ip is coming from poptop config file ( pptpd.conf )
it's always ok with Pool-Name but with Framed-IP-Address the normal ip
config from pptpd.conf is assigned.
the user isn't in any group.
On Dec 12, 2007 1:25 AM, [EMAIL PROTECTED] wrote:
And that address is coming from ... ? Are you assigning
hi,
i found the same question and also this topic already on the
mailinglist,
but no solution which works for me. i'm already debugging this thing
the whole day, without any solution.
i'm using 802.1x with
clients: winXP sp2
method: EAP-MSCHAPv2
server: 2.0.0-pre1
it works all fine, as
So you are using DHCP to assign ip addresses as well. Find out what's
dhcp reservation. This is nothing to do with radius. And use one method
to assign addresses: dhcp or radius - don't use both at the same time.
Ivan Kalik
Kalik Informatika ISP
Dana 12/12/2007, hadi golestani [EMAIL PROTECTED]
Michael Patzer wrote:
...
server: 2.0.0-pre1
I would suggest using CVS head. It has a large number of fixes and
additions over -pre2.
it works all fine, as long as i'm not supply any domain-name. if i
supply
a domain-name it immediately fails with
rlm_eap: Identity does not match
Hi,
I am using freeRADIUS 1.1.6.
And I use EAP-TLS and with correct certs. Even if I set wrong username
in Odessey Client, freeRADIUS will return success.(check_cert_cn not set).
Can I let freeRADIUS to check if username in the users file or other
database? If not, reject
Don't use EAP-TLS. Use PEAP or EAP-TTLS.
Ivan Kalik
Kalik Informatika ISP
Dana 12/12/2007, Hangjun He [EMAIL PROTECTED] piše:
Hi,
I am using freeRADIUS 1.1.6.
And I use EAP-TLS and with correct certs. Even if I set wrong username
in Odessey Client, freeRADIUS will return
Hi,
I try to configure such a solution:
Authorization via MAC Address (with no username required) - if the machine
is using a valid IP Address, it is automatically allowed to surf.
(I know there is a Calling-Station-id attribute in radcheck)
But I need also a support for username/password
MAC address in mac auth is sent as User-Name not Calling-Station-Id.
So, for mac auth:
some-mac-add-ress Auth-Type := Accept
For a user:
username Clertext-Password := hispassword
Ivan Kalik
Kalik Informatika ISP
Dana 12/12/2007, CoMeC [EMAIL PROTECTED] piše:
Hi,
I try to configure
Authorization via MAC Address (with no username required)
This is being done by your NAS ! Username is usually the MAC address.
if the machine is using a valid IP Address, it is automatically allowed to
surf.
(I know there is a Calling-Station-id attribute in radcheck)
IP address has to be
Hi,
if anybody has the same problem, here's the solution..
i've installed 2.0.0-pre2 and made just the following
changes to radiusd.conf:
mschap {
with_ntdomain_hack = yes
ntlm_auth = /usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name}
Hi all,
I have a problem when I receive a Event-Timestamp attribute. The provider
assures me that he sends it in seconds (...elapsed since Jan 1st 1970) but
My radius server convert it into a date.
For instance, the operator has sent Event-Timestamp = 1197392955 and I
receive Event-Timestamp =
Ok,
Sorry for unsufficent informations. :)
For both authentifications methods there will be 2 separate NAS (one for
username/pass auth and one for MAC auth)
As NAS I will use Mikrotik routers.
The thing is
- router will lease DHCP Address to a clients machine.
- router sends Calling-Station-id
Ok,
thanks,
so in radreply I have to use:
some-mac-address Attribute Op Value
?
Thx,
CoMeC
On Wed, 12 Dec 2007 13:17:41 +0100, [EMAIL PROTECTED] wrote:
MAC address in mac auth is sent as User-Name not Calling-Station-Id.
So, for mac auth:
some-mac-add-ress Auth-Type :=
No, radcheck.
