Okay, pardon my confusion then. I had been following a howto online and it
reported that the command when run manually will produce the key.
Either way, I'm still having a failure in MSCHAP with radtest that I'm not
quite grasping.
On Aug 21, 2013, at 17:49, Phil Mayers
On Wed, Aug 21, 2013 at 09:52:14PM +0200, Martin Kraus wrote:
well looking at man wpa_supplicant I can see
EAP-PEAP/TLS
I think that should be PEAP/EAP-TLS. Otherwise I'm not sure what
it's talking about.
also from my google searches it might be possible that windows supports
PEAP/TLS as
noted. tks
On Tue, Aug 20, 2013 at 9:43 PM, Alan DeKok al...@deployingradius.comwrote:
ultaman khoo wrote:
Thanks alan, i alreaady on it right now, anything from the RFC that you
aware of can challenge the back the changes of NAS ip is wrong? Thanks
All of the RADIUS RFCs assume that
Dear All,
I have issue with configure radius. I have one Juniper MX80 for doing as
LNS in my lab and FreeRADIUS Version 2.1.12 installed. I can see there is
successful connected log to radius but after around 1mn it connect again
and again. I have check in MX80 but has no any significant log.
Think about the login time ... If you create an account for the future then if
it has a start validity date. ..
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks alan, i alreaady on it right now, anything from the RFC that you
aware of can challenge the back the changes of NAS ip is wrong? Thanks
On Fri, Aug 16, 2013 at 10:41 AM, Alan DeKok al...@deployingradius.comwrote:
ultaman khoo wrote:
btw the nas ip changes is due to NAS system
Hello all,
I'm currently attempting to use rlm_python to query LDAP (with python-ldap) and
then return an XML string in a VSA (SAML-AAA-Assertion). However, when I try to
load it, I get the dreaded undefined symbol: PyExc_SystemError error. This is
on Ubuntu 12 with, I know, I know, FreeRADIUS
ultaman khoo wrote:
Thanks alan, i alreaady on it right now, anything from the RFC that you
aware of can challenge the back the changes of NAS ip is wrong? Thanks
All of the RADIUS RFCs assume that a client has one IP, and only one IP.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
stefan.pae...@diamond.ac.uk wrote:
Hello all,
I'm currently attempting to use rlm_python to query LDAP (with python-ldap)
and then return an XML string in a VSA (SAML-AAA-Assertion). However, when I
try to load it, I get the dreaded undefined symbol: PyExc_SystemError
error. This is on
From the logs I interpret, the error is incorrect password for the user. Is
this correct interpretation?
I believe we have added in the NAS correctly to the clients file.
Also the username and password, we are testing, authenticates both locally
and from another NAS, without issue.
Here is an
mr. s wrote:
From the logs I interpret, the error is incorrect password for the user.
Is this correct interpretation?
No.
[pap] Using clear text password **-User-Not-Allowed-To-Use-This-NAS-**
This is not in the default configuration.
You're supposed to understand the configuration
Understood, however I am not the one who set this up or created the
non-default configuration. Any other guidance is greatly appreciated.
Thanks-
On Tue, Aug 20, 2013 at 8:30 PM, Alan DeKok al...@deployingradius.comwrote:
mr. s wrote:
From the logs I interpret, the error is incorrect
mr. s wrote:
Understood, however I am not the one who set this up or created the
non-default configuration. Any other guidance is greatly appreciated.
Ask the people who created this configuration. We didn't create it,
and we don't have access to your system to debug it.
The data is in
And thats the rub, thanks very very much. It is a stored query in our sql.
Easy once you know where its at.
On Tue, Aug 20, 2013 at 9:54 PM, Alan DeKok al...@deployingradius.comwrote:
mr. s wrote:
Understood, however I am not the one who set this up or created the
non-default
It seems that I have ntlm_auth configured to talk to Samba correctly. As it
positively works when run from the CLI and FR even shows a positive login, but
that positive login never seems to be sent to the authentication stage.
