Hi,
> Listen on multiple interfaces and use the packet destination IP attribute
> with Unlang to determine policy? Then point the different services at the
> different IP addresses ?
currently this is what we are looking at - a new virtual
server on a different port that does the authorisation
Hi,
> authorize {
> if((User-Name == User-Password) && %{ldap:etc...}){
> update control {
> Auth-Type := 'NULL'
> }
> }
> else {
> // Authentication modules
> }
> }
>
>
> Auth-Type NULL {
> ok
> }
this
hi,
heres one for a wednesday morning.
we have a system that we've been done plain authorizations
via FreeRADIUS - the device sends the following RADIUS request
username: userid
password: userid
(ie the system sends the username and makes the password the same)
okay. fair enougha bit of
Hi,
please do not mail in HTML - look at this junk and the size
of the email!
> xmlns:o="urn:schemas-microsoft-com:office:office"
> xmlns:w="urn:schemas-microsoft-com:office:word"
> xmlns:m="http://schemas.microsoft.com/office/2004/12/omml";
> xmlns="http://www.w3.org/TR/REC-html40";>
>Fre
Hi,
>
> One thing stands out though in the output of freeradius -X (only after
> changing the order of suffix and ntdomain in sites-available/default and
> radiusd.conf:
> ++[mschap] returns noop
ensure that preprocess module is called first and then ensure that
with_ntdomain_hack is set to o
Hi,
> The reason for wanting to send everything to a log host on the network
> is that the new generation of radius servers we are preparing are all
> virtualised and only have a few GB of disk - so no room for logs.
there are so many ways of having proper disk access via a virtualised host
t
Hi,
>>The "log" section is global. See raddb/sites-available/README for a
>> definitive list of which sections can appear inside of a "server" section.
>>
> OK, thanks. If the "log" section is global, should I simply be able to
> insert the word "log" into my virtual servers? Doing so c
hi,
is the required config in your inner-tunnel? ie is LDAP defined at all?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> exec ntlm_auth_pap {
> wait = yes
> input_pairs = request
> shell_escape = yes
> output = none
>
> program = "/path/to/ntlm_auth --username=%{User-Name}
> --domain=EXCHANGE --password=%{User-Password}"
Hi,
> I leave you guys alone for 5 minutes
8-) as i said, theres probably a way of doing it
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> You should write your custom authentication script.
theres probably a way of doing it all in config
with unlang etc - but yes, a PERL script which does
all of the SQL stuff and authentication itself
is probably the way to go for it
alan
-
List info/subscribe/unsubscribe? See http://www.fre
Hi,
> [JK] Tried that earlier Alan. Seems whenever is set ok = return, we
> process no further. Here's the logs from a 'radtest', where testRadOld
> is entered as the password (testRad is the new password, testRadOld is
> the old password in the DB). We see the first query, where there is a
> p
Hi,
> I added, in the authorize section of sites-available/default, the
> following:
hmm, all you are doing is setting the values to what they
normally are...you need something like
group {
sql_new {
reject = 1
Hi,
> Unfortunatly, the switch still not switching the port from VLAN 1 to VLAN
> 2. Maybe
> there is other misconfigurations on our switch or another settings in radius
> configurations ?
it looks like theres another config you need to set on the switch port
to ensure the AAA server values
hi,
have you set the copy tunnel = yes for the PEAP section in eap.conf?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> C:\FreeRADIUS.net\bin>radiusd.exe -d ../etc/raddb -AX
> Starting - reading configuration files ...
> reread_config: reading radiusd.conf
> Configuration directory ../etc/raddb is globally writable. Refusing to start
> due to insecure configuration.
> Errors reading radiusd.conf
>
> wha
Hi,
> [JK] Thanks, Arran. Another quick question. Will 2.* do this 'straight out
> of the box'? If not, will it require much work? We are evaluating whether
> attempt this in radius, or make changes in our system.
your situation is a slightly unique bespoke requirement - as such, it wont
wo
Hi,
> You can change default eap type in eap.conf to peap (it's mschav2 now;
> leave mschapv2 in peap section) and loose the first exchange.
...assuming you mean
eap {
default_eap_type = peap
... ..
ttls {
default_eap_type = mschapv2
... ..
