I am still getting this error in my debug output:
rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca
I have upgraded to version 2.1.8+dfsg-1ubuntu1, still no joy!
PLEASE someone tell me how to make FreeRADIUS automatically accept the
client cert. I have about
Sallee, Stephen (Jake) wrote:
I am still getting this error in my debug output:
rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca
I have upgraded to version 2.1.8+dfsg-1ubuntu1, still no joy!
No amount of upgrading FreeRADIUS will make it work.
Hello.
We have installed 2 FreeRAdius 2.1.9 on RedHat Servers.
The Freeradius are doing proxying and everything is working well (duplicate
accounting also)
My problem is that for unknow reason the radiusd process stopped alone this
make a problem for us.
The Both Radiuses are doing the
Hi,
I have some problem problems with the authentication and need help.
The authentication fail at the authenticate part, while doing peap.
The ntlm_auth success, I don’t understand the failure.
Why do the client rejected the response?
+- entering group authenticate {...}
[eap] Request found,
BELLIERE Eric wrote:
My problem is that for unknow reason the radiusd process stopped alone
this make a problem for us.
The Both Radiuses are doing the same. Sometimes the radiusd is no more
working and I need to restart it with /etc/init.d/radiusd start
It might be bug #35. Try using
Lionne Stangier wrote:
Hi,
I have some problem problems with the authentication and need help.
The authentication fail at the authenticate part, while doing peap.
The ntlm_auth success, I don’t understand the failure.
Why do the client rejected the response?
It's a Samba bug.
Hi there,
I'm using FreeRadius 2.1.3. I'm doing a mac based port assignment with
sql backend.
To untag a port of the switch in a VLAN works well.
But in some case i need to tag a port in several VLAN. In the wiki [1]
it looks possible. By following indicated in the wiki i inserted the
It's a Samba bug. https://bugzilla.samba.org/show_bug.cgi?id=6563
Thank you.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fabien COMBERNOUS wrote:
I'm using FreeRadius 2.1.3. I'm doing a mac based port assignment with
sql backend.
...
But when i plug the equipment radius give this debug :
[sql1] expand: SELECT id, groupname, attribute, value,
op FROM radgroupreply WHERE
Hello,
trying to test digest authentication (freeradius 2.1.9). After
uncommenting 'digest' in sites-available/default 'radiusd -X'
starts fine. but after I added (according to 'man rlm_digest')
to users file:
testAuth-Type := Digest, User-Password = test
Reply-Message = Hello,
Am 03.08.2010 um 13:23 schrieb al...@arctel.ru:
Hello,
trying to test digest authentication (freeradius 2.1.9). After
uncommenting 'digest' in sites-available/default 'radiusd -X'
starts fine. but after I added (according to 'man rlm_digest')
to users file:
testAuth-Type := Digest,
Alan DeKok wrote:
Fabien COMBERNOUS wrote:
I'm using FreeRadius 2.1.3. I'm doing a mac based port assignment with
sql backend.
...
But when i plug the equipment radius give this debug :
[sql1] expand: SELECT id, groupname, attribute, value,
op FROM
Fabien COMBERNOUS wrote:
I can't change FreeRadius version. So i need to use decimal number.
Can you give me an exemple about to untag a port in vlan 7 ?
Convert the hex number to a decimal number. There are tools available
to help you do this.
Alan DeKok.
-
List
On Tue, Aug 03, 2010 at 01:26:25PM +0200, Nicolas Goutte wrote:
Am 03.08.2010 um 13:23 schrieb al...@arctel.ru:
Hello,
trying to test digest authentication (freeradius 2.1.9). After
uncommenting 'digest' in sites-available/default 'radiusd -X'
starts fine. but after I added (according to
al...@arctel.ru wrote:
trying to test digest authentication (freeradius 2.1.9). After
uncommenting 'digest' in sites-available/default 'radiusd -X'
starts fine. but after I added (according to 'man rlm_digest')
to users file:
testAuth-Type := Digest, User-Password = test
On 2010/08/03 01:51 PM, Fabien COMBERNOUS wrote:
Thank you for your answer.
I can't change FreeRadius version. So i need to use decimal number.
Can you give me an exemple about to untag a port in vlan 7 ?
Just convert 0x320007 to decimal??
--
Johan Meiring
Cape PC Services CC
Tel: (021)
Thanks Alan.
Then if it is a bug I will have to upgrade? or do you have a patch?
you send me the link for GIT.freeradius.org but what must I do to correct
this problem?