More food for thought once I tackle this, is that when I try to link
Hello,
I am creating WIFI hotspot on Debian 7. I had configured FreeRADIUS to
work with OpenLDAP for users authentication. How I can configure
Daloradius for user control? All tutorials that I found, shows how to
configure it with mysql, but my users are stored into LDAP (not mysql).
Is it
Greetings!
I am using Freeradius2 2.2.0 on a pfsense 2.1 RC1 firewall to support
authentication for a captive portal.
I see that it is possible to expire a user account in Freeradius. I am
wondering if I can specify a date and time to make the account effective. For
instance, I know I have a
Hello,
if a do a smbencrypt ä then the output for the NT hash is
B5CF5E386433C7CB69E43ED774717792 but the correct hash would be
3104EAB484D59EFABCEA2C44B07F41D3. (If you do not see the letter: It is a
small a with two dots, unicode code point 00E4.) Similar results hold for
other umlauts,
Matthias Nagel matthias.h.na...@gmail.com wrote:
Hello,
if a do a smbencrypt ä then the output for the NT hash is
B5CF5E386433C7CB69E43ED774717792 but the correct hash would be
3104EAB484D59EFABCEA2C44B07F41D3. (If you do not see the letter: It
is a small a with two dots, unicode code point
Hi Phil,
Probably a fairly trivial patch if you feel like it ;o)
I had a quick glace at the source code and I found two files named
smbencrypt.c. If you give me a hint, which is the correct file to start with,
I will brosw the source code from that point and see what I can do. But
probably not
Hi list,
I'm searching the best way to configure a policy to split the domain and the
prefix ' /host' when it
is a computer connection.
The initial UserName is like this:
host/computername.DOMAIN.LOCAL
I can already easily split the /host by policy and realm configuration but I
don't know
On 08/16/2013 08:24 AM, nicolas@ricoh-industrie.fr wrote:
Hi list,
I'm searching the best way to configure a policy to split the domain
and the prefix ' /host' when it is a computer connection.
You probably don't want to do this.
Instead, you probably want to use the expansion:
Nice, thanks
But in this case, how to tell Freeradius to use this variable when it's a host
connection ?
Because, I had already split User-Name variable into Stripped-User-name and use
that into post-auth
section to log correct syntax user.
So if I tell Freeradius to used variable
On 08/14/2013 09:25 PM, McNutt, Justin M. wrote:
One other thing with multiple interfaces: RHEL 6 comes with some
anti-spoofing features in the kernel enabled by default. I'm afraid
As I noted elsewhere in the thread, the terms to google for this are
martians and rp filter, and you are
From: Phil Mayers p.may...@imperial.ac.uk
If radiusd -X isn't reporting *anything*, then it's not reaching
FreeRADIUS, which means some part of the network stack is dropping it.
If you're sure your iptables are correct, google linux log martians and
linux rp filter. RHEL6 has different
Hi all
I'm trying to setup a very basic test server using FreeRADIUS (running on
Ubuntu 12.04) that uses PEAP with the example certificates generated by
FreeRADIUS.
I keep running into a variety of fairly basic problems.
After running freeradius -X I get this error message.
Couldn't open
ultaman khoo wrote:
I have faced an issue with NAS IP Changes
RADIUS assumes that NAS IPs don't change. If they do, you are running
a VERY unusual system.
causes radius accouting insert
instead of update, this has causes an issue with the reporting wenever
the NAS IP changes, for example
Darlington, Andrew wrote:
I’m trying to setup a very basic test server using FreeRADIUS (running
on Ubuntu 12.04) that uses PEAP with the example certificates generated
by FreeRADIUS.
See http://deployingradius.com It has a detailed guide for EAP / PEAP.
Couldn't open
Hi Alan,
Thanks for your response.
