On Thu, Oct 05, 2006 at 02:39:18PM -0400, Alan DeKok wrote:
In order to better understand the needs of people using FreeRADIUS,
I've set up a survey with 12 questions. The goal is to understand
who's using FreeRADIUS, how they're using it, and what the users needs
are. The page is:
Hi,
I am trying to set up Freeradius to proxy PEAP/EAP-MSCHAPv2 request as MSCHAPv2
and know that some of you were able to set up this cofiguration successfully i.e.
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg22903.html
Hi,
time (currently) and ALSO there is a bug. :: (listen on any address)
causes a segmentation fault.
WTF? types madly
:-) ah. wasnt reported.
Ah. 'struct sockaddr' isn't big enough to hold IPv6 addresses. We
have to use 'struct sockaddr_storage'.
Thanks, it's now fixed.
Hi,
Hello, why if I have in my clients.conf this configuration:
client localhost {
secret = testing123
nastype = other
shortname = localhost
login = test
password = test
}
and I try #radtest test test localhost
Hello every body,
I only have a simple question to the mailing.
Can I program an external module in c++.
thanks
Best Regards.
Guillermo Rodriguez
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello! I sucesfully installed a free radius server with ntlm_auth, but have one problem. I have user names in Windows 2003 domain with whitespaces like 'user 1' 'user 2' (i know this is a bit lame, but they was created about years ago and be wery hard to change), these username with whitespaces
Hi all,
I've wirte about this problem another time here
http://lists.freeradius.org/pipermail/freeradius-users/2006-October/057153.html
.
The core of this problem is an error that returns with chillispot when
I authenticate a client with WPA-EAP.
..
chillispot[15816]:
I configured a socks5 proxy. This question for me is how to authenticate users who I permit to use
my socks5 proxy and account them--such as period and data flow---
I do not know how to integrate socks5 authentication and freeradius together.
Is there any one have any idea or can provide me some
Hi,
ntlm_auth = /usr/bin/ntlm_auth --request-nt-key
--domain=%{mschap:NT-Domain} --username=%{mschap:User-Name}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}
have you tried something like
--username=\%{mschap:User-Name}\
you might be able to escape the
Hello every body,
I only have a simple question to the mailing.
Can I program an external module in c++.
thanks
Best Regards.
Guillermo Rodriguez
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
have you tried something like--username=\%{mschap:User-Name}\you might be able to escape the characters in this way.alnayes :( , and \' too
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I am just starting looking into this, but it seems that the
Called-Station-ID being logged from my Cisco AP's is off: What I see in
the log is the following:
Called-Station-Id = 0017.0f8c.25c1
However, the cisco itself shows something slightly different:
Mac Address 0017.0f8c.25c0
Called-Station-Id = 0017.0f8c.25c1
However, the cisco itself shows something slightly different:
Mac Address 0017.0f8c.25c0
Does your AP have two radios? If so, is this the
MAC of the other radio?
Have others seen/noticed this before? ... If not, can
anyone else look and see if they
Kostas Zorbadelos [EMAIL PROTECTED] wrote:
In the first question (How large is your organization?)
the range 101 - 1000 is missing...
In the question (How many RADIUS client machines do you have?)
is the last range 101?
Fixed, thanks.
Alan DeKok.
--
http://deployingradius.com -
Mak Moussa [EMAIL PROTECTED] wrote:
Would you still say that it is the ttls.c code, even though ttls w/mschap
worked fine?
Yes.
I am looking for a differentiator in the code between mschap and mschapv2,
Like the code I pointed you to?
Alan DeKok.
--
http://deployingradius.com
Giuseppina Venezia [EMAIL PROTECTED] wrote:
The core of this problem is an error that returns with chillispot when
I authenticate a client with WPA-EAP.
..
chillispot[15816]: radius.c: 1634: Received unknown radius packet 11!
Apparently Chillispot doesn't
taft [EMAIL PROTECTED] wrote:
I do not know how to integrate socks5 authentication and freeradius
together.
If the socks program you're using doesn't say it can use RADIUS, you
can't integrate them.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
G'day mate, thanks for the quick reply. I already have this in my
radiusd.conf:
realm suffix {
format = suffix
delimiter = @
ignore_default = no
ignore_null = no
}
The huntgroups file looks like this:
wireless
Date: Fri, 6 Oct 2006 09:13:20 -0400
From: Garber, Neal [EMAIL PROTECTED]
Subject: RE: Called-Station-ID and Cisco AP's
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID:
[EMAIL PROTECTED]
Content-Type: text/plain; charset=us-ascii
Hi,
I am using freeradius+perl+ldap.
Meaning for every request I get the users information from a
LDAP-Server, run it through some perl-code to distinguish some users
form others for some reason (:-)).
