st...@comitcon.be wrote:
I have rebuild freeradius on debian 7.0. I have added rlm_raw and have a
working dynamic client configuration where I use Called_Station_ID to
authenticate / validate that a NAS is allowed to use this radius server.
That's not a recommended configuration.
I wait
Hi!
We're proxying auth requests to another RADIUS service and encounter the
following problem:
The password seems to get changed somewhere along the way.
In our case, a 9 character password arrives as 16 character garbage at the home
server, which then -of course- rejects the access request.
Are you sure the RADIUS secret is the right one?
On Wed, Oct 2, 2013 at 12:14 PM, JB list.freerad...@me.com wrote:
Hi!
We're proxying auth requests to another RADIUS service and encounter the
following problem:
The password seems to get changed somewhere along the way.
In our case, a 9
On 02/10/13 17:14, JB wrote:
Hi!
We're proxying auth requests to another RADIUS service and encounter the
following problem:
The password seems to get changed somewhere along the way.
In our case, a 9 character password arrives as 16 character garbage at the home
server, which then -of
Has anyone encountered a similar situation?
Yes, it's called getting the shared secret wrong between two of your servers.
To prove this, enable Message-Authenticator validation on the home server.
I believe recent versions of FreeRADIUS will include the Message-Authenticator
attribute by
Yes, we double checked the secret.
Am 02.10.2013 um 18:20 schrieb Francois Gaudreault fgaudrea...@cloudops.com:
Are you sure the RADIUS secret is the right one?
On Wed, Oct 2, 2013 at 12:14 PM, JB list.freerad...@me.com wrote:
Hi!
We're proxying auth requests to another RADIUS service
Dear Alan
see my comments below
st...@comitcon.be wrote:
I have rebuild freeradius on debian 7.0. I have added rlm_raw and have a
working dynamic client configuration where I use Called_Station_ID to
authenticate / validate that a NAS is allowed to use this radius server.
That's not a
On 02/10/13 17:30, JB wrote:
Yes, we double checked the secret.
Well, you missed something.
There is no other reasonable explanation for the behaviour you're
seeing. In *theory* it could be broken MD5 libraries at one end, but
that's so unlikely that the possibility can be discarded.
You
1. FreeRadius lacks the ability to actually run Nas's behind a link with a
dynamic IP. Although not recommended, this software does not support a
proper way of dealing with this.
Nonsense. This is a fundamental limitation of the RADIUS protocol.
If you want to use dynamic IPs, use a
For those interested:
Information gotten from
http://sourceforge.net/apps/trac/hotcakes/wiki/YfiTechDynamicClients
In regards to the usage of Called_Station_Id, rlm_raw and SQL checks.
Kind regards
Steve
1. FreeRadius lacks the ability to actually run Nas's behind a link with
a
dynamic
Alan
first of all thank you for replying although I must sense quite some
hostility in your replies. On the other hand, I have read previous emails
coming from your end and this appears to be the way you respond.
Secondly I have read the documentation, but RTFM still appears to be the
common way
I'm trying to do what might be an odd configuration.
I'm attempting to digest auth users without caring about their User-name
attribute.
So in other words I want to auth on the Digest-User-Name = testuser
that comes in as part of the Digest-Attributes and a password.
So in the users file I have
I changed all instances of the password testing123, to a random password on
both the StrongSwan server and the Radius server, and restarted the strongswan
and radiusd services. However, this broke the connection to authenticate to
the LDAP server, so I had to put it back to testing123 to get
Clint Petty wrote:
How can I change the radius default testing123 password? Is there a
command I need to run to do this?
Edit raddb/clients.conf. Look for testing123.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
st...@comitcon.be wrote:
For those interested:
Information gotten from
http://sourceforge.net/apps/trac/hotcakes/wiki/YfiTechDynamicClients
In regards to the usage of Called_Station_Id, rlm_raw and SQL checks.
