Ben,
You're easiest option is probably eapol_test from wpa_supplicant.
josh.
Ben Walding wrote:
Has anyone ever tried (or succeeded) in getting the radeapclient to work
with an EAP-TLS configured FreeRADIUS server?
We have two requirements at hand:
1) Load testing the RADIUS servers (two
Hello all !
I've just setup a radius server and it's working very good. thanks...god
I have a question : can I assign an IP Pool to a user ? .Of course, I can do
that by ACS server ,
but I have a lot users , and I want to set some policy for users...
thanks and best regard
Stefan A. wrote:
How may I advice freeradius, to bind to two IP addresses?
I tried the Listen option and the bind_address by separating my ip addresses
with an whitespace, a colon or a semicolon...
Delete bind_address and port from radiusd.conf, and use multiple
listen {} stanzas for each IP
hi Alan
context: on a Fedora Core 3 system (linux 2.6.9) I configured n=5
but FR would not start but one instance. also in the radiusd -X there
is no notice of thread-pool config being read.
FC4 uses a newer Linux kernel, which *correctly* shows only one
process via ps, even when
Hi All.
I'm currently setting up freeeradius 1.0.4 with pgsql (8.0.3) backend,
and I need to run an SQL query on radius server startup. Id like to know
is it possible at all ? I've read the docs and *.sql config files but
haven't found anything like this. Any suggestions ?
I know I can run a
I am trying to create a new checkItem using an attribute stored in LDAP.
I would like radius to check ldap to see if the attribute exists for a
user and if it does, not assign a radiusPoolName. I have a
radiusSNSEnable attribute setup in ldap and in the dictionary files as a
check item.
I
hi
we have a Wifi 802.1X network with both TTLS and PEAP users (TTLS/PAP
mostly for non-windows machines, PEAP/MSCHAPv2 for windows machines).
(we also have TLS users, but that's out of scope).
both work like a charm. however, we'd like to prevent PEAP accounts to
log in with TTLS and
dinhan [EMAIL PROTECTED] wrote:
I've just setup a radius server and it's working very good. thanks...god
I have a question : can I assign an IP Pool to a user ?
Yes. See radiusd.conf.
but I have a lot users , and I want to set some policy for users...
You can do that, too.
Alan
Artur Hecker [EMAIL PROTECTED] wrote:
ok, no i meant the daemon mode. sorry, my comment was a bit misleading.
it's just that i would expect FR to show every configuration token it
has read. and thread pool seems to be ignored in the debug.
It prints out the configuration it *uses*. It
Joe H [EMAIL PROTECTED] wrote:
Correct me if I'm wrong but that should mean, if the SNS-Enable attribute
does not equal 1, assign the USR-Framed_IP_Address_Pool_Name and
Idle-Timeout. I have SNS-Enable as a checkItem mapped to radiusSNSEnable
in the ldap.attrmap.
That should be OK.
Hello,
I'm attempting to use a FreeRadius server for authentication of wireless
using 802.1x. I would also like to use a SQL database for
authorization. I've done some limited testing without success. It
looks like the authorization method also is the authentication method,
for example if I
Artur Hecker schrieb:
we naively try to specify EAP-Type == PEAP for user_peap
and == TTLS for
user_ttls but that breaks both methods (which seems
normal since this
EAP-Type definition is not correct for the internal EAP
method which
however uses the same user name).
Why not almost
Jason Carr [EMAIL PROTECTED] wrote:
I'm attempting to use a FreeRadius server for authentication of wireless
using 802.1x. I would also like to use a SQL database for
authorization. I've done some limited testing without success. It
looks like the authorization method also is the
hi
[EMAIL PROTECTED] wrote:
we naively try to specify EAP-Type == PEAP for user_peap
and == TTLS for
user_ttls but that breaks both methods (which seems
normal since this
EAP-Type definition is not correct for the internal EAP
method which
however uses the same user name).
Why not almost
hi Alan
ok, no i meant the daemon mode. sorry, my comment was a bit misleading.
it's just that i would expect FR to show every configuration token it
has read. and thread pool seems to be ignored in the debug.
It prints out the configuration it *uses*. It reads pretty much
anything from
Sergey Pariev wrote:
Hi All.
