Hi Jean-Marie,
it's preferable to use the integer values instead of ASCII strings.
So for the switching VLAN, I create a local VLAN on Cisco Aironet with a
speficied SSID. The user configuration questions this SSID and according to
the user, this one is switched in the VLAN defines in configuratio
Hi,
It's possible to switch VLAN when the user connecting to Cisco Aironet.
For 802.1x with VLAN switching, three radius attribute-value pairs are
defined.
In the user file for example:
xxx User-Password == "xxx"
Tunnel-Type:1 = 13,
Tunnel-Medium-Type:1 = 6,
Tunnel-Private-Group-ID:1 = 17
Do I have to do this to all users?
I thought that LDAP server would give me a password.
>>> [EMAIL PROTECTED] 09/29/04 4:04 PM >>>
"Andrew Werbowy" <[EMAIL PROTECTED]> wrote:
> I am giving right password.
Yes, I know. That's not the point. The point is that the *server*
doesn't know what the
Alan - so sorry - it was in the MySQL table for a test user that I formerly
used and just used it to try again. I am sorry to waste your time.
Tim
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 29, 2004 5:02 PM
To: [EMAIL PROTECTED]
Subject:
Tim,
Looks like you are having some of the same trouble I am.
The config file that I am working with that I had to remove the
Auth-Type from is the user file.
Shaun
On Wed, 29 Sep 2004 17:04:05 -0400, Tim Rich, Jr.
<[EMAIL PROTECTED]> wrote:
> Alan - Thanks for the quick reply. I am assuming
Shaun McCloud <[EMAIL PROTECTED]> wrote:
> I have tried some veriance to that line, such as:
> egnaro Auth-Type := Local, User-Password == "test"
> egnaro Auth-Type := Local
> egnaro Auth-Type := System
>
> No login success with any of those. So if i do not n
Hehe,
Ok call me a little thick.
I changed the line to
egnaro User-Password == "test"
and it logs in just fine.
Though am I asuming correctly that I cannot use the system passwords?
Thanks again Alan, you got great patience.
On Wed, 29 Sep 2004 13:58:48 -0700, Shaun McClou
Alan - Thanks for the quick reply. I am assuming that when you say " Don't
set "Auth-Type" The server will figure it out" you mean on the cisco as I
don't know where that would be set in the radiusd.conf; however, I have
followed the book to the "t" and it has local in it. So you say just remove
Hmm,
The only way I can seem to login is if I use the line
> egnaro Auth-Type := EAP, User-Password == "test"
I have tried some veriance to that line, such as:
egnaro Auth-Type := Local, User-Password == "test"
egnaro Auth-Type := Local
egnaro Aut
I am trying to set up eap-tls yadda yadda I have been following these
instructions to a tee:
http://www.broadbandreports.com/forum/remark,9286052~mode=flat
... (kudos to jbibe btw)
I am stuck trying to locate a script on this howto:
http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm
D
"Tim Rich, Jr." <[EMAIL PROTECTED]> wrote:
> Here is the clip from the output as Alan requested. (and thanks, Alan, I
> should have mentioned that I looked in the FAQ, the book, and the archives
> before posting the note - thanks for the reminder. I have been on the list
> for 17 months or so and
Shaun McCloud <[EMAIL PROTECTED]> wrote:
> I changed the line in my users file to read
> egnaro Auth-Type := EAP, User-Password == "test"
You shouldn't have to specify Auth-Type, the server should figure it
out. See eap.conf.
> And I can login just fine... It works, but I still get th
OK, now i am just more confused.
I changed the line in my users file to read
egnaro Auth-Type := EAP, User-Password == "test"
And I can login just fine... It works, but I still get the
Any clues then as to what that is refering too?
here again is the complete radius -X -A output.
[E
List -
Here is the clip from the output as Alan requested. (and thanks, Alan, I
should have mentioned that I looked in the FAQ, the book, and the archives
before posting the note - thanks for the reminder. I have been on the list
for 17 months or so and realize how much you add to the list - Tha
Shaun McCloud <[EMAIL PROTECTED]> wrote:
> The touble I seem to be unable to get away from is the User-Password attibute>.
That message just says that the user was rejected.
> I know I must be missing something simple, but having never set up
> radius for wireless I can't seem to find what it
"Tim Rich, Jr." <[EMAIL PROTECTED]> wrote:
> I'm not sure what to send to assist you all in resolving this, but if you
> say what to send, I will send it.
