Hi,
I'm a newbie to all of this, so please bear with me. This list is all I've got!
We are introducing a wireless infrastructure on our campus (a little late in the
game).
Right now we're in testing phase. In this testing phase, We are using several 3com
7250 AP's, some 3com cards capable o
i'll try it on monday, don't want to go at work during the week end =)
i thought radiusd would connect as the user on the ldap server because in the
logs it shows that the user is allowed to access some sort of information ...
thanks a lot for your help, i'll keep you up to date on monday if the
Considering running freeradius. I have a special need that just popped
into my lap. I need to set up a radius server that allows for any
arbitrary user with any password to be authenticated by the radius
server. Sounds crazy, but I want to use the server to capture user
information for a contact
Considering running freeradius. I have a special need that just popped
into my lap. I need to set up a radius server that allows for any
arbitrary user with any password to be authenticated by the radius
server. Sounds crazy, but I want to use the server to capture user
information for a contact li
I had a problem building freeradius-1.0.0-pre2 on RH Fedora Core2 and
was able to figure a workaround.
Basically the build stopped because my system lacked the file
"com_err.h" So I installed the current RPM for krb5 and still ran into
the problem. It appears that the file is located at /usr
On Sat, Jun 19, 2004 at 01:29:55AM +0200, Michael Markstaller wrote:
> Just an idea while messing around with duplicate accountings in mysql:
> Wouldn't it be more "logical" to change the insert/update-commands in
> sql.conf to log the real start&stop-time of the session with regarding
> start/sto
Just an idea while messing around with duplicate accountings in mysql:
Wouldn't it be more "logical" to change the insert/update-commands in
sql.conf to log the real start&stop-time of the session with regarding
start/stop-delay instead of the packet-timestamp %S ?
Because otherwise any query agai
Using Debian woody,
every dialup_admin I tried *after* 0.9.3 release doesn't output the
database-query results on the web.
Apache&php should work, I can also see the queries bveing run against
the mysql-server in mysql.log and these queries also return results if I
execute them manually.
But they'r
Hi,
there are several things I can imagine to prevent the below, but before
re-inventing the wheel,
I'm sure somebody of you has a simple solution for this or some good
posts to point to ?
Here it goes:
using freeradius-1.0-pre2 on two servers, setup as follows:
- server1 doing local mysql-accoun
Norbert Wegener <[EMAIL PROTECTED]> wrote :
> On a suse9.0 system I ran
> ./configure;make.
> from config output:(complete script output is available at
> http://www.wegener-net.de/radius/typescript.bz2 )
> ...
> checking for krb5.h... no^
http://lists.cistron.nl/pipermail/freeradius-devel/2004-A
> okay i'm not really into Win stuff .. ntPassword fields seem crypted since i
> can't "read" them with my eyes, but i think it's just a hash or something. Isn't
> it the regular way to store NT passwords ?
>
> anyway, here is my ldap section in radiusd.conf:
>
> ldap {
> server = "192.168.1.6"
>
Combining both posts.
As Allen said replying to your other post. If the FilterId has a space in
it, you'll need to quote it. Plus what I said about returning multiple
values. It would look like this in ldap as an example:
securityrole: "users otherstuff"
securityrole: += "testgroup1 stuff"
sec
You need to store them in ldap with the +=. Now you probably have it like
this:
dn: ...
securityrole: testgroup1
securityrole: testgroup2
securityrole: Users
change it to this
dn: ...
securityrole: testgroup1
securityrole: += testgroup2
securityrole: += Users
That should send back all of them
On a suse9.0 system I ran
./configure;make.
from config output:(complete script output is available at
http://www.wegener-net.de/radius/typescript.bz2 )
...
checking for krb5.h... no^
...
locate krb5.h gives:
/usr/include/heimdal/krb5.h
/usr/include/linux/sunrpc/gss_krb5.h
later in the process m
Quoting Heath Partington <[EMAIL PROTECTED]>:
> Apparently must have had the wrong combination of openssl and/or
> permissions levels. Anyway it seems that if you use the eaptls howto
> with the latest released openssl and pre2 everything is fine. Thanks
> for your help.
>
When I installed ope
Apparently must have had the wrong combination of openssl and/or
permissions levels. Anyway it seems that if you use the eaptls howto
with the latest released openssl and pre2 everything is fine. Thanks
for your help.
