7RxlC7niB7ISswp in check
items
...
rlm_eap_md5: User-Password is required for EAP-MD5 authentication
...
You can't use encrypted passwords with EAP-MD5.
http://deployingradius.com/documents/protocols/compatibility.html
Ivan Kalik
Kalik
1. You are not sending login requests to this server, or at least they
are not getting there. Is server set up not to recieve auth requests
from the network (only local reqests)? Can you log into it from a
different machine?
2. Is this server restarting on it's own or are you doing that?
Ivan
Yes. Use VLANs and port based authentication and they won't be able to
do that. If they manually change IP address to a different VLAN
connection will become unusable.
Ivan Kalik
Kaliki Informatika ISP
Dana 29/1/2008, [EMAIL PROTECTED]
[EMAIL PROTECTED] piše:
Hi,
I have a question.
When
rlm_pap: WARNING! No known good password found for the user. Authentication
m ay fail because of this.
So, where is your password stored?
Ivan Kalik
Kaliik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Can you post users entry in the database. it's quite likely that you
left == as the operator instead of using :=.
Ivan Kalik
Kalik Informatika ISP
Dana 30/1/2008, Andrew Long [EMAIL PROTECTED] piše:
When I have (radcheck) attribute `User-Password', authentication
succeeds but we see
to
connect to anything because he is on one subnet and gateway on another.
Same applies if all addresses are private but you are doing NAT for one
(subnet) and not for another etc.
Ivan Kalik
Kalik Informatika ISP
Dana 31/1/2008, [EMAIL PROTECTED]
[EMAIL PROTECTED] piše:
Hmm. That sounds great. I have
about 2 seconds after sending the first one (if it gets no
response). If you have 120 requests in 2 seconds it's likely that your
database is having hard time coping. Where are all those requests coming
from?
Ivan Kalik
Kalik Informatika ISP
Dana 31/1/2008, Andrew Long [EMAIL PROTECTED] piše
-Jan 31 08:08:14 debug iprulesmgr Received RADIUS Access Accept (id='14')
-Jan 31 08:08:14 debug iprulesmgr Sending RADIUS Access Request (id='240')
Even stranger is that it did recieve accept packet but still sent out
another request. Debug ppp on that NAS and see what's going on.
Ivan
http://wiki.freeradius.org/SQL_HOWTO
Populating SQL would interest you most.
Ivan Kalik
Kalik Informatika ISP
Dana 31/1/2008, James Taylor [EMAIL PROTECTED] piše:
Hello list!
I think I have an easy one here. I currently am administering several Radius
sites for Dynamic VLAN access based
Think about upgrading to 2.0.1. You can then configure default home
server to handle requests A and another virtual server to terminate TLS
and proxy PAP requests to a remote home server.
I don't quite get this bit about encrypted requests. Radius packets
*are* encrypted.
Ivan Kalik
Kalik
Sorry, I just read your subject line. What is the request sent from the
supplicant: PEAP or EAP-TTLS/PAP?
Ivan Kalik
Kalik Informatika ISP
Dana 31/1/2008, Joakim Lindgren [EMAIL PROTECTED] piše:
Hi all, thanks for your explanation earlier!
I need your help with EAP-TTLS and PAP. I have
Any idea why making the same change ( to attribute 'Cleartext-Password
and op ':=')
on 1.1.7 would lead to failed authentications?
Send the debug for that one.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rad_recv: Access-Request packet from host 127.0.0.1:32780, id=232,
length=46
..
Sending Access-Accept of id 232 to 127.0.0.1 port 32780
And where is the accounting request that should come right after it? Did
NAS send one?
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe
radtest is an authetication testing tool. It doesn't do accounting. Send
a request from a NAS.
You sent an access request with radclient to the accounting port. To no
surprise it did not respond. You have to send an accounting packet to
the accounting port.
Ivan Kalik
Kalik Informatika ISP
realm as SECURE and proxy to
that one.
Again, you should think about 2.0.1 where you can define one virtual
server to deal with @SECURACCESS requests and another for others.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. ntlm_auth will work on mschap requests. Get router
to send mschap requests.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the realm you are proxying to, for instance SECURE (change
Proxy-To-Realm stetement too). That way the outer tunnel will be
processed locally and inner remotely.
