For start record I have
Tue Feb 17 00:21:11 2009
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 416808
NAS-Port-Type = Ethernet
User-Name = branka
Calling-Station-Id = 00:4F:62:09:3C:C9
NAS-Port-Id = konc-javne
Acct-Session-Id = 8135a552
Many many thanks! Having put 'files' back into authorize, this has given
me a solution.
is there anyway this can be implemented with just sql?
Yes. Create radgroupcheck entries where each DEFAULT entry will belong to
a different group. Add each user to all 4 groups.
Ivan Kalik
Kalik
- User file new looks like :
DEFAULT Ldap-Group == cn=vlan1,ou=vlans,dc=test,dc=fr, Autz-Type := LDAP
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 2,
Reply-Message = ok
Remove that Autz-Type := Ldap
- Into the sites-enabled/default inner-tunnel :
Many thanks for your suggestion. However, (using 2.1.3) my
sqlippool.conf file is now:
sqlippool {
#
## SQL instance to use (from sql.conf) ##
#
sql-instance-name = sql
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: performing search in
cn=vlan1,dc=test,dc=fr, with filter (samaccountname=uservlan1)
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: object not found or got
ambiguous search result
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap::ldap_groupcmp: search failed
User
I've tried adding to the radcheck table ( INSERT into `radcheck` SET
`id` = 0, `username` = '447', `op` = ':=', `value` =
'%{control:Huntgroup-Name}`; )
Typo. It should be ' not ` at the end.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
I've tried adding to the radcheck table ( INSERT into `radcheck` SET
`id` = 0, `username` = '447', `attribute` = 'Pool-Name' `op` =
':=', `value` =
'%{control:Huntgroup-Name}`; )
Sorry The result is still the same:
OK. sql safe characters in play. Then use unlang:
update control {
is there a way to reference the name of the client stanza (or its
shortname) in unlang? I.e. if there is
client foo {
ipaddr = 1.2.3.4
shortname = foostuff
}
Then there's a request coming in from this client. In the client
processing, can there be sth like
if ( -- something that reveals
I have copied the file of the default virtual server to my virtual server file
and edited it.
Then I disabled the default Virtual server.
And did you enable the new one? Read the README file in
raddb/sites-available in order to find out how to fix/add listen section
in order to make this
Hi, I have several problems when I would like to link freeradius with AD
using OpenLDAP.
Look up
http://deployingradius.com/documents/configuration/active_directory.html
to see how to inegrate with AD for pap and mschap/PEAP.
When I tried to test the binding of OpenLDAP to the AD with radtest,
Would Kerberos authentication work with AD and EAP, or am I thinking
too early in the day?
No. Kerberos requires clear text passwords in the request. EAP-MD5
doesn't provide them. EAP-TTLS PAP will work - but native XP supplicant
doesn't support that. You can get SecureW2 to do it.
Ivan Kalik
What i've got currently can be up to 3 files. Firstly, the server
certificate itself, which has been signed by Verisign's Intermediate CA,
then the cert for said Intermediate CA, and finally the root cert used
to sign the Intermediate CA. My current setup is with the server cert in
a file on it's
My client is still giving the same behaviour of not getting the
certificate chain, however.
OK. So which certificate signed the client certificate?
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radiusd -X not x.
Ivan Kalik
Kalik Informatika ISP
Dana 16/2/2009, tincboy tinc...@gmail.com piše:
Hi,
I've just configured my new freeradius installation with mysql,
but the output of my test command is Rejected.
radtest home home 127.0.0.1 1812 testing123
radius -x output is:
Starting -
I am trying to use mysql and Freeradius for AAA. The communication between
freeradius and mysql server seems OK, since Freeradius is getting the clients
from radclients table.
