Cameron Gregg wrote:
Hi all,
I'm getting a linking error
I'm using freeradius-1.0.0-pre2 on Solaris 8.
The error is:
/usr/ccs/bin/ld -G -h rlm_x99_token-1.0.0-pre2.so -o
.libs/rlm_x99_token-1.0.0-pre2.so x99_rlm.lo x99_util.lo x99_state.lo
x99_mac.lo x99_sync.lo x99_site.lo x99_pwe.lo
Hello!
Is it possible to do case insensitive regular expression matching in
users file ?
I'd like to replace:
DEFAULT User-Name =~ ^[Aa][Nn][Oo][Nn][Yy][Mm][Oo][Uu][Ss]|[EMAIL PROTECTED]
with something like:
DEFAULT User-Name =~ m/^anonymous|[EMAIL PROTECTED]/i
lower-casing all
Hello Christophe.
Christophe Saillard pravi:
And you set Auth-Type = EAP. DON'T DO THAT.
I do that ;). I prefer to manualy set EAP when user tries to identify as
[EMAIL PROTECTED]. Users are *NOT* allowed to use any other authentication
method :).
For the moment I've a running freeradius
Hello!
My configuration :
Openssl v 0.9.7d installed with the option
shared in /usr/local/ssl
Openssl v 0.9.7d installed with the option
shared in /usr/local/openssl-certgen
openssl-SNAP20040613
installed with the
option shared in /usr/local/openssl
./config
and install OK !
Hello all,
can anybody tell me which version of PEAP is implemented in FreeRadius?
is the PEAP version 2 implemented?
Thanks in advance.
--
==
Manuel Sanchez Cuenca
Dept. Ingenieria de la Informacion y las Comunicaciones
Universidad de Murcia -
Mack,
I Was not trying to blow you off by making the statement of reading the
archives... I
am still, what I consider, a newbie as well...
The statement about a lot of discussion on the subject you are requesting is
true so I
thought you would be better served checking over those discussions!
Hello again,
Thanks for your help, it works great now ... just did what you told: an ldap
user who got read access on all fields/users of the directory.
Problem now is that i have to enter the encrypted version of the password in the
username/password popup window. The userPassword field in
Before I go jumping off the deep end, what OS would be the best and
easiest to
use for Free Radius?
Fedora Core 2
FreeBSD
Debian
Mandrake
Or ???
I'm a linux and Freeradius newbie and I'm using Freeradius for two month
on a mandrake 9.2, it's not to hard to congigure and it works very
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am Montag, 21. Juni 2004 10:46 schrieb Michel EAR:
Hello !
My configuration :
Openssl v 0.9.7d installed with the option shared in /usr/local/ssl
Openssl v 0.9.7d installed with the option shared in
/usr/local/openssl-certgen
Hi,
Now I've a working TTLS/PAP with LDAP storage configuration ;-)
Here's what I've to put in the users file to make it work :
DEFAULT Auth-Type := PAP, Freeradius-Proxied-To == 127.0.0.1
User-Name = `%{User-Name}`,
Fall-Through = no
But now PEAP/MSCHAPv2
Quoting Mark Coccimiglio [EMAIL PROTECTED]:
I had a problem building freeradius-1.0.0-pre2 on RH Fedora Core2 and
was able to figure a workaround.
Basically the build stopped because my system lacked the file
com_err.h So I installed the current RPM for krb5 and still ran into
the
Hello,
I've a TTLS/PAP working configuration with dynamic VLAN allocation.
Here's a sample of the users file :
userX Crypt-Password == $1$
Tunnel-Type:1 = 13,
Tunnel-Medium-Type:1 = 6,
Tunnel-Private-Group-ID:1 = 4
At the authentication's end the NAS put the userX in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am Montag, 21. Juni 2004 14:04 schrieb Christophe Saillard:
Hello,
I've a TTLS/PAP working configuration with dynamic VLAN allocation.
Here's a sample of the users file :
userX Crypt-Password == $1$
Tunnel-Type:1
No. Currently, only PEAPv0 is implemented.
--Mike
On Mon, 2004-06-21 at 05:53, Manuel Sánchez Cuenca wrote:
Hello all,
can anybody tell me which version of PEAP is implemented in FreeRadius?
is the PEAP version 2 implemented?
Thanks in advance.