Which notes that rlm_raw doesn't come with the server. The reason is
st...@comitcon.be wrote:
first of all thank you for replying although I must sense quite some
hostility in your replies. On the other hand, I have read previous emails
coming from your end and this appears to be the way you respond.
Perhaps you could read the *content* of my messages,
Philip Walenta wrote:
I'm trying to do what might be an odd configuration.
I'm attempting to digest auth users without caring about their
User-name attribute.
That should work.
So in other words I want to auth on the Digest-User-Name = testuser
that comes in as part of the
On 2 Oct 2013, at 19:06, st...@comitcon.be wrote:
Alan
first of all thank you for replying although I must sense quite some
hostility in your replies. On the other hand, I have read previous emails
coming from your end and this appears to be the way you respond.
Firstly, you ignored what
Hi Alan,
Thanks for your reply. However, I have already changed the instances of the
password testing123 in the following files:
StrongSwan:/etc/strongswan/strongswan.conf
Radius:/etc/raddb/proxy.conf
Radius:/etc/raddb/sites-available/dynamic-clients
Replied in between
st...@comitcon.be wrote:
first of all thank you for replying although I must sense quite some
hostility in your replies. On the other hand, I have read previous
emails
coming from your end and this appears to be the way you respond.
Perhaps you could read the *content*
On 2 Oct 2013, at 19:06, st...@comitcon.be wrote:
Alan
first of all thank you for replying although I must sense quite some
hostility in your replies. On the other hand, I have read previous
emails
coming from your end and this appears to be the way you respond.
Firstly, you ignored
Clint Petty wrote:
Hi Alan,
Thanks for your reply. However, I have already changed the instances of the
password testing123 in the following files:
StrongSwan:/etc/strongswan/strongswan.conf
That's good.
Radius:/etc/raddb/proxy.conf
That's not good. The secret there is for home
We are getting unexpected behavior from FreeRADIUS 2.2.x (built from current
git).
We want to check if a user is BLOCKED first, and only then do we want to
perform some other checks.
Our current config looks like this:
authorize {
#auth_log # uncomment for debugging
st...@comitcon.be wrote:
It is fairly clear that the experts claim they have the knowledge , but
are guarding it.
Ah, yes. That's why I've wrote tons of documentation for the server,
and have answered questions daily for 15 years. I'm trying to hide
RADIUS knowledge.
I am secondly not
Bruce Bauman wrote:
We want to stop executing the BUNCH OF UNLANG CODE in the first two
cases (infected and tempsus), effectively doing something like a return.
There is a return code. See doc/configurable_failover.rst:
ok {
ok = return
}
That may work. The issue is that
We want to stop executing the BUNCH OF UNLANG CODE in the first two cases
(infected and tempsus), effectively doing something like a return.
Where you have ok in the case stanzas, put
ok {
ok = return
}
-Arran
Arran Cudbard-Bell a.cudba...@freeradius.org
FreeRADIUS Development Team
Hi Alan,
Ok, I just changed the StrongSwan:/etc/strongswan/strongswan.conf the
Radius:/etc/raddb/clients.conf files, and left the other files with reference
to testing123 alone. Restarted the strongswan radiusd services, and get
the same error from my iphone, VPN Connection - User
Hi,
A simple thing:
infected case
update control {
Tmp-String-0 := stop
}
...
if (Tmp-String-0 != stop) {
BUNCH OF UNLANG CODE
}
That should work. Ugly, but functional.
this is pretty much what I was
Hi,
Thanks for your reply. However, I have already changed the instances of the
password testing123 in the following files:
if you are dealing with a shared secret between a NAS and the FreeRADIUS
server, there are only
2 thigns to configure
1) the shared secret on the NAS - I would guess
Hi Alan,
Ok, I figured out why I wasn't able to change the testing123 password. I was
surrounding the new random password in quotes. Once I removed the quotes, it
worked.