Run the server in debugging mode, as suggested in the FAQ and README.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.fr
Hello group – I am running freeRADIUS successfully for
authorization; however, I have recently included a CISCO 5300 into the mix, not
getting a password from the CISCO server
(O/S RH AS 2.1/ freeradius .08)
Line from the log file:
Mon Sep 20 16:10:30 2004 : Auth: Login incorrec
I know this seems to be a common question, and I have seen many
replies, but no conclusions on how to actally fix it.
I have setup on a Redhat 9.0 server freeradius-1.0.1.tar.gz and did a
standard compile, with just ./configure && make && make install.
I also have OpenSSL 0.9.7a Feb 19 2003 on t
"Andrew Werbowy" <[EMAIL PROTECTED]> wrote:
> I am giving right password.
Yes, I know. That's not the point. The point is that the *server*
doesn't know what the correct password is.
Put the following at the top of the "users" file:
#---
tor_sysop_2 User-Password == "insert_correct_pas
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alan,
I completely agree. I went back and re-read the discussion, and
realized that I might have misinterpreted an earlier statement by you.
(I thought you were claiming he could not distribute a closed-source
dynamically loaded module, even if that
Just understand the multiple default entries in
radiusd.conf.
Thanks a lot for your reply.
--- Kostas Kalevras <[EMAIL PROTECTED]> a écrit :
> On Mon, 20 Sep 2004, Bad Moh wrote:
>
> > Hi,
> >
> > How can I configure freeradius to allocate ip
> address from different pools based on the users
I am giving right password. Here is full communication process
rad_recv: Access-Request packet from host 1.155.6.61:32778, id=117, length=139 Service-Type = Framed-User Framed-Protocol = PPP User-Name = "tor_sysop_2" MS-CHAP-Challenge = 0x2053179c048b92772bdc6952e1ad
The "Acct_Output_Octets_64" isn't a standard RADIUS attribute. It's
a Redback attribute. (see dictionary.redback)
I suggest asking Redback what it means, and why it's zero.
Alan DeKok.
Okay, will do. Thank you very much!
t-
--
Terry J Fike Jr
System Administrator
MTA Solutions
907-793-4100
"Andrew Werbowy" <[EMAIL PROTECTED]> wrote:
> modcall: entering group Auth-Type for request 3
> rlm_mschap: No User-Password configured. Cannot create LM-Password.
> rlm_mschap: No User-Password configured. Cannot create NT-Password.
> rlm_mschap: Told to do MS-CHAPv2 for tor_sysop_2 with N
Sorry... I had Replay To All set on my mailbox options.
I did change and now I get this:
rlm_ldap: performing search in o=cbcsrc, with filter (uid=tor_sysop_2)rlm_ldap: looking for check items in directory...rlm_ldap: looking for reply items in directory...rlm_ldap: user tor_sysop_2 authorize
Terry J Fike Jr <[EMAIL PROTECTED]> wrote:
> >Umm...not sure, much of this was originally set up by someone else and
> i just copied
> the sql queries into the sql.conf file from our original version
> (0.8.3). Here is an example of one of the queries
>
> accounting_update_query = "INSERT into i
Jon Moore <[EMAIL PROTECTED]> wrote:
> From section 2 of the GPL (regarding the rights to modify the Program):
>
> "These requirements apply to the modified work as a whole. If
> identifiable sections of that work are not derived from the Program,
> and can be reasonably considered independent a
Terry J Fike Jr <[EMAIL PROTECTED]> wrote:
/ Okay, i'm not sure if this is the right place, to ask, but since it is /
/ more or less radius accounting i thought i'd try here. Does anyone know /
/ the difference in the data in the columns inputoctets/outputoctets and /
/ inputoctets64/outputoctets6
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sep 29, 2004, at 2:20 PM, Alan DeKok wrote:
Jon Moore <[EMAIL PROTECTED]> wrote:
No. The module will be linked into the server, and will be part of
it. It therefore must be GPL'd.
I don't think this is technically correct. While I agree that he
I think this more of the IOS configuration
Have you looked this yet
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t1/dtaudnis.htm#xtocid12091
And make sure you are receiving DNIS from the Telco
Kafui Amedzekor.
--- Tim Petersen <[EMAIL PROTECTED]> wrote:
> He
Jean-Marie GUILLEMOT <[EMAIL PROTECTED]> wrote:
> I'm trying to assign wireless users connecting to Cisco Aironet 1230 to VLAN
> thanks to Freeradius.
I'm not sure that's possible. See the Cisco AP documentation for a
list of what attributes it can understand in an Access-Accept.
Alan DeKok.
