. But I
don't think that you can configure this on the BigIPs. The RADIUS protocol is
stateless, so there is no criteria in the application that a load balancer
could use to balance inside the application.
Greetings,
--
Mit freundlichen Grüßen,
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de
reserved. 802 Limited. Registered in
the UK. Company Number. 7962864.
--
Mit freundlichen Grüßen,
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
helper program.
http://deployingradius.com/documents/configuration/active_directory.html
Greetings,
--
Mit freundlichen Grüßen,
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München
the
radius protocol, to get authorized, and get the IP address to respond with
to the DHCP request.
You want to try the DHCP relay agent feature implemented on every better
router or layer 3 switch.
Greetins,
--
Mit freundlichen Grüßen,
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de, +49
..?
Zulu time. Equals GMT.
It's certainly not seconds since epoch or Jan 01 - 1601 which is seen in
certain other operating systems.
YYMMDDhhmmssZ
--
Mit freundlichen Grüßen,
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Franziskanerstraße 15
.
FRv1. But you do not want to use that.
--
Mit freundlichen Grüßen,
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter
commands, i.e. radmin, and passes the results as SNMP protocol
over the net. And mrtg, cacti or all the other monitoring systems do
understand SNMP very well.
--
Mit freundlichen Grüßen,
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
the base_filter
commented.
I hope this helps,
Michael
On Fri, Jun 28, 2013 at 9:14 AM, Mathieu Simon mathieu@gmail.comwrote:
G'day all, and thanks Phil for your hints
(Arran I'd want to leave 3.0 as an option of last resort even though it's
considered RC by now) ;-)
try moving mschap after LDAP
BUT authorization.
No. How can you authorize somebody without beeing sure who that user is. Only
authentication provides that information. So you need authentication and
authorization.
--
Mit freundlichen Grüßen,
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Using global IPV6 addresses worked. Thanks for the help.
Mike
-Original Message-
From: freeradius-users-
bounces+michael.sherman=exfo@lists.freeradius.org
[mailto:freeradius-users-
bounces+michael.sherman=exfo@lists.freeradius.org] On Behalf Of
Alan DeKok
Sent: Friday, May
what does this do...
client fe80::215:17ff:fed0:d278 {
secret = test
shortname = test-net
nastype = other
}
... ?
alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Same :(
radiusd: Loading
HI All,
I'm testing freeradius server version 2.2.0. Worked fine using IPv4.
When I switched to IPv6 I got the following error:
Ignoring request to authentication address :: port 1812 from unknown
client fe80::215:17ff:fed0:d278 port 41189
Here is the entry from the clients.conf:
client
smartphone. See:
http://sys4.de/en/blog/2013/03/16/otp-freeradius/
--
Mit freundlichen Grüßen,
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben
with consulting ;-)
Mit freundlichen Grüßen,
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Am Mittwoch, 8. Mai 2013, 12:29:44 schrieb Nikolaos Milas:
On 7/5/2013 2:37 μμ, Michael Schwartzkopff wrote:
http://vuksan.com/linux/dot1x/802-1x-LDAP.html
Thank you Michael for your valuable feedback, esp. the link above.
By the way, I've been pointed to: http://www.packetfence.org
with 120.000 MAC
addresses ...
--
Mit freundlichen Grüßen,
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc
to improve the situation. I am really
looking forward when Cisco will implement it.
Greetings,
--
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick
,
--
Dr. Michael Schwartzkopff
Guardinistr. 63
81375 München
Tel: (0163) 172 50 98
Fax: (089) 620 304 13-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the baseDN in the ldap module configuration of FR to
dc=example,dc=org.
--
Dr. Michael Schwartzkopff
Guardinistr. 63
81375 München
Tel: (0163) 172 50 98
Fax: (089) 620 304 13-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 1/7/2013 22:48 PM, Yashaswini Sathyanarayana wrote:
Hi ,
By default all standard attribute like user-name, user-password are of
type 1 and length 1.
But kineto attributes are of type 2 and length 2.
So is there a way to make RFC-2865 dictionary that is added in free
you follow the accounting packets with tcpdump on the line? did you
try to run your radius server in debug mode?