Initially FreeRadius would not start and I did get an error indicating
that the remote_secret_reject module failed to load. There was no reason
given even with -XXX. I found since then that I was missing a brace.
Now I can get FreeRadius to start. I still seem
Sigh. I broke the cardinal rule of the list _again_.
I'Ll grab a full debug log now.
Sorry for the spam.
Dave Aldwinckle
On 2013-08-13 11:22 AM, Alan DeKok al...@deployingradius.com wrote:
David Aldwinckle wrote:
Is there a way that I can deny a specific realm when an access request
is
David Aldwinckle wrote:
Initially FreeRadius would not start and I did get an error indicating
that the remote_secret_reject module failed to load. There was no reason
given even with -XXX. I found since then that I was missing a brace.
Now I can get FreeRadius to start. I still seem to be
Thanks for the fast reply.
See http://deployingradius.com It has a detailed guide for EAP / PEAP.
I'm actually following that one, it's very helpful, however I keep running into
problems that aren't covered.
You're running it as a normal user, and the file is owned by root (or
another
Hi,
I'm trying to setup a very basic test server using FreeRADIUS (running on
Ubuntu 12.04) that uses PEAP with the example certificates generated by
FreeRADIUS.
out of the box, freeRADIUS works - you just need, for testing
to add your user/pass to the 'users' file and your NAS to
Hi,
Initially FreeRadius would not start and I did get an error indicating
that the remote_secret_reject module failed to load. There was no reason
given even with -XXX. I found since then that I was missing a brace.
Now I can get FreeRadius to start. I still seem to be missing something
hi,
check permissions/owner etc of /etc/freeradius and the contents
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 15/08/13 14:30, Darlington, Andrew wrote:
Couldn't open /etc/freeradius/acct_users for reading: Permission denied
Errors reading /etc/freeradius/acct_users
/etc/freeradius/modules/files[7]: Instantiation failed for module files
/etc/freeradius/sites-enabled/inner-tunnel[124]: Failed to load
Hi
Thanks for all the replies!
Going through all the permissions of the various files freeradius complained
about fixed it like Phil Mayers and Alan said.
I also fixed the radtest problem. This just need to have freeradius restarted
normally.
I'm now working on PEAP with an Ubuntu client
ultaman khoo wrote:
I have faced an issue with NAS IP Changes
RADIUS assumes that NAS IPs don't change. If they do, you are running
a VERY unusual system.
Do you mean it doesnt conform to the radius acct RFC standard in this case?
if im get it right the FR3.0 should have take care of the NAS
btw the nas ip changes is due to NAS system supplying the radius acct
has failover to the backup unit, radius acct is then supply from there. so
it get change
On Fri, Aug 16, 2013 at 7:39 AM, ultaman khoo ultaman.k...@gmail.comwrote:
ultaman khoo wrote:
I have faced an issue with NAS IP
ultaman khoo wrote:
btw the nas ip changes is due to NAS system supplying the radius acct
has failover to the backup unit, radius acct is then supply from there.
so it get change
It's still garbage.
The FreeRADIUS SQL queries assume that one NAS sends all of the
accounting traffic for
Thank you. This is only thing that i want to know.
2013/8/14 Cornelius Kölbel cornelius.koel...@lsexperts.de
Hi Sergii,
this is in fact possible, but not with the OSS components of LinOTP.
Unfortunately, the SQL Resolver is at the moment only part of an
enterprise edition.
To go with the
Hi,
I am using FreeRadius v2.2.0 on CentOS 6.4 x86_64.
I am trying to adapt Plain Mac-Auth as described at:
http://wiki.freeradius.org/guide/Mac-Auth to work work from LDAP.
(Note: The server is also used for eduroam and is going to be used for
802.1x too.)
My setup follows below.
The
Hi all,
I'm using Freeradius version 2.1.12 with MySQL backend and EAP-TLS
authentication to serve dynamic VLAN and a DHCP server to leases this IP
address. This setup work sucefully but IP address of supplicants doesn't
stored in the database.
