good morning
i hope you can resolve my problem
peap works without ldap but when i use ldap whith peap, it doesn' work!!
in the file users for peap (when i don't use ldap)
robert Auth-Type:=EAP, User-Password =="azertyui"
in the file users i replace this line by
robert Auth-Type:=LDAP
because i
Hi list,
that's my problem: I've been authenticating against an Active
Directory Server with just one domain correctly. But now I should
authenticate user of differents domains which are included in a group
of the Active Directory. The users are from differents domains, some
of them belong
Good morningWhat is the difference between authorize and authenticate
because if authorize don't return ok but authenticate returns ok, eap-tls or peap can work!
it is normal
when the module "authorize" don't return ok, is it possible to don't validate the users as "login ok: [client/no user
Hello,
I'm back with a very strange problem :
it's not a problem of configuration because I arrive to authenticate
users sometimes !
I use the native client 802.1X of win XP and one time, freeradius will
authenticate the user directly (by asking active directory) and
another time,
Hi,
I'm using EAP-TLS machine certificates for authentication and VLAN-determination
against freeradius 1.0.2 over HP 2524 Cisco 2950 as authenticator. When
connecting XP-Clients with machine certificates installed it takes up to 60sec
or so till authentication starts. The delay with 2000SP4 is
okey, copied the same script file to the RADIUS server's box..the same
problem occured:
Error: Exec-Program: FAILED to execute
Does someone have working setup similar to mine using Exec-Program
attribute?
DB_server--RADIUS_server--NAS
Edgars
Alan DeKok wrote:
Edgars [EMAIL PROTECTED]
On Fri, 6 May 2005, Alan DeKok wrote:
Babar Shafiq [EMAIL PROTECTED] wrote:
I know i can see the reject cause while running in debug mode but I
want to store the reject causes in database or logs it. so it will
be helpful in future for support people,customer support etc, so
they can inform users
Hello,
I am trying to register Cisco SIP nas using MySql db.
But i could not. The cisco log is syaing:
SecurityDenial
Here is the format our cisco AccessRequest :
Mon May 09 12:01:21 2005, (204+538ae76f-150) ,Sent
xxx.xxx.xxx.xxx:1812Radius
AccessRequest {
session id = 99
I'm trying to use postgresql to store my radius data. I have most of it
working except for a stored procedure to return the static
routing/addressing information for a login. It tries to work but I don't
get the correct output in radtest.
select * from generate_radreply('[EMAIL PROTECTED]');
Dear sir,
(B
(BI am constructing a wireles LAN system for office usage.
(BIn the system, I want to make availabe two types of access, one for guests
(Band another for staffs.
(BTo provide two types of access, I use APs which can treat multiple
(Bcombination of ESSID
(Band tagged-VLAN.
Hi Edgars,
I use the Exec-Program attribute in my /etc/raddb/acct_users for extra
features
DEFAULT Acct-Status-Type == Start
Exec-Program = /bin/bash /usr/local/scripts/radius/radius.sh
hope this helps
Edgars wrote:
okey, copied the same script file to the RADIUS server's box..the same
problem
Hi,
is it possible to have a username passed to the Exec-Program script on
Accounting-Update packets?
Regards,
Edvin Seferovic
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jandre
Olivier
Sent: Montag, 09. Mai 2005 15:25
To:
Hi list,
that's my problem: I've been authenticating against an Active
Directory Server with just one domain correctly. But now I should
authenticate user of differents domains which are included in a group
of the Active Directory. The users are from differents domains, some
of them belong
On Sat, 7 May 2005, Nizar Shana'ah wrote:
Hello all,
I have two freeRADIUS Server, the second one is used for redundancy,
how can i distribute the IP pools and have full redundancy, I am
afraid of the conflicts that this may cause, I dont want them leasing
the same IP to multiple clients when
Hello,
i'm realy happy my rlm_sqlcounter now run as i hope :-) but now i
have 3 another case, i have three model voucher. 1st for 4 hours and
the voucher valid for 2 days, 2nd 8 hours, valid for four days, last
is one day, valid for 24 hours, so when the user log in, *maybe* the
radius
I have two groups of users adsl-1 accessing the network trough
hunt-adsl-1 huntgroup and adsl-2 accessing the network trough
hunt-adsl-2 huntgroup. Need to block adsl-2 users going trough
hunt-adsl-1 huntgroup. I have this in the users file:
DEFAULT Ldap-Group == disabled, Auth-Type := Reject
Hm... maybe you should set the SQL statements in your sqlcounter.conf file
that can be usually found in /etc/raddb or /usr/local/etc/raddb depending on
distribution...
You can define the different counters for your vouchers that will count time
or traffic by defining them in the file I
dssd dsfdsfdsf wrote:
good morning
i hope you can resolve my problem
peap works without ldap but when i use ldap whith peap, it doesn' work!!
in the file users for peap (when i don't use ldap)
robert Auth-Type:=EAP, User-Password ==azertyui
in the file users i replace this line by
robert
Dave,
Not sure if I'll be much help on this one, but I'll do my best.