Why doesn´t it do PAP? When the connection reach the home server it´s
encrypted?
Because you are proxying the EAP request.
Ivan Kalik
Eap-Type != peap. Local ones are using PEAP and remote EAP-TTLS/PAP,
right?
Ivan Kalik
Kalik Informatika ISP
Dana 2/2/2008, Jayal1972 [EMAIL PROTECTED] piše:
Hi again,
I mean: how to detect a special name in the request. And to NOT proxy local
calls...
Is my configuration OK?
// J
You havent turned anything on (including the debug). What should match so
the user gets this information?
Ivan Kalik
Kalik Informatika ISP
Dana 2/2/2008, Don James [EMAIL PROTECTED] piše:
Hi,
When I run radtest, I get the following response:
Sending Access-Request of id 64 to 192.168.1.41
So, who is the boss there - you or the machine? ;-)
Right, where did you put those attributes you want returned? Can you post
those entries? Any chance of posting that debug?
Ivan Kalik
Kalik Infprmatika ISP
Dana 2/2/2008, [EMAIL PROTECTED]
[EMAIL PROTECTED] piše:
That's what I would like
You have mistaken this list for Cisco technical support.
Ivan Kalik
Kalik Informatika
Dana 1/2/2008, Vijay Avarachen [EMAIL PROTECTED] piše:
Hello,
I have successfully configured freeradius 2.x to do AAA for my Cisco
Catalyst 3560. Using modules rlm_detail I am able to log when
request. You
need to finish with EAP first and then PAP attributes will be available.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
in pap reply. Probably some M$ thing.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ#It_still_doesn.27t_work.21
Ivan Kalik
Kalik Informatika ISP
Dana 5/2/2008, hamid benane [EMAIL PROTECTED] piše:
Hello,i have the same configuration like you freeradius-1.1.1, cisco 3560 but
when i try to autheticate my windows xp its
= 10.5.0.31 ===
Stripped-User-Name = jakub
Realm = NULL
Realm = NULL
Proxy-State = 0x313039
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.?
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Write to Peter Nixon with your desired logon details.
Ivan Kalik
Kalik Informatika ISP
Dana 5/2/2008, Phil Mayers [EMAIL PROTECTED] piše:
I assume account creation is deliberately disabled on the wiki; could
whoever runs/has access create me one?
-
List info/subscribe/unsubscribe? See http
Well, look again. Same question was asked and answered today. Different
Cisco device but that doesn't change a thing.
Ivan Kalik
Kalik Informatika ISP
Dana 5/2/2008, hamid benane [EMAIL PROTECTED] piše:
hello,
you for the page web of freeradius, i look it befor i ask this question.
can
Could it be a problem from the NAS params sent to radius?
It could - if NAS-Port parameter is the same for all users. If user C
logs out IP adresses will be released from the pool and B will be able
to get A's IP address.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
Configure something to send a request to it. Put user name and password
in users file. Put details of the device sending requests into
clients.conf.
If you haven't got the device that can send requests you can test with
something like JRadius Simulator.
Ivan Kalik
Kalik Informatika ISP
Dana 6
Have you uncommented sql entries in radiusd.conf? Debug of the server
startup (the bit that comes before the posted debug) would be more
informative about what's configured (and what's not).
Ivan Kalik
Kalik Informatika ISP
Dana 6/2/2008, johnson elangbam [EMAIL PROTECTED] piše:
hi,
I am
Inner request for PEAP is EAP-MSCHAPv2 not MSCHAPv2.
Ivan Kalik
Kalik Informatika ISP
Dana 6/2/2008, Andrew Olson [EMAIL PROTECTED] piše:
I got 2.0.1 patched, compiled and configured. I'm still seeing the same
behaving listed below. Could it be something with my config.
I'm simply doing
Have you noticed some warnings about password attribute in the debug?
Maybe using appropriate password attribute might help ;-)
Ivan Kalik
Kalik Informatika ISP
Dana 7/2/2008, cxu [EMAIL PROTECTED] piše:
Hi,
I am testing the freeradius server, and try to clarify rules applied in
freeradius
password_attibute in ldap section. But your password is not clear text.
