Try this (i don't know if it is the right way, but it works):
Terminate the outer-user in hints:
DEFAULT Prefix == anonymous, Strip-User-Name = No
Realm = LOCAL
Then the inside-user is proceeded as usal and you don`t
need Auth-Type:= EAP.
regards
Helmut
What should I wite instead of
Im desperately trying to get LDAP attributes sent back to NAS without any
success...
I've add RADIUS-LDAPv3.schema to my LDAP schema, and set radiusClass
attribute for my test user.
I can do successful authentication but the value of this attribute is never
sent back by freeradius to the NAS ...
Hi
Did you uncomment ldap in the authorize and
authenticate section?
Do you really have an access_attr dialupAccess which is
TRUE or FALSE?
hth
peda
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dear All,
Kindly be informed that we are using Freeradius-0.9.3 and Oracle 9i as
DB.
We have many of errors which appear in the log file, some of them cause
the service to stop. The errors can be summarized below:
- Out of memeory
- Info: rlm_sql (sql): There are no DB handles to use! skipped
Please help ...
As per the FAQ, README, various other documents, and many responses to
questions on this list, please run the server in debug mode (radiusd -X)
to see what it is doing, and why it is not doing what you expect. If you
still can't work it out, post the output back to the list and
It's really obvious...
- Info: rlm_sql (sql): There are no DB handles to use! skipped 0, tried
to connect 0.
^^ Increase your DB Handles to a higher value.
- Info: Using deprecated naslist file. Support for this will go away
soon.
^^ I'd suggest fixing and using
As you suggest I have already search on the Web for an answer to my trouble,
anyway there wasn't...
I've also used radiusd -XA to see what was happening and I saw the server
getting the request, bind to the LDAP server to validate password and
sending back accept packet ...
By the way the answer
Benoît Bianchi wrote:
As you suggest I have already search on the Web for an answer to my trouble,
anyway there wasn't...
I never told you to go away and search for the answer yourself... I told
you that if you run the server in DEBUG mode you'll see what it is
doing, and hopefully where the
On Thu, 10 Mar 2005, Nick Bright wrote:
To hop back to this question, updating to the latest CVS made
user_finger.php3 behave quite a bit differently.
Now when I go to that page, I get a listing for every NAS from the
database, but there is no information for the NAS unless there is also
Hi, Thanks for the reply
The version of XP im using is service pack 2.
So,stil need the driver and patches?
Can u point me out the source?
thanks.Zoltan Ori [EMAIL PROTECTED] wrote:
On Sunday 13 March 2005 13:47, chiam kuosiang wrote: When i tried to lauch peap authentication with the windows
On Mon, 14 Mar 2005, [iso-8859-1] Benoît Bianchi wrote:
Im desperately trying to get LDAP attributes sent back to NAS without any
success...
I've add RADIUS-LDAPv3.schema to my LDAP schema, and set radiusClass
attribute for my test user.
I can do successful authentication but the value of
Michael Mitchell [EMAIL PROTECTED] wrote:
Running the server in DEBUG mode is one of the fastest ways of
discovering what processing the server performs on the requests it
receives...
It's also what the developers do. To put it another way:
The people who understand FreeRADIUS best
Title: Locking user accounts
Hi list,
I'm looking for a solution to lock user accounts if more than let's say 3 failed auth requests have been received. The lock should be automatically be reset after a specific time period (15 min or like that). I've been searching with google for a while
TAYLAN KIRAN [EMAIL PROTECTED] wrote:
What should I wite instead of EAP. When I write Local or System it
didnt work.
So... don't do that.
But I need to authenticate users on edirectory via LDAP.
Try the latest CVS snapshot, which has eDirectory support.
Ldap servwer vi have field
no answer... why?
it's in the documentation? I have not found it. Sorry... :-(
the problem is:
for NULL realm freedadius check user locally, if not present, freeradius
proxy request to oldradius. Good!
the accounting-request instead is recorded always locally. Not Good...
I want: If the
Fiederling, Daniel [EMAIL PROTECTED] wrote:
One more general question: how can I extend freeradius with shell
scripts etc.?
See radiusd.conf, look for the 'exec' module.
What config directives do I have to set to run an scripta after a
failed auth?
Run the 'exec' module in the 'Reject'
If you're authorizing via SQL, your LDAP schema shouldn't need
changes.
Alan DeKok.
Alan, thanks for the response!!! But if I'm authorizing through SQL, do
I have to have the users password in the database. I was hoping to use
the db kind of like the users file. I have nas port numbers with
Anyone get mod_aut_Radius runing on Fedora Core 3 without recompliling
Apache.. Seeing as they don't send you the source compile info... Their the
apxs install won't work?
Thanx
Cris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Wow, WTF. I downloaded the latest CVS and _everything_ is all jacked up.
I'm pretty sure I'm not doing something correctly (I don't use CVS
much). . .
I did:
shell cvs
-d:pserver:[EMAIL PROTECTED]:/cvsroot/dialup-admin
login
* When prompted for a password simply press the Enter Key
shell cvs
Ever since using freeradius on our FreeBSD machine, we have had
problems with what appears to be a caching issue with the users
file. For example.