--
Dr. Michael Schwartzkopff
Guardinistr. 63
81375 München
Tel: (0163) 172 50 98
Fax: (089) 620 304 13-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
that by default once a day in
/etc/logrotate.d/freeradius. You should be fine by replacing
/etc/init.d/freeradius reload with etc/init.d/freeradius restart in
that file. Disclaimer: untested by me.
In my case i upgraded to a more recent version. But this if far more hassle.
hth,
Michael
-
List info
attribute in your Access-
Request packet.
And according to the protocol compatibility matrix you mentioned, SSHA and
*EAP will not work.
--
Dr. Michael Schwartzkopff
Guardinistr. 63
81375 München
Tel: (0163) 172 50 98
Fax: (089) 620 304 13
signature.asc
Description: This is a digitally signed
and Also enable
accounting) – how?
No. not authenticated - no information in RADIUS.
3. GUI: is there a management GUI for FreeRadius and if so how do I
install it?
dialupadmin, daloradius. Please see the documentation of these packages.
--
Dr. Michael Schwartzkopff
Guardinistr. 63
81375
for the
central one)
EAP tunnel will end on the end system. Attributes from inside the tunnel can
be copied to the outside RADIUS protocol. This attributes can be seen from the
NAS. So they can react as configured.
Greetings,
--
Dr. Michael Schwartzkopff
Guardinistr. 63
81375 München
Tel: (0163) 172 50 98
. Michael Schwartzkopff
Guardinistr. 63
81375 München
Tel: (0163) 172 50 98
Fax: (089) 620 304 13
signature.asc
Description: This is a digitally signed message part.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius?
Install freeradius. Nearly everything works out of the box.
--
Dr. Michael Schwartzkopff
Guardinistr. 63
81375 München
Tel: (0163) 172 50 98
Fax: (089) 620 304 13
signature.asc
Description: This is a digitally signed message part.
-
List info/subscribe/unsubscribe? See http
,
--
Dr. Michael Schwartzkopff
Guardinistr. 63
81375 München
Tel: (0163) 172 50 98
Fax: (089) 620 304 13
signature.asc
Description: This is a digitally signed message part.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thank you all for your input.
I would be managing the Radius servers hosted by like HostGator or
Rackspace or someone like that.
On Thu, Sep 27, 2012 at 4:39 AM, Phil Mayers p.may...@imperial.ac.ukwrote:
On 09/26/2012 11:42 PM, Michael Geary wrote:
Good Evening,
We have several separate
that if the Internet failed there, that
no one on the separate networks would be able to authenticate.
Has anyone had any experience with using a Radius server in the cloud to
authenticate users?
Thank you very much,
--
Michael Geary
GAW High-Speed Internet
72 Shaker Rd.
Enfield, CT
06082
www.GAW.com http
to get the interesting figures:
http://wiki.freeradius.org/config/Status
With a simple script/cronjob you can feed these data into a RRD and generate
nice graphs.
Greetings,
--
Dr. Michael Schwartzkopff
Guardinistr. 63
81375 München
Tel: (0163) 172 50 98
Fax: (089) 620 304 13
signature.asc
not created.
Thanks to assist
According to you log you messed up your config.
Please restore the users file with the help of the original file. Then add the
correct entries copying the samples from the original file.
Greetings,
--
Dr. Michael Schwartzkopff
Guardinistr. 63
81375 München
Tel
!
Andreas
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
See section Security Settings - WPA-802.1x or section Security Settings -
802.1x of the ALLNET manual.
--
Dr. Michael Schwartzkopff
Guardinistr. 63
81375 München
Tel: (0163) 172 50 98
Fax: (089) 620 304
. Any recommendations to the backup policy?
Ordinary backup solution of the SQL database.
--
Dr. Michael Schwartzkopff
Guardinistr. 63
81375 München
Tel: (0163) 172 50 98
Fax: (089) 620 304 13
signature.asc
Description: This is a digitally signed message part.
-
List info/subscribe
Pretty sure when you installed it the users file that is being used is
not in your home directory. I am pretty sure that if you were to look
in output.txt you would be able to see what users file is being used.
