I use rlm_dbm_parser to add 2 users in file users_output.
Debug info shows added successfully. But why I can not find file
users_output? Where to find this file?
rlm_dbm_cat shows 2 users added, right?
[EMAIL PROTECTED] rlm_dbm]# ./rlm_dbm_parser -c -i users -o users_output -x
Use
Hi,
That road is painful. What we've come up so far with is supplying
pre-configured supplicants (SecureW2) that bring the proper CA certificate
along and set the expected CN automatically. It can even be preconfigured to
auto-discard any other certificates, which doesn't give the user any
Hi,
I am creating a user account in AD with portuguese character and have the
freeradius configured properly.
But i am not able to get the successfull authentication.
For example, i added a user account catónio and displayname as catónio
But the radius server log shows, sending a user name as
Let's try again: you haven't posted the debug output. From this I can
see that access request are proxied but accounting one aren't. Post the
debug so we can see why.
On first glance there is a lot missing (Acct-Session-Time, number of
octets ...) from this accounting stop packet:
rad_recv:
Store cleartext passwords and all eap types will work. Real problem is
the encrypted password not the eap type.
Ivan Kalik
Kalik Informatika ISP
Dana 11/1/2008, Sergio Belkin [EMAIL PROTECTED] piše:
2008/1/10, Ivan Kalik [EMAIL PROTECTED]:
...
rlm_ldap: Added password
2008/1/10, Ivan Kalik [EMAIL PROTECTED]:
...
rlm_ldap: Added password
{SSHA}F8XliBuxscoShNf0k7RxlC7niB7ISswp in check items
...
rlm_eap_md5: User-Password is required for EAP-MD5 authentication
...
You can't use encrypted passwords with EAP-MD5.
Yes, but my beloved boss want to use encrypted password in ldap :(
2008/1/11, [EMAIL PROTECTED] [EMAIL PROTECTED]:
Store cleartext passwords and all eap types will work. Real problem is
the encrypted password not the eap type.
Ivan Kalik
Kalik Informatika ISP
Dana 11/1/2008, Sergio Belkin
[EMAIL PROTECTED] wrote:
Store cleartext passwords and all eap types will work. Real problem is
the encrypted password not the eap type.
Ivan Kalik
Kalik Informatika ISP
Dana 11/1/2008, Sergio Belkin [EMAIL PROTECTED] piše:
2008/1/10, Ivan Kalik [EMAIL PROTECTED]:
...
Sergio Belkin wrote:
EAP-TTLS with PAP inner encryption.
But is is possible configure that so? If I tried default_eap_type =
pap and radius didn't start.
PAP is not an EAP type. The documentation makes this clear:
# If the request does not contain an EAP
2008/1/11, Arran Cudbard-Bell [EMAIL PROTECTED]:
[EMAIL PROTECTED] wrote:
Store cleartext passwords and all eap types will work. Real problem is
the encrypted password not the eap type.
Ivan Kalik
Kalik Informatika ISP
Dana 11/1/2008, Sergio Belkin [EMAIL PROTECTED] piše:
Keith Dovale wrote:
Is there a limitation with the SQLCounter routine using a value above
2,148,000,000 in the
checkfield ? As if I set this value to anything below this figure the
routine works as planned however if I go above this value it rejects the
user as no available time.
The
Sergio Belkin wrote:
Alan, Thanks for clear up the confusion about EAP and PAP. But still I
don't understand this: Now I have a windows client working using
securew2 with PAP. If PAP is not into the tunnel
Then you are not using securew2.
When you use TTLS + PAP, the passwords go in the
nikitha george wrote:
I am creating a user account in AD with portuguese character and have
the freeradius configured properly.
1.1.x does not support UTF-8 that well. Version 2.0.0 should be much
better. Please try that.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
2008/1/11, Alan DeKok [EMAIL PROTECTED]:
Sergio Belkin wrote:
EAP-TTLS with PAP inner encryption.
