took me about 10 mins to figure out why freeradius was seg faulting, but it
appears to segfault when it tries to load a module but can't find it.. any
chance of it giving a gracious exit (with reason)?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello, I want to have a secondary server radius if primary fall.
I think my configuration is good but when I use radtest, the proxy
radius server doenst't proxy the request to the secondary radius server.
In order to test my configuration the primary server doesn't exist (
it's a pc but not a
Hello!
Now that's a complicated script. How about
#!/bin/bash
pstree | grep radiusd || /etc/rc.d/init.d/radiusd restart
and putting that into cron (it is even small enough to be able to execute it
every minute). Much simpler because it only checks if the server crashed by
looking if the
Nans Delrieu wrote:
Hello, I want to have a secondary server radius if primary fall.
I think my configuration is good but when I use radtest, the proxy
radius server doenst't proxy the request to the secondary radius
server.
It will mark the server as dead and send the NEXT request to the
1.0.1 resolved the issues.
___
ALL-NEW Yahoo! Messenger - all new features - even more fun!
http://uk.messenger.yahoo.com
-
List info/subscribe/unsubscribe? See
Ok. You are right. Thanks
I make a test, now my radius is okay.
On Wed, 12 Jan 2005, Dustin Doris wrote:
Was this a copy/paste? Look below in the radiusd.conf section. You put
in
identify = cn=root...
instead of
identity = cn=root...
That would explain why you are
Title: Message
Hi, I'm a newbie to FreeRadius and authentication-models and so
on, so please be patient :-)
I'm trying to set my FreeRadius with support for PEAP (MS-CHAP
v2) but I'm not sure if I'm doing it right.
Does somebody have a clue to why I get permission denied when
trying to open
Hello!
-rw-r- 1 root radiusd 1346 Oct 5 02:14 cacert.
16520:error:0200100D:system library:fopen:Permission
denied:bss_file.c:104:fopen('/etc/raddb/certs/demoCA/cacert.pem','r')
Well, your file name is cacert. but you configured to look for cacert.pem.
Greetings,
Stefan Winter
--
Sorry about that!
The extension got lost when I pasted the output into the messagebody. It does
read cacert.pem as it should.
Thanks anyway!
Thomas Hedenborg
Phone +46 63 16 66 37
E-mail [EMAIL PROTECTED]
-Original Message-
From: [EMAIL
On Thursday 13 January 2005 06:39, Hedenborg Thomas wrote:
Does somebody have a clue to why I get permission denied when trying to
open the cacert.pem file? See the file-permissions below.
ls -la cacert.pem
-rw-r- 1 root radiusd 1346 Oct 5 02:14 cacert.
try -rw-r--r-- instead.
Zoltan
When I am trying to start radius using service script then
it shows ok but
# ps ax|grep -i radius shows no process
service radiusd status gives radiusd
dead but subsys locked
What can be the reason?
Amit Gupta
Mobile:
91-9891062552
Yahoo IM: amitguptainn
MSN IM :
Hi, nope didn't help...
19803:error:0200100D:system library:fopen:Permission
denied:bss_file.c:104:fopen ('/etc/raddb/certs/demoCA/cacert.pem','r')
19803:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:109:
19803:error:0B084002:x509 certificate
Hello everybody.
I have installed Mysql, PHPMyAdmin.
Both of them seem to be working fine...but ...
whenever I try to query Mysql from web, I get an error "Could not connect
to Mysql", although I can connect to the database through command line.
I have also installed freeradius with basic
On Thursday 13 January 2005 07:57, Hedenborg Thomas wrote:
Hi, nope didn't help...
# ls -la certs/demoCA/cacert.pem
-rw-r--r-- 1 root radiusd 1346 Oct 5 02:14 certs/demoCA/cacert.pem
//Thomas
Since you have:
main: user = radiusd
main: group = radiusd
See what user
I have installed Mysql, PHPMyAdmin.
Both of them seem to be working fine...but ...
whenever I try to query Mysql from web, I get an error Could not connect
to Mysql, although I can connect to the database through command line.
make sure that username and password to access mysql in file
On Thu, 13 Jan 2005, Amit Gupta wrote:
nas table is used by Freeradius instead of clients.conf .