#put on hold for non-payment. 12/7/04
user1 Auth-Type := Reject
#put on hold for non-payment. 12/7/04
user17 Auth-Type :=
I am trying to understand how I can seutp a specific user to allow login to
specific routers. I am using freeradius 1.0.0. I defined the client and
shared secret in the clients.conf file and the user id in the users file with
Service-Type = Shell-User and Cisco-AVPair =shell:Priv-lvl=7. The
On Mon, 14 Mar 2005, Jeff wrote:
Ever since using freeradius on our FreeBSD machine, we have had
problems with what appears to be a caching issue with the users
file. For example.
#put on hold for non-payment. 12/7/04
user1 Auth-Type := Reject
#put on hold for non-payment.
On Mon, 14 Mar 2005, Nick Bright wrote:
Wow, WTF. I downloaded the latest CVS and _everything_ is all jacked up.
I'm pretty sure I'm not doing something correctly (I don't use CVS
much). . .
I did:
shell cvs
-d:pserver:[EMAIL PROTECTED]:/cvsroot/dialup-admin
login
* When prompted for a password
It appears that the issue is with the server not properly being
restarted. I will work on our automated scripts that are supposed to
restart the daemon as it appears they are not. Thank you for the clear
and concise response!
Jeff
On Mon, 14 Mar 2005 17:41:00 -0500 (EST), Dustin Doris
[EMAIL
I've managed to get freeradius 1.0.1 working with EAP-TTLS, PEAP, and
TLS (mostly), but I found that with EAP-TLS, I can use any client
certificate I want, and freeradius will allow the client through.
This presents a major security hole in my configuration, and I can't
seem to figure out how to
Anyone?
*** REPLY SEPARATOR ***
On 9/03/2005 at 10:13 AM Peter Nitschke wrote:
I have an old Freeradius 0.8.1-1 server on RH 7.2 which I wish to upgrade
to 1.02 on Whitebox EL3.1
Freeradius is just being used as a proxy, the setup on 0.8 seems quite
simple, but using similar
On Mon, 2005-03-14 at 16:43, Kostas Kalevras wrote:
On Mon, 14 Mar 2005, Nick Bright wrote:
Wow, WTF. I downloaded the latest CVS and _everything_ is all jacked up.
I'm pretty sure I'm not doing something correctly (I don't use CVS
much). . .
I did:
shell cvs
-d:pserver:[EMAIL
Kostas Kalevras [EMAIL PROTECTED] wrote:
Downloading through cvs is clearly described in
http://www.freeradius.org/development.html#cvs
There's no module dialup_admin and i don't think there's a
/cvsroot/dialup-admin
It's still on sourceforge. But that hasn't been used for
dialup_admin
Peter Nitschke [EMAIL PROTECTED] wrote:
Freeradius is just being used as a proxy, the setup on 0.8 seems quite
simple, but using similar settings with 1.02 it keeps reporting an error
with huntgroups which exists but is the default file.
Don't worry about it. It's a minor nitpick.
Alan
Post radiusd -X
On Tue, 15 Mar 2005, Peter Nitschke wrote:
Anyone?
*** REPLY SEPARATOR ***
On 9/03/2005 at 10:13 AM Peter Nitschke wrote:
I have an old Freeradius 0.8.1-1 server on RH 7.2 which I wish to upgrade
to 1.02 on Whitebox EL3.1
Freeradius is just being used
Mike Chamberlain [EMAIL PROTECTED] wrote:
Thanks for your help with this. One last question: the NAS is sending
through multiple AVPair attributes (I can see they are getting added
by looking at the log file), but I only ever seem to be able to access
the final one added.
I'm not sure why
Hi,
I need help to configure Freeradius to authenticate Windows XP users
with PEAP + MSCHAPV2.
I need authenticate users using the username + password + domain.
There is someone that run this that can help me??
Very thanks,
Israel.
-
List info/subscribe/unsubscribe? See
/radacct/172.22.2.32/pre-proxy-detail-20050314'
rlm_detail:
/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d
expands to
/usr/local/radius/var/log/radius/radacct/172.22.2.32/pre-proxy-detail-20050314
modcall[pre-proxy]: module pre_proxy_log returns ok
Rejecting request 86445 due to lack of any response from
home server
What could be causing this, tell me what to post and I will,
I just didnt want to spam the list with all my confs and radiusd X,
though Ive looked through debug and nothing makes sense as to what is
causing this.
It appears that your RADIUS server is proxying the
request to a "home" server, which hasn't responded... is this what you're
intending?
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Anson
RinesmithSent: Tuesday, 15 March 2005 2:30 PMTo:
These are coming from my central proxy
server. But all tests using utilities built into the APX-8000 and ntRadTest all
go through successfully to their respective servers and return with the correct
Reply.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
I tried using my own hand-generated SSL certs, as well as a set
generated by the certs.sh script, and get the same type of problem.
Question: if the CA_file certificate contains a private key, would
this cause my problem? I don't think it has one, but can't say with
certainty until I get in to
37 matches
Mail list logo
