Re: New bee to FreeRadius; need help in configuration

Deepak Panigrahy wrote: > Hi, > I feel there should be some way so that the server can refresh itself > automatically with the clients without going down. I feel the same way. Please send a patch to fix this. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/u

Re: ***SPAM*** Re: password failover

Quoting Vijay Avarachen <[EMAIL PROTECTED]>: From Cisco IOS Doc "A FAIL response is significantly different from an ERROR. A FAIL means that the user has not met the crit

Re: password failover

>From Cisco IOS Doc "A FAIL response is significantly different from an ERROR. A FAIL means that the user has not met the criteria contained in the applicable authentication

Re: FreeRADIUS and RSA RADIUS Server

Jakub Morávek wrote: >I have not many experiences with radius, so my question may be > stupid. Has anybody experience with using freeradius (Version 1.1.3 in > Debian Sarge) as proxy for RSA RADIUS Server included in RSA > Authentication Manager 6.1? Many people have tried this. It works.

Re: FR2 - proxying inner tunnel

Hi! Alan DeKok wrote: Dmitry Sergienko wrote: Does anyone here have working inner tunnel proxying with freeradius 2.0.x? Still having troubles with doing EAP-PEAP-MSCHAPv2 authorization. Switched to FreeRadius 2.0.1 from 1.1.7. I think the issue was introduced recently. Try editing src/ma

password failover

Hello, How do I set up a freeradius server so that if the password fails for the primary radius server it tries the secondary for the password. In my scenario, the primary is up and servicing requests, but the password for the device is incorrect. Now the device looks to the secondary to

RE: Detail cisco logging

Well, look again. Same question was asked and answered today. Different Cisco device but that doesn't change a thing. Ivan Kalik Kalik Informatika ISP Dana 5/2/2008, "hamid benane" <[EMAIL PROTECTED]> piše: >hello, > you for the page web of freeradius, i look it befor i ask this question. > >c

Re: freeradius v.2.0.1 and Cisco 1200AP IOS V.12.3

I have found a Cisco document (FAQ-Wireless-Security.pdf) with the following statement: Q. Why does MAC authentication not work with Wi−Fi Protected Access (WPA) in Cisco IOS Software Release 12.3(8)JA2? A. The only level of security for MAC authentication is to check the MAC address of the c

Re: New bee to FreeRadius; need help in configuration

Users Yes, NAS No Julian Stöver wrote: Hi, i think thats wrong. I can add SQL users without refreshing the server, and the debug mode also shows me, how the database is requested for the user data on every request! bye julian Am 05.02.2008 um 22:40 schrieb [EMAIL PROTECTED]: Hi, Deepak,

RE: Detail cisco logging

hello, you for the page web of freeradius, i look it befor i ask this question. can anyone give me the right configuration of the swith cisco3560 to authenticate a windows XP on lan network. i use TLS ou PEAP. thanks _ - Li

Re: New bee to FreeRadius; need help in configuration

Hi, i think thats wrong. I can add SQL users without refreshing the server, and the debug mode also shows me, how the database is requested for the user data on every request! bye julian Am 05.02.2008 um 22:40 schrieb [EMAIL PROTECTED]: Hi, Deepak, Have you considered using a ldap o

Re: New bee to FreeRadius; need help in configuration

Hi, I feel there should be some way so that the server can refresh itself automatically with the clients without going down. Thanks, Deepak [EMAIL PROTECTED] wrote: Hi, Deepak, Have you considered using a ldap or sql backend instead of flat-file? those , too, wil

Re: New bee to FreeRadius; need help in configuration

Hi, > Deepak, > Have you considered using a ldap or sql backend instead of flat-file? those , too, will need to be refreshed via a server restart - the SQL clients are only read upon start. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: New bee to FreeRadius; need help in configuration

Deepak, Have you considered using a ldap or sql backend instead of flat-file? Vijay On Feb 5, 2008 2:33 PM, Deepak Panigrahy <[EMAIL PROTECTED]> wrote: > Hi, > I have successfully configured the Freeradius server. > The one thing that I noticed is: Everytime I modify the Clients.conf > fil

PEAP mschapv2 Proxy not working.

