radius_xlat: '/var/log/radius/radacct/12.12.12.20/auth-detail-20101006'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/12.12.12.20/auth-detail-20101006
modcall[authorize]: module auth_log returns ok for request 0
modcall[authorize
Hello,
I figured out what was wrong: you need to enable some additional parameters
in eap.conf to copy request and reply into the tunnel.
So put copy_request_to_tunnel and use_tunneled_reply on yes in ttls and
peap section, then it works all fine.
Kind regards,
Krijn Tanis
WiMood
Hi Alan,
Thank you for your quick response.
We have already checked the dictionary and found that wimax dictionary is
available in the freeradius server.
Actually we are using Freeradius server 2.1.9 and Alvarion base-station
and Alvarion ASN GW. Initially we created a service profile in
On Wed, Oct 6, 2010 at 6:35 PM, Alan DeKok al...@deployingradius.comwrote:
Peter Lambrechtsen wrote:
I'm trying to setup my dynamic clients and specify a nas-type.
In my dynamic-clients I have:
...
Then in my sites-enabled/default in the authorize section I have:
A completely
Following on from my previous post on Centralised LDAP Auth post:
http://lists.freeradius.org/pipermail/freeradius-users/2010-September/msg00393.html
I've found that using dynamic-clients gives me a few advantages over using
huntgroups.
1) Dynamic Clients allows you to have per-NAS shared
Anup,
You have to configure the radius server to use the inner-tunnel. Which
version of the 4-Motion software are you using on your system?
David
-Original Message-
From:
freeradius-users-bounces+david.peterson=acc-corp@lists.freeradius.org
Hi David,
1) You have to configure the radius server to use the inner-tunnel.
Following are the entries in the eap.conf file.
ttls {
default_eap_type = md5
copy_request_to_tunnel = yes
use_tunneled_reply = yes
I have not had any issues with 2.5 though 3.0 is giving me fits. Your eap
configuration looks ok, check sites-available/inner-tunnel and make sure you
have all of the wimax entries uncommented.
David
-Original Message-
From: Anup krishnan A [mailto:anupk...@cdactvm.in]
Sent:
Anup krishnan A wrote:
Then we tried to create the service profile for the user test from the
Freeradius by using WiMAX attributes found in the file
dictionary.wimax'.The entries for the user in the 'users' file is as shown
below.
...
In this case Freeradius has sent the Access-Accept, but
Ramon Escriba wrote:
Hi List,
It's a bit naive question, just to keep concepts clear.
I want to use the dialupAccess attribute to enable or disable one
user/host to login.
So if dialupAccess : disabled, the user/host is rejected.
...
Matchs the idea?, or should be done in a different way?
Ricardo Frías Alvarez wrote:
Hello!
I don't know how to configure Radius to do this : I want that radius
accepts the access, if files or ldap returns ok. In descriptive code:
IF files return 'OK' THEN access-accept
ELSE IF ldap return 'OK' THEN access-accept
ELSE access-reject
You
Sorry 4 the stupid question,
I made I mistake in ldap, I put disable not disabled in one atribute.
So disabled user was login normally, I was completely puzzle
Looking moe carefully @ logs I realized it.
Thanks.
-Original Message-
From:
That service profile does not look at all correct. It's a mixed bag of
pre-provisioned services and AAA provisioned services.
Here is a sample service definition that works with our ASN-GW:
WiMAX-QoS-Id:= 101
WiMAX-Service-Class-Name:= DATA
WiMAX-Schedule-Type :=
Hi All,
We are trying to use ldap as backend database for dot1x peap
authentication thru freeradius. The following link has good
explanation.
http://vuksan.com/linux/dot1x/802-1x-LDAP.html
But do we really need both ntpassword and lmpassword in the ldap directory?
How the process work
schilling wrote:
We are trying to use ldap as backend database for dot1x peap
authentication thru freeradius. The following link has good
explanation.
http://vuksan.com/linux/dot1x/802-1x-LDAP.html
Note it's 5 years old...
But do we really need both ntpassword and lmpassword in the
There is smbencrypt radius-utils to generate LM Hash and NT Hash, Any
known good perl script to do this?
sd...@palm:/usr/bin$ smbencrypt schilling
LM Hash NT Hash
Hello,
I want to make free radius work with dynamic set of clients
- Clients will have specific range (not just any client)
- Clients will have some shared secret.
Can it do 2 objectives listed above?
I know there is a macro WITH_DYNAMIC_CLIENTS,
But after compiling it with having
Read the sites-available/dynamic-clients and you can base all your dynamic
shared secret's based on the IP address of the NAS.
Assuming you are talking about having dynamic NAS's (Radius Clients) vs
Dynamic 802.1x workstations connecting to a static list of NAS's or
switches. Using IP address
2010/10/6 schilling schilling2...@gmail.com
There is smbencrypt radius-utils to generate LM Hash and NT Hash, Any
known good perl script to do this?
You can use Crypt::SmbHash (from CPAN).
sd...@palm:/usr/bin$ smbencrypt schilling
LM Hash NT Hash
Hi Ben,
Thank you for your response.
When we give the service profile name, that we have already created in
Alvarion ASN using Alvaristar, in the Filter_Id attribute from FreeRadius,
there is no problem and MS is getting registered. But once we try to create
the service profile from
http://laramolino.it/und9.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I am attempting to replicate a test setup into production and
somewhere along the way I must have forgotten something.
I have an NT-Password stored in a mysql database and currently get the
following response from freeradius upon authenticating:
rad_recv: Access-Request packet from host
22 matches
Mail list logo