I'm currently setting up freeeradius 1.0.4 with pgsql (8.0.3) backend,
and I need to run an SQL query on radius server startup. Id like to
know
is it possible at all ? I've read the docs and *.sql config files but
haven't found anything like this. Any
Alan DeKok wrote:
Jason Carr [EMAIL PROTECTED] wrote:
I'm attempting to use a FreeRadius server for authentication of wireless
using 802.1x. I would also like to use a SQL database for
authorization. I've done some limited testing without success. It
looks like the authorization method also
Hello.
I'm implementing my own db-based auth setup, and I want to check stale
sessions, which can be caused by power outage, improper NAS shutdown,
etc, on radius server startup. Basically I'd just like to have some sql
query hook which would be executed on startup - to check the DB state .
I have changed the order in which the files are processed and it didn't
change anything. I can see in the debug that it finds the attributes:
rlm_ldap: performing search in ou=people,dc=test,dc=com, with filter
(uid=test)
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding
Artur Hecker [EMAIL PROTECTED] wrote:
user_ttls EAP-Type != PEAP
that however only prohibits the usage of PEAP for user_ttls while i
would like to only enable TTLS for this specific user (which is not
quite the same).
user_ttls EAP-Type != TTLS, Auth-Type := Reject
See the
Artur Hecker [EMAIL PROTECTED] wrote:
you know I remember a lot of users having _major_ problems with SCSI
because it was too forgiving for simple setups...
The server enforces sanity on what it needs. What it doesn't need
it ignores.
why not at least mentioning that the server has just
Jason Carr [EMAIL PROTECTED] wrote:
I grepped for local in the raddb directory, and I'm not seeing anything
related to Auth-Type := Local in any config file.
Did you set it in the SQL database?
I saw that I'm not supposed to explicitly define Auth-Type := EAP,
but perhaps this is what I
Sergey Pariev [EMAIL PROTECTED] wrote:
So I'd like to clarify if such a query hook exists at all, and if not,
how it can be done.
No query hook. As for how it could be done, edit
src/modules/rlm_sql/rlm_sql.c.
Also I would appreciate any freeradius-related suggestions or best
practices
Alan DeKok wrote:
Jason Carr [EMAIL PROTECTED] wrote:
I grepped for local in the raddb directory, and I'm not seeing anything
related to Auth-Type := Local in any config file.
Did you set it in the SQL database?
I saw that I'm not supposed to explicitly define Auth-Type := EAP,
but
Hello.
Thanks for quick reply, Alan.
Alan DeKok пишет:
Sergey Pariev [EMAIL PROTECTED] wrote:
So I'd like to clarify if such a query hook exists at all, and if not,
how it can be done.
No query hook. As for how it could be done, edit
src/modules/rlm_sql/rlm_sql.c.
Ok, I'll look into
Wesley Spadola [EMAIL PROTECTED] wrote:
However I use radiusd in its radrelay mode, having copied the detail
file I have to location radiusd expects, radiusd does start to read its
detail file, but does not decode the lines, it only shows through its
accounting SQL statements that
Jamie Crawford [EMAIL PROTECTED] wrote:
I guess I am needing to setup realms for each domain. How do I
setup DOMAINA users to go to the DOMAINA domain controllers, and how
do I setup DOMAINB users to go to DOMAINB domain controllers. I
shouldn't really have to setup to go do different domain
Joe H [EMAIL PROTECTED] wrote:
lines. lines 2 and 11 are other DEFAULT entries in the users file with
fall-through set to yes. It skips right over the SNS-Enable checkItem.
Ah. The users file isn't set up to do comparisons on check items.
So I don't think it will work.
Alan DeKok.
Sergey Pariev [EMAIL PROTECTED] wrote:
I probably haven't phrased my question clear enough. I wanted to ask
about preferred strategies of dealing with data consistency at the
db-level of the radius-based setup
What DB consistency problems are you worried about? I can't think
of any.
is
Alan DeKok пишет:
Sergey Pariev [EMAIL PROTECTED] wrote:
I probably haven't phrased my question clear enough. I wanted to ask
about preferred strategies of dealing with data consistency at the
db-level of the radius-based setup
What DB consistency problems are you worried about? I can't
Nicolas,
It Works like you've described. Thanks
Stefan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Nicolas Baradakis
Sent: Tuesday, August 30, 2005 1:13 PM
To: FreeRadius users mailing list
Subject: Re: How to configure freeradius to
Thanks to Alan, Thor and Vladmir for getting me this far. grin
I have TTLS-PAP working and authenticating against our OSX LDAP
server. I was wondering if anyone has had any success getting
Microsoft clients to use TTLS-PAP without installing additional
software as suggested in this
32 matches
Mail list logo