Jon Moore <[EMAIL PROTECTED]> wrote:
> > No. The module will be linked into the server, and will be part of
> > it. It therefore must be GPL'd.
>
> I don't think this is technically correct. While I agree that he cannot
> distribute a binary-only modified FreeRadius, there is nothing stopping
Terry J Fike Jr <[EMAIL PROTECTED]> wrote:
> Okay, i'm not sure if this is the right place, to ask, but since it is
> more or less radius accounting i thought i'd try here. Does anyone know
> the difference in the data in the columns inputoctets/outputoctets and
> inputoctets64/outputoctets64 a
Okay, i'm not sure if this is the right place, to ask, but since it is
more or less radius accounting i thought i'd try here. Does anyone know
the difference in the data in the columns inputoctets/outputoctets and
inputoctets64/outputoctets64 and why there would always be data in the
i/o colum
Hello all,
I am running freeradius 0.9.3 with mysql 4.0.18-standard.
I am trying to setup DNIS map on a cisco AS5300 running IOS ver
(C5300-IS-M), Version 12.2(15)T5
without any luck
Does anybody have any suggestions or know of a better way to do this?
Thanks in advance.
-
List info/subscr
It looks like its working... YEEEA!!!
Thanx Very much...
The
> always handled {
> rcode = handled
> }
> }
I found in the example in the /doc/configure-failover
Thanx again..
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sep 29, 2004, at 11:30 AM, Alan DeKok wrote:
Nour Omar <[EMAIL PROTECTED]> wrote:
My guess is that since it is seperate .so
module(dynamically loaded module) that is not part of FreeRADIUS
binary, It would not need the same licence as FreeRADIUS but
Dear List,
Following is my configuration:
freeRadius ver: 0.9.3
OS: debian woody
NAS: (Total control) USRHiper
My users file has a block for default user
DEFAULT Auth-Type := Accept, Simultaneous-Use := 1
Exec-Program-Wait = " -t auth",
Framed-IP-Address = 255.255.255.254,
hello,
SORRY, THE FIRST MAIL WAS UNCOMPLETE.
I'm trying to assign wireless users connecting to Cisco Aironet 1230 to VLAN
thanks to Freeradius.
Here's the situation :
- Cisco Aironet 1200 with 12.2(15)JA IOS with 3 VLAN :
...
interface Dot11Radio0
no ip address
no ip route-cache
!
encryptio
hello,
I'm trying to assign wireless users connecting to Cisco Aironet 1230 to VLAN
thanks to Freeradius.
Here's the situation :
- Cisco Aironet 1200 with 12.2(15)JA IOS with 3 VLAN :
...
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode wep mandatory
!
encrypt
"Andrew Werbowy" <[EMAIL PROTECTED]> wrote:
...
I'm on the list. Please don't CC me on mail. I get too much mail
as it is.
> modcall: group authorize returns ok for request 0
> rad_check_password: Found Auth-Type LDAP
> auth: type "LDAP"
> ERROR: Unknown value specified for Auth-Type. C
"Cris Boisvert" <[EMAIL PROTECTED]> wrote:
> $INCLUDE ${confdir}/sql.conf
> $INCLUDE ${confdir}/sql2.conf
>
> modules {
> sql sql {
> }
> sql sql2 {
> }
The $INCLUDE ${confdir}/sql.conf should be INSIDE of the modules{}
section, which means you don't need to have TWO d
On Wed, 29 Sep 2004, Cris Boisvert wrote:
> I have this in my radiusd.conf now. I get this error when I try to start
> radius
>
>
> Wed Sep 29 12:00:27 2004 : Info: rlm_sql_mysql: Starting connect to MySQL
> server for #0
> Wed Sep 29 12:00:27 2004 : Info: rlm_sql_mysql: Starting connect to MySQL
I removed this line and now I get this:
...
..
.
rlm_ldap: looking for check items in directory...rlm_ldap: looking for reply items in directory...rlm_ldap: user tor_sysop_2 authorized to use remote accessrlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for
I have this in my radiusd.conf now. I get this error when I try to start
radius
Wed Sep 29 12:00:27 2004 : Info: rlm_sql_mysql: Starting connect to MySQL
server for #0
Wed Sep 29 12:00:27 2004 : Info: rlm_sql_mysql: Starting connect to MySQL
server for #1
Wed Sep 29 12:00:27 2004 : Info: rlm_sql_
On Wed, 29 Sep 2004, Paul wrote:
> On Wed, 2004-09-29 at 08:55, Kostas Kalevras wrote:
> > On Tue, 28 Sep 2004, Paul wrote:
> >
> > >
> > > What i need is failover for accounting and session tracking.
