On 26/02/13 10:18, Chitrang Srivastava wrote:
Thanks this may solve the issue but one doubt ,
if (Module-Failure-Message =~ /.*logon fail.*/i) {
How is Module-failure-Message is handled , I guess its a string ?
Yes. It is set by some/most modules, but in particular mschap sets it
to the
On 02/25/2013 11:32 AM, Bertalan Voros wrote:
Hello All,
In order to be able to use the home server pools and fail-over I had to
create a list of 277 realms.
There are now 277 entires similar to this:
realm domain.com http://domain.com {
auth_pool = my_auth_failover
nostrip
On 02/25/2013 03:46 PM, Sven Anders wrote:
If we remove the single quotes (and we tested double quotes too) and we have a
path with
spaces in it, the call fails, because now we get 3 parameters.
What should we do?
Is this a bug in FreeRadius itself?
It's not a bug, in that it is designed to
On 02/21/2013 09:56 PM, a.l.m.bu...@lboro.ac.uk wrote:
what exactly is wrong here that is triggering this WARNING ?
Presumably that, since it's an internal attribute (255) it'll never be
send on the wire anyway, so filtering it makes no sense.
-
List info/subscribe/unsubscribe? See
On 02/22/2013 02:56 AM, tabibel sami wrote:
between supplicant and nas, i can't find a way to simulate a NAS (Point
ACCESS) with 802.1x supplicant thant can controle ethernet and not
wireless access from supplicant, because i use linux bridge to connect
my virtuel machines to each others (so no
On 22/02/13 15:10, Adrien Morvan wrote:
Thanks
So i ran it with gdb.
There is a seg fault but i don't understand what is happening.
I just noticed the 0xdeadbeef value.
Program received signal SIGSEGV, Segmentation fault.
rad_mangle (request=0x82ba520, data=optimized out) at
On 20/02/13 08:38, Dominique Frise wrote:
Hi,
We would like to configure a freeradius proxy-server v. 2.2.0 under
RHEL6 with users caching.
The scenario we would like to achieve is the following:
1. client sends username/OTP to freeradius-proxy that relays to central
radius server.
Central
On 20/02/13 11:53, ahmed.sa...@stfc.ac.uk wrote:
Hi,
I can authenticate using Kerberos, by running radius in debugging mode.
I can see that I get Access-Accept packet but SSH doesn’t gets logged in.
I get following in /var/log/messages
pam_radius_auth: DEBUG: getservbyname(radius, udp)
On 20/02/13 13:31, Dominique Frise wrote:
Hi Phil,
Here below a debug output :
==
rad_recv: Access-Request packet from host 127.0.0.1 port 11148, id=74,
length=94
User-Name = dfrise
User-Password = 276988
Ok, so the PIN is appended to the password. In
On 20/02/13 13:08, ahmed.sa...@stfc.ac.uk wrote:
Hi Phil,
That could be the problem.
I am using LDAP to get user information. getent passwd works okay
everytime I have system to use LDAP for accounting. Do I have to
set it up in FreeRadius as well? Or shall I do either or?
I don't
On 19/02/13 06:53, Russell Mike wrote:
Hi Phil Moby,
I am also interested in this solution since experiencing the same
problem. I liked the solution no1.
But I have no idea where I can get that script but I can modify if I
have one.
It's a pretty simple script. Depending on your SQL
On 19/02/13 09:11, Muhammad Nadeem wrote:
Hi, everybody
I have used pre-shipped certificates of Freeradius for testing
purpose. This testing was succeed with a test user 'bob', with files
authentication.
Now in the next step I wanna authenticate a user from my Database with
Digital certificates.
On 19/02/13 11:23, Mobin Yazarlou wrote:
Hi Mike,
Now it is an hour that I am looking for a built-in solution or a
ready-to-use script. The only thing I found was Idle-Timeout
http://freeradius.org/rfc/rfc2865.html#Idle-Timeout attribute. This
problem could be solved if RADIUS was responsible
On 19/02/13 14:16, Muhammad Nadeem wrote:
[eap] EAP NAK
[eap] NAK asked for bad type 0
You've mis-configured the client. Go back and look at it again.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 19/02/13 13:28, Mobin Yazarlou wrote:
The more I read about this, the more complicated it gets!
