You don't enable it. The NAS is responsible for sending RADIUS
packets, and originating CHAP requests. CHAP doesn't use a RADIUS
challenge-response, despite it's name.
Ho ok, so I think I haven't good understand CHAP, my bad, sorry.
CHAP doesn't work that way. The NAS sends a challenge to the
There is no WiMAX-MSK attribute in Access-Accept. You need to call
rlm_wimax module from post-auth section of default virtual server:
# raddb/sites-enabled/default
post-auth {
...
wimax
...
}
This module will add WiMAX-MSK and remove MS-MPPE-Send-Key and
MS-MPPE-Recv-Key.
Rathod
Greetings guys,
Need advice before going live:
I have deployed a FreeRadius server in an environment with 2,491,000
subscribers.
GGSN 2,491,000 MSISDN subscribers. 3 APN(s).
1 APN will be authenticated locally: 830 000 subscribers
1 APN will be proxied for: 1,660,000 subscribers
1 APN
Hi,
ask ASN-GW vendor if it passed IOT with FR.
15 марта 2012, 09:58 от Rathod Subhashchandra rat...@tataelxsi.co.in:
Dear Fajar,
I went through the documentation of ASN-GW. I could not find configuring AAA
parameters except AAA IP address.
I am not quite clear which attribute is
Dear Iliya,
Thanks for your valuable suggestion.
Rlm_wimax module was not building. I enabled and now it is building.
As per your suggestion, I have added wimax in file
raddb/sites-enabled/default
Still I am not getting WiMAX-MSK in Access-Accept. Could you please help me
in this?
Thanks !
On 03/15/2012 07:38 AM, Christiaan Rademan wrote:
Can you please advice me on anything I should watch out for or plan for?
I'm sure others will chip in, but basically: don't worry about
FreeRADIUS, worry about your SQL database.
FreeRADIUS itself can handle a truly enormous rate of
Run freeradius in debug mode (-X). Look for eap module debug messages.
Look for wimax module debug messages. Try to understand.
Rathod Subhashchandra wrote:
Dear Iliya,
Thanks for your valuable suggestion.
Rlm_wimax module was not building. I enabled and now it is building.
As per your
Hi there,
Anyone worked with WASN9770 , how did you setup the wimax account?
I want to setup an account with such a profile.
say
username
password
512K bandwidth
bi-direction
Always on
username2
password
512Kbps bandwidth
bi-direction
Only connects at night
How would i achieve this?
-
Mulindwa wrote:
Anyone worked with WASN9770 , how did you setup the wimax account?
Ask the vendor how their product works.
This isn't a FreeRADIUS question.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi All,
I am using Tiny Radius client to authenticate with freeRadius Server. But
from freeRadius server(version 2.1.10) it can not read the password.I am
getting following msg from freeRadius server.
The user name is testing.
Password is password.
Secret is testing123.
I have test the
Hi All,
I am using Tiny Radius client to authenticate with freeRadius Server. But
from freeRadius server(version 2.1.10) it can not read the password.I am
getting following msg from freeRadius server.
The user name is testing.
Password is password.
Secret is testing123.
I have test the
Rathod Subhashchandra wrote:
Rlm_wimax module was not building. I enabled and now it is building.
As per your suggestion, I have added wimax in file
raddb/sites-enabled/default
Still I am not getting WiMAX-MSK in Access-Accept. Could you please help me
in this?
Read the debug output to see
Was wondering if there is anyone on this forum who is using WASN9770 and are
using Freeradius, am sure they would be more than happy to direct me in the
right direction.
But if there are none, am sure i will have no response, otherwise thanks Alan
Eric M
ulislam.raihan wrote:
The entry in users file is following.
*testing Cleartext-Password == password*
That's wrong. See the FAQ. Use :=, not ==.
rad_recv: Access-Request packet from host 127.0.0.1 port 49851, id=1,
length=59
User-Name = testing
NAS-IP-Address = 127.0.0.1
Thank you so much for the tips Phil Mayers.
I have optimised everything, except archiving of the accounting
messages. That would be a good idea...
On 15/03/2012 10:58, Phil Mayers wrote:
On 03/15/2012 07:38 AM, Christiaan Rademan wrote:
Can you please advice me on anything I should watch
Quite often you need to change whether or not the response goes via the
inner-tunnel. Work with your EAP settings to see if that will change the
behavior.
David
-Original Message-
From:
freeradius-users-bounces+davidp=wirelessconnections@lists.freeradius.org
Hi,
We are using FreeRadius ver 2.1.12, I had query regarding EAP-AKA
support in eap2 module, its mentioned in FreeRadius website that This
module is experimental, and may not be ready for use in a production
environment, Is it still in experimental state, can't it be used as
EAP-SIM,
Altaf Husain wrote:
We are using FreeRadius ver 2.1.12, I had query regarding
EAP-AKA support in eap2 module, its mentioned in FreeRadius website
that This module is experimental, and may not be ready for use in a
production environment, Is it still in experimental state,
Christiaan Rademan wrote:
I have deployed a FreeRadius server in an environment with 2,491,000
subscribers.