> > > Auth will be done using LDAP.
> > >
> > > Mirroring the DB is not possibe because accountin
On Wed, 2004-09-29 at 08:55, Kostas Kalevras wrote:
> On Tue, 28 Sep 2004, Paul wrote:
>
> >
> > What i need is failover for accounting and session tracking.
> > Auth will be done using LDAP.
> >
> > Mirroring the DB is not possibe because accounting has alot of inserts,
> > that would need to hav
"Andrew Werbowy" <[EMAIL PROTECTED]> wrote:
> rlm_ldap: performing search in o=cbcsrc, with filter (uid=tor_sysop_2)
> rlm_ldap: no dialupAccess attribute - access denied by default
Look at access_attr in the ldap{} configuration in radiusd.conf.
You probably want to delete/comment out that line
"anonymous" <[EMAIL PROTECTED]> wrote:
> 1) During authentication, the server says that it does not recognize the
> Autz-Type attribute set on my user in the "users" file (as recommended in
> the test documentation). I had to remove this attribute to go further.
Are you willing to post the exa
[EMAIL PROTECTED] wrote:
> Processing the autenticate section of radiusd.conf
> modcall: entering group Auth-Type for request 0
> rlm_chap: login attempt by "Max" with CHAP password
> rlm_chap: Could not find clear text password for user Max
So... tell the server what the user's correct passwo
zack musa <[EMAIL PROTECTED]> wrote:
> Is there any simulation program that create session
> from multiple user for freeradius?
No. You can use "radclient", and create test packets by hand. It
isn't hard.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/u
Yup that’s what I'm getting also... now..
I'm glad I'm not alone
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Edgars
Sent: Wednesday, September 29, 2004 11:30 AM
To: [EMAIL PROTECTED]
Subject: Re: SQL db failover
i'm also trying to make this con
"Cris Boisvert" <[EMAIL PROTECTED]> wrote:
> I have been trying to do the same thing I have the references in the
> radius.conf as notated in the Doc's although I cannot get it to
> Connect to the second sql server
> I have this in the radius.conf
>
> $INCLUDE ${confdir}/sql.conf
> $INCLUDE ${co
"David" <[EMAIL PROTECTED]> wrote:
> Is it possible in FR 1.0.0 to check the database for
> [EMAIL PROTECTED] and then if it is not present, proxy
> the request to abc.com ?
Yes.
authorize {
group {
sql {
notfound = 1
}
Josh Howlett <[EMAIL PROTECTED]> wrote:
> I have some very noisy NASes generating a lot of spurious
> Acct-Status-Type=Alive requests. There's no way to turn these off at the
> NAS.
>
> Am I right in thinking that there's no way to drop a request on the basis
> of the value of Acct-Status-Type?
Raphael Clifford <[EMAIL PROTECTED]> wrote:
> a) Does the radius server have to be physically connected to the access
> point/on the same subnet/anywhere on the network?
The AP has to be able to send packets to the RADIUS server.
> c) Is there some simple step by step guide to setting up freer
Elad Kugman <[EMAIL PROTECTED]> wrote:
> I have a problem to define a Vendor-Specific Attribute in MYSql freeradius.
> I define it by MYSql Control Center in the radreply table.
Are you willing to say how, or is that a secret?
> When i check my user with the radtest i get the following msg:
>
"Mahesh S Kudva" <[EMAIL PROTECTED]> wrote:
> I have been trying to setup WPA Enterprise in windows 2000 professional.
> It works perfectly fine with Mac OS X. In windows, the OS accepts the
> certificate initially and that's it.
What do you mean "The OS accepts the certificate"?
> It never t
i'm also trying to make this configuration. But something doesn't stick
together.
i've added the following lines in the modules section:
sql sql1 {
}
sql sql2 {
}
but when starting the server the following appears:
Module: Instantiated preprocess (preprocess)
radiusd.conf[11] Fai
Stephen Donovan <[EMAIL PROTECTED]> wrote:
> Under 1.0.1, I edited the radiusd.conf, eap.conf, and other files so
> that they are similiar but the APs will not authenticate.
>
> Does anybody have any suggestion? Here is a copy of the output that I
> receive under 1.0.1.
You're running on Solari
Nour Omar <[EMAIL PROTECTED]> wrote:
> I wanted to write VOIP billing software( with prepaid, post-paid and
> advanced routing features, etc, etc) as FreeRADIUS plugin
> module. And I'm not sure if I want to make my module Open Source or
> not(Not decided yet).
