dear all
i have install and follow in web site ( freeradius.org) i use default
konfiguration , when in try query radtes like this
[EMAIL PROTECTED] /usr/local/free_rd/bin/radtest steve testing
localhost 1645 testing123
Sending Access-Request of id 144 to 127.0.0.1:1812
User-Name = steve
Hello!
I am looking to configure freeradius to support PEAP..so that my
wireless users can use 802.1x in Win XP to obtain a secure connection.
I am little confused (I have to admit I am a Radius novice) regarding
this..Basically, I want the users to use the username/password (stored
in the radius
On Fri, Oct 01, 2004 at 05:48:28PM +0300, Kyriaki Gali wrote:
ok i have solve my problem with rlm_perl.
Does anyone know how can i get enviroment variables in example.pl
Before i use rlm_pel i get that like this
$username = $ENV{USER_NAME};
Now what can i do to get $username from the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am Dienstag, 5. Oktober 2004 09:29 schrieb Technical Support:
Hello!
I am looking to configure freeradius to support PEAP..so that my
wireless users can use 802.1x in Win XP to obtain a secure connection.
I am little confused (I have to admit I
Hi,
I created a user freeradius in /etc/freeradius/users who has permissions to
connect on any firewall (created in /etc/freeradius/clients). Now, I want
this user connect on one firewall only. Is there an attribute for that ? The
user has authorization for one firewall and not for others.
Luis Daniel Lucio Quiroz schrieb:
I rather preffer pap, you just only put on risk one
account not everibody
Well, then you just shouldn't use (MS-)CHAP.
Note however that PAP is incompatible with
MS point-to-point-encryption.
Also note that getting access to the radius server
and reading the
Hi,
Just a simple question. When using freeradius with mysql
and the only authentication you do is eap-tls - are there
any gotchas or special settings/setup required? Basically
I just want to get accounting data. I am unclear as to the
change, if any, of storage of usernames and keys/certs. I
On Mon, 4 Oct 2004, Evert Meulie wrote:
One more question though... What is the correct format for the
nas-table? :-)
The one included in db_mysql.sql
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone:
NAS-IP-Address = nnn.nnn.nnn.3
NAS-Port = 0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module preprocess returns ok for request 1
radius_xlat: '/var/log/radius/radacct/nnn.nnn.nnn.3/auth-detail-20041005
Don't know if you have sorted this already?
This might help you on the way to sorting this problem.
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7b4.html
Also have a look at the Cisco PIX firewall and VPN configuration guide /
configuring
Hi,
after I got my EAP-PEAP working with cleartext passwords in users, I
want to configure pam authentication. First question: Is it possible for
PEAP? Second question: How do I configure radius (1.0.1) with pam
support? doc/rlm_pam reads:
Compile and install freeradius with pam support
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi!
Alan DeKok wrote:
Andrew Werbowy [EMAIL PROTECTED] wrote:
I belive you are right about LDAP query not comming back from LDAP
server
That's not what I meant.
I meant that there's no data which FreeRADIUS can use coming back.
Please
Both in the debug file and when I try manually I get this error:
From radiusd debug:
radius_xlat: Running registered xlat function of module mschap for string
'NT-Response'
radius_xlat: '/usr/bin/ntlm_auth --request-nt-key --domain=AALESUND
--username=AALESUND\\OG4 --challenge=0d5109a4fd1785c4
Andreas Haumer [EMAIL PROTECTED] wrote:
Please configure a clear-text password for the user in the LDAP
entry for that user. See doc/ldap_howto.txt. Until you configure a
clear-text password which FreeRADIUS can retrieve, MS-CHAP will never
work.
Hm...
Are you sure? ;-))
You can
=?iso-8859-1?Q?=D8ystein_G=E5sdal?= [EMAIL PROTECTED] wrote:
Which brings me back to one of my questions: how on earth does
ntlm_auth (or the machine it is running on) know where the nt4
domain is?
Please consult the ntlm_auth documentation to discover how to get it
working from the command
[EMAIL PROTECTED] wrote:
am trying something like
./radclient -s 192.168.1.1 disconnect secret User-Name=username
radclient doesn't work that way.
Please read the radclient man page to see how to use it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Technical Support [EMAIL PROTECTED] wrote:
I am looking to configure freeradius to support PEAP..so that my
wireless users can use 802.1x in Win XP to obtain a secure connection.
I am little confused (I have to admit I am a Radius novice) regarding
this..Basically, I want the users to use the
Christoph Litauer [EMAIL PROTECTED] wrote:
I want to use automativ wep key rotation using an EAP-TLS setup. My NAS
(Cisco AP 340) supports an option named Broadcast WEP Key rotation
interval (sec).
I think that's different.
Setting this value to 300 I expected that my radius
debug log
GAUDIN Thomas [EMAIL PROTECTED] wrote:
I created a user freeradius in /etc/freeradius/users who has permissions to
connect on any firewall (created in /etc/freeradius/clients). Now, I want
this user connect on one firewall only. Is there an attribute for that ?