Michael
Not sure why you are posting about daloradius on a FreeRADIUS list,
but a 2 second look says you have the port numbers wrong.
Michael
--
Michael J. Hartwick, VE3SLQ
mailto:hartw...@hartwick.com hartw...@hartwick.com
and use_tunneled_reply to yes in the PEAP and
TTLS sections, but this didn't make a difference. How do I actually
reject an inner tunnel request?
Michael
--
http://michael.gorven.za.net
PGP Key ID 1E016BE8
signature.asc
Description: OpenPGP digital signature
-
List info/subscribe/unsubscribe? See http
and therefore went on the second
line. Thank you for your assistance.
Michael
--
http://michael.gorven.za.net
PGP Key ID 1E016BE8
signature.asc
Description: OpenPGP digital signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
- - Michael
-BEGIN PGP SIGNATURE-
Version: PGP Desktop 10.0.3 (Build 1)
Charset: windows-1252
wsBVAwUBT80NGZbfnpCg64TVAQHd4ggArN/0myf0kzlm1eSp+uMZuUl/s4Zi2Ua3
2nhocQZ6psuKwsDXphEkZqOeR5ZOjms8I3HiljLs8Cg6W7iE6ykFU0TRK8miG301
HQLWqHczFA/X4bDsHa8UH6do9Bvt9Nd6uDYn4ksrKJFCQabhTaVocECmOmXFLpUo
I recently had to install debian 6.0 on one of my servers after a hard
drive crash, and while I had freeradius running before, I can't seem to get
it running now.
I ran sudo apt-get install freeradius and hit enter to accept the
additional packages, and I also installed dialup admin with the
I could if I knew how. manually sifting the output of lsof doesn't appear
to include anything pertaining to that socket
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
yep, killing the offending process worked just fine.
thanks for the help!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
your were right, the directory didn't exist.
It now loads correctly, I just have to get the server configured now
in case anyone else has this problem, you have to have it writeable to the
system user 'everyone' and the user that you are logged into the terminal as.
-
List
I set up the server with gracious help from the community, and now it
starts without errors. The problem comes in trying to get the test user to
work. The server simply replies with Access-Reject and awaits the next
user.
Here is the dump from radtest:
DeepBlue:~ michaelaldridge$ radtest
As requested:
DeepBlue:raddb michaelaldridge$ radiusd -X
FreeRADIUS Version 2.1.9, for host i386-apple-darwin10.8.0, built on Dec 9
2011 at 18:58:07
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
I feel stupid now, I was editing the wrong users file...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
All,
I've got a Freeradius server I'm testing for VMPS. My mac2vlan file
needs to be dynamically updated. Right now I have a cron job that does
that and then stops/starts Freeradius so the new mac2vlan file is read.
Is there a better way to do this?
Thanks much,
Mike
-
List
Anybody knows a tool to test radius performance?
Vasco's radius simulator. It runs in Wine under Linux just fine.
Regards,
Michael Holstein
Cleveland State University
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I wanted to say thanks to everybody from this list who has given me a hand over
the past few weeks. I have successfully configured Freeradius to authenticate
802.1X wireless clients from an AD domain and assign them the appropriate VLAN
tag based on AD/LDAP group membership. Many thanks to
All,
I have one minor issue to ask the group about.
Using Freeradius to authenticate 802.1X wireless clients, I noticed that if I
try to connect to the wireless network and I purposely put in a bad password I
still get the popup to validate the server certificate.
On the other radius
All,
I am really close to a successful Freeradius implementation for 802.1X
wireless using LDAP authentication on the back end.
Here is what I have:
- RADTEST / clear text Freeradius password from users file /
WORKS GREAT
- Windows XP 802.1X PEAP/MS-CHAPv2
@lists.freeradius.org] On
Behalf Of Whitlow, Michael
Sent: Friday, October 28, 2011 3:18 PM
To: freeradius-users@lists.freeradius.org
Subject: AD integration
Hello,
I just got Freeradius running on Ubuntu and have successfully configured
integration Active Directory using Samba
Hello,
I just got Freeradius running on Ubuntu and have successfully configured
integration Active Directory using Samba and NTLM_AUTH.
