Am Dienstag, den 26.04.2005, 09:51 -0400 schrieb Alan DeKok:
Stephan Jaeger [EMAIL PROTECTED] wrote:
For testing purposes i replaced the call to rad_waitpid with waitpid.
As soon as the checkradius script is exiting the call returns with -1
and errno set to No child processes.
It's a
Stephan Jaeger [EMAIL PROTECTED] wrote:
I just compiled HEAD but somehow the proxy radius server does not
recognize the replies from the home radius server:
I'm not *too* surprised. I've been working on IPv6 support, which
means lots of little changes throughout the server core. If proxying
Chia-Ming [EMAIL PROTECTED] wrote:
But in Zeroconfig, the status is always in Attempting to authenticate
The following is the Access accept packet, any ideas?
If the server sends an Access-Accept, then any failure to gain
network access is not it's fault. Check the NAS, or the wireless
Mitchell, Michael J [EMAIL PROTECTED] wrote:
I've already done some work to get this working, its pretty much
finished, but I'll try to do finish it off in the next couple of week...
But in the meantime I can provide some patches?
Sure, please put them on bugs.freeradius.org
I think
Sounds great mike.
I understand from what you are saying that this is just not working the way I
thought it would. I look forward to seeing your patches.
I like the sound of alans idea about hunt groups do you think you could give us
your thoughts on this. These features would be used by a lot
Am Mittwoch, den 27.04.2005, 05:39 -0400 schrieb Alan DeKok:
Ignoring request from unknown home server 127.0.0.1 port 1815
Is that the correct IP?
Yes, thats the right one.
Oh well, at least this narrows the scope where the bug can be.
That sounds good ;)
Regards
Stephan Jaeger
Alan DeKok wrote:
Mitchell, Michael J [EMAIL PROTECTED] wrote:
I've already done some work to get this working, its pretty much
finished, but I'll try to do finish it off in the next couple of week...
But in the meantime I can provide some patches?
Sure, please put them on bugs.freeradius.org
alan walters wrote:
Sounds great mike.
I understand from what you are saying that this is just not working the way I thought it would. I look forward to seeing your patches.
OK, how did you think it might work? Always willing to do things a
better way...
cheers,
Mike
-
List
How do I get debug output from radiusd to go to the log file? I can
either get non-debug output logged, or debug output to the terminal,
but not debug to the log.
--
--
Norman PatersonSenior Scientific Officer
School of Computer Science
I agree entirely with the huntgroups ordering.
I was considering simplifying the idea a little.
(1) Have a limited number of hunt groups and have more
Groups in the users file.
(2) for example order your ldapgroup entries my NAS.
And add the priority feature to here.(the only reason that I
On Tue, 2005-04-26 at 18:40 -0400, Alan DeKok wrote:
Ted Kaczmarek [EMAIL PROTECTED] wrote:
Can one pass AUTH from freeradius daemon to kerberos daemon? Both would
be running on same server. Was thinking It could be done using pam
radiusd but no joy.
See raddb/experimental.conf, and
Hello
all.
I'm trying to get
ldap instances working on a per client basis. For example, any
authentication requests coming fromhostexample1should be
authenticated using the ldap example1 instance, and example2 should be auth'd
using the ldap example2 instance. Maybe I've been staring at
Ted Kaczmarek [EMAIL PROTECTED] wrote:
Pardon my ignorance but in experimental.conf I see no mention of
kerberos.
Hmm... dang. It should really be there.
I see this in the module source.
rlm_krb5: Attribute \User-Password\ is required for authentication.
What should this users
Zawacki Jason D Contr AFRL/IFOS wrote:
Hello all.
I'm trying to get ldap instances working on a per client basis. For
example, any authentication requests coming from host example1 should be
authenticated using the ldap example1 instance, and example2 should be
auth'd using the ldap
Yes, I do. Thanks!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael
Mitchell
Sent: Wednesday, April 27, 2005 8:00 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: Client-specific ldap instances.