You might need to create an entry in ldap.attrmap for SHA-Password. You
will be able to do pap requests but not much more with the password you
are storing.
Ivan Kalik
Kalik Informatika ISP
Dana 7/2/2008, cxu [EMAIL
. Read the section and you will
find it. I am not going to post that information here as well.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the user would be admitted to some other network if their server was
issued a certificate by the same CA. If you are using commercial
certificates there might be thousands of servers with certificates
issued by the same CA. And the user will be able to get onto all of them
(if they use EAP-TLS).
Ivan
Those are accounting requests. They have nothing to do with logins.
Ivan Kalik
Kalik Informatika ISP
Dana 8/2/2008, Andrew D Kirch [EMAIL PROTECTED] piše:
The top login attempt doesn't work, and the bottom one does. Restarting
radius doesn't fix the problem, but rebooting the server it's
No, this is a Cisco question. Debug ppp negotiation and multilink events
on the recieving router. And don't bother posting the debug here.
Ivan Kalik
Kalik Informatika ISP
Dana 8/2/2008, Tony Spencer [EMAIL PROTECTED] piše:
Hi
Apologises if this isn#65533;t really a Freeradius question
Depends on the router. You will have to read router documentation. For
Cisco it's ppp authentication mschap on the interface. User's machine
trying to connect will also need to support mschap.
Ivan Kalik
Kalik Informatika ISP
Dana 8/2/2008, Fernando Coelho [EMAIL PROTECTED] piše:
Hi Ivan!
How
He can't be connecting from both devices in the same time. That's why
check is failing. Use huntgroups:
pippo User-Name == pippo and then list under all the device IPs
he can connect to.
Ivan Kalik
Kalik Informatika ISP
Dana 15/2/2008, enrico fanti [EMAIL PROTECTED] piše:
Hi ,
I have
You have asked this once already. It has been answered.
Ivan Kalik
Kalik Informatika ISP
Dana 18/2/2008, Enrico Fanti [EMAIL PROTECTED] piše:
Hi ,
I have freeradius configured with Mysql.
I would like to have a user pippo can ssh login to 2 server linux
wich uses pam_radius in /etc/pam.d
It's a file in raddb directory, not a part of the database schema.
Ivan Kalik
Kalik Informatika ISP
Dana 18/2/2008, Enrico Fanti [EMAIL PROTECTED] piše:
Sorry.
I mistake with my thunderbird button.
I would like to know whatt'is the huntgroups concept in radius database.
I have this db schema
http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ#It_still_doesn.27t_work.21
Ivan Kalik
Kalik Informatika ISP
Dana 18/2/2008, Sarp Kaya [EMAIL PROTECTED] piše:
Hello, how can I do it I don't know. I am using Antcor OS router and
it has hotspot settings. I also have a pc which has ubuntu
provided functionality than to go hacking the configuration
files.
Ivan Kalik
Kalik informatika ISP
Dana 19/2/2008, Enrico Fanti [EMAIL PROTECTED] piše:
Ok, Thank you.
But for yiu, it's possible to use mysql for my target ?
If yes, do you have any ideas?
I would like to have a system (PHP-Mysql
And why do you have password in two locations? If you store it in Ldap
you don't need it in users file and vice versa.
Ivan Kalik
Kalik Informatika ISP
Dana 19/2/2008, David W Bell [EMAIL PROTECTED] piše:
Hi there.
My Saga continues
I have freeRADIUS working with openLDAP and can log
Password is a check item. It has nothing to do with what's in the reply
(av-pairs are reply items). Just remove the password and it will still
work the same. You *can* leave the check line blank in users file.
Ivan Kalik
Kalik Informatika ISP
Dana 19/2/2008, David W Bell [EMAIL PROTECTED] piše
No. You have no client cerftificate so there is nothing to be read.
That's normal. But PEAP conversation stopping in the middle with an
Access-Challenge is another matter - described in FAQ, eap.conf, ...
Ivan Kalik
Kalik Informatika ISP
Dana 19/2/2008, Eduardo Lima [EMAIL PROTECTED] piše:
I'm
IP is
also on the private subnet it's quite likely that you wont have to
force the router to use the IP address defined in clients.conf - it
should select it on it's own. If it doesn't you can force radius
source interface in router config.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe
If you have freeradius installed just type radtest at the command prompt,
hit enter and see what happens.
