Hi,
Im running a FreeRadius 1.0.1 Server on Suse
Linux v9.1 with EAP-TLS for Authentication.
I have previousliy used the CA.all Script to
generate the necessary Certificates for test purpose.
Now I tried to write a script for creating the Certs
myself without obvious problems.
But
Hi All
I have a VPN Server which redirects all the authentication to
freeRADIUS1.0.1. My question is how do I restrict the VPN User to a
particular host in the network depriving him of all the resources and
hosts in the network. In short I want to restrict the VPN user to One and
Only One
i know that my nas is sending Lost_Carrier as Acct-Terminate-Cause
value. So in some way i should put that stoptime in the radacct table
manually when this happens. Maybe some trigger on accounting_update_query?
Edgars
Kyriaki Gali wrote:
yes i know it is a problem and i don't know if we can do
So you're still getting the core dump. Let me guess... you have two
versions of OpenSSL installed, and you built the server without using
--disable-shared.
Fix one of those two problems, and it will work.
Alan DeKok.
I am still getting the same dump, I have used --disable-shared while
cheers,
Can u plz give more details about u r setup reason u want to
restrict one server but can u tell me what ports wise so i will get
more idea give most of thing specific.like
Vpn user is connected and user may be used intranet / File server so
please specify what u want to do
yes i think it will work. see sql.conf if you can do something like that. i
don't think to have any problem
if i'll try it i'll tell you.
Kyriaki Gali,
IT Applications Specialist
Kinetix Tele.com Support Center,
Tel Fax: +30 2310 256140
GSM: +30 6947 723737
http://www.kinetix.gr
e-mail: [EMAIL
Hi everyone!
For the setup we have here I am in need of a slight re-write of
user_edit.php3, but unfortunately I don't possess adequate knowledge of
PHP yet to do so... :-/
The page now shows in a drop-down the group(s) a user is a member of.
What we need here is a drop-down that shows all
Hi there folks,
I am trying to build freeradius-1.0.1 on a Sun running Solaris 9 using
gcc-3.3.2 ! There are a number of warnings during configure and a make
also bombs.
I have grepped the errors from the config.log file:
configure:7947: error: dereferencing pointer to incomplete type
Kyriaki,
your help will be gratly appreciated!
Edgars
Kyriaki Gali wrote:
yes i think it will work. see sql.conf if you can do something like that. i
don't think to have any problem
if i'll try it i'll tell you.
Kyriaki Gali,
IT Applications Specialist
Kinetix Tele.com Support Center,
Tel Fax:
Hi,
I tried to get freeradius to work with PEAP.
I got LEAP working but I want to use PEAP because it is more secure.
It seems I have some problems with the certs. I tried it with the demo certs
included in the tar.gz and also with the certs made with the cert.sh in the
scripts dir.
I installed
Please help me make sense of inconsistent results. Using either raddest
(local) or NTRadPing (remote) the tests are successful if I login as a
user in /etc/passwd. In NTRadPing I must make sure CHAP is *not* selected.
Using NTRadPing with CHAP selected I can login as a user in
raddb/users. If
Running radiusd -X produces the following during a failed radtest test:
rad_recv: Access-Request packet from host 127.0.0.1:32782, id=58, length=55
User-Name = mao
User-Password = testing
NAS-IP-Address = 255.255.255.255
NAS-Port = 10
Processing the authorize
Yes, and you received a response telling you that mysql_devel was missing:
You need to get your lies straightened out.
Gene ..
I had the same type errors until I made sure the mysql_devel RPM was
installed .. Even then my make process completed with messages such as
sql_mysql.o
Hello,
Somehow I have been able to get radiusd to seg fault. I am not sure
exactly what to provide - so if there is something someone needs to
further diagnose, let me know.
Details of the issue:
If I authenticate 1 time, access-accept. Same for time #2. Third time is
not so good - it seg-faults
Dear All
The setup is straight. I just want to restrict one server of my internal
network to the VPN user. Web port in the application port, but I need the
users to be able to access the entire server.
Regards Thanks
Mahesh S Kudva
Original Message-
Title: RE: [ Tagged - SPAM ? ] Restricting VPN User
The group policy on my VPN server dictates the accessible networks. I have several setups that only allow one specific IP address with a 255.255.255.255 subnet.
Brent
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL
Beekmann (EXT), Lars [EMAIL PROTECTED] wrote:
Now I tried to write a script for creating the Certs myself - without
obvious problems.
But after I installed the Certs on the Radius Server and the Windows XP
Client, the Client doesn't Login anymore.
Run the server in debugging mode to see
Mahesh S Kudva [EMAIL PROTECTED] wrote:
I have a VPN Server which redirects all the authentication to
freeRADIUS1.0.1. My question is how do I restrict the VPN User to a
particular host in the network ...
For what?
depriving him of all the resources and hosts in the network. In
short I
Hennie Rautenbach [EMAIL PROTECTED] wrote:
I have grepped the errors from the config.log file:
configure:7947: error: dereferencing pointer to incomplete type
Those errors are part of the configure process, as it tries to
figure out what to do. Since the configure process didn't stop with
Paul [EMAIL PROTECTED] wrote:
A failed test against a username in raddb/users looks like this:
radtest -d /usr/local/etc/raddb/ kiko testing 127.0.0.1 10 testing123
...