It's quite simple in principle.
Dear Phil, the first and third solutions you provided will work great
but their implementation is not that easy. As you said above, following
the first
On 19/02/13 16:09, Russell Mike wrote:
*A.) *Enable interim accounting
Yes
*B.)* Enable
post-auth {
update reply {
Acct-Interim-Interval = 900
}
}
Yes
C.) *You Said:* You also need to ensure the
accounting_update_query{,___alt} are configured in your sql.conf; this
is the
On 02/18/2013 06:31 AM, Tobias Hachmer wrote:
Hello Muhammad,
On 18.02.2013 07:17, Muhammad Nadeem wrote:
Now I want to practically test EAP-TLS with freeradius on REDHAT 5. I
have configured eap.confg to use EAP-TLS. But i don't know , how to
send requests to freeradius server, so that he can
On 18/02/13 10:57, Muhammad Nadeem wrote:
ca_cert=/usr/local/etc/raddb/certs/ca.pem
client_cert=/usr/local/etc/raddb/certs/client.pem
private_kry=/usr/local/etc/raddb/certs/server.key
^^^ typo - should be client.key
This is basic stuff; please read the docs for wpa_supplicant/eapol_test
On 18/02/13 16:43, Michell wrote:
Hello all,
what would be the best way to not allow the user connection that does
not have a group or have a group that does not exist?
What does have a group that does not exist mean? How can you be in a
group that doesn't exist?
Should I create a policy
On 18/02/13 18:02, Mobin Yazarlou wrote:
Hi,
I am using freeradius v2.1.12 with MySQL support and noticed if a user
disconnect when radius server is down, NAS can not inform radius about
user being disconnected and radius assume user is still online after
coming up again. This restricts user
On 15/02/13 10:52, Igor Smitran wrote:
What would need to be done in dhcp setup in order to have
radusergroup/radcheck/radreply/radacct-alike behavior?
As far as I can tell:
1. Figure our the SQL queries that return the check/reply and group
items you want for the values in the DHCP packet
On 14/02/13 13:13, David Peterson wrote:
I am trying to design a system with full redundancy. I know I can use
FreeRadius proxy and/or multiple front ends with a MySQL master-master
for the data. For IP redundancy I can install heartbeat so all of that
is fine. My biggest unknown is DHCP.
On 14/02/13 13:26, David Peterson wrote:
Are we still using git fetch origin v2.1.x:v2.1.x to get v2.2?
No. v2.x.x is the branch name now.
git clone ...
git checkout v2.x.x
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 14/02/13 14:01, Alan DeKok wrote:
Srinu Bandari wrote:
EAP key identifier must be sent as a part of Access-Accept message in EAP
Key-Name AVP (Radius Attribute Type 102).
Sure. But it's been hard to find out what is put *into* it. That
link has been missing.
This what Cisco
That might be your /etc/ld.so.conf - see the man pages for ld.so and check
/usr/local/lib is there or in rpath (ldd radiusd)
Alternatively
./configure --prefix /usr
David Peterson dav...@wirelessconnections.net wrote:
It compiles properly but when I run the daemon it can't find the
On 02/13/2013 07:23 AM, Бен Томпсон wrote:
One thing I still don't understand though is how best to use ippool
for DHCP. I don't understand where and how I should call the module
during a DHCP transaction. For example I can call it during
DHCP-Discover, but it seems that if I call it again
On 02/13/2013 09:59 AM, Srinu Bandari wrote:
Hi,
We are trying to bring up MACsec with Cisco and FR, and we are stuck
because of Radius unable to send EAP-Key-Name AVP.
That's not supported in FreeRADIUS, I believe. It's been a while since I
looked at it, but the whole extended EAP key
On 02/12/2013 09:52 PM, Shawky Skaff wrote:
Hi Guys,
Could I please get a response to this?
