On 2010/07/16 12:34 AM, Michal Bruncko wrote:
Hello list
SSID 1 \
SSID 2 --- AP -- Trunk -- Ruter - FreeRadius
SSID 3 /
My goal is to configure different security for different SSID through
one freeradius with virtual server feature.
This is possible, but with ONE virtual server.
My
Adam Bultman wrote:
How do I change that functionality? I'd *love* it if it didn't zombie
their servers for no reason.
No.. it marks the servers zombie for a reason: they're not responding.
But it may be too aggressive.
When I do a radiusd -CXXX, I see options I don't see documented for
Michal Bruncko michal.brun...@gmail.com wrote:
I am using FR with WPA2-Enterprise autentification in Wifi environment
with this scheme:
SSID 1 \
SSID 2 --- AP -- Trunk -- Ruter - FreeRadius
SSID 3 /
My goal is to configure different security for different SSID through
one
Hi all,
Does anyone know how to set the retry_count and retry_delay values for home
servers?
Thanks,
-Murray
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Murray Long wrote:
Does anyone know how to set the retry_count and retry_delay values for
home servers?
Read raddb/proxy.conf:
# i.e. retry_delay and retry_count have been replaced
# with per-home-server configuration. See the home_server
# example below for
I saw that, but the home_server example below, does not mention anything
about retry_count or retry_delay.
Any simply putting retry_count = value in the home_server section dosn't
seem to have any effect.
So how are these values set for home servers?
- Murray
On Fri, Jul 16, 2010 at 1:54 PM,
Murray Long wrote:
I saw that, but the home_server example below, does not mention
anything about retry_count or retry_delay.
Because this is documented in proxy.conf:
#
# Note that as of 2.0, the synchronous, retry_delay,
# retry_count, and dead_time have all been
Oh sorry it does!
But only for server type coa,
Are they not supported for the other types?
On Fri, Jul 16, 2010 at 2:02 PM, Murray Long mur...@skyrove.com wrote:
I saw that, but the home_server example below, does not mention anything
about retry_count or retry_delay.
Any simply putting
HI
I'd like to autheticate cisco vpn clients against the freeradius and AD
Prompt for the vpn client should be domainame\username.
In my smb.conf is as the delimiter:
winbind separator = \\ ( because backslash is special character, I had
to use twice )
This command works:
ntlm_auth2 = /usr/bin/ntlm_auth --request-nt-key
--domain=%{%{mschap:NT-Domain}:} --username=%{mschap:User-Name}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00} --require-membership-of=
S-1-5-21-853024553-185696384-3473746203-512
Err... no. That won't work.
Murray Long wrote:
Oh sorry it does!
But only for server type coa,
No. The irt/mrt/etc. configurations for CoA are *completely* different.
Are they not supported for the other types?
Have you been reading my messages?
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Jevos, Peter wrote:
One more question . Why shoud I delete the ntlm_auth2 line from the
mschap file ?
Does the mschap module documentation/comments say it will understand
an ntlm_auth2 line?
I thought that it is necessary. I have ntlm_auth file and ntlm_auth2
file 9 with the diferrent
Jevos, Peter wrote:
When i test through radtest it doesn’t work : neither
radtest domainame\\username password localhost 0 testing123 ,
or radtest domainame\\\username password localhost 0 testing123,
or radtest domainame\username password localhost 0 testing123
And... what does
I'm trying to integrate with Ipass and they have asked for a 12 second
or more delay between retry attempts. The default behavior for
freeradius seems to be sending 3 retries every 5 secs, which is why
I've been trying to change it.
As I only have a single home-server for the realm i don't mind
How can I force freradius to authenticate through domainame\username
Get radtest to send the same data as sent by the Cisco client. See
the server debug output in order to compare the two user names.
Alan DeKok.
Hi Alan, I forced radtest to pass, with this syntax:
1. radtest
Murray Long wrote:
I'm trying to integrate with Ipass and they have asked for a 12 second
or more delay between retry attempts. The default behavior for
freeradius seems to be sending 3 retries every 5 secs, which is why
I've been trying to change it.
No. The default behavior for the
Oh, that makes more sense now. My confusion was in assuming that the
retry packets I was seeing where generated by freeradius when they
where actually just being forwarded from the NAS.
Thanks very much for the help,
-Murray
On Fri, Jul 16, 2010 at 2:55 PM, Alan DeKok al...@deployingradius.com
Hello all...
I'm running FR 2.1.9 compiled from source on Debian Linux
and using the passwd module for a couple of things.