Clint
-Original Message-
From: freeradius-users-bounces+cpetty=luthresearch@lists.freeradius.org
hi,
pretty definitive. incorrect shared secret - are you SURE that you havent got
any white spaces
etc lurking around? keep the shared secret in quotes if in doubt
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I would like to display the active Radius connections. When I run radwho I get
the following results (showing nothing but the titles) even though I know I
have an active connection:
# radwho
Login Name What TTY When FromLocation
#
-
List
On 2 Oct 2013, at 22:57, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
A simple thing:
infected case
update control {
Tmp-String-0 := stop
}
...
if (Tmp-String-0 != stop) {
BUNCH OF UNLANG CODE
}
That should work. Ugly,
Alan,
That was actually the problem. I surrounded the new password in quotes, and
didn't like that. Once I removed the quotes, it worked!
Clint
-Original Message-
From: freeradius-users-bounces+cpetty=luthresearch@lists.freeradius.org
Hi there,
I'm new to freeradius, and am setting it up purely in a test environment before
deploying live.
We're using Freeradius 2.2.0 and Ubuntu server 12.04 .3 lts with Active
Directory and Fortinet Fortigate based APs
We're trying to achieve the following:
Authentication via Active
Simon,
Did you enable the 'ldap' entry in the authorize section(s) of your default and
inner-tunnel servers?
It is commented out by default.
Stefan
From: freeradius-users-bounces+stefan.paetow=diamond.ac...@lists.freeradius.org
Simon Grierson wrote:
Authentication via Active Directory, but with access granted depending
on AD Group membership.
That should be possible.
EG: User A Is allowed Wifi access, as they are in Wifi-Users group
User B is not as they do not have membership of this group.
That's easy.
Email id:
suryalakshmi.annadu...@carc.co.inmailto:suryalakshmi.annadu...@carc.co.in
Or
ritu.gla...@gmail.commailto:ritu.gla...@gmail.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi all,
I am using FreeRadius 2.1.12 for WIMAX authentication. My initial
authentication between ASN-GW and AAA is successful. Keys are generated and
received in Access-Accept. But when HA sends Access-Request to AAA, the Request
is rejected.The SPI values are all correct. All the AVP values
Send the whole configuration and initial request/response. The snippet
below is pretty much useless.
David
From:
freeradius-users-bounces+davidp=wirelessconnections@lists.freeradius.org
[mailto:freeradius-users-bounces+davidp=wirelessconnections.net@lists.freera
dius.org] On Behalf Of
On 30 Sep 2013, at 13:59, David Peterson dav...@wirelessconnections.net
wrote:
Send the whole configuration and initial request/response. The snippet below
is pretty much useless.
also, set your date/time correctly.
The reason why authentication is failing is because no module has take
What exactly do error messages like:
Sep 30 12:56:36 newdvlanb radiusd[10152]: rlm_eap: No EAP session
matching the State variable.
Sep 30 12:00:21 dvlanc radiusd[16053]: WARNING: Child is hung for
request 782076 in component authenticate module peap.
Sep 30 12:57:08 newdvlanb radiusd[10152]:
On 30 Sep 2013, at 18:17, John Douglass john.dougl...@oit.gatech.edu wrote:
What exactly do error messages like:
Sep 30 12:56:36 newdvlanb radiusd[10152]: rlm_eap: No EAP session matching
the State variable.
The State attribute is returned in Access-Challenges by the RADIUS server and
is
Hi,
Sep 30 12:56:36 newdvlanb radiusd[10152]: rlm_eap: No EAP session
matching the State variable.
Sep 30 12:00:21 dvlanc radiusd[16053]: WARNING: Child is hung for
request 782076 in component authenticate module peap.
Sep 30 12:57:08 newdvlanb radiusd[10152]: Discarding duplicate
request
Is there any way to prevent FreeRadius from showing the password in
logs (debug logs) when authentication is done via LDAP?
