Hi,
I'm wondering whether we can exclude certain IP
addresses from an IP POOL to be assigned to the client
?
for example, the ippool in radiusd.conf has been
defined as following:
range-start = 192.168.167.90
range-stop = 192.168.167.100
This means that IP address between 192.168.167.90 to
Hi List,
How does FreeRadius handle Login-Time attribute...?
In the README ofFreeRadius, it's written:
"Radiusd calculates the number of seconds left in the time span, and sets the Session-Timeout to that number of seconds. So if someones Login-Time is "Al0800-1800" and she logs in at 17:30,
not sure what they mean...maybe somebody can help me ?
[3092] 12:43:31:912: ElKeyReceiveRC4: Signature in Key Desc does not match
[3092] 12:43:36:929: EAPOL-Key for transmit key *NOT* received within 5 seconds in AUTHENTICATED state
Thanks,
lara
Lara Adianto [EMAIL PROTECTED] wrote: The log file
Hi list,
I have a strange problem with EAP/TLS authentication.
I have done thesetup with the guide from Ken Roser's howtoprovided in freeradius site:
- The client is XP, wirelesscard: linksys WPC54G
- The freeradius server is installed in linux
- The access point is linksys WRT54G
- The
Hi,
Using EAP/TLS authentication, I noticed that even if the user doesn't exist int the users file, theEAP/TLS authentication still proceeds and the key exchange still occur, access accept is also sent together with MS-MPPE-Recv-Key and MS-MPPE-Send-Key.
rlm_realm: No '@' in User-Name = "lara",
:
Thanks,
lara
Alan DeKok [EMAIL PROTECTED] wrote:
Lara Adianto <[EMAIL PROTECTED]>wrote: According to the posting, the problem lies in the server cert, that the client fails to validate, hence client will return invalid ack. My question is how can one make sure that the cert generated is
Hi list,
I'm stuck with the following problem of EAP/TLS authentication:
modcall: entering group authenticate for request 3 rlm_eap: EAP packet type notification id 4 length 6rlm_eap: EAP Start not found rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls auth: type "EAP"
Problem is solved. It's the problem with the shared library include.
Thanks,
lara
Alan DeKok [EMAIL PROTECTED] wrote:
Lara Adianto <[EMAIL PROTECTED]>wrote: Anyway, I've tried using freeradius-1.0.1 like what you have suggested, this time it complained about openssl/des.h: Making static d
/wireless/eaptls/?tag=missl-802-1, it is said that EAP/TLS can only work with SNAP version of openssl-0.9.7. Is this right ?
Thanks for any reply,
lara
Alan DeKok [EMAIL PROTECTED] wrote:
Lara Adianto <[EMAIL PROTECTED]>wrote: Anyway, I've tried using freeradius-1.0.1 like what you have sug
I did run the server in debugging mode. What I meant by the log is the debugging statement from running /radiusd -X -A. Alan DeKok [EMAIL PROTECTED] wrote:
Lara Adianto <[EMAIL PROTECTED]>wrote: I have a problem with rlm_eap_tls. The radius server doesn't seem to accept the access reques
Hi,
anybody can help me with the compilation of rlm_eap_tls ?
Freeradius version is 0.9.3, latest-snapshot of openssl: openssl-0.9.7-stable-SNAP-20040923.tar.gz
$ LDFLAGS "-L/usr/local/openssl/lib" CPPFLAGS="-I/usr/local/openssl/include" ./configure --localstatedir=/var --sysconfdir=/etc
Hi list,
I set upEAP/TLS FreeRadius auth for windowsxp client, and currently hit the wall in the certification generation.
I followed the instructions in the following howto on the net:
http://www.freeradius.org/doc/EAPTLS.pdf
The certs are generated as follows:
CA cert:
*
rm -rf
Hello,
I need some information about the following
'service-type' attribute:
- Outbound
- Administrative
- NAS Prompt
- Call Check
- Callback NAS Prompt
1. In which case will a radius client request for the
above service type or which radius clients usually
request for the above service-type ?
Hi Alan,
1. In which case will a radius client request for
the
above service type or which radius clients usually
request for the above service-type ?
http://www.freeradius.org/rfc/attributes.html
Click on Service-Type, and it will tell you what
those values mean, and when they're used.
Hello,
Is there any limitation on the max length of the
shared secret ?
I can't find any information from RFC2865. It is only
stated that the shared secret MUST not be empty
(length 0) to prevent packets from being forged
easily, but it is not stated what the max length is.
What is the common
Lara Adianto [EMAIL PROTECTED] wrote:
What is the common practice used by radius servers
and
clients ?
Not too short, not too long. 16 is a very common
length.
But Freeradius limits the shared-secret to 32. What
is
the rational behind this ?
Any longer than that, and it starts becoming
16 matches
Mail list logo