On 2011/05/27 03:22 AM, Arran Cudbard-Bell wrote:
http://power.freeradius.org:4567 is problematic from here (slow, and
Some ISP's prioritize 4567 different to 80.
Is their any good reason it runs on 4567?
--
Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021) 886-7782
On May 26, 2011, at 11:41 PM, Johan Meiring wrote:
On 2011/05/27 03:22 AM, Arran Cudbard-Bell wrote:
http://power.freeradius.org:4567 is problematic from here (slow, and
Some ISP's prioritize 4567 different to 80.
Is their any good reason it runs on 4567?
Yes. It's the default for
Arran Cudbard-Bell wrote:
Unfortunately the new wiki isn't ready from primetime. The mediawiki
page format renderer in gollum isn't perfect, so we need to convert
those pages to RST as a priority.
In order to encourage people to contribute, we've made the new wiki
live on
Hi,
The github Facebook logins will work, so it should be *much* easier
for people to contribute to the Wiki.
Ah! Federated login! Any plans to add OpenID? I have this nice OpenID
provider hanging around here...
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau
Stefan Winter wrote:
The github Facebook logins will work, so it should be *much* easier
for people to contribute to the Wiki.
Ah! Federated login! Any plans to add OpenID? I have this nice OpenID
provider hanging around here...
Sure... but we have hard-code the URL, and register the
O'Neil, Donald A. wrote:
I've followed the instructions on
http://deployingradius.com/documents/configuration/active_directory.html and
it works great for one group when I add the option
--require-membership-of=SomeGroup but I need a way to figure out how to
specify that group name, perhaps
Can someone point me to docs or help me get my head around what changes
need to be done for IPv6 Accounting?
Looks like I may need to add some fields to radacct and update the
INSERT and UPDATE statements with IPv6 variables.
Is it necessary to run freeradius dual stack for IPv6 AAA?
Version
Hi,
I have problem with users which type 2-3 times bad password.
In debug mode i have something like this:
Fri May 27 16:11:01 2011 : Info: [peap] The users session was previously
rejected: returning reject (again.)
Fri May 27 16:11:01 2011 : Info: [peap] *** This means you need to read the
Hi,
Sure... but we have hard-code the URL, and register the app.
That takes ~10 min, but it needs to be done.
OpenID is different from OAuth (or SAML): it is completely
self-asserted. If you enable OpenID on your resource, the user is asked
Which URL can authenticate you - user enters it,
Rafal Kaminski wrote:
I have problem with users which type 2-3 times bad password.
In debug mode i have something like this:
Fri May 27 16:11:01 2011 : Info: [peap] The users session was previously
rejected: returning reject (again.)
Fri May 27 16:11:01 2011 : Info: [peap] *** This
Stefan Winter wrote:
The concept is kind of cute, but some people are scared by the
self-assertedness of identity.
Ah, yes. I'd rather avoid that, quite frankly.
While I dislike the facebook everywhere integration, there are
multiple alternatives. github, twitter, etc. And using those
On 27/05/11 14:37, Shannon Ward wrote:
Can someone point me to docs or help me get my head around what changes
need to be done for IPv6 Accounting?
Looks like I may need to add some fields to radacct and update the
INSERT and UPDATE statements with IPv6 variables.
Assuming your NAS supports
Shannon Ward wrote:
Can someone point me to docs or help me get my head around what changes
need to be done for IPv6 Accounting?
What does that mean?
Looks like I may need to add some fields to radacct and update the
INSERT and UPDATE statements with IPv6 variables.
No. Read the
Rafal Kaminski wrote:
I have problem with users which type 2-3 times bad password.
In debug mode i have something like this:
Fri May 27 16:11:01 2011 : Info: [peap] The users session was previously
rejected: returning reject (again.)
Fri May 27 16:11:01 2011 : Info: [peap] *** This
On 27/05/11 12:30, Alan DeKok wrote:
The github Facebook logins will work, so it should be *much* easier
for people to contribute to the Wiki.
Are there any plans to let google accounts login - I happen to have a
github account now, but since Google have tentacles everywhere... ;o)
-
We do have a question
Is there anything in configuration that allows to turn off authentication
We are running EAP-TTLS and would like instead of sending challenge on Access
send Access accept always. (No authentication in fact)
-
List info/subscribe/unsubscribe? See
Phil Mayers wrote:
Are there any plans to let google accounts login - I happen to have a
github account now, but since Google have tentacles everywhere... ;o)
Arran's on it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Rafal Kaminski wrote:
Ok. I read the OUTPUT and nothing :( Two person with good username and good
password had REJECT but on this same PC when i put another user it was ok :(
This is very confused for me.
Sorry... the debug output *does* contain the reason for the reject.