In my radgroupreply I have Auth-Type := Local
I don't know if that will fix it or not.
Also, I think freeradius had a file sql.conf that had to have stuff
uncommented
to get it to record certain info. Yours should be
If you enable log_auth you will get an auth_detail... file that has the
requests from the adsl-1 and adls-2 that you could use with radclient to
verify that it will do what you want.
make a backup of all files you were going to change.
make changes.
(like the old radiusd -X -p 1645)
Modify
Hello,
Is there a way that I could add a new attribute if I receive a specific
attribute from a proxy radius.
For example:
Proxy radius sends a packet which contains an idle-timeout of 30s.
However based on this condition I want to send a session-timeout of 180s. (
There is a
E L [EMAIL PROTECTED] wrote:
I need to make sure that this configuration works before I go online. I
apreciate any help.
Set up a test server, and run it in debugging mode.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Paul Seaman [EMAIL PROTECTED] wrote:
Hey, I'm trying to compile 1.0.2, and I get the following errors (snipped at
the end for brevity) - it seems to be related to EAP, is the simple way to
fix this or maybe an easy way to tell it I'm not interested in the EAP
module?
Delete the rlm_eap
Sarkis Gabriel [EMAIL PROTECTED] wrote:
I have just checked out 1.0.2 and found out RadZap does not work i
even did what was said to copy the radzap.c from CVS to 1.0.2 and
compile it, but still no Joy with radzap and i do rely on that on a
daily bases.
You couldn't have copied radzap.c
Abdul Lateef [EMAIL PROTECTED] wrote:
xpgk-sip-auth4=b493b44cd7875041c11b92e638f74b2d
But the Radius is not responding for this request and
the log apearing
SecurityDenial null
Posting the same message multiple times, and ignoring a previous
answer is rude.
Go ask your NAS vendor what
Sylvain Clerc [EMAIL PROTECTED] wrote:
I use the native client 802.1X of win XP and one time, freeradius will
authenticate the user directly (by asking active directory) and
another time, freeradius won't stop to send an Access-Challenge just
after the first Access-Request
FreeRADIUS does
Dave Weis [EMAIL PROTECTED] wrote:
The other reply items come from radgroupreply. When I run radiusd -X I see
this in the logs:
modcall[post-auth]: module sql returns ok for request 0
modcall: group post-auth returns ok for request 0
Sending Access-Accept of id 59 to 127.0.0.1:57298
YAMAWAKI Hisashi [EMAIL PROTECTED] wrote:
To distinguish guest's access and staff's access on the system, I want to
use following users file,
but don't work.
See the FAQ for problems like it doesn't work
My questions are 1) combination of PEAP/MSCHAPv2 and Called-Station-Id is
allowed
Alan DeKok wrote:
Dave Weis [EMAIL PROTECTED] wrote:
The other reply items come from radgroupreply. When I run radiusd -X I see
this in the logs:
modcall[post-auth]: module sql returns ok for request 0
modcall: group post-auth returns ok for request 0
Sending Access-Accept of id 59 to
I've installed freeradius-1.0.1-1.RHEL3 and have recently
configured an RHAS 3.0 server as a radius client.
I've configured the client server so ssh login requests will go authenticate
to a RADIUS server.
Is there a configuration file I can edit so that my client will send the
correct NAS name
Sorry i meant radzap and radwho.c, i copied them both and did ./configure
--with-
experimental-modules and then make but i noticed it broke during the make
process and
that is what i got during the weekend.
/usr/include/bits/socket.h:275: parse error before '' token
In file included from
Dave Weis [EMAIL PROTECTED] wrote:
which is what I used for the layout. It looks the same in db_mysql.sql also.
Is it position sensitive or does it use column names?
Hmm... The queries in SQL.conf select id, username, attribute,
value, op. So it should work, unless you edited the queries.
[EMAIL PROTECTED] wrote:
I've installed freeradius-1.0.1-1.RHEL3 and have recently
configured an RHAS 3.0 server as a radius client.
Using... what as a radius client?
Is there a configuration file I can edit so that my client will send the
correct NAS name (client hostname) instead of the
Sarkis Gabriel [EMAIL PROTECTED] wrote:
Sorry i meant radzap and radwho.c, i copied them both and did ./configure
--with-
experimental-modules and then make but i noticed it broke during the make
process and
that is what i got during the weekend.
shrug Try grabbing a copy of the
Sarkis Gabriel [EMAIL PROTECTED] wrote:
just to confirm is it this cvs command
cvs -d :pserver:[EMAIL PROTECTED]:/source checkout -j release_1_0 radiusd
No.
that is the one i got and i tried to compile it from scratch but it fails on
./configure
I hate playing twenty questions.
This one has me curious.
Do I have a config error? If so where?
When I use radtest I get an the following.
[EMAIL PROTECTED] doc]# radtest fred wilma localhost:1812 17 testing123
Sending Access-Request of id 64 to 127.0.0.1:1812
User-Name = fred
User-Password = wilma
Sorry for the confusion.
