Re: Co-existing of tls and ttls configuration

Koichi Yagishita wrote: Can I coexist eap tls and ttls configuration in a freeradius? Yes. If yes, please let me know of the configuration. The server ships with this configuration. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem with template.conf in proxy.conf

Thank you very much Alan. 2009/11/14 Alan DeKok al...@deployingradius.com Ana Gallardo wrote: WARNING: No such configuration item tld-rediris /etc/freeradius/proxy.conf[28]: Reference tld-rediris not found Errors reading /etc/freeradius/radiusd.conf I've committed a fix to git. It

Multiple forests

Hi, We are using freeRADIUS-1.1.6 talk to active-directory (multiple DOMAINs: A.com and sub.A.com). We use rlm_ldap module Global catalog port to get attributes from ADs. It works fine.   Now a forest(e.g.  B.com, sub.B.com ...) that is trust with domain A.com. I can not get attributes from

Re: Freeradius-Users Digest, Vol 55, Issue 65

Thank you for your message. I am away until Nov 19th. I will respond to your message on my return . For urgent matters, please contact helpd...@stgeorges.bc.ca . Cheers, Gilbert Lo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

FR2.1.7 with EAP-TTLS/PAP and LDAP

Hi all, i followed the how-to steps from http://deployingradius.com/documents/configuration/setup.html configured PAP, and EAP, made the certificates using the defaults in ./certs/bootstrap Also: in the authenticate {} section from ./sites-available/default Auth-Type LDAP {

Problems to do an SSID based authentication

part -- An HTML attachment was scrubbed... URL: https://lists.freeradius.org/pipermail/freeradius-users/attachments/20091116/a47516e2/attachment.html -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html End

Re: Multiple forests

You will need to setup two (or more) LDAP directory configs in the modules/ldap config. AD's LDAP interface isn't able to query inter-domain. So you need to setup a LDAP connection per unique domain. http://wiki.freeradius.org/Rlm_ldap On Mon, Nov 16, 2009 at 9:42 PM, John

Re: FR2.1.7 with EAP-TTLS/PAP and LDAP

hi, from your log... No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. } # server inner-tunnel [ttls] Got tunneled reply code 3 [ttls] Got tunneled Access-Reject [eap] Handler failed in EAP/ttls [eap] Failed in EAP select

Re: Problems to do an SSID based authentication

Hi, I am trying to do an SSID based authentication per user. What I mean is that i try in the users.conf file to check for which SSID the users is trying to use to login and if it is wrong it shall do an reject for that user. The problem is that i dont succeed with this so I thought it

RE: RE: Problems to do an SSID based authentication

-- Message: 3 Date: Mon, 16 Nov 2009 10:03:22 + From: Alan Buxey a.l.m.bu...@lboro.ac.uk Subject: Re: Problems to do an SSID based authentication To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID:

Re: DHCP in FR

Hi, Module: Checking dhcp DHCP-Request {...} for more modules to load Module: Linked to module rlm_passwd Module: Instantiating mac2ip passwd mac2ip { filename = /usr/local/etc/raddb/mac2ip format = *DHCP-Client-Hardware-Address:=DHCP-Your-IP-Address delimiter = ,

Re: FR2.1.7 with EAP-TTLS/PAP and LDAP

Hi Alan, i checked my sites-available/inner-tunnel file: in authorize section everything is commented, except: eap and pap (ldap is commented). in authneticate section i have Auth-Type PAP { pap } Auth-Type LDAP { ldap } the rest is commented

Re: DHCP in FR

Hi, Module: Checking dhcp DHCP-Request {...} for more modules to load Module: Linked to module rlm_passwd Module: Instantiating mac2ip passwd mac2ip { filename = /usr/local/etc/raddb/mac2ip format = *DHCP-Client-Hardware-Address:=DHCP-Your-IP-Address delimiter = ,

Re: FR2.1.7 with EAP-TTLS/PAP and LDAP

Hi, Hi Alan, i checked my sites-available/inner-tunnel file: in authorize section everything is commented, except: eap and pap (ldap is commented). in authneticate section i have Auth-Type PAP { pap } Auth-Type LDAP { ldap }

Re: FR2.1.7 with EAP-TTLS/PAP and LDAP

Hi Alan, i told myself that i should try and enable the ldap module in the authorize section, nothing wrong in that ;) and now it works... so now in my inner-tunnel file i got: server inner-tunnel { authorize { suffix update control { Proxy-To-Realm := LOCAL

Re: Unexpected Exiting normally 2.1.8?

Smart Security, version of virus signature database 4611 (20091116) __ The message was checked by ESET Smart Security. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Unexpected Exiting normally 2.1.8?