}
peap {
defaul
Hi,
> I have a functional question about freeradius and the ldap lookups. We
> currently run cisco wlc440x with WPA2-AES-PEAP-MSCHAPv2 against freeradius,
> and it is taking a while to authenticate - roughly 35 seconds. It seems most
> of this is being chewed up by our slow ldap lookups (abou
Hi,
> I thought the outer-tunnel is set up to secure the connection between the
> user and the authentication server. So the Authentication has access to
> the unencrypted data which it in turn queries proxies to verify the
> received credentials; this data is encrypted using the home-server share
Hi,
> have checked radiusd.conf and it has the line $INCLUDE sites-enabled at the
wrong.
$INCLUDE ${confdir}/sites-enabled/
and then make sure you have some files in there (usually
symlinks to the files in sites-available directory)
alan
-
List info/subscribe/unsubscribe? See http://www.freera
Hi,
> I still suggest:
>
>> abcUser-Password == "test"
that is wrong. wrong and wrong
Elias, please put your entry at the top of the users file - or remove
the
DEFAULT Auth-Type == System
from your config (this forces the server to always use 'system' auth
- which you really dont
Hi,
> > thats true for 1.1.6 (iirc) upwards
>
> 1.1.4 and later.
my how time really flies. I've just been updating some
boilerplate/logo/copyright stuff on some code tonight
that was all 2004. sheesh. its a nostalgic evening.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius
Hi,
> According to the 'users' man page (man 5 users):
>Attribute := Value
> Always matches as a check item, and replaces in the
> configuration items any attribute of the same name.
as a check item - you wont have two passwords in a request. if there
was such a cond
Hi,
> abc User-Password == "passwd"
huh?
abc Cleartext-Password := "passwd"
thats true for 1.1.6 (iirc) upwards
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> Marco De Magistris wrote:
> > Is it possible with FreeRadius generating the statistics based on an
> > Attribute?
> >
> > i.e The statistics based on NAS-Port-ID.
>
> No. The statistics it keeps are based on IP address. See
> raddb/sites-available/status
out of the box it wont do - but
Hi,
> (grin), but of course, if I want to write for the wiki, I'm going to have
> to install the latest release, to be sure what I write is valid for the
> most current context. Fortunately I have a test box for stuff like this.
> :)
..but to mirror wat you've ben saying - why not support 1.x
hi,
> H. My first gut reaction is that I "don't know enough", but before
> I dismiss this idea, I have to ask what you have in mind.
I think the initial idea would be to document what/how you've used
exec module to define an attribute - rlm_exec is quite bare on the wiki ;-)
alan
-
List inf
Hi,
> The Realm indeed remained untouched in the username through out the request.
> How can I stop this loop?
easiest way is to point that proxy.conf at a new virtual server
eg called 'local' in which you do not call prefix,suffix etc etc
then these details wont be touched and the server wont
hi,
are you doing local proxy (ie have an entry for math.nl in proxy.conf?)
if so, ensure you define 'nostrip' otherwise the realm will be removed
and you cannot use it.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi,
Charles, this is an unpaid community support list. you are coming
across as a very angry person with no regard that the people
on this list arent paid to give you informaation which is probably
essential for you to actually do your work, get paid etc.
if you'd actually like any help/advice i
Hi,
one of the main issues is using a distro version of the code.
what they do to the files provided in the TARBALL is up to them.
i would advise doing something like
locate scripts | grep -i radius
...they might have been dumped into somewhere like /usr/share/doc/radiusd
or somesuch.
you can
hi,
you need to change the User-Password desc in SQL to Cleartext-Password
and ensure the 'op' is :=
you added a dictionary that was incorrectly written - check the
other present dictionaries and ensure yours is the same format
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.or
Hi,
> I have used the schema that was located in side raddb/sql/mysql/schema.sql.
> So the database looks like this:
the NAS table is here
raddb/sql/mysql/nas.sql
if you load that up you'll have a lovely new table to play with.
> Only one of those tables looks like it is to do with NAS's, whic
Hi,
> The debug code can be found below.
FreeRADIUS has a very verbose (and very good imho!) debug log. it pretty
much screams out what the problem is!