Have you considered the possibility that no-one knows?
dialupadmin is largely abandonware; it's been removed from the GIT repo
in master as no-one maintains it, or wants to. So, expertise on it is
On 13/02/13 14:46, Hocine M wrote:
Hi,
Some user who are proxied (eduroam) are acconted with username =
anonymous@realm
Yes
I don't want to have anonymous user in my database, do i have to reject
anonymous users in post-proxy section or there is something to do to
force user to use inner
On 02/11/2013 08:57 AM, Nandkumar Palkar wrote:
Hello,
freeradius not working in normal mode but working in debug mode
Stop that. That's the 3rd time you've posted, and this time you've
hijacked someone elses thread. That's rude.
-
List info/subscribe/unsubscribe? See
On 02/11/2013 08:49 AM, Nandkumar Palkar wrote:
Hi
freeradius not working in normal mode but working in debug mode.
Please suggest.
Which version of FreeRADIUS?
Which modules (SQL, LDAP, etc.) are you using?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 02/11/2013 10:11 AM, Nandkumar Palkar wrote:
version 2.1.10
You should upgrade; that version has a known security bug.
Module - LDAP
In this case debug log shows the username, but while i debug to stdout
it shows no username.
freeradius -fxx -l stdout
Just to be clear - when you say
On 11/02/13 10:43, Nandkumar Palkar wrote:
Hello,
Please see the debug log: (log output from command freeradius -fxx
-l stdout) and with freeradius -X it works fine.
My issue is that debug mode freeradius -X the authentication works
great but once I try with normal mode it doesn't. I have
On 11/02/13 11:44, QASIM RAO wrote:
checking for mysql_init in -lmysqlclient_r (using mysql_config)... no
checking for mysql_init in -lmysqlclient_r... no
*configure: WARNING: mysql libraries not found. Use
--with-mysql-lib-dir=path.*
What about this is unclear?
-
List
On 11/02/13 11:23, Antonio Alberola wrote:
When we monitored the network and one of the Windows AD we could confirm
that requests from Radius don't reach the AD, because they don't leave
Radius. We believe that connectivity between Radius and AD is correct, they
are on the same LAN and the AD
On 02/08/2013 11:42 PM, Jaap Winius wrote:
Quoting Alan DeKok al...@deployingradius.com:
No. You can't turn off EAP. The client is sending EAP to the server.
You need to change the client. And likely you can't, because it
*needs* to do EAP.
Indeed, the key_mgmt attribute in my
On 02/08/2013 09:04 AM, Hocine M wrote:
nobody?
The only thing that stands out is the Called-Station-Id is different.
This suggests to me that something about the accounting packets changes
as the client moves around (associates to different APs) and that the
accounting SQL queries you are
On 08/02/13 12:52, Tunde Ogedengbe wrote:
see from the log that the MAC addresses is checked and OK. But there is
an [eap] returns reject just after the mac address was successfully
checked. I guess I need a way to get radius to force an EAP accept
after successful checking of the MAC
On 08/02/13 16:09, Tunde Ogedengbe wrote:
Ok. Can you pls help with procedure for configuring pre-login on Windows
for 802.1x? Windows is sending packets to RADIUS as
host/machine-name.domain. I would like to have a dedicated
userid/password configured on windows for pre-login machine
On 08/02/13 16:19, Alan DeKok wrote:
If it requires tweaking for Aruba, then Aruba has failed to implement
the standards correctly.
Was it Aruba who we had all the issues with terminating PEAP/TTLS
locally on the controller, then transforming the inner EAP-MSCHAPv2 to
plain MSCHAPv2 and
On 08/02/13 17:14, Alex Sharaz wrote:
Aruba now say they only support eap-tls and eap-peap when you offload
eap onto their mobility controllers.
Well, don't do offload - it's a pretty bad idea anyway, and vendors have
a history of mangling it.
-
List info/subscribe/unsubscribe? See
On 07/02/13 09:51, Antonio Alberola wrote:
The PAM APIs are synchronous, and don't offer timeout options.
It's not possible to timeout a PAM call; FreeRADIUS is entirely
at the mercy of PAM.
Don't use PAM, it's not suitable for your needs. Use ntlm_auth,
and FreeRADIUS can timeout the call.
On 06/02/13 10:03, Hocine M wrote:
Hi ,
I have a problem with some user proxied.