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: F
Selon Alan DeKok <[EMAIL PROTECTED]>:
> Something other than EAP-MD5.
>
> LEAP should work.
>
> As an alternative, you could try storing NT passwords. That will
> allow LEAP & MS-CHAP to work.
>
okay i'm not really into Win stuff .. ntPassword fields seem crypted since i
can't "read" t
"Rivera, Denis" <[EMAIL PROTECTED]> wrote:
> Here is the output from radius. The problem im having is that only one group
> name is returned. As show below I have value testgroup2 and users not being
> returned.
Put them in quotes.
"group1 group2"
Alan DeKok.
-
List info/subscribe/unsubs
"Joel Eddy" <[EMAIL PROTECTED]> wrote:
> Before I go jumping off the deep end, what OS would be the best and easiest to
> use for Free Radius?
I'm partial to NetBSD, but that's just me.
For most purposes, it doesn't rally matter. Use what you're
familiar with.
Alan DeKok.
-
List info/s
Hello Guy, just checked mailing list and i got your dialup admin postgres
schema and im just combine it all. Can you take a look please, if this is
correct, it work for me.
SET search_path = public, pg_catalog;
--Table structure for table 'badusers'
--
CREATE TABLE badusers (
id BIGSERIAL P
Hello,
I have group values with spaces in them the rml_ldap is not reading the
value after the space is this a bug? Values in my securityRole values are
Change Password and Luisa Admin. I'm using freeRadius 0.9.3 and OpenLDAP
2.1.25
ad_recv: Access-Request packet from host 10.32.2.108:1164, id=4,
Thank you for the reply.
Here is the output from radius. The problem im having is that only one group
name is returned. As show below I have value testgroup2 and users not being
returned.
Ready to process requests.
rad_recv: Access-Request packet from host 10.32.2.108:1142, id=3, length=48
Before I go jumping off the deep end, what OS would be the best and easiest to
use for Free Radius?
Fedora Core 2
FreeBSD
Debian
Mandrake
Or ???
I want something simple, easy to configure and will be the most stable in the
long run.
I've used Red Hat, Fedora Core1 and FreeBSD. So I'm somewhat fam
Authentication succeeds, Authorization fails; have your configured "aaa
authorization exec default group radius" ?
permit Service-Type administrative and things should work
1645 vs 1812 as source depens on ios-version, several bugs or take a
look at "radius-server source-ports extended" but it sho
"Grant, Alastair Ian" <[EMAIL PROTECTED]> wrote:
> rlm_ldap: performing search in ou=people,dc=domain,dc=com, with filter (uid=mda)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
And it doesn't say anything about adding passwords (or any o
Christophe Saillard <[EMAIL PROTECTED]> wrote:
> Now I'd like to get credentials from an existing LDAP user storage instead
> of the Freeradius "users" file
That shouldn't be a problem.
> (I store MD5 hashed password to have PAP compatibility).
That will make CHAP & MS-CHAP not work.
> The
Arnauld Dravet <[EMAIL PROTECTED]> wrote:
> Hmm .. i think i've read docs where i understood ppl were using samba schema
> without problems ... what am i supposed to use to make it possible ?
Something other than EAP-MD5.
LEAP should work.
> LEAP returns the same error with the missing Use
"Heath Partington" <[EMAIL PROTECTED]> wrote:
> Sounds like you need a vacation.
Sniping at the people helping you won't help.
> configure: warning: FAILURE: rlm_eap_sim requires: libssl.
> configure: warning: silently not building rlm_eap_tls.
You don't have SSL installed. Install it.
"Nagesh Boyina" <[EMAIL PROTECTED]> wrote:
> When I am trying to telnet to the router though radius server it says
> authorization got failed.
> When I check radius debug it says access accept using the port 1645.
Then I suggest checking the debug logs on the router. So far as
FreeRADIUS is con
And you set "Auth-Type = EAP". DON'T DO THAT.
The "eap.conf" file has BIG HUGE COMMENTS saying DON'T DO THAT. It
really means DON'T DO THAT.
You're doing the exact opposite of what the documentation says, and
as a result, it's not working. You might try following the
recommendations of the ser
>
> Then you can't do CHAP or EAP-MD5, which is basically CHAP.