What is use of community and ports fields in nas table?
community: The snmp community of the access server (if that is supported). In
the future checkrad should use that instead of the naspasswd file
Ok, I have peap working with the users file and with mysql, and I have
radius working with ldap also. But I can not get a user to
authenticate against ldap using peap. I have seen that you cant use
eap and ldap, but peap and ldap should work from what I have read.
Any hints? the debug that I am
Don't you mean that root is the main user?
-rw-r--r-- 1 root radiusd 1346 Oct 5 02:14 certs/demoCA/cacert.pem
//Thomas
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Zoltan
Ori
Sent: den 13 januari 2005 15:08
To:
Is it possible to configure freeradius to run on more than one port?
Regards,
Esteban
-
Obtené tu casilla gratis con 20MB, en: http://www.aconectarse.com
-
List info/subscribe/unsubscribe? See
On Thu, 13 Jan 2005, Costas Christonis wrote:
DD On Wed, 12 Jan 2005, Costas Christonis wrote:
GC Hello,
GC Costas Christonis wrote:
Hi to all,
i'm trying to set the telnet access to my users through radius and ldap
server.
What i did untill now is that everyone tha has the
accounting for request 9
radius_xlat:
'/usr/local/var/log/radius/radacct/192.168.0.127/detail-20050113'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/192.168.0.127/detail-20050113
modcall[accounting]: module detail
AJ Grinnell [EMAIL PROTECTED] wrote:
Ok, I have peap working with the users file and with mysql, and I have
radius working with ldap also. But I can not get a user to
authenticate against ldap using peap.
The server does not authenticate against LDAP for any EAP type. See
my previous
Georg Brandt [EMAIL PROTECTED] wrote:
starting wit radiusd -X the freeRadius say ...rlm_radutmp: No NAS-Port
seen. Cannot do anything
That means that the radutmp file will not be updated.
In RFC 2866 is stated:
...
Either NAS-IP-Address or NAS-Identifier MUST be present in a
On Thu, 13 Jan 2005 10:06:15 -0500, Alan DeKok [EMAIL PROTECTED] wrote:
AJ Grinnell [EMAIL PROTECTED] wrote:
Ok, I have peap working with the users file and with mysql, and I have
radius working with ldap also. But I can not get a user to
authenticate against ldap using peap.
The
Hello,
i want to upgrade from freeradius-0.8.1 to freeradius-1.0.1.
My hints file:
DEFAULT Prefix == t, Strip-User-Name = No
Hint = TUM
It works with freeradius-0.8.1, the username leaves unstripped.
With freeradius-1.0.1 the username is always be stripped, why?
Maybe i made a
now that NetBSD 2.0 has beenout for a short while, I wonder if nayone has
any positive/negatoive experiences wusing it with freeradius?
particularly with regard to the underlying performance improvments of NetBSD
2.0 (arguably over frebsd 4.x). i know its threading is much improved.
tariq
-
I am having the same problem. When you use an EAP type (like PEAP), a
hash of the password is sent to the radius server. The radius server is
able to deal with this if it has the password (such as in a mysql DB or
local file). The password can be hashed and compared with the hash that
was
What is radutmp doing (or not) ?
regards
Georg
Am Thu, 13 Jan 2005 10:07:54 -0500 hat Alan DeKok [EMAIL PROTECTED]
geschrieben:
Georg Brandt [EMAIL PROTECTED] wrote:
starting wit radiusd -X the freeRadius say ...rlm_radutmp: No NAS-Port
seen. Cannot do anything
That means that the radutmp
Hi!
Freeradius modify char # to =23 in all attributes.
In the radacct/detail:
Called-Station-Id = 12378#7095507
In the postgresql.conf:
accounting_stop_query = INSERT INTO ${acct_table} \
(id, calledstationip, calledstationid) \
VALUES \
(DEFAULT,
Thanks, I found my answer in a posting by Alan Dekok
commented out user radiusd and password radiusd
thanks
__
Brian Ertel
Network Administrator
Amherst College
[EMAIL PROTECTED]
413.542.8320
__
-Original Message-
From: [EMAIL PROTECTED]
I checked their website and there was nothing about that server.
Do you happen to know where to download it?
