Hallo,
I have a problem with the authentication on different VLAN.
I write for you my example:
I have two VLAN (VLAN1 and VLAN2) conneccted to two SSID (SSID1 and
SSID2) on my Cisco 1200 AP. I have the same authentication on both
connection (EAP-TLS).
In my users file I have two user:
Yes, just use the Cisco AV Pair to say
user1 Auth-Type := EAP, Cisco-AVPair := SSID=SSID1
user2 Auth-Type := EAP, Cisco-AVPair := SSID=SSID2
That would force user1 to only associate to SSID1 and user2 to only
associate to SSID2.
You *may* need to change them from being check attributes to
here's a quick one:
# test, People, local.loc
dn: uid=test,ou=People,dc=local,dc=loc
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
objectClass: radiusprofile
uidNumber: 1500
gidNumber: 100
cn: test
sn: test
uid: test
homeDirectory:
--On Wednesday, March 29, 2006 09:11:13 +0100 Guy Davies
[EMAIL PROTECTED] wrote:
You *may* need to change them from being check attributes to reply
attributes if your AP doesn't actually send those attributes with an
Access-Request. In that case, you send the Cisco-AVPair =
SSID=SSIDn
the sqlippool module in cvs does this..
This module sounds interesting - something I haven't take into my
considerations keeping the dynamic ippool data in the sql-db, too. And
it's obvious to do it this way using a primary and a backup server.
But the configuration information like range-start
The static IP range is a statically routed subnet to the Cisco NAS
We are not using Eigrp we use static routing
Thanks
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Guy Fraser
Sent: mardi 28 mars 2006 20:10
To: freeradius-users@lists.freeradius.org
Luca wrote:
What i need is a tipical ldap account ldif layout, 'cause this is the
first time i work with ldap and i hope to do my best.
There're LDAP schema examples in the version 1.1.1 tarball under the
doc/examples directory.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See
Hi all. I am trying to install freeradius 1.1.1 on a 64 bit intel
platform. I get the ffg error :
rm -fr .libs/rlm_counter.la .libs/rlm_counter.*
.libs/rlm_counter-1.1.1.*
gcc -shared rlm_counter.lo -Wl,--rpath
-Wl,/usr/software/freeradius-1.1.1/src/lib/.libs -Wl,--rpath
-Wl,/usr/local/lib
Can you give me an example in SQL please of how I might implement it using this
fashion?
Is it not just a case of if it passes radcheck, then it will respond with
radreply?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: 28 March 2006
thanks peter
but can is there any way where i can specify radius to use authetication
query a for calls from user a, and query b for users b.
--
View this message in context:
http://www.nabble.com/Having-multiple-authentication-query-in-sql.conf-t1353830.html#a3647212
Sent from the FreeRadius -
Hallo, thanks for the replies.
If I insert only the Cisco-AVPair attribute, it doesn't work...
Now I try the radius-server vsa send authentication command...
It is a AP console command? It is possible to set this command from the
AP web interface?
I haven't experience with the console
--On Wednesday, March 29, 2006 12:20:57 +0200 Antonio Matera
[EMAIL PROTECTED] wrote:
Hallo, thanks for the replies.
If I insert only the Cisco-AVPair attribute, it doesn't work...
Now I try the radius-server vsa send authentication command...
It is a AP console command? It is possible to
The Cisco-AVPair mechanism is a mutation of the standard VSA mechanism. Cisco
uses a single Vendor ID but wanted to use many VSAs. The limit with a
single Vendor ID is 255 (IIRC).
So, Cisco's Vendor Specific Attribute number 1 is Cisco-AVPair.
They then create sub-VSAs within that VSA using
Duane Cox wrote:
I noticed this too, that with 1.1.1 the docs are installed to
doc/freeradius and not doc/freeradius-1.1.1
It has been discussed on the freeradius-devel mailing list: the
libraries and the executables are installed in version-independent
directories, therefore it's more
Alan Baker wrote:
I am currently trying to compile the new version of FreeRadius 1.1.1. I've
used the same configure statement just like in 1.1.0 and for some reason I
am receiving a few build errors. Please help.
Please no HTML to the list.
/home/johnny5/freeradius-1.1.1/libtool
Albert Lin wrote:
My Linux:
uname -a
Linux ANVL-Workstation 2.4.20-8smp #1 SMP Thu Mar 13 17:45:54 EST 2003
i686 i686
i386 GNU/Linux
[EMAIL PROTECTED] etc]# radiusd -X
Floating point exception
Any help? Thanks!
Please no HTML to the list.
