Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
On Mon, Oct 14, 2013 at 10:40:19AM +0100, Matthew Newton wrote:
On Fri, Oct 11, 2013 at 05:41:07PM +0100, Fabrizio Vecchi wrote:
As you can see, the device wasn't listed in the file, the authentication
went fine, saying that the tunnel that I should get has ID 40, but that
wasn't
++[radutmp] returns ok
++[exec] returns noop
From that, have you tried the following?
radwho -F /var/log/radius/radutmp
See also radwho(1).
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH
On Fri, Oct 04, 2013 at 09:54:29AM -0400, Garber, Neal wrote:
Can someone tell me if it is possible in FR to cache in memory
(for a short amount of time) Calling-Station-Id from successful
rlm_cache ?
http://wiki.freeradius.org/modules/Rlm_cache
Matthew
--
Matthew Newton, Ph.D. m
address * port 1814
Ready to process requests.
Ignoring request to authentication address * port 1812 from unknown client
127.0.0.1 port 52834
^^
Make sure there is an entry for 127.0.0.1 in your clients.conf.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems
Stripped-User-Name instead of User-Name,
e.g.
ntlm_auth = /usr/bin/ntlm_auth --request-nt-key --domain=abc.ac.uk
--username=%{Stripped-User-Name} --challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist
'make install' on top of a
working config on a server and trust the install to not touch any
local changes. Even if I'm 99.99% sure it won't, I'd be too
worried to do it when there's an easy alternative. But I guess
some are just more adventurous than me! :)
Cheers,
Matthew
--
Matthew Newton
features, forget the paid
support and ask here like you just did.
If the support is worth anything, of course, then I'm sure they'll
be delighted to build later packages for you that include the
patch. :-)
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure
for obvious reasons...
If you're doing CHAP (or something that needs the full cleartext
password) then you're probably limited anyway, as the only way
you're going to get the right cleartext password from a username
in a range when you don't list them all is to refer to said
username.
Matthew
--
Matthew
On Wed, Aug 28, 2013 at 12:20:12AM +0200, Martin Kraus wrote:
I'm stuck with 2.1.10 on ubuntu:-(
Without trying to come across as if I'm a stuck record... this is
easy to solve.
https://lists.freeradius.org/pipermail/freeradius-users/2013-August/067939.html
Cheers,
Matthew
--
Matthew
?
MSHCAPv2 - I thought PEAPv0 was only MSCHAPv2?
and TLS.
m.
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info
in the tls
section.
I backported the patch I wrote to do this to v2 (which is what we
are running); I'm not sure if it made it into the released 2.x
code (I doubt it). It's an easy patch it anyone wants to do it
themselves.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist
without access to an OSX server license.
http://support.apple.com/kb/DL1466
?
But this is getting a bit off-topic.
m.
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact
On Wed, Aug 28, 2013 at 04:49:42PM +0100, Matthew Newton wrote:
See the sites-available/check-eap-tls file in v3, and the
mods-available/eap file, option virtual_server in the tls
section.
I backported the patch I wrote to do this to v2 (which is what we
are running); I'm not sure
On Thu, Aug 22, 2013 at 10:30:54AM +0100, Phil Mayers wrote:
Matthew Newton m...@leicester.ac.uk wrote:
On Wed, Aug 21, 2013 at 09:52:14PM +0200, Martin Kraus wrote:
well looking at man wpa_supplicant I can see
EAP-PEAP/TLS
I think that should be PEAP/EAP-TLS. Otherwise I'm not sure
://notes.asd.me.uk/2012/01/27/compiling_freeradius_from_git_on_debian/
Note these both give you packages - so you can easily uninstall
etc as required, or roll back to the distribution ones.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services
?
I did a write-up on getting this to work (see
http://q.asd.me.uk/pet ) - fragment_size was the biggest gotcha
IIRC.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
-TLS by doing PEAP/EAP-TLS - it's still
certificate (machine auth) only.
My advice would be to stick with PEAP/EAP-MSCHAPv2 and use
deployment tools to get the devices configured correctly.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T
in that directory (without
the policy { } wrapper of course).