> rlm_sql (sql): Connected new DB handle, #4
> rlm_sql (sql): Processing generate_sql_clients
> rlm_sql (sql) in generate_sql_clients: query is
Hi,
> It really is an AP issue. Using another AP (SMC WEBT-G) with the same Radius
> config works... Both Windows XP and Ubuntu connects successfully, no matter
> if I set certificate validation on or off... Anyway, there are two EAP
> setting which is supported by the Cisco AP: Open mode with EAP
Hi,
> I think you are using sef-signed ssl certificates in the freeradius server
> and the windows XP client is trying to "validate" them; if that is right
> try to configure windows xp client to not to validate them. Best regards
> and sorry for my english!
self-signed are perfectly fine - but y
Hi,
> I used the example configuration and got the same result.
.
> 2. I moved the following from the robust-proxy-accounting file to the
> proxy.conf file.
why?
the robust-accounting stuff is a self-contained virtual server. by putting
this into proxy.conf you have introduced (or reintr
Hi,
> That is the worst piece of equipment I ever had in my hands...
surely you've not had the joy of a dlink DBT-900AP then? ;-)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> I am currently using d-link dwl-g700ap as the access point.
> I have visited the product site and seen data sheets for the same and it
> mentions nothing about radius accoutning packets.
> how do i enable my AP to send accounting packets??
> And if this access point does not support radius
Hi,
> I'm not able to do that now. I only saw two interesting things in the
no debug = no help :-|
you might want to try the latest 2.1.6 as the bootstrap EAP ing got
a bit cleaner - are you using EAP-PEAP or are you putting client certs
on the windows and actually using EAP-TLS ? following the
Hi,
>I am having trouble configuring free radius to use TTLS with inner
> protocol of either mschap or PAP. Currently, I have TTLS working with the
> default inner protocol of MD-5. But when I change the eap.conf file to use
> mschap or PAP then I can't even get radiusd -X to start. I see the
Hi,
> When we tried it back in 2007 with an Active/Active configuration, the
> two instances of ISC DHCPD started handing out duplicate leases
> completely arbitrarily. We scrapped the second instance and went down to
> a single one. Haven't tried it again since.
>
> It didn't work then... it m
Hi,
> It's not a good sign that we bicker about terminology. Suffice it to say
whilst it was interesting that FreeRADIUS got DHCP support - certainly
for those that want to ensure policy actually works - I never thought we'd
get to have such fervent discussion about it :-)
now, historical conte
Hi,
> Hi.
>
> Could you share your experience in question of choice an OS for mysql server
> and maybe some detail of configuration.
the best chpoice is one in which the system administrator is well experienced
to eg configure OS low-level settings regarding thread, disk, network etc usage.
the
Hi,
> local-link, SCTP gets exciting too here). It's going to make it awkward
> to deal with user accountability when most systems are built around the
> concept that the user has one IPv4 address...yet alone in addition
> several IPv6 addresses some of which vary over time.
add into that dyn
Hi,
REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\Eapol\UserEapInfo]
> I have found the relevant entry in the registry.But i am not able to
> understand what *change* should be made to this entry.Could you please tell
> me a bit more in detail?
that bit i sent can be saved as a pla
hi,
ome useful information...however, people will be far more
likely to read your email if you send it as plain text
rather than HTML.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> I would like to inform you that i am working on the server side and not the
> client side.Hence it is not feasible to change the registry entry of every
> client.
oh dear. you cant control the clients - the clients need to be changed,
sorted etc. other supplicants can be configured to alway
Hi,
> IIRC, there's a suggestion to do this, but the actual cut-off number
> is vendor-specific.
..and i guess this cutoff is reported as an EAP failure and therefore kit
configured to block/deny access will mean the eg the 3rd tunnel creation
will be the last for some time
alan
-
List inf
Hi,
> Alternatively the 'smart server-end' could just send an Access-Accept :)
ah..but then things get logged and you have a session...and most likely then
a local address at the visited site and you'll then have to
use a VPN etc. with the nefarious way, all traffic is transmitted via the
home RA
Hi,
> my problem is that once the users are connected to the server,they are not
> asked for a username/password when they try to connect after logging out of
> the network.the username/password that was used to connect to network
> initially, is used automatically for subsequent purposes to conne
Hi,
> >> on the client can then extract? this could tunnel traffic through
> >> an 802.1X restricted network? in fact, is the inner EAP traffic limited
> >> at all? once the authentication outer layer is started i should be
> >> able to just keep throwing data back/forward through that tube?
