I've been following the FreeRadius Deployment guide
http://deployingradius.com/documents/configuration/active_directory.html
The following software is installed on a Centos 6 VM:
- Samba 3.5.6, Freeradius 2.1.10, wpa_supplicant-0.7.3, gcc v4.4.4-13,
openssl, winbind.
I successfully
On Fri, Oct 21, 2011 at 3:10 PM, Martin Ubank martin.ub...@uwe.ac.uk wrote:
I've been following the FreeRadius Deployment guide
http://deployingradius.com/documents/configuration/active_directory.html
I've edited /etc/krb5.conf, as follows:
kdc = campus.ads.uwe.ac.uk
does this server
Thanks Fajar.
'campus.ads.uwe.ac.uk' is a DNS alias to 6 AD servers and had been working
previously.
I changed /etc/krb5.conf /etc/samba/smb.conf to point to 1 of the 6 AD
servers and 'net join ...' 'wbinfo -a ...' now work. The commands also work
with 2 other AD servers.
Why the DNS alias
On 21/10/11 10:27, Martin Ubank wrote:
Thanks Fajar.
'campus.ads.uwe.ac.uk' is a DNS alias to 6 AD servers and had been working
previously.
I'm amazed. It shouldn't.
If you have a properly setup AD environment, just let the DNS-based
autodiscovery work.
-
List info/subscribe/unsubscribe?
/172.25.18.123/auth-detail-20111021
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/freeradius/radacct/172.25.18.123/auth-detail-20111021
[auth_log] expand: %t - Fri Oct 21 11:57:05 2011
++[auth_log] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap
On 21/10/11 11:10, andreapepa wrote:
Hi all,
As you can see from the attached log, i was tring to do some proxy test,
the server crashed attempting to proxy against a not running freeradius
proxy ( i was only testing proxy action not authentication on other FR
servers) is it normal?
andreapepa wrote:
As you can see from the attached log, i was tring to do some proxy test,
the server crashed attempting to proxy against a not running freeradius
proxy ( i was only testing proxy action not authentication on other FR
servers) is it normal?
Upgrade. This was fixed
ii freeradius 2.1.10+dfsg-2a
high-performance and highly configurable RADIUS server
ii freeradius-common2.1.10+dfsg-2FreeRADIUS
common files
ii freeradius-postgresql2.1.10+dfsg-2PostgreSQL
module for
http://wiki.freeradius.org/Debian
can i go for it?
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Assert-Failed-on-Proxing-tp4924319p4924551.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See
http://packages.debian.org/search?keywords=freeradius
in this link i can't find any version to upgrade from 2.1.10, can you teel
me how to upgrade to 2.1.12?
Thanks
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Assert-Failed-on-Proxing-tp4924319p4924574.html
Sent
Hi everybody.
I guess that it's normal but I would like to know it. I have configured two
servers with robust-proxy-accounting model. My doubt is, when radiusA server
writes a record into database, writes Its current time and then sends
accounting packet to radiusB server (proxying). RadiusB
andreapepa wrote:
http://packages.debian.org/search?keywords=freeradius
in this link i can't find any version to upgrade from 2.1.10, can you teel
me how to upgrade to 2.1.12?
http://wiki.freeradius.org/
It has instructions for building Debian packages. Build a package for
2.1.12,
On 21/10/11 13:33, andreapepa wrote:
http://packages.debian.org/search?keywords=freeradius
in this link i can't find any version to upgrade from 2.1.10, can you teel
me how to upgrade to 2.1.12?
Install the compiler and development libraries
Download the source
unpack it
./configure
make
make
tonimanel wrote:
I guess that it's normal but I would like to know it. I have configured two
servers with robust-proxy-accounting model. My doubt is, when radiusA server
writes a record into database, writes Its current time and then sends
accounting packet to radiusB server (proxying).
Hello all,
I want to get my FR configuration to allow only EAP-TLS based
authentications.
Am I right in thinking that if I leave enabled only the EAP-TLS, the
EAP-TTLS and PEAP parts in my eap.conf file, I would basically achieve what
I want? In order words, essentially
obviously, Phil...
my questions , not well explained, was about upgrading the package.
i can be sure that with this procedure i will have freeradius upgrade or two
version of FR installed ?
maybe this is another basic question.. but are you sure that i will get no
problem with any dependencies?
andreapepa wrote:
i can be sure that with this procedure i will have freeradius upgrade or two
version of FR installed ?
