What it is that I need put in mysql and my configuration, for before I
obtain good authentication return: Tunnel-Type, Tunnel-Medium-Type and
Tunnel-Private-Group-ID for the client make a dhclient in vlan I return?
Put the appropriate attributes for VLAN assignment into the radreply table for
As I said earlier , but will say again for clarity.
It *is* a bug in pre1, Alan was trying something out that broke binding
in some BSD based operating systems and looks like Solaris too ...
Following a little bit of detective work with gdb, I realised that the
problem is with the
Hi,
The code has been taken out in the CVS head... if you want to use the
new features of 2** (of which there are many) use the CVS head not pre1.
Has the faulty code really been taken out or fixed, or is the resolution
of this situation a side-effect of udpfromto being disabled in HEAD at
Yes. FreeRADIUS has been known to run on AIX but I don't think anyone is
actively testing it on AIX at present. Please report any issues you have,
and you are welcome to document the installation procedure and put it in the
wiki :-)
Regards
Peter
On Thu 21 Jun 2007, nguyenvinht wrote:
By
O/H Eshun Benjamin έγραψε:
Slightly off-topic. Is anyone aware of a DHCP server with radius
support. Or even just with exec support? I 'd like to setup a DHPC that
will ask a radius server for IP instead of assigning it itself
A radius server assigning IPs ...that is not radius (!) . May
Eshun Benjamin wrote:
...
A radius server assigning IPs ...that is not radius (!) .
RADIUS was *originally* intented to assign IP's. It's been doing that
since at least 1993.
May be
you mean the radius server authenticating (MACs and/or IPs) before the
dhcp assigns it; this you have
Greetings,
We are receiving the attached information from a Nokia IP 260 Firewall and
VPN appliance,
The Access-Request is processed by a Perl program (through rlm_perl), and
AR::RADIUSRequest is the class of objects that represent a generic RADIUS
packet (don't mind the empty attributes).
David Wood wrote:
Following a little bit of detective work with gdb, I realised that the
problem is with the udpfromto code in -pre1, at least on FreeBSD.
Yes that's been known for a while, and has been mentioned on this
list. There was no need to investigate, just upgrade to CVS head,
UriCALL Support wrote:
I have noticed that in latest versions of rlm_digest the part with
converting of the attributes to something useful (DEBUG(rlm_digest:
Converting Digest-Attributes to something sane...)) was moved from
authorize section to authenticate section. There was even a
I can't see the fault with the server or the client (certificates are
there, wired 802.1x supplicant is enabled by default and set to do
EAP-TLS with certificate from local store by default). Only place left
to look is NAS.
Can you enable debug radius and see what does the log show?
Ivan Kalik
[EMAIL PROTECTED] wrote:
We are receiving the attached information from a Nokia IP 260 Firewall
and VPN appliance,
... please run the server in debugging mode.
The password sent is '' but we just get gibberish on our end
(and the tethereal capture also looks weird). The VPN is
Something like:
http://tools.ietf.org/html/rfc4014
Ivan Kalik
Kalik Informatika ISP
Dana 21/6/2007, Peter Nixon [EMAIL PROTECTED] piše:
On Thu 21 Jun 2007, Kostas Kalevras wrote:
O/H Eshun Benjamin ÎÎłĎÎąĎÎľ:
Slightly off-topic. Is anyone aware of a DHCP server with radius
support. Or
1st run, using MYSQL. Testing on localhost, I find I cannot authenticate
using an entry in user or one in the sql...
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
That RFC actually describes the opposite of what we are talking about. (ie.
How a RADIUS server can ask a DHCP server to assign an IP instead of how a
DHCP server can ask a RADIUS server to assign an IP)
Cheers
Peter
On Thu 21 Jun 2007, [EMAIL PROTECTED] wrote:
Something like:
Andrew Long wrote:
!!! users: Matched entry DEFAULT at line 153 !!!
users: Matched entry along at line 218
modcall[authorize]: module files returns ok for request 0
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module pap returns noop for request 0
users: Matched entry DEFAULT at line 153
users: Matched entry along at line 218
modcall[authorize]: module files returns ok for request 0
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module pap returns noop for request 0
modcall: leaving group authorize
[EMAIL PROTECTED] wrote:
Something like:
http://tools.ietf.org/html/rfc4014
Which requires support in the access points, and therefore isn't
implemented anywhere.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Also, for the users file:
...
users: Matched entry DEFAULT at line 153
users: Matched entry along at line 218
Go look at those entries, and read man users. It should
be clear why the server is behaving as it is.
