As seen, there is no any data in %{Realm}.
Refer to man rlm_realm
...realms have to be defined in proxy.conf for suffix to recognise them:
realm un {
...
}
Alternatively, use a regex in unlang to split the username as you wish.
-James
--
James J J Hooper
Network Specialist
Information
,
direct replies (COA or otherwise) won't work.
-James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 16/05/2010 10:26, John Raja wrote:
Hi,
I have installed freeradius server in centos. I am trying to test with
below mentioned command i am getting the error output as given below ,
Please help me out...
I have created the username in the user file bobCleartext-Password
:= hello
_Command_
On 25/05/2010 06:30, Robert Wilkinson wrote:
I feel defeated. I was able to get an access-accept result. During my
attempt to use MySQL it appears that I broke my configuration.
I am using freeradius 2.1.8 on ubuntu 10.4 server.
Here is my freeradius -X debug output:
WARNING: Empty section.
On 09/06/2010 17:56, James J J Hooper wrote:
Hi Alan, All,
Since upgrading to 2.1.9, FR is segfaulting frequently (every 20 minutes
with load, every ~8 hours with less load).
Attached -X at startup, and the last 100 lines before segfault.
If someone can explain how to drive GDB (or any other
On 09/06/2010 21:17, James J J Hooper wrote:
On 09/06/2010 17:56, James J J Hooper wrote:
Hi Alan, All,
Since upgrading to 2.1.9, FR is segfaulting frequently (every 20 minutes
with load, every ~8 hours with less load).
Attached -X at startup, and the last 100 lines before segfault
--On Thursday, June 10, 2010 10:10:05 +0200 Alan DeKok
al...@deployingradius.com wrote:
James J J Hooper wrote:
OK - GDB log attached. This is from git branch v2.1.x, up to and
including 0e9ae1698ba55b16b149 (Cleaned up debug output to be readable -
about 7 hours ago
On 10/06/2010 22:20, Alan Buxey wrote:
Hi,
OK. I fixed both problems. Thanks for tracking it down, it made the
fix much simpler.
Do a 'git pull' for the v2.1.x branch, and re-build. It should now be
OK.
hmm, this is interesting...James, do you use COA at all? we dont but
this code
On 10/06/2010 22:42, James J J Hooper wrote:
On 10/06/2010 22:20, Alan Buxey wrote:
Hi,
OK. I fixed both problems. Thanks for tracking it down, it made the
fix much simpler.
Do a 'git pull' for the v2.1.x branch, and re-build. It should now be
OK.
hmm, this is interesting...James, do you
http://www.google.co.uk/search?q=freeradius+commercial+supportbtnI=1
??
On 16/06/2010 23:03, Jackal Admin wrote:
Even if you aren't able to provide support, I'd be interested in any
suggestions for where to get support from.
Jackal Admin wrote:
We have a a hotspot authentication system
HI,
Wed Jul 14 10:51:16 2010 : Info: [mschap] expand:
--nt-response=%{mschap:NT-Response:-00} -
--nt-response=a3492c6411f5548251a05606aa028964d34b69c58e61c7d5
Wed Jul 14 10:51:16 2010 : Debug: Exec-Program output: winbind client not
authorized to use winbindd_pam_auth_crap. Ensure
, you need to click the Advanced-settings
button, change to the EAP page, select 'Use manual user name' and enter
whatever you want in the box.
(
http://www.wireless.bris.ac.uk/getconnected/services/eduroam/go-anything/#anomalies
)
Regards,
James
--
James J J Hooper
Network Specialist
}
}
reject = return
}
}
...
}
-James
--
James J J Hooper
University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
,
James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--On 14 September 2010 08:15 +0100 James J J Hooper
jjj.hoo...@bristol.ac.uk wrote:
--On 14 September 2010 17:01 +1000 Strong, Mark mstr...@tnsi.com
wrote:
Hi Guys,
I have free radius 2.1.6, and it has quite a chunk of memory inuse at
the moment, are there any known issues
On 15/09/2010 19:43, John Dennis wrote:
On 09/15/2010 02:21 PM, Alan Buxey wrote:
Hi,
seems okay
For certificate, do we need a server certificate for both radius1 and
radius2 if we want supplicant to verify the server certificate?