In the accounting-request the username is stripped and realm is NULL.
Why le realm is lost?
The User-Name in the accounting packets is overridden by the User-Name
in the Access-Accept. In your case, your
On 06/02/13 12:19, Antonio Alberola wrote:
I understand that the PAM mechanism is slow, some domains more than others.
But, I don't understand why RADIUS doesn't clean this request with some
timeout mechanisms. It's very simple to create a script for crashing the
server with a DoS attack. I
On 05/02/13 10:44, Lakshmi Narayana Baliah wrote:
Hi all,
I want to configure the free radius to return access-reject based on the
value in stored procedure in oracle database( i have configured oracle database
to free radius)
How do i do that ??? please help
There are
On 05/02/13 10:20, Antonio Alberola wrote:
Dear All,
I'm having random authentication failures and I think they are due to a
Radius server internal failure. I use Radius for authenticating the email of
users in Windows Active Directory via PAM. Before I used NTLM and Kerberos
together, and now
On 05/02/13 15:50, Chris Taylor wrote:
I added this to the users file
DEFAULT ldap1.REALM-2.ca-Ldap-Group == residential_profile
But I get this error when I fire up radius -X
/etc/raddb/users[222]: Parse error (check) for entry DEFAULT: expecting operator
Errors reading /etc/raddb/users
Yes probably buggy nas changing username in logout acct packet. Seen this a lot
on multiple vendors, seems lightweight wireless controllers often erroneously
expose internal state to their radius servers :o(
I nobbled our SQL queries to avoid the loss of data.
Alan DeKok
On 01/25/2013 06:56 AM, Olivier Beytrison wrote:
Would this still be illegal and would I end in jail ? ;)
We do it; it works fine. I'll be honest, I have no idea if it's illegal
per spec, but don't really care - denying Reply-Message in
Access-Reject/Accept containing EAP-Message doesn't
On 01/25/2013 01:19 PM, Bertalan Voros wrote:
Hello All,
Could someone tell me if it is possible to terminate PEAP on a
freeradius server then proxy the request to an NPS server using MSCHAPv2?
Yes. Simply set Proxy-To-Realm in inner-tunnel/authorize, and
FreeRADIUS will proxy the packets.
On 23/01/13 14:47, Miha wrote:
Hi,
my radius client is sending with user-name and password aslo realm. I
can not disable sending realm, is it possible to configure radius that
will not user realm with user-name (user-name@realm)?
[digest] Digest-Attributes look OK. Converting them to
On 01/21/2013 06:47 AM, Tzvika Gelber wrote:
i'm looking to focus a problem i have - i think the main issue is not
freeradius but it's a good place to ask.
I have a server that's do both Radius and accounting for Wifi random
users (web redirected system).
now i just discovered that to
On 22/01/13 09:54, Emmanuel BILLOT wrote:
Hi,
Is there anyway to have log format (radius.log) with any date for eah
line or section ?
Define and use a linelog module instances. See raddb/modules/linelog
for example config.
-
List info/subscribe/unsubscribe? See
On 16/01/13 13:34, Ajay Garg wrote:
Ping :)
Anyone managed to get this working on gnome-applet? :)
$ gnome-applet
bash: gnome-applet: command not found...
You're being way too vague, inconsistent and hand-wavy for me to want to
spend any time on this.
If you can be *specific* about what
On 17/01/13 11:52, Ajay Garg wrote:
Hmm.. I am not exactly sure what package contains the gnome handle to
edit network-settings (in Fedora-14, it was called nm-applet).
Ok, then I give up. Maybe someone else is willing to spend time
deciphering vagueness, but I'm not. Best of luck.
-
List
On 17/01/13 11:29, Tiago wrote:
Hello everyone,
I'm struggling with something that should be simple to fix.
I have a rp-pppoe NAS server here that correctly understand a few
attributes (radreply) that come from freeradius 1.x (w/mysql
database). Example:
Download (for download rates) attribute
On 17/01/13 12:42, Tiago wrote:
Hello Phil,
Thanks for your answer.