That's a fairly high number.
We tested the configuration and it was working, with attribute filters
on proxy etc.. for all our requirements.
Using MYSQL Backend and SQL IP Pool to
Okay, I've finally got the server certificate sorted out, signed by
GeoTrust and installed, but now I have another certificate problem. I
believe this one is that the client doesn't recognize my ca.pem as being
signed by a trusted authority. Do I need to get another root cert signed
by GeoTrust?
Is this the INTERMEDIATE CA that GeoTrust sent along with the server
cert?
On 3/15/12 8:25 AM, Scott McLane Gardner sgar...@uark.edu wrote:
Okay, I've finally got the server certificate sorted out, signed by
GeoTrust and installed, but now I have another certificate problem. I
believe this one
Scott McLane Gardner wrote:
Okay, I've finally got the server certificate sorted out, signed by
GeoTrust and installed, but now I have another certificate problem. I
believe this one is that the client doesn't recognize my ca.pem as being
signed by a trusted authority. Do I need to get another
Okay, it is the INTERMEDIATE CA. Sorry for the noise.
On 3/15/12 8:26 AM, Scott McLane Gardner sgar...@uark.edu wrote:
Is this the INTERMEDIATE CA that GeoTrust sent along with the server
cert?
On 3/15/12 8:25 AM, Scott McLane Gardner sgar...@uark.edu wrote:
Okay, I've finally got the server
Hi,
Is this the INTERMEDIATE CA that GeoTrust sent along with the server
cert?
the server needs to be configured so that the certificate file entry points
to a file that contains your server cert, any intermediaries and the root all
in one file, in the right order concatenated after each other.
Dear Iliya,
Do I need to modify the code to call rlm_wimax functions for generating the
keys?
By default, it is invoking eaptls_gen_mppe_keys functions.
This function is generating MS-MPPE-Recv-Keys.
From your first mail, I understood that only modifying
raddb/sites-enabled/default, will take
Hello Everybody:
I just figure out how to solve the problem of NAS has a dynamic IP
address(single client entry 0.0.0.0).
But how about the radius Server is also behind a NAT which will get a Dynamic
IP address?(Server and NAS communicate with each other through Internet)!
How could I set the
On Thu, Mar 15, 2012 at 01:51:19PM +, Alan Buxey wrote:
Is this the INTERMEDIATE CA that GeoTrust sent along with the server
cert?
is then fed that cert chain... if it has the root CA installed it should be
happy - though some clients still complain.
When I (briefly) tested Windows 7
I don't see any differences... Just save your config files and replace them
later when rpm goes live
If anyone's interested, 2.1.12 builds fine with the specfile included
in the source release. I had to rebuild the certificate patch file and
include a few extra man files in the manifest. Simple
ZhenJoey wrote:
But how about the radius Server is also behind a NAT which will get a
Dynamic IP address?(Server and NAS communicate with each other through
Internet)!
That is a horrible way to run a RADIUS server.
How could I set the NAS's radius server IP adress option?
You don't.
Alan DeKok [al...@deployingradius.com] wrote:
Sent: Friday, March 09, 2012 3:25 AM
Brian Julin wrote:
This keeps the server listening, but there are some lingering issues:
Well, fixes are welcome.
I don't have time to look into this for a few weeks at least.
request_proxy_anew was
Any possible updates on this? It seems at some point the man pages changed
from using INSERTs and UPDATEs to only using INSERTS.
On 14/03/2012, at 3:52 PM, Aidan Rowe wrote:
Hi Chrstiaan,
It's because there is no SQL statement configured for Interim-Update by
default, you need to create
On 03/15/2012 09:11 PM, Aidan Rowe wrote:
Any possible updates on this? It seems at some point the man pages
changed from using INSERTs and UPDATEs to only using INSERTS.
I'm guessing here, but I suspect the problem with doing UPDATEs is that
they noop if the row isn't present. This can
Hi,
GeoTrust and installed, but now I have another certificate problem. I
believe this one is that the client doesn't recognize my ca.pem as being
signed by a trusted authority. Do I need to get another root cert signed
by GeoTrust? If so, how do I go about doing that?
FR v2.1.10
[peap]
Hello Alan:
I dont understand.
So the radius server could only work in a LAN? except use proxy radius?
Joey
Date: Thu, 15 Mar 2012 15:53:00 -0400
From: al...@deployingradius.com
To: freeradius-users@lists.freeradius.org
Subject: Re: freeRadius Server with Dynamic IP address.
ZhenJoey
HI
Thanks for your suggestion. Actually the mistake was in secret. It was
wrongly written.
Thanks
Raihan
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Cannot-authenticate-TinyRadius-with-freeRadius-tp5567736p5569771.html
Sent from the FreeRadius - User mailing
2012/3/16 ZhenJoey snan4l...@hotmail.com:
Hello Alan:
I dont understand.
So the radius server could only work in a LAN? except use proxy radius?
No.
On most setups, radius server needs a static IP address, accessible by
the client (NAS).
There are ways around that (e.g. using VPN), but the
36 matches
Mail list logo