you can use the same server certificate - so that the
/unsubscribe? See
http://www.freeradius.org/list/users.html
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--On Tuesday, September 28, 2010 16:19:46 +0100 James J J Hooper
jjj.hoo...@bristol.ac.uk wrote:
Hi Alan,
I'm getting a make error. I tried ./configure --without-radsniff but
still the same... Is there a switch to disable building radsniff or do I
have to get the PCAP libraries
--On Tuesday, September 28, 2010 17:48:39 +0200 Alan DeKok
al...@deployingradius.com wrote:
James J J Hooper wrote:
Hi Alan,
I'm getting a make error. I tried ./configure --without-radsniff but
still the same... Is there a switch to disable building radsniff or do I
have to get the PCAP
!= PW_AUTHENTICATION_ACK) {
RDEBUG2(SoH was rejected);
-James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
-
List info/subscribe/unsubscribe? See http
]
... Therefore patch attached {confd-by= format only a suggestion}.
-James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
--- soh.c-orig 2010-10-11 20:54:28.0 +
+++ soh.c-new1 2010-10-11 21
On 11/10/2010 22:14, James J J Hooper wrote:
On 11/10/2010 12:37, Phil Mayers wrote:
On 09/10/10 15:01, Garber, Neal wrote:
Thanks to a lot of work by Phil Mayers, the server now has support for
Microsoft SoH in PEAP, normal RADIUS (MS VPN gateway), and in DHCP.
Wow! That *must* have been
;
home-zombie_period_start.tv_sec = home-last_packet;
home-zombie_period_start.tv_sec = USEC / 2;
{Apologies if I'm totally going in the wrong direction}
Regards,
James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk
On 07/11/2010 10:32, mic...@casa.co.cu wrote:
Hello
Gentlemen, there are problems on the list and everyone is on vacation or
just moved to see activity on the list?
I repeat my previous message, only this time I'm more brief
The silence was your answer:
You would like FreeRADIUS to return
On 11/10/2010 22:14, James J J Hooper wrote:
On 11/10/2010 12:37, Phil Mayers wrote:
On 09/10/10 15:01, Garber, Neal wrote:
Thanks to a lot of work by Phil Mayers, the server now has support for
Microsoft SoH in PEAP, normal RADIUS (MS VPN gateway), and in DHCP.
Wow! That *must* have been
-freeradius-case-study.pdf
Regards,
James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
it though.
Hi Brett,
It sounds like the linelog module may do what you need, in conjunction
with unlang for the conditionals:
https://github.com/alandekok/freeradius-server/blob/v2.1.x/raddb/modules/linelog
Regards,
James
--
James J J Hooper
Network Specialist
Information Services
University
...and then testing it:
echo 'User-Name = 現年快樂' | radclient -x 137.222.253.91:16010 auth
SECRET
Sending Access-Request of id 161 to 137.222.253.91 port 16010
User-Name = 現年快樂
rad_recv: Access-Accept packet from host 137.222.253.91 port 16010, id=161,
length=20
Regards,
James
--
James J J Hooper
the given IP from an accounting packet though. Use a
DB to match things up.
Regards,
James
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
will take
host\\computer.domain.name and turn it in to computer$ automatically).
-James
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
.
That could be fixed for 2.1.11, I guess. If someone can test it...
Yes please, and will do.
-James
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--On Friday, March 04, 2011 11:49:50 +0100 Alan DeKok
al...@deployingradius.com wrote:
James J J Hooper wrote:
That could be fixed for 2.1.11, I guess. If someone can test it...
Yes please, and will do.
Try this patch. You should see MSCHAP Failure in the debug log,
where
--On Friday, March 04, 2011 12:04:51 + James J J Hooper
jjj.hoo...@bristol.ac.uk wrote:
--On Friday, March 04, 2011 11:49:50 +0100 Alan DeKok
al...@deployingradius.com wrote:
James J J Hooper wrote:
That could be fixed for 2.1.11, I guess. If someone can test it...
Yes please
--On Friday, March 04, 2011 13:32:35 +0100 Alan DeKok
al...@deployingradius.com wrote:
Alan DeKok wrote:
James J J Hooper wrote:
rlm_eap_mschapv2.c: In function `mschapv2_authenticate':
rlm_eap_mschapv2.c:658: error: called object is not a function
rlm_eap_mschapv2.c:658: error: too few
by 40% by doing this. N.B Resumed
sessions will not touch your inner-tunnel config, so you have to make sure
that you pay attention when (re-)assigning VLANs / other returned
attributes based on username.