For the log rotate I will add kill -HUP `cat /var/run/radiusd/radiusd.pid`
in postrotate.
Like this :
Hi,
Tried Cleartext-Password := test, Cleartext-Password == test,
Cleartext-Password = test, result is the same.
why? why did you do that?
Cleartext-Password := test
is the only correct way. you just compl;eted ignored the information/help given
by the actual
author of FreeRADIUS. you dont
Hi,
Tried Cleartext-Password := test, Cleartext-Password == test,
Cleartext-Password = test, result is the same.
and remember - if you are changing the users file and not doing anything
funky, you will have to restart the server!
alan
-
List info/subscribe/unsubscribe? See
On 2010/08/03 01:51 PM, Fabien COMBERNOUS wrote:
Thank you for your answer.
I can't change FreeRadius version. So i need to use decimal number.
Can you give me an exemple about to untag a port in vlan 7 ?
Just convert 0x320007 to decimal??
No. Just a correct example in hexa to untag in
BELLIERE Eric wrote:
Then if it is a bug I will have to upgrade? or do you have a patch?
you send me the link for GIT.freeradius.org but what must I do to correct
this problem?
Try using the v2.1.x branch from http://git.freeradius.org.
i.e. download it and install it.
The instructions
Am 03.08.2010 um 14:25 schrieb Alan Buxey:
Hi,
Tried Cleartext-Password := test, Cleartext-Password == test,
Cleartext-Password = test, result is the same.
why? why did you do that?
Cleartext-Password := test
is the only correct way. you just compl;eted ignored the information/
help
Hi,
Alan Cox's email was sent only minutes later.
Alan Cox? wow. RedHat finally taking development to new levels..
you meant Alan DeKok I assume?Too many Alan's for you? ;-)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Tue, Aug 03, 2010 at 01:56:48PM +0200, Alan DeKok wrote:
al...@arctel.ru wrote:
trying to test digest authentication (freeradius 2.1.9). After
uncommenting 'digest' in sites-available/default 'radiusd -X'
starts fine. but after I added (according to 'man rlm_digest')
to users file:
al...@arctel.ru wrote:
i.e. without Auth-Type attrubute. I MUST NOT use Auth-Type?
No.
It has VERY limited uses. Nearly everyone who tries to use it gets it
wrong.
Ignore all of the third-party web sites that say to set Auth-Type.
They're wrong, and they've been wrong for about 5 years.
Alan DeKok wrote:
Fabien COMBERNOUS wrote:
I'm using FreeRadius 2.1.3. I'm doing a mac based port assignment with
sql backend.
...
But when i plug the equipment radius give this debug :
[sql1] expand: SELECT id, groupname, attribute, value,
op FROM
Am 03.08.2010 um 15:24 schrieb Alan Buxey:
Hi,
Alan Cox's email was sent only minutes later.
Alan Cox? wow. RedHat finally taking development to new levels..
you meant Alan DeKok I assume?Too many Alan's for you? ;-)
Sorry for the mistyping.
alan
-
List
Alan:
Thank you for your response, I think I finally know what is going on. I
need to get a real cert from my FreeRADIUS Server, any sugestions about
which vendor, IE Verisign vs thawte vs ?
I was under the impression that the clients was sending a cert to the
server and the server was
Hello all,
I am running FreeRadius 2.1.8 with two NAS clients and a
couple of end devices being authenticated successfully with EAP-TTLS. My
setup was running just fine on IPv4 and I would like to jump to IPv6. My
first trial seems ok, but not ideal, so here are my IPv6 related
Panagiotis Georgopoulos wrote:
a) Why am I seeing in my radius –X output lines as the following :
[unix] IPv6 is not supported!
The unix module stores user login information into a wtmp style
file. It doesn't support IPv6.
rlm_radutmp: IPv6 not supported!
Same thing here. It
Sallee, Stephen (Jake) wrote:
Thank you for your response, I think I finally know what is going on. I
need to get a real cert from my FreeRADIUS Server, any sugestions about
which vendor, IE Verisign vs thawte vs ?
Nope.
I was under the impression that the clients was sending a cert to
On 08/03/2010 01:30 PM, Alan DeKok wrote:
Using a known root CA for RADIUS authentication isn't really
recommended.
Why?
P.S. just to clarify, it's not using a known root CA for
RADIUS authentication, rather it's using a server cert signed by a
known root CA.
