Yeah, i think radius doesn't even boot if there is something wrong with certs. I checked firewalls, routing tables, etc. and no problem there.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I'm having a problem trying to use FreeBSD 6.1 with FreeRADIUS. I'd like
to use PEAP/MSCHAPV2 but it keeps crashing. I stopped using FreeRADIUS a long
time
ago because it wasn't very stable on my Redhat 8.0. I thought I'd give
it another try (new system, OS, and peap instead of EAP-TLS) and
Le Mon, Sep 25, 2006 at 12:27:28AM +0100, Jan Mulders ecrivait:
Hello all.
I'm trying to get FreeRADIUS to authenticate against MD5 passwords. Here's the
relevant part of my config...
modules {
pap {
encryption_scheme = md5
Hello,
I have a cluster of two servers running freeradius (the cluster is
monitored by heartbeat). Each of the two members of the cluster has its
own IP address (192.168.1.2 and 192.168.1.3) and one of the (the active
member) has the IP address in which it runs freeradius (192.168.1.1),
Oh my god, now i opened up brand new Linksys router, installed dd-wrt on it and plugged it into my first freeradius server, that worked already. And now it doesn't get past the Access-Challenge! Please help me, what could be wrong? I used tcpdump to make sure, AP is sending nothing but
SOLVED! Problem is, Lynksys v5.1 can use only DD-WRT 23 sp1 MICRO - micro version is cousing problems! I used Lynksys v7 (thanks god i have plenty of those with different versions on dispossial :P) with original FW and it works!
-
List info/subscribe/unsubscribe? See
Angel L. Mateo wrote:
Freeradius is working fine with this configuration, except the proxy
module. The problema I have is that proxy requests are originated with
the IP address of the member, not the IP of the cluster. And I haven't
found any configuration option to configure this. Is
On the active server (the one that have 192.168.1.1) you have to delete the
route that route packets through 192.168.1.2 for subnet 192.168.1.1/24 and
make sure there's a route through 192.168.1.1 for subnet 192.168.1.1/24.
This way, all connexion initiate from this box will have source address
I have noticed in my log's this error and do not know what it means, or
where to look to start fixing it..
thanks in advance
Mike
rlm_eap_tls: Length Included
Mon Sep 25 08:58:16 2006 : Error: TLS_accept:error in SSLv3 read
client cert ificate A
Mon Sep 25 08:58:16 2006 : Info:
Paul A Roberts [EMAIL PROTECTED] wrote:
Segmentation fault (core dumped)
doc/bugs describes what to do.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See
Mike May [EMAIL PROTECTED] wrote:
I have noticed in my log's this error and do not know what it means, or
where to look to start fixing it..
Ignore it. It's OpenSSL claiming an error where no real error
occurs.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
I have noticed in my log's this error and do not know what it
means, or
where to look to start fixing it..
rlm_eap_tls: Length Included
Mon Sep 25 08:58:16 2006 : Error: TLS_accept:error in SSLv3 read
client cert ificate A
I suppose you are using the EAP-TLS module to proceed
El lun, 25-09-2006 a las 14:46 +0200, Nicolas Baradakis escribió:
Angel L. Mateo wrote:
Freeradius is working fine with this configuration, except the proxy
module. The problema I have is that proxy requests are originated with
the IP address of the member, not the IP of the cluster.
I'm trying todo PEAP-MSCHAPv2 with authentication against an AD
Currently I have the following problem:
When the domain is in the username the authentication fails, if the
domainname isn't in the authentication the authentication succeeds. I'm
using the following ntlm_auth line in radiusd.conf:
Angel L. Mateo [EMAIL PROTECTED] wrote:
I note RADIUS packets are using UDP, which means they're connectionless.
I think you don't want a machine from the cluster send a proxy request,
and a different machine get the proxy reply. This wouldn't work.
This is an impossible situation,
Never mind, found the solutions as:
ntlm_auth --username=%{mschap:User-Name} --foobar
J.
--
Jonathan De Graeve
Network/System Engineer
Imelda vzw
Informatica Dienst
+32 15/50.52.98
[EMAIL PROTECTED]
-
Always read the manual for the correct way to do things because the
number of
Login incorrect: [IMZ\\jonathan/no User-Password attribute] (from
Do you have:
realm IMZ {
type= radius
authhost= LOCAL
accthost= LOCAL
}
In your proxy.conf file?
-
List info/subscribe/unsubscribe? See
Hi,
When the domain is in the username the authentication fails, if the
domainname isn't in the authentication the authentication succeeds. I'm
using the following ntlm_auth line in radiusd.conf:
you need to deal with your prefix (IMZ\\) - check the prefix section
of the radiusd config - and
Angel L. Mateo wrote:
El lun, 25-09-2006 a las 14:46 +0200, Nicolas Baradakis escribió:
Angel L. Mateo wrote:
Freeradius is working fine with this configuration, except the proxy
module. The problema I have is that proxy requests are originated with
the IP address of the member,
This is the core dump. FreeBSD 6.1 host, 1.1.2 FreeRadius. Authenticates fine
using NTRadPing with MS-CHAP but crashes each time trying to authenticate from
an XP box using EAP-PEAP/MS-CHAPv2.
cat gdb-radiusd.log
* 8 LWP 100065 0x280ac4ab in pthread_testcancel ()
from
Login incorrect: [IMZ\\jonathan/no User-Password attribute] (from
Do you have:
realm IMZ {
type= radius
authhost= LOCAL
accthost= LOCAL
}
In your proxy.conf file?