Ivan Kalik
Kalik Informatika ISP
Dana 19/2/2008, Sarp Kaya [EMAIL PROTECTED] piše:
Sorry Ivan, I am newbie. I couldn't find any file that called radtest
or something like that.
2008/2/19
Add FreeRADIUS-Proxied-To == 127.0.0.1 as a check item.
Ivan Kalik
Kalik informatika ISP
Dana 19/2/2008, Gong Cheng [EMAIL PROTECTED] piše:
Hi folks,
I am working on an issue like this:
In my users file, I have
user1
attribute1=val1
user2
attribute2=val2
DEFAULT
The phones need to be in a tagged vlan instead of an untagged.
Are you sure about that? You tag VLANs on a trunk port. And that port
will be connected to the upstream device, not your phone.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
You most likely want operator += to add multiple attributes with the same
name.
http://wiki.freeradius.org/Operators
Ivan Kalik
Kalik Informatika ISP
Dana 20/2/2008, David W Bell [EMAIL PROTECTED] piše:
yep - tried that :)
Hi David,
Have you tried putting \n to see if that puts a line
4. Our radius sends the Tunnel information back to Telco Radius
Why? It will be the same every time for every user. Configure tunnel
parametars on the (virtual) interface.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
What's the user entry in the database? That password looks a bit suspect.
Ivan Kalik
Kalik Informatika ISP
Dana 22/2/2008, Dustin Schuemann [EMAIL PROTECTED] piše:
I am trying to setup freeradius 1. I have chap authentication working
with mysql but pap authentication will not work with mysql
NAS-IP-Address should be different in LAC and LNS requests. And unlang
works in version 2.0 not 1.1.x (later post).
Ivan Kalik
Kalik Informatika ISP
Dana 22/2/2008, Adrian [EMAIL PROTECTED] piše:
Hello Ivan,
The Telco wants me to send those parameters to them. I have no choice in
that. I'm
the user password is fun123 it is clear text.
User-Password = i\374\304U\017\026\264\027:\367PU\262\t\356
That's not what you NAS is sending as password. So radius works fine.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
That looks like a pap request but that's not the cleartext password.
Garbled password suggests that the shared secret in clients.conf and on
the NAS are not the same (if you are sure you are sending the right
password and not this).
Ivan Kalik
Kalik Informatika ISP
Dana 22/2/2008, Dustin
man rlm_pap
Ivan Kalik
Kalik Informatika ISP
Dana 22/2/2008, Dustin Schuemann [EMAIL PROTECTED] piše:
I have my username and passwords stored in my database as encrypted.
How can I get freeradius 1 to work with this passwords.
Dustin Schuemann . Network Engineer
This is nothing to do with Freeradius. Chillispot enforces Idle-Timeout.
If it thinks the users is active it will not disconnect the session.
There is nothing radius server can do about it. This is a Chillispot
problem.
Ivan Kalik
Kalik Informatika ISP
Dana 23/2/2008, GNULinuxSlackware [EMAIL
set up the Chillispot - disconnect the session only on clicking the
logout link. Set up Chillispot properly.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
You would normally use a DEFAULT entry in users file. In 2.0 you can use
unlang and do it in sql.
Ivan Kalik
Kalik Informatika ISP
Dana 24/2/2008, Adrian [EMAIL PROTECTED] piše:
Hello Ivan,
Can you point me in the right direction with doing separate requests based
on the NAS-IP-Address
- those attributes are already in ldap.attrmap.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
http://wiki.freeradius.org/Operators
Ivan Kalik
Kalik Informatika ISP
Dana 25/2/2008, niall el-assaad [EMAIL PROTECTED] piše:
Hi,
I am writing an external script to be run based upon an authentication.
When the script returns output I am unsure as to what the assignment
operators do
We don't do these checks on radius database at all. We have a billing
database with users details which has value of this attribute in
datetime format and checks are done there.
Ivan Kalik
Kalik Informatika ISP
Dana 25/2/2008, Tim White [EMAIL PROTECTED] piše:
I'm attempting to use Expiration
The one you have there in the text.
