peap - works but peap + ldap -doesn't works

good morning i hope you can resolve my problem peap works without ldap but when i use ldap whith peap, it doesn' work!! in the file users for peap (when i don't use ldap) robert Auth-Type:=EAP, User-Password =="azertyui" in the file users i replace this line by robert Auth-Type:=LDAP because i

Authorizating nt-domain users of an Active Directory Group

Hi list, that's my problem: I've been authenticating against an Active Directory Server with just one domain correctly. But now I should authenticate user of differents domains which are included in a group of the Active Directory. The users are from differents domains, some of them belong

difference between authorize and authenticate

Good morningWhat is the difference between authorize and authenticate because if authorize don't return ok but authenticate returns ok, eap-tls or peap can work! it is normal when the module "authorize" don't return ok, is it possible to don't validate the users as "login ok: [client/no user

Strange problem authentication

Hello, I'm back with a very strange problem : it's not a problem of configuration because I arrive to authenticate users sometimes ! I use the native client 802.1X of win XP and one time, freeradius will authenticate the user directly (by asking active directory) and another time,

EAPOL with WinXP SP2 - long delay till Authentication starts off

Hi, I'm using EAP-TLS machine certificates for authentication and VLAN-determination against freeradius 1.0.2 over HP 2524 Cisco 2950 as authenticator. When connecting XP-Clients with machine certificates installed it takes up to 60sec or so till authentication starts. The delay with 2000SP4 is

Re: strange Exec-Program problem

okey, copied the same script file to the RADIUS server's box..the same problem occured: Error: Exec-Program: FAILED to execute Does someone have working setup similar to mine using Exec-Program attribute? DB_server--RADIUS_server--NAS Edgars Alan DeKok wrote: Edgars [EMAIL PROTECTED]

Re: (no subject)

On Fri, 6 May 2005, Alan DeKok wrote: Babar Shafiq [EMAIL PROTECTED] wrote: I know i can see the reject cause while running in debug mode but I want to store the reject causes in database or logs it. so it will be helpful in future for support people,customer support etc, so they can inform users

Cisco SIP Authuntication

Hello, I am trying to register Cisco SIP nas using MySql db. But i could not. The cisco log is syaing: SecurityDenial Here is the format our cisco AccessRequest : Mon May 09 12:01:21 2005, (204+538ae76f-150) ,Sent xxx.xxx.xxx.xxx:1812Radius AccessRequest { session id = 99

postgresql problem/question

I'm trying to use postgresql to store my radius data. I have most of it working except for a stored procedure to return the static routing/addressing information for a login. It tries to work but I don't get the correct output in radtest. select * from generate_radreply('[EMAIL PROTECTED]');

Usage of PEAP/MSCHAPv2 and Called-Station-Id in wireless LAN.

Dear sir, (B (BI am constructing a wireles LAN system for office usage. (BIn the system, I want to make availabe two types of access, one for guests (Band another for staffs. (BTo provide two types of access, I use APs which can treat multiple (Bcombination of ESSID (Band tagged-VLAN.

Re: strange Exec-Program problem

Hi Edgars, I use the Exec-Program attribute in my /etc/raddb/acct_users for extra features DEFAULT Acct-Status-Type == Start Exec-Program = /bin/bash /usr/local/scripts/radius/radius.sh hope this helps Edgars wrote: okey, copied the same script file to the RADIUS server's box..the same problem

RE: strange Exec-Program problem

Hi, is it possible to have a username passed to the Exec-Program script on Accounting-Update packets? Regards, Edvin Seferovic -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jandre Olivier Sent: Montag, 09. Mai 2005 15:25 To:

Authorizating nt-domain users of an Active Directory Group

Hi list, that's my problem: I've been authenticating against an Active Directory Server with just one domain correctly. But now I should authenticate user of differents domains which are included in a group of the Active Directory. The users are from differents domains, some of them belong

