Hi,
How do i enable logging of user accept and deny logins in log file? I tried to
put sql_log in post-auth but didn't work.
thanks!
det
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 27/10/2011 00:51, Toby wrote:
Hi all,
I apologize in advance if this question has been answered previously
but I have searched extensively and cannot find discussion of this
particular topic.
What I am wanting to setup, at least initially, is a WPA2 enterprise
(802.11i) wireless access point
Hi all,
I apologize in advance if this question has been answered previously
but I have searched extensively and cannot find discussion of this
particular topic.
What I am wanting to setup, at least initially, is a WPA2 enterprise
(802.11i) wireless access point that will authorize ANY user (acce
On 10/26/2011 07:53 PM, Francois Gaudreault wrote:
Correct me if I am wrong, but that should not be needed when you are not
validating server certificate.
There are a few issues; let me try to lay them out.
First: it seems you MUST install the CA on the client (in one or both of
the user or m
Correct me if I am wrong, but that should not be needed when you are not
validating server certificate.
That would mean windows is trying to validate server cert when doing
machine auth even if the profile says otherwise??
On 11-10-26 2:36 PM, Bonald wrote:
Client is Windows7 w/SP1. Using Ci
Client is Windows7 w/SP1. Using Cisco PEAP it's working. When using
Microsoft PEAP it's failing for machine auth.
I am on WLAN
"netsh wlan show profile" just shows my SSID
That fixed my problem. I needed to check the correct CA in the
protected PEAP properties.
http://www.letu.edu/it/faq/article/
On Thu, Oct 27, 2011 at 12:13 AM, Daniel Menezes wrote:
> Yes, there is a large number of rows in the radacct and radposauth tables.
> The attribute 'Acct-Interim-Interval' works very well but makes many
> records.
Interim update aren't suppose to add records, they simply update existing ones.
Th
Yes, there is a large number of rows in the radacct and radposauth tables.
The attribute 'Acct-Interim-Interval' works very well but makes many
records.
I rotate these tables to archive old records, I think I'll do this every
month.
Of course, the script wouldn't solve all my problems, but it was
On 26/10/11 17:15, Phil Mayers wrote:
On 26/10/11 14:24, Bonald wrote:
Yes i've read it.
Yes the certificate is trusted on the machine and the user store.
It must be something else, using USER auth it's working. MACHINE auth
is failling.
What is the client operating system and version, includ
Hi Daniel,
> I have a FreeRadius + MySQL setup with MikroTik as NAS.
> And a few days ago I have some warnings and errors in the log:
>
> Tue Oct 25 04:02:41 2011 : Info: Released IP xxx.xxx.xxx.xxx (did
> via-pppoe-01 cli xx:xx:xx:xx:xx:xx user dmnzs-test) Tue Oct 25 05:30:36
2011 :
> Error: Rec
On 26/10/11 14:24, Bonald wrote:
Yes i've read it.
Yes the certificate is trusted on the machine and the user store.
It must be something else, using USER auth it's working. MACHINE auth
is failling.
What is the client operating system and version, including service pack?
Are you using the bu
On 26/10/11 16:54, Bonald wrote:
If you are using the default config then your eap.conf must have
default_eap_type = md5
Yes. The client NAKs the EAP-MD5 and asks for PEAP.
Try with peap.
Just to placate you, I have done so. It made no difference, except save
one round-trip. User- and m
If you are using the default config then your eap.conf must have
default_eap_type = md5
Try with peap.
On Wed, Oct 26, 2011 at 12:14 PM, Phil Mayers wrote:
> On 26/10/11 14:58, Phil Mayers wrote:
>>
>> On 26/10/11 14:47, Sergio NNX wrote:
>>>
>>> This kind of Q&A thing helps no one here! Many
On 26/10/11 16:14, Phil Mayers wrote:
Sorry, this is long.
tl;dr version - under Windows 7, if you import the CA certificate into
the "Trusted Root Certification Authorities" hierarchy in the MMC
"Certificates" snap-in, Windows 7 user- and machine-auth work just fine
against an out-of-the-box F
On Wed, Oct 26, 2011 at 10:08 PM, Daniel Menezes wrote:
> Tue Oct 25 15:43:20 2011 : Error: WARNING: Unresponsive child for request
> 784, in module radutmp component accounting
Another thing to try, are you using radutmp? If no (e.g.
session/simultaneous use check is using sql), just mark all in
On Wed, Oct 26, 2011 at 10:08 PM, Daniel Menezes wrote:
> I read something about slow backend, tables indexes and other things.
> I've used the backend script 'mysqltuner.pl' to adjust the performance.
