Koichi Yagishita wrote:
Can I coexist eap tls and ttls configuration in a freeradius?
Yes.
If yes, please let me know of the configuration.
The server ships with this configuration.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thank you very much Alan.
2009/11/14 Alan DeKok al...@deployingradius.com
Ana Gallardo wrote:
WARNING: No such configuration item tld-rediris
/etc/freeradius/proxy.conf[28]: Reference tld-rediris not found
Errors reading /etc/freeradius/radiusd.conf
I've committed a fix to git. It
Hi,
We are using freeRADIUS-1.1.6 talk to active-directory (multiple DOMAINs:
A.com and sub.A.com). We use rlm_ldap module Global catalog port to get
attributes from ADs. It works fine.
Now a forest(e.g. B.com, sub.B.com ...) that is trust with domain A.com.
I can not get attributes from
Thank you for your message. I am away until Nov 19th. I will respond to
your message on my return . For urgent matters, please contact
helpd...@stgeorges.bc.ca .
Cheers,
Gilbert Lo
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi all,
i followed the how-to steps from
http://deployingradius.com/documents/configuration/setup.html
configured PAP, and EAP, made the certificates using the defaults in
./certs/bootstrap
Also: in the authenticate {} section from ./sites-available/default
Auth-Type LDAP {
part --
An HTML attachment was scrubbed...
URL:
https://lists.freeradius.org/pipermail/freeradius-users/attachments/20091116/a47516e2/attachment.html
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
End
You will need to setup two (or more) LDAP directory configs in the
modules/ldap config.
AD's LDAP interface isn't able to query inter-domain. So you need to setup
a LDAP connection per unique domain.
http://wiki.freeradius.org/Rlm_ldap
On Mon, Nov 16, 2009 at 9:42 PM, John
hi,
from your log...
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
} # server inner-tunnel
[ttls] Got tunneled reply code 3
[ttls] Got tunneled Access-Reject
[eap] Handler failed in EAP/ttls
[eap] Failed in EAP select
Hi,
I am trying to do an SSID based authentication per user.
What I mean is that i try in the users.conf file to check for which SSID the
users is trying to use to login and if it is wrong it shall do an reject for
that user.
The problem is that i dont succeed with this so I thought it
--
Message: 3
Date: Mon, 16 Nov 2009 10:03:22 +
From: Alan Buxey a.l.m.bu...@lboro.ac.uk
Subject: Re: Problems to do an SSID based authentication
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID:
Hi,
Module: Checking dhcp DHCP-Request {...} for more modules to load
Module: Linked to module rlm_passwd
Module: Instantiating mac2ip
passwd mac2ip {
filename = /usr/local/etc/raddb/mac2ip
format = *DHCP-Client-Hardware-Address:=DHCP-Your-IP-Address
delimiter = ,
Hi Alan,
i checked my sites-available/inner-tunnel file:
in authorize section everything is commented, except: eap and pap (ldap is
commented).
in authneticate section i have
Auth-Type PAP {
pap
}
Auth-Type LDAP {
ldap
}
the rest is commented
Hi,
Module: Checking dhcp DHCP-Request {...} for more modules to load
Module: Linked to module rlm_passwd
Module: Instantiating mac2ip
passwd mac2ip {
filename = /usr/local/etc/raddb/mac2ip
format = *DHCP-Client-Hardware-Address:=DHCP-Your-IP-Address
delimiter = ,
Hi,
Hi Alan,
i checked my sites-available/inner-tunnel file:
in authorize section everything is commented, except: eap and pap (ldap is
commented).
in authneticate section i have
Auth-Type PAP {
pap
}
Auth-Type LDAP {
ldap
}
Hi Alan,
i told myself that i should try and enable the ldap module in the authorize
section, nothing wrong in that ;)
and now it works...
so now in my inner-tunnel file i got:
server inner-tunnel {
authorize {
suffix
update control {
Proxy-To-Realm := LOCAL
Smart Security, version of virus signature
database 4611 (20091116) __
The message was checked by ESET Smart Security.
http://www.eset.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Craig Campbell wrote:
Still running tests with bisect.
successful runs take some time to identify (a day).
Please let me know if the bug is identified, otherwise I'll keep
plugging away.
Thanks. Once we know the commit, the fix should hopefully be easy.
Alan DeKok.