Why are you looking at the output from radclient when the README,
FAQ, man pages, and other places say to run the server in
Paul [EMAIL PROTECTED] wrote:
rad_check_password: Found Auth-Type System
auth: type System
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
modcall[authenticate]: module unix returns notfound for request 2
Ok... what part of
Alan DeKok wrote:
Paul [EMAIL PROTECTED] wrote:
rad_check_password: Found Auth-Type System
auth: type System
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
modcall[authenticate]: module unix returns notfound for request 2
I cannot get Radius accounting to work. I am running Freeradius 0.9.3 on
Solaris 9. Authentication works fine. When I start radius in debug mode I
see processing the config file with no errors and listening on the proper
ports that I have set in the /etc/services file.
/etc/services excerpt
Paul [EMAIL PROTECTED] wrote:
Well, that seems to indicate that radtest is not sending the password in
the form of CHAP. As a result, it looks like the server is trying to
use /etc/passwd to validate a user that is actually in raddb/users.
So edit raddb/users to set Auth-Type := Local, or
Russell Premont [EMAIL PROTECTED] wrote:
Then I see the following:
rad_recv: Accounting-Request packet from host 192.168.1.14:1027, id=176,
length=210
Ignoring request from unknown home server 192.168.1.14:1027
Why do you have the client sending packets to port 1027?
The debug log of
Hi,
I did post the errors. Below is the message I sent on 10/15/2004.
Just wanted to point out that you did post the errors of make install
(or maybe a second call to make), which was not helpful at all in
diagnosing the error. The errors generated by make (or even of the
first run of
Hmmm,
I've been been trying to use regex to get the 12 hex characters in the
Calling-Station-Id but, I must be doing something wrong.
In my hints file i have
DEFAULT Calling-Station-Id =~
(\w\w)\-(\w\w)\-(\w\w)\-(\w\w)\-(\w\w)\-(\w\w)
User-Name := `%{0}`
This should set the User
Jose Guevarra [EMAIL PROTECTED] wrote:
In my hints file i have
DEFAULT Calling-Station-Id =~ (\w\w)\-(\w\w)\-(\w\w)\-(\w\w)\-(\w\w)\-(\w\w)
User-Name := `%{0}`
This should set the User Name to the hex characters in the mac address
or 'something' at least
Or something...
And
Dirk Enrique Seiffert - CaribeNet [EMAIL PROTECTED] wrote:
It's included with the server. www.freeradius.org says so.
But www.freeradius.org is not the bible:
Huh? www.freeradius.org is the DEFINITIVE place to find FreeRADIUS.
We include dialup_admin in our releases. If Suse doesn't,
Raimund Sacherer [EMAIL PROTECTED] wrote:
There where two problems with proxying, first, i listen to 2 ip
addresses, if those where on different interfaces (eth0/eth1) it is not
working, the problem is, the packet is sent to the roamingpartner, but
the response is not recognized by freeradius
Rick Macdougall [EMAIL PROTECTED] wrote:
In our configuration and testing we came across one small bug in the
accounting module.
accounting {
detail # always log to detail, stopping if it fails
redundant {
sql1 # try module sql1
Khurram Jahangir [EMAIL PROTECTED] wrote:
I think the problem lies in the following part of the
Radiusd log
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap:
Hi Again,
Correct me if I misunderstood you.
You mean that EAP-TLS inside of EAP-PEAP is not
possible at all and is wrong or it is correct and
freeradius might support this in future.
Regards
Khurram
--- Alan DeKok [EMAIL PROTECTED] wrote:
Khurram Jahangir [EMAIL PROTECTED] wrote:
I
Alan DeKok wrote:
Paul [EMAIL PROTECTED] wrote:
Well, that seems to indicate that radtest is not sending the password in
the form of CHAP. As a result, it looks like the server is trying to
use /etc/passwd to validate a user that is actually in raddb/users.
So edit raddb/users to set
Khurram Jahangir [EMAIL PROTECTED] wrote:
You mean that EAP-TLS inside of EAP-PEAP is not
possible at all and is wrong or it is correct and
freeradius might support this in future.
FreeRADIUS does not support this. It may in the future, if someone
supplies a patch.
Alan DeKok.
-
List
Ok Posix expressions are supported here then shouldn't putting parenthases
around the hex characters give me groups %{1}...%{6}?
I do this
DEFAULT Calling-Station-Id =~
([a-fA-F0-9][a-fA-F0-9])-([a-fA-F0-9][a-fA-F0-9])-([a-fA-F0-9][a-fA-F0-9])-
Alan,
Perl supports \w in regular expressions. Posix expressions (which
the libraries from your system the server uses) do not support \w.
how do I tell which 'libraries' are being used hence the supported regex
syntax/capabilities?
Thanks,
-Original Message-
From: [EMAIL
I have two questions:
1.
I have recently completed a freeradius install and tested it using
NTradping. Everything looks good. My access point is a D-Link DWL-2700AP
outdoor access point. It supports (among other things) WPA-RADIUS and
802.1x. The AP is configured to use 802.1x on port 1812
I am using freeradius (or trying) to authenticate my poptop (pptpd) clients.
the configuration is
as follows
fedora core 2
freeradius 1.0.1
pptpd-1.2.1-1
and pppd 2.4.3 (compiled with radius plugin)
I can use ntradping to authenticate just fine, but when my client tries it
fails. there
Hi,
I have question regarding the following line in the CA.all script:
openssl ca -policy policy_anything -out newcert.pem -passin
pass:whatever -key whatever -extensions xpserver_ext -extfile
xpextensions -infiles newreq.pem
Does the use of the switch -extensions here (implying extended key
40 matches
Mail list logo