Zawacki Jason D Contr AFRL/IFOS wrote:
Hello all.
Another problem I'm having - I want to be able to check that a user is in a
group in LDAP. I've been using the users file to do this, and here's what
I've tried:
DEFAULT Ldap-Group == CN=x,OU=y,DC=z,
Auth-Type := LDAP, Fall-Through = No
This setup accepts me
Nevermind, I found how to get this to work. I was assuming that anything in
the Check-Item were all AND'd together when they are on one line. I got it
to work this way:
DEFAULT Ldap-Group != CN=x,OU=y,DC=z, Auth-Type := Reject
DEFAULT Auth-Type := LDAP
-Original Message-
eaptls_process returned 13
Does someone know what it means? I've found a document where the code was
eaptls_process returned 2 and it said the authentication worked well.
Alexander Radkov
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Stephan Jaeger [EMAIL PROTECTED] wrote:
I just compiled HEAD but somehow the proxy radius server does not
recognize the replies from the home radius server:
Fixed.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Richard Arkner [EMAIL PROTECTED] wrote:
How do I get debug output from radiusd to go to the log file? I can
either get non-debug output logged, or debug output to the terminal,
but not debug to the log.
$ radiusd -X radiusd.log
or, set debug_flag = 2 in radiusd.conf, which may work in
Ok. I have it working. Wohoo! Ntlm_auth was killing me for a while,
but I got that straightened out.
Now comes the corner cases. 25% of my users probably didn't follow the
directions we published, and didn't put the domain name in the Microsoft
802.1x client box.
Is there a way to construct
5 more minutes of testing,
I tired
ntlm_auth --request-nt-key --username=%{mschap:User-Name}
--challenge=%{mschap:Challenge} --nt-response=%{mschap:NT-Response}
On a whim, and it worked (removed domain from ntlm_auth)
Sorry for the excess question.
-
List info/subscribe/unsubscribe? See
[EMAIL PROTECTED] wrote:
eaptls_process returned 13
Does someone know what it means? I've found a document where the code was
eaptls_process returned 2 and it said the authentication worked well.
Read the source for the meaning of that number, or the rest of the
debug log to see what is
On 20 Apr 2005 at 12:52, Alan DeKok wrote:
David E. Smith [EMAIL PROTECTED] wrote:
The ip address part isn't being honored, though. Logs are just going to
/usr/radius/var/log/radius/radacct/(logs here).
To my untrained eyes, everything in radiusd.conf, clients.conf (just
a list of a
27 2005 09:00 Sergey Guriev :
Here is one big log of session. Please help me understand what realy wrong.
--
rad_recv: Access-Request packet from host 80.243.64.30:14123, id=138,
length=142
User-Name = [EMAIL PROTECTED]
Framed-MTU = 1400
Called-Station-Id =
I read the FAQ - so apologies if this has been discussed already - but how
do I get Freeradius 1.0 (freeradius-1.0.0-3mdk package) to log bad logins to
the logfile or elsewhere? I previously used Cistron icradius, and it would
log the username and password from a bad login attempt to the
in 'radiusd.conf'
# Log authentication requests to the log file.
#
# allowed values: {no, yes}
#
log_auth = yes
# Log passwords with the authentication requests.
# log_auth_badpass - logs password if it's rejected
# log_auth_goodpass - logs password if it's correct
#
# allowed values: {no,
Hi!
I have a freeradius 0.9.3 with Solaris 8.
I got all the time these error messages:
Thu Apr 28 07:21:55 2005 : Error: rlm_radutmp: Logout entry for NAS
1.1.1.1 port 1610613128 has wrong ID
Thu Apr 28 07:22:05 2005 : Error: rlm_radutmp: Logout entry for NAS
1.1.1.1 port 1610613218 has wrong ID
28 matches
Mail list logo