> It's better now, but the warnings and erros persists.
>
> Can anyone help me on this?
Obvious
On 26/10/11 14:58, Phil Mayers wrote:
On 26/10/11 14:47, Sergio NNX wrote:
This kind of Q&A thing helps no one here! Many people are reporting the
same issue on different platforms! I don't think the problem is either
with the client or the certificates since I conducted some testing using
the s
Hi all,
First, sorry my bad English.
I have a FreeRadius + MySQL setup with MikroTik as NAS.
And a few days ago I have some warnings and errors in the log:
Tue Oct 25 04:02:41 2011 : Info: Released IP xxx.xxx.xxx.xxx (did
via-pppoe-01 cli xx:xx:xx:xx:xx:xx user dmnzs-test)
Tue Oct 25 05:30:36 20
Even more weird, we have had the same issue lately with one controller
model, and not the other. We were using the same config on the client,
on the server, and the same certs.
Ouch. The whole EAP ecosystem is fragile to the point of insanity.
There are times when I'm surprised it work
Francois Gaudreault wrote:
> Even more weird, we have had the same issue lately with one controller
> model, and not the other. We were using the same config on the client,
> on the server, and the same certs.
Ouch. The whole EAP ecosystem is fragile to the point of insanity.
There are time
Hi,
See Below (I won't put the comments section) for RHEL5:
Summary: High-performance and highly configurable free RADIUS server
Name: freeradius2
Version: 2.1.12
Release: 1%{?dist}
License: GPLv2+ and LGPLv2+
Group: System Environment/Daemons
URL: http://www.freeradius.org/
Source0:
ftp://ftp
Ok, I have been watching your discourse from afar and I have to say this:
> This kind of Q&A thing helps no one here! ...
Two things. Number one, he IS answering your questions. He is just not GIVING
you the answer. Number two, the gentleman in question is quite possibly the
preeminent FreeR
I edit the wrong site... sorry
Am 26.10.2011 15:48, schrieb Andreas Rudat:
> Hello,
>
> I work with this tutorial
> http://deployingradius.com/documents/configuration/active_directory.html
>
> all works fine, since I try to use ntlm_auth with radius directly
>
>
> I added a user tester / testen
Sergio NNX wrote:
> This kind of Q&A thing helps no one here!
Nonsense. Explaining WHAT is going on, and WHY it's difficult for us
to help you is useful.
> Many people are reporting the
> same issue on different platforms! I don't think the problem is either
> with the client or the certificat
Hi,
This kind of Q&A thing helps no one here!
I think it does...
Many people are reporting the same issue on different platforms! I
don't think the problem is either with the client or the certificates
since I conducted some testing using the same client and the same
certificates but an old
On 26/10/11 14:47, Sergio NNX wrote:
This kind of Q&A thing helps no one here! Many people are reporting the
same issue on different platforms! I don't think the problem is either
with the client or the certificates since I conducted some testing using
the same client and the same certificates bu
Hello,
I work with this tutorial
http://deployingradius.com/documents/configuration/active_directory.html
all works fine, since I try to use ntlm_auth with radius directly
I added a user tester / testen
users:
at the top DEFAULT Auth-Type := ntlm_auth
tester Cleartext-Password := "testen"
an
This kind of Q&A thing helps no one here! Many people are reporting the same
issue on different platforms! I don't think the problem is either with the
client or the certificates since I conducted some testing using the same client
and the same certificates but an old FR version (1.1.7) and the
James T. Mugauri wrote:
> On 10/26/2011 02:49 PM, freeradius-users-requ...@lists.freeradius.org
> wrote:
>>On Access-Accept, store the unencrypted User-Name in the DB, along
>> with a Class attribute. When you receive an accounting packet, look up
>> the Class attribute to find the unencrypted
Phil Mayers wrote:
> Seriously - it's important to understand that the CLIENT stops
> responding. FreeRADIUS can't do anything more in this case - the client
> has stopped sending EAPOL packets, so the client must think that
> something is wrong.
That's the main issue people have with RADIUS. T
On 10/26/2011 02:49 PM, freeradius-users-requ...@lists.freeradius.org
wrote:
On Access-Accept, store the unencrypted User-Name in the DB, along
with a Class attribute. When you receive an accounting packet, look up
the Class attribute to find the unencrypted User-Name.
Thanks
I notice whe
On 26/10/11 14:24, Bonald wrote:
Yes i've read it.
Yes the certificate is trusted on the machine and the user store.
It must be something else, using USER auth it's working. MACHINE auth
is failling.
Well, I guess it's just broken then. Oh well.