That's how it is now done by default in version 3.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help
: Debug: shortname = BTS111
Fri Aug 2 16:45:25 2013 : Debug: nastype = other
Fri Aug 2 16:45:25 2013 : Debug: }
You've also got two netblocks that clash there. I'm not sure it
will hurt, but you probably want to remove one of them, or fix
the netmask.
Matthew
--
Matthew Newton, Ph.D. m
could do it by hacking the openssl library I guess.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info
of id 70 to 172.31.61.224 port 1812
...
The RADIUS server sent an Access-Accept. That means that if you
still can't get in, it's the switch that has the problem.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester
the customized message. Is there a way to test the
user/pw combo first and *then* perform unlang logic?
That's what the post-auth section is for.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH
messages or
locations to print them, but the pull request will give the right
starting pointers :-)
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk
On Fri, Jul 12, 2013 at 11:24:54AM +0100, Matthew Newton wrote:
On Fri, Jul 12, 2013 at 11:19:00AM +0200, Alan DeKok wrote:
Lovaas,Steven wrote:
I had a mismatch between the type of the home_server localhost (auth),
and the attribute used in one of the realms pointing to the pool
for that.
Any suggestion?!
This came up the other day; I don't think there was a resolution.
It's not a FreeRADIUS issue - you're probably best off talking to
Cisco TAC.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University
Hi,
On Tue, Jul 09, 2013 at 10:58:15AM -0700, Julian Macassey wrote:
On 2013-07-09 at 10:18, Matthew Newton (m...@leicester.ac.uk) wrote:
Try adding the following to the *top* of your users file:
evergreen Cleartext-Password := pa55word, MS-CHAP-Use-NTLM-Auth := 0
When I use the users
it
can't authenticate the user.
Given a cleartext password as above, you should be good to go.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn
Access-Reject of id 73 to 10.1.1.211 port 35032
Waking up in 4.9 seconds.
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List
it?
I would check that your WLANs are correctly configured with the
RADIUS servers in the controller. You shouldn't need to configure
the APs like this.
You're better off asking on another mailing list, though.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure
(this goes to the
NAS) and will disconnect without an EAP Success.
You probably want EAP-TLS if you want host (rather than user)
based authentication on wireless.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester
. You just can't
authenticate based on the MAC address only if you're doing EAP.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith
-
Upgrade from 2.1.12 to 2.2.x, as there are security issues pre
2.2.x.
Save yourself some round trip packets by setting default_eap_type
= ttls in eap.conf
Save yourself some LDAP lookups by removing ldap from the outer.
Cheers
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems
.
If you can't or won't, then please find some commercial paid
support for your problems and stop wasting people's time having to
read e-mails that they can't help with.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
can be spoofed if you permit NASes
not under your own control.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List
round trips, it will auth faster,
too).
Cheers
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe
?
Same thing, but usually referred to as PEAP/EAP-TLS (or sometimes,
probably incorrectly, EAP-PEAP/EAP-TLS).
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact
has:
if (isdigit(l[1])) break;
which stops looking for a module_name (e.g. md5 if the first
character after the : is a digit.
Fixed in 3.0 (see 4fd62ce9 22 August 2012).
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University
both servers so we can see
what's happening. A small section doesn't help much.
You should use Cleartext-Password in place of User-Password in the
config. There is no difference, and User-Password is deprecated
and going away in 3.0.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems
impossible to tell much more.
Matthew
From: Matthew Newton m...@leicester.ac.uk
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Friday, 3 May 2013 6:21 PM
Subject: Re: Proxy Treatment of PAP/Chap Auth Types
On Fri, May 03, 2013
so,
if it is a problem, that is where to fix it. It's nothing to do
with FreeRADIUS.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253
{
Session-Timeout : = 7200
}
It should be:
post-auth {
update reply {
Session-Timeout := 7200
}
}
(e.g. no space between : and =)
HTH,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester
to FreeRADIUS. Like already pointed out, if
it's AD, this isn't likely to happen.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith
-- comment out
ntlm_auth
}
}
Then it should take your User-Name and User-Password, check them
using the ntlm_auth utility rather than the pap module (the
ntlm_auth module is just an instantiation of exec).