Paste the
On Fri, 27 May 2011 07:21:41 +0200, Alan DeKok al...@deployingradius.com
wrote:
Sandro Magri wrote:
I'm running a farm of freeradius server 2.1.1,
16 with Suse Linux and 32 with Sun Solaris,
and I need to proxy a copy of accounting packet to
a pool of remote home server, without wait
On 27/05/11 16:16, Lubenski, Zeev [GCS] wrote:
We do have a question
Is there anything in configuration that allows to turn off authentication
We are running EAP-TTLS and would like instead of sending challenge on
Access send Access accept always. (No authentication in fact)
No, can't be
Hi,
I'd want to know if anyone there is using freeradius along with a xmpp server.
I'd like to read experiences about it.
Thanks in advance!
--
--
Sergio Belkin http://www.sergiobelkin.com
Watch More TV http://sebelk.blogspot.com
LPIC-2 Certified - http://www.lpi.org
-
List
On Fri, May 27, 2011 at 10:28 PM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 27/05/11 16:16, Lubenski, Zeev [GCS] wrote:
We do have a question
Is there anything in configuration that allows to turn off authentication
We are running EAP-TTLS and would like instead of sending challenge on
Phil
I am new to free radius, How can I change authentication type on the server to
something simple - like user id/password and than accept always ?
Regards
Zeev
-Original Message-
From: freeradius-users-bounces+zlubensk=lgsinnovations@lists.freeradius.org
On 27/05/11 16:31, Sergio Belkin wrote:
Hi,
I'd want to know if anyone there is using freeradius along with a xmpp server.
In what context? Be more specific.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Fri, May 27, 2011 at 10:16 PM, Lubenski, Zeev [GCS]
zlube...@lgsinnovations.com wrote:
We do have a question
Is there anything in configuration that allows to turn off authentication
We are running EAP-TTLS and would like instead of sending challenge on
Access send Access accept always.
On 27/05/11 16:41, Fajar A. Nugraha wrote:
Phil, Zeev asked about EAP-TTLS, and you said you might be able to
just force-accept the inner auth, because that's usually just PAP (no
challenge / response). But before that you also said No, can't be
done. EAP is a challenge/response protocol.
Are
On 27/05/11 16:42, Lubenski, Zeev [GCS] wrote:
Phil
I am new to free radius, How can I change authentication type on the
server to something simple - like user id/password and than accept
always ?
Can you describe your setup in more detail? There are several possible
answers.
-
List
The type of auth is determined by the client / NAS / Supplicant. FR just does
what it's told. Hence, you would need to implement changes on the devices
requesting auth.
G
-Original Message-
From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org
On Fri, May 27, 2011 at 6:30 PM, Alan DeKok al...@deployingradius.com wrote:
Arran Cudbard-Bell wrote:
Unfortunately the new wiki isn't ready from primetime. The mediawiki
page format renderer in gollum isn't perfect, so we need to convert
those pages to RST as a priority.
In order to
2011/5/27 Phil Mayers p.may...@imperial.ac.uk:
On 27/05/11 16:31, Sergio Belkin wrote:
Hi,
I'd want to know if anyone there is using freeradius along with a xmpp
server.
I mean use a xmppserver as a NAS. I think that it provide more
flexibility to choose based on what attributes is
Can one not override the ... not sure what it would be called... Example; if
I tell FR to use NTLM_AUTH to authenticate a request against AD, and AD returns
a reject, can I not override the reject with and accept using update
control or some similar function?
G
-Original Message-
On 05/27/2011 09:44 AM, Phil Mayers wrote:
On 27/05/11 14:37, Shannon Ward wrote:
Can someone point me to docs or help me get my head around what changes
need to be done for IPv6 Accounting?
Looks like I may need to add some fields to radacct and update the
INSERT and UPDATE statements with
FWIW the link below doesn't work - at leat for me.
Grit::GitRuby::Internal::LooseObjectError at /FAQ
size mismatch
file: loose.rb location: get_raw_object line: 59
-Original Message-
From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org
Phil
We have a WiMAX client that supports only EAP-TLS, on our side (long story why)
- we support only EAP-TTLS
Here is the scenario:
Client Server
Access Request
Server--- Client
Challenge with EAP-TTLS
Client-- Server - nop EAP TLS
Server --- Client
Ok - EAP TLS it is, but this in
Our problem that we can't change the state machine on the ASN GW and disable
authentication from the client, but we are trying somehow to completely disable
it on the AAA (some workaround)
-Original Message-
From: freeradius-users-bounces+zlubensk=lgsinnovations@lists.freeradius.org
On 27/05/11 16:58, Sergio Belkin wrote:
I mean use a xmppserver as a NAS. I think that it provide more
flexibility to choose based on what attributes is performed the
authentication.
So, would the idea be that:
* client connects to XMPP server
* client sends username/password
* XMPP
2011/5/27 Phil Mayers p.may...@imperial.ac.uk:
On 27/05/11 16:58, Sergio Belkin wrote:
I mean use a xmppserver as a NAS. I think that it provide more
flexibility to choose based on what attributes is performed the
authentication.
So, would the idea be that:
* client connects to XMPP
Fajar A. Nugraha wrote:
... like http://wiki.freeradius.org/FAQ , which worked fine just a few
minutes ago but now showing
Argh. Fixed.