Now my problem are users not listed in the ldap-system. I want to use
the users-file to
Hy,
I'm having a small problem with the proxy.conf file.
I added the following entry to proxy.conf:
realm test.com{
type= radius
authhost= LOCAL
accthost= LOCAL
secret = foobar
strip
}
But when I send a user
Hi,
I am using freeradius+perl+ldap.
Meaning for every request I get the users information from a
LDAP-Server, run it through some perl-code to distinguish some users
form others for some reason (:-)).
Now my problem are users not listed in the ldap-system. I want to use
the users-file to
With FreeRadius, Is it possible to log accounting data to both SQL and to
standard Radius files? We would like to upgrade our Cistron Radius to
FreeRadius, and our accounting system (Rodopi)uses standard Radius logs,
but we would like to switch to SQL.
Thanks,
Kevin.
2006/10/6, Alan DeKok [EMAIL PROTECTED]:
Apparently Chillispot doesn't support EAP.
I have launched chilli with --eapolenable and without, with the same results.
Really, I don't know what must think.
However, thank you Alan.
Alan DeKok.
Giusy
-
List info/subscribe/unsubscribe? See
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm having some trouble with ippool.
I have some ip pools who need to be distributed
for my clients.
There is a example, my radiusd.conf:
...
ippool p0 {
range-start = xx.xx.xx.1
range-stop = xx.xx.xx.20
netmask = 255.255.255.0
cache-size =
Hi,
I am just starting looking into this, but it seems that the
Called-Station-ID being logged from my Cisco AP's is off: What I see in
the log is the following:
this COULD be the way that CISCO differentiates different VLANS
on its AP when running in autonomous mode (are you running
I have just found out the the Cisco, when announcing multiple SSID's will
create a virtual mac for the them.
So looks like this is a 'feature'.
Thanks.
On Fri, 6 Oct 2006, Walter Reynolds wrote:
Date: Fri, 6 Oct 2006 09:13:20 -0400
From: Garber, Neal [EMAIL PROTECTED]
Subject: RE:
socks v5 can support EAP authentication, and I figure out that freeradius can do that too. So I am wondering if EAP is a connection between socksv5 and freeradius.
any one else has some similar experience?
thank you
2006/10/6, Alan DeKok [EMAIL PROTECTED]:
taft [EMAIL PROTECTED] wrote: I do not
I am looking for a real freeradius admin who knows exactly what they
are doing? Should be experienced with some references. We need
advise, Setup, some maint, and support. Please send me your details.
-Troy
msn via [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See
Thanks. What version of IOS are you running?
Most are at 12.3(7)JA2. Some of our newer AP's are at 12.3(8)JA.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LAN MAC Address: 00:17:94:EE:D8:C6
Radio 1 MAC Address: 00:17:0F:8C:25:C0
Radio 2 MAC Address: 00:17:0F:90:25:C0
At the risk of this sounding like a stupid question...
If you do a show run in enable mode, do you see
a mac-address command after the radio interface
(i.e., have you
Kevin Hemsley [EMAIL PROTECTED] wrote:
With FreeRadius, Is it possible to log accounting data to both SQL and
to standard Radius files?
Yes.
Just list detail and sql in the relevant accounting sections.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
florian.prester [EMAIL PROTECTED] wrote:
Now my problem are users not listed in the ldap-system. I want to use
the users-file to overrule the ldap-system. Meaning if a user is found
in the users-file and the password matches, ignore everything else.
The problem is that the users file
Hello, why if I have in my clients.conf this configuration:
client localhost {
secret = testing123
nastype = other
shortname = localhost
login = test
password = test
}
and I try #radtest test test localhost testing123
-
Roberto Greiner [EMAIL PROTECTED] wrote:
But when I send a user with the test.com domain, it wasn't stripped. The
radiusd -X log below shows the behavior:
Show the *full* log.
modcall[authorize]: module files returns notfound for request 0
radius_xlat: '[EMAIL PROTECTED]'
ok... and
Andris [EMAIL PROTECTED] wrote:
I sucesfully installed a free radius server with ntlm_auth, but have one
problem. I have user names in Windows 2003 domain with whitespaces like
'user 1' 'user 2' (i know this is a bit lame, but they was created about
years ago and be wery hard to change), these
Roberto Greiner [EMAIL PROTECTED] wrote:
I have a server running GNU-Radius 1.3, and was preparing to migrate it
to FreeRadius 1.1.3, but on recent messages I noticed that 2.0 is being
developed. My doubt is, should I go ahead and install 1.1.3, or wait and
go straight for 2.0? The GNU-Radius
You're using the wrong syntax for including the pools in each section.
Here's an example from my own config...
modules {
ippool 512k_high {
# range-start,range-stop: The start and end ip
# addresses for the ip pool
range-start =x.x.x.6
taft [EMAIL PROTECTED] wrote:
socks v5 can support EAP authentication, and I figure out that freeradius
can do that too. So I am wondering if EAP is a connection between socksv5
and freeradius.
