On 5 Aug 2013, at 08:20, rajeev sr rajee...@gmail.com wrote:
Hello,
I am trying to run the radtest on local machine which is CentOS 6.0. But am
getting the following error while sending the Access Request message from
client which is another machine.
The user name is defined in
Hi,
User-Password = \334a\004\305\355x\321\332G\306\362b\226~\355+
that lineand the following in the debug:
Fri Aug 2 16:45:38 2013 : Debug: WARNING: Unprintable characters in the
password. Double-check the shared secret on the server and the NAS!
are quite clear.
On Mon, Aug 05, 2013 at 12:50:20PM +0530, rajeev sr wrote:
I am trying to run the radtest on local machine which is CentOS 6.0. But am
getting the following error while sending the Access Request message from
client which is another machine.
The user name is defined in users file under
Hi,
I have installed fr 2.1.10 w openldap and I can authenticate users
against ldap.
I have also added groups in ldap and allowed ldap module to search
groups and it also works fine.
Now the problem is that is huntgroups wont work. I need to restrict
access to NAS for specific groups. I
Hi,
file users:
DEFAULT Ldap-Group ==
Huntgroup-Name ==
multiple lines? the first line is CHECK items. other lines are REPY items
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Thank you for your reply.
It was my mistake, when i was testing.
Corrected DEFAULT Ldap-Group == , Huntgroup-Name ==
Still not working as i want.
Br,
Ville
Hi,
file users:
DEFAULT Ldap-Group ==
Huntgroup-Name ==
multiple lines? the first line is CHECK items.
Hi,
It was my mistake, when i was testing.
Corrected DEFAULT Ldap-Group == , Huntgroup-Name ==
Still not working as i want.
output?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi
We have a a supplicant that is our own box doing client 802.1x
authentication using freeradius. We do not establish a TLS/IPSec connection
between the supplicant and freeradius. We need to establish a secure
channel between the supplicant and freeradius.
Can someone please tell me whether any
Here comes:
rlm_ldap::ldap_groupcmp: User found in group
and user still access in. I noticed that if i disable ldap
and put user in users file like this:
vi...@.fi Cleartext-Password := , Huntgroup-Name ==
it works and i can filter users based on huntgroup.
Br,
Ville
Does freeradius support RFC 6614 for the same?
On Mon, Aug 5, 2013 at 5:07 PM, Rahul Godbole rahulmg1...@gmail.com wrote:
Hi
We have a a supplicant that is our own box doing client 802.1x
authentication using freeradius. We do not establish a TLS/IPSec connection
between the supplicant and
On 5 Aug 2013, at 12:37, Rahul Godbole rahulmg1...@gmail.com wrote:
Hi
We have a a supplicant that is our own box doing client 802.1x authentication
using freeradius. We do not establish a TLS/IPSec connection between the
supplicant and freeradius. We need to establish a secure channel
Hi,
Here comes:
rlm_ldap::ldap_groupcmp: User found in group
radiusd -X
its what the docs say. for a reason
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 5 Aug 2013, at 13:11, Rahul Godbole rahulmg1...@gmail.com wrote:
RFC 6614
That's encryption between the NAS and the RADIUS server, and yes FreeRADIUS 3.0
does support radsec. But chances are your NAS doesn't.
Arran Cudbard-Bell a.cudba...@freeradius.org
FreeRADIUS Development Team
-
Hi,
We have a a supplicant that is our own box doing client 802.1x
authentication using freeradius. We do not establish a TLS/IPSec
connection between the supplicant and freeradius. We need to establish a
secure channel between the supplicant and freeradius.
NAS or supplicant? a
Hi,
Does freeradius support RFC 6614 for the same?
'tls' virtual server in HEAD version of FreeRADIUS (currently version 3 in beta)
if you NEED to tick to FreeRADIUS 2.x (as you 'need' to secure) - then
RADSECProxy can be put in as a brudge between your remote and the FR instance
alan
-
Rather I need a secure channel between a 802.1x Network Access Device (
like an access point ) and freeradius.
On Mon, Aug 5, 2013 at 5:59 PM, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
We have a a supplicant that is our own box doing client 802.1x
authentication using freeradius. We do not
Hi to all,
i'm using FreeRADIUS Version 2.1.10 with rp-pppoe-3.11 as NAS.