Hello, I'm having trouble getting freeradius-1.1.7 to proxy PEAP-mshcapv2 to another RADIUS server. My other server doesn't do EAP, so I'm just sending mschapv2 achieved with proxy_tunneled_request_as_eap = no in eap.conf. When I proxy to my other server, I get back an Access-Accept packet.

New bee to FreeRadius; need help in configuration

Hi, I have successfully configured the Freeradius server. The one thing that I noticed is: Everytime I modify the Clients.conf file to include a client, I have to stop the server and then start it gain so that the client is picked up. I am wondering if there is any other way so that the server c

Re: wiki

Write to Peter Nixon with your desired logon details. Ivan Kalik Kalik Informatika ISP Dana 5/2/2008, "Phil Mayers" <[EMAIL PROTECTED]> piše: >I assume account creation is deliberately disabled on the wiki; could >whoever runs/has access create me one? >- >List info/subscribe/unsubscribe? See h

Re: freeradius v.2.0.1 and Cisco 1200AP IOS V.12.3

Hi, > When installing FreeRadius 2.0.1, the only thing you should need is to add > this to /etc/raddb/users > > username Cleartext-Password := "thepassword" ..and the clients file (and maybe even the firewall on the server! ;-) ) so that the AP acting as a NAS can talk to FR :-) > ...and i

Re: freeradius v.2.0.1 and Cisco 1200AP IOS V.12.3

Hi, > I have been working with freeradius v.2.0.1 and a > Cisco 1200 Series Access Point (version 12.3 IOS) for many months now > with no success to getting this working. I am doing research on > freeradius product for a univeristy campus that I go to for > implementation in the near future. I a

wiki

I assume account creation is deliberately disabled on the wiki; could whoever runs/has access create me one? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius v.2.0.1 and Cisco 1200AP IOS V.12.3

Dave Cummings wrote: Greetings I have been working with freeradius v.2.0.1 and a Cisco 1200 Series Access Point (version 12.3 IOS) for many months now with no success to 2.0.1 has not been out for "many months" getting this working. I am doing research on freeradius product for a univeris

freeradius v.2.0.1 and Cisco 1200AP IOS V.12.3

Greetings I have been working with freeradius v.2.0.1 and a Cisco 1200 Series Access Point (version 12.3 IOS) for many months now with no success to getting this working. I am doing research on freeradius product for a univeristy campus that I go to for implementation in the near future. I am o

Re: FreeRADIUS and RSA RADIUS Server

The RSA Authentication Server does not take requests from undefined agents. All Agent Hosts must be defined in the Server's Agent Host list.However, we are talking about RADIUS requests here, from the RSA Server's point of view, the RADIUS server is the agent host making the request to it via the

Re: Cisco 1200 AP

Is the wireless device sending its own mac or the clients mac address? there's somethimes a bug (CSCsj17603) with the firmware that the CISCO 1200 AP sends his own mac address, in this case you should update you firmware. For detailed informations read the cisco docs. If it's a freeradius b

Re: Cisco 1200 AP

but the wireless device is unable to connect. > >Has anyone setup this configuration and got it working? > You did: >that the AP is sending the Access-Request packet and an Access-Accept >response is being returned Problems you are having are not with radius. How are you setting IP address etc.?

Re: Cisco 1200 AP

Hi, 1200 AP is running c1200-k9w7-mx.123-8.JEB1 -- John Julian Stöver wrote: Hello, which firmware version? bye julian Am 05.02.2008 um 17:05 schrieb John Melton: I have configured a Cisco 1200 AP for WPA2-PSK which is working with a wireless device able to connect OK. I have tried t

Re: Cisco 1200 AP

Hello, which firmware version? bye julian Am 05.02.2008 um 17:05 schrieb John Melton: I have configured a Cisco 1200 AP for WPA2-PSK which is working with a wireless device able to connect OK. I have tried to add MAC authentication using the FreeRadius server, but have not been able to g

Cisco 1200 AP

I have configured a Cisco 1200 AP for WPA2-PSK which is working with a wireless device able to connect OK. I have tried to add MAC authentication using the FreeRadius server, but have not been able to get it working. I can see from the FreeRadius log that the AP is sending the Access-Request

Re: FreeRADIUS and RSA RADIUS Server

Jakub Morávek wrote: > In RSA terminology "Agent hosts" is host which sends authetication request. ... > In my case RSA rejects "user1" access, because RSA thikns, that "user1" > wants to log into "freeradius" and there is no "freeradius" Agent host > defined in RSA database. So... you might nee

Re: Attributes sent to proxy servers ...