Ivan Kalik
Kalik Informatika ISP
Dana 25/2/2008, Tim White [EMAIL PROTECTED] piše:
So you maintain to instances of this value?
Once in radcheck, and once in an external table? The first instance, in
radcheck, what format do you have that in?
Thanks
Tim
DEFAULT Ldap-Group == Engineering, and then list of reply attributes.
Ivan Kalik
Kalik Informatika ISP
Dana 25/2/2008, David W Bell [EMAIL PROTECTED] piše:
Ok been fiddling some more.
What I need to now do is work out which group a user belongs to based on
LDAP users and groups.
I am
In radgroupcheck enter a NAS-IP-Address check for the Telco_LAC_Group that
matches on the LAC's IPs.
That might be a problem. You need a single match. If you can make a
regexp that matches all the IPs you will be fine. But all need to match
a single statement.
Ivan Kalik
Kalik Informatika ISP
Put only username and password there. If you don't put anything else
there is nothing to read.
Ivan Kalik
Kalik Informatika ISP
Dana 26/2/2008, johnson elangbam [EMAIL PROTECTED] piše:
Hi,
I am trying to make a new database schema in Ms Sql in order to read the
user name and password only
user? Can you
explain in more detail how is that suposed to work.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
that you need to send
them.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
That's not the one you are running. You are running something that's at
least a year older - probably installed with the OS.
Ivan Kalik
Kalik Informatika ISP
Dana 26/2/2008, Russell D. Mitchell [EMAIL PROTECTED]
piše:
Well, the tarball is named freeradius-server-2.0.2.tar, and it untars
Could you please suggest me how can I check MAC filter(via Radius) and after
that do EAP-PEAP authorization?
Read your NAS documentation.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
20min of his current prepaid code he can use it again.
on another machine (this code now gives 40min of internet access)
My naive solution:
Use freeradius on host and special .net app on every user machine
to control everything.
Use freeradius total (sql)counter instead.
Ivan Kalik
http://www.freeradius.org/dialupadmin.html
Ivan Kalik
Kalik Informatika ISP
Dana 28/2/2008, parfait kouassi nda [EMAIL PROTECTED] piše:
hi,
i'm using freeradius server like proxy, and i want to administrate it with web
mode.
please can you give applications or how i can implement the web
Login-Time to restrict user to the days on which he can log in. And set
Expiration to the end of the current day (? 24 hours - what's a day) on
first login (script).
Ivan Kalik
Kalik Informatika ISP
Dana 28/2/2008, Budiono U. [EMAIL PROTECTED] piše:
Hi all,
I'm currently setup freeradius
of the password attribute and the
appropriate operator in rlm_sql code. It expects to read that from the
database.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(like the one you
posted) and peap will be an eap request. So, your AP will do that for
you.
At this moment I have situation when my MAC request tries to authorize
thought LDAP and only afterward looks in users file.
Upgrade to 2.0.2. Than you can process pap and eap requests differently.
Ivan
module and server will use
the password from your sql database.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
). Attribute should appear
in the Access-Accept packet if all goes well.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
So is this. 1.1.7 file /usr/local/etc/raddb/dictionary.
Ivan Kalik
Kalik Informatika ISP
Dana 28/2/2008, Dustin Schuemann [EMAIL PROTECTED] piše:
I don't have anything like this in my dictionary. This is free radius 1
On Feb 28, 2008, at 5:51 PM, Ivan Kalik wrote:
Add to your dictionary
Most likely. Can you post the content of your dictionary file?
Or download 2.0.2 and see if that attribute is in dictionary.slipstream.
If it is include it with the other dictionaries.
Ivan Kalik
Kalik Informatika ISP
Dana 29/2/2008, Dustin Schuemann [EMAIL PROTECTED] piše:
Can I just add
, attempting login with user details is a strange way of
checking user status. You would normally use such information from the
logs if user complains about trouble connecting.
I hope this will be of some use to you.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http
Radius server doesn't ask for authentication - switch does.
Ivan Kalik
Kalik Informatika ISP
Dana 29/2/2008, hamid benane [EMAIL PROTECTED] piše:
hello every body,
the probleme was on the cisco switch i resolve this probleme and now its work
fine. I seen on the wireless connexion
otp.conf in raddb directory.