Also, the FAQ says how to put an entry in the users file
Using freeradius 1.1.6: I'm trying to establish a sequential auth order,
but it seems I'm missing the boat on something. The goal is the
following auth order, in iteration:
1) Check for local users in MySQL table
2) Proxy the request to another server
3) Use the local 'users' file (that is to
Christopher Fournier wrote:
Using freeradius 1.1.6: I'm trying to establish a sequential auth order,
but it seems I'm missing the boat on something. The goal is the
following auth order, in iteration:
1) Check for local users in MySQL table
2) Proxy the request to another server
3) Use the
Hi,
Using 1.1.4, still can't get MSCHAPv2 working to a local file. Here is
the full output and the conf files:
use 1.1.6
rlm_mschap: Told to do MS-CHAPv2 for [EMAIL PROTECTED] with NT-Password
note this debug output line.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
attempt
users file:
cobb User-Password==secret
(also tried Cleartext-Password with same results)
Wrong operator (==) for Cleartext-Password. Use :=
cobb Cleartext-Password := secret
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
Stefan Winter wrote:
What it is that I need put in mysql and my configuration, for before I
obtain good authentication return: Tunnel-Type, Tunnel-Medium-Type and
Tunnel-Private-Group-ID for the client make a dhclient in vlan I return?
Put the appropriate attributes for VLAN assignment
I notice the password during supplicant connects to the radius server
are displayed in plain text. Is there a way to disable this?
--
Cody Jarrett
IT Freedom
[EMAIL PROTECTED]
Office: 512.419.0070
Fax: 512.419.0080
-
List info/subscribe/unsubscribe? See
Hi,
Wed Jun 20 19:46:47 2007 : Error: Trying to look up name of unknown
client 127.0.0.1.
Wed Jun 20 19:46:47 2007 : Auth: Login OK: [teste/secret] (from client
UNKNOWN-CLIENT port 327 cli 0040.96a2.24f3)
Wed Jun 20 19:46:47 2007 : Auth: Login OK: [teste/no User-Password
attribute] (from
You need to post the debug (radiusd -X) output. Whole thing.
Ivan Kalik
Kalik Informatika ISP
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of emmcosta
Sent: 21 June 2007 20:22
To: FreeRadius users mailing list
Subject: Re: EAP-TTLS PAP Mysql problems
Tried that already.
cobb Cleartext-Password := secret
It just spits out an error that says I didn't use User-Password and
fails:
Thread 1 handling request 0, (1 handled so far)
NAS-Identifier = localhost
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Hello,
thats why. you cant use a plain password.
alan
[Cobb] What should I use? I have tried User-Password==,
Cleartext-Password:=, Cleartext-Password==,
NT-Password==0x0123456789abcdef...,
NT-Password==0123456789abcdef..
All complain that the NT Response is invalid and all but
Try := with NT-Password. Cleartext-Password works fine in 1.1.6
Ivan Kalik
Kalik Informatika ISP
Dana 21/6/2007, Matt Cobb [EMAIL PROTECTED] piše:
Hello,
thats why. you cant use a plain password.
alan
[Cobb] What should I use? I have tried User-Password==,
Cleartext-Password:=,
On Thu 21 Jun 2007, Cody Jarrett wrote:
I notice the password during supplicant connects to the radius server
are displayed in plain text. Is there a way to disable this?
Yep. Don't run in debug mode...
--
Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
-
Hi all! I'm setup Samba PDC (3.0.25a) + LDAP and i want that users connect to
the internet throught VPN using their LDAP credentials. I think it will be MPD
+ FreeRADIUS. But when i'm try to configure radius work with ldap it get me
error.
I use this HOW-TO:
hi,
can anyone explain the purpose of functions rad_authlog, radlog and
vradlog?
thank you.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I'm *sorry* that I am not good at English
because I'm Japanese.
We using freeradius 1.1.0 for PEAP authentication,
and it is working well almost.
but sometime, radiusd stops responding.CPU usage is 100%.
(need to radiusd stop/start).
following is result of ps.
Cody Jarrett wrote:
I notice the password during supplicant connects to the radius server
are displayed in plain text. Is there a way to disable this?
No. Anyone who can run the server in debugging mode can access the
passwords via another method.
If you don't want the passwords visible,
Matt Cobb wrote:
Using 1.1.4, still can’t get MSCHAPv2 working to a local file. Here is
...
rlm_mschap: Told to do MS-CHAPv2 for [EMAIL PROTECTED] with NT-Password
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
Then either the password you have on the server isn't the same as the
35 matches
Mail list logo