Debug option to view generated key
Does FreeRADIUS offer a debug option that displays the key generated during EAP-TLS (or the unencrypted MPPE keys sent out)? I understand this would be a security risk in a live network but it would be helpful for debugging issues found in the lab. Thanks, Vineet - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 3ComSwitch Login
Hi Alexandre, I mean the standard RADIUS attribute Service-Type. I believe some of the 3Com switches require the attribute to be set to Administrative. -Vineet Alexandre Soares wrote: Hello Vinnet Thanks for your concern, but your sugest is change in user file the attribute 3Com-User-Access-Level to Service-Type ? Thanks again asoares Auth-Type := System, 3Com-User-Access-Level = 3Com-Administrator visita Auth-Type := System, 3Com-User-Access-Level = 3Com-Visit On 1/17/07, *Vineet Verma* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi Alexandre, I think you need RADIUS to return the Service-Type attribute as Administrative for it to work. -Vineet Alexandre Soares wrote: Hi All, Sorry team, but I still problem to authenticate a valid Administrator User in 3Com Swithc, my question is anyone implemented this feature ? I really don't know where to start the solution in freeradius - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 3ComSwitch Login
Hi Alexandre, I think you need RADIUS to return the Service-Type attribute as Administrative for it to work. -Vineet Alexandre Soares wrote: Hi All, Sorry team, but I still problem to authenticate a valid Administrator User in 3Com Swithc, my question is anyone implemented this feature ? I really don't know where to start the solution in freeradius - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mac auth configuration
Thanks a lot! That worked. -Vineet Phil Mayers wrote: Vineet Verma wrote: Hi, I have been able to configure FreeRadius to successfully authenticate a client based on the MAC address with entries like: 00-0c-41-5f-91-4b Auth-Type := Local, User-Password == 00-0c-41-5f-91-4b Acct-Interim-Interval = 60 Is there any way to configure it so I don't have to list every client? For example can I have some kind of glob as follows, say for all clients with OUI 00-0c-41: 00-0c-41-* Auth-Type := Local, User-Password == 00-0c-41-5f-91-4b Acct-Interim-Interval = 60 If not, how do I do something like this? Try: DEFAULTUser-Name =~ 00-0c-41-..-..-.., Auth-Type := Accept Acct-Interim-Interval = 60 If this is a multi-NAS server (e.g. dialup+802.1x+macauth) you'll want to put more checks on the first line e.g. NAS-Port-Type == Ethernet, Huntgroup-Name == mac-auth-switches to avoid the minor security hole of a user on the other NASes being able to set their username to a MAC address. Thanks, Vineet - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Buy SSL Certificates for PEAP
You also need to specify -outform PEM. On Tue, 2006-06-27 at 13:53, VannMann32 . wrote: Hi ! Can anybody give me a hint on how to configure the eap.conf file when I have a certificate signed by thawte.com (21-Day Free SSL Trial Certificate) ? Read somewhere that I have to convert the certificate from DER to PEM, but trying to use this cammand fails : openssl x509 -in somecertificate.cer -inform DER -out somecertificate.pem Thanx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error running free-radius
You might want to make sure you are looking at the correct .conf file. I have seen systems where 2 separate installations are done inadvertently (for example, one in /etc/raddb and the other in /usr/local/etc/raddb). -Vineet On Tue, 2006-05-16 at 16:36, Alan DeKok wrote: Jordi Soriano Terol [EMAIL PROTECTED] wrote: I've checked the file and all the {} are correct. Even if i try with the original free-radius config file the error is still there. Maybe is a bug? The problem does not occur in default installs with default configurations. Therefore, the problem is caused by something you edited locally. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
make install error with FreeRadius 1.0.5 on RH8.0
I completed the configure and make successfully but make install gives me the following error: Making install in rlm_eap_gtc... gmake[11]: Entering directory `/data/software/freeradius-1.0.5/src/modules/rlm_eap/types/rlm_eap_gtc' if [ xrlm_eap_gtc != x ]; then \ /data/software/freeradius-1.0.5/libtool --mode=install /data/software/freeradius-1.0.5/install-sh -c -c \ rlm_eap_gtc.la /usr/local/lib/rlm_eap_gtc.la; \ rm -f /usr/local/lib/rlm_eap_gtc-1.0.5.la; \ ln -s rlm_eap_gtc.la /usr/local/lib/rlm_eap_gtc-1.0.5.la || exit ; \ fi gmake[11]: execvp: /bin/sh: Argument list too long gmake[11]: *** [install] Error 127 gmake[11]: Leaving directory `/data/software/freeradius-1.0.5/src/modules/rlm_eap/types/rlm_eap_gtc' gmake[10]: *** [common] Error 2 I understand that the Argument list too long error is from the OS because the argv list is probably exceeding the 128K buffer. Usually the workaround is to rewrite the offending commands so that the argument lists are shorter. Has anyone run into this problem before and do you have any tips on how I can workaround this? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: make install error with FreeRadius 1.0.5 on RH8.0
Isn't libtool generated by the installation process? Alan DeKok wrote: Vineet Verma [EMAIL PROTECTED] wrote: I completed the configure and make successfully but make install gives me the following error: ... gmake[11]: execvp: /bin/sh: Argument list too long Wow... that's really weird. I understand that the Argument list too long error is from the OS because the argv list is probably exceeding the 128K buffer. Usually the workaround is to rewrite the offending commands so that the argument lists are shorter. Has anyone run into this problem before and do you have any tips on how I can workaround this? I've never seen it before. My guess is that there's some kind of problem with the libtool you're using, which creates huge lines. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html