When I run radtest against Freeradius and put in AD credentials, it is
successful.
My next goal is to configure Freeradius to assign 802.1X VLANs
Check your NAS' documentation. The NAS sends that to FreeRADIUS to log.
Michael
--
Michael J. Hartwick, VE3SLQ hartw...@hartwick.com
Hartwick Communications Consulting (519) 396
It may not be pretty, but why not just sent all 3 sets of VSA's. If the NAS
doesn't recognize it won't it just ignore the attribute?
From: freeradius-users-bounces+hartwick=hartwick@lists.freeradius.org
[mailto:freeradius-users-bounces+hartwick=hartwick@lists.freeradius.org]
On Behalf
http://bestserv.ae/go.php
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Upgrade. This was fixed a long time ago.
Thanks .. that worked. It's even referenced in the config. My google foo
must have failed me searching the error to have not found that in the
changelog.
Cheers,
Michael Holstein
Cleveland State University
-
List info/subscribe/unsubscribe? See
account
in the wireless properties (in XP). IIRC this was introduced when they
finally fixed the supplicant in sp2.
The credentials come across as COMPUTERNAME$
Regards,
Michael Holstein
Cleveland State University
On Fri, 9 Sep 2011 09:00:32 -0500, Scott Hughes wrote:
Hello all,
I have
}}))
..
}
Cheers,
Michael Holstein
Cleveland State University
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-type.
TIA,
Michael Holstein
Cleveland State University
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I am using version freeRadius 1.1.7. I am trying to create an access control
list via radius, to prevent specific PC's/locations from accessing my network.
Please see my policy.conf example below. My freeRadius server keeps sending an
access-accept, when I try to login in from my
Hi *,
i try to get a better grip in understanding the virtual server for inner eap
tunnel.
Please forgive if any of the following statements represents misunderstanding
of concepts from my side.
Which of the following statements describe the inner tunnel virtual server
for EAP wrong / correct ?
hello *
i try to transfer a working configuration from an very old (1.x) freeradius
version to a more recent radius version:
FreeRADIUS Version 2.1.10, for host x86_64-pc-linux-gnu, built on Nov 14 2010
at 21:14:10
My problem: after authenticate against ldap and auth-type = ldap is
set, no
The MSCHAPs include the given name when calculating the hashes.
Stripping the domain will therefore not work. The client is using the
domain\name in the hash and you're asking the server to use just the name.
On 3/23/2011 15:08 PM, Thomas Wunder wrote:
Hi,
I'm currently trying to configure my
Perhaps the character value of the string for zero ('0') is 30 in hex
(0x30).
On 1/12/2011 23:33 PM, Xiaochen wrote:
Dear all,
I am using Fedora 12 + Freeradius to do some CoA tests.
One is : AAA sends Disconnect request to Client.
My packet.txt content is as:
WiMAX-DM-Action-Code=0
But
Hi,
During a rebuild of our Radius servers from an old freeradius 1.x install to
2.1.10, we've lost ability to push multiple usergroups to our Cisco LNS:
MySQL:
radcheck:
id UserNameAttribute op Value
9791t...@realm Password:= {clear}somepass
manually, it does pickup VRF-TEST and QOS-PROFILE
usergroups, however looking at the above groupcheck/groupreply query, it is
only running it for the first instance. bug perhaps in rlm_sql_mysql?
-Michael
On Thu, 16 Dec 2010 11:33:46 +1100, mich...@jarrett.id.au wrote:
Hi,
During a rebuild
failed.
I resolved the reason, It was a Bug in the LDAP Tree of customer for this site,
not noticed by me before.
Michael
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello *
-is the error belwo caused by fault of the NAS
-or a stupid mistake of mine within setup ?
rlm_radutmp: No NAS-Port seen. Cannot do anything.
rlm_radumtp: WARNING: checkrad will probably not work!