Is there any setup to store IP address of
Hi again,
Clarify that DHCP server is running in the same or an other machine,
depends of the stage.
Thanks.
El 14/08/13 12:03, Fernando Pizarro escribió:
Hi all,
I'm using Freeradius version 2.1.12 with MySQL backend and EAP-TLS
authentication to serve dynamic VLAN and a DHCP server to
On 14 Aug 2013, at 11:02, Nikolaos Milas nmi...@noa.gr wrote:
Hi,
I am using FreeRadius v2.2.0 on CentOS 6.4 x86_64.
I am trying to adapt Plain Mac-Auth as described at:
http://wiki.freeradius.org/guide/Mac-Auth to work work from LDAP.
(Note: The server is also used for eduroam and
On 14 Aug 2013, at 11:03, Fernando Pizarro fea...@gmail.com wrote:
Hi all,
I'm using Freeradius version 2.1.12 with MySQL backend and EAP-TLS
authentication to serve dynamic VLAN and a DHCP server to leases this IP
address. This setup work sucefully but IP address of supplicants doesn't
Dear, I have installed the Easyhotspot captive portal product which
uses the freeradius 2.1.0 service in order to authenticate users.
I can authenticate with Windows, Linux and Android devices, but I
can't authenticate with Apple devices (iphone and ipad) at all.
Is it an intrinsic problem of
Roberto Carna wrote:
I can authenticate with Windows, Linux and Android devices, but I
can't authenticate with Apple devices (iphone and ipad) at all.
Is it an intrinsic problem of Freeradius ???
No, Apple devices auth off FreeRADIUS just fine.
More likely it is a problem with certs/CAs,
Dear, the debug is this:
[chap] Login attempt by pepe with CHAP password
[chap] Using clear text password 1234 for user pepe authentication
[chap] Password check failed
++[chap] Returns reject
Failed to authenticate the user
THe password is 1234 and I try many times...
Any idea ??? Because from
We're running FreeRadius 2.2.0 on RHEL 6.
The servers are working fine with a single active interface (eth0) on
each one; but we need to activate a second interface (eth1) on each
server - on a different IP subnet - to handle local traffic on that subnet.
The interfaces look like this:
eth0
Since all your auth attempts are coming from easyhotspot, compare
the difference in FreeRADIUS logs between a successful authentication
and an unsuccessful one, for the same user and password. Compare both
the username and password, and all other attributes in the request, very
carefully. Odds
Roberto Carna wrote:
Dear, the debug is this:
[chap] Login attempt by pepe with CHAP password
[chap] Using clear text password 1234 for user pepe authentication
[chap] Password check failed
++[chap] Returns reject
Failed to authenticate the user
THe password is 1234 and I try many
Kurt Hillig wrote:
radiusd.conf includes these listen sections (omitting comments):
listen {
type = auth
ipaddr = *
port = 1812
interface = eth0
}
Why not just bind it to the IP of the interface? And remove the
interface line?
Alan DeKok.
-
List
On 14/08/13 15:07, Kurt Hillig wrote:
But radiusd isn't seeing any of the inbound RADIUS traffic on eth1 -
tcpdump shows it coming in, but radiusd -X shows no indication of
this traffic (but is reporting all of the traffic on eth0).
If radiusd -X isn't reporting *anything*, then it's not
I tried with Android device and it use CHAP authentication as Apple devices.
OK, here is the complete logthanks a lot!!!
rad_recv: Accounting-Request packet from host 127.0.0.1 port 3799,
id=74, length=172
Acct-Status-Type = Interim-Update
User-Name = pagos
On 14/08/13 15:55, Roberto Carna wrote:
I tried with Android device and it use CHAP authentication as Apple devices.
Ok, there is some confusion here.
You are using a captive portal, so it's actually your captive portal
web-based login that is doing CHAP - the Apple/Android devices are just
Hi,
Any news for this problem?