--
John Dennis
Hello Alan,
Thanks for your replies, they are helpful.
Regarding the last question...
c) Is there a plan to get a dual stack FreeRadius? It would be
really advantageous to be able to run FreeRadius in both ipv4 and
ipv6 at the same time.
Uh... it's *already*
Panagiotis Georgopoulos wrote:
I guess the emphasis on my question above is on *at the same time*.
Now radiusd.conf explicitly says :
# OR, you can use an IPv6 address, but not both
# at the same time.
In other words FR to listen to both an IPv4 and an
John Dennis wrote:
On 08/03/2010 01:30 PM, Alan DeKok wrote:
Using a known root CA for RADIUS authentication isn't really
recommended.
Why?
P.S. just to clarify, it's not using a known root CA for
RADIUS authentication, rather it's using a server cert signed by a
known root CA.
Sure.
Hi Alan,
Panagiotis Georgopoulos wrote:
I guess the emphasis on my question above is on *at the same
time*.
Now radiusd.conf explicitly says :
# OR, you can use an IPv6 address, but not both
# at the same time.
In other words FR to listen to both
The various EAP methods *should* have tied usernames (i.e. domains)
to a field in the certificate. e.g. a cert with CN rad...@example.com
should be sent logins for u...@example.com, but NEVER sent logins
for u...@example.net
How does this workout with child domains? For example: I have two
Sallee, Stephen (Jake) wrote:
The various EAP methods *should* have tied usernames (i.e. domains)
to a field in the certificate. e.g. a cert with CN rad...@example.com
should be sent logins for u...@example.com, but NEVER sent logins
for u...@example.net
How does this workout with child
Alan DeKok wrote:
Sallee, Stephen (Jake) wrote:
The various EAP methods *should* have tied usernames (i.e. domains)
to a field in the certificate. e.g. a cert with CN rad...@example.com
should be sent logins for u...@example.com, but NEVER sent logins
for u...@example.net
How does this
Alan DeKok wrote:
John Dennis wrote:
On 08/03/2010 01:30 PM, Alan DeKok wrote:
Using a known root CA for RADIUS authentication isn't really
recommended.
Why?
P.S. just to clarify, it's not using a known root CA for
RADIUS authentication, rather it's using a server cert signed by a
known
AMZAING! Alan and John, you guys are on my Christmas card list now! I
had my default eap type set to mschap and was never getting prompted to
accept the server cert, john, you mentioned the mschap vs TLS and it hit
me, set eap to TLS and VOILA, the client is prompted to accept the cert
EXACTLY
One last problem and I think I am ready for production, wohoo!
When my users try to login with the convention usern...@domain the login
fails because I do not think I have FreeRADIUS correctly configured to
parse out the domain, however if they login with the convention
domain\username it works
Hello all,
I am running FreeRADIUS Version 2.1.8 (built from freebsd ports)
I feel like I am missing something blatantly obvious, but just cannot
seem to figure it out. Maybe I am just not understanding the documentation.
I am setting up a new server with a realm to direct some of it's
Cody Ritts wrote:
I am setting up a new server with a realm to direct some of it's
requests to two existing radius servers (redundant).
This is what I think is the relevant part of my proxy.conf:
...
But when I start the server, 'radiusd -X' dies reporting:
Hi,
In other words FR to listen to both an IPv4 and an IPv6 address
simultaneously for ipv4 and ipv6 NAS clients.
simply define another virtual server...exactly the same as default, but listing
to the IPv6 instead?
alan
-
List info/subscribe/unsubscribe? See
Thank you Alan.
Since you said that it should work, I re-installed from scratch, and
then re-configured the settings one by one, and it works. I am looking
at the diffs, and I have no idea what I had wrong, but I am happy to
know that at least those settings were correct.
Thanks again,
Greetings,
I am running FreeRADIUS 2.1.8 on Ubuntu 8.04, attempting to use the ldap
module. I only want to authenticate users in a certain group. These
groups exist in LDAP as a posixGroup with a memberUID list. As I
have it configured currently, I get an Access-Accept for any user in
the
This is how I have done it:
http://lists.freeradius.org/mailman/htdig/freeradius-users/2009-November/msg1.html
Works a treat for me.
On Wed, Aug 4, 2010 at 11:27 AM, Cory Johnson cjohn...@commspeed.netwrote:
Greetings,
I am running FreeRADIUS 2.1.8 on Ubuntu 8.04, attempting to use the
48 matches
Mail list logo