Thanks Alan. I saw a reference for considering attribute
PASSWORD-RETRY in freeradius to implement user lockout. So could you
please let me know if there are any plans to include this in the
upcoming releases.
Thanks again,
Pavan
On Tue, Aug 12, 2008 at 8:47 PM, Alan DeKok [EMAIL PROTECTED]
Maurizio Cimaschi wrote:
If I comment the lines in inner-tunnel it works. If they are
uncommented it is unable to authenticate users.
Am I missing something ?
Debug log will show you what's going wrong, and why.
I have no idea why that entry makes any difference for local
Sudarshan Soma wrote:
Thanks Alan. I saw a reference for considering attribute
PASSWORD-RETRY in freeradius to implement user lockout. So could you
please let me know if there are any plans to include this in the
upcoming releases.
No.
If you have an example that works, please submit
Alexandre Chapellon wrote:
Hello, I'm not very familiar with radius, and i have a lot of questions.
For example:
Is it possible to proxy auth and acct request from one freeradius to
another over an encrypted network stream such as SSL or TLS?
Not today.
We're working on RadSec, which
On Wednesday 13 August 2008 12:24:44 Alan DeKok wrote:
Kostas Zorbadelos wrote:
As we are preparing for migration to 2.X version in some of our
production systems, I took a closer look at the sources and found the
rlm_acctlog module that allows for the logging of various types of
hi everyonei am new at freeradiusi want to test my configuretion that write in
document to use radtest programbut i cant run it, i dont know where to write
this command,i use opensuse 11 and freeradius 2.0.5i installed it by yastso
when i write the command radtest xxx xxx xxx,linux says
Stefan A. wrote:
So, I'd sys no DNS at all...
Ad it worked immediately after starting the mysql server
Anything els to check?
No idea. FreeRADIUS has *no* minute-long waits coded into it. It's
dependent on the host OS.
So the problem is either DNS, or the MySQL client library is
My long term goal is EAP-TTLS + PAP with FreeRadius 2.0 and LDAP
That being said I have taken one of my existing, working with FreeRadius
1.1.5, access points and pointed it at my test radius server.
When I try and connect the agent sends dozens of requests that the debug
log seems very happy
Pat Riehecky wrote:
My long term goal is EAP-TTLS + PAP with FreeRadius 2.0 and LDAP
That should be easy enough.
That being said I have taken one of my existing, working with FreeRadius
1.1.5, access points and pointed it at my test radius server.
Why? Why not just test everything from
Thanks. Glad I didn't get this last night or I wouldn't have slept!!!
I will have multiple access points spread across a large geographic area that
will authenticate to a series of Radius servers located in the internal
network. Any other suggestions would be appreciated. I've got most of
You can't get cleartext password from AD, but you can extract encrypted
(nt hashed) password as NT-Password with ldap. You will be able to
authenticate pap and mschap requests with that.
Ivan Kalik
Dana 14/8/2008, Murray, Elizabeth [DNR]
[EMAIL PROTECTED] piše:
Thanks. Glad I didn't get this
Hi,
I have spenndt the whole day trying to install Freeradius 1.1.3 over a Debian
4.0 machine. I need to use version 1.1.3 since it is the recommended one for
another application I am trying to test.
Everything went smooth until the last step when I restarted Freeradius after
completing
José Soler wrote:
I have spenndt the whole day trying to install Freeradius 1.1.3 over a
Debian 4.0 machine. I need to use version 1.1.3 since it is the
recommended one for another application I am trying to test.
If an application *requires* a specific version of FreeRADIUS...
there's
I'll give it a try again. I did find your website but came to a spot that I
couldn't get past. I'll start again with a clean server and let you k now when
I get stuck. Thanks. Nice to know I’m not alone.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
In follow up to 'FreeRadius 2.0.3 setup help' on Jul 27.
We have tested using the certificate creation scripts and WinCA signed
certificates with the same result of an access challenge. We have tested
with both a Windows XP and Linux client with the same result. We are
using Cisco switches.
What
Hi,
I have problem with freeradius and MySQL.
