On Thu 08 Feb 2007 13:58, Alan DeKok wrote:
tzieleniewski wrote:
Hi!
I have just compiled the latest CVS and whenever I try to start radius I
get the following info: Configuration file
/home/radius/freeradius/raddb/radiusd.conf is globally readable.
This is because I use the
On Fri, 9 Feb 2007, Lai Fu Keung wrote:
I enabled freeradius debug. I came across an authentication method,
md5chap in debug output that my freeradius is currently not configured
to support. If the user unselects Require Data Encryption in VPN. It
then works fine.
I don't have an answer to
On Fri, 9 Feb 2007, Alan DeKok wrote:
The immediate question that comes to mind is Does FreeRADIUS reread its
configuration when it receives a -HUP?.
The immediate answer is have you tried reading the documentation?
To which I'd have to reply no (WRT this, anyways) and then ask if you
were
Thibault Le Meur wrote:
I didn't meen a mistake, but was wondering if my radiusclient had a
wrong mapping, that requests NT-password instead of
User-password (as an
example)
Here is the output from the radius server:
Ready to process requests.
rad_recv: Access-Request
Hi all,
I'm using the precompiled binary of FreeRadius from freeradius.net.
Well, I'm happy to say that it works!
My last challenge with FreeRadius is getting it to work with MySQL. I
don't know if MySQL connectivity is possible with the precompiled
Windows version. Can anyone confirm this?
Lai Fu Keung wrote:
I don't get a lot of information about md5chap in google. I appreciate
any pointers on this subject and how freeradius can be made to support
it, as radiusd.conf seems no mentioning on this subject.
I suspect it's just CHAP.
Perhaps you could try posting the debug
Foo JH wrote:
My last challenge with FreeRadius is getting it to work with MySQL. I
don't know if MySQL connectivity is possible with the precompiled
Windows version. Can anyone confirm this? Cos I'm not getting very far
trying to activate mysql.
You will have to install the MySQL client
Peter Nixon wrote:
I have to say that this caught me out also when I upgraded one of my radius
servers yesterday. My spec files had radiusd.conf as world readable, but
clients.conf and sql.conf etc (everything with passwords in them) as only
radiusd group readable.
Next time you make a
Hi,
I'm going to update the checks to make them a little less restrictive.
${raddb} should be o-rwx. Any files within ${raddb} can have any
permission they want.
so long as it handles symlinks/chroot okay :-)
alan
-
List info/subscribe/unsubscribe? See
Lai Fu Keung wrote:
Hi,
My users said the VPN login failed with their Windows Vista.
I enabled freeradius debug. I came across an authentication method,
md5chap in debug output that my freeradius is currently not configured
Do you mean mschap?
to support. If the user unselects Require
Hi,
I got a simple question but I don?t find anything to answer it.
Situation:
I got a database OpenLDAP which contains users info, mainly ?uid? and
?userPassword? crypt with SMD5 and I can?t modify this encryption
type. I want Wireless users to have to authenticate to access the WLAN
Dow, Corey wrote:
Ntlm_auth --request-nt-key --DOMAIN=XYZ --username=jdoe
This has been mentioned a few times in the archives, I believe without
resolution. I'm not certain it works without some level of fiddling -
it's been a while and my samba/ntdom/kerb skills are two years rusty,
but I
Mercier Romain wrote:
Hi,
I got a simple question but I don?t find anything to answer it.
Situation:
I got a database OpenLDAP which contains users info, mainly ?uid? and
?userPassword? crypt with SMD5 and I can?t modify this encryption
type. I want Wireless users to have to
Hello Jeremy.
Have you checked the documentation for the Omniswitch to verify that it
supports this? If I send back the same attributes on my wireless access
points, it works perfectly (we do this in production). The AP's, however,
support that.
I'll check it again, it's became difficult
I read that future version 2.0 will support SMD5 with pap module.
Could it solve my problem ? When will it be released ?
Quoting Phil Mayers [EMAIL PROTECTED]:
Mercier Romain wrote:
Hi,
I got a simple question but I don?t find anything to answer it.
Situation:
I got a database OpenLDAP
Hi
I don't know exactly what you have to do.
I have implemented something like this.
--- ---
| RAD |-| AD1 |
--- ---
| ---
| AD2 |
---
It's done with a perl module over rlm_perl.
The perl module
modcall[authorize]: module preprocess returns ok for request 0
radius_xlat: '/var/log/radius/radacct//auth-detail-20070209'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct//auth-detail-20070209
modcall[authorize]: module
Phil Mayers wrote:
You'd still need to install something on the clients. SecureW2 will to
TTLS with PAP inside the tunnel, which would work.
I installed SecureW2 and try PAP, but didn't understand that I need TTLS
module with PAP. I will try this. Thanks
If your constraint is no client
Mercier Romain wrote:
I read that future version 2.0 will support SMD5 with pap module.
Could it solve my problem ? When will it be released ?
You'd still need to install something on the clients. SecureW2 will to
TTLS with PAP inside the tunnel, which would work.