> >>
Hi,
> There are already working spec files and pre-built RPM's for Fedora,
> RHEL, and CentOS that are actively maintained. See:
> http://wiki.freeradius.org/Red_Hat_FAQ
personally, I handroll mine from the source because then i choose
what goes in and what doesnt (and often require all the debug
Hi,
> Or maybe ntlm_auth isnt the way to do this? Maybe I'm looking at this
> the wrong way? Any ideas to get this to work or any other better ideas?
there are samba issues to dea with - binding credentials etc
with regards to ntlm_auth, you can put an unlang wrapper around it
to choose wha
Hi,
> No one in London wants to go to Sussex though and from my logs it does
> not look like anyway from Sussex wants to go to London either ;)
>
> If someone gives me something better to use in my RADIUS packets then
> I'm game. Meanwhile I keep meaning to glue 'exec' and 'fortune'
> togethe
Hi,
> Should I enable accouning for that?
thats one way of tackling the issue
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> No they can't. Reply-Messages are prohibited in packets containing
> EAP-Message attributes.
really? well...I guess if you believe in RFC 3579 and hope that everyone
read section 2.2 of that - invalid packet discussion then you'd
hope so... however, I see tonnes of packets proxied through
Hi,
> What I meant if that employee John pass his coworker Joe their
> credentials, both user and password, well that could not be so
> terrible. Now, let's suppose then that your company organize an event
> an come 100 people, they want to use wireless network, so John comes
> and has the "great"
Hi,
> Does file attrs.access_reject has to with you are talking about?
in a way - that file lists the attributes that are allowed
to pass after an access reject - you still have to set eg the Reply-Message
*or some other VSA* to let the remote site know
alan
-
List info/subscribe/unsubscribe? Se
Hi,
> Hi Sergio,
>>
>> Is possible that Reply-message can be seen from laptops running the
>> supplicant?
>
> Not with EAP no. You can use EAP-Notification packets, but very few
> supplicants display the contents to the user, and the server doesn't support
> their generation.
which is why rathe
Hi,
> Hi,
> >> Or maybe better:
> >>
> >> sql
> >> if (noop || invalid) {
> >> ok
> >> }
> >
> > doesnt appear to work...
> Tsk tsk, did you even read my post ? :P
>
> sql {
> invalid = 2
> }
>
> Gotta override the default priority, else it'll return a handled rcode.
g
Hi,
> I'm thinking:
> Session-Timeout := %{exec:timecalc}
pretty much, you need to set this via the update reply style as
recently posted several times this past month to the list
> Or something like that. Also, where exactly should this go in the
> 'authorize' section? I'm presuming at the
Hi,
> Easy. The accounting section has to be told "it's OK to continue":
yep
> Or maybe better:
>
> sql
> if (noop || invalid) {
> ok
> }
doesnt appear to work...what happens is this..
okay detail packet
rlm_sql (sql): Released sql socket id: 6
++[sql] re
Hi,
> Hi all,
>
> I'm in the process of migrating our RADIUS servers from 1.17 to 2.14.
> I've scoured all over for any information relating to the migration of
> the MySQL database.
>
> Am I just missing something here, or are the two versions completely
> non-compatible?
look at the schema for
Hi,
> > (I've already got, on my list, use Calling-Station-Id
> > instead of NAS-Port for the unique function as many
> > NAS use the same port for every accounting packet :-|)
>
> Create a patch, and send it to the list via git format-patch. "Best
> practices" really need to go into the serve
hi,
okay. so i've been preaching that people use eg
the buffered-sql virtual machine rather than do accounting
DB entries 'live' - therefore giving the admin better
FR performance with slower DBs etc...
however, I've been approached today by someone who has a
rather large detail file (few gigs) t
Hi,
> Is there a way to tell freeradius not to include passwords in the log when
> debugging?
many ways - which log are you seeing the password in?
it *WILL ALWAYS* log any plain passwords when in full debug mode..
thats the idea of full debug mode
alan
-
List info/subscribe/unsubscribe? See
Hi,
> if("%{User-Name}" =~ /?([...@]+)@?([-[:alnum:]._]*)?$/) {
>
> update request {
>
>Realm := "%{2}"
>
> }
> The staff login id is:
>
> ps...@worc.ac.uk
>
> Whereas the student login is in the format:
>
> psdn1...@worc.ac.uk
>
> Would it be possibl
Hi,
> Sounds good - I'll give this logic a go... Where best to place this bit of
> Unlang? In the inner-tunnel Authorization stanza, before ms-chap? Would I
> need to repeat in the Authentication MS-CHAP bit too, or does it get set at
> the beginning of the "request session" and follow all the way
Hi,
> Is that because freeradius is kind of like apache, as in that only certain
> ips' are allowed to hit the freeradius server? So it is pretty secure as
> soon as you install it right?