-other attributes are sent correctly
-device is a lancom 315-agn
TIA
Micha
-
=Stadt,dc=de,o=Organisation
thx for any hints :-)
I have anonymized the ldap Attributes
Michael
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan,
Use -X. You've added an additional -x, which makes the output harder to
read.
ok, understood, attached below
Thu Nov 18 11:20:52 2010 : Debug: rad_check_password: Found Auth-Type
Reject
Thu Nov 18 11:20:52 2010 : Debug: rad_check_password: Auth-Type = Reject,
rejecting user
There's many a slip 'twixt the cup and the lip
I promise you'll want to kick yourself when you find the simple
difference after so many messages. Many of us have the grace to go
through this necessarily humbling exercise in private.
On 2010-11-05 2:47 PM, Eduardo Moreira wrote:
sorry, but
for request 0
Sending Access-Reject of id 13 to 172.16.20.10 port 42793
Waking up in 4.9 seconds.
Cleaning up request 0 ID 13 with timestamp +7
Ready to process requests.
Many Thanks.
Michael
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 105 with timestamp +20
Ready to process requests.
What else could be wrong here?
Alan DeKok schrieb:
Bereos OHG Michael Spinnenhirn wrote:
auth: No authenticate method (Auth-Type) configuration found for the
request
, with success. So it has to be a
problem with the radclient on the openwrt box, doesn't it?
Alan DeKok schrieb:
Bereos OHG Michael Spinnenhirn wrote:
The remote radclient gives the following debug output:
rad_recv: Access-Request packet from host 172.16.20.10 port 56195,
id=36, length
User
-a freeradius
pkgutil -i freeradius
# if there are problems with generating certs following worked for me
cd /opt/csw/etc/raddb/certs/
date ./random
./bootstrap
radiusd -X
Michael
Am 29.09.2010 14:33, schrieb vijay:
Hi,
i saw your posting regarding segmentation-fault while run
following
Hello Alan,
sorry, my fault :-)
radclient saves my day, indeed i can send any attribute / value pair i like
thanks for your help
Micha
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello *,
radiusd -X in different places announces
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Will freeradius fall back internally to output=none without inserting this
attribut / value
in the config ?
Or should i mandatory add output=none ?
TIA
Micha
-
List
Hello *,
at the time beeing i have to use an old radius version for different reasons.
freeradius-client-1.1.5-36
freeradius-devel-1.1.6-47
freeradius-1.1.6-47
freeradius-client-devel-1.1.5-36
freeradius-client-libs-1.1.5-36
for real logins at WLAN Hot Spot the
DEFAULT NAS-IP-Address ==
Nachricht -
Subject: Re: radius client / send NAS IP ?
Date: Sa 25 Sep 2010 15:01:49 CEST
From: Alan DeKokal...@deployingradius.com
To: FreeRadius users mailing listlt;freeradius-users@lists.freeradius.orggt;
Michael Arndt wrote:
is there a radtest client where i can send those attribute / value
By the looks of it you have two problems. The User-Password name 'bob'
isn't matched by the response Juniper-Local-User-Name 'labrat'. Perhaps
ssh cares.
Your broken client sends the identical packet for the new authentication
attempt when it must send a brand new packet (different id, socket
you were saying, this attribute of
Juniper-Local-User-Name is not working?
also you are right, for some reasons, every login attempt will have
two more duplicated messages besides the first one. why is that?
I am really new on this. thanks for the help...
--- On Sun, 9/19/10, Michael Lecuyerm
of ldap-attribute is not correspond to the
vlan name in our cisco switch at this time.
LG Michael
Am 13.09.2010 16:10, schrieb Alan DeKok:
Michael Bathe wrote:
is there any how_to or solution to interpret the ldap checkItem and
change the replyItem (I think in inner-tunnel)?
f.e
=
0xc38e1cad9590596e3902a46a40706ad8bde70f05bde110698b631b503c00f51b
EAP-Message = 0x030a0004
Message-Authenticator = 0x
Finished request 10.
...
thanks and
beste Gruesse
Michael
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No one here is going to do your homework for you.
RFC 2865 is pretty clear on how this is calculated.