I have these:
ATTRIBUTE Download78 integer
ATTRIBUTE Upload 79 integer
On /etc/freeradius/dictionary file that is being included as debug showed.
including dictionary file
On 15/01/13 11:30, Lakshmi Narayana Baliah wrote:
Hi Arran,
Thanks for your reply have created stored procedure(myS1Request) in oracle
database 11g as shown below, procedure takes input and output parameters.
The below procedure should be called in the SQL module in Free-radius for
On 15/01/13 12:24, Arran Cudbard-Bell wrote:
On 15 Jan 2013, at 11:48, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
How to call my own stored procedure ,which takes input and
output variable in free-radius server.
How do i do that ??? please help
Guessing you're referring to
On 01/11/2013 10:15 PM, Tyler Brady wrote:
basedn = DC=company,DC=com
Try setting a more specific (longer) base DN. As Arran has pointed out,
you're getting LDAP referrals. Active Directory likes to do this if you
query the LDAP tree from a point above 1 database, even though
On 01/15/2013 07:45 AM, Phil Mayers wrote:
On 01/11/2013 10:15 PM, Tyler Brady wrote:
basedn = DC=company,DC=com
Try setting a more specific (longer) base DN. As Arran has pointed out,
you're getting LDAP referrals. Active Directory likes to do this if you
query the LDAP tree from
On 11/01/13 13:23, Meyers, Dan wrote:
Anyway, we have got some Juniper EX2200 switches. The problem with
these is that they do mac-auth as a 'fake' 802.1x auth. The request
has the User-Name attribute set to the MAC address correctly, but
also has an EAP-Message present, it just doesn't contain
On 01/11/2013 08:32 PM, Arran Cudbard-Bell wrote:
Have you added nostrip for all the realms? The only way I can see it
clobbering username is if stripping is enabled.
Isn't the problem the special request-username attribute? AFAICT the
pairmove code handles this specially (fixup) but I'm not
On 01/09/2013 08:42 PM, Matthew Ceroni wrote:
It appears that when Windows sends the username it sends it as
DOMAIN\\username.
The \\ causes the 5c to appear in the username. I confirmed this by
using the radtest tool and specifying the username as DOMAIN\\username.
A single \ causes the
On 01/09/2013 06:15 AM, Ajay Garg wrote:
However, I get the exact same earlier dreaded logs :(
Sigh. This really is the thread of doom.
Find a working CA/server cert (from another machine, generated with the
same steps) and your failing ones.
Then compare the output of:
openssl x509
On 01/09/2013 08:29 AM, Rudolph Bott wrote:
However, our groups are stored underneath ou=groups,dc=example,dc=org
- so rlm_ldap is not able to find them with the basedn shown above. We
Unsolicited advice: that's not a great schema, and you should look to
move away from it.
are also not
On 01/09/2013 12:43 AM, Matthew Ceroni wrote:
Hi:
I am running FreeRadius version 2.1.12 on a CentOS 6 machine.
For authentication I am using AD (ntlm_auth) and this works create. In
the the request the username is sent as just the plain username (ie:
mceroni) and the NT-domain (ie: DOMAIN1).
On 01/09/2013 06:29 AM, Elizabeth Fife wrote:
Hi
I am using MAC OSX server. I was checking out the inbuilt freeradius. I
have not altered files related to this service and simply tried
radiusd -X
The following error was received
FreeRADIUS Version 2.1.3, for host i386-apple-darwin10.0, built
On 09/01/13 13:41, Ajay Garg wrote:
Followed the above, and compared the structures of certs generated on
Fedora-17 and Fedora-14.
The structures were identical.
Then you're doing something wrong on the client I'm afraid.
-
List info/subscribe/unsubscribe? See
On 01/08/2013 03:48 AM, Yashaswini Sathyanarayana wrote:
Hi ,
By default all standard attribute like user-name, user-password are of
type 1 and length 1.
This is wrong. I don't know what you think you mean, but standard
attributes each have a different type, and different lengths.
On 01/08/2013 02:15 AM, Faisal M.A wrote:
I've check /var/log/radius but one of them is binary and other one is
capturing the login details.
Its hard to tell when it was crashed.