I have one instance called 'mac-auth', configured in modules/mac-auth as:
passwd mac-auth {
filename = ${confdir}/mac-auth
format =
Hi all,
it's possible use dyndns in clients.conf with fr 1.1.7-0??
I have error every time that ip address change.
I read many quests on internet but i don't find fixes.
Could help me set hostname_lookups = yes??
Otherwise, it's possible check by nas-id??
My nas is mikrotik.
Thanks
Tokie
-
Tokie wrote:
it's possible use dyndns in clients.conf with fr 1.1.7-0??
No.
I read many quests on internet but i don't find fixes.
Install version 2.1.9.
Could help me set hostname_lookups = yes??
No.
Otherwise, it's possible check by nas-id??
No.
Alan DeKok.
-
List
Peter Bates wrote:
I also have modules/switch-auth, which contains:
passwd switch-auth {
filename = ${confdir}/switch-auth
format = *NAS-IP-Address:=Tunnel-Private-Group-Id
delimiter = ,
}
However, this never matches and the module always returns 'notfound':
The
On 2010/07/16 05:35 PM, Alan DeKok wrote:
Otherwise, it's possible check by nas-id??
No.
You could try using rlm_raw and dynamic_clients.
Configure your dymanic client virtual server like this.
client dymamic {
ipaddr = 0.0.0.0
netmask = 0
dynamic_clients = dynamic_nas
lifetime
Hi,
We're running freeradius server v2.0.3 and restart of the daemon failed with:
#/etc/init.d/radiusd restart
Stopping RADIUS server: [FAILED]
Starting RADIUS server: Fri Jul 16 07:50:16 2010 : Info: Starting -
reading configuration files ... [FAILED]
In the radius.log, it shows:
Error: There
Yang Xue wrote:
Hi,
We're running freeradius server v2.0.3 and restart of the daemon failed with:
#/etc/init.d/radiusd restart
Stopping RADIUS server: [FAILED]
Starting RADIUS server: Fri Jul 16 07:50:16 2010 : Info: Starting -
reading configuration files ... [FAILED]
If it didn't
Hi, Alan
netstat -an | grep 1812
returns nothing, which means the port is not used by any process.
netstat -an | grep 1812
[r...@server1 etc]#
On Fri, Jul 16, 2010 at 2:03 PM, Alan DeKok al...@deployingradius.com wrote:
Yang Xue wrote:
Hi,
We're running freeradius server v2.0.3 and
Yang Xue wrote:
Hi, Alan
netstat -an | grep 1812
returns nothing, which means the port is not used by any process.
netstat -an | grep 1812
[r...@server1 etc]#
Find out why the OS is returning port in use.
Try installing 2.1.9, too.
Alan DeKok.
-
List
Alan DeKok wrote:
Adam Bultman wrote:
How do I change that functionality? I'd *love* it if it didn't zombie
their servers for no reason.
No.. it marks the servers zombie for a reason: they're not responding.
But it may be too aggressive.
When I do a radiusd -CXXX, I see options I
Oh, I must apologize - I didn't know the 'detail' portion of radmin
didn't exist until 2.1.9. Perhaps I'll work on compiling and testing
that over the weekend.
Adam Bultman wrote:
Alan DeKok wrote:
Adam Bultman wrote:
How do I change that functionality? I'd *love* it if it didn't zombie
I am not sure Why my Freeradius setup is not allowing other accesspoints I add
to clients.conf.
Here is what is in my clients.conf file:
client 192.168.89.217 {
secret = visit+$c
shortname = ClhsMeshRm2612
nastype = other
}
client 192.168.89.215 {
secret =
Matthew Stavert wrote:
I am not sure Why my Freeradius setup is not allowing other
accesspoints I add to clients.conf.
Here is what is in my clients.conf file:
client 192.168.89.217 {
secret = visit+$c
That is not the correct format for the clients.conf file in 2.x.
If you
Adam Bultman wrote:
After some work getting 2.1.9, and v2.1.x from the git repository up and
running, I had to go back to 2.1.7-7, that is patched (hopefully,
anyway!) for the zombie problem, via the patch you sent me. The 2.1.9
and 2.1.10 versions would die unexpectedly, right around the
hi, all!
Now I want to record the user access history in the radius.log file. I use fr
2.19 and ttls-mschapv2.
I notice that it now only records the user/password log in the radius.log
file.
for example,
when I use a correct password for user test,
Tue Jul 13 12:03:49 2010 : Auth: Login
32 matches
Mail list logo