If your constraint is no
On Fri 09 Feb 2007 12:04, Foo JH wrote:
Hi all,
I'm using the precompiled binary of FreeRadius from freeradius.net.
Well, I'm happy to say that it works!
My last challenge with FreeRadius is getting it to work with MySQL. I
don't know if MySQL connectivity is possible with the precompiled
Thanks a lot Phil for your help. It's OK now.
With SecureW2 and PAP on the user's PC and using ttls
I add these lines to my configuration:
Modules {
...
eap {
default_eap_type = ttls
...
gtc {
auth_type = PAP
-Message = 0x
Framed-MTU = 1300
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
radius_xlat: '/var/log/radius/radacct//auth-detail-20070209'
rlm_detail:
/var
MS-Chap is in RFC 2433 (Oct 1998)
MS-Chap V2 is in RFC 2759 (Jan 2000)
see also
Microsoft Specific RADIUS attributes - RFC 2548 (Mar 1999)
Dave.
Original Message
From: [EMAIL PROTECTED]
Date: Feb 9, 2007 6:01
To: FreeRadius users mailing list[EMAIL PROTECTED]
org
Subj: Re: VPN
I have setup freeradius-1.1.4 for 802.1x authentication and tested it
successfully using eapol_test.
When I try to authenticate a voip phone, that uses the same certificate
as I used before with eapol_test, authentication fails.
radiusd -AX shows:
...
rad_check_password: Found Auth-Type
Hi,
I'm using Freeradius + Mysql to do the MAC Address authentication of the
clients that connection on my APs (Mikrotik machines).
In the mysql I've the follow:
Table usergroup:
UserName = MAC address
GroupName = NAS-Port-ID - (the name of the AP where the client will be
connected - ex.
Hi!!
I was trying to find out what is this table nas really used for.
I read the whole documentation in the doc directory of radius and dialup_admin
but I still have many doubts.
Is it used just for mapping and getting information about online users or it is
somehow equivalent to clients.conf
On Fri, 9 Feb 2007, tzieleniewski wrote:
I was trying to find out what is this table nas really used for.
I read the whole documentation in the doc directory of radius and
dialup_admin but I still have many doubts.
Is it used just for mapping and getting information about online users or it
Gaddis, Jeremy L. napisa(a):
On Fri, 9 Feb 2007, tzieleniewski wrote:
I was trying to find out what is this table nas really used for.
I read the whole documentation in the doc directory of radius and dialup_admin but I still have many doubts.
Is it used just for mapping and
On Fri, 9 Feb 2007, TZieleniewski wrote:
so clients.conf can be empty and all settings can be contained in nas table?
Yes.
will sql work for ip6 client??
No idea.
--
Jeremy L. Gaddis, MCP, GCWN [EMAIL PROTECTED]
LinuxWiz Consulting http://linuxwiz.net
-
On Fri 09 Feb 2007 12:25, Alan DeKok wrote:
Peter Nixon wrote:
I have to say that this caught me out also when I upgraded one of my
radius servers yesterday. My spec files had radiusd.conf as world
readable, but clients.conf and sql.conf etc (everything with passwords
in them) as only
Hello!
Have you checked the documentation for the Omniswitch to verify that it
supports this? If I send back the same attributes on my wireless access
points, it works perfectly (we do this in production). The AP's, however,
support that.
I'll check it again, it's became difficult
Gaddis, Jeremy L.-2 wrote:
On Fri, 9 Feb 2007, TZieleniewski wrote:
so clients.conf can be empty and all settings can be contained in nas
table?
Is there some spot where we can get definitions for each column (like where
each definition maps to in the clients.conf file)?
Does it work out
What I managed to figure out is that nasname is a source for a name to ip
resolving.
So probably the nasname has to be different (its ip resolution) from the one
specified in the clients.conf file.
Well those of course are only my suggestions:)
Cheers
-tomasz
Gaddis, Jeremy L.-2 wrote:
Is there anything I have to config so it doesn't touch the config files? How
do I move the server onto pure SQL for the NAS list? Can the clients.conf
file be totally empty?
tzieleniewski wrote:
What I managed to figure out is that nasname is a source for a name to ip
resolving.
So
Yes I checked it.
You may comment it out from the radiusd.conf file.
Is there anything I have to config so it doesn't touch the config files? How
do I move the server onto pure SQL for the NAS list? Can the clients.conf
file be totally empty?
tzieleniewski wrote:
What I managed to
But actually there is one place where U will need clients.conf.
If U use log_badlogins from dialup_admin/bin scripts you are going to need it
if to have the nasipaddress logged too. It will be than display in the failed
logins dialup_admin screen. Still it will be displayed in the form of name
Peter Nixon wrote:
0750 for the dirs and 0640 for the files is a pretty reasonable set of
permissions in my opinion...
Yes. I'll poke the Makefiles so that when the server is built, the
local files have the correct permissions before installation. That will
help, too.
Alan DeKok.
--
37 matches
Mail list logo
