Currently we store realms on a SQL database and a cron script updates
proxy.conf. This is ugly and unstable due to the required restart of
FreeRADIUS. There is a native method to store Realms on a SQL database
like users, groups, clients, ip pools and huntgroups?
-
List
Is the default_profile setting in modules/ldap supposed to expand
runtime variables?
I tried to set:
default_profile = cn=default,ou=%{Realm},ou=profiles,dc=mc,dc=com
but on the logs I see:
rlm_ldap: performing search in
cn=default,ou=%{Realm},ou=profiles,dc=mc,dc=com
rlm_ldap: object not
I use FR 2.1.1 for WPA authentication, using TTLS+MSCHAPv2 and LDAP to
store users and passwords (in LM/NT hash format). I tried several
configurations:
Configuration 1:
- no changes in sites-enabled/default;
- in sites-enabled/inner-tunnel uncommented ldap in authorize and
Auth-Type LDAP in
Alan DeKok wrote:
Giovanni Lovato wrote:
Mmmm... After a little more investigation, I think it's the AP that
cause the problem: it receive an Access-Accept but ignores it, sends
another Access-Request and FR correctly generates an Access-Reject
because of the duplicate request. So it's not a FR
Alan DeKok wrote:
Giovanni Lovato wrote:
I set up freeradius 2.1.1 for EAP-TTLS, on Debian Lenny. As client I'm
using Ubuntu. When I try to connect, first user, (on the logs, heruan)
connect successfully, but subsequent users (e.g. jamila) won't. If I
restart freeradius, and try to connect
I set up freeradius 2.1.1 for EAP-TTLS, on Debian Lenny. As client I'm
using Ubuntu. When I try to connect, first user, (on the logs, heruan)
connect successfully, but subsequent users (e.g. jamila) won't. If I
restart freeradius, and try to connect first with jamila and then with
heruan,
: 2.1.0
Authentication backend: LDAP
Authentication method: WPA2-EAP TLS
Note: authentication works well with other access points.
Thank you!
--
Giovanni Lovato [EMAIL PROTECTED]
rad_recv: Access-Request packet from host 192.168.11.6 port 3072, id=126,
length=169
User-Name = heruan
In SQL schemas, accsessionid as VARCHAR(32) is too short, some NAS (e.g.
Juniper ERX) send to RADIUS long Acct-Session-Id (up to 48 chars). I
manually set it to VARCHAR(64) and now it seems to work correctly.
smime.p7s
Description: S/MIME Cryptographic Signature
-
List
Raghu Narasimhan wrote:
Linux machine.
Installed FreeRadius 1.1.7
Problems running it.
Why such an old version?
smime.p7s
Description: S/MIME Cryptographic Signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Maybe I'm wrong, but it seems default_profile option in LDAP
configuration is not exandend, for example:
default_profile = cn=default,ou=profiles,ou=%{Realm},dc=example,dc=com
How can I make default_profile expanding? Thanks!
smime.p7s
Description: S/MIME Cryptographic Signature
-
List
Giovanni Lovato wrote:
# dpkg-buildpackage -b -uc
dpkg-buildpackage: source package is freeradius
dpkg-buildpackage: source version is 2.0.5-0
dpkg-buildpackage: source changed by Alan DeKok [EMAIL PROTECTED]
dpkg-buildpackage: host architecture i386
dpkg-buildpackage: source version without
orion wrote:
2008/6/13 Giovanni Lovato [EMAIL PROTECTED]:
# dpkg-buildpackage -b -uc
dpkg-buildpackage: source package is freeradius
dpkg-buildpackage: source version is 2.0.5-0
dpkg-buildpackage: source changed by Alan DeKok [EMAIL PROTECTED]
dpkg-buildpackage: host architecture i386
dpkg
# dpkg-buildpackage -b -uc
dpkg-buildpackage: source package is freeradius
dpkg-buildpackage: source version is 2.0.5-0
dpkg-buildpackage: source changed by Alan DeKok [EMAIL PROTECTED]
dpkg-buildpackage: host architecture i386
dpkg-buildpackage: source version without epoch 2.0.5-0
debian/rules
I have an LDAP directory organized as follows:
dc=example,dc=org
|-ou=first
| \-ou=people
| \-uid=john
|
|-ou=second
| \-ou=people
| \-uid=john
|
\-ou=third
\-ou=people
\-uid=john
I would like to tell FR to do look in the appropriate OU based on the
relam the user authenticates, for
I would like to assign IP addresses from pools based on which NAS the
request comes from. Can I achieve this? Users are stored in LDAP and NAS
on SQL.