Using... what as a radius client?
The client is a RedHat AS 3.0 box with
freeradius-1.0.1-1.RHEL3 installed.
When users attempt to ssh to the Redhat
client it authenticates to a different
RADIUS server. The RADIUS client is sending
an
To be honest i have spent a lot of time working out cvs and i do not know how
to check
for the version on cvs the only thing i found in the archive about cvs and
1.0.3 is the
one below posted few days back and pointing out that it is the current
candidate for
the official 1.0.3 and it is
Alan DeKok [EMAIL PROTECTED] said:
Dave Weis [EMAIL PROTECTED] wrote:
which is what I used for the layout. It looks the same in db_mysql.sql
also.
Is it position sensitive or does it use column names?
Hmm... The queries in SQL.conf select id, username, attribute,
value, op. So it
Sarkis Gabriel [EMAIL PROTECTED] wrote:
To be honest i have spent a lot of time working out cvs and i do not
know how to check for the version on cvs the only thing i found in
the archive about cvs and 1.0.3 is the one below posted few days
back and pointing out that it is the current
[EMAIL PROTECTED] wrote:
The client is a RedHat AS 3.0 box with
freeradius-1.0.1-1.RHEL3 installed.
You said that already. Did you think no one read it?
When users attempt to ssh to the Redhat
client it authenticates to a different
RADIUS server.
John Fergusson [EMAIL PROTECTED] wrote:
Do I have a config error? If so where?
Nope. The Ascend binary attributes are *not* text. Therefore, when
they're read from a DB and put into a RADIUS attribute, they may not
print in debug mode as exactly the same string as you put in the DB.
If I
once more.
The CVS command i used was the one advising someone else to use and i got
radiusd,
copied the files and got a compile error when it got to radwho.c
I recently downloaded the snapshot - freeradius-snapshot-20050509.tar.gz - and
compiled
it, bearing in mind the version which is still
Sarkis Gabriel [EMAIL PROTECTED] wrote:
The CVS command i used was the one advising someone else to use and
i got radiusd, copied the files and got a compile error when it got
to radwho.c
If you grab the 1.0.x candidate from CVS, you don't have to copy
over radwho.c. The previous messages
What are you using as a RADIUS client?
I'm using pam_radius-1.3.16 as my radius client
package.
Sorry for the previous confusion on my part.
Yes I know I said that already too ;)
Hello,
I´ve installed and compiled freeradius on my Linux ubuntu Warty Warthog
4.10 everything went Ok. I run freeradius on debug mode (radiusd -X) ant
it seems to work fine:
[EMAIL PROTECTED]:/home/maxo # radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
when you set up the client in the clients.conf
did you put all the client info inside {} ?
client ip {
secret = nosecret
shortname = mycomputer
}
it didn't look that way in the message, but that may have just been for
ease of writing...
--
Terry J Fike Jr
System Administrator
MTA Solutions
[EMAIL PROTECTED] wrote:
I'm using pam_radius-1.3.16 as my radius client
package.
Then it should add a NAS-IP-Address attribute, with the IP address
of the host. If it doesn't, then it can't find the address of the
host.
The only way to work around that is to edit the source.
Alan
Software Development Group [EMAIL PROTECTED] wrote:
Ignoring request from unknown client 172.18.21.100:10005
...
I added a line in the clients.conf file with the details of the ISS:
client 192.10.25.100 (ISS's IP address)
That isn't the same IP address that the server sees.
Alan DeKok.
Okie i got the CVS once more, i think the way i got it the first time was wrong
hence i
got the ./configure error.
I noticed that i was talking about another email in the archive and not the one
originated from you, now i got the cvs and compiled it tomorrow when my brain
is
functioning
Hi all,
I'm having trouble at authentication using radius and digest. Look at
radius output. The rare thing is that some phones get registered nicely,
but others no. The ones who get registered are X-Lite softphones and
grandstream. The ones that not, are the ATAs from voip solutions,
MTA-V102.
Lucas Aimaretto [EMAIL PROTECTED] wrote:
I'm having trouble at authentication using radius and digest. Look at
radius output. The rare thing is that some phones get registered nicely,
but others no. The ones who get registered are X-Lite softphones and
grandstream. The ones that not, are the
Title: ntlm_auth not working
Hello all,
I seem to have a problem getting freeradius to authenticate users from Active Directory. I have installed and configured Samba and have added the server to the NT domain. I can use: net ads info, wbinfo -g, wbinfo -u successfully. I have modified the
ntlm_auth is really only useful for people who must do an MSCHAP
authentication against a Windows domain. If you are doing a straight
User-Password authentication (as you show below in your example), then
it might be just as well to set up LDAP authentication against AD as
that will work in
Hello,
I am facing the same problem. My case is all H.323 IP
Phones are able to registered successfully. But I have
problem only with SIP IP Phones, which cannot be
registered.
I searched in the mailing list and i found that Digest
type of authuntication can solve the problem. i did
the
55 matches
Mail list logo