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure
method for PAP. The PAP module
can't do it for you, as it knows nothing about the ntlm_auth
utility, so you have to call it yourself, using something like the
config I gave you just now.
Matthew
On Fri, Apr 19, 2013 at 9:56 PM, Matthew Newton m...@leicester.ac.ukwrote:
On Fri, Apr 19, 2013
-Type REJECT section in the inner-tunnel is never
called. This is fixed in v2.x.x HEAD and master.
Post-Auth-Type REJECT in the outer tunnel is fine.
This might be your problem.
Or perhaps I am just doing something wrong.
You didn't send output from radiusd -X.
Matthew
--
Matthew Newton, Ph.D
at present to go digging to find
out).
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe
/shouldn't/ need to do this - FR will generally work this out
by itself - just make sure 'passwd' is above 'pap' in authorize.
Setting this might cause you problems in the future.
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services
'
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith
the
entry to the users file, then try logging in with that
username/password.
To help further, we're going to need more information. Primarily,
*complete* debugging output, generated by running in debug mode
with radiusd -X
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist
attribute, so it will not change
the attribute.
Then look at the debug output to check that it actually did what
you asked (e.g. the regex is right, etc).
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester
checked? Perhaps a regex
thing?
[preprocess]expand: %{NAS-IP-Address} - 192.168.0.15
++[preprocess] returns ok
huntgroups is definitely being read (it's read by preprocess), but
the lines might not be being matched.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist
Hi,
On Wed, Apr 17, 2013 at 08:38:36PM +0100, Matthew Newton wrote:
On Wed, Apr 17, 2013 at 12:32:32PM -0500, John Giordano wrote:
So in huntgroups I have:
### RADIUS HUNTGROUP TEST - jg ###
MSP7345 NAS-IP-Address =~ /^10\.99\.3\./
SNJ7000 NAS-IP-Address =~ /^10\.3\.99
bunch of entries in
huntgroups... either manually or through a Perl script. :)
Cheers!
-jg
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253
in
the Idle-Timeout thread :-)
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http
suggested.
Note the above splits the config over two locations. If you want
to keep it all in one place, use unlang like Alan said. If it
doesn't look tidy, put it in the policy.conf file and then call
the policy name instead.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist
anyway :-)
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http
:
update reply {
Idle-Timeout := %{client:myidlevalue}
}
(may want an if{} around it if myidlevalue isn't defined for all
clients)
:)
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United
,
Ip_Address_Pool_Name = pool_128,
Framed-Address = 255.255.255.254,
Framed-Netmask = 255.255.255.255,
Fall-Through = 0
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
being set by
something else beforehand, and needed the := to force it.
But unlang is probably tidier than files here.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
control {
Proxy-To-Realm := wifiproxy
}
}
...
}
}
This should work between different servers; I'm not sure if you'll
hit the only one internal proxy limit on one server.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T
On Tue, Mar 26, 2013 at 02:20:40PM +0100, Emmanuel BILLOT wrote:
How about hyphen SSID ? ex : WIFI-TEST
I failed in writing regex for it...
if (Calling-Station-Id =~ /^.*:([a-zA-Z-]+)$/) {
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
' {
update control {
Proxy-To-Realm := testproxy
}
}
case 'WIFI' {
update control {
Proxy-To-Realm := wifiproxy
}
}
}
}
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T
was skipped, so inner post-auth was only called for
success.
Some confirmation would be useful - I haven't got time to check
right now.
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH
it in the virtual server.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http
On Thu, Mar 14, 2013 at 03:04:08PM +, Jonathan Gazeley wrote:
On 14/03/13 14:26, Matthew Newton wrote:
Just put it in the global instantiate section, as above, then use
it in the virtual server.
The point of my exercise is to make my FreeRADIUS config fully
modular in preparation for my
, as it then won't call post-auth at all.