I would like to configure this system to be able to limit the user
internet bandwidth ( this is possible by WISPr-Bandwidth-Max-Down and
WISPr-Bandwidth-Max-Up attributes ) but at the same time allow local
user's traffic
On 05/08/13 16:34, Fabrizio wrote:
Hi to all,
i'm using FreeRADIUS Version 2.1.10 with rp-pppoe-3.11 as NAS.
I would like to configure this system to be able to limit the user
internet bandwidth ( this is possible by WISPr-Bandwidth-Max-Down and
WISPr-Bandwidth-Max-Up attributes ) but at the
authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -
/var/log/freeradius/radacct/172.150.0.62/auth-detail-20130805
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log
Hello.
In that situation i need to have active, both sql and ldap, authorization
modules in inner-tunnel. So users, who should identify by login/pass in guest
SSID, can be authenticate via inner-tunnel ldap module. I don't want this.
Regards
Marcin
Dnia 25 lipca 2013 21:31 Marcin
Hi,
In that situation i need to have active, both sql and ldap, authorization
modules in inner-tunnel. So users, who should identify by login/pass in
guest SSID, can be authenticate via inner-tunnel ldap module. I don't want
this.
use whatever you want to use. what do you use
I was thinking this should be easy, but it's been two weeks and I give up...
This is what I want to do: My NAS, (a WiFi AP), has two SSIDs: staff and
guests. I want mutual exclusivity.
My /etc/raddb/users file contains something like this:
abc Cleartext-Password:=xyz
Running radiusd -X I get:
:
++? if (Local-Group != NAS-Identifier )
(Attribute Local-Group was not found)
? Evaluating (Local-Group != NAS-Identifier ) - FALSE
++? if (Local-Group != NAS-Identifier ) - FALSE
:
And it's clear Local-Group is always empty. :-(
Yeah you've
Hi,
I was thinking this should be easy, but it's been two weeks and I give
up...
well, depends how you do itif you do it easy it is easy, no?
users file
abc Cleartext-Password := xyz, NAS-Identifier = staff
Reply-Message Welcome on-board staff member
dont forget, if this
Changing the Local-Group into the request still makes control:Local-Group
empty.
abc Cleartext-Password:=xyz, Local-Group:=staff
NAS Sends this:
User-Name = abc
:
NAS-Identifier = resident
if ( control:Local-Group != NAS-Identifier ) {
Diagnostic says:
++? if
Diagnostic says:
++? if (control:Local-Group != NAS-Identifier ) - FALSE
Assuming you're not looking for a literal value 'NAS-Identifier', you want
%{NAS-Identifier}.
If this is a new deployment you should use current HEAD revision in Master.
Then you can use the debug_attr expansion to
The following appears to now work, but I don't understand some things:
files
if (control:Local-Group != %{NAS-Identifier} ) {
Why does control:Local-Group not need to be enclosed in %{ }, but
NAS-Identifier does?
And why does %{ } content need to be within quotes, when the documentation
doesn't
On 5 Aug 2013, at 22:37, Joseph Perrin jos...@lifeonthestreet.org wrote:
The following appears to now work, but I don't understand some things:
files
if (control:Local-Group != %{NAS-Identifier} ) {
Why does control:Local-Group not need to be enclosed in %{ }, but
NAS-Identifier
Hello,
This is my first post here so please excuse any missed etiquette.
I have read through the wiki's and googled a lot and not found anything.
I have been trying configure our switch ports (HP 2910al) with Tagged
VLANs via Egress-VLANID and Egress-VLAN-Name.
The Radius backend is
On 5 Aug 2013, at 23:39, Andy a...@brandwatch.com wrote:
Hello,
This is my first post here so please excuse any missed etiquette.
I have read through the wiki's and googled a lot and not found anything.
Thank you. I now understand.
A stock install of freeRadius in Fedora, (i.e. via yum), does not provide a
man page for unlang. Had you not helped me, I'd simply not know.
On Mon, Aug 5, 2013 at 6:00 PM, Arran Cudbard-Bell
a.cudba...@freeradius.org wrote:
On 5 Aug 2013, at 22:37, Joseph
On 08/05/2013 08:49 PM, Joseph Perrin wrote:
Thank you. I now understand.
A stock install of freeRadius in Fedora, (i.e. via yum), does not
provide a man page for unlang. Had you not helped me, I'd simply not know.
Nonsense, the freeradius rpm installs the unlang man page.
Please provide
32 matches
Mail list logo