unless you have a firewall in place then anything could talk
UDP to ports 1812, 1813 and 1814 - but then if th
Hi,
> If I follow the logic as supplied by Neil, and remove the "--domain" option
> then this works fine for all users in all domains, and machines in same
> domain that winbind was joined to, but not machines from remote domains. If
ah! multiple remote domains - not in a forest of trust?
> I c
Hi,
> We pass hostname$ to ntlm_auth by rewriting the User-Name attribute as
> follows:
>
>
>
> attr_rewrite machine_UserName {
>
>attribute = User-Name
>
>searchin = packet
>
>searchfor = "^host/(.*).domain.name"
>
>re
Hi,
> Heavy duty crypto can affect speed but that's part of cryptography's charm.
actually, this reminds me - the eap.conf calls 'DEFAULT' openssl crypto
engine - this should give the possibility to use offloading crypto
cards such as the Hifn (or even a VIA cX cpu with padlock engine.
alan
-
Li
Hi,
> Alan committed a fix to the git repository last night. It does a
> straight copy of the value without parsing it, so should fix the issues
> you've been seeing.
does this fix mean that TTLS and PEAP get the inner identity copied
correctly so there is no more need for
update outer.r
Hi,
> I have some problems with freeradius and mysql as a database. radacct table
> is InnoDB and update queries (interim-updates) are terrible slow (10 - 50
> sec). Interim-updates are triggered every 8 minutes so it isn't under heavy
> load. (max 500 users online @ same time)
>
> After I wrote
Hi,
> What do you suggest to do with printers, ip phones and other network devices
> wchich can not support 802.1x ?
> What are you doing to secure this backdoor?
> One idea is to identify such devices by MAC but I think it should be
> something else -
> cause someone can disconnect fi printer - c
Hi,
> And now, if I start radiusd and slapd on server A and not on server B, it
> works. And if I stop slapd on server A, and start slapd on server B, it
> doesn't work. It's maybe a lead...
this is documented
http://wiki.freeradius.org/Fail-over
you need the group to be failable etc
alan
-
Hi,
> But now I get following errors, but now I don't know what's to do...
>
>
> rlm_eap: SSL error error::lib(0):func(0):reason(0)
> rlm_eap_tls: Error loading randomness
> rlm_eap: Failed to initialize type tls
> /mypath/freeradius/etc/raddb/eap.conf[17]: Instantiation failed for modul
Hi,
> Now I got a new problem with rlm_eap and the server doesn't start
> anymore. You were right, I commented $INCLUDE sites-enabled/ in
> radiusd.conf.
the errors are clear enough!
> Module: Instantiating eap-tls
>tls {
> rsa_key_exchange = no
> dh_key_exchange = yes
>
Hi,
> I need to add a couple of USER/PW into the PostgreSQL tables to test.
>
> How do I do that?
however you like
> Is there a GUI to add UID/PW?
theres a basic GUI supplied as part of freeradius source - dialup_admin
there is also DaloRADIUS - the author of that tool is on this list.
> Are U
Hi,
> Waking up in 2 seconds...
> rad_recv: Accounting-Request packet from host 172.17.7.214:32786, id=7,
> length=735
> Received Accounting-Request packet from 172.17.7.214 with invalid signature!
> (Shared secret is incorrect.) Dropping packet without response.
> Finished request 3
examine the
Hi,
> 1. Is there any written description of all the tables, columns, etc.
> What they are? What data goes in them? How & when they are created?
>
> 2. PostgreSQL/freeRADIUS: Where are the accounting tables? Where can I
> read about them? How are they created?
in the source code tarball you'll
Hi,
> So far I haved followed instructions in the admin.sql file and the used the
> command:
> mysql -uroot -prootpass radius < schema.sql
> which creates a database called radius, that I am suppose to fill with some
> dummy data, is this right so far? I also uncommented the line- $INCLUDE
> sql.
Hi,
> I have a fairly standard config, using EAP/TTLS and an LDAP back end. Both
> EAP and non-EAP requests need to do LDAP lookups.