When I do a test from the command line:
radtest user1 pass localhost 1812 shared
I got the output:
rad_recv:
there is a radius server with VPN server as its nas. radius server use ldap
server in back end for authentication and authorization.
we want if Calling-Station-Id of user is valid radius could give ippool
number=1 in access reply to vpn server and if Calling-Station-Id of user is
invalid could
I have a value set for an attribute in LDAP, how do I extract the
value from the attribute and do a comparison on it in the users file
so I can set the VLAN?
ldap.attrmap file in raddb directory.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
I'm reading the documentation of freeradius 2.1.3 (I've not gone through
it all yet) and I find that Fall-Through = Yes is always specified as a
reply attribute.
But it isn't a real reply attribute isn't it? It's more of a configure
attribute like Cleartext-Password, right? So it should be used
Am I correct in saying that the LDAP-attribute that is mapped to
Tunnel-Private-Group-ID would need to be set to the value of the the
VLAN I require? The LDAP-attribute that I wish to use curently
contains values like ITISCP and ENISCP. I want to say if
attribute value == ITISCP set vlan to
What I would love to do is set up Huntgroups (OK so that bit works too!)
and then in the sqlippool.conf just assign pool-name = %{Huntgroup-Name}
This doesn't work, and all I get is pool-name is undefined.
Does anyone have any ideas?
%{control:Huntgroup-Name}
Ivan Kalik
Kalik Informatika ISP
Am I correct in saying that the LDAP-attribute that is mapped to
Tunnel-Private-Group-ID would need to be set to the value of the the
VLAN I require? The LDAP-attribute that I wish to use curently
contains values like ITISCP and ENISCP. I want to say if
attribute value == ITISCP set vlan to
I'm using version 1.1.3 so, I moved the files entry below the ldap
entry but my DEFAULT entry in the file: users does not match or return
any value.
You should upgrade. Did something else match in files? Post the debug.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
I'm using version 1.1.3 so, I moved the files entry below the ldap
entry but my DEFAULT entry in the file: users does not match or return
any value.
You should upgrade. Did something else match in files? Post the debug.
Stuck with this version for now.
I have a catchall DEFAULT entry with no
At present I am using AD groups to assign roles to my users
and rejecting users who are not members of the defined groups.
This is being done via the users file which looks like this:
#If you are not in either group, no access is allowed
#FreeRADIUS 2.1
#These are the groups we are
ok well i guess i will do manuall replys for each user :(
So freeRadius 2.x have taken care of my problem and I actually can use SQL
to controll everything?
Read man unlang on freeradius site and you will see how much more you can
do in 2.x.
Ivan Kalik
Kalik Informatika ISP
-
List
I have a radius server that uses ldap server for authentication and
authorization. The client of radius server is a vpn server.
now they are working. I want to have two groups of vpn users in vpn server
base on their IP addresses.
Could radius server check IP address of users
Yes. IP address
I am getting the following errors during authentiacation for my username
n...@future.commailto:n...@future.com
Note that my client is 13.0.0.5 and radius clients password is FutureRadius..
Packet is reaching radius server and discarded with reject message. Please
check what i am missing.
Most
I have read a lot of manual, example and post, but I still don't know
what is the solutions.
I have newest freeradius, and cisco devices(now AP).
I want the user authentication to the cisco device by fr,
It works,
I configure the users file like this:
test Cleadtext-Password := test
When I use 802.1x and MD5 (PAP) I can add easily pass VLAN assignment back to
the NAS using
username Cleartext-Password := password
Reply-Message = Hello, misch,
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID = 100
in the users file.
yey thats seam to work, but still getting one problem.
So the comp gets bloket regardless of username, but the Reply-message from
the bloked table is not being displayed. So I have bloked huntgroup name
and I have SQL group: Deny_Trial that sends Reply-Message + Reject for all
its members (which
Hi Ivan,I just not sure if the card broken because when I set it to use WPA
then it's working perfectlybut why MSCHAPv2 EAP-TLS didn't work?
WPA what? WPA-PSK? That doesn't use EAP or any other user authentication
method. EAP is broken.
Card is just radio. Instead of music it repalys data.
It seems freeradius tries to authenticate the computer from the
ou=People,dc=mydomain,dc=com.
In radiusd