smime.p7s
Description: S/MIME Cryptographic Signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok wrote:
Giovanni Lovato wrote:
I would like to assign IP addresses from pools based on which NAS the
request comes from. Can I achieve this? Users are stored in LDAP and NAS
on SQL.
See the sqlippool module.
What key on sqippool table should I set to make FR choose a pool based
Phil Mayers wrote:
Nicolas Goutte wrote:
Am 27.05.2008 um 18:20 schrieb Giovanni Lovato:
Alan DeKok wrote:
Giovanni Lovato wrote:
I compiled deb packages from 2.0.4 sources. I would use rlm_sqlippool
but I get this message:
symbol lookup error: /usr/lib/freeradius/rlm_sqlippool-2.0.4.so
I compiled deb packages from 2.0.4 sources. I would use rlm_sqlippool
but I get this message:
symbol lookup error: /usr/lib/freeradius/rlm_sqlippool-2.0.4.so:
undefined symbol: sql_get_socket
How can I solve that?
smime.p7s
Description: S/MIME Cryptographic Signature
-
List
Ranner, Frank MR wrote:
-Original Message-
From:
[EMAIL PROTECTED]
eradius.org [mailto:freeradius-users-
[EMAIL PROTECTED] On
Behalf Of Giovanni Lovato
Sent: Saturday, 1 March 2008 11:23
To: FreeRadius users mailing list
Subject: Reply-Items in Ldap-Group
I wish to assign
Giovanni Lovato wrote:
Ranner, Frank MR wrote:
-Original Message-
From:
[EMAIL PROTECTED]
eradius.org [mailto:freeradius-users-
[EMAIL PROTECTED] On
Behalf Of Giovanni Lovato
Sent: Saturday, 1 March 2008 11:23
To: FreeRadius users mailing list
Subject: Reply-Items in Ldap-Group
We need to use a dictionary for JunOS 8.2, but the syntax seems to be
non-standard and FreeRADIUS can't recognize it:
http://pastebin.com/m6916d351
How can I translate that dictionary or make FreeRADIUS recognize it?
Thank you,
G.L.
smime.p7s
Description: S/MIME Cryptographic Signature
-
List
Bjørn Mork wrote:
Giovanni Lovato [EMAIL PROTECTED] writes:
We need to use a dictionary for JunOS 8.2,
JUNOS and JUNOSe are two very different things. Both can use radius
however. Based on the subject and link you posted, I assume you're
talking about JUNOSe 8.2.
but the syntax seems
Alan DeKok wrote:
Dmitry A. Sysoev wrote:
Good afternoon!
Why the radiusd (ver 2.0.3+ cvs) with
killall -HUP radiusd is not reload configuration files?
Because it doesn't. It's hard to do right. And no, Apache doesn't
handle HUP, either. It just *looks* like it handles HUP. It really
Ivan Kalik wrote:
Yes.
DEFAULT Ldap-Group == whatever
reply,
reply
Thanks, but I meant if I could store that reply-items directly in LDAP
attributes. It works for users, for example:
dn: uid=testuser,dc=example,dc=org
uid: testuser
...
objectClass:
I wish to assign various Reply-Items to a group defined in LDAP, and
then configuring FreeRADIUS to fetch those Reply-Items whenever a user
belonging to that group authenticates. Is that possible?