The Client-IP-Address will
Christopher Price [EMAIL PROTECTED] wrote:
Here is the debug information...
No, it isn't.
You have very carefully edited out significant portions of the debug
log. I don't see why.
EAP-Message = 0x0201000b01637072696365
...
rlm_ldap: Attribute User-Password is required for
On Tue, 5 Oct 2004, Christoph Litauer wrote:
I want to use automativ wep key rotation using an EAP-TLS setup. My NAS
(Cisco AP 340) supports an option named Broadcast WEP Key rotation
interval (sec). Setting this value to 300 I expected that my radius
debug log reports new requests every 5
Andreas Haumer [EMAIL PROTECTED] wrote:
2.2) The FreeRADIUS server ist set up to support MSCHAPv2 authentication.
This is not trivial and requires some fiddling.
Absolutely not. If you configure a user clear-text password,
then MSCHAPv2 authentication will work the first time you try
Christoph Litauer [EMAIL PROTECTED] wrote:
after I got my EAP-PEAP working with cleartext passwords in users, I
want to configure pam authentication. First question: Is it possible for
PEAP?
No.
Second question: How do I configure radius (1.0.1) with pam
support? doc/rlm_pam reads:
Alan DeKok schrieb:
Christoph Litauer [EMAIL PROTECTED] wrote:
after I got my EAP-PEAP working with cleartext passwords in users, I
want to configure pam authentication. First question: Is it possible for
PEAP?
No.
Thanks.
Then I will ask from the other point of view: Is it possible to use
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi!
Alan DeKok wrote:
Andreas Haumer [EMAIL PROTECTED] wrote:
Please configure a clear-text password for the user in the LDAP
entry for that user. See doc/ldap_howto.txt. Until you configure a
clear-text password which FreeRADIUS can retrieve,
Christoph Litauer [EMAIL PROTECTED] wrote:
Then I will ask from the other point of view: Is it possible to use
EAP-PEAP with an authentication method other than cleartext passwords in
users?
Yes. Clear-text passwords can be stored in any database.
Or, NT-Passwords can be stored in any
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi!
Alan DeKok wrote:
Andreas Haumer [EMAIL PROTECTED] wrote:
2.2) The FreeRADIUS server ist set up to support MSCHAPv2 authentication.
This is not trivial and requires some fiddling.
Absolutely not. If you configure a user clear-text
Andreas Haumer [EMAIL PROTECTED] wrote:
The biggest problem currently is IMHO the huge amount of
outdated or semi-complete documentation one will find out
there when using google or the mail-archives!
Submit some documentation, and we'll include it.
But the documentation should consist of
I tried starting from scratch with the default configuration files. Just for giggles I put a dummy user in the users file and commented out any reference to ldap in the authorize and authentication sections of radiusd.conf. The 802.1X worked fine in this manner. Now that I
Andreas Haumer schrieb:
FreeRADIUS is an additional piece and fits fine in the
whole system
to allow those networks to provide encrypted VPN access
with easy to
use clients and still maintain a central database of
accounts in the
network.
Note however, that MPPE with it's keys derived
Christopher Price [EMAIL PROTECTED] wrote:
I tried starting from scratch with the default configuration files. Just
for giggles I put a dummy user in the users file and commented out any
reference to ldap in the authorize and authentication sections of
radiusd.conf. The 802.1X worked fine in
Hi,
But clear-text passwords are in many situations a no-no
and usually you already have the sambav3 schema which
gives you
the windows password hashes which will work with mschapv2
authentication
The whole security of RADIUS (and any similar product) is based
on clear-text
I have to link a microsoft active directory in my workplace not under my
rooty control.
The user DN in AD are stored in the following format (please don't ask
me why!):
CN=ALBRIZIO DANIELE (5620),OU=9800,OU=personale,DC=ds,DC=units,DC=it
Yes, with parenthesis!
In radiusd.conf I have this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tuesday 05 October 2004 11:32, Lew A wrote:
listen {
bind_address = 192.168.0.22
port = 0
type = auth
}
This doesn't look like the example in the default radiusd.conf. Looking at a
default radiusd.conf entry, there
oh, shoot, stupid oversight on my part...
#bind_address = *
#port = 0
listen {
ipaddr = 192.168.0.22
port = 0
type = auth
}
works much better... thanks, and sorry
Thank you,
Lew A
GWI Operations
On Tue, 5 Oct 2004, Kevin Bonner wrote:
-BEGIN PGP SIGNED
Hi,
I posted this question earlier and I think I am overlooking something.
I am trying to set up FreeRadius 1.0.0 so that I can keep some usernames
and passwords for given realms locally as well as proxy on to the home
servers if the username is not found in the local database.
