Martin Silvero wrote:
I am configuring PEAP and there is not much information about it,
http://deployingradius.com
There is a complete and detailed set of instructions for configuring EAP.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Todd R. wrote:
I also noticed that it said that many things are logged when running
radiusd -X which explains some other things..
That's the reason for the continual instructions to run in debug mode.
Right now, I have something like this logging on a failed attempt in the
MySQL DB within
Perhaps if I try another approach:
Using rlm_perl, if a request is received and I want to accept the
login without performing any normal auth (in authorize()), what would
I need to return?
Constructing the $RAD_REPLY packet is no problem.
What to return to force an Access-Accept has me
Hi,
I have put perl as a module in my radiusd.conf file.
I don't file the rlm_perl*.so file in /usr/local/lib/ where all the other
rlm_*.so files are located.
What am I missing?
have you edited experimental.conf to enable PERL and have
you included this file in the radiusd.conf or
On Dec 17, 2008, at 11:54 PM, al pat wrote:
I am trying to use perl module, but when I can't start my server.
I have put perl as a module in my radiusd.conf file.
I don't file the rlm_perl*.so file in /usr/local/lib/ where all the
other rlm_*.so files are located.
What am I missing?
t...@kalik.net írta:
That didn't come out well. It should look like the reply list in users
file:
reply1,
reply2,
reply3
Where can I write it in the users file?
(I don't use user file, just ntlm_auth in mschap section.)
Try adding ,\n between attributes.
my php code contains it :
Hi,
The problem seems to be that when a bad password is the reject reason, the
Reply-Message is just blank.
yep - security reasons. why did I get rejected? ah, because the
password was wrong. I'll just keep brute-forcing unti I get the
password right..
alan
-
List
t...@kalik.net írta:
Exec-Program output: Tunnel-Type = VLAN Tunnel-Medium-Type = IEEE-802
Tunnel-Private-Group-Id = vlan20
That didn't come out well. It should look like the reply list in users
file:
reply1,
reply2,
reply3
Try adding ,\n between attributes.
Ivan Kalik
Kalik
Hi -
Thanks for the replies. I put libperl-dev and that worked.
Rgds
-a
On Thu, Dec 18, 2008 at 4:42 AM, Boian Jordanov bjorda...@orbitel.bgwrote:
On Dec 17, 2008, at 11:54 PM, al pat wrote:
I am trying to use perl module, but when I can't start my server.
I have put perl as a module in my
[peap] TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert read:fatal:unknown CA
TLS_accept:failed in SSLv3 read client certificate A
But your problem has nothing to do with the user. You haven't imported
the ca certificate onto the users machine. At least not the correct one.
but, if I
kevin wrote:
IOW, when using WISPr-Bandwidth, does that modify the client connection
at the client computer or does that occur at a proxy or firewall device?
The RADIUS client (NAS) that receives the WISPr-Bandwidth attribute is
responsible for enforcing it.
What I'm getting at is, is a
Hi,
but, if I want the user´s don´t use certificates and only use user
pass whit PEAP ¿is posible?
- and how, exactly, does the EAP tunnel get set up if you dont
have a common certificate to enable such a construct? you've got
to have a CA - and, if done properly, you've got to have the
- and how, exactly, does the EAP tunnel get set up if you dont
have a common certificate to enable such a construct? you've got
to have a CA - and, if done properly, you've got to have the validate
check as well!
Suppose a person who comes from outside the company, and wants to
connect
-Original Message-
From: freeradius-users-
bounces+jmdanner=samford@lists.freeradius.org [mailto:freeradius-
users-bounces+jmdanner=samford@lists.freeradius.org] On Behalf Of
Martin Silvero
Sent: Thursday, December 18, 2008 8:31 AM
To: freeradius-users@lists.freeradius.org
Is there a way with Perl to make the calling-station-id query to the
database not have any symbles in it and force it to be lower case . where
the mac will look at 001e0b25ecbd
t...@kalik.net wrote:
You can use perl lc function to make sure attribute is always lower
case.
List perl before
- and how, exactly, does the EAP tunnel get set up if you dont
have a common certificate to enable such a construct? you've got
to have a CA - and, if done properly, you've got to have the validate
check as well!
Suppose a person who comes from outside the company, and wants to
connect to my
Using rlm_perl, if a request is received and I want to accept the
login without performing any normal auth (in authorize()), what would
I need to return?