I run successfully freeradius using users file, but I wanted to
migrate to MySQL,and from then I have a lot of problems.
First of all, I got errors in radius.log that I not understand:
Thu Aug 14 16:16:17 2008 : Error: rlm_radutmp: Logout for NAS
Phil Mayers wrote:
It's also appending a 2nd w on the end, almost as if something is
re-using the original string buffer:
IC\rmtw
...and writing ICcrmtw into it, giving:
ICcrmtww
That looks like a separate bug. Try the valuepair.diff patch first.
I can work up a patch for the
Igor Sawczuk wrote:
Hi,
I have problem with freeradius and MySQL.
I run successfully freeradius using users file, but I wanted to
migrate to MySQL,and from then I have a lot of problems.
First of all, I got errors in radius.log that I not understand:
Thu Aug 14 16:16:17 2008 : Error:
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
Radius is doing fine. Your switch is having problems with EAP-MSCHAPv2.
Debug the switch.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Alan,
Thanks for the advice. Will look into upgrading to 2.0.5. As this is
production system, will need to plan for it.
Best Regards,
Ryan
Date: Tue, 12 Aug 2008 17:45:37 +0200
From: Alan DeKok [EMAIL PROTECTED]
Subject: Re: Help needed for radrelay under 1.1.3
To: FreeRadius users
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
Radius is doing fine. Your switch is having problems with EAP-MSCHAPv2.
Debug the switch.
Ivan Kalik
Kalik Informatika ISP
Ok, but we are using this same switch and config for our current
deployment of freeradius 1.1.7 with AD and
hi,
you've configured inner-tunnel for EAP - but
do you have the inner-tunnel virtual server config file
living in sites-enabled/ ?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
you've configured inner-tunnel for EAP - but do you have the
inner-tunnel virtual server config file living in sites-enabled/ ?
Hello Alan,
Here are the contents of the inner-tunnel file located in sites-enabled/
# -*- text -*-
Ivan Kalik wrote:
You can't get cleartext password from AD, but you can extract encrypted
(nt hashed) password as NT-Password with ldap. You will be able to
authenticate pap and mschap requests with that.
I was lurking in the attribute list of the AD:
Murray, Elizabeth [DNR] wrote:
Thanks. Glad I didn't get this last night or I wouldn't have slept!!!
I'm happy not do have disrupted you sleep ;-)
I will have multiple access points spread across a large geographic area that
will authenticate to a series of Radius servers located in the
On Thu, 2008-08-14 at 15:59 +0200, Alan DeKok wrote:
Pat Riehecky wrote:
My long term goal is EAP-TTLS + PAP with FreeRadius 2.0 and LDAP
That should be easy enough.
That being said I have taken one of my existing, working with FreeRadius
1.1.5, access points and pointed it at my
hello!
now i have this. i hope this time your answerme!!1
Sending Access-Request of id 42 to 10.0.6.29 port 1812
User-Name = test
User-Password = testing123
NAS-IP-Address = 10.30.1.104
NAS-Port = 1812
rad_recv: Access-Reject packet from host
hi,
you need to look at the debug log for the
RADIUS server which lives at 10.0.6.29
as that is the thing doing the rejecting!
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
OK. Following the suggestions, I installed the application for the application
to track changes. Not so easy to do. I now give up.
I followed the instructions and when I run the test it asks me about the .hgrc
file. Not to be found anywhere.
This will have to be step by step for me. Good
Martin Silvero wrote:
now i have this. i hope this time your answerme!!1
Why? Is there some kind of contractual obligation requiring people
here to respond?
Sending Access-Request of id 42 to 10.0.6.29 http://10.0.6.29 port 1812
User-Name = test
User-Password =
Maurizio Cimaschi wrote:
Ivan Kalik wrote:
You can't get cleartext password from AD, but you can extract encrypted
(nt hashed) password as NT-Password with ldap. You will be able to
authenticate pap and mschap requests with that.
I was lurking in the attribute list of the AD:
Murray, Elizabeth [DNR] wrote:
OK. Following the suggestions, I installed the application for the
application to track changes. Not so easy to do. I now give up.