Re: IP Pools distributed on multiple FreeRADIUS Servers

On Sat, 7 May 2005, Nizar Shana'ah wrote: Hello all, I have two freeRADIUS Server, the second one is used for redundancy, how can i distribute the IP pools and have full redundancy, I am afraid of the conflicts that this may cause, I dont want them leasing the same IP to multiple clients when

daily limit

Hello, i'm realy happy my rlm_sqlcounter now run as i hope :-) but now i have 3 another case, i have three model voucher. 1st for 4 hours and the voucher valid for 2 days, 2nd 8 hours, valid for four days, last is one day, valid for 24 hours, so when the user log in, *maybe* the radius

Need to restrict group of users

I have two groups of users adsl-1 accessing the network trough hunt-adsl-1 huntgroup and adsl-2 accessing the network trough hunt-adsl-2 huntgroup. Need to block adsl-2 users going trough hunt-adsl-1 huntgroup. I have this in the users file: DEFAULT Ldap-Group == disabled, Auth-Type := Reject

RE: daily limit

Hm... maybe you should set the SQL statements in your sqlcounter.conf file that can be usually found in /etc/raddb or /usr/local/etc/raddb depending on distribution... You can define the different counters for your vouchers that will count time or traffic by defining them in the file I

Re: peap - works but peap + ldap -doesn't works

dssd dsfdsfdsf wrote: good morning i hope you can resolve my problem peap works without ldap but when i use ldap whith peap, it doesn' work!! in the file users for peap (when i don't use ldap) robert Auth-Type:=EAP, User-Password ==azertyui in the file users i replace this line by robert

Re: postgresql problem/question

Dave, Not sure if I'll be much help on this one, but I'll do my best. In my radgroupreply I have Auth-Type := Local I don't know if that will fix it or not. Also, I think freeradius had a file sql.conf that had to have stuff uncommented to get it to record certain info. Yours should be

Re: Need to restrict group of users

If you enable log_auth you will get an auth_detail... file that has the requests from the adsl-1 and adls-2 that you could use with radclient to verify that it will do what you want. make a backup of all files you were going to change. make changes. (like the old radiusd -X -p 1645) Modify

Post-Proxy attr_rewrite based on an if condition

Hello, Is there a way that I could add a new attribute if I receive a specific attribute from a proxy radius. For example: Proxy radius sends a packet which contains an idle-timeout of 30s. However based on this condition I want to send a session-timeout of 180s. ( There is a

Re: Need to restrict group of users

E L [EMAIL PROTECTED] wrote: I need to make sure that this configuration works before I go online. I apreciate any help. Set up a test server, and run it in debugging mode. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problems with 1.0.2

Paul Seaman [EMAIL PROTECTED] wrote: Hey, I'm trying to compile 1.0.2, and I get the following errors (snipped at the end for brevity) - it seems to be related to EAP, is the simple way to fix this or maybe an easy way to tell it I'm not interested in the EAP module? Delete the rlm_eap

Re: RadZap

Sarkis Gabriel [EMAIL PROTECTED] wrote: I have just checked out 1.0.2 and found out RadZap does not work i even did what was said to copy the radzap.c from CVS to 1.0.2 and compile it, but still no Joy with radzap and i do rely on that on a daily bases. You couldn't have copied radzap.c

Re: Cisco SIP auth problem

Abdul Lateef [EMAIL PROTECTED] wrote: xpgk-sip-auth4=b493b44cd7875041c11b92e638f74b2d But the Radius is not responding for this request and the log apearing SecurityDenial null Posting the same message multiple times, and ignoring a previous answer is rude. Go ask your NAS vendor what

Re: Strange problem authentication

Sylvain Clerc [EMAIL PROTECTED] wrote: I use the native client 802.1X of win XP and one time, freeradius will authenticate the user directly (by asking active directory) and another time, freeradius won't stop to send an Access-Challenge just after the first Access-Request FreeRADIUS does

Re: postgresql problem/question

Dave Weis [EMAIL PROTECTED] wrote: The other reply items come from radgroupreply. When I run radiusd -X I see this in the logs: modcall[post-auth]: module sql returns ok for request 0 modcall: group post-auth returns ok for request 0 Sending Access-Accept of id 59 to 127.0.0.1:57298

Re: Usage of PEAP/MSCHAPv2 and Called-Station-Id in wireless LAN.