Run gdb and send us the information as
hi
my problem is following:
...
auth: type EAP
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate
Bill Roberts wrote:
I'm just posting my experiences in building v1.1.1 in case it is of use
to anyone else with similar problems. My system is Solaris 10 Sparc,
Freeradius v1.1.1, OpenSSL 0.9.8a, Sun compiler version 5.7 (SunStudio 10).
Thanks for the report.
This ultimately caused
Duane Cox wrote:
Appartenly somewhere (rlm_sql ?) the username is being changed
possible in an anti-injection function, I don't know.
Can someone shed some light on this?
For instance, in the debug snip below, the username 'dcoxdcox' is
changed to 'dcox=26dcox' which of course fails the sql
Hi!
I have a Domino (6.5.4FP3) ldap which I would like to use as a backend for freeradius.
My clients (winxp) uses eap-mschapv2, would it be possible for freeradius to match the password from the domino with the one supplied by the client?
If it ain't possible what would it take to achieve
--On Wednesday, March 29, 2006 15:47:15 +0200 Konne [EMAIL PROTECTED]
wrote:
hi
my problem is following:
Exec-Program: /usr/bin/ntlm_auth --request-nt-key --domain=X
--username=USER --challenge=921647d950709696
--nt-response=5882778194e622a6b9da392d2852d62ceb17144f53e7ced2
Hallo,
now I have the users configured as follow:
user1Auth-Type := EAP
Cisco-AVPair := ssid=SSID1,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 2,
Tunnel-Type = VLAN
user2Auth-Type := EAP
Cisco-AVPair := ssid=SSID2,
Hi Antonio,
If you're using the Cisco-AVPair as a check item, it *must* be on the
first line of the user entry. e.g.
user1Auth-Type := EAP, Cisco-AVPair := ssid=SSID1
... reply items here, one per line...
If you want to configure it as a reply item, it should be...
Cisco-AVPair =
Good morning all,
I would like to be able to begin and expire accounts on certain dates,
but I would like to be able to do it by input information into the radius
database that I have created using mysql.
Also, I appreciate the help you all have given. If I have one bit of
Hello.
I have a network where wireless users use the freeradius to authenticate
via OpenLDAP (in an another box)
I recently installed the 1.1.0 version using last version of the SLES
for OS and everything worked well. I did the following:
./configure
Hi friends!
I speak from the tongue of an engineering student in a research
group trying to implement a RADIUS proxy system.
My doubt is: can a freeradius server do first an authorization of a
request throught a DB (i.e MySQL) and proxy then if so or reject it
(if all isn't in rule)?
I mean,
Hi,
I'm getting this error in my log,
Error: rlm_sql: The 'op' field for attribute 'password
= ' is NULL, or non-existent.
Wed Mar 29 11:43:34 2006 : Error: rlm_sql: You MUST
FIX THIS if you want the configuration to behave as
you expect.
Wed Mar 29 11:43:39 2006 : Error: Invalid operator for
kevin [EMAIL PROTECTED] wrote:
do you know how to configure outer-attributes for eap-ttls in eapol_test?
I want to make user-name=anonymous in outer.
Edit the config file. See the sample configs that come with it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
radhika putty [EMAIL PROTECTED] wrote:
Are we allowed to open sockets inside a module and communicate with
other programs. If not then how else can we communicate with other
network programs..
Yes. The LDAP SQL modules do this.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Turtiainen, Tero [EMAIL PROTECTED] wrote:
From: Natalia Escalera [EMAIL PROTECTED]
We tried FR 1.1.1 and we are still having problems with
passwords containing
special characters like '$' for the LDAP authentication. In
FR 1.1.0 the '$'
was replaced by a character such as '%24'.
FreeRAIUS documentation in 1.1.1 mentions a possibility of referencing
specific AVPs in case of multiple instances of an attribute
(%{Attr-Name[N]}).
This is quite useful (and a nice addition!), but it doesn't seem to
cover some situations (especially related to logging/accounting) where
number
Antonio Matera [EMAIL PROTECTED] wrote:
the authentication works fine but , for example, if I connect the WinXP
client on the SSID1 with the certificate user of the VLAN2, I have this
situation:
The client is connected to the VLAN2 but the SSID of the wireless
connection is SSID1.
So
John Mylchreest [EMAIL PROTECTED] wrote:
Can you give me an example in SQL please of how I might implement it using
this fashion?
You put the attribute name, operator, and value into SQL.
Is it not just a case of if it passes radcheck, then it will respond with
radreply?
Yes.
Alan
Atkins, Dwane P [EMAIL PROTECTED] wrote:
I would like to be able to begin and expire accounts on certain dates,
but I would like to be able to do it by input information into the
radius database that I have created using mysql.
Use the Expiration attribute. See the README's.
Alan DeKok.
fvt3 [EMAIL PROTECTED] wrote:
Anyone know what it is and how to resolve it ?