-
List info/subscribe/unsubscribe? See
Try something like this for your check line:
DEFAULT Freeradius-Proxied-To == 127.0.0.1, EAP-Message !* ,
Auth-Type := PAP
--Mike
On Mon, 2004-06-21 at 06:59, Christophe Saillard wrote:
Hi,
Now I've a working TTLS/PAP with LDAP storage configuration ;-)
Here's what I've to put
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am Sonntag, 20. Juni 2004 06:56 schrieb Sathish Challa:
Michael,
Could you let me know how do u succeed with Setup:
FreeRADIUS Version 1.0.0-pre2 setup with only OpenSSL 0.9.7d I am getting
segmentation fault.
hi,
do you have more than one
On Mon, Jun 21, 2004 at 03:15:29PM +0500, George Chelidze wrote:
Hello,
I need to add one column to radacct table and set it according to values
inserted into table on stop packet receipt. The external program is
coded in C. What if I place acct_users after sql in accounting section?
Ok, please forget my precedent message, i've just re-read aaa.txt and it's said
that the AP sends an hash of the password it receives from the supplicant. No
way to make freeradius crypt it it would not have any sense ... now that i'm
lost in all those auth protocols, i don't know what to do
I am trying to setup a radius server that should work as an accounting
server only. Is this possible? I want all passwords to be accepted. I Tried
to use Exec-Program-Wait, but later saw this is not called until after
password has been accepted.
Thanks for your time.
/Andreas
-
List
Hello,
Paul Hampson wrote:
On Mon, Jun 21, 2004 at 03:15:29PM +0500, George Chelidze wrote:
Hello,
I need to add one column to radacct table and set it according to values
inserted into table on stop packet receipt. The external program is
coded in C. What if I place acct_users after sql in
Hi Andreas,
in users file
DEFAULT Realm == toto.cl, Auth-Type := Accept
Tunnel-Assignment-Id := 1.2.3.4,
Tunnel-Server-Endpoint := 1.2.3.4,
Tunnel-Medium-Type := IP,
Tunnel-Type := L2TP,
Tunnel-Password := my_ultrascret_passwd,
Framed-Protocol :=
Mack [EMAIL PROTECTED] wrote:
I had scanned them prior to posting, but there seem to be no solutions
to all of the problems people have with this configuration.
From what I can seem you're trying to use EAP-TLS, *and* some kind
of LDAP authorization/authentication, but you're not putting the
Rok Papez [EMAIL PROTECTED] wrote:
Is it possible to do case insensitive regular expression matching in
users file ?
Not really. The CVS head has patches which should make it easier,
but it's still not done yet.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Rok Papez [EMAIL PROTECTED] wrote:
And you set Auth-Type = EAP. DON'T DO THAT.
I do that ;). I prefer to manualy set EAP when user tries to identify as
[EMAIL PROTECTED]. Users are *NOT* allowed to use any other authentication
method :).
That's about the only time you should set it.
Arnauld Dravet [EMAIL PROTECTED] wrote:
Problem now is that i have to enter the encrypted version of the
password in the username/password popup window. The userPassword
field in the LDAP entries are encoded with the {CRYPT} salt. Is
there a way to configure/hack FreeRadius to tell it to crypt
Christophe Saillard [EMAIL PROTECTED] wrote:
Now I've a working TTLS/PAP with LDAP storage configuration ;-)
Here's what I've to put in the users file to make it work :
DEFAULT Auth-Type := PAP, Freeradius-Proxied-To == 127.0.0.1
User-Name = `%{User-Name}`,
PS [EMAIL PROTECTED] wrote:
... if a nas sends invalid shared secret I still get it's access
request packet processed, but only the User-Password is modified
(with trash).
That's the way RADIUS works.
As I found out, there is no such problem for accounting packets -
they are automatically
Ken Wolstencroft [EMAIL PROTECTED] wrote:
I can add and rewrites attributes from an external program, but I can not
figure out a way of removing them.
It's not generally recommended, but try the -= operator. See the
man page for the users file.
Alan DeKok.
-
List
Hi again Alan,
Configure the password_header entry in the ldap{} section, in
radiusd.conf.
already done, but in the doc it's said it just strips away the {CRYPT} substring
of the crypted passwd. Still have to put the encrypted password in the popup box
to make it work...
You can also
Thanks Alan I'll give it a try.
Ken
- Original Message -
From: Alan DeKok [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, June 21, 2004 5:08 PM
Subject: Re: Removing attributes using an external program
Ken Wolstencroft [EMAIL PROTECTED] wrote:
I can add and rewrites
Arnauld Dravet [EMAIL PROTECTED] wrote:
already done, but in the doc it's said it just strips away the
{CRYPT} substring of the crypted passwd. Still have to put the
encrypted password in the popup box to make it work...
That shouldn't be necessary.