-James
--
James J J Hooper
Network Specialist, University of Bristol
http
/credential stealing attacks etc. This may be
acceptable in your environment, but if not, you'll still need to actively
configure the client.
-James
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http
a CN to match, so using a
self-signed cert, and setting the client just to trust that CA mitigates
the public CA vector.
-James
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
On 07/03/2011 22:18, Arran Cudbard-Bell wrote:
On Mar 7, 2011, at 4:05 PM, James J J Hooper wrote:
On 07/03/2011 21:42, John Dennis wrote:
I changed default_eap_type=md5 to default_eap_type=ttls and now the
Macs are able to authenticate without Certs or any configuration on their
side
On 30/03/2011 22:59, Robert Roll wrote:
Freeradius Version 2.1.10
I'm trying to return a vendor attribute, but I don't seem to be seeing it in
the access-accept ?
I am inner tunneling to Peap, and you can see the attribute is there...
Airespace-Interface-Name = wifi-chem-uconnect
On 02/04/2011 18:29, ziko wrote:
Hello.
I am using Freeradius 2 with openldap 2.3.43 on my CentOS 5.
My OPenldap works grate without freeradius, and freeradius works without ldap.
But i cant connect ldap and freeradius.
my ldapsearch output:
ldapsearch -x
# extended LDIF
#
# LDAPv3
# base
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
index c512018..3f3fc46 100644
--- a/src/modules/rlm_mschap/rlm_mschap.c
+++ b/src/modules/rlm_mschap/rlm_mschap.c
@@ -1239,9 +1239,21 @@ static int mschap_authenticate
--On Thursday, April 07, 2011 13:33:33 +0100 James J J Hooper
jjj.hoo...@bristol.ac.uk wrote:
Attached are the two 'git diff' that I ended up with.
gzipped so they don't get messed up.
-James
p1.txt.gz
Description: Binary data
p2.txt.gz
Description: Binary data
-
List info/subscribe
On 07/04/2011 13:33, James J J Hooper wrote:
--On Wednesday, April 06, 2011 15:42:11 -0500 john.hayw...@wheaton.edu wrote:
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
I don't know if this should be sent to the developers list instead.
=== Background
On 08/04/2011 08:54, Alan DeKok wrote:
Phil Mayers wrote:
+1 - In my experience it's necessary to cater for windows' weirdness
*first*. Most other clients have sane behaviours. I'm concerned about
the we didn't do much windows testing line...
Yup.
I've just pushed some changes to the
On 10/04/2011 07:03, Alan DeKok wrote:
James J J Hooper wrote:
I've may have mis-understood the code, but I think the EAP MS-CHAP-v2
Failure packet, should be an EAP *request* (currently it's EAP failure)??
Yes, thanks.
Also, args to pairmove2 are wrong way around, as attached.
-James
On 10/04/2011 12:16, James J J Hooper wrote:
On 10/04/2011 07:03, Alan DeKok wrote:
James J J Hooper wrote:
I've may have mis-understood the code, but I think the EAP MS-CHAP-v2
Failure packet, should be an EAP *request* (currently it's EAP failure)??
Yes, thanks.
Also, args to pairmove2
On 10/04/2011 12:39, James J J Hooper wrote:
On 10/04/2011 12:16, James J J Hooper wrote:
On 10/04/2011 07:03, Alan DeKok wrote:
James J J Hooper wrote:
I've may have mis-understood the code, but I think the EAP MS-CHAP-v2
Failure packet, should be an EAP *request* (currently it's EAP failure
On 10/04/2011 12:57, James J J Hooper wrote:
On 10/04/2011 12:39, James J J Hooper wrote:
On 10/04/2011 12:16, James J J Hooper wrote:
On 10/04/2011 07:03, Alan DeKok wrote:
James J J Hooper wrote:
I've may have mis-understood the code, but I think the EAP MS-CHAP-v2
Failure packet, should
= 448
ASSERT FAILED xlat.c[1048]: outlen 0
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk
--
Config bits:
server eduroamlocal-soh {
authorize {
if (SoH-Supported == no) {
update config {
Auth-Type
On 04/05/2011 11:24, Phil Mayers wrote:
On 04/05/11 10:42, James J J Hooper wrote:
[updated] returns updated
+++- if ((Calling-Station-Id) %{Calling-Station-Id} =~
/^%{config:policy.mac-addr}$/i) returns updated
+++ ... skipping else for request 750: Preceding if was taken
++- policy
On 04/05/2011 11:37, Phil Mayers wrote:
On 04/05/11 10:42, James J J Hooper wrote:
Hi All,
Sorry for the sketchy details
We got an
ASSERT FAILED xlat.c[1048]: outlen 0
with a PEAP user. The bit of the -X I have is as below, and the soh
virtual server config is attached. I have no further
On 09/05/2011 12:22, Alan DeKok wrote:
Alexander Clouter wrote:
Updating to git's v2.1.x to go on a post-Easter bughunt and found the
following accounting packet[1] seems to segfault freeradius:
...