YAMAWAKI Hisashi [EMAIL PROTECTED] wrote: To distinguish guest's access and staff's access on the system, I want to use following users file, but don't work. See the FAQ for problems like it doesn't work My questions are 1) combination of PEAP/MSCHAPv2 and Called-Station-Id is allowed

Re: postgresql problem/question

Alan DeKok wrote: Dave Weis [EMAIL PROTECTED] wrote: The other reply items come from radgroupreply. When I run radiusd -X I see this in the logs: modcall[post-auth]: module sql returns ok for request 0 modcall: group post-auth returns ok for request 0 Sending Access-Accept of id 59 to

Incorrect NAS Name Being Sent By Client

I've installed freeradius-1.0.1-1.RHEL3 and have recently configured an RHAS 3.0 server as a radius client. I've configured the client server so ssh login requests will go authenticate to a RADIUS server. Is there a configuration file I can edit so that my client will send the correct NAS name

Re: RadZap

Sorry i meant radzap and radwho.c, i copied them both and did ./configure --with- experimental-modules and then make but i noticed it broke during the make process and that is what i got during the weekend. /usr/include/bits/socket.h:275: parse error before '' token In file included from

Re: postgresql problem/question

Dave Weis [EMAIL PROTECTED] wrote: which is what I used for the layout. It looks the same in db_mysql.sql also. Is it position sensitive or does it use column names? Hmm... The queries in SQL.conf select id, username, attribute, value, op. So it should work, unless you edited the queries.

Re: Incorrect NAS Name Being Sent By Client

[EMAIL PROTECTED] wrote: I've installed freeradius-1.0.1-1.RHEL3 and have recently configured an RHAS 3.0 server as a radius client. Using... what as a radius client? Is there a configuration file I can edit so that my client will send the correct NAS name (client hostname) instead of the

Re: RadZap

Sarkis Gabriel [EMAIL PROTECTED] wrote: Sorry i meant radzap and radwho.c, i copied them both and did ./configure --with- experimental-modules and then make but i noticed it broke during the make process and that is what i got during the weekend. shrug Try grabbing a copy of the

Re: RadZap

Sarkis Gabriel [EMAIL PROTECTED] wrote: just to confirm is it this cvs command cvs -d :pserver:[EMAIL PROTECTED]:/source checkout -j release_1_0 radiusd No. that is the one i got and i tried to compile it from scratch but it fails on ./configure I hate playing twenty questions.

0 being added to every second line of asscend data filter

This one has me curious. Do I have a config error? If so where? When I use radtest I get an the following. [EMAIL PROTECTED] doc]# radtest fred wilma localhost:1812 17 testing123 Sending Access-Request of id 64 to 127.0.0.1:1812 User-Name = fred User-Password = wilma

Re: Incorrect NAS Name Being Sent By Client

Sorry for the confusion. Using... what as a radius client? The client is a RedHat AS 3.0 box with freeradius-1.0.1-1.RHEL3 installed. When users attempt to ssh to the Redhat client it authenticates to a different RADIUS server. The RADIUS client is sending an

Re: RadZap

To be honest i have spent a lot of time working out cvs and i do not know how to check for the version on cvs the only thing i found in the archive about cvs and 1.0.3 is the one below posted few days back and pointing out that it is the current candidate for the official 1.0.3 and it is

Re: postgresql problem/question

Alan DeKok [EMAIL PROTECTED] said: Dave Weis [EMAIL PROTECTED] wrote: which is what I used for the layout. It looks the same in db_mysql.sql also. Is it position sensitive or does it use column names? Hmm... The queries in SQL.conf select id, username, attribute, value, op. So it

Re: RadZap

Sarkis Gabriel [EMAIL PROTECTED] wrote: To be honest i have spent a lot of time working out cvs and i do not know how to check for the version on cvs the only thing i found in the archive about cvs and 1.0.3 is the one below posted few days back and pointing out that it is the current

Re: Incorrect NAS Name Being Sent By Client

[EMAIL PROTECTED] wrote: The client is a RedHat AS 3.0 box with freeradius-1.0.1-1.RHEL3 installed. You said that already. Did you think no one read it? When users attempt to ssh to the Redhat client it authenticates to a different RADIUS server.