Also tried it:
checkItem
That shouldn't be necessary.
well i'll double check tomorrow, i've done so many tests so far that maybe it's
not usefull anymore .. I know for sure that in debug logs, it shows the password
grabbed as {CRYPT}xxx.
rlm_ldap: Adding userPassword as Crypt-Password, value { op=21
Hi,
I am using ip pool on my radius server 0.9.3
installed on Solaris 5.8.
When NAS sends Access-Requestwith
Framed-IP-Address attribute set to 255.255.255.254
then server responds with Access-Accept package
with Framed-IP-Address attribute set to one of IP addresses taken from ip
pool.
(Moderators: sorry I first sent this email with the wrong email address)
Hi list,
I'm curious about the possibility to use PGP keys to authenticate users
via a challenge. I'm using an LDAP database to store my users
information, and this is working great with a simple login/password
scheme for
Alain Perry [EMAIL PROTECTED] wrote:
I'm curious about the possibility to use PGP keys to authenticate users
via a challenge. I'm using an LDAP database to store my users
information, and this is working great with a simple login/password
scheme for the moment. However, I would really like to
Miroslaw Niemiec [EMAIL PROTECTED] wrote:
Could anybody help me if it possible to retrieve from the radius server
an information what ip address (from ip pool) has been assigned
to a particular user who is currently logged in to NAS.
rlm_ippool_tool, which is included with the ippool module
What software exists on the client side to do this? If the answer
is none, there isn't much point in doing it.
The answer is none, but I'm planning on writing it...
EAP started off as part of PPP. It's used elsewhere now.
That I understood.
To do this, you could use EAP-GTC, but few
Hi:
I am using freeRADIUS (0.9.3 on linux with openssl ) for EAP-TLS authentication using our in-house supplicant, we are currently using 3-tier cert chains and have been using it quite successfully for TLS authentication with OpenSSL but when we try to use these same 3-tier certs for EAP-TLS
Alain Perry [EMAIL PROTECTED] wrote:
FreeRADIUS can do challenge-response fairly easily, but you will
have to write code to decide what to use for a challenge, and how to
verify the response.
Is this feasable as a module, or do I have to actually modify FreeRADIUS
code to do it ?
Alan,
I agree...I should read the docs and the lists more thoroughly.
My AP requires that I enable 802.1x in order to use RADIUS authentication. So, I
figured I'd use EAP-TLS. I'm just testing now...using an XP client, so I chose to use
EAP-TLS. I want to use LDAP because that's where our
Gary,
No, no, not you. I didn't mean you...sorry. You've been helpful...more
so, you've shown a willingness to help. Thanks for that.
I followed your suggestion about looking deeper into the list archives,
and have progressed a bit further (i think). I stumbled upon PEAP, and configured
my
Hi Mack,
As for the looping problem - one question - do you have a wireless network
card manager running in the background on the laptop ( I don't mean the nic
driver) along with the supplicant???
I have EAP/TTLS running at home and ran into a looping problem that sounds
the same (authenticated
Gary,
I didn't recognize any services as being a wireless network card manager. Didn't see
anything in add/remove, either. Where/how did you find yours?
Thanks for clueing me in on the meaning of ymmv!
I'll keep digging around for more information on my problem. BTW...did you have a
Hi,
Does anybody know why accounting table is updated only when Account Stop
packet is sent?
Although the Account Start is not lost, but its only inserted when Account
Stop is triggered.
Does Freeradius saves the Accounting packets in some intermediary files
before updating database?
If it
I am trying to get PEAP running with server certificate.
I am using freeRADIUS version 1.0.0.pre3. I get the following error. Can anyone tell me the reason for this. Here is the setup,
client -- AP -- freeRADIUS
radiusd output with -X -A option
.
Waking up in 6
prabhdeep [EMAIL PROTECTED] wrote:
Does anybody know why accounting table is updated only when Account Stop
packet is sent?
It's updated for start update queries, too, in the default config.
Although the Account Start is not lost, but its only inserted when Account
Stop is triggered.
Mack [EMAIL PROTECTED] wrote:
My AP requires that I enable 802.1x in order to use RADIUS
authentication. So, I figured I'd use EAP-TLS.
Are you picking it at random, or are youi looking at the features it
offers, and using your requirements to decide on a solution?
I'm just testing
Hi Alan.
Alain Perry pravi:
FreeRADIUS can do challenge-response fairly easily, but you will
have to write code to decide what to use for a challenge, and how to
verify the response.
Is this feasable as a module, or do I have to actually modify FreeRADIUS
code to do it ?
A lot of freeRadius
48 matches
Mail list logo