Br,
Ville
5.8.2013 19:08, vi...@leinonen.org kirjoitti:
Here:
rad_recv: Access-Request packet from host 172.150.0.62 port 25196, id=194,
length=63
User-Name = testu...@.fi
User-Password = testpass
NAS-IP-Address = 172.150.0.62
#
Before running radius in debug mode, try iptables -F with root privileges, it
disables iptables default rules
Phil Mayers p.may...@imperial.ac.uk ha scritto:
On 14/08/13 15:07, Kurt Hillig wrote:
But radiusd isn't seeing any of the inbound RADIUS traffic on eth1 -
tcpdump shows it coming in,
Also don't forget to disable (or modify) SELinux. If memory serves, RHEL 6
comes with that enabled by default as well.
--J
-Original Message-
From: freeradius-users-bounces+mcnuttj=missouri@lists.freeradius.org
One other thing with multiple interfaces: RHEL 6 comes with some anti-spoofing
features in the kernel enabled by default. I'm afraid I forget exactly what
they are, but the idea is this: If the kernel gets a packet from HostA on
eth1, but the routing table says that the return path to HostA
If your NAS can't send accounting then there's nothing you can do at the
freeradius end to make it do accounting
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello.
I am currently trying to install LinOTP with FreeRADIUS. I spent 3-4 hours
to get to work perl script
http://www.howtoforge.com/how-to-use-freeradius-with-linotp-2-to-do-two-factor-authentication-with-one-time-passwords
.
There was a problem with LWP::UserAgent and ssl connection (Error:
Hello,
I have two clients that proxy access requests to me. The realm varies, but the
format is always userid@realm.whatevermailto:userid@realm.whatever
Is there a way that I can deny a specific realm when an access request is
received from a specific client?
I tried adding something to
itquestioner wrote:
We've found in the freeradius wiki, that the correct way to manage
connection to mysql is to initiate the connection in the CLONE function.
But where should we put $dbh-disconnect() to be sure that any connection
will also be closed ? Whatever the result of the request
Sergii Bieliaievskyi wrote:
I am currently trying to install LinOTP with FreeRADIUS. I spent 3-4
hours to get to work perl script
http://www.howtoforge.com/how-to-use-freeradius-with-linotp-2-to-do-two-factor-authentication-with-one-time-passwords.
That site isn't part of FreeRADIUS.
David Aldwinckle wrote:
Is there a way that I can deny a specific realm when an access request
is received from a specific client?
Yes.
I tried adding something to policy.conf but I couldn't get the syntax right:
So... what happened? Did you get an error? Is it a secret?
#Prevent
Hi Sergii,
this is in fact possible, but not with the OSS components of LinOTP.
Unfortunately, the SQL Resolver is at the moment only part of an
enterprise edition.
To go with the OSS components you need to create a flatfile resolver.
But as Alan stated, this is no topic for this mailing list,
Brian Julin wrote:
Alan DeKok wrote:
Well... I tried it, and I didn't see any errors.
Can you check that you're really running a *stock* binary, and a
*stock* configuration?
Attached is a recipe for how I replicated it (and another doublefree) on a
clean system.
I've pushed a
Hi,
First question from beginners
We've found in the freeradius wiki, that the correct way to manage connection
to mysql is to initiate the connection in the CLONE function.
But where should we put $dbh-disconnect() to be sure that any connection will
also be closed ? Whatever the result
Hi
That's just an authentication request accounting packets is what you need.
Is your kit configured to send accounting to this RADIUS server?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks for quick reply,
well I guess not. Can you give me a hint how I can figure it out how I
can configure this ?
I'm I right that I have to configure the accounting in the RADIUS
conf-files or is it part of the NAS it self.
Well OK I had a look into Wikipedia RADIUS and it looks like it
Thanks, it works.