Ivan Kalik
Kalik Informatika ISP
Dana 29/2/2008, Norbert Wegener [EMAIL PROTECTED] piše:
One of our customers uses an authentication service from Mideye, which
is described this way:
The end-user requests access to a
protected application, and is prompted
Yes.
DEFAULT Ldap-Group == whatever
reply,
reply
Ivan Kalik
Kalik Informatika ISP
Dana 1/3/2008, Giovanni Lovato [EMAIL PROTECTED] piše:
I wish to assign various Reply-Items to a group defined in LDAP, and
then configuring FreeRADIUS to fetch those Reply
] returns reject
Post the whole debug. It looks like you are trying to force mschap onto
something that isn't a mschap request.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
You had your answer: rlm_sql expects a password attribute and an
operator. You don't have those in your schema so it can't create the
attribute-value pair. Rewrite the code in rlm_sql and fix them to some
value or write anothe (?perl) module to authenticate the user.
Ivan Kalik
Kalik Informatika
the username).
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fix obvious errors:
- first line in eap.conf says not to use Auth-Type EAP
- instructions in users file (FAQ etc.) suggest a different password
attribute.
Ivan Kalik
Kalik Informatika ISP
Dana 3/3/2008, Rob [EMAIL PROTECTED] piše:
While I am using Calling-Station-Id freeradius does
it
but something like JRadius Simulator can) to make sure that works (you
haven't encrypted the password or such) before sending a PEAP request.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Have you configured that priv level? Only 1 and 15 are configured by
default.
Ivan Kalik
Kalik Informatika ISP
Dana 4/3/2008, David Bell [EMAIL PROTECTED] piše:
Hi folks, same david Bell, different email address :)
Well I now have RADIUS and Cisco working pretty much as I want.
However
I don't know anything about eDirectory, but could this be a problem for
retrieving password and other attributes:
rlm_ldap: No default NMAS login sequence
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ah, there is no Service-Type in your reply. It should be Service-Type =
NAS-Prompt-User. Service type should be in the request too so make sure
it is this one.
Ivan Kalik
Kalik Informatika ISP
Dana 4/3/2008, David Bell [EMAIL PROTECTED] piše:
Thanks for the raply Ivan - sorry to keep dragging
It should be in the request. Post the whole debug with the request.
Ivan Kalik
Kalik Informatika ISP
Dana 4/3/2008, David Bell [EMAIL PROTECTED] piše:
Added that, no difference.
How do I put it in the request too?
Thanks
David
-Original Message-
From: Ivan Kalik [mailto:[EMAIL
.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
You comment out slq entries in radiusd.conf.
Ivan Kalik
Kalik Informatika ISP
Dana 4/3/2008, johnson elangbam [EMAIL PROTECTED] piše:
hi,
Do i need to disabled rlm_sql module if I am using perl script to fetch
data from the database. If so then how do i disabled the rlm_sql module
Cisco documentation. It will say how to log into the device.
Ivan Kalik
Kalik Informatika ISP
Dana 4/3/2008, David Bell [EMAIL PROTECTED] piše:
Ahh so something very fundimental then
How do I chage the request type?
-Original Message-
From: Ivan Kalik [mailto:[EMAIL PROTECTED]
Sent
connection parameters in the perl, or is there any other means like as we do
in the sql.conf.
Please yourself. Both ways will work. You can even use connection details
in sql.conf.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
checkval works with attributes. It doesn't particularly care if check
item comes from slq, ldap, files etc.
Ivan Kalik
Kalik Informatika ISP
Dana 6/3/2008, rsg [EMAIL PROTECTED] piše:
Hi,
Could checkval work with mysql instead of LDAP?
If so could someone elaborate on it.
Thanks,
rsg
http://wiki.freeradius.org/Dialup_admin
Ivan Kalik
Kalik Informatika ISP
Dana 7/3/2008, parfait kouassi nda [EMAIL PROTECTED] piše:
I'm using my freeradius server like proxy, and i want to administrate it in
web mode page with dialupadmin. what is the files that i must configure
1 - 100 of 1351 matches
Mail list logo