-
List
Hi,
I'd suggest changing sql_query() function in sql_postgresql.c to:
...
if (!errormsg) return -1;
...
instead of the current block of code { errormsg = FATAL ERROR }
Well I tried this change, you can see the gdb output at:
I'm a little confused by how rlm_ldap is handing passwords. First let me
state what I believe to be true, if I'm wrong on any of these
assumptions please correct me.
Authentication modules need access to either the cleartext password or
hashed password, it is the role of the authorization
I have been looking at this, and scratching my head.
It appears as if the (timestamp -(minus) acct-delay-time) does not always =
the actual start time of the session. From my observation, and log reading
script, I have found that there could be a +/- 1 second variance in either
the timestamp,
Hello,
I have some days out, but I'm back. I would like know if exists any book with
examples and explications about freeRadius configurations and the RADIUS
protocol.
What you thinks about the book
http://www.amazon.com/AAA-Network-Security-Mobile-Access/dp/0470011947/ref=pd_bxgy_b_img_a
My users.conf file looks like this:
PeterCleartext-Password := kaffe , Called-Station-Id ==
04-0B-6B-33-62-35:raket
JensCleartext-Password := kaffe , Called-Station-Id ==
02-0B-6B-33-62-35:3
The logs from my radius -X is following:
rad_recv: Access-Request packet from host
I'm a little confused by how rlm_ldap is handing passwords. First let me
state what I believe to be true, if I'm wrong on any of these
assumptions please correct me.
They are, sort of, correct.
Or am I just missing something?
You are looking at rlm_ldap in isolation. rlm_pap will handle
HI
Does anyone have any COA policy examples? I want to use them on a cisco router
to change the traffic shaping policy at different times of the day.
Thank you
Andrew Paternoster
Senior System Engineer
[cid:logo35.jpg]http://www.gpk.net.au/[cid:spacer7cf.jpg]
http://www.gpk.net.au
I am configuring Freeradius server with openser... By default there is
openser dictionary file that the path of that file should be included in
freeradius master dictionary file... now i am confuse that
command $INCLUDE {path of the openser dictioanry file} how will i include
that over the
Hi,
I have a Radius message which has two AV Pairs and I want to insert them
both in to a database. However, I'm unable to access the second AVPair.
Here is the Radius packet
rad_recv: Accounting-Request packet from host 10.152.0.7 port 20001, id=87,
length=662
NAS-IP-Address =
What operator are you using? I have multi AVPairs and i have := on the first
one and += on the others working for me.
Andrew Paternoster
Senior System Engineer
[cid:logo1af4.jpg]http://www.gpk.net.au/ [cid:spacerecc.jpg]
http://www.gpk.net.au 2/94 Abbott Road, Hallam, VIC 3083
Hi,
I have a realm as vsnl.net given to all the users (approx 2800 users), with
different passwords. I have defined it in the proxy.conf as
realm vsnl.net {
type= radius
authhost= local
accthost= local
}
So, is this correct, as
Thank you. I will give it a try.
--- 09年11月16日,周一, Peter Lambrechtsen plambrecht...@gmail.com 写道:
发件人: Peter Lambrechtsen plambrecht...@gmail.com
主题: Re: Multiple forests
收件人: FreeRadius users mailing list freeradius-users@lists.freeradius.org
日期: 2009年11月16日,周一,下午5:50
You will need to setup
:
https://lists.freeradius.org/pipermail/freeradius-users/attachments/20091116/b10f1801/attachment.html
--
Message: 3
Date: Tue, 17 Nov 2009 00:01:08 - (UTC)
From: t...@kalik.net
Subject: RE: RE: Problems to do an SSID based authentication
To: FreeRadius users
Dear All,
As everyone already tried to use BreeMax Alvarion BTS as NAS for the
freeradius ?
I got trouble for the accounting part of it :
* Cannot see upload/download (acct-input/output-octets)
* Total time is always equal to 0
* No interim updates (even if
My full SQL statement is:
accounting_stop_query = EXEC ${stopacnt_sp} @username = '%{SQL-User-Name}',
@av_pair = '%{h323-incoming-conf-id}', @gw_session_id_out =
'%{Quintum-h323-conf-id}', @call_origin = '%{Quintum-h323-call-origin}',
@dialstring_from = '%{Calling-Station-Id}', @dialstring_to =
32 matches
Mail list logo