Phil Mayers wrote:
For those not following the Fedora bug, it (or rather, it's dependency)
has been closed by Ulrich Drepper. He seems to be saying that the
FreeRadius code is incorrect and specifically that an invalid typecast
is triggering the compiler to generate bad code:
Interesting.
same question here... I'm want to buy it.. :)
On Thu, May 29, 2008 at 2:03 AM, orion [EMAIL PROTECTED] wrote:
Hi alan.
Whats up with your book?
When will comes out?
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
orion wrote:
Hi alan.
Whats up with your book?
When will comes out?
It might be a while. I'm stuck at about 250 pages. And I'm busy
enough that it's hard to finish it.
I think I'll take what I have, clean it up, HTML-ize it, and put it on
my web site.
Alan DeKok.
-
List
Read FAQ. It describes this problem regarding PEAP.
Ivan Kalik
Kalik Informatika ISP
Dana 29/5/2008, sriram [EMAIL PROTECTED] piše:
Hi All,
I am facing problem using the FreeRadius version 1.1.7 for
EAP-TTLS/MSCHAPv2. Always I keep seeing the access-challenge on the radius
log. I have attached
Hi all ,
sorry for my english!
I configured a freeradius on the first machine , on the second machine
i configured OpenLdap.
i have configred freeraduis in order to communicate with openldap by editing
the *users* file like this :
*DEFAULT Auth-Type = LDAP
Fall-Through = 1*
now i want to test
youness hsina wrote:
now i want to test if freeradius can realy communicate with openldap but
i don't know how ca i do this test.
have any any ideas please.
Run the server in debugging mode, as suggested in the FAQ, README,
INSTALL, and daily on this list.
Alan DeKok.
-
List
Hello lists,
I configure the FreeRADIUS successfully and happy with the support.
Thank you list for your support,
/jreubens
Alan DeKok [EMAIL PROTECTED] wrote: jennie susan wrote:
I have succeed in configuring the server again with correct openssl
libraries and development headers, the
thank you for your response!
when i run my server in debugging mode , it seems to work very well!
radius# *radiusd -X -A
*** Starting - reading configuration files ...
reread_config: reading radiusd.conf
[...]
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy
Type radtest on the radius server command line and you will get the
parameters for testing.
Ivan Kalik
Kalik Informatika ISP
Dana 29/5/2008, youness hsina [EMAIL PROTECTED] piše:
Hi all ,
sorry for my english!
I configured a freeradius on the first machine , on the second machine
i configured
youness hsina wrote:
thank you for your response!
when i run my server in debugging mode , it seems to work very well!
radius#
*radiusd -X -A *
Starting - reading configuration files ...
reread_config: reading radiusd.conf
[...]
Listening on authentication *:1812
Listening on accounting
i have already made a test in radius server with this commande :
*#radtest test test localhost 0 test *
it works correctly!
But i have this user :
login : yhsina
password : yhsina
in an ldap server . my question is how can i interogate my ldap server
using this user *yhsina* in order to be
Hi Alan
thank you for your response,
i have already configure an ldap server on other machine .
when i run :
*#radtest yhsina yhsina localhost 1812 test*
i have in the end this error :
*radclient: no respone from server for ID 49*
**
have you any idea ?
regards,
uness
-
List
Hi,
thank you for your response!
when i run my server in debugging mode , it seems to work very well!
radius# *radiusd -X -A
*** Starting - reading configuration files ...
reread_config: reading radiusd.conf
[...]
Listening on authentication *:1812
Listening on accounting *:1813
Alan DeKok wrote:
I've committed a few fixes to CVS which should help with this.
Yeah, it works, thanks
One more problem. fr sends dhcp replies via routing, not via interface
it recievied it :-)
I.e. it recieves request via eth.940 for example, and replyes via eth0
(default route goes
i decommented all the lines who have relation with ldap in radiusd.conf
file.
here is ths radiusdconf file :
ldap {
server = iut-velizy.uvsq.fr
# identity = ou=Manager,dc=iut-velizy,dc=uvsq,dc=fr
# password = mypass
basedn = ou=Manager,dc=iut-velizy,dc=uvsq,dc=fr
filter =
# identity = ou=Manager,dc=iut-velizy,dc=uvsq,dc=fr
# password = mypass
No, you haven't.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Giovanni Lovato wrote:
I would like to assign IP addresses from pools based on which NAS the
request comes from. Can I achieve this? Users are stored in LDAP and NAS
on SQL.