But is is possible configure that so? If I tried default_eap_type =
pap and radius didn't start.
PAP is not an EAP type. The documentation makes this clear:
#
here the debug
rad_recv: Accounting-Request packet from host 192.168.2.225 port 1025,
id=89, length=137
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 44
NAS-Port-Type = Ethernet
User-Name = user
Calling-Station-Id = 00:D0:59:D9:13:61
Hi all:
I am running Freeradius 1.1.0 and am trying to get Ldap-Groups to work
with EAP/PEAP/MSCHAPv2, but have been running into issues. I'm trying to
permit authentication to a wireless SSID based on an LDAP group. Here is my
configuration:
Radiusd.conf:
authorize{
Hi,
I'm trying to migrate our old livingston radius (from around '96)
user-file to a newly installed freeradius 1.1.7 server.
Our general setup is, that dialing in with user should rlogin the user to
a shell-server. If the username is prefixed by a P, a PPP-Session should
be started.
Reading
hi to all.
im using FR 2.0.0 with default config.
in debug mode i get
*rlm_acct_unique*: *WARNING*: *Attribute* *Client*-*IP*-*Address* was not
found in
request, unique ID MAY be inconsistent
in 1.1.7 was ok.
My nas is the same ( mikrotik routerboard )
with the same config that was with 1.1.7
-
so your saying me to put anything that is being sent on that empty slot ?
On 11/01/2008, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi,
FR 2.0.0 is more fussy - there is no Client-IP-Address in
the accounting request. therefore it cannot use it in the hash
(you will see the blank entry
[EMAIL PROTECTED] wrote:
Yes.
Ivan Kalik
Kalik Informatika ISP
Dana 10/1/2008, [EMAIL PROTECTED] [EMAIL PROTECTED] piše:
Is it possible to authenticate with radius and the have ISC DHCP hand out
out an IP (etc)?
-
List info/subscribe/unsubscribe? See
Hi
{cut}
We use freeradius for other uses in our network and have never had problems
with it. In fact, we are using it (v. 0.9.3) with a Cisco 10008SSG to
authenticate PPPOE clients on an MMDS system, with no problems. Has anyone
ever run into this type of problem or roadblock before?
Is there a limitation with the SQLCounter routine using a value above
2,148,000,000 in the
checkfield ? As if I set this value to anything below this figure the
routine works as planned however if I go above this value it rejects the
user as no available time.
I am trying to use the sqlcounter to
In cvs from January 9th I noticed for the first time, that freeradius complains
about packets without Message-Authenticator and ignores them:
WARNING: Insecure packet from host 145.25.153.222: Packet does not contain
required Message-Authenticator attribute
How can freeradius be convinced to
Hi all,
In message [EMAIL PROTECTED], Alan DeKok
[EMAIL PROTECTED] writes
David Wood wrote:
I am about to start working on an update of that port to 2.0.0 - and it
will likely be renamed net/freeradius2 at the same time, as it's no
longer a development version. My part of this isn't likely to
The logs are given below for access request and accounting request.
*Proxy Radius Server Logs:*
*Access Request Logs *
Sending Access-Request of id 0 to 100.100.0.2 port 1812
Framed-IP-Address = 10.0.0.178
Calling-Station-Id = 00:0F:66:EE:BE:3A
User-Name = steve
User-Password = testing
Alex Moen wrote:
We have a Cisco 10008 that we are trying to set up for broadband
aggregation. The 10008 utilizes a radius server to authenticate each
internet subscriber, either based on mac address or circuit id. Cisco
says that we cannot use freeradius
A Cisco *account rep* is telling
Andreas Thienemann wrote:
The hints file contains the following lines, which seem to at least
somewhat work as the P is stripped and authentication succeeds.
Note that this updates the *request*, not the *reply*.
userPassword == whatever
Please use: Cleartext-Password := ...
27 matches
Mail list logo