2013/8/6 Arran Cudbard-Bell a.cudba...@freeradius.org
On 6 Aug 2013, at 14:29, Maciej Lew mac...@lanserver.pl wrote:
The problem is we have databases in slave mode, only reading is allowed.
We want pass these informations to another database...
Modules can have
On 08.08.2013 19:16, Shaw, Colin M. wrote:
[peap] Using saved attributes from the original Access-Accept
User-Name = testx
[peap] Saving response in the cache
Your inner-tunnel virtual server returns only User-Name attribute in
Access-Accept. Configure your inner-tunnel virtual
On 9 Aug 2013, at 10:40, Jonathan Gazeley jonathan.gaze...@bristol.ac.uk
wrote:
For a while I've been using FreeRADIUS with a set of includes.d-style
directories that I can drop modules, virtual sites, etc into. This works well
- until today. So far I've only had one included policy file
On 09/08/13 10:52, Arran Cudbard-Bell wrote:
Whilst making up features is a fun pastime it's not very productive.
There is one global policy section at the top level. Virtual servers do not
have different policy name spaces.
Hi Arran,
Thanks for this. So you're saying that there can only
On Fri, Aug 09, 2013 at 11:05:47AM +0100, Jonathan Gazeley wrote:
On 09/08/13 10:52, Arran Cudbard-Bell wrote:
Whilst making up features is a fun pastime it's not very productive.
There is one global policy section at the top level. Virtual servers do not
have different policy name spaces.
Hi,
Thanks for this. So you're saying that there can only be one policy
{} section in the whole server, and if I wish to load two sets of
policies I will have to merge the two files?
each policy has its own name/tag - in FR 3, there is a policy.d directory
in which policy files get put...each
On 09/08/13 11:18, Matthew Newton wrote:
On Fri, Aug 09, 2013 at 11:05:47AM +0100, Jonathan Gazeley wrote:
On 09/08/13 10:52, Arran Cudbard-Bell wrote:
Whilst making up features is a fun pastime it's not very productive.
There is one global policy section at the top level. Virtual servers do
Hi.
Your approach (use an external script) finally worked
It's definitely a hack, as I discovered that Linuxes don't do any
DHCP-Release (and I expected to send a radius acct stop at this point).
Nevertheless, it will help me to emulate a mobile operator network
behaviour, when a machine
On 9 Aug 2013, at 15:35, Fabrice-externe SEGURA
fabrice-externe.seg...@erdfdistribution.fr wrote:
Hi.
Your approach (use an external script) finally worked
It's definitely a hack, as I discovered that Linuxes don't do any
DHCP-Release (and I expected to send a radius acct stop at
Fabrice-externe SEGURA wrote:
A word on documentation however : It's quite an understatement to say
that it can be improved.
We've had ~15 years of people complaining about this. So far,
contributions have been sporadic.
Doing documentation takes a concerted effort, and commitment. It's
Alan DeKok wrote:
Well... I tried it, and I didn't see any errors.
Can you check that you're really running a *stock* binary, and a
*stock* configuration?
Attached is a recipe for how I replicated it (and another doublefree) on a
clean system.
1) started on a fresh system that had
On 9 Aug 2013, at 16:14, Brian Julin bju...@clarku.edu wrote:
Alan DeKok wrote:
Well... I tried it, and I didn't see any errors.
Can you check that you're really running a *stock* binary, and a
*stock* configuration?
Attached is a recipe for how I replicated it (and another
On 9 Aug 2013, at 16:27, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
On 9 Aug 2013, at 16:14, Brian Julin bju...@clarku.edu wrote:
Alan DeKok wrote:
Well... I tried it, and I didn't see any errors.
Can you check that you're really running a *stock* binary, and a
*stock*
You could move files above eap but IMO it's better (cleaner, more
obvious) to run this in post-auth like so:
authorize {
...
eap {
ok = return
}
...
}
post-auth {
...
files
...
}
Note that you'll need to set the postauth_usersfile on your files
Thank
Hi.