Current I see :
rad_recv: Access-Request packet from host 192.168.100.2 port 31011,
id=13, length=129
User-Name = username
User-Password = XX
NAS-IP-Address =
On 09/30/2013 02:45 PM, Matthew Ceroni wrote:
Is there any way to prevent FreeRadius from showing the password in
logs (debug logs) when authentication is done via LDAP?
Current I see :
rad_recv: Access-Request packet from host 192.168.100.2 port 31011,
id=13, length=129
User-Name =
Hi,
Is there any way to prevent FreeRadius from showing the password in
logs (debug logs) when authentication is done via LDAP?
dont run in debug mode. debug mode is there for a reason - to debug
problems. verify if things like passwords are correct. look at the mailing list
archive - this
John Douglass wrote:
Any one have any similar battle scars that I can learn from (server
performance tweaks, optimizations, etc?). I've optimized as best I can
the SQL component. This all seems related to the samba/winbind/ntlm_auth.
FreeRADIUS is dependent on other systems. So if Samba or
On Tue, Sep 24, 2013 at 8:13 PM, Arran Cudbard-Bell
a.cudba...@freeradius.org wrote:
On 24 Sep 2013, at 18:12, Arran Cudbard-Bell a.cudba...@freeradius.org
wrote:
Note: Comp128-4 (milenage) is still unknown (please contact one of the
developers
if you have access to it's specification),
Don wrote:
I tried one of these inside gtc sub-section of eap.conf, that don't
seem to work:
auth_type = ntlm_auth
Setting that *should* be one step of a working configuration.
or
ntlm_auth = /usr/bin/ntlm_auth --request-nt-key
--domain=MYDOMAIN --username=%{User-Name}
On Fri, Sep 27, 2013 at 6:34 AM, Alan DeKok al...@deployingradius.comwrote:
Don wrote:
I tried one of these inside gtc sub-section of eap.conf, that don't
seem to work:
auth_type = ntlm_auth
Setting that *should* be one step of a working configuration.
Ok, thank you for
Don wrote:
Nothing secret, as I said I tried both configuration (one at a time)
inside gtc sub-section of eap.conf.
That's a problem. NOTHING in the documentation or examples says to do
that. LOTS of documentation and examples give the CORRECT way to use
ntlm_auth.
I did that, but that
Alan,
I finally made EAP-GTC using ntlm_auth to work. Basically my initial
configuration inside gtc sub-section of raddb/eap.conf was correct and
modifying raddb/modules/ntlm_auth from %{mschap:User-Name} to
%{User-Name} was also correct. I can also use
%{%{mschap:User-Name}:-%{User-Name}} that
All,
I have successfully configured freeRadius using EAP-PEAP with:
1. GTC to authenticate user against local password
2. MSCHAPv2 to authenticate user against Active Directory via ntlm_auth
following instructions on this link:
Don wrote:
That said, if EAP-GTC can be used along with ntlm_auth how do I
configure it to make that work?
Read the gtc sub-section of eap.conf. It tells you how to make
EAP-GTC use a particular authentication method.
I tried to execute ntlm_auth passing
--password=%{User-Password}, but
Alan,
Thank you for your reply and please find my inline response below.
On Thu, Sep 26, 2013 at 7:54 PM, Alan DeKok al...@deployingradius.comwrote:
Don wrote:
That said, if EAP-GTC can be used along with ntlm_auth how do I
configure it to make that work?
Read the gtc sub-section of
24.09.2013 Phil Mayers:
On 24/09/13 12:25, JB wrote:
At first glance, this seems to work but I wanted to know if there's a
better or more common way to achieve this. Or is this completely
stupid after all? (Why?)
Looks fine to me; you're conditionally executing the rest of your policy
Dear Stephan, just the last question pleasein your guide you say:
In /etc/raddb/eap.conf, change the ttls section as follows:
default_eap_type = mschapv2
copy_request_to_tunnel = yes
use_tunneled_reply = no
That's OKbut what do I have to put in the eap section from eap.conf file???