Auth-Type Accept.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Yes. Usual way is to strip delimiters from the caller id in hints file. A
for lower case - that depends on the database. Read the documentation
for the one you are using and see what function does it use for turning
the string into lower case.
Ivan Kalik
Kalik Informatika ISP
Dana 18/12/2008,
at the line 529 + 530, i should to send back to NAS server with the Acces
Reject with attribute h323-return-code == h323-return-code=2 not 0
..
520 Using Post-Auth-Type Reject
521 +- entering group REJECT {...}
522 [attr_filter.access_reject] expand: %{User-Name} - 087301
523
That didn't come out well. It should look like the reply list in users
file:
reply1,
reply2,
reply3
Where can I write it in the users file?
*Like* in users file.
(I don't use user file, just ntlm_auth in mschap section.)
Try adding ,\n between attributes.
my php code contains
now I have just one output, this:
Exec-Program output: Tunnel-Private-Group-Id = vlan20
no need /n
That is OK.
and the users file contains:
DEFAULT auth-type = Accept
Tunnel-Type = VLAN,#both are fix, send everytime, when accepted
Tunnel-Medium-Type = IEEE-802
That
Thu Dec 18 07:47:51 2008 : Info: +- entering group post-auth {...}
Thu Dec 18 07:47:51 2008 : Info: [wimax] MIP-RK =
0x9682b6cc9925949cce138e6fd148e9ac21c94c9e552ef2173c3e996aef87bff96f50564a5dcf85a505300a4e319349dce56c5a1f0308e6bb7e29a5f89e0a4949
Thu Dec 18 07:47:51 2008 : Info: [wimax] MIP-SPI =
On Thu, 2008-12-18 at 15:05 +0100, Alan DeKok wrote:
kevin wrote:
IOW, when using WISPr-Bandwidth, does that modify the client connection
at the client computer or does that occur at a proxy or firewall device?
The RADIUS client (NAS) that receives the WISPr-Bandwidth attribute is
t...@kalik.net wrote:
I see WiMAX-MN-NAI and WiMAX-IP-Technology in the reply. Bug?
Fixed.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On the other hand, I think I've narrowed down my choices for NAC. I
will look further into UNI-FY, but right now I think my best option,
without having to go to open-wrt or whatever, with some version of
chilli (or derivative) integration, is looking like ZeroShell:
http://www.zeroshell.net
Hello, does somebody knows what dictionary can use with a Huawei PDSN?
Thanks in advance.!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello, does somebody knows what dictionary can use with a Huawei PDSN?
dictionary.huawei?
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Just... edit the queries. Adding %{Module-Failure-Message} to the
queries should get you lots of that information.
Am I suppose to put a Module name in place of Module or leave it as is? I
copied and pasted %{Module-Failure-Message} in place of
%{reply:Reply-Message} and I could no longer
Just... edit the queries. Adding %{Module-Failure-Message} to the
queries should get you lots of that information.
Am I suppose to put a Module name in place of Module or leave it as is? I
copied and pasted %{Module-Failure-Message} in place of
%{reply:Reply-Message} and I could no longer
Can't view it now until I get back in front of a computer but as I remember it
was complaining about the exact line that I added this to.
I will check further later and post the exact error from the debug console.
Thanks!
--Original Message--
From: t...@kalik.net
Sender:
EAP-MD5 doesn't use inner-tunnel. Enable sql in default virtual server.
Ivan Kalik
Kalik Informatika ISP
The problem has resolved by your way.
Thank your ver much!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Ivan Kalik
thank you for your answer
as i explain, i read the man unlang times but cannot figure out how to use it
and Alan asked me the specific case
at the line 529 + 530, i should to send back to NAS server with the Acces
Reject with attribute h323-return-code == h323-return-code=2 not 0
Oh... I just downloaded the 2.1.3 there are a huawei dictionary... thanks!!
(I was using the old 1.1.7_2 freebsd port version)
Aldo Zavala
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
What was the error message when you start with radiusd -X?
OK, the error is:
including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf
/usr/local/etc/raddb/sql/mysql/dialup.conf[302]: Parse error after
%{reply:Packet-Type}
Errors reading /usr/local/etc/raddb/radiusd.conf
Here is
The \'s might be significant. You have those all through the query, up
to the point things break.
I also wouldn't have a comment in the middle of an SQL statement.
Clean it up and it is likely to work.
Sent from my iPhone
On 19 Dec 2008, at 03:29, Todd R. tjrl...@lightwavetech.com wrote:
35 matches
Mail list logo
