You say you are trying to setup eap-tls and you have client certs - so you
probably also want to set client to eap-tls (smart card or other certificate in
windows world).
Check you installed proper CA certs on both client and server if you are
checking them (which I guess you should). 'PEAP or
Peter Lambrechtsen wrote:
Interestingly it seems to have come down to how UINT4 was defined.
Changing in the radius.h UINT4 from being a unsigned long to a unit32_t
seemed to have sorted the problem:
OK. That change should have been made long ago. Any system which
doesn't have uint32_t
Scott Miller wrote:
Wondering if you happen to have a solution or work-around?
$ ./configure --disable-libltdl-install --with-system-libtool
That *may* work.
The longer-term fix is removing libltdl libtool entirely. Modern
systems all have sane compilers link systems. The intermediate
it says that for PPP, we should choose other in the type, but other
means don't bother checking, I believe what radutmp says.
So which means if a user has a stuck entry in the session database she
will not be able to login again.
And I have met such problem also. When the wifi sudden shutdown or
Hello All,
We are in the process of migrating users from one AD tree to another.
The migrated accounts will exist in both AD directories for a while
(usernames will not change) and I need to be able to choose a radius
server based on an LDAP group membership. I have this working fine
for cases
Hi,
if (User-Name =~ /^[A-z]+\\(.*)/) {
not sure of that syntax for regex - char matching is a little more fussy,
try this
if (User-Name =~ /^[a-z]+\\(.*)/i) {
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
... that went into 2.1.10 is a great piece of functionality, and can
help a lot in debugging.
However, it would be even more useful if this information made it into
radius.log (since otherwise it won't surface unless in debugging mode),
sth like:
Auth: Login ABORTED: [userfoo] (from client
hi
I try to shutdown (errdisabled) a port of a cisco3560 with the
vmps-shutdown response.
i use freeradius 2.1.10 and rlm_perl. Could someone tell me how the
response should
look like. so fare i have:
$RAD_REPLY{'VMPS-Packet-Type'} = VMPS-Join-Response;
$RAD_REPLY{'VMPS-Error-Code'} =
Hello,
I'm having some troubles updating the FreeRadius version between 2.1.8
and 2.1.9.
I'm using two different machines using a very similar configurations
(some changes on clients.conf and other small changes) one with the
2.1.8 and the other with the 2.1.9 versions.
FreeRadius 2.1.8 is
Hi,
I couldn't solve my problem with this package. I think that not all
dependencies could be fulfilled because of my core-installation.
Finally I installed free-radius from blastwave
wget http://download.blastwave.org/csw/pkgutil_i386.pkg
pkgadd -d pkgutil_i386.pkg
pkgutil --catalog
pkgutil
Stefan Winter wrote:
... that went into 2.1.10 is a great piece of functionality, and can
help a lot in debugging.
However, it would be even more useful if this information made it into
radius.log (since otherwise it won't surface unless in debugging mode),
sth like:
Auth: Login
Miquel Canes wrote:
Hello,
I'm having some troubles updating the FreeRadius version between 2.1.8
and 2.1.9.
I'm using two different machines using a very similar configurations
Not the same. Compare the inner-tunnel files on the two machines.
One has ldapuser listed, the other does not.
Thank you Alan.
You are right. I miss change the inner-tunnel file.
Thank you again.
Miquel
On Wed, Sep 29, 2010 at 4:05 PM, Alan DeKok al...@deployingradius.com wrote:
Miquel Canes wrote:
Hello,
I'm having some troubles updating the FreeRadius version between 2.1.8
and 2.1.9.
I'm using
Hi,
Sure. Send a patch. :)
I'd love to. Added a radlog() for various levels, but it still only goes
shows up in the debug output. Even L_INFO, L_ERR, even L_CONS -
something prevents them from being dispatched to radius.log. They all
show up with -X though. I've checked the code in
Stefan Winter wrote:
I'd love to. Added a radlog() for various levels, but it still only goes
shows up in the debug output.
:) See rlm_eap.c mem.c. The references to handler_tree are
protected by an if (fr_debug_flag). Fix that if (or delete it), and
it should work.
Alan DeKok.
-
List
Thanks for the suggestion, Alan. I have the regex matching
successfully now. However, I am unclear about how to resolve the next
issue. I have the following configuration in authorize:
if (User-Name =~ /(^[a-z]+)(+)([a-z0-9]+$)/i) {
update request {
David McPike wrote:
The problem is that if the user has not been migrated to the new
domain I need to retain the supplied realm information and proxy
realm\user to the old radius server.
What else can I do to accomplish this?
update control {
Proxy-To-Realm := foo
}
That is
-- Forwarded message --
From: Noura Kossentini kossentini.no...@gmail.com
Date: 2010/9/29
Subject: FreeRadius + VSA
To: freeradius-users-ow...@lists.freeradius.org
Hi
how can I add a VSA to freeRadius server??
thanks
-
List info/subscribe/unsubscribe? See
If anybody is using mysql for Radius.
Could you tell me columns that you have created index for?
Thanks and Regards
Marie
-Original Message-
From: freeradius-users-bounces+mtambe=usatech@lists.freeradius.org
[mailto:freeradius-users-bounces+mtambe=usatech@lists.freeradius.org]
Noura Kossentini wrote:
how can I add a VSA to freeRadius server??
What does that mean?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Marie Tambe wrote:
If anybody is using mysql for Radius.
Could you tell me columns that you have created index for?
The default schema creates the right indexes.
I've seen people have issues with MySQL when they're *not* using the
default schema, or when they have more data than the
On 2010/09/29 06:58 PM, Marie Tambe wrote:
If anybody is using mysql for Radius.
Could you tell me columns that you have created index for?
Your question is invalid.
Go buy a sql book.
PS: It's already been suggested that this is the Freeradius list, not the
mysql list.
PPS: Buy a book
Mysql is the backend database of radius and therefore any help in this regard
is appreciated as this is affecting the stability of the radius Apps
Thanks and Regards
Marie
-Original Message-
From: freeradius-users-bounces+mtambe=usatech@lists.freeradius.org
Excellent! Thanks, Alan. I have all my test cases working now except
for one. I still need to retain the original realm information in the
supplied User-Name. The old radius server needs it as part of the
username to know which child domain controller to contact for
authentication, otherwise
Hi,
Mysql is the backend database of radius and therefore any help in this regard
is appreciated as this is affecting the stability of the radius Apps
MySQL is a database system. This is a FreeRADIUS mailing list for the
dissemination of hints, methods, tips and configs for the FreeRADIUS
We would like to configure authentication using the Unix module. We would
also like to have a white-list based on a group in /etc/group.
We created an entry in the /etc/raddb/users file that looks like,
DEFAULTGroup == enabled, Auth-Type := System
Unfortunately, this passes all
You should do something like:
DEFAULT Group == enabled, Auth-Type := System
# And the last line in your users file have:
DEFAULT Auth-Type := Reject
That way if it doesn't match to anything, return reject.
On Thu, Sep 30, 2010 at 8:31 AM, Sid Stuart s...@meez.com wrote:
We would like to
Scott Miller wrote:
Wondering if you happen to have a solution or work-around?
$ ./configure --disable-libltdl-install --with-system-libtool
That *may* work.
The longer-term fix is removing libltdl libtool entirely. Modern
systems all have sane compilers link systems. The
Hello Alexander, all,
Please see inline.
(snip)
Have you considered comparing the difference in the RADIUS packets
going to-and-fro in both cases; the one where authentication works and
the
one where it does not? What do you see?
Yes I did, although I mostly concentrated on
29 matches
Mail list logo