Thank you!
smime.p7s
Description: S/MIME Cryptographic Signature
-
List
Walter Gould wrote:
Please excuse me if this has already been covered in the docs or the FAQ
(I looked - but nothing jumped out at me). In accounting packets coming
from Cisco Catalyst 6513 switches, the NAS-IP-Address = 0.0.0.0. Does
anybody know why and if this can be changed? I have
I'm trying to get Windows XP authenticating using logon username/password.
# freeradius -X
[...]
rad_recv: Access-Request packet from host 192.168.12.3:1048, id=0,
length=217
Message-Authenticator = 0xdbb...
Service-Type = Framed-User
User-Name = TELPERION\\heruan
[EMAIL PROTECTED] wrote:
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 172
What's in these entries in users file?
My `user' file is the default coming with FreeRADIUS:
153: DEFAULT Auth-Type = System
Fall-Through = 1
172: DEFAULT Service-Type
cerficate using:
# openssl ca -policy policy_anything -out certs/radius-cert.pem
-extensions xpserver_ext -extfile xpextensions -infiles reqs/radius-req.pem
but Windows stills silently failing authentication.
Giovanni Lovato
--
www.aldu.net/~heruan
[EMAIL PROTECTED]
-
List info/subscribe
On http://wiki.freeradius.org/index.php/FAQ, question 6.10 I read:
quote
With FreeRADIUS you can simply use:
radiusd -C
to check the configuration. [...]
/quote
But when I try to do that:
code
# radiusd -C
radiusd: invalid option -- C
Usage: radiusd [-a acct_dir] [-d db_dir] [-l
[EMAIL PROTECTED] wrote:
Hi,
quote
With FreeRADIUS you can simply use:
radiusd -C
to check the configuration. [...]
gone
deprecated
So how could I check configuration before sighupping the process?
I try a script called ``check-radiusd-config'' but it gives me:
#
Kostas Kalevras wrote:
O/H Giovanni Lovato έγραψε:
Hi all.
We have a set of Cisco routers and a pool of users in an LDAP
directory. At this time routers are configured to request
authentication to FreeRadius, which binds to LDAP and grants access to
user on successfully binding.
We need
Can I get a Reply-Item from LDAP groups?
For example:
dn: uid=testuser,ou=people,dc=domain,dc=tld
uid: testuser
...
dn: cn=testgroup,ou=groups,dc=domain,dc=tld
cn: testgroup
...
objectClass: radiusprofile
radiusReplyItem: Cisco-AVPair := shell:priv-lvl=5
so that every user of testgroup gets a
[EMAIL PROTECTED] wrote:
Groups of users - usergroup table (standard SQL schema)
Groups of devices - huntgroups file
No way to store huntgroups directives on LDAP or SQL?
G.L.
--
www.aldu.net/~heruan
[EMAIL PROTECTED]
smime.p7s
Description: S/MIME Cryptographic Signature
-
List
Hi all.
We have a set of Cisco routers and a pool of users in an LDAP directory.
At this time routers are configured to request authentication to
FreeRadius, which binds to LDAP and grants access to user on
successfully binding.
We need to create groups of routers and groups of users, granting
{
auto_header = yes
}
...
}
...
authorize {
...
ldap
pap
}
authenticate {
Auth-Type PAP {
pap
}
...
}
...
If I revert the password to clear-text on LDAP, it runs fine and
authenticate.
Any ideas?
Thank you,
Giovanni
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Giovanni Lovato wrote:
I'm using FreeRADIUS 1.1.4 compiled from sources on Debian Etch.
I backend against LDAP with hashed password. Now I'm trying to configure
authentication to use with WPA, but it segfaults on calling PAP:
# radiusd -Xxxx 21
37 matches
Mail list logo