>
> Yup. EAP-MD5 doesn't work.
>
Hmm .. i think i've read docs where i understood ppl were using samba schema
without problems ... what am i supposed to use to make it possible ? LEAP
returns the same error with the missing
Sounds like you need a vacation.
So the configuration is failing but still working and the build works
fine - I am under the assumption that it just doesn't build anything
that relies on TLS (eap-tls, eap-peap, eap-ttls and the like). When I
enable tls in the config (would only make sense to do t
Which version of the server are you using? You should be using a CVS
snapshot from at least this month. There was a fix applied in late May
to correct a problem with this behavior. Try giving 1.0.0-pre3 a try
when it comes out later today.
--
--Mike
--
Micha
Hi,
I have installed the free radius with mysql server. configured the radius
server authentication on Cisco 3660 router.
When I am trying to telnet to the router though radius server it says
authorization got failed.
When I check radius debug it says access accept using the port 1645. And
also why
--On Friday, June 18, 2004 10:22:04 -0400 Alan DeKok <[EMAIL PROTECTED]> wrote:
Josh Howlett <[EMAIL PROTECTED]> wrote:
program = "/path/to/myscript.sh %{Packet-Type}
...
}
...results in a correct first argument myscript.sh for Access-Request
and Accounting-Request,
Which are bot
Christophe Saillard <[EMAIL PROTECTED]> wrote:
> Fri Jun 18 14:11:31 2004 : Debug: rad_check_password: Found Auth-Type EAP
...
> Fri Jun 18 14:11:31 2004 : Debug: rlm_eap: Request not found in the list
> Fri Jun 18 14:11:31 2004 : Error: rlm_eap: Either EAP-request timed out
> OR EAP-response
Josh Howlett <[EMAIL PROTECTED]> wrote:
> program = "/path/to/myscript.sh %{Packet-Type}
> ...
> }
>
> ...results in a correct first argument myscript.sh for Access-Request and
> Accounting-Request,
Which are both "requests"
> but not Access-Accept.
Which is a "reply". See doc
-Port = 1
> > Framed-MTU = 1400
> > User-Name = "arnauld.dravet"
> > Calling-Station-Id = "00904b625711"
> > Called-Station-Id = "000d54fc1807"
> > NAS-Identifier = "EPSI AP1"
> >
Dave Shepherd <[EMAIL PROTECTED]>
> IMPORTANT - this email and the information in it may be
> confidential, legally privileged and/or protected by law.
...
Or it may not be.
Can you please get rid of that signature? It's huge, annoying, and
has zero legal validity.
Alan DeKok.
-
List i
Hi,
Subject: Re: CN check against User Name - EAP-TLS
From: Michael Griego <[EMAIL PROTECTED]>
Date: Fri, 18 Jun 2004 05:55:21 -0500
Do you have any debugging output to show for when it should allow the
user and when it shouldn't allow the user?
--Mike
Ok, thanks for support, here is debugging s
Maqbool Hashim <[EMAIL PROTECTED]> wrote:
> Is it possible to get a Windows Domain Controller to authenticate via
> radius? Has anyone got this working?
For a Windows DC to issue RADIUS Access-Request packets when
authenticating uses?
It's not possible.
Alan DeKok.
-
List info/subscribe
Christophe Saillard <[EMAIL PROTECTED]> wrote:
> For the moment I use Freeradius with EAP-TTLS and it works fine...now
> I'd like to get users credentials form an existing LDAP database.
>
> The LDAP server sends me a valable MD5 hashed password but I think
> something failed in my users file conf
Arnauld Dravet <[EMAIL PROTECTED]> wrote:
> I'm using a classical samba/qmail LDAP schema so that users in the
> company can authenticate against ldap with win/linux
> workstations. Basically, i got 3 password fields, lmPassword,
> ntPassword, and userPassword . All of them are encrypted ...
The
"Shannon Sariman" <[EMAIL PROTECTED]> wrote:
> I'd like to know the process involved in setting up DHCP on my
> FreeRadius server instead of using a Cisco 2500 NAS to do the dynamic IP
> assignment.
FreeRADIUS doesn't do DHCP.