In the eap section, the default is md5, set it to ttls
And Roberto, you've emailed the entire FreeRADIUS mailing list. :-)
Stefan
-Original Message-
From: freeradius-users-
bounces+stefan.paetow=diamond.ac...@lists.freeradius.org
[mailto:freeradius-users-
Just out of interest is anyone using EAP-AKA with the EAP2 module in FreeRADIUS
2.x.x?
If so what sorts of services are you using for? Have any telcos successfully
deployed EAP-SIM/EAP-AKA['] for authenticating handsets to GSM and 802.11
networks to facilitate cross medium roaming?
-Arran
Dear Stephan: Notebook with Windows 7 + AP + EAP-TTLS + MSCHAPv2 +
Freeradius + AD is working now !!!
But just a doubt: if I access with my Android device, using EAP-TLS
(not EAP-TTLS) + MSCHAPv2, I can access the same...why ???
Regards and thanks,
Roberto
2013/9/25
Because your EAP-TLS process works? Remember, you set up EAP-TLS first (which
worked).
You just configured EAP-TTLS with EAP-MSCHAPv2 as an additional authentication
method. Since the default_eap_type is set to ttls, your server *prefers* using
EAP-TTLS with EAP-MSCHAPv2, but it still
But in the EAP-TLS section from eap.conf file, I don't see any
reference to MSCHAPv2and remember the NTLM authentication query is
set up in the MSCHAPv2 module
2013/9/25 stefan.pae...@diamond.ac.uk:
Because your EAP-TLS process works? Remember, you set up EAP-TLS first (which
worked).
Well. There's no such thing as EAP-TLS/MSCHAPv2 . So I'd guess that your
Android device is just doing PEAPv0/EAP-MSCHAPv2 or such and your config allows
it to. If you ran in full debug mode when connecting with the Android device
you'd see exactly what's happening
alan
-
List
But in the EAP-TLS section from eap.conf file, I don't see any
reference to MSCHAPv2and remember the NTLM authentication query is
set up in the MSCHAPv2 module
EAP-TLS does not use MSCHAPv2. It uses certificates.
I quote Alan DeKok's response to your question on September 18:
Hi,
i'm configuring a server with a sql counter to check the total byte in a
week for the users.
But the server will reply a wrong count.
Here's the counter:
sqlcounter weeklybytecounter {
counter-name = Weekly-Total-Max-Octets
check-name = Max-Weekly-Octets
reply-name = Mikrotik-Total-Limit
Hi,
I have a lot of logs with deadlocks
ed Sep 25 15:05:44 2013 : Error: [sql] Couldn't update SQL accounting ALIVE
record - Deadlock found when trying to get lock; try restarting transaction
Wed Sep 25 15:05:44 2013 : Error: [sql] Couldn't update SQL accounting
ALIVE record - Deadlock
On 25 Sep 2013, at 20:08, Alisson alissongoncal...@bsd.com.br wrote:
Hi,
I have a lot of logs with deadlocks
Those would be caused by a bug in your custom SQL queries?
Arran Cudbard-Bell a.cudba...@freeradius.org
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See
This messages are from radius.log
I've doesn't changed anything in db... and I haven't custom queries...
2013/9/25 Arran Cudbard-Bell a.cudba...@freeradius.org
On 25 Sep 2013, at 20:08, Alisson alissongoncal...@bsd.com.br wrote:
Hi,
I have a lot of logs with deadlocks
Those
I have been seen this weird message for two days now. I setup PPTP and IPSec
(ikev1) with freeradius + mysql.
In both cases I see Access-Acccept and in Accounting-Request I see these two
message:
WARNING: Empty preacct section. Using default return values.
WARNING: Empty accounting section.
On 25 Sep 2013, at 20:54, Alisson alissongoncal...@bsd.com.br wrote:
This messages are from radius.log
Those errors were generated by the MySQL client library or the MySQL server,
just because they're included in the radius.log file does not mean they
originated from within the FreeRADIUS
On 25 Sep 2013, at 21:20, WorkingMan signup_mail2...@yahoo.com wrote:
I have been seen this weird message for two days now. I setup PPTP and IPSec
(ikev1) with freeradius + mysql.