#1 0x403075d8 in fnmatch () from /lib/libc.so.6
#2 0x409da598 in do_detail
On 17/05/2011 22:28, Frank Dornheim wrote:
Dear FreeRADIUS users,
i try to migrate my radius setup to LDAP.
I use mainly the informations from Frank Ranner
(http://lists.cistron.nl/pipermail/freeradius-users/2007-September/msg00205.html).
Today i have a problem to understand the xlat statement
On 19/05/2011 21:00, Garber, Neal wrote:
I found a similar user in an old thread who submitted a patch:
(http://freeradius.1045715.n5.nabble.com/Capturing-ntlm-auth-failure-
reasons-in-rlm-mschap-td2791760.html)
And it appears that this patch made it into the rlm_mschap.c module code:
I
On 12/07/2011 02:50, Nick Kartsioukas wrote:
I've been looking through the wiki and staring at the config files and
I'm...confused.
I've successfully gotten our Cisco WLC to authenticate against
ActiveDirectory as well as a Sun LDAP server (just one at a time) via
FreeRADIUS for a single test
On 01/08/2011 22:08, d.tom.schm...@l-3com.com wrote:
Currently running 1.1.3 on CentOS 5.x.
Upgrade
I am currently using the flat file option and it works just fine as long
as the permissions on the file are:
664 RW-RW-R—
Record in the file looks like:
Tom tab Auth-Type := Local,
On 05/08/2011 17:00, John Dunning wrote:
Greetings all,
We've been running freeradius 1.x on Debian Lenny for some time with great
success authenticating against Novell eDirectory/LDAP.
Our Linux guru has moved on to exciting new opportunities and while the rest of
us are decent at linux
on how you are
generating the CoA this may be problematic, but is easily solved with a
line in your iptables config:
*nat
-A POSTROUTING -p udp --dport 3799 -d NAS-IP -j SNAT --to-source
radius-server-IP:radius-listening-port
COMMIT
-James
--
James J J Hooper
Senior Network Specialist
Total denied auths: 0
Total lost auths: 0
...so it seems you need User-Name, Calling-Station-Id and Service-Type.
-James
--
James J J Hooper
Senior Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http
On 29/08/2011 15:13, Alan DeKok wrote:
I've put some pre releases of 2.1.12 on the web site:
http://git.freeradius.org/pre/
Please let me know if there are any problems. If not, this can become
2.1.12.
All seems good so far.
-James
radmin show version
FreeRADIUS Version 2.1.12, for
On 06/09/2011 00:36, Rob Turner wrote:
Default in modules/acct_unique:
acct_unique {
key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port
}
The man page for rlm_acct_unique shows:
acct_unique {
key = User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Port
}
Anyone know
On 16/09/2011 17:24, Phil Mayers wrote:
On 16/09/11 16:59, denizaydin wrote:
Hi,
I am using Version 2.1.11 for broadband PPP authentication. I want to put
the unauthenticated users to a default service. I have to revert the
access-reject message to access-accept because once CISCO ISG get a
Don't do that.
Instead, don't reject the in the first place. For example:
authorize {
...
sql
if (notfound) {
update control {
Auth-Type := Accept
}
}
}
Above won't work since:
https://github.com/alandekok/freeradius-server/commit/1a00da32c13fb979e11748250da469c7ac4474a8
-James
On 17/09/2011 01:56, Alan DeKok wrote:
James J J Hooper wrote:
Above won't work since:
https://github.com/alandekok/freeradius-server/commit/1a00da32c13fb979e11748250da469c7ac4474a8
-James
https://github.com/alandekok/freeradius-server/commit/1a00da
In fact this dictionary change breaks
On 20/09/2011 11:38, denizaydin wrote:
I can not see its giving this error while starting. Do I have to change
installation directory or the library dirctory in the radiusd.conf?