Once again, very slowly.
If the socks program you're using doesn't say it can use RADIUS, you
Not to rude, have you had a chance to poke that Patch again?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Alan DeKok
Sent: Wednesday, October 04, 2006 6:54 PM
To: FreeRadius users mailing list
Subject: Re: Windows Vista doing PEAP
King, Michael
Alan DeKok wrote:
Roberto Greiner [EMAIL PROTECTED] wrote:
But when I send a user with the test.com domain, it wasn't stripped. The
radiusd -X log below shows the behavior:
Show the *full* log.
rad_recv: Access-Request packet from host E.F.G.H:4126, id=4, length=62
-Original Message-
I would say 1.1.3 is fine to use. 2.0 will be out in a few months, so
you're free to upgrade then, too.
I think question he was trying to get across, is 2.0 going to be
significantly different from 1.1.3 from a config standpoint.
-
List
Alan DeKok wrote:
Roberto Greiner [EMAIL PROTECTED] wrote:
I have a server running GNU-Radius 1.3, and was preparing to migrate it
to FreeRadius 1.1.3, but on recent messages I noticed that 2.0 is being
developed. My doubt is, should I go ahead and install 1.1.3, or wait and
go straight
King, Michael [EMAIL PROTECTED] wrote:
Not to rude, have you had a chance to poke that Patch again?
Reload it from the same URL as last time.
If it still crashes, see doc/bugs. I don't see how it can crash at
all, so the crash looks like a symptom of another issue.
Alan DeKok.
--
Abel Monzon [EMAIL PROTECTED] wrote:
...
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
You didn't tell the server what the known good' password is for the
user.
See the FAQ for how to configure a test user.
There IS documentation for
Roberto Greiner [EMAIL PROTECTED] wrote:
Show the *full* log.
rad_recv: Access-Request packet from host E.F.G.H:4126, id=4, length=62
User-Name = [EMAIL PROTECTED]
Is this the log from the home server? If so, why? You already said
the username wasn't stripped, so showing that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thanks for reply.
I can't subdivide in two groups ...
I need 1 group, with several pools ...
Thanks
-
Roberto Gonzalez Azevedo
Jan Mulders wrote:
You're using the wrong syntax for including the pools in each section.
Is it possible to use the Session-Timeout setting to force wireless
clients to re-authenticate with the RADIUS server at a given interval?
Unfortunately my Acesss Point does not provide this functionality, so I
either have to do it via a supplicant such as the Funk Odyssey Client or
on the
Hello,
I've been using FreeRADIUS for years to do PEAP/MSCHAP2 WPA
authentications, and it's worked well enough to be a
set-it-and-forget-it solution. I'm currently running 1.0.4, but would
upgrade if it would help me accomplish the goals in this message.
However, changing environments bring me
Jason Wittlin-Cohen [EMAIL PROTECTED] wrote:
I am trying to force my wireless clients to re-authenticate with the
RADIUS server every 30 minutes (1800 seconds) with the Session-Timeout
setting. Currently I am testing with just one user, and the
Session-Timeout = 1800 setting is being sent with
Alan DeKok wrote:
Jason Wittlin-Cohen [EMAIL PROTECTED] wrote:
Over the last few days I've been having a recurring problem. Whenever I
start Freeradius either with radiusd in a terminal or as a service in
Debian, I can not restart/kill radiusd properly if it's authenticated
any
Andris wrote:
...
Usernames without whitespaces authorize succesfully. When
run ntlm_auth manal and write usernames like 'user 1' than work. And
i want put a NT group requirment too like a 'Domain Users' ntlm_auth
string is:
ntlm_auth = /usr/bin/ntlm_auth --request-nt-key
King, Michael wrote:
-Original Message-
I would say 1.1.3 is fine to use. 2.0 will be out in a few months, so
you're free to upgrade then, too.
I think question he was trying to get across, is 2.0 going to be
significantly different from 1.1.3 from a config standpoint.
-
Alan DeKok wrote:
Roberto Greiner [EMAIL PROTECTED] wrote:
Show the *full* log.
rad_recv: Access-Request packet from host E.F.G.H:4126, id=4, length=62
User-Name = [EMAIL PROTECTED]
Is this the log from the home server? If so, why? You already said
the
Hello,
I need administer my freeradius+mysql, and I ask: There is some utility in
addition to dialup_admin?
Tanx
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I have a question Is possible no have secret
for X client?
Tanx,
Abel
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I am using EAP-TLS for authentication so I have no use for a backend db
to check username/password credentials. However, I would still like to
prevent simultaneous logins with the same certificate. Is this possible
without having an sql database? I have Simultaneous-Users := 1 set in
the users
57 matches
Mail list logo