1. Enable mac auth in hotspot profile (login-by=mac) - mac address will
be checked first, if there is no match user will be sent to the login
form
2. For mac addresses make such entries in radcheck:
UserName Attribute Op Value
some-mac-address Auth-Type := Accept
3. For
Hi Friends,
I want to test radiusd with radeapclient. I am following from radeapclient
man page, and using ./radeapclient -x localhost auth testing123 req.txt.
req.txt is like this,
User-Name = bob
EAP-MD5-Password = hello
NAS-IP-Address = marajade.sandelman.ottawa.on.c
Thanks,
What I ment with radreply, is the fact, that when the MAC user is
authentificated by RADIUS, Radius should send for example bandwith values.
So I need to have those
some-mac-address Attribute Op Value
in radreply table. Am I wrong?
All is want to achieve is:
I would like to have
Replying to both suggestions inline, but neither will work.
Try this:
alphen NAS-IP-Address =~ '^192\.168\.2\.[56]$'
User-Name == test1,
User-Name == test2
Problem is in real deployment the IPaddress will be varied from
different subnets.
Regards,
Hi Phil, Yes I did.. Here is the config.
modules {
ldap {
set_auth_type = no
}
}
authorize {
preprocess
ldap
pap
}
authenticate {
#
# PAP authentication, when a back-end
database listed
# in
rlm_ldap: user test1 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap returns ok for
request 0
rlm_pap: WARNING! No known good password found for
the user. Authentication may fail because of this.
That's the problem.
Your LDAP
Hi,
Just wondering if anyone on here had some experience with authenticating
against a SecurID management server.
I think the easiest way would be just to proxy to the RSA RADIUS Server
(Funk), but I see there are some PAM modules available from RSA.
So if anyone been successful using
On Wed, 2007-12-12 at 16:44 +, Arran Cudbard-Bell wrote:
I think the easiest way would be just to proxy to the RSA RADIUS
Server
I do the exact same thing, except I use Entrust IdentityGuard RADIUS
proxy. Entrust and FreeRadius are tied to OpenLDAP.
Works well. Entrust++.
~BAS
-
The PAM module for RSA(ACE) does work except in one case:
- an account in 'next token mode' or 'new pin mode' causes FreeRADIUS to spin
out and swallow all of the memory on the host running it till it crashes.
I have not nailed down yet if it is PAM or FreeRADIUS but as example, OpenSSH
has no
Everything will work with the use of Mikrotik routers :)
I would seriously doubt that. In order to limit aggregate bandwidth on
multiple connections you need either to add them into a bundle (I don't
that Mikrotik supports multilink) or put the user in a VLAN and limit
bandwidth on that
But radeapclient is getting access-reject with Failure EAP-Code from radiusd
(running like ./radiusd -X in another console).
And that's the output you should paste.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
But I guess here is my problem. How do you assign more than one NAS to
a huntgroup?
The way it is shown in the huntgroups file.
But this uses SQL which we are not using and would prefer not to.
Use LDAP then. Or feel free to list (same) users for every huntgroup
entry.
Ivan Kalik
Kalik
Hi,
thanks for a hint.
I do not know detailed possibilities of that thing. Only theoretically... I
will get the router next week and I will start some tests...
I will let you know what I will find out! :)
Bandwith aspect is important, but not critical.
It is important to make it easy to
Hi All,
I am new to the freeradius list but have been running freeradius for
some time. We are changing the way we do some of our accounting here and
have a requirement to provide users with monthly prepaid cards for
specific data values, namely 1,5 and 10GB.
I have no problems making the pass
Hey,
I don't know if I understand everything correctly, but just take a look at
this:
http://wiki.freeradius.org/index.php/FAQ#Why_do_Acct-Input-Octets_and_Acct-Output-Octets_wrap_at_4_GB.3F
Maybe that is the solution.
Are you using Mikrotik? Any issues?
I am going to use it too, so I am very
28 matches
Mail list logo