This means that some of the changes have been reverted. Arran is
working adding them back.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Sergio Belkin wrote:
I mean use a xmppserver as a NAS. I think that it provide more
flexibility to choose based on what attributes is performed the
authentication.
Ask someone who's written an XMPP server if they've implemented RADIUS
authentication.
Alan DeKok.
-
List
On 27/05/11 17:05, Lubenski, Zeev [GCS] wrote:
Ok - EAP TLS it is, but this in g=fact can't work (our internal problems) so
the authentication fails
What we are trying to do is to accept the very first Access Request
Sorry, I don't think that's possible. If the WiMAX client is only
capable
On 27/05/11 16:59, Gary Gatten wrote:
Can one not override the ... not sure what it would be called...
Example; if I tell FR to use NTLM_AUTH to authenticate a request
against AD, and AD returns a reject, can I not override the reject
with and accept using update control or some similar
Lubenski, Zeev [GCS] wrote:
We have a WiMAX client that supports only EAP-TLS, on our side (long story
why) - we support only EAP-TTLS
This will not work.
What we are trying to do is to accept the very first Access Request
This is impossible.
Alan DeKok.
-
List
On May 27, 2011, at 8:57 AM, Fajar A. Nugraha wrote:
On Fri, May 27, 2011 at 6:30 PM, Alan DeKok al...@deployingradius.com wrote:
Arran Cudbard-Bell wrote:
Unfortunately the new wiki isn't ready from primetime. The mediawiki
page format renderer in gollum isn't perfect, so we need to convert
The Idea is:
* client connects to XMPP server
* client sends uid/radiusPassword (see below)
* XMPP server sends MSChapv2 request
* radius server replies with yes/no
Interesting. Since the client is sending user/password, why do you want
to translate that to an MSCHAP request?
On May 27, 2011, at 9:30 AM, Alan DeKok wrote:
Fajar A. Nugraha wrote:
... like http://wiki.freeradius.org/FAQ , which worked fine just a few
minutes ago but now showing
Argh. Fixed.
This means that some of the changes have been reverted. Arran is
working adding them back.
Alan is
Ok... 2 other questions...
1) The wireless AP's I'm going to be connecting to the RADIUS server
have multiple SSID'd... can I pass that SSID information to Free Radius
and then map the group based on the SSID?
2) If I were to define a new variable/table entry in the SQL DB, rather
than a
Can somebody tell me the expected issues when the secret for a Client is
misconfigured? We had an issue with some NAS' not able to connect to the
Freeradius, and it appears as if the only we changed was the corresponding
secrets. Are NAS' with mis-matched secrets dropped silently or logged?
It should be logged in the syslog or if you run in debug mode it WILL be
plainly logged in the output.
Jake Sallee
Godfather of Bandwidth
Network Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
From:
Phil
Thanks a lot will give it a try
Regards
Zeev
-Original Message-
From: freeradius-users-bounces+zlubensk=lgsinnovations@lists.freeradius.org
[mailto:freeradius-users-bounces+zlubensk=lgsinnovations@lists.freeradius.org]
On Behalf Of Phil Mayers
Sent: Friday, May 27, 2011
2011/5/27 Phil Mayers p.may...@imperial.ac.uk:
The Idea is:
* client connects to XMPP server
* client sends uid/radiusPassword (see below)
* XMPP server sends MSChapv2 request
* radius server replies with yes/no
Interesting. Since the client is sending user/password, why do you want to
Hi,
I had a look at this issue with him since he is one of our client. Machine
authentications are working flawlessly, windows 7 authentication as well (no
hostname is sent with the username).
The problem is when the HOSTNAME is sent along with the username under windows
XP. I tried to set a
Hello!
I'm using the Linux-PAM (1.1.3) with the RADIUS module (1.3.17) in an
embeddded system, running linux. I'm trying to set the RADIUS accounting on
it, enabling the accounting commands. But I can't find where I can do this,
even in the src code of the Radius module, the function that
Igor Pinotti wrote:
I'm using the Linux-PAM (1.1.3) with the RADIUS module (1.3.17) in an
embeddded system, running linux. I'm trying to set the RADIUS accounting
on it, enabling the accounting commands. But I can't find where I can do
this, even in the src code of the Radius module, the
Francois Gaudreault wrote:
We are using mschap:user-name in the LDAP filter and in the ntlm_auth
line. Again, we are *NOT* rewriting the User-Name.
We need other ideas here.
Post the debug output.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
But there is a function called pam_private_session ... does this function
do the cisco's accounting stuff??
Thanks in advance
On Fri, May 27, 2011 at 6:18 PM, Alan DeKok al...@deployingradius.comwrote:
Igor Pinotti wrote:
I'm using the Linux-PAM (1.1.3) with the RADIUS module (1.3.17) in an
Igor Pinotti wrote:
But there is a function called pam_private_session ... does this
function do the cisco's accounting stuff??
...
As you've discovered, the PAM module doesn't do accounting.
Alan Dekok.
-
List info/subscribe/unsubscribe? See
56 matches
Mail list logo