That is about as vague a description as I've ever seen.
If it's not possible for you to describe accurately what you're
Alexandre Chapellon a écrit :
Hello, I'm not very familiar with radius, and i have a lot of questions.
For example:
Is it possible to proxy auth and acct request from one freeradius to
another over an encrypted network stream such as SSL or TLS?
Is that such a silly question that no
hi ! to firts alan my server is 10.30.1.104 no 10.0.6.29 and when i write
this: radiusd -i 10.30.1.104 -p 1812 -x -X :
Thu Aug 14 17:36:15 2008 : Info: FreeRADIUS Version 2.0.5, for host
x86_64-unknown-linux-gnu, built on Jul 24 2008 at 10:54:31
Thu Aug 14 17:36:15 2008 : Info: Copyright (C)
Murray, Elizabeth [DNR] wrote:
OK. Following the suggestions, I installed the application for the application to track changes. Not so easy to do. I now give up.
I followed the instructions and when I run the test it asks me about the .hgrc file. Not to be found anywhere.
Given this error,
Hi,
hi ! to firts alan my server is 10.30.1.104 no 10.0.6.29 and when i write
this: radiusd -i 10.30.1.104 -p 1812 -x -X :
okay. your server is 10.30.1.104
ok, and when i write : radtest test testing123 10.0.6.29 1812 testing123 i
get:
do you know what that command means? you are sending
http://deployingradius.com/documents/configuration/setup.html
Sorry. It's on this page having to do with the Mercurial installation.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: Thursday, August 14, 2008 2:34 PM
To: FreeRadius
OK. I'll pass that by. It does make this suggestion on
http://deployingradius.com/documents/configuration/setup.html link. I just
finished rebuilding my opensuse server and will start with the PAP settings.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
hi ! to firts alan my server is 10.30.1.104 no 10.0.6.29
Fine.
ok, and when i write : radtest test testing123 10.0.6.29 1812 testing123
So why are you sending the request to the wrong radius server? Read
instructions how to use radtest again.
Ivan Kalik
Kalik Informatika ISP
-
List
If that's difficult, save raddb configuration directory (and
subdirectories) as cfgbkp1, cfgbkp2, ... When you mess up and don't
know how to fix it you can copy back.
Ivan Kalik
Kalik Informatika ISP
Dana 14/8/2008, Murray, Elizabeth [DNR]
[EMAIL PROTECTED] piše:
Greetings,
I am running a very high-volume FreeRADIUS installation on RHEL 5 (not
my choice), and noticed that FreeRADIUS was periodically dying after
instantiating a great many worker servers. I looked at the output in
GDB and got:
Continuing.
[New LWP 11400]
[tcsetpgrp failed in
Alex Balashov wrote:
Greetings,
I am running a very high-volume FreeRADIUS installation on RHEL 5 (not
my choice), and noticed that FreeRADIUS was periodically dying after
instantiating a great many worker servers. I looked at the output in
GDB and got:
Continuing.
[New LWP 11400]
Ah, for a clearer picture, I tried running under gdb with the no-fork
option:
[EMAIL PROTECTED] radius]# gdb /usr/sbin/radiusd
GNU gdb Red Hat Linux (6.5-37.el5_2.2rh)
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
Hello,
I am planning to move from a Sun/SBR installation to Freeradius, and so
have a lot of things to test before...
For exemple, I need to proxy accounting request from my freeradius
server (2.0.5) to several (at least) radius services to allow third
party applications to be aware of services
Hi Alan, and All,
Well, I believe I have linked Freeradius 2.0.5 with the right openssl
(0.9.8h) now by adding below env variables(my build logs also says
that linked with -L/usr/local/ssl/lib). However I still see the same
error while using sha256 encryption algorithm with RSA 2048 key. I
sent
Alexandre Chapellon wrote:
Is that such a silly question that no one wants to answer?
Is it understandable?
Do you read posts on this list? Your question was already answered.
Go see the list archives on the web if you're not going to read the
replies on this list.
Alan DeKok.
-
List
46 matches
Mail list logo