If you are planning on distributin
"Andrew Werbowy" <[EMAIL PROTECTED]> wrote:
> Did anyone came across this issue?
...
Yes. A search on google would have found similar problems.
If you're not using rlm_x99_token, delete the whole directory.
> We want to use RADIUS to talk to LDAP server running Novell Netware
> platform for
We are trying to setup the following system:
1)Wireless users ask Wireless gateway for authentication
2)Gateway (BlueSocket) asks Suse(SLES 9.0) freeRadius server
for authentication.
3)freeRadius uses LDAP module to talk to LDAP running on Novell Server with eDirectory (NDS)
to get user inf
I need assistance configuring my Free Radius
install. Is anyone available to assist me for a small fee?
I would post my questions one by one but I feel it
would take forever and gum up this resource. I have been following the posts
with great interest but I still have some fundamental issue
I'm trying to setup a network where each AP on the network must
authenticate to a radius server before being assigned an IP address
and then joining the network. Using a commercial radius package, I had
to specify that the APs were Cisco APs to get everything to work.
Under 0.9.3, everything just
I'm having a problem getting freeradius to build under solaris 9.
Fresh install of Solaris 9, compilers from the companion cd.
the gmake fails in rlm_ldap when it is trying to do the ld. It
complains that it can't find the libraries
liblber, libldap_r, and libldap_ra. I tried linking to them from
Thanks it worked.>>> [EMAIL PROTECTED] 9/28/2004 11:33:27 PM >>>
>I am trying to install/compile freeRADIUS 1.0.1 version on >SUSE Ent 9.0. without success.>This is what I get when I do>./configure>make>.>...>..>In file included from x99_rlm.c:54:>x99.h:26:42: openssl/des.h: No such file or di
I may have seen something similar. I have FreeBSD 4.10 with gcc 2.95.4, and
I am trying to migrate from freeradius 0.9.3 to 1.0.1 but I get this segfault
at about the same point in startup when running in debug mode too. When not
in debug mode, the daemon just starts and hangs. I have provided g
Hello,
First, you should place Auth-Type := Accept in your radcheck not radreply
Second, please show us your configuration files.
Best Regards,
Brian Ammons wrote:
I am a radius rookie. I have FreeRadius 1.0.0 installed on Slack 9.1 and
have the mySql compatibility working as well. I ran the scri
On Tue, 28 Sep 2004, Chris Stith wrote:
> We're currently using ICRADIUS. One of the things we like about it is
> that we can use one MySQL database server for the radcheck and radreply
> information while we use another for accounting.
>
> I don't see in the documentation for rlm_sql any options
On Tue, 28 Sep 2004, Paul wrote:
>
> What i need is failover for accounting and session tracking.
> Auth will be done using LDAP.
>
> Mirroring the DB is not possibe because accounting has alot of inserts,
> that would need to have multi-master replication.
>
> I would like to use application data
I have just compiled
and installed a FreeRadius V1.0.1, with all the experimental modules (and esp.
simtriplets).
I have configured it
to use EAP-SIM authentication for one user.
I have
tried to run the eam-sim test number 6 using "radeapclient" and I am now
stuck on two problems:
hi all,
that's my configuration. Sorry for the mistakes.
users file:
Max Max-Daily-Session := 3600, Password = "Max", NAS-IP-Address
= "192.168.1.4", Simultaneous-Use = 1
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
I can't seem to get beyond this problem -- and it is
strange since I am simply moving from one server to
another. Both are SuSE 9.1 and yet it works on one, but not
on the second. Of course, I am cheating and copying all
files over. Although I have fully recompiled freeradius
1.0.1
Any suggestions
hi all,
that's my configuration.
users file:
Max Max-Daily-Session := 3600, Password = "Max", NAS-IP-Address
= "192.168.1.4", Simultaneous-Use = 1
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-MTU = 1500,
Idle-Timeout = 3600,
Port-Limit
hi all,
that's my configuration.
users file:
Max Max-Daily-Session := 3600, Password = "Max", NAS-IP-Address
= "192.168.1.4", Simultaneous-Use = 1
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 1500,
On Wed, Sep 29, 2004 at 08:10:45AM +0200, Oliver Graf wrote:
> On Fri, Sep 24, 2004 at 10:24:09AM -0400, Alan DeKok wrote:
> > Oliver Graf <[EMAIL PROTECTED]> wrote:
> > > I've upgraded recently from 0.9.3 to 1.0.1. There seems to be one
> > > small problem in the sql module: a Username seems to be
77 matches
Mail list logo