You don't need the realm (I already tried that one and that
Paul A Roberts [EMAIL PROTECTED] wrote:
This is the core dump. FreeBSD 6.1 host, 1.1.2 FreeRadius. Authenticates
fine using NTRadPing with MS-CHAP but crashes each time trying to
authenticate from an XP box using EAP-PEAP/MS-CHAPv2.
Hmm... that doesn't help much.
All I can suggest is
Jan Mulders [EMAIL PROTECTED]wrote:
I have the passwords in my database as MD5 (I have included a testuser2 with
a plaintext password for troubleshooting):
id UserName Attribute op Value
1 testuser1 Password == ae2b1fca515949e5d54fb22b8ed95575
Hello Everyone, I am looking for some help with testing my installation
of freeRadius.
Here is my environment, I have 2 radius servers behind a very tight
firewall that I do not admin, I need a way that I can test various forms of auth
from the radius servers themselves, is that
use radtest
On 9/25/06, Mike May [EMAIL PROTECTED] wrote:
Hello Everyone, I am looking for some help with testing my installation of
freeRadius.
Here is my environment, I have 2 radius servers behind a very tight firewall
that I do not admin, I need a way that I can test various forms of
You can use the following command line tools (compiled when you build
freeradius):
- radtest
- radclilent
On 9/25/06, Mike May [EMAIL PROTECTED] wrote:
Hello Everyone, I am looking for some help with testing my installation of
freeRadius.
Here is my environment, I have 2 radius servers
Hello:
I have a freeradius proxy working fine with one realm (radgroup)
defined in proxy.conf.
If it receives a query for [EMAIL PROTECTED] if sends to another radius
server striping the @radgroup from username and all is OK.
Now, I need that if a query for [EMAIL PROTECTED] arrives, then
This is an impossible situation, because I have an active/standby
configuration of the cluster. Just one node is running the IP and the
server. The other node is just a backup one (in a normal environment).
I was confused because you didn't mention it was an active/backup
setup.
On Mon 25 Sep 2006 19:05, Nicolas Baradakis wrote:
Angel L. Mateo wrote:
El lun, 25-09-2006 a las 14:46 +0200, Nicolas Baradakis escribió:
Angel L. Mateo wrote:
Freeradius is working fine with this configuration, except the
proxy
module. The problema I have is that proxy
0
radius_xlat:
'/usr/local/var/log/radius/radacct/152.2.199.26/detail-20060925'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/152.2.199.26/detail-20060925
radius_xlat: 'Mon Sep 25 16:05:13 2006'
radius_xlat: '/usr
Let me start by saying that I appreciate the amount of time and effort
you and others expend toward maintaining FreeRadius, answering
countless/repetitive my thing don't work, what's wrong and how do
I... questions, and responding to seemingly ridiculous enhancement
requests *g* from people like
Alan DeKok wrote:
You may be able to create a new attribute with the value of the old
one, and then delete the old one.
Hi Alan
Thank you for the response. I'm still trying to come to grips with the
some of the general concepts and program flows within freeradius. If you
can point me to
Justin Church [EMAIL PROTECTED] wrote:
Anything in this debug indicate why the server doesn't send
Accounting-Response?
The server didn't log the accounting information anywhere, therefore
it's not safe to tell the NAS that the accoutning information was
stored on the server.
Alan DeKok.
Garber, Neal [EMAIL PROTECTED] wrote:
I agree with you 100% that having the server show what it is doing is
very helpful when troubleshooting problems. Can you help me understand
how displaying the plaintext password tells me what the server is doing?
How else do you know what the user
Hi,I get the exact same problem, and I too have been working on it for a while, and is getting quite frustrating. I've tried FreeRADIUS 1.1.2 and 1.1.3 both from source, and 1.1.2 from the FreeBSD ports collection (although I had to hack the port to get it to build past sqlippool), on FreeBSD
6.0
: No such realm NULL
modcall: group preacct returns noop for request 3
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 3
radius_xlat:
'/usr/local/var/log/radius/radacct/152.2.199.26/detail-20060925'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP
Nevermind. I turned off -X and found this in radius.log:
Mon Sep 25 18:19:23 2006 : Error: rlm_unix: no Accounting-Status-Type
attribute in request.
It shows up in stdout with -X also, but not as an Error, so I overlooked it.
Added Accounting-Status-Type to packet, and server is now
37 matches
Mail list logo