You will have only the new version installed.
maybe this is another basic question.. but are you sure that i will get no
problem with any dependencies?
Yes.
Alan
Panagiotis Georgopoulos wrote:
Am I right in thinking that if I leave enabled only the EAP-TLS, the
EAP-TTLS and PEAP parts in my eap.conf file, I would basically achieve
what I want? In order words, essentially disable md5, leap, gtc,
mschapv2 in the eap.conf.
To allow only EAP-TLS, simply
Hi,
I'm using samba as pdc and ldap as user database. That all works fine.
Now I want to use the ldap database for user auth. for radius.
But when I'm looking here
http://deployingradius.com/documents/configuration/active_directory.html
and some other sources, I read everywhere the same.
On 21/10/11 17:03, Andreas Rudat wrote:
Hi,
I'm using samba as pdc and ldap as user database. That all works fine.
Now I want to use the ldap database for user auth. for radius.
But when I'm looking here
http://deployingradius.com/documents/configuration/active_directory.html
and some other
Panagiotis Georgopoulos wrote:
Am I right in thinking that if I leave enabled only the EAP-TLS, the
EAP-TTLS and PEAP parts in my eap.conf file, I would basically achieve
what I want? In order words, essentially disable md5, leap, gtc,
mschapv2 in the eap.conf.
To allow only EAP-TLS,
Hello Team,
I am a newbie to radius server.
I have installed free-radius in linux machine with accounting support
and was able to authenticate using radtest client.and also I was also
successfully authenticate with squid proxy server.
I need to assign quota to squid users based on the
Am 21.10.2011 18:28, schrieb Phil Mayers:
On 21/10/11 17:03, Andreas Rudat wrote:
Hi,
I'm using samba as pdc and ldap as user database. That all works fine.
Now I want to use the ldap database for user auth. for radius.
But when I'm looking here
senthil kumar wrote:
I have installed free-radius in linux machine with accounting support
and was able to authenticate using radtest client.and also I was also
successfully authenticate with squid proxy server.
That's good to hear.
I need to assign quota to squid users based on the
Panagiotis Georgopoulos wrote:
Perhaps I wasn't very clear. I want to allow any TLS *based* authentications
to occur, that is, any authentication that establishes a TLS tunnel and
passes its credentials over it.
If I am right, TTLS and PEAP belong to this category, thus I need them! So,
if
Hi, Im trying to update my servers cert, but getting errors
after applying it:
Fri Oct 21 12:26:45 2011 : Error: TLS Alert read:fatal:certificate
expired
Fri Oct 21 12:26:45 2011 : Error: TLS_accept:failed in SSLv3
read client certificate A
Fri Oct 21 12:26:45 2011 : Error: rlm_eap: SSL
On 21/10/2011 20:44, Eric Geier wrote:
Hi, I’m trying to update my server’s cert, but getting errors
after applying it:
Fri Oct 21 12:26:45 2011 : Error: TLS Alert read:fatal:certificate
expired
Fri Oct 21 12:26:45 2011 : Error: TLS_accept:failed in SSLv3
read client certificate A
Fri Oct
Thanks for the reply!
Yes, the clients are set with correct time/date.
That command didn't work. Did you mean openssl verify command? I
ran that and both the old cert (still valid for a few days) and
the new cert (already valid) shows correct domain but then says:
error 20 at 0 depth
On 21/10/2011 22:31, Eric Geier wrote:
Thanks for the reply!
Yes, the clients are set with correct time/date.
That command didn't work. Did you mean openssl verify command? I
ran that and both the old cert (still valid for a few days) and
the new cert (already valid) shows correct domain but
On Fri, Oct 21, 2011 at 9:28 PM, andreapepa
andrea.p...@trentinonetwork.it wrote:
obviously, Phil...
my questions , not well explained, was about upgrading the package.
i can be sure that with this procedure i will have freeradius upgrade or two
version of FR installed ?
If you install a
30 matches
Mail list logo