How can you *not* know when it crashed? Aren't you monitoring it?
Is it roughly the same time every day?
-
List
On 01/07/2013 11:30 PM, Strong, Mark wrote:
Guys, Is there an option to set Fall-Through = Yes for groups as
default, just wanted to avoid having Fall-Through = Yes in every
group I have in radgroupreply.
Nope. You could modify the SQL queries to do this, depending on your SQL
database e.g.
On 01/08/2013 12:22 AM, Faisal M.A wrote:
Hi,
My radius server is crashing almost everyday and I'm not sure what
is the issue.
That's pretty vague.
First, upgrade to 2.2.0 to see if it's a bug that's already fixed.
If that doesn't help and it's actually crashing, see doc/bugs in the
On 08/01/13 08:37, Philippe MARASSE wrote:
- valgrind log on my production server
What did the valgrind log show? It's normally pretty good at catching
actual leaks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 08/01/13 17:26, Muhammad Usman wrote:
Thanks for your reply..i tried but remained unsuccessful, can you kindly
send me any link or thread where it was discussed. Thanks again
See this thread:
http://lists.freeradius.org/pipermail/freeradius-users/2012-September/062721.html
However, the
On 01/07/2013 10:10 AM, Muhammad Usman wrote:
Dear All, Any thoughts on this??
Various eap-sim issues have been discussed on the lists in the last few
months. Read the archives for more details.
IIRC the fixes are in 2.x.x branch - not all were in the release version
of 2.2.0. Download
On 07/01/13 13:18, Ajay Garg wrote:
I tried attaching the debug log-file, but the mail-message was rejected
by the mailing list for exceeding 100KB
How am I supposed to attach the complete logs?
You're supposed to *look* at them first; I'd give strong odds the answer
you seek is in there.
On 07/01/13 16:28, Phil Mayers wrote:
I don't have the time to try and decipher the build system shenanigans,
so I don't know why; this is from a tarball (NOT a git checkout) of
master as of a few minutes ago.
Maybe the empty TARGET=?
Sorry all, meant to send to -devel - I blame autocomplete
I don't have the time to try and decipher the build system shenanigans,
so I don't know why; this is from a tarball (NOT a git checkout) of
master as of a few minutes ago.
Maybe the empty TARGET=?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 07/01/13 16:28, Phil Mayers wrote:
I don't have the time to try and decipher the build system shenanigans,
so I don't know why; this is from a tarball (NOT a git checkout) of
master as of a few minutes ago.
Maybe the empty TARGET=?
Yeah that was it; pull request #161 opened
-
List info
On 07/01/13 16:49, Khapare Joshi wrote:
Hello
I been having problem as listed in this bug list:
https://bugzilla.samba.org/show_bug.cgi?id=6563#c59
I know at least few university having similar issue and ended up with
restarting winbind - that resolve the issue. I am not sure which version
of
On 04/01/13 14:18, Joe Rogers wrote:
I am having difficulties implementing the following users file
configuration in sql using freeradius 2.2.0:
user1 Calling-Station-Id == xx-xx-xx-xx-xx-xx
Tunnel-Private-Group-ID = VLAN1,
Tunnel-Medium-Type = IEEE-802,
On 12/28/2012 10:41 PM, Alan Buxey wrote:
Hmm, having run FR with AD authentication using winbindd and samba for
many many years I am interested in what problems with those daemons you
were having ... why need the frequent restarts etc. eduroam certainly
wouldn't have had the high take-up we've
On 12/29/2012 04:00 AM, Duane Cox wrote:
I think this is possible, but wanted to make sure and ask what would be
the best way to do this…
ie. Execute an external program or create a module.
I’m authenticating cable modems using freeradius with a sql database
backend.
What I want to do, is
Sigh. No. There are no packets in that debug. How do you expect people to read
a debug unless it contains an authentication attempt?
... adding new socket proxy address * port 51195
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command
On 12/27/2012 06:20 AM, Fajar A. Nugraha wrote:
On Thu, Dec 27, 2012 at 1:00 PM, ichiro tanaka i_tan...@hotmail.co.jp wrote:
I made a set of 'safe-character' connection config of the sql.conf.