On Tue, 11 Jan 2005 22:04:43 -0500
Janakan Rajendran [EMAIL PROTECTED] wrote:
Try Multi-tech Radius server
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Thanks!
It works perfect.
Mensaje citado por Thomas MARCHESSEAU [EMAIL PROTECTED]:
Hi Esteban
a parts of radiusd.conf
listen {
ipaddr = *
port = 1234
type = auth
}
listen {
ipaddr = *
port =
type = auth
}
-
it works
Thanks!
It works perfect.
Mensaje citado por Thomas MARCHESSEAU [EMAIL PROTECTED]:
Hi Esteban
a parts of radiusd.conf
listen {
ipaddr = *
port = 1234
type = auth
}
listen {
ipaddr = *
port =
type = auth
}
-
it works
I created the certificates with
http://www.freeradius.org/radiusd/doc/rlm_ldap. And I put in my
radiusd.conf the configs below, but I have problems. look my debug in
the radiusd with -x:
---
rad_recv: Access-Request packet
Try Google search for radius200.exe
Cheers Mike
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Martin
Jessa
Sent: 13 January 2005 18:02
To: freeradius-users@lists.freeradius.org
Subject: Re: (no subject)
I checked their website and there was nothing
Is your ldap server listening on that port?
...Can't contact LDAP server...
Does ldapsearch work?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Anderson Alves de Albuquerque
Sent: Thursday, January 13, 2005 12:02 PM
To:
You could still encrypt the passwords in the ldap database it just has
to be
A two way hash so you can get the password in the clear.
Ron.
Ron Wahler
http://www.postive-logic.net
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Christopher Price
Sent:
You could still encrypt the passwords in the ldap database it just has
to be A two way hash so you can get the password in the clear.
Ron.
Ron Wahler
http://www.positive-logic.net
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Christopher Price
Sent:
The is up:
--
# netstat -at|grep ldap
tcp4 0 0 *.ldaps*.*LISTEN
tcp6 0 0 *.ldaps*.*LISTEN
tcp4 0 0 *.ldap *.*LISTEN
In option debug of the LDAP I look this:
---
.
.
.
.
tls_read: want=5, got=5
: 15 03 01 00 02 .
tls_read: want=2, got=2
: 02 30 .0
TLS: can't accept.
TLS:
I don't use slapd, but it looks like your CA isn't known (trusted):
...tlsv1 alert unknown ca
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Anderson Alves de Albuquerque
Sent: Thursday, January 13, 2005 12:32 PM
To: freeradius-users@lists.freeradius.org
Does anyone have an example of radiusd.conf that will show the
following. I know this can be done.
Windows XP client -- 802.1x/PEAP -- Freeradius 1.0.1 -- Active Directory
I have tried many different configs, yet I am still getting an error
with the password. I just need an example, please.
-
Hi,
I have a question about the problem bellow.
If in LDAP (openldap) we provide the ntpassword (with samba), it will
work for authenticate Windows XP users with PEAP + mschapv2 ??
Thanks.
Ron Wahler wrote:
You could still encrypt the passwords in the ldap database it just has
to be A two way
yes
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Israel
Fabio Alves
Sent: Thursday, January 13, 2005 1:19 PM
To: freeradius-users@lists.freeradius.org
Subject: Re: LDAP, PEAP, Active Directory issue
Hi,
I have a question about the problem bellow.
If
Robert Ku [EMAIL PROTECTED] wrote:
Initially,
I tried to test it with a username/password method with MD5
authentication type with:
...
This worked without any problems.
If you can get EAP-MD5 to work, then LEAP will work, too.
I moved on to test with MAC authentication method.
Softerra ldap browser helped with AD structure
Relevant radiusd.conf
mschap {
snip
with_ntdomain_hack = yes
ntlm_auth = /usr/local/samba/bin/ntlm_auth --request-nt-key
--username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=
%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}
I had the same problems.
This is my solutions:
[EMAIL PROTECTED] dialup]# pwd
/var/www/html/dialup
[EMAIL PROTECTED] dialup]# ln -s /usr/local/dialup_admin/htdocs htdocs
[EMAIL PROTECTED] dialup]# ls -l
total 0
lrwxrwxrwx 1 root root 30 Jan 13 21:15 htdocs -
/usr/local/dialup_admin/htdocs
[EMAIL
I created de cacert.pem like
http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html.