Re: 0 being added to every second line of asscend data filter

John Fergusson [EMAIL PROTECTED] wrote: Do I have a config error? If so where? Nope. The Ascend binary attributes are *not* text. Therefore, when they're read from a DB and put into a RADIUS attribute, they may not print in debug mode as exactly the same string as you put in the DB. If I

Re: RadZap

once more. The CVS command i used was the one advising someone else to use and i got radiusd, copied the files and got a compile error when it got to radwho.c I recently downloaded the snapshot - freeradius-snapshot-20050509.tar.gz - and compiled it, bearing in mind the version which is still

Re: RadZap

Sarkis Gabriel [EMAIL PROTECTED] wrote: The CVS command i used was the one advising someone else to use and i got radiusd, copied the files and got a compile error when it got to radwho.c If you grab the 1.0.x candidate from CVS, you don't have to copy over radwho.c. The previous messages

Re: Incorrect NAS Name Being Sent By Client

What are you using as a RADIUS client? I'm using pam_radius-1.3.16 as my radius client package. Sorry for the previous confusion on my part. Yes I know I said that already too ;)

Freeradius install problem

Hello, I´ve installed and compiled freeradius on my Linux ubuntu Warty Warthog 4.10 everything went Ok. I run freeradius on debug mode (radiusd -X) ant it seems to work fine: [EMAIL PROTECTED]:/home/maxo # radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf

Re: Freeradius install problem

when you set up the client in the clients.conf did you put all the client info inside {} ? client ip { secret = nosecret shortname = mycomputer } it didn't look that way in the message, but that may have just been for ease of writing... -- Terry J Fike Jr System Administrator MTA Solutions

Re: Incorrect NAS Name Being Sent By Client

[EMAIL PROTECTED] wrote: I'm using pam_radius-1.3.16 as my radius client package. Then it should add a NAS-IP-Address attribute, with the IP address of the host. If it doesn't, then it can't find the address of the host. The only way to work around that is to edit the source. Alan

Re: Freeradius install problem

Software Development Group [EMAIL PROTECTED] wrote: Ignoring request from unknown client 172.18.21.100:10005 ... I added a line in the clients.conf file with the details of the ISS: client 192.10.25.100 (ISS's IP address) That isn't the same IP address that the server sees. Alan DeKok.

Re: RadZap

Okie i got the CVS once more, i think the way i got it the first time was wrong hence i got the ./configure error. I noticed that i was talking about another email in the archive and not the one originated from you, now i got the cvs and compiled it tomorrow when my brain is functioning

problems with digest and ser

Hi all, I'm having trouble at authentication using radius and digest. Look at radius output. The rare thing is that some phones get registered nicely, but others no. The ones who get registered are X-Lite softphones and grandstream. The ones that not, are the ATAs from voip solutions, MTA-V102.

Re: problems with digest and ser

Lucas Aimaretto [EMAIL PROTECTED] wrote: I'm having trouble at authentication using radius and digest. Look at radius output. The rare thing is that some phones get registered nicely, but others no. The ones who get registered are X-Lite softphones and grandstream. The ones that not, are the

ntlm_auth not working

Title: ntlm_auth not working Hello all, I seem to have a problem getting freeradius to authenticate users from Active Directory. I have installed and configured Samba and have added the server to the NT domain. I can use: net ads info, wbinfo -g, wbinfo -u successfully. I have modified the

Re: ntlm_auth not working

ntlm_auth is really only useful for people who must do an MSCHAP authentication against a Windows domain. If you are doing a straight User-Password authentication (as you show below in your example), then it might be just as well to set up LDAP authentication against AD as that will work in

Re: problems with digest and ser

Hello, I am facing the same problem. My case is all H.323 IP Phones are able to registered successfully. But I have problem only with SIP IP Phones, which cannot be registered. I searched in the mailing list and i found that Digest type of authuntication can solve the problem. i did the