Hi,
are you running the preprocess module? if not, then Huntgroups arent looked at
or populated
alan
Yes, is running, in fact without WLC , work fine.
--
--
Silvero Martin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
++- if (!Huntgroup-Name) returns ok ++? if (Huntgroup-Name == list)
(Attribute Huntgroup-Name was not found)
the problem seems to be your huntgroup.. Can you post your huntgroup
definitions?
--
Jens Weibler
IT-Services
Hi,
In huntgroup I just have:
...
# Usuario = xxx xxx
list
Hi Matthew,
I checked that out and it's configured as you suggested. The AAA Override
option is enabled.
The vlan attributes are these:
Tunnel-Type = VLAN
Tunnel-Medium-Type = IEEE-802
Tunnel-Private-Group-Id = VLAN_ID
It works fine when we use the AP against the radius server, but when we use
We are modifying the Wireless acccess to our LAN.
We are trying to use a Cisco WLC and our freeradius. We've been using this
same freeradius for authenticating users against the corporate LDAP. Now
we want WLC to talk to the radius server without losing any functionality
like user authentication
Hi,
I use freeradius with cisco access point and vlans assignment, work fine
but now I try to use Cisco Wireless Controller and the vlan assignment dont
work.
Can you help me?
I send the logs:
Many thanks!
Log without acces points and wireless controller:
server inner-tunnel {
+-
Hello,
I want to know if it would be possible to debug freeradius while running to
a log file,
thanks.
2009/8/18 freeradius-users-requ...@lists.freeradius.org
Send Freeradius-Users mailing list submissions to
freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the
Hi list!
I need the packets freeradius-mysql... I have this:
freeradius-mysql-1.1.3-1.2.el5.i386.rpm
but my freeradius is 2.1.3 and this rpm don´t work.
I have Red Hat 5.1
Somebody have any idea where I get this packet?
My problem is this:
**Could not link driver rlm_sql_mysql:
Hi
my problem is I am trying to configure authentication with ldap + VLAN.
according to the group the user is connected to what I want to send a
VLAN, you need to know to begin testing is where I set this filter, I
set in to ldap file?
I already created some rules in the authorize section of
for example in the policy file type:
permit_only_eap {
if (Calling-Station-Id==001f.3c22.674a) {
...
here, depending on the mac, is due to the user a VLAN
}
this would be after the auntenticacion for PEAP-MSCHAPv2 with
Hi list.
I want to know if I can handle VLAN's on file policies and create a
conditions with Calling-Station-Id
this should be make after the authentication with user and pass.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[peap] TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert read:fatal:unknown CA
TLS_accept:failed in SSLv3 read client certificate A
But your problem has nothing to do with the user. You haven't imported
the ca certificate onto the users machine. At least not the correct one.
but, if I
- and how, exactly, does the EAP tunnel get set up if you dont
have a common certificate to enable such a construct? you've got
to have a CA - and, if done properly, you've got to have the validate
check as well!
Suppose a person who comes from outside the company, and wants to
connect
Hello gentlemen
I am configuring PEAP and there is not much information about it,
Should I add a user in the user file alone?
If default is configured with EAP, what should I modify another file?
thanks.
logout:
rad_recv: Access-Request packet from host 10.10.1.21 port 1645,
id=220,
Hi
I have the same logout when I do radiusd -X
If I find a solution or some I telll you.
if you find some tellme =)
Bye!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello!
but this log are of Radius, you tell me a problem is in the
supplicant? but I try with many supplicant and I have the same error.
Ever had a case like this? because I come with this problem long ago
and do not get results despite dealing with various forms and follow
the documentation.
rad_recv: Access-Request packet from host 10.0.16.4 port 1645, id=6, length=136
User-Name = test
Framed-MTU = 1400
Called-Station-Id = 0019.2fdb.9d00
Calling-Station-Id = 001f.3c22.44c5
Service-Type = Login-User
Message-Authenticator =
But that means that the authentication is successful?
If I have the NAS and Supplicant improperly set, I do not understand
because it rejects the response radius.
What do these lines?:
rlm_realm: No '@' in User-Name = cert, looking up realm NULL
rlm_realm: No such realm NULL
Thanks
then what I want to say is that this configuration is for users who
are not in a domain.
But if users are in a domain?
besides, I need is a certified master who serves me, or for users who
are not in a domain.
What sugeris me?
-
List info/subscribe/unsubscribe? See
Good day.
After testing several options, I got this error:
Does anyone have any suggestions?
thank you very much.
rad_recv: Access-Request packet from host 10.0.31.40 port 1645, id=1,
length=136
User-Name = user
Framed-MTU = 1400
Called-Station-Id = 0019.2fdb.9e00
Hello again (I was sick)
There is an EAP-TLS howto on the FreeRADIUS web site (type EAP-TLS
howto into google). It may help.