Alan DeKok wrote: Arran Cudbard-Bell wrote: Might be any idea to replace accounting { ... # Filter attributes from the accounting response. if(!"%{control:Proxy-To-Realm}"){ attr_filter.accounting_response I'll look into it... Still getting internal attri

Re: FreeRADIUS and RSA RADIUS Server

Ivan Kalik wrote: My idea is that freeradius does not send Client-IP-Address attribute and therefore RSA RADIUS determines that original host is freeradius proxy server. Ahem, your first post: output of /var/log/freeradius/radacct/10.5.0.31/pre-proxy-detail-20080204: Packet-Type = Acces

Re: FreeRADIUS and RSA RADIUS Server

> >My idea is that freeradius does not send Client-IP-Address attribute and >therefore RSA RADIUS determines that original host is freeradius proxy >server. > Ahem, your first post: output of /var/log/freeradius/radacct/10.5.0.31/pre-proxy-detail-20080204: Packet-Type = Access-Request Mon Feb 4

Re: FR2 - proxying inner tunnel

Dmitry Sergienko wrote: > Does anyone here have working inner tunnel proxying with freeradius 2.0.x? > > Still having troubles with doing EAP-PEAP-MSCHAPv2 authorization. > Switched to FreeRadius 2.0.1 from 1.1.7. I think the issue was introduced recently. Try editing src/main/event.c, functio

Re: Attributes sent to proxy servers ...

Arran Cudbard-Bell wrote: > Might be any idea to replace > accounting { ... ># Filter attributes from the accounting response. >if(!"%{control:Proxy-To-Realm}"){ >attr_filter.accounting_response I'll look into it... > Still getting internal attributes displayed... Fixed.

Re: FreeRADIUS and RSA RADIUS Server

Jakub Morávek wrote: Firs of all thanks for your reply. I'll try to be more specific. On Feb 5, 2008 2:58 PM, Alan DeKok <[EMAIL PROTECTED] > wrote: Jakub Morávek wrote: >I have not many experiences with radius, so my question may be > stupid. Has any

Re: FreeRADIUS and RSA RADIUS Server

Firs of all thanks for your reply. I'll try to be more specific. On Feb 5, 2008 2:58 PM, Alan DeKok <[EMAIL PROTECTED]> wrote: > Jakub Morávek wrote: > >I have not many experiences with radius, so my question may be > > stupid. Has anybody experience with using freeradius (Version 1.1.3 in >

Re: Attributes sent to proxy servers ...

Never mind ... ++[sql] returns ok expand: %{User-Name} -> [EMAIL PROTECTED] attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated *sigh* All works now. Might be any idea to replace accounting { ... # Filter attributes from the accounting

Re: Attributes sent to proxy servers ...

Arran Cudbard-Bell wrote: ... > Looks like something very strange is going on with proxying accounting > packets as well. ... > Where have all the attributes gone ?!!? I think you did a "cvs update" without re-building everything. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.

Re: Attributes sent to proxy servers ...

Arran Cudbard-Bell wrote: > Noticed with CVS head that all attributes (including internal ones) > appear to be getting proxied. Is this just a cosmetic thing ? It's just a cosmetic thing. The internal attributes are being printed, but not sent. I don't see why it's happening, though. The co

Re: Attributes sent to proxy servers ...

thernet')) -> FALSE ++? if ("%{NAS-IP-Address}" == '127.0.0.1') expand: %{NAS-IP-Address} -> 139.184.8.16 ? Evaluating ("%{NAS-IP-Address}" == '127.0.0.1') -> FALSE ++? if ("%{NAS-IP-Address}" == '127.0.0.1') -> FALS

FR2 - proxying inner tunnel

Hi! Does anyone here have working inner tunnel proxying with freeradius 2.0.x? Still having troubles with doing EAP-PEAP-MSCHAPv2 authorization. Switched to FreeRadius 2.0.1 from 1.1.7. What I need: extract MSCHAPv2 auth from PEAP, proxy auth to external server which knows nothing about EAP. A

Re: Attributes sent to proxy servers ...