[10:15:39.9] gmake[11]: Entering directory
Hi Alan et al,
I'm having trouble getting FR by git (was previously working):
$ grep url .git/config
url = git://git.freeradius.org/freeradius-server.git
$ git pull origin v2.1.x:v2.1.x
fatal: The remote end hung up unexpectedly
Is there an issue with git.freeradius.org? (Is anyone
before it
goes to ntlm_auth against your AD).
Regards,
James
--
James J J Hooper
Senior Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 13/10/2011 21:35, James J J Hooper wrote:
On 13/10/2011 21:16, Kevin Chan wrote:
Hi all,
hopefully i got to the right group of people.
We are trying to use Freeradius to do PEAP/MSCHAPv2
authentication against Active Directory (2003). Our realm is
abc.acme.edu, but since Eduroam doesn't
On 14/10/2011 16:13, Martin Ubank wrote:
Here’s the full output from ‘radiusd –X’:
The bit at the top that tells us what radiusd has read from the config
files is missing.
It's not executing ntlm_auth by the looks of what you posted, so you need
to look at why. The first bit of radiusd -X
On 15/10/2011 01:18, OzSpots - Carl Sawers wrote:
Hi All, I have searched high and low for a Radacct Terminate cause
description for Freeradius, the terminate cause states “Lost-Session” ,
anyone know what it refers too?
Please set a subject when posting to a mailing list.
On 15/10/2011 12:14, Ray Scholl wrote:
Good morning:
So, I took all of your advice - example constructs, suggestion to do a little
testing etc. I built a duplicate server and my question still remain.
The construct I have -
if ( clients_ldap-Ldap-Group ==
On 21/10/2011 20:44, Eric Geier wrote:
Hi, I’m trying to update my server’s cert, but getting errors
after applying it:
Fri Oct 21 12:26:45 2011 : Error: TLS Alert read:fatal:certificate
expired
Fri Oct 21 12:26:45 2011 : Error: TLS_accept:failed in SSLv3
read client certificate A
Fri Oct
On 21/10/2011 22:31, Eric Geier wrote:
Thanks for the reply!
Yes, the clients are set with correct time/date.
That command didn't work. Did you mean openssl verify command? I
ran that and both the old cert (still valid for a few days) and
the new cert (already valid) shows correct domain but
On 23/10/2011 16:02, Andreas Rudat wrote:
Hello,
I understand it correctly, that I can't use peap + mschapv2 with ldap? Im realy
confused atm, what I can realy use, everytime I think its fine, I found another
unsecure thing :/
To use PEAP/MS-CHAPv2, LDAP has to provide FR with either a
On 27/10/2011 00:51, Toby wrote:
Hi all,
I apologize in advance if this question has been answered previously
but I have searched extensively and cannot find discussion of this
particular topic.
What I am wanting to setup, at least initially, is a WPA2 enterprise
(802.11i) wireless access
On 01/12/2011 22:41, Piotr wrote:
This is debug from l2tp/ipsec connection:
CHAP-Password = 0x01972f0886c4e5e2f30e32053dbcf67504
[chap] login attempt by tom3 with CHAP password
[chap] Cleartext-Password is required for authentication
++[chap] returns invalid
Failed to authenticate the
...
}
... you could use unlang to wrap it in an if statement if you wanted to be
selective about when to apply it.
-James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
-
List
Attribute Go=Service1
BUT IF;
A request comes with User-Name: XXX, Password: YYY and Attribute
A = Go2
The Access-Accept should include Attribute Go=Service2
Is this possible?
It is.
http://freeradius.org/radiusd/man/unlang.html
-James
--
James J J Hooper
Network Specialist
Information Services
/winbindd_privileged
say on your system?? Perhaps you have lost the execute bit on your
directory permissions?
-James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
-
List info
--On 08 January 2010 22:24 + James J J Hooper
jjj.hoo...@bristol.ac.uk wrote:
--On 08 January 2010 17:14 -0500 freerad...@corwyn.net wrote:
I had everything working fine, and now it's not. (I use the ldap module
to auth)
When I look through the logs, I'm getting
1
Apologies if I have misunderstood the code.
