Hi... I think I've managed to run my radius server and client, but only
through the text files.
Now I need to run it interacting with mysql. Any help,
pleeeeee.
And the accounting how does it work?
TA
Jorge Lanza
On Fri, 2002-07-12 at 19:02, Henrik Eriksson wrote:
I think I confused you a bit regarding the broadcast key.
The broadcast key needs to be sent to the supplicant both
if it is individual to that STA or if it is common to all
STAs in the BSS (which I think it always is). A better
description
I'm new to the Radius protocol, just having finished
implementing a module for access to a private
authentication service.
During development one thing struck me as odd:
authorization checks are done before the entity being
authorized is authenticated.
It's been my experience that before an
Hi all,
I'm trying to configure a radius server ( freeradius 0.6 ) where I would
liketo receive the IP-Address from a pool.
To achieve this I would like to join some of the users in groups, by using
the following authentication user:
steve@Gruppo
where the user steve has some return pair, but
Dear Vic Abell,
Imagine you're coming to your president's room
Secretary: do you have an appointment?
Mr. Abell: Yes, my name is Vic Abel
Secretary gets your name and looks into timetable and finds required
record (that's authorization is). Than she checks time and name are
ZARAZA writes:
Dear Vic Abell,
Imagine you're coming to your president's room
Secretary: do you have an appointment?
Mr. Abell: Yes, my name is Vic Abel
In this new an suspicious age, that wouldn't be the exchange.
It would be:
Secretary: Do you have an appointment?
Mr. Abell:
On Tuesday 16 July 2002 02:56, Jorge Lanza wrote:
Hi... I think I've managed to run my radius server and client, but only
through the text files.
Now I need to run it interacting with mysql. Any help,
pleeeeee.
And the accounting how does it work?
If you read
Dear Vic Abell,
--Tuesday, July 16, 2002, 5:53:45 PM, you wrote to [EMAIL PROTECTED]:
Secretary: do you have an appointment?
Mr. Abell: Yes, my name is Vic Abel
VA In this new an suspicious age, that wouldn't be the exchange.
VA It would be:
VA Secretary: Do you have an appointment?
VA
Charles J. Boening [EMAIL PROTECTED] wrote:
My Orinoco equipment sends the MAC address as the username and the
radius shared secret as the password.
That's *horrible*!
The whole point of the shared secret is that it never goes over the
wire, in *any* form. The Orinoco equipment should
Ilguiz Latypov [EMAIL PROTECTED] wrote:
I agree that promiscuous authentication is not how FreeRadius was supposed
to work. Sorry for not reading the documentation first. I thought that
communication between Radius clients and servers is secure by design. Is
this not always true?
No.
I came across this link on how to setup freeradius on FreeBSD. I just thought
I'd post it in case it helps anyone!
http://my.lostinfo.com/files_other/radius/
It was written just after 0.3 came out, but most of the info is still quite
valid.
Nick
--
Nick Davis
Associate Systems
Vic Abell [EMAIL PROTECTED] wrote:
During development one thing struck me as odd:
authorization checks are done before the entity being
authorized is authenticated.
Yes, by design and intent.
It's been my experience that before an entity is
authorized it should be asked to prove itself
Vic Abell [EMAIL PROTECTED] wrote:
I don't think someone should be authorized before the claimed identity
has been authenticated. Otherwise authorization might be given to
someone falsely claiming an identity.
Nonsense. The authorization isn't returned to the caller until
after they've
At 06:25 PM 7/15/2002 -0400, Deramus, Chris wrote:
I just updated with the July 15th snapshot, re-ran radiusd -X and am now
getting a line that says.
/usr/local/etc/raddb/users[143]: Parse error (reply) for entry DEFAULT: No
token read where we expected an attribute name
Errors reading
At 08:34 PM 7/15/2002 -0400, Ilguiz Latypov wrote:
I agree that promiscuous authentication is not how FreeRadius was supposed
to work. Sorry for not reading the documentation first. I thought that
communication between Radius clients and servers is secure by design. Is
this not always true?
Alexandre Strube [EMAIL PROTECTED] wrote:
I always compile the snapshots with the same configure options, which are
./configure --with-mysql-lib-dir=/usr/lib/mysql \
--with-mysql-include-dir=/usr/include/mysql \
--with-mysql-dir=/usr/bin --enable-ltdl-install=no \
The
Penny [EMAIL PROTECTED] wrote:
I wants to authenticate.
WARNING: Unprintable characters in the password. ? Double-check the
shared secret on the server and the NAS!
I wonder why the password has become unprintable characters like this:
Did you bother reading the error message?
Did you
[EMAIL PROTECTED] wrote:
When they attempt to authenticate using a *wrong* password, I need to
see a 'Access-Reject' and in the Access-Rejected packet the proxy-state
value returned also.
Currently when I send across a Authentication request with a wrong
password - I am not seeing a reply
Alan DeKok writes:
Vic Abell [EMAIL PROTECTED] wrote:
I don't think someone should be authorized before the claimed identity
has been authenticated. Otherwise authorization might be given to
someone falsely claiming an identity.