>
> It's working well (I did very little customizing), except I see a lot of the
> anonymous outer id's getting sent to the LDAP servers. I moved EAP above
>
Hi,
> > 1) authenticate access to the network from Open Public Access Catalog
> > (OPAC) desktop machines available to every user of a biblioteque.
>
> OPAC? That must be term local to your site. I don't know what it means.
we have OPACs too - i think its a term derived from the world
of lib
Hi,
> I have installed freeradius 2.14 on Freebsd using the ports.
> I need to use an external script, so in radiusd.conf I created in the
> module section :
> exec GETVLAN {
> wait = yes
> program = "/usr/local/etc/raddb/getVlan %{User-Name}"
>
Hi,
> What I am looking for is any kind of Step-by-Step document detailing
> sequential steps needed to setup a PostgreSQL back end for freeRADIUS.
> Has someone written such a document? Is there such a writeup available?
just to reiterate Alans comments - the config file is self documenting.
Hi,
> May I ask if I am using sql to store the client list in
> the sql table 'nas', is there a way for me to ask freeradius
> to refresh the list ? Or is it that I must kill and restart
> freeradius ?
without other changes - restart the server
with changes - use the dynamic_clients virtual ser
Hi,
> freradius-2.2.1.6-1.el5.i386.rpm
> freradius-postgresql-2.2.1.6-1.el5.i386.rpm
>
> I am pretty new to FR so please advice; do I need to install both of
> these RPMs or just the second for my setup to work?
both. the second one adds the postgres support.
alan
-
List info/subscribe/unsubsc
Hi,
> How to insert "Session-Timeout" into the reply message?
use what ever method you want to insert it PERL, unlang etc.
a simple 'fix' that would be global in this example:
for 2.1.x in section of sites-enabled/default
post-auth {
Post-Auth-Type REJECT {
Hi,
> No. You should be running through your authorisation policies on
> session resumption. All policies should be moved to the post-auth
> section of the outer server.
but only the inner server knows the real id etc ?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/u
Hi,
> Sure, and that's fine for you, an expert ;-) This user list is proof
> positive a large proportion of users can't even read the config
> documentation, I can only imagine the confusion which would ensue if
> there were two config directories and sets of modules.
well, its possiblehoweve
Hi,
> a.l.m.bu...@lboro.ac.uk wrote:
> > I've got freeradius, freeradius2 and RADIATOR all on one box
>
> What do we need to do so that Radiator can go away?
RADSEC :-)
well, I've got radsecproxy but currently I need to run RADIATOR
to keep my skillsets with that software up to date and chec
Hi,
> Also, the package will have a different name, rather than freeradius it
> will be named freeradius2, however (and this is critical) it will
> conflict at the file level, in other words the both freeradius and
> freeradius2 cannot be simultaneously installed.
why not? /etc/raddb2 and sepera
Hi,
> realm example.com {
> }
> realm LOCAL {
> }
> realm NULL {
> }
> /etc/freeradius/proxy.conf[498]: home_server "localhost" does not exist
thats very interesting - because in the default proxy.conf there IS an
entry for home_server localhost.
so, I'll repeat once again, do not just ran
Hi,
> which Linux distribution should I use? So far I tryied debian-etchnhalf, or
> CentOS, and in every How to its written that I have to compile it by mysefl.
> This how to didnt work anyway... so I will try what you will suggest.
> Bartosz.
theres nothing wrong with compiling it yourself - so
Hi,
> Can the ./configure script be made to report at the end what modules it
> found it can build. The ./configure output does have this information
> but it's not easy to follow.
i guess you are asking this after seeing similar feature in other
software?
alan
-
List info/subscribe/unsubscribe
Hi,
> ok (you guys propably hate me :) but please could you still give me the
> answers as you did before)
> but back to the subject:
> I did like you said,
> I installed 2.0.4 version (compiled using suggestions from:
> http://www.fatofthelan.com/articles/articles.php?pid=27
> http://www.linuxins
hi,
you still have ntlm_auth in your authorise section...thats wrong.
take ntlm_auth out of there.
edit modules/mschap and uncomment the ntlm_auth line (and configure
anything else you need such as MPPE) and then ensure that
mschap is called in the virtual server (sites-enabled/default)
and inner
301 - 400 of 1557 matches
Mail list logo