Craig Campbell wrote: Still running tests with bisect. successful runs take some time to identify (a day). Please let me know if the bug is identified, otherwise I'll keep plugging away. Thanks. Once we know the commit, the fix should hopefully be easy. Alan DeKok. - List

Re: FreeRADIUS + Postgresql dies unexpectedly

Hi,  I'd suggest changing sql_query() function in sql_postgresql.c to:        ...        if (!errormsg) return -1;        ...  instead of the current block of code { errormsg = FATAL ERROR } Well I tried this change, you can see the gdb output at:

bug in rlm_ldap authorization password handling?

I'm a little confused by how rlm_ldap is handing passwords. First let me state what I believe to be true, if I'm wrong on any of these assumptions please correct me. Authentication modules need access to either the cleartext password or hashed password, it is the role of the authorization

acct-delay-time appears to be off

I have been looking at this, and scratching my head. It appears as if the (timestamp -(minus) acct-delay-time) does not always = the actual start time of the session. From my observation, and log reading script, I have found that there could be a +/- 1 second variance in either the timestamp,

Book About Free-Radius Configurations

Hello, I have some days out, but I'm back. I would like know if exists any book with examples and explications about freeRadius configurations and the RADIUS protocol. What you thinks about the book http://www.amazon.com/AAA-Network-Security-Mobile-Access/dp/0470011947/ref=pd_bxgy_b_img_a

RE: RE: Problems to do an SSID based authentication

My users.conf file looks like this: PeterCleartext-Password := kaffe , Called-Station-Id == 04-0B-6B-33-62-35:raket JensCleartext-Password := kaffe , Called-Station-Id == 02-0B-6B-33-62-35:3 The logs from my radius -X is following: rad_recv: Access-Request packet from host

Re: bug in rlm_ldap authorization password handling?

I'm a little confused by how rlm_ldap is handing passwords. First let me state what I believe to be true, if I'm wrong on any of these assumptions please correct me. They are, sort of, correct. Or am I just missing something? You are looking at rlm_ldap in isolation. rlm_pap will handle

COA Examples

HI Does anyone have any COA policy examples? I want to use them on a cisco router to change the traffic shaping policy at different times of the day. Thank you Andrew Paternoster Senior System Engineer [cid:logo35.jpg]http://www.gpk.net.au/[cid:spacer7cf.jpg] http://www.gpk.net.au

freeradius and openser

I am configuring Freeradius server with openser... By default there is openser dictionary file that the path of that file should be included in freeradius master dictionary file... now i am confuse that command $INCLUDE {path of the openser dictioanry file} how will i include that over the

Accessing a second AV Pair

Hi, I have a Radius message which has two AV Pairs and I want to insert them both in to a database. However, I'm unable to access the second AVPair. Here is the Radius packet rad_recv: Accounting-Request packet from host 10.152.0.7 port 20001, id=87, length=662 NAS-IP-Address =

RE: Accessing a second AV Pair

What operator are you using? I have multi AVPairs and i have := on the first one and += on the others working for me. Andrew Paternoster Senior System Engineer [cid:logo1af4.jpg]http://www.gpk.net.au/ [cid:spacerecc.jpg] http://www.gpk.net.au 2/94 Abbott Road, Hallam, VIC 3083

realm --help

Hi, I have a realm as vsnl.net given to all the users (approx 2800 users), with different passwords. I have defined it in the proxy.conf as realm vsnl.net { type= radius authhost= local accthost= local } So, is this correct, as

Re: Multiple forests

Thank you. I will give it a try. --- 09年11月16日，周一, Peter Lambrechtsen plambrecht...@gmail.com 写道： 发件人: Peter Lambrechtsen plambrecht...@gmail.com 主题: Re: Multiple forests 收件人: FreeRadius users mailing list freeradius-users@lists.freeradius.org 日期: 2009年11月16日,周一,下午5:50 You will need to setup

RE: RE: Problems to do an SSID based authentication(t...@kalik.net)

: https://lists.freeradius.org/pipermail/freeradius-users/attachments/20091116/b10f1801/attachment.html -- Message: 3 Date: Tue, 17 Nov 2009 00:01:08 - (UTC) From: t...@kalik.net Subject: RE: RE: Problems to do an SSID based authentication To: FreeRadius users

Accounting : Alvarion WiMax Base Station as NAS

Dear All, As everyone already tried to use BreeMax Alvarion BTS as NAS for the freeradius ? I got trouble for the accounting part of it : * Cannot see upload/download (acct-input/output-octets) * Total time is always equal to 0 * No interim updates (even if

Re: Accessing a second AV Pair

My full SQL statement is: accounting_stop_query = EXEC ${stopacnt_sp} @username = '%{SQL-User-Name}', @av_pair = '%{h323-incoming-conf-id}', @gw_session_id_out = '%{Quintum-h323-conf-id}', @call_origin = '%{Quintum-h323-call-origin}', @dialstring_from = '%{Calling-Station-Id}', @dialstring_to =