-James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi All,
When a client does session resumption:
cache { enable = yes} in eap.conf
The session User-Name (from previous access-accept) is restored from the
cache e.g:
[ttls] Skipping Phase2 due to session resumption
[ttls] Adding cached attributes to the reply:
User-Name = ab1234
On 17/01/2010 20:22, Alan Buxey wrote:
Hi,
One thing to remember, is for *your* users roaming at other universities
to remember to remove the reply:User-Name attribute to protect the
guilty. :)
the best thing to do for this is to create a new virtual server - eg 'eduroam' -
which is
On 20/01/2010 21:08, Коньков Евгений wrote:
Hi
If program runned from cron run another process like:
curl or wget or anithign else located at PATH
it says: can not find curl etc.
NOTICE: when programm is runned from cron there is no PATH environment
variable
Does any know how to pass
On 20/01/2010 23:36, Arran Cudbard-Bell wrote:
On 1/17/2010 8:37 AM, Alexander Clouter wrote:
James J J Hooperjjj.hoo...@bristol.ac.uk wrote:
In order to also return e.g. VLAN IDs (that could be computed from the
inner User-Name in a non-session-resumption enabled config), I can move
the
--On Thursday, January 21, 2010 10:05:36 AM + Alexander Clouter
a...@digriz.org.uk wrote:
James J J Hooper jjj.hoo...@bristol.ac.uk wrote:
How did you get around the my policy rejects you now, but i've already
sent a tunneled success TLV in the TLS tunnel and you're now ignoring my
--On Wednesday, January 27, 2010 05:11:26 PM + Mark Smith
mark.sm...@abelalarm.co.uk wrote:
Please see attached radiusd -X dump file as requested.
Mark Smith
Systems Engineer
-Original Message-
From: Alan Buxey [mailto:a.l.m.bu...@lboro.ac.uk]
Sent: 27 January 2010 14:39
To:
...
if (control:Auth-Type == EAP) {
update control {
Proxy-To-Realm := xyz.com
}
}
-James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
-
List info/subscribe/unsubscribe? See http
ATTRIBUTE Packet-Authentication-Vector1088octets
Alan DeKok.
can't get it to work:
radius -X says:
WARNING: Attempt to use unknown xlat function, or non-existent attribute in
string %{Packet-Authentication-Vector}
in radiusd.conf:
exec logit {
wait
= ads.bris.ac.uk
where ads.bris.ac.uk is a round robin resolving to the IPs of 11 domain
controllers.
Regards,
James
--
James J J Hooper,
Information Services
University of Bristol
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--On 09 March 2006 23:20 + James J J Hooper [EMAIL PROTECTED]
wrote:
--
Message: 6
Date: Thu, 9 Mar 2006 13:17:48 -0500
From: King, Michael [EMAIL PROTECTED]
Subject: Machine Authecitation with PEAP
Has anyone gotten Machine Authentication with PEAP
eap.conf for configuration details. (you
have not enabled peap in the file)
Regards,
James
--
James J J Hooper,
Information Services
University of Bristol
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problems when specifying the domain on the
command line before)
Regards,
James
--
James J J Hooper,
Information Services
University of Bristol
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
back to the AP and if it doesn't match, then it can
locally fail to authorize the user.
I don't think 1200's do send the attribute by default in the
access-request. To make it do so, use this command:
radius-server vsa send authentication
Regards,
James
--
James J J Hooper,
Information
--
James J J Hooper,
Information Services
University of Bristol
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
/winbindd_privileged are set correctly. (0xc022)
change the permissions on /var/cache/samba/winbindd_privileged so that the
user radius runs as has access to it.
e.g:
chgrp radiusd /var/cache/samba/winbindd_privileged
chmod g+rw /var/cache/samba/winbindd_privileged
Regards,
James
--
James J J
need. Presently you only have:
radius-server vsa send accounting
so the SSID is only being sent in accounting packets.
(having both is fine)
Regards,
James
--
James J J Hooper,
Information Services
University of Bristol
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
the searchString at LDAP like 250-IT$. How can I strip away that
host/ and add $ for the search at the LDAP Directory?
In your LDAP section of radiusd.conf, replace this:
%{Stripped-User-Name:-%{User-Name}}
with this:
%{Stripped-User-Name:-%{mschap:User-Name}}
Regards,
James
--
James J J Hooper
PROTECTED]
[mailto:[EMAIL PROTECTED]
g] Im Auftrag von James J J Hooper
Gesendet: Samstag, 22. Juli 2006 10:31
An: FreeRadius users mailing list
Betreff: Re: Since 2 Month noone any idea how to do this ? Stripping
Username Question *important*
--On Saturday, 22 July 2006 09:23 +0200 Krämer Armin
1 - 100 of 115 matches
Mail list logo