> At the moment I am using a Cisco 2500 NAS to do the dynamic
> IP a
prabhdeep <[EMAIL PROTECTED]> wrote:
> Could you please post your configuration file... as its not working for
> me its only in clients.conf?
Yes.
> is there any change in radius.conf?
No.
> I am using 0.93 version.
Upgrade to 1.0.0-pre3, which will be out later today.
Alan DeKok
Guy Fraser <[EMAIL PROTECTED]> wrote:
> I have been quietly watching this thread, and the idea of setting up
> a FIFO {First In First Out} buffer to handle inserts sounds like a
> good idea, but may have some adverse consequences.
Like losing requests if the server goes down. If the requests ar
"Heath Partington" <[EMAIL PROTECTED]> wrote:
> Has the issue where freeradius crashes when tls is enabled due to the
> lack of ability to find ssl libraries and includes at configuration time
> been fixed?
I think you're talking about two separate issues. The server
doesn't crash if the "confi
"Marco Marques" <[EMAIL PROTECTED]> wrote:
> I am using freeradius with mysql , is there any web interface that i can
> use to add and delete ( manage ) the user accounts in the sql server?
dialup_admin, which is included with the server.
Alan DeKok.
-
List info/subscribe/unsubscribe? See h
I've checked the logfile and here's what I get :
Info: Using deprecated naslist file. Support for this will go away soon.
Info: rlm_exec: Wait=yes but no output defined. Did you mean
output=none?
I don't think there's anything wrong in that but. Maybe, a link a bad
link to the openssl libraries wh
4364b2d93ae8
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 3
> modcall[authorize]: module "preprocess" returns ok for request 3
> radius_xlat: '/var/log/radius/radacct/192.168.6.3/auth-detail-20040618'
> rlm_
Thanks for your help.
I think I'm not far from the end but I still have problems.
Here's the debug logs :
[...]
Fri Jun 18 14:11:17 2004 : Debug: rlm_ldap: performing search in
dc=u-strasbg,dc=fr, with filter (uid=csaillard)
request 6 done
Fri Jun 18 14:11:31 2004 : Debug: rlm_ldap: Added password
hello Mike,
i have a big problem with this machine certificates for win2000 and xp. to
create the CA and certificates i used the openssl tool. in addition i have
added the microsoft OIDs in the opnessl.cnf.:
1.3.6.1.4.1.311.20.2=DER:1e:0e:00:4d:00:61:00:63:00:68:00:69:00:6e:00:65
and of course t
I think I've found a possible bug in rlm_exec (???).
Something like:
exec myscript {
...
program = "/path/to/myscript.sh %{Packet-Type}
...
}
...results in a correct first argument myscript.sh for Access-Request and
Accounting-Request, but not Access-Accept. An Access-Accep
Title: Pre2 with Mipsel
Hi :
Have any one try to cross compile PRE2 for MIPSEL Platform?
I tried to compile have an error on doing LD job.
Have error message below,
Error Message
radiusd.o: In function `no symbol':
/home/freeradius-1.0.0-pre2/src/main/radiusd.c:1446: undefined reference to `
On Fri, 18 Jun 2004, apellido jr., wilfredo p. wrote:
> mysql -h mysql.host.com -u username -p radius < badusers.sql this is for MYSQL. what
> about POSTGRESQL? i tried this
>
> cat mtotacct.sql | psql radius
>
> and i got this : ERROR: syntax error at or near "(" at character 44
>
> thanks
>
s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I want to use PEAP and created the certificates with CA.all in the scripts
dir. I copied the cert-srv.pem and root.pem to my config dir and configured
eap.conf according. But radiusd -XA stops with the following error:
tls: private_key_file =
Do it as per How-To guide and after that install pre2 it works.
Ofcourse it worked for me.
Thank you,
Sathish Challa.
GRIC Software India Pvt. Ltd., www.GoRemote.com
Mobile: +91-98451-90676
Office [Direct]: +91-80 513 80 882
Server Group's Mission:
Innovative, open and scalable solutions pionee
On Fri, 2004-06-18 at 12:07, Maqbool Hashim wrote:
> Thanks,
>
> I suppose could just use LDAP to authenticate Windows Domain
> Controllers.
Sorry, you are confusing me. A Windows Domain Controller in my mind is
what holds the SAM database, which contains the user data, so in this
scenario no.