Nonsense. The authorization isn't returned to the
On Tue, 16 Jul 2002, Alan DeKok wrote:
In addition, why would you want to expose a key piece of software to
any random packet from the internet? Is it *really* that hard to type
in the 10-100 client IP addresses?
I was testing the perl Authen::Radius module with its make test command
and
Vic Abell [EMAIL PROTECTED] wrote:
Nonsense. The authorization isn't returned to the caller until
after they've been authenticated.
No, it's not nonsense. The secretary's telling me that Vic
Abell has an appointment gives away potentially useful
information.
Please read again,
Alan DeKok writes:
Uh, right. Why were you arguing about something you didn't
understand? It would have been politer for you to ask HOW it works,
rather than claiming it's wrong and insecure, and then back-pedalling
when your confusion was corrected.
Well I don't think I ever said
Deramus, Chris [EMAIL PROTECTED] wrote:
I did exactly what you recommended and still no go, I really am stumped. I
will triple check my radiusd.conf file and verify that everything is okay.
If you think of anything else please letme know.
Add a line to the bottom of 'raddb/dictionary':
Title: RE: Problem with Files module in latest snapshot?
Alan,
Thanks for the suggestion but still no go, I appreciate the feedback though :)
Chris DeRamus
HQ VPN Administrator
Verizon
301-903-2093
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]]
Sent:
I do have libltdl installed on my system as part of RedHat's libtool RPM
package. However, the configure script fails to find the header file
which exists:
===
$ ./configure --without-snmp \
On Tue, 16 Jul 2002, Ilguiz Latypov wrote:
The bootstrap script allows to remove automatically generated files from
the CVS repository.
I forgot to attach the new files:
acinclude.m4
which is former aclocal.m4 without libtool.m4 and AC_CHECK_TYPE_INCLUDE
and the
bootstrap
script.
Ilguiz Latypov [EMAIL PROTECTED] wrote:
The bootstrap script allows to remove automatically generated files from
the CVS repository. However, some constructs in the updated configure.in
are valid only with the newer autoconf. Perhaps, putting AC_PREREQ(2.53)
into configure.in could be a
Title: RE: Problem with Files module in latest snapshot?
Alan,
Are you just going to re-release the dictionary file or just update the website to reflect the necessary changes to the dictionary file. One thing I Just wanted to clairfy, did you mean the *bottom* of the file as a whole, or
I don't disagree with you there, but at lease the wire it's going over
can't easily be accessed. Plus, my firewall prohibits radius queries
from anyone but trusted hosts. Agreed it would be nice, but it's what I
have to work with. I don't want to do mac access lists in each AP
Charlie
Title: RE: Problem with Files module in latest snapshot?
Alan,
I'm a little confused? I downloaded the latest cvs file that was uploaded today for the 16th, however, it was uploaded at 9:01 a.m. Is the freeradius-snapshot for today the file for me to get?
Sorry I'm a total newbie at this
Alan,
On Tue, 16 Jul 2002, Alan DeKok wrote:
My thoughts are that the patches are a nice idea, but there's no way
I'm going to re-write the autoconf stuff just before 0.6.1 is
released.
My patch is only a suggestion, and thanks for even paying any attention to
it.
Also, I'm *never*
Hi,
If anybody has used FreeRADIUS for MAC address authentication with any NAS,
may I please ask for the clients.conf file for this? Actually my setup is
not working and I was wondering if my file format of/etc/raddb/clients.conf
is alright or not? I have installed FreeRadius on Linux Red Hat
Deramus, Chris [EMAIL PROTECTED] wrote:
I'm a little confused? I downloaded the latest cvs file that was uploaded
today for the 16th, however, it was uploaded at 9:01 a.m. Is the
freeradius-snapshot for today the file for me to get?
No. I said:
The dictionary file in the distribution
On Tue, 16 Jul 2002 17:17:04 +0200, [EMAIL PROTECTED] wrote:
Even worse. Now it dies faster :-)
[root@unix ~/xxx/freeradius-snapshot-20020715]# make
gmake[1]: Entering directory `/root/porao/freeradius-snapshot-20020715'
Making all in libltdl...
gmake[2]: Entering directory
Hi gurus,
I am trying to implement mac address authentication on Lucent Orinoco's
wireless access points AP-1000 which have Radius capability already built in
them. I have made the wireless access point as the client of radius in the
/etc/raddb/clients.conf file say like this:
client
Oh, thank you. :)
I made a mistake with the password.
Penny [EMAIL PROTECTED] wrote:
I wants to authenticate.
WARNING: Unprintable characters in the password. ? Double-check the
shared secret on the server and the NAS!
I wonder why the password has become unprintable characters like
Hi all:
After a supplicant (user) has authenticated with the Radius server through
a NAS(e.g., Access Point),
this supplicant will be able to send packets through the NAS.
My question is that, how can the NAS identify the packets that are sent from
a legitimate supplicant (who has already
37 matches
Mail list logo