I'm trying to use Freeradius 2.2.0 to catch DHCP request on a local
network (a specific interface and physical network of my machine), and
forward it to another radius server (through another interface), using the
radius protocol, to get authorized, and get the IP address to respond with
Hi,
I'm in the process of attempting to move our 802.1x services off of an aging
freeRADIUS (v1) server onto a newly built server running freeRADIUS v2.2
Tests so far with wireless clients using 802.1x PEAP/MS-CHAPv2 are working ok.
Clients can authenticate (against AD) and be assigned the
On 08/08/13 11:07, Shaw, Colin M. wrote:
difference. Lastly, for testing purposes, if I insert the required
attributes into the default post-auth then it all works and the wired
client is assigned the correct vlan, so again the switch side must be ok
and I also therefore presume all the
Fabrice-externe SEGURA wrote:
I'm trying to use Freeradius 2.2.0 to catch DHCP request on a local
network (a specific interface and physical network of my machine), and
forward it to another radius server (through another interface), using
the radius protocol, to get authorized, and get the IP
Brian Julin wrote:
I tried to replicate on a test server with lightly modified 3.0 stock
configs. The error only
happens when everything is running through the same server/eap instances, so
good
instincts there. Replicating it is easy: just uncomment the peap
virtual-server directive
Am Donnerstag, 8. August 2013, 09:19:30 schrieb Fabrice-externe SEGURA:
Hi.
I'm trying to use Freeradius 2.2.0 to catch DHCP request on a local
network (a specific interface and physical network of my machine), and
forward it to another radius server (through another interface), using the
Hi!
i am kindly asking for help or pointing right way to solve this problem.
Right now we are using LDAP for authentication to IBM products. Last thing
we try to do is use Freeradius on same LDAP schema for wireless purposes
(Cisco network). We didn't have problems with basic authentication,
Hi.
I was afraid this would come out that wayThanks for the response
anyway, it prevent me to further useless research. I will have to
hand-knit me this piece of code.
A suggestion for v3 : It should be possible then to turn the simple dhcp
request into 2 radius request : the auth request
Alan DeKok wrote:
Brian Julin wrote:
I tried to replicate on a test server with lightly modified 3.0 stock
configs.
The error only
happens when everything is running through the same server/eap
instances, so good
instincts there. Replicating it is easy: just uncomment the peap
...and it doesn't matter that example.com defaults to home_server
localhost, it does not get that far.
Well... I tried it, and I didn't see any errors.
Can you check that you're really running a *stock* binary, and a
*stock* configuration?
I will -- should I preferably be testing
Fabrice-externe SEGURA wrote:
A suggestion for v3 : It should be possible then to turn the simple dhcp
request into 2 radius request : the auth request + the acct start
request. Icing on the cake : dhcp-release should also transform into an
acct stop.
That's a lot harder.
As always,
On 8 Aug 2013, at 16:45, Alan DeKok al...@deployingradius.com wrote:
Fabrice-externe SEGURA wrote:
A suggestion for v3 : It should be possible then to turn the simple dhcp
request into 2 radius request : the auth request + the acct start
request. Icing on the cake : dhcp-release should also
As a hack just use exec and radclient to generate the packets and feed
them back into the server.
Interesting. That suggest there might be a way to make it work after
all...(I merely need a hack, it's for the purpose of simulating behavior
of an operators's GGSN towards a system that
On 08/08/13 16:16, Shaw, Colin M. wrote:
Thanks for the reply Phil.
difference. Lastly, for testing purposes, if I insert the required
attributes into the default post-auth then it all works and the wired
client is assigned the correct vlan, so again the switch side must be
ok and I also
Hello
I am currently trying to setup a Freeradius server on a SUSE 12.04. I tried
with the packaged version and a version compiled from source (both 2.20).
What works is the basic username/password authentication. As soon as I
create the certificates (CA, server client) and try to fire up the
701 - 800 of 78683 matches
Mail list logo