Alan ok, this is the HOWTO I was watching and following to create the
certificates and that's why I try to find some other suggestions to the
problem for me,
I want to achieve is to create a certificate for several machines and use
TLS
- I created all the certificates as they said in README, I tried and
nothing.
- I created the certificates according to README and follow some tips here:
https: / /
well! it worked!
Now my problem is that since the notebook I get an error: Server mistaken
identity - failed authentication
The truth is that I followed the steps recommended me to create the
certificates, the amount to the notebooks, but the error continues.
that is, I know it is wrong license,
I mean, what I want to achieve is to use tls with certificates for the PC's
that want to connect AP of entry, this creates certificates with the
following reference:
https://lists.freeradius.org/pipermail/freeradius-users/2008-October/msg00553.html
license = certificates for tls , sorry my
ok, this is out when i write radiusd -X -x :
Mon Oct 20 12:08:36 2008 : Info: FreeRADIUS Version 2.0.5, for host
x86_64-unknown-linux-gnu, built on Sep 3 2008 at 17:32:08
Mon Oct 20 12:08:36 2008 : Info: Copyright (C) 1999-2008 The FreeRADIUS
server project and contributors.
Mon Oct 20 12:08:36
Good day mate.
Well, finally understood what I recomendastes and I did, I created a package
with server.pem ca.pem and then convert it to. der, the amount to the
notebook but this time gave an error with the validation of the server:
rad_recv: Access-Request packet from host 10.0.31.40 port
In that case, disable the module md5 because I just want to use tls?
Why does the error that I showed you? certificates?
thanks!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Good day,
I was watching the file cert/Makefile to be able to solve my problem but
the truth is that according to what I saw I could not understand must be
done to achieve conversion certificates, is it a script?
tell me if I am wrong:
XP does not rely on the certificate then we must convert,
Do you referred to this line?
ca.der: ca.pem
openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I know, but what he does not understand is how to referee when you talk
about cabundle because what I have in / cert are the certificates that I
made in the steps of README, which I did not serve for windows, that the
back to delete?
when I run the command openssl x509-inform PEM-in-outform DER
Any suggestions for this topic guys?
thanks!!!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Is this the issue that you say?:
Re: CA.all and CA.certs in Freeradius
2.xhttps://lists.freeradius.org/pipermail/freeradius-users/2008-October/msg00248.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
This is the error when the user tries to connect
seems an error of certificates but are well installed:
thanks!!!
Going to the next request
Waking up in 2.9 seconds.
rad_recv: Access-Request packet from host 10.0.31.40 port 1645, id=68,
length=144
User-Name = msilvero
the problem is...
when I want to connect from the notebook to the network radius, asking me to
configure the profile to the type of authentication, and so on.
what set everything is ready and when I try to connect but does not connect
to the server and are not recorded requests.
on the server
ok tnt, I try that with the application, testing and do you notice. Thank
you very much!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Well, monitoring and testing in the log have this:
Going to the next request
Waking up in 2.9 seconds.
rad_recv: Access-Request packet from host 10.0.31.40 port 1645, id=68,
length=144
User-Name = msilvero
Framed-MTU = 1400
Called-Station-Id = 0019.2fdb.9e00
yes, I imported client.p12 and ca.der to the notebook, the checked again
and are fine
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I apologize to you for not knowing English well, I live in Argentina and my
native language is spanish (I doubt you know Spanish), if you are unable to
interpret what I am trying to say is your problem with your gray matter ,
but please if I express ticket that I am not wrong understanding and can
I do not understand what I want to say
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sorry
what they say is ...
The access point has an IP 10.0.31.x and is included within
raddb/client.conf, forget the IP 10.0.42.250 because I connect to that
network to another topic.
The server is in the 10.30.1.x , we do not need to be on the same network
because they are VLAN
hello!!
Well, as was the theme for the month so again clarify the principle also
returned thread.
The server is installed and tested it with the test and walk in perfect
condition.
I configured the radius in the client (access point) and a local user
testing,
the user is in a notebook in which
el access point tiena la IP 10.0.31.40 y esta incluida dentro de
raddb/client.conf, olvidemos la IP 10.0.42.250 porque me conecte a esa red
para otro tema.
El servidor esta en la 10.30.1.x y no hace falta que esté en la misma red
porque son VLAN ruteables. Haciendo ping responde bien.
¿cual
Good morning!
I am with a new problem, I feel like I'm close.
My problem now is that set in a notebook the connection to authenticate with
tls but not connecting, I am not showing any error, just does not connect,
you run into the radius with -x and is waiting for requests.
Why is this wrong?