See the sqlippool module.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Evgeniy Kozhuhovskiy wrote:
thanks, i'm newbee to 2.x :-)
It's OK. Please give any feedback on the new DHCP code... I think
it's useful, but we'll never know for sure until people start using it
heavily.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Thanks for the hint. What would be the best place and way to do this?
Putting this before pap in authorize { }:
update control {
Auth-Type := PAP
}
does indeed make pap work, but breaks anything else (like eap-mschap).
I also tried:
if
= not :=. Or check if Auth-Type already exists.
Ivan Kalik
Kalik Informatika ISP
Dana 29/5/2008, Bram Matthys (Syzop) [EMAIL PROTECTED] piše:
Thanks for the hint. What would be the best place and way to do this?
Putting this before pap in authorize { }:
update control {
Read about configuring ldap:
http://wiki.freeradius.org/Rlm_ldap
All the bits in ldap{} section are explaind in more detail than in
radiusd.conf file.
Ivan Kalik
Kalik Informatika ISP
Dana 29/5/2008, youness hsina [EMAIL PROTECTED] piše:
Hi Alan
thank you for your response,
i have already
What you refer to as login is identity in ldap section of radiusd.conf.
Ivan Kalik
Kalik Informatika ISP
Dana 29/5/2008, youness hsina [EMAIL PROTECTED] piše:
i have already made a test in radius server with this commande :
*#radtest test test localhost 0 test *
it works correctly!
But i
Alan DeKok wrote:
Put interface = eth0.960 in the listen{} section. This lets you
bind the listen{} section to a named interface. This is documented in
radiusd.conf.
thanks, i'm newbee to 2.x :-)
--
With best regards, Evgeniy Kozhuhovskiy,
Leader of Services team,
Minsk State Phony
Evgeniy Kozhuhovskiy wrote:
One more problem. fr sends dhcp replies via routing, not via interface
it recievied it :-)
Put interface = eth0.960 in the listen{} section. This lets you
bind the listen{} section to a named interface. This is documented in
radiusd.conf.
Alan DeKok.
-
List
I would like to assign IP addresses from pools based on which NAS the
request comes from. Can I achieve this? Users are stored in LDAP and NAS
on SQL.
smime.p7s
Description: S/MIME Cryptographic Signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok wrote:
Evgeniy Kozhuhovskiy wrote:
thanks, i'm newbee to 2.x :-)
It's OK. Please give any feedback on the new DHCP code... I think
it's useful, but we'll never know for sure until people start using it
heavily.
One more trouble (?)
I've configured lease time to 60 sec.
Bram Matthys (Syzop) wrote:
Thanks for the hint. What would be the best place and way to do this?
Putting this before pap in authorize { }:
update control {
Auth-Type := PAP
}
does indeed make pap work, but breaks anything else (like eap-mschap).
Giovanni Lovato wrote:
What key on sqippool table should I set to make FR choose a pool based
on NAS-IP-Address?
Read the sqlippool.conf file? This IS documented.
The scenario is:
1. a NAS requires access for a user;
2. if FR doesn't find a Framed-IP-Address on user attributes, it
Alan DeKok wrote:
Giovanni Lovato wrote:
I would like to assign IP addresses from pools based on which NAS the
request comes from. Can I achieve this? Users are stored in LDAP and NAS
on SQL.
See the sqlippool module.
What key on sqippool table should I set to make FR choose a pool based
Users file:
DEFAULT NAS-IP-Address == a.b.c.d, Pool-Name := thatNASpool
Ivan Kalik
Kalik Informatika ISP
Dana 29/5/2008, Giovanni Lovato [EMAIL PROTECTED] piše:
Alan DeKok wrote:
Giovanni Lovato wrote:
I would like to assign IP addresses from pools based on which NAS the
request comes
Ok... I took Alan's advise of taking it out of pap, my config is now:
authenticate {
..
ntlm_auth_pap
and
authorize {
..(near the end)..
ntlm_auth_pap
I then tried the following statements right before ntlm_auth_pap in
authorize (you said to check if Auth-Type exists, this is the correct way
Bram Matthys (Syzop) wrote:
You don't. You've managed to put the ntml_auth_pap program into the
pap Auth-Type, for reasons I don't understand. Why not just call it
ntlm_auth_pap? After all, they're *different*. The do NOT do the same
thing.