As per your
Is there an option that you can put in the ldap section of the configuration to tell the server to dereference an aliased object in the LDAP directory?
Hi,
I know I'm a bit stressing but is this something new about radgroupreply
?
Thx a lot
-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de EROS
Envoyé : lundi 4 octobre 2004 19:31
À : [EMAIL PROTECTED]
Objet : RE : RE : radgroupreply
Hi,
Thx for you
Hello,
I searched throught the list archives, but didn't find anything pertaining
to this issue (or I just didn't search on the correct phrases).
I'm running freeRadius 1.0.1 on RedHat 2.4.21-20.ELsmp (Enterprise ES
3.0). I've got it authenticating against my LDAP servers (several
redundant) and
Breeze P. Howard wrote:
Hello,
I searched throught the list archives, but didn't find anything pertaining
to this issue (or I just didn't search on the correct phrases).
I'm running freeRadius 1.0.1 on RedHat 2.4.21-20.ELsmp (Enterprise ES
3.0). I've got it authenticating against my LDAP servers
Hello.
I am trying to set up a freeradius server to authenticate MAC addresses
for my cisco wireless access points. The access point I want it to work
with is a Cisco 1231.
Now, I set up freeradius and I have an SMC access point (SMC 2552) that
it works just fine with. Authenticates just like
Christopher Price wrote:
Is there an option that you can put in the ldap section of the
configuration to tell the server to dereference an aliased object in the
LDAP directory?
Me too have interest about this topic.
I also need to ignore referrals given by an ldap server.
--
Daniele
On Tue, 5 Oct 2004, Christopher Price wrote:
Is there an option that you can put in the ldap section of the
configuration to tell the server to dereference an aliased object in the
LDAP directory?
There isn't an option in the ldap section but there is an option in the openldap
library. man
On Tue, 5 Oct 2004, Breeze P. Howard wrote:
Hello,
I searched throught the list archives, but didn't find anything pertaining
to this issue (or I just didn't search on the correct phrases).
I'm running freeRadius 1.0.1 on RedHat 2.4.21-20.ELsmp (Enterprise ES
3.0). I've got it
Hi all,
We are experiencing some unexpected behaviour of freeradius on our Solaris 9 platform.
We use two V240 dual processor SPARC machines, LDAP back-end, flat file accounting. I
have heavily indexed the directory and it seems lightning fast, slapd is running at
0.2% most of the time, yet
On Tue, 5 Oct 2004, Stungo, Jamie wrote:
Hi all,
We are experiencing some unexpected behaviour of freeradius on our Solaris 9
platform. We use two V240 dual processor SPARC machines, LDAP back-end, flat
file accounting. I have heavily indexed the directory and it seems lightning
fast, slapd
Thanks for advice but in radiusd.conf I wrote:
user root
group root
and radiusd runs as root or that is not enough.
I tried running simple script and it works, but
when I change the script with the one that makes
shaping then nothing hapens.
Forgive me but I didn't understand how to use
Thanks much but I need the script executed after
successful authentication not before that. Any way
thanks my simple script was executed correctly.
Regards
Ivo Petrov
--- Edgars [EMAIL PROTECTED] wrote:
Hello,
see what's written in logs. Try Exec-Program-Wait
instead.
Edgars
Ivo
Hi ,
Can anyone please give me idea as to how i can configure freeradius to assign
addressess to dial-in users from an ip-pool ?
Regards
Athif
-Original Message-
From: Kostas Kalevras [mailto:[EMAIL PROTECTED]
Sent: Tue 10/5/2004 11:50 PM
To: [EMAIL PROTECTED]
Cc:
Subject:Re: 0.9.3 Solaris performance problem
On Tue, 5 Oct 2004, Stungo, Jamie wrote:
Hi all,
We are experiencing some unexpected behaviour
Have you tried putting the process under truss (truss -fp PID) to see
what kind of system calls are being made by radius? This may give you an
idea of what is going on.
Robert
On Wed, Oct 06, 2004 at 01:33:34AM +0100, Stungo, Jamie wrote:
-Original Message-
From: Kostas Kalevras
No, hadn't tried that... thanks for the suggestion. Many calls to read() to get the
next username logging in. It may be that the high CPU load is due to the pattern
matching going on inbetween these calls.
I'd like to understand why only one CPU shows at full load and the other idling. Is it
I don't think prstat is reporting incorrectly. To verify, you could
always use 'top'. Just be aware that top's statistics are not measured
the same way as prstat. Just to make sure you have two procs in that
box, run 'psrinfo -v' and see if you have two procs. Is there a chance
you only have one
And compile your own top, Sun and Sunfreeare builds are just a little flaky IMO
Robert Banniza wrote:
I don't think prstat is reporting incorrectly. To verify, you could
always use 'top'. Just be aware that top's statistics are not measured
the same way as prstat. Just to make sure you have two
55 matches
Mail list logo