Seriously - it's important to understand that t
Yes i've read it.
Yes the certificate is trusted on the machine and the user store.
It must be something else, using USER auth it's working. MACHINE auth
is failling.
On Wed, Oct 26, 2011 at 10:14 AM, Phil Mayers wrote:
> On 26/10/11 13:49, Bonald wrote:
>
>> WARNING: !! EAP session for state 0x
On 26/10/11 13:49, Bonald wrote:
WARNING: !! EAP session for state 0xd4ade9e4d6a8f086 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
Did you follow the link? Did you read it?
Most likely, you need to ensure your certificate CA is trusted by the
m
Hi,
I've spent too much time trying to fix this issue and going nowhere...
I am trying to make MACHINE auth working on Windows/CiscoWLC and Freeradius.
I have no problem with USER auth.
The certificate is fine, I've created it using xpextension. I've also
tried a Windows-CA certificate.
I've also
Hi,
I have two servers A and B configured. I have some doubts:
I would like to get to copy accounting data (same set of information) from A
to B. I have configured this and works fine (copy-acct-to-home-server &
proxy.conf), BUT in radacct table of server B, the records have different
acctstartim
James T. Mugauri wrote:
> I have managed to auth a Greenpacket WiMAX MS via an eap ttls tunnel.
> Thanks to Alan's direction earlier, I can also send the service flow
> definitions correctly.
That's good.
> I have now found that subsequent db writes (and logging) associated with
> accounting an
2011/10/25 Fred :
> Phil,
> Yes, I am sure, but I don't have traces on hand...
> I will try to get some radiusd -X on 2.1.11 ASAP, as I can't do it now
> because I try to find a solution as I have to restart production in
> the next few hours ...
> Anyway, Thank a lot for your kind help attempts.
>
Alexandre Chapellon wrote:
> Did the very same test here, with very same results.
> I find this a little bit scary to imagine that some accounting packets
> are lost (meaning I have no "proof" the requests was answered and how.
Ah... after thinking about it some more, there is no problem.
The
Hi Francois,
As you did not gave any linl to your SRPM, could you share your spec ?
I still have some trouble with radrelay using my own spec with git
2.1.x, which is not version 2.2.0 ...
Best regards,
Fred
2011/10/25 Francois Gaudreault :
> Hi,
>
> The spec is a bit buggy, I had to make some
Hi,
I have managed to auth a Greenpacket WiMAX MS via an eap ttls tunnel.
Thanks to Alan's direction earlier, I can also send the service flow
definitions correctly.
I have now found that subsequent db writes (and logging) associated with
accounting and postauth functions are the encrypted v
Pierre Rondou wrote:
> Here is what I had thought about: FreeRadius correctly treats the requests
> (answer are always received), but there is a locking problem with the log
> files, meaning that basically, only one thread can write inside.
Edit raddb/detail, and add "locking = yes"
Alan DeKo
Did the very same test here, with very same results.
I find this a little bit scary to imagine that some accounting packets
are lost (meaning I have no "proof" the requests was answered and how.
regards
Le 26/10/2011 10:21, Pierre Rondou a écrit :
Hello,
On Tue, 25 Oct 2011 21:09:31 +0100, A
On Wed, Oct 26, 2011 at 3:07 PM, tonimanel
wrote:
> Now, I don't have clear why configuring proxy.conf and implementing
> copy-acct-to-home-server, accounting packets have different times(I know
> that these are using different timestamp).
That's the way it is.
> You have said that this is
> pos
Hello,
On Tue, 25 Oct 2011 21:09:31 +0100, Alan Buxey
>
> however, as Alan said. in single thread mode, you only have one process
> dealing with
> requests.so one single open connection to SQL, one single sesion to
> LDAP etc etc
> (whatever you use) - eg even a local file with PERL.
>
> w
First, thanks for your answer.
I think that I understand the basics but I had a doubt with second_detail
file because before appeared when I executed a ls. Now I have clear (I knew
that second_detail was removed when was readed, but only if the packets were
transmited).
I have redone the config
Apologies for my incorrectly headed last response:
On 10/26/2011 12:11 AM, freeradius-users-requ...@lists.freeradius.org
wrote:
You just add the attributes, and the server will take care of
encapsulating them in TLVs.
Is there any thing i must pay attention to with regard to either (or
both
James T. Mugauri wrote:
> Is there any thing i must pay attention to with regard to either (or
> both of):
>
> 1. The order in which i define the attributes, especially when i am
> defining 2 QoS-Descriptors (for downlink and uplink e.g.) and 2 or more
> Packet-Flow-Descriptors (for controlling di
48 matches
Mail list logo