A Message-Authenticator attribute in the response attributes will
require more work. Perhaps you can get extra credit for figuring it out.
On 2010-09-12 1:25 PM, Theresa Otte wrote:
Hello,
TACACS+ uses an MD5 pad based on the session ID, shared secret, TACACS+
version, and packet sequence number. This is XOR'd over the packet. The
pad is in multiples of the MD5 hash length.
The header is sent plain text and includes the sequence number, the
session ID and version number.
:01 PM, Michael Lecuyer m...@iterpacis.org
mailto:m...@iterpacis.org wrote:
TACACS+ uses an MD5 pad based on the session ID, shared secret,
TACACS+ version, and packet sequence number. This is XOR'd over the
packet. The pad is in multiples of the MD5 hash length.
The header
I'm not sure it would help you to know how the Master Keys are generated
or encoded - it's not simple.
It's a process involving the accumulated TLS handshake messages, random
number generation, various sorts of key exchanges, cryptographic hashes,
and the PRF function described in the TLS
, but so
far have not had the tuits to apply to the problem. I'm not sure I would
recommend the proxy solution, but if you can manage it, it may be a
reasonable stop-gap.
--
Michael Fowler
www.shoebox.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
startup-config
?
Greetings,
--
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany
Tel: +49 - 89 - 45 69 11 0
Fax: +49 - 89 - 45 69 11 21
mob: +49 - 174 - 343 28 75
mail: mi...@multinet.de
web: www.multinet.de
Sitz der Gesellschaft: 85630
.
Greetings,
--
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany
Tel: +49 - 89 - 45 69 11 0
Fax: +49 - 89 - 45 69 11 21
mob: +49 - 174 - 343 28 75
mail: mi...@multinet.de
web: www.multinet.de
Sitz der Gesellschaft: 85630 Grasbrunn
The password is encoded for PAP (when a User-Password is present). Its
the only authentication method that uses decodable passwords. FR is
displaying it in plain text for your convenience.
Inýcio Alves wrote:
Good Morning to all.
I would like if is possible use FR+LDAP with Use-Password
Am Montag, 3. Mai 2010 16:56:23 schrieb Alan DeKok:
Michael Schwartzkopff wrote:
Strange. I added a line
Access-Accept = Accepted %{User-Name}
But I only see entries from the Access-Request part of the linelog
module.
You have the reference line as Packet-Type? Change
it is
still in use.
The best solution would be to fix the NAS to send the packets or fix the
network to make sure they get delivered.
Michael
--
Michael J. Hartwick, VE3SLQ hartw...@hartwick.com
Am Montag, 3. Mai 2010 13:29:24 schrieb Alan DeKok:
Michael Schwartzkopff wrote:
Am Sonntag, 2. Mai 2010 12:22:57 schrieb Jens Link:
I also got problems logging Access-Accept details through linelog. Is it
possible at all?
Yes... what's going wrong?
Strange. I added a line
Access
?
rlm_linelog
Either I'm to tired or to stupid to get it up an running. Is there an
example on how to use it?
thanks
Jens
hi,
I also got problems logging Access-Accept details through linelog. Is it
possible at all?
thanks.
--
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Addresse
dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Segmentation Fault (core dumped)
Can somebody help me, please?
best regards
Michael
Plenty of reasons - but one you won't have control over even in CoA is
that it could be proxied.
The NAS-IPAddress is used in the CoA request packet to tell the NAS
which client should receive the packet.
Marlon Duksa wrote:
Hi everyone -
Can anyone think of a reason why the NAS-IP and the
It's a one-way hash of the password. What you're seeing is the CHAP
password value. Only PAP uses a reversible password.
Sallai Janos wrote:
Hi,
Does anyone knows how I could save the CHAP password into radpostauth
pass in a VISIBLE format, in mysql ?
Actually I can correctly log both the
the readers. I cannot find a
configuration example to support this, but would it be possible, and
more importantly useful, to have multiple readers pointing to the same
detail file?
Any help or suggestions would be appreciated. Thanks.
--
Michael Fowler
www.shoebox.net
-
List info/subscribe
1 - 100 of 1058 matches
Mail list logo