The firewall is disabled, and probe with the tool NTRadPing and the result
in the radius is as follows:
Thu Sep 25 12:49:16 2008 : Debug: Ignoring request to authentication address
* port 1812 from unknown client 10.0.42.250 port 1083
Thu Sep 25 12:49:16 2008 : Debug: Ready to process
in fact this IP (10.0.42.250) is another network which is connected to the
notebook, which I have done now is to disconnect from the network and try to
connect to the radius of the outcome this time is that in the radius server
does not There is movement and the tool NTRadPing I get: no response
Yes, tried to ping and responds quickly and without losses. Also I did from
the server and also responds.
What could be the problem?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello comrades again.
I have been presented the following problem and by what I see is a user
problem, teachme if I am wrong. The theme is already created certificates
and installed on the user as I read in the howto but does not connect to the
network. I put all passwords equally by the doubts,
Is what we mean is that access point is wrong? Is this bad set?
Is this bad or configured in the notebook user?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the truth is that follow in the footsteps of the file certs / readme
I looked at the howto - http://freeradius.org/doc/EAPTLS.pdf and says
nothing of the buildup of certificates. I follow these steps:
README
I wrote the documentation as redundancy, forgiveness if disturbed.
What can be wrong password CA file? I got one at random, should be like any
other?
thanks!!
--
--
Silvero Martin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
already achieved what !, restart the service, I started from
scratch, cree certificates again.
said the error was like your . was the password, which is in eap.conf
Now I have a doubt AT THE howto tls two files that need to install the
computer user is root.der and cert-clt.p12
TNT perfect!!
thank colleagues for their help, and we want to try it in my next doubt!
thanks!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
oh ok!
but the user whit i trying to run radiusd is root, why say that? is posible?
thanks you!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Good morning everyone!
Well, I have progressed a bit in the installation of RADIUS EAP TLS.
what I did was install the version FreeRADIUS-1.0.4.tar.gz on my server,
configure the client (AP) and modules to work with eap tls, probe with
radtest and the response was:
Sending Access-Request of id
ouch!!
ok, change the version and started again :S
Like thank you very much!
--
--
Silvero Martin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
alan!!
and install the new version and the probe, probe with radtest and I get
this:
Sending Access-Request of id 236 to 127.0.0.1 port 1812
User-Name = test
User-Password = testing123
NAS-IP-Address = 10.30.1.104
NAS-Port = 1812
rad_recv: Access-Accept packet from
the method is eap+tls,
ticket that need to know and what post.
thanks!!!
--
--
Silvero Martin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hello friends!
solved the problem we had, I did a test and works well, but now every time
the user wants to connect I get this error in the logs:
Thu Aug 21 11:14:56 2008 : Info: rlm_eap_md5: Issuing Challenge
Thu Aug 21 11:14:56 2008 : Error: TLS_accept:error in SSLv3 read client
hello!
now i have this. i hope this time your answerme!!1
Sending Access-Request of id 42 to 10.0.6.29 port 1812
User-Name = test
User-Password = testing123
NAS-IP-Address = 10.30.1.104
NAS-Port = 1812
rad_recv: Access-Reject packet from host
hi ! to firts alan my server is 10.30.1.104 no 10.0.6.29 and when i write
this: radiusd -i 10.30.1.104 -p 1812 -x -X :
Thu Aug 14 17:36:15 2008 : Info: FreeRADIUS Version 2.0.5, for host
x86_64-unknown-linux-gnu, built on Jul 24 2008 at 10:54:31
Thu Aug 14 17:36:15 2008 : Info: Copyright (C)
/certs/ in the folder many licences, what is that I installed on the
notebook and as set?
thanks!!!
--
--
Silvero Martin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
for example mi have this problem:
when I run radiusd-X -x strip me this mistake even if the PATH're ok. what
is?
Tue Aug 5 11:00:31 2008 : Error: rlm_eap: SSL error error:06065064:digital
envelope routines:EVP_DecryptFinal_ex:bad decrypt
Tue Aug 5 11:00:31 2008 : Error: rlm_eap_tls:
]:
Error binding to port for 0.0.0.0 port 1812
what is?
thanks!!
--
--
Silvero Martin
--
--
Silvero Martin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello my name is martin and I'm from Argentina.
I'm trying to configure for use with FreeRADIUS eap + tls and ldap, but
recently started doing this and I am wrong in the first configurations, what
I did was set a cleinte which is a AP's and when I run radiusd-X -x strip me
this mistake even if
Hello im from Argentina and im configure freeradius with eap+tls but give me
one error:
Tue Aug 5 13:11:37 2008 : Error: rlm_eap: SSL error error:06065064:digital
envelope routines:EVP_DecryptFinal_ex:bad decrypt
Tue Aug 5 13:11:37 2008 : Error: rlm_eap_tls: Error reading private key
file
it seems to me like a certificate`s password problem.
take a look at server.cnf ca.cnf and clients.cnf.
or read the document that came with the package how to remove all
certificates and create the 3some ( :) ) of them.
2008/8/5 Martin Silvero [EMAIL PROTECTED]:
Hello my name is martin and I'm
65 matches
Mail list logo