+? if ("%{NAS-IP-Address}" == '127.0.0.1') expand: %{NAS-IP-Address} -> 139.184.8.16 ? Evaluating ("%{NAS-IP-Address}" == '127.0.0.1') -> FALSE ++? if ("%{NAS-IP-Address}" == '127.0.0.1') -> FALSE expand: %{Client-Shortname} -&g

FreeRADIUS and RSA RADIUS Server

Hello, I have not many experiences with radius, so my question may be stupid. Has anybody experience with using freeradius (Version 1.1.3 in Debian Sarge) as proxy for RSA RADIUS Server included in RSA Authentication Manager 6.1? I need to solve following problem with the "Agent host" i.e. host

Re: Attributes sent to proxy servers ...

hi, you are still pre-proxy attr filtering? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Attributes sent to proxy servers ...

Hi, Noticed with CVS head that all attributes (including internal ones) appear to be getting proxied. Is this just a cosmetic thing ? Sending Access-Request of id 11 to 194.82.174.185 port 1812 Framed-MTU = 1480 NAS-IP-Address = 139.184.8.16 NAS-Identifier = "hp-e-its-dev8021x-sw1"

Re: Problems using EAP-TLS with freeradius version 2

Jeffrey Hutzelman wrote on 04.02.2008 00:43: > --On Thursday, January 31, 2008 05:42:50 PM +0100 "Reimer Karlsen-Masur, > DFN-CERT" <[EMAIL PROTECTED]> wrote: > >> If the "Microsoft Smartcard Logon" extendedKeyUsage *is part* of your >> client certificates they might not work with Windows build-

Re: rlm_ldap.c

Kevin J wrote: > In ldap.c:2660, there is a condition check to see if vals_idx is zero > > 2660if (!vals_idx){ > 2661pairdelete(pairs, > newpair->attribute); > 2662} > 2663

Re: Configuring radrelay using proxy.conf in v2.0.1

Ryan wrote: > Need some advise/help on configuring the proxy.conf to replicate the > radrelay function that was available in v1.1.3. However was not able > to find any information so far as the radrelay has been deprecated in > v2.0.1. radrelay has been replaced by radiusd reading directly from

Re: SNMP error

Edvin Seferovic wrote: > I am also curious about the answer on this question ! Are there any plans to > implement AgentX protocol into freeradius project? No plans. At this point, the only plans for 2.0 are minor feature improvements and bug fixes. I plan on spending time working on the boo

Re: SNMP error

Amr el-Saeed wrote: > any suggestions about what to do to make snmp work on 64-bit?? Debug it and submit a patch. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Configuring radrelay using proxy.conf in v2.0.1

Dear Everyone, Need some advise/help on configuring the proxy.conf to replicate the radrelay function that was available in v1.1.3. However was not able to find any information so far as the radrelay has been deprecated in v2.0.1. Previously I had use "/usr/local/bin/radrelay -n name_of_radius_se

RE: SNMP error

Hello, I am also curious about the answer on this question ! Are there any plans to implement AgentX protocol into freeradius project? Alan? Kind regards, E:S -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Amr el-Saeed Sent: Dienstag, 05. Februar 2

Re: SNMP error

Hi, any suggestions about what to do to make snmp work on 64-bit?? Amr el-Saeed wrote: Dear Alan, i build from the source file that i downloaded from freeradius.org i suspected the 64-bit i made several trials , and here is the result freeradius-1.1.7 , snmp-5.0.9-2.30E.20 , RHEL3 , 32-bi

Freeradius2 and proxing

In freeradius 1, if I need to proxy requests whose realm are remote, I put the following in proxy.conf: realm DEFAULT { type = radius authhost = remote.server1.com:1812 accthost = remote.server1.com:1813 secret = ldflag = round_robin