I'd suggest that either a00c4432 needs backing out, or 00cadac7
and need backporting as well.
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
, or 00cadac7
and need backporting as well.
should have read:
I'd suggest that either a00c4432 needs backing out, or 00cadac7
and c625bf173 need backporting as well.
There are three commits in series that all go together.
Cheers!
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems
something
different that can handle auth without plaintext passwords.
Cheers
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith
can run eapol_test on a different machine than
FreeRADIUS if you want to - just make sure you set up a client for
the test machine in the FR config.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1
of a reload. It's
not likely to make much of a difference.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe
}\
...
}
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
based auth, it's
not likely to go well...
Sorry if this is a FAQ, of course I've not changed anything within my conf
since 2009 !
You should upgrade. There have been security bugs fixed in 2.2.0.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services
is
also likely to get you a lot of 'go away and upgrade' responses,
rather than answers to your question...
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
-
List info
.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http
.
Cheers
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http
Windows devices (especially as part
of a windows domain), then EAP-TLS can also be another good
option.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help
compiled yourself, or own-built packages (from
git?), or the standard Debian packages from their repo?
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help
Auth-Type := Local, Cleartext-Password := 00c51180d29c
Alcatel-Lucent-Auth-Group = 4
As the debug log says, Remove Auth-Type := Local from the above.
Matthew
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Matthew Newton, Ph.D. m
Auth-Type := Local, Cleartext-Password := 00c51180d29c
Alcatel-Lucent-Auth-Group = 4
As the debug log says, Remove Auth-Type := Local from the above.
Matthew
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Matthew Newton, Ph.D. m
to get more help if
you send the debug output from FreeRADIUS (radiusd -X).
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith
.mk files in that dir), remove @
characters at the beginning of the lines.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253
On Wed, Nov 21, 2012 at 09:01:22AM +0100, alexdhel...@free.fr wrote:
00c51180d29c Auth-Type := Local, Cleartext-Password := 00c51180d29c
Alcatel-Lucent-Auth-Group = 4
As the debug log says, Remove Auth-Type := Local from the above.
Matthew
--
Matthew Newton, Ph.D. m
/freeradius: error while loading shared libraries:
build/lib/relink/.libs/rlm_acctlog.so: cannot open shared object
file: No such file or directory
No time to look right now - maybe tomorrow.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T
---
Dmitry KORZHEVIN
System Administrator
STIDIA S.A. - Luxembourg
e: dmitry.korzhe...@stidia.com
m: +38 093 874 5453
w: http://www.stidia.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems
, is not clear text. You need clear text
passwords or NTLM (NT-Password) for mschap to work.
http://deployingradius.com/documents/protocols/compatibility.html
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester
requests.
You've missed the rest of the log off that contains the actual
authentication attempt, so we can't see what's broken.
Try again with
rtestCleartext-Password := rtest
at the top of the users file.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks
a
security vulnerability in anything older.
Cheers
Matthew
[0]
http://notes.asd.me.uk/2011/01/11/freeradius-and-ntlm_auth-reminder-from-a-silent-failure/
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester
ttls
...
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = ttls
Try setting that to something other than ttls. For instance,
mschapv2, to match your PEAP section.
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems
}
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
!
Can you please suggest what might be the issue is? I am getting password
Please read the debug output. It's telling you the answer.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH
in
the Accounting-Request that was returned to the NAS in the
Access-Accept, not the User-Name that they used in the
Access-Request. Therefore the result from FreeRADIUS does directly
affect what is sent for Accounting.
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect
, but
it's nothing like as often as it used to be.
In short, it's a client/NAS issue, as already stated.
Hope that helps,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United
of the 'users' file. Move it to the
top. (And add pap back in).
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
it. Personally unless
functionality was a lot different (which it doesn't sound like it
is), I'd probably do it all in one outer server and test based on
request attribute or Packet-Dst-Port, but if it works then it's
OK.
Cheers
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect
haven't enabled
copy-acct-to-home-server correctly. You should then see that pick
up packets and process them.
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
1 - 100 of 216 matches
Mail list logo