Add a value in the op field, like the error messages suggest?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Anyone know the correct way to add more then 1 framed-route? Here is what is setup now and this works. af_user Service-Type = Framed-User, Simultaneous-Use=1Framed-IP-Address = 206.40.yyy.yyy,
Framed-Route = 206.40.xxx.xxx/29 206.40.yyy.yyy 1,Do I just need to add a second Frame-Route like this?
Radius is up and running and authenticates fine.. But everytimes someone
authenticates
I get the Error: Invalid operator for item Suffix: reverting to '=='
Message in the radius.log
This is the error log below.
Wed Mar 29 19:35:09 2006 : Info: rlm_sql_mysql: Starting connect to MySQL
server for
Okay, I'm sorta stumped here. I'm getting the exact behavior described for
shared secret is wrong, but I am pretty confident that it isn't.
FreeRadius 1.1.1, installed on NetBSD 3.0/amd64.
Synopsis: No matter how cleverly I try to make sure I have the right shared
secret, I get garbage
Konne [EMAIL PROTECTED] wrote:
i searched on the web but i found nothing. someone has an idea?
READ the debug output you posted to the list:
Exec-Program-Wait: plaintext: winbind client not authorized to use
winbindd_pam_auth_crap. Ensure permissions on
Have you tried putting the secret in clients.conf? I thought the clients
file was deprecated.
josh.
Peter Seebach wrote:
Okay, I'm sorta stumped here. I'm getting the exact behavior described for
shared secret is wrong, but I am pretty confident that it isn't.
FreeRadius 1.1.1, installed on
In message [EMAIL PROTECTED], Josh Howlett writes:
Have you tried putting the secret in clients.conf? I thought the clients
file was deprecated.
I haven't, and you're probably right that it is. I'll have a look at that.
-s
-
List info/subscribe/unsubscribe? See
On Wednesday 29 March 2006 14:37, Cris Boisvert wrote:
Radius is up and running and authenticates fine.. But everytimes someone
authenticates
I get the Error: Invalid operator for item Suffix: reverting to '=='
Message in the radius.log
This is the error log below.
Wed Mar 29 19:35:09 2006
Hi Peter,
I had same issue on Suse 9.1/64bit version. Some stupid library was broken (
I think the LIBLTDL = /usr/lib64/libltdl.so was wrong ). That had the whole
stuff messed up. Since I am not familiar with NetBSD, maybe you should
consider asking the same question on their mailing list about
This is the debug
[EMAIL PROTECTED] ~]# radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/sql.conf
Config: including
Hello,
i would like to use freeradius authentication for psionteklogix 9150, instead
of local authentication.
Has sombody an experience with such client?
thks, daniel
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cris Boisvert [EMAIL PROTECTED] wrote:
Radius is up and running and authenticates fine.. But everytimes someone
authenticates
I get the Error: Invalid operator for item Suffix: reverting to '=='
Message in the radius.log
It's a problem with the default hints file.
Alan DeKok.
-
List
I appreciate the input, I am looking for the README that will tell me
how to use the Expiration attribute in the Users file, but how does one
correlate it to the mysql database? Is there field in the radius database
tables?
Can I do a bulk add with dates that will allow me to do this?
On Wednesday 29 March 2006 21:15, Brent wrote:
Anyone know the correct way to add more then 1 framed-route?
Here is what is setup now and this works.
af_user Service-Type = Framed-User, Simultaneous-Use=1
Framed-IP-Address = 206.40.yyy.yyy,
Framed-Route = 206.40.xxx.xxx/29 206.40.yyy.yyy 1,
jasonatx0001 [EMAIL PROTECTED] wrote:
Is the caller responsible for freeing the memory pointed to by the return
value from cf_section_value_find ? Or does this just point to the memory
owned by the conf_section which free radius will free on its own ?
It returns a pointer to the data owned
Christoffer Dahl Petersen [EMAIL PROTECTED] wrote:
My clients (winxp) uses eap-mschapv2, would it be possible for
freeradius to match the password from the domino with the one supplied
by the client?
If the domino server supplies a clear-text password, yes.
Alan DeKok.
-
List
Natalia Escalera [EMAIL PROTECTED] wrote:
Command:
/usr/local/bin/radtest username test$2006 x.x.x.x 1 test123
Output:
Sending Access-Request of id 215 to x.x.x.x port 1812
User-Name = username
User-Password = test006#- No dollar sign, no number 2
$2 is a Unix shell variable.
Hi,
thx... now its running... :-)
but i dont know if this error is something special. or isnt it an error?
its that log ok?
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type EAP
Processing the authenticate section of radiusd.conf
52 matches
Mail list logo