In both cases I see Access-Acccept and in Accounting-Request I see these two
message:
WARNING: Empty
As the msg says. Your preacct {} and accounting {} sections in your server are
not configured to do anything. Add active modules to them eg a database call
and things will be different.
alan-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Sep 25, 2013, at 4:33 PM, Arran Cudbard-Bell a.cudba...@freeradius.org
wrote:
On 25 Sep 2013, at 21:20, WorkingMan signup_mail2...@yahoo.com wrote:
I have been seen this weird message for two days now. I setup PPTP and IPSec
(ikev1) with freeradius + mysql.
In both cases I see
I will double check them when I get back to my machine. I think I know what you
mean. Will report back.
On Sep 25, 2013, at 4:38 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
As the msg says. Your preacct {} and accounting {} sections in your server
are not configured to do anything. Add
So this error its caused by my application?
2013/9/25 Arran Cudbard-Bell a.cudba...@freeradius.org
On 25 Sep 2013, at 20:54, Alisson alissongoncal...@bsd.com.br wrote:
This messages are from radius.log
Those errors were generated by the MySQL client library or the MySQL
server, just
Are you saying my default file has these sections as empty? Or that the vpn
clients are sending empty data?
Sections. As the Warning clearly states, sections.
Arran Cudbard-Bell a.cudba...@freeradius.org
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See
Signup_mail2002 signup_mail2002 at yahoo.com writes:
I will double check them when I get back to my machine. I think I know
what you mean. Will report back.
On Sep 25, 2013, at 4:38 PM, Alan Buxey A.L.M.Buxey at lboro.ac.uk
wrote:
As the msg says. Your preacct {} and accounting {}
On Thu, Sep 26, 2013 at 4:14 AM, Alisson alissongoncal...@bsd.com.brwrote:
So this error its caused by my application?
Whatever it is that creates queries to mysql.
In the default schema, radacct will continue to grow. If you're running it
on a production system with significant amount of
On Mon, 23 Sep 2013 at 22:03, Phil Mayers opined:
PM:Carefully examine the two entries on line 1 and 172, determine what's
PM:different, examine the unredacted data in the packets, and correct it.
hi phil - thanks for the advice, i figured out that placement of the
$INCLUDE statement (and
Hi!
Our setup utilizes custom SQL schemas and functions for authentication and
authorization.
We now want to add a roaming proxy for a certain realm.
When a user logs in using this realm, our custom SQL authorization should be
skipped because our functions and the roaming proxy are completely
Dear, I'm advancing in the Freeradius + AD authenticationjust a
short question: when I want to make the eapol_test tool, I get this
error:
# make eapol_test
/usr/bin/ld: cannot find -lnl
collect2: error: ld returned 1 exit status
make: *** [eapol_test] Error 1
I've followed all the steps to
paul trader wrote:
hi phil - thanks for the advice, i figured out that placement of the
$INCLUDE statement (and user info in general) in the users file is
important for windows authentication. strangely enough, it doesn't seem
to matter for a linux dialup, though.
That is a *terrible*
On 24/09/13 12:25, JB wrote:
At first glance, this seems to work but I wanted to know if there's a
better or more common way to achieve this. Or is this completely
stupid after all? (Why?)
Looks fine to me; you're conditionally executing the rest of your policy
based on earlier results.