After solving a lot of the errors I got from freeradius I have only one
left:
"Eror: WARNING: Unresponsive child (id 4534545) for request 54654"
I am using freeradius with pgsql and billing.
Can someone help me explain this error and maybe help me solve it? Thanks.
Costin
-
List info/subscrib
> Hello !
>
> I've been trying to make freeradius working with EAP-TLS but I have a
> segmentation fault.
> I'm using :
> - freeradius 1.0.0 pre1
> - openssl-SNAP20040613
>
> when I radiusd is launched with the script radiusd.sh, here is what I
> get :
>
> Module: Loaded eap
> eap: default_eap_type
Thanks,
I suppose could just use LDAP to authenticate Windows Domain
Controllers. I am not actually asking this question for Domain
Controllers which I personally run, but for clients who might have these
things and I would like to be able to authenticate these windows
machines via our radius
Do you have any debugging output to show for when it should allow the
user and when it shouldn't allow the user?
--Mike
On Fri, 2004-06-18 at 05:34, pouet wrote:
> Hi,
> I try to use the "check_cert_cn = %{User-Name}" option in the tls
> section of eap.conf. It's not working and still the user'
Hello !
I've been trying to make freeradius working with EAP-TLS but I have a
segmentation fault.
I'm using :
- freeradius 1.0.0 pre1
- openssl-SNAP20040613
when I radiusd is launched with the script radiusd.sh, here is what I get :
Module: Loaded eap
eap: default_eap_type = "tls"
ea
Hi,
I try to use the "check_cert_cn = %{User-Name}" option in the tls
section of eap.conf. It's not working and still the user's certificate
is ok, freeradius accept him whatever he typed in the User-Name field
who is responded after an eap-request-ID message. Is there here someone
who is using
On Fri, 2004-06-18 at 10:43, Maqbool Hashim wrote:
> Is it possible to get a Windows Domain Controller to authenticate via
> radius? Has anyone got this working?
>
> I think what I'm asking is: Is there a radclient for Windows Domain
> Controllers?
You might want to try ntradping (www.mastersof
Hi,
I'm using freeradius-1.0.0-pre2 and i'm trying to authenticate windows client
(XP with SP1) via EAP-SIM. My access point is Cisco 1200. I receive the
following error while authenticating:
--LOG START---
rad_recv: Access-Request packet
Is it possible to get a Windows Domain Controller to authenticate via
radius? Has anyone got this working?
I think what I'm asking is: Is there a radclient for Windows Domain
Controllers?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Christophe.
Christophe Saillard pravi:
For the moment I use Freeradius with EAP-TTLS and it works fine...now
I'd like to get users credentials form an existing LDAP database.
The LDAP server sends me a valable MD5 hashed password but I think
something failed in my users file configuration.
Yo
Hello,
For the moment I use Freeradius with EAP-TTLS and it works fine...now
I'd like to get users credentials form an existing LDAP database.
The LDAP server sends me a valable MD5 hashed password but I think
something failed in my users file configuration.
Does someone have such a working con
Hi all,
I'm using FR+TTLS+LDAP for WiFi access. Just wondering
how people implement account lock out after fixed
number of failed authentication attempt?
Thanks.
__
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mob
> Hello all ,
>
> I am using freeradius with mysql , is there any web interface that i can
> use to add and delete ( manage ) the user accounts in the sql server?
>
you can make use of dialup admin or mysqladmin to manage your MySQL database
and tables,
webmin too...more to google.
//milver
-
Hello Htin.
Htin Hlaing pravi:
Based on the description of use_tunneled_reply = yes in ttls section of
eap.conf, I understood it as the reply to the NAS will use the
attributes from the inside tunnel. But, with this value set to yes, I
still see Access-Accept reply to the NAS still has the user-na
On Thu, 2004-06-17 at 16:33, Maqbool Hashim wrote:
> Is it possible to get a Windows Domain Controller to authenticate via
> radius? Has anyone got this working?
Could you please expand on what you requirements are.
I have users authenticating against a Windows BDC via radius if that is
what you
Message-Authenticator = 0xb917bedaab691dda63cd4364b2d93ae8
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
radius_xlat: '/var/log/radius/radacct/192.168.6.3/auth-deta
74 matches
Mail list logo