However,the safe-character's being used in connection is the last(B)
(When I use the A.but B will be
On 12/27/2012 06:00 AM, ichiro tanaka wrote:
Hello
I'm using freeradius 2.1.12. I'm trying to set up sql.conf.
But there is one question.
I made a set of 'safe-character' connection config of the sql.conf.
However,the safe-character's being used in connection is the last(B)
(When I use the
I can no longer log into the wiki with my github account - seems the
wiki now requires that I expose an email publicly in my github profile
(something I am not going to do). Is this intentional? What's the rationale?
-
List info/subscribe/unsubscribe? See
On 12/27/2012 02:32 PM, spartan1...@hushmail.com wrote:
I played around with the users file in FreeRADIUS but it didn't
seem to have any effect unless I put a DEFAULT Auth-Type Reject in
the file which blocked everyone regardless of what else I had in
the users file. I've Googled around a bit
On 12/27/2012 03:19 PM, spartan1...@hushmail.com wrote:
...but if not then ok I was simply trying to figure out if I was
able to control machine-only 802.1x authentication against
FreeRADIUS in a manner similar to how simple user authentication
appears to be done (via the users file). From your
On 20/12/12 11:50, Yashaswini Sathyanarayana wrote:
WARNING: Unprintable characters in the password. Double-check the shared
secret on the server and the NAS!
This message is accurate. You have a typo, or the NAS is buggy.
Re-set the shared secret to something VERY SIMPLE e.g. abc123 - no
On 12/20/2012 05:14 PM, rosect...@yahoo.com wrote:
It is noticed that some VSAs are sent with Access-Challenge but not with
Access-Accept when PEAP is used.
Is there a way to configure the server such that those attributes are
sent with Access-Accept?
use_tunneled_reply = yes under the peap
On 18/12/12 13:11, BALSIANOK, Peter wrote:
Hi,
I try to send proxy request via freeradius-2.2.0, but as i can see in
the debug output, freeradius didn`t process Accounting Response (
tcpdump shows, that server got response )
Firewall (iptables, ipfw, pf, etc.)
-
List
On 18/12/12 15:29, BALSIANOK, Peter wrote:
No iptables, ipfw, pf, etc. . When i use radclient and sends
accounting request ( from server were freeradius is placed ) to
3rdparty radius i got correct answer.
Then use ordinary system diagnostic tools (strace, etc.) to determine
why the packet
You've trimmed the debug, but based on what you did give, the client isn't
sending pap - it is sending chap.
The client chooses the auth method - you can't force it at the server
Lorenzo Milesi max...@ufficyo.com wrote:
I'm having a problem with FR2.1.10 and MD5 Passwords with MySQL.
When I
On 12/12/12 22:14, laurent.fe...@free.fr wrote:
Hello,
in the authentication step, i try several authentication against otp
server, but if all are failed if the user is not know, i would like
to re forward the radius request to another radius server.
The server can't do that, because it
On 12/12/12 22:04, laurent.fe...@free.fr wrote:
Hello,
If someone can advise me...
How to share information between the authorize() function and the
authenticate() function within a perl or python script ?
Just set an attribute:
authorize {
update request {
Tmp-String-0 :=
On 13/12/12 15:22, David Peterson wrote:
I wanted to ping the Eduroam people about EAP over WAN links. Are there
considerations that can cause connectivity issues that I should be
examining?
Well... maybe.
EAP is lockstep, so round-trip time is a factor - if your RTT is 100ms
and your EAP
On 13/12/12 15:43, David Peterson wrote:
Hmm so if say the wireless inserted 55-65ms of latency and we have
another 50ms of WAN latency it could cause some real issues with
EAP.
It shouldn't cause issues - but you will observe the latency (as well
clients when authenticating).
Most EAP
On 13/12/12 15:55, David Peterson wrote:
I am troubleshooting potential issues on a WiMax system. Typically
we have the FR server on a LAN link but some customers have WAN
links. My thought is disconnects on a re-auth session causing
outages.
I guess it might be WAN RTT. To an extent, it
201 - 300 of 1979 matches
Mail list logo