-
Roberto Carna wrote:
Dear, I'm advancing in the Freeradius + AD authenticationjust a
short question: when I want to make the eapol_test tool, I get this
error:
# make eapol_test
/usr/bin/ld: cannot find -lnl
collect2: error: ld returned 1 exit status
make: *** [eapol_test] Error 1
On 09/24/2013 10:16 AM, Roberto Carna wrote:
Dear, I'm advancing in the Freeradius + AD authenticationjust a
short question: when I want to make the eapol_test tool, I get this
error:
# make eapol_test
/usr/bin/ld: cannot find -lnl
collect2: error: ld returned 1 exit status
make: ***
You need the following items on your Debian system to build eapol_test:
libssl-dev, libnl1, libnl-dev
:-)
Stefan
-Original Message-
From: freeradius-users-
bounces+stefan.paetow=diamond.ac...@lists.freeradius.org
[mailto:freeradius-users-
Looking for someone to test some new code (in master branch).
Someone [1] has claimed to of decompiled a SIM validation program to
figure out the algorithms for Comp128-2 and Comp128-3.
The reason why this is particularly useful, is because Comp128-1 is
horribly broken, and versions 2 and 3
Hi everybody
I need some help
I'm new in this topic and I'm traying to configure a freeradius serve.
I followed the instructions to configure freeradius plus remote mysql
server and when put in debug mode freeradius -f -X i get
this message.
rad_recv: Accounting-Request packet from host
Note: Comp128-4 (milenage) is still unknown (please contact one of the
developers
if you have access to it's specification), but just algorithms 1-3 are still
useful.
Actually it's not, it's published in the 3GGP standards, neat :)
Arran Cudbard-Bell a.cudba...@freeradius.org
On 24 Sep 2013, at 18:12, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
Note: Comp128-4 (milenage) is still unknown (please contact one of the
developers
if you have access to it's specification), but just algorithms 1-3 are still
useful.
Actually it's not, it's published in
On 24/09/13 17:58, María Teresa Mondragón Reyes wrote:
rad_recv: Accounting-Request packet from host 192.168.4.224 port 32769,
id=157, length=285
Invalid packet code 4 sent to a proxy port from home server
192.168.4.224 port 32769 - ID 157 : IGNORED
Ready to process requests.
This should be
María Teresa Mondragón Reyes wrote:
I followed the instructions to configure freeradius plus remote mysql
server and when put in debug mode freeradius -f -X i get
this message.
You don't need -f -X. Just -X is good enough.
rad_recv: Accounting-Request packet from host 192.168.4.224 port
On Tue, 24 Sep 2013 at 10:36, Alan DeKok opined:
AD: It also contradicts your previous messages. You claimed you put the
AD:users file entry at line one of the file. But now you talk about a
AD:$INCLUDE statement.
AD:
AD: So... which is it?
hi alan - well, i did both. at first the
Or ask your distribution provider why they still provide wpa_supplicant package
without eapol_test tool ;)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
paul trader wrote:
hi alan - well, i did both. at first the $INCLUDE was put at the bottom
of the users file, and there was 1 entry in the included file, at line 1.
Why do you have a $INCLUDE? You did NOT mention it in your other posts.
The help here presumes that you accurately
Hi Guys, we are trying to get Free Radius to authenticate our users who
connect through a Cisco Small Business POE switch.
When testing authentication with a shutdown / no shutdown command on
port fa/17 which has an IP phone connected to it we receive the
following errors:
FREE
Hi,
I want to authenticate asterisk peer using freeradius I am using asterisk
12.0.0 and Freeradius 2.2.1. I have configured freeradius correctly as I am
able to authenticate user saved in users file from the terminal by using
radclient command from the terminal. but when I try to register peer
On 23 Sep 2013, at 11:27, Husnain Taseer husnain.tas...@gmail.com wrote:
Even I don't get any request from asterisk server in radius logs.
You're looking at the wrong layer for the problem.
Fire up tcpdump. Do you see any radius traffic leaving the asterisk box? Does
it reach the RADIUS
Hi All,
I really do try to read the forums in full before I post, but I have seen much
out there on this, but just cant find out why this is happening.
Please see below.
The only think I dont have is sim_files entry in the sites-enabled/default, as
I assume this is now covered in the radiusd.conf
201 - 300 of 78683 matches
Mail list logo