Well I know BASH, PHP, MS VB, Java, Pascal, and Assembler. I'm sure if I
look at brief docks on Perl I'll get it.
In your code, $RAD_REQUEST{'Module-Failure-Message'} what that variable
mean? Is there any doc on how to write scripts for radius?
As to Windows that doesn't read reply message,
I'm using FreeRADIUS 1.0.2 and its associated mysql plugin on a Debian 3.1
system. I've managed to get the server working to where our customers are
authenticating out of the mysql database just fine and the accounting
records are being stored in mysql properly too.
But the Simultaneous-Use config
> I have tested the signal strength possibility and that is not the
issue.
Anything useful in the AP logs? Also, do you have a laptop with a
spectrum analyzer that can look for interference from other radio
sources?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.h
>Ok I got the idea how to initiate the the script on reject event, but
what should go in post_auth_reject.pl? I have absolutely no experience
with Perl. I probably would be >able to figure out something but not
sure how. I assume I would listen to something like if username exist,
if username exist
Alan,
I have tested the signal strength possibility and that is not the issue.
Either the client or the AP is causing the disconnect / reconnect. This quite
frequently results in the user being disconnected from various applications
(but not always).
Scott
-Original Message-
Fr
> I'm using freeradius to authenticate and authorize users to cisco
switches/routers/FW.
> My issue is that i want to do aaa for 3 things on the same device:
device administrators login (telnet), for 802.1x EAP/MD5 (, and to
manage firewall FWSM
> ACLs (radius attribute in the response: filter-id=
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thibault Le Meur wrote:
> EAP-TTLS requires only a server-side cert. The client-side authentication is
> performed through an inner TLS tunnel and is usually PAP (but can be any EAP
> method).
>
Several 801.1x/WPA clients can elect _not_ to verify th
Ok I got the idea how to initiate the the script on reject event, but what
should go in post_auth_reject.pl? I have absolutely no experience with Perl.
I probably would be able to figure out something but not sure how. I assume
I would listen to something like if username exist, if username exist a
Scott Hughes wrote:
>
> I am having a problem with our wireless clients re-authenticating
> (non-radius issue I believe) anywhere from a few seconds, to four minutes,
> to a few hours. The client is NOT moving. This is a simple design of Cisco
> 1231 APs and laptop/desktop clients. Strange.
T
> Also, I am under the understanding that EAP-TLS does NOT
> require a client side cert, and EAP-TTLS DOES require a
EAP-TLS requires both server-side and client-side certs.
EAP-TTLS requires only a server-side cert. The client-side authentication is
performed through an inner TLS tunnel and i
Thanks for the link Stefan.
I am having a problem with our wireless clients re-authenticating
(non-radius issue I believe) anywhere from a few seconds, to four minutes,
to a few hours. The client is NOT moving. This is a simple design of Cisco
1231 APs and laptop/desktop clients. Strange.
Also
-Message d'origine-
De :
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
.org] De la part de [EMAIL PROTECTED]
Envoyé : vendredi 1 décembre 2006 17:16
À : freeradius-users@lists.freeradius.org
Objet : differentiating radius attribute
Hi everybody,
I'm using freeradius to authenticate a
Hello to everyone.
I have a question regarding freeradius proxying. My setup is
freeradius 1.1.3 on Solaris 9. I have a very simple proxy
configuration. The setup is a bit 'weird' in the sense that I have a
freeradius server on the machine that acts as a proxy to another
radius server running on t
Hi everybody,
I'm using freeradius to authenticate and authorize users to cisco
switches/routers/FW.
My issue is that i want to do aaa for 3 things on the same device: device
administrators login (telnet), for 802.1x EAP/MD5 (, and to manage firewall
FWSM ACLs (radius attribute in the response
Hello,
I have a redundant configuration, in wich I try first a MySQL
database, and if it fails i log the queries into a sql_log file.
The problem is when the MySQL sever came up, the module does not try
the MySQL module, it stays until I restart the service.
Any Ideas?
Thanks,
--
Wilmar Campos
> How can I add default Reply-Message to the situation where
Access-Reject was sent because of incorrect password?
> I looked at the user's file but it seams that I have no way to
determine if access-accept or reject was sent... it only has example how
to send the message to a reject > group.
Hi,
> Are there any open source wireless clients for Windows based (2000 & XP)
> machines, rather than using what comes with the wireless hardware?
Several. My favourite is at http://www.securew2.com. .
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education National
Greetings:
Are there any open source wireless clients for Windows based (2000 & XP)
machines, rather than using what comes with the wireless hardware?
Thank you,
Scott
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
1. a vpn client contacts the cisco box
2. the ciscop box forwards the request to the radius server for
authentication.
3. the radius server somehow proxies the request to the windows domain
server
4. the domain server reports back an ok to the radius server?
5. the vpn tunnel is setup.
What I ca
Norbert Grochal wrote:
I have wireless clients authorization using freeradius.
Schema:
Internet---linux router---access point 1 (wds) access point 2
some wireless clinets and some ethernet clients
wireless clients use wpa2/aes with eap-peap
But... is it possible to authorize
Hi,
> wireless clients use wpa2/aes with eap-peap
>
> But... is it possible to authorize ethernet (not wireless) clients?
sure, if the switch is capable of 802.1X port security. Enable 802.1X for
every port and configure the supplicants.
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Télé
I have wireless clients authorization using freeradius.
Schema:
Internet---linux router---access point 1 (wds) access point 2 some
wireless clinets and some ethernet clients
wireless clients use wpa2/aes with eap-peap
But... is it possible to authorize ethernet (not wireless) clie
Hi,
I´ve installed freeradius on debian for remote access (lucent max) ,
authenticating users against a ldap server. The authentication looks
fine, but if the user has the callback field as active, the server
don´t do the callback and register the computer directly to the lan.
The field Asc
> -Message d'origine-
> De :
> [EMAIL PROTECTED]
> radius.org
> [mailto:[EMAIL PROTECTED]
> sts.freeradius.org] De la part de Sundaram Divya-QDIVYA1
> Envoyé : jeudi 30 novembre 2006 23:51
> À : freeradius-users@lists.freeradius.org
> Objet : FreeRadius and LDAP
>
> We don't use openl
> -Message d'origine-
> De : ganesh subramonian [mailto:[EMAIL PROTECTED]
> Envoyé : vendredi 1 décembre 2006 05:41
> À : FreeRadius users mailing list
> Cc : [EMAIL PROTECTED]
> Objet : Re: RE : return user group information to radius client
>
>
> hi
> does that mean that sending/rece
25 matches
Mail list logo