That's what I did first, because it makes
Hi Alan,
Alan DeKok wrote:
Bram Matthys (Syzop) wrote:
Thanks for the hint. What would be the best place and way to do this?
Putting this before pap in authorize { }:
update control {
Auth-Type := PAP
}
does indeed make pap work, but breaks anything
Evgeniy Kozhuhovskiy wrote:
Client (Windows XP SP3) gets an ip address, lease expires and when it
tries to renew ip - radius says:
Received DHCP-Request of id 1583096998 from 93.84.246.131:68 to 0.0.0.0:67
Ignoring request from unknown client 93.84.246.131 port 68
Ready to process requests.
Thomas Fagart wrote:
Ok I get it now, then the question could be, is there any open source
software (net-snmp patches or sub programs ?) that could do what you
describe (enabling radius packet generation while being polled, waiting
for radiusd answer and then response to the get oid).
Rick wrote:
I'm attempting to use mod_auth_radius (the cvs string is out-of-date,
but it's the latest from freeradius.org for Apache 1.3),
Latest from CVS? Or...?
to
authenticate to a Safeword RADIUS server, but when I authenticate,
Apache bus errors - on auth failure, however, it
I then tried the following statements right before ntlm_auth_pap in
authorize (you said to check if Auth-Type exists, this is the correct way to
do that, right?):
if (!Control:Auth-Type) {
update control {
Auth-Type = ntlm_auth_pap
Alan DeKok wrote:
I don't think you got my point. If you want to AUTHENTICATE using
ntlm_auth_pap... then call it in the AUTHENTICATION section. Calling it
in the AUTHORIZATION section is not AUTHENTICATION.
You need to:
a) set Auth-Type = ntlm_auth_pap in the authorize{} section
Evgeney Bakhtin wrote:
I don't need to use cisco-vsa-hack, because I need to get not
H323-Attribute = h323-attribute=value
I need to have
...
Cisco-AVPair := h323-ivr-in=terminal-alias:zhekha,0921877
...
in radius-response.
In freeradius-1.x.x I have it, but now I'm using
-Password = universit\340
+- entering group authorize
++[preprocess] returns ok
expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
- /usr/local/var/log/radius/radacct/150.217.4.65/auth-detail-20080529
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP
Am 29.05.2008 um 14:48 schrieb Gianfranco Ferrini:
I have problems with accented characters (and other like ç)
in user passwords.
My system is Fedora 8 with this localization
[EMAIL PROTECTED] ~]# locale
LANG=it_IT.UTF-8
LC_CTYPE=it_IT.UTF-8
LC_NUMERIC=it_IT.UTF-8
LC_TIME=it_IT.UTF-8
Gianfranco Ferrini wrote:
I have problems with accented characters (and other like ç)
in user passwords.
... when you don't use UTF-8.
When I try to autenticate with
Usernameguest
Passworduniversità
I have this result:
User-Name = guest
Rick wrote:
I'm attempting to use mod_auth_radius (the cvs string is out-of-date,
but it's the latest from freeradius.org for Apache 1.3),
Latest from CVS? Or...?
Actually, from http://www.freeradius.org/mod_auth_radius/mod_auth_radius.c
Building it from cvs works - thanks!
to
Alan DeKok wrote:
Phil Mayers wrote:
For those not following the Fedora bug, it (or rather, it's dependency)
has been closed by Ulrich Drepper. He seems to be saying that the
FreeRadius code is incorrect and specifically that an invalid typecast
is triggering the compiler to generate bad
I'll try it and I will post my results. Right now I working on a small
isolated system for testing purposes.
Stay tuned :)
Alan DeKok wrote:
Evgeniy Kozhuhovskiy wrote:
thanks, i'm newbee to 2.x :-)
It's OK. Please give any feedback on the new DHCP code... I think
it's useful,
Version: FreeRADIUS 2.0.4
I read the configuration file comments, searched the
forums, and even read the source code for rlm_checkval,
but am still having trouble getting it working the way
I think it should. I am somewhat new to this, so perhaps
I missed something obvious.
I have an LDAP
I've been trying to get my freeradius server to work with an Netscape LDAP
server and authenticate users when they connect via VPN to our Sonicwall
gateway. I have set the Sonicwall as a client so the radius recognizes it
and then adjusted the radiusd.conf. However, when I try to authenticate an
I don't see anything in the log here about ldap.
It jumps from [logintime] to [pap].
Did you uncomment lines containing ldap in the
sites-enabled/default file (in the authorize and
authenticate sections)?
Yancey
On May 29, 2008, at 2:34 PM, aprotector wrote:
I've been trying to get my
John Dennis wrote:
I wanted to understand the issues surrounding strict aliasing better. I
found the following article to be well written, quite readable, and
informative:
I found a NetBSD post with similar information:
http://mail-index.netbsd.org/tech-kern/2003/08/11/0001.html
However,
Yeargan Yancey wrote:
I read the configuration file comments, searched the
forums, and even read the source code for rlm_checkval,
but am still having trouble getting it working the way
I think it should. I am somewhat new to this, so perhaps
I missed something obvious.
Please try
aprotector wrote:
I've been trying to get my freeradius server to work with an Netscape LDAP
server and authenticate users when they connect via VPN to our Sonicwall
gateway. I have set the Sonicwall as a client so the radius recognizes it
and then adjusted the radiusd.conf. However, when I
-Forwarded Message-
From: Hoa But [EMAIL PROTECTED]
Sent: May 29, 2008 12:13 PM
To: freeradius-users@lists.freeradius.org
Cc: [EMAIL PROTECTED]
Subject: Invalid user (rlm_ldap: Access Attribute denies access) - Digest
Authentication With FreeRADIUS and OpenLDAP
Hello,
Thank you for
I have everything working, but I believe I've hit the problem with the
OIDs windows needs for the SSL cert. I generated a key with openssl and
a req and I actually have a real cert assigned for the server. How do I
go about modifying my key and cert so that XP users will be able to
connect? I can
Please try explaining the requirements, not why your chosen
solution doesn't work.
I did explain the requirements in the message. I meant to be
very clear that I had researched the issue and was not asking
for a solution without first doing my homework. I tried to find a
solution, but the
I am getting Invalid user (rlm_ldap: Access Attribute denies access)
And a bit earlier in the debug you have:
rlm_ldap: no dialupAccess attribute - access denied by default
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I added this to the ldap.attrmap file:
checkItem NAS-IP-Address host
Don't. Just don't. NAS-IP-Address is sent by the NAS
in a RADIUS packet.
Yes, I know that NAS-IP-Address is sent by the NAS
in a RADIUS packet. From the documentation, I
understood that ldap.attrmap allows one to
There
Y-OH-Y wrote:
Did you uncomment lines containing ldap in the
sites-enabled/default file (in the authorize and
authenticate sections)?
I'll take a look when I open it tomorrow. All of that is in the radiusd.conf
file? Or is there more in users or one of the other conf files?
aprotector
The problem is that authentication is basically hanging after
Access-Challenge packets back to my clients. It happens with Macs as
well. I know authentication is working because if I enter the incorrect
password I get a totally different type of response.
Thomas E. Casartello, Jr.
I'll take a look when I open it tomorrow. All of that is in the radiusd.conf
file? Or is there more in users or one of the other conf files?
There is more in default virtual server. The fact that authenticate and
authoriye sections are no longer in radiusd.conf is documented towards
the end of
Hello Ivan,
Thanks for the tip.
I thought no dialupAccess attribute does not matter since I am not on remote.
I am on a lan connection. Okay, I will configure that now and see what happens.
Thanks,
Hoa
-Original Message-
From: Ivan Kalik [EMAIL PROTECTED]
Sent: May 29, 2008 3:08 PM
hello, i try to config pam for works with freeradius
somebody can helpme to config the file
/etc/pam.d/login
/etc/pam.d/gdm
thanks..
atte Angel
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Yeah, totally missed that. Sorry.
Finally I see a new message! Anything error is better than the other one. :)
After I ran it this time from the Sonicwall with the LDAP user account it
gave me:
---
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testuser
Hi
I have tried the eap-sim test by putting the triplets in the
eapsim-in.txt also.
But I am still getting the same errors...
Please let me know in which file I should be keeping those triplets.
It would be of great help in someone attach the configuration file.
Regards,
Kalyani
Casartello, Thomas wrote:
I have everything working, but I believe I’ve hit the problem with the
OIDs windows needs for the SSL cert. I generated a key with openssl and
a req and I actually have a real cert assigned for the server. How do I
go about modifying my key and cert so that XP users
64 matches
Mail list logo