I don´t understand what is ...
There is other good paper in the Internet?
On Thu, 13 Jan 2005, Willey Kurt D wrote:
I don't use slapd, but it looks like your CA isn't known (trusted):
Sorry for the question, but do you have a sample radius.conf to publish
for as.
Because a tried configure this, but always a have the error bellow:
PEAP: Got tunneled reply RADIUS code 3
Service-Type = Login-User
MS-CHAP-Error = 8E=691 R=1
EAP-Message = 0x04380004
Point ntlm_auth to your samba install; like:
ntlm_auth = /your/install/location/samba/bin/ntlm_auth --request-nt-key
--username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=
%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}
-Original Message-
From: [EMAIL PROTECTED]
AJ Grinnell [EMAIL PROTECTED] wrote:
Im sorry, I have not seen any replies that you may have given me.
You not only saw, you responded. Please remember the answers you're
given on this list. It helps to avoid repetition.
Georg Brandt [EMAIL PROTECTED] wrote:
What is radutmp doing (or not) ?
Maintains lists of logged-in users. See man utmp, which does the
same thing for normal Unix login users.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Brian Fennimore [EMAIL PROTECTED] wrote:
I'm having a problem with freeradius interpreting special characters
incorrectly. It's translating the UTF-8 to some kind of quoted-printable
form when it prepares the information for accounting.
FreeRADIUS doesn't understand UTF-8, which uis why the
Israel Fabio Alves [EMAIL PROTECTED] wrote:
If in LDAP (openldap) we provide the ntpassword (with samba), it will
work for authenticate Windows XP users with PEAP + mschapv2 ??
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Are you storing the passwords in OpenLDAP or
Active Directory?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Willey
Kurt D
Sent: Thursday, January 13, 2005 12:21 PM
To: freeradius-users@lists.freeradius.org
Subject: RE: LDAP, PEAP, Active Directory
AD
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ron
Wahler
Sent: Thursday, January 13, 2005 4:13 PM
To: freeradius-users@lists.freeradius.org
Subject: RE: LDAP, PEAP, Active Directory issue
Are you storing the passwords in OpenLDAP or
Active
So when you use Samba you can get the password in the clear ? how
Is the mschap hash generated?
Ron.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Willey
Kurt D
Sent: Thursday, January 13, 2005 3:17 PM
To: freeradius-users@lists.freeradius.org
Subject:
Ntlm hashes the password for you
From radius.conf
ntlm_auth = /your/install/location/samba/bin/ntlm_auth --request-nt-key
--username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=
%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}
-Original Message-
From: [EMAIL
From: Martes Wigglesworth [EMAIL PROTECTED]
To: freeradius-list [EMAIL PROTECTED]
Subject: Luscent Portmaster 3
Date: Fri, 14 Jan 2005 02:21:30 +0300
Greetings list.
I have had little luck finding this specific inquiry, on the list
archives. I am researching to start a dialup ISP, and want to
Martes Wigglesworth [EMAIL PROTECTED] wrote:
I have had little luck finding this specific inquiry, on the list
archives. I am researching to start a dialup ISP, and want to use the
luscent portmaster 3 device. I have seen miscellaneous portmaster
listings, however, I don't see that the
Hey Mark,
Mr. DeKok is right on, It is real easy to add vendor-specific
dictionaries, and by the way I was a noobie when I started mine also.
It wasn't that tough to get it working, much to my surprise.
Good luck with your Business, I wish you well
Alan DeKok wrote:
Martes Wigglesworth
On Fri, Jan 14, 2005 at 02:39:00AM +0300, Martes Wigglesworth wrote:
I have had little luck finding this specific inquiry, on the list
archives. I am researching to start a dialup ISP, and want to use the
luscent portmaster 3 device. I have seen miscellaneous portmaster
listings, however, I
Hi,
I could solve my problem by renaming
/lib/tls to /lib/tls.disabled
Our server is user mode Linux based
fedora-2.
Amit Gupta
Mobile: 91-9891062552
Yahoo IM: amitguptainn
MSN IM : amitguptainn
From: Amit Gupta
Sent: Thursday, January 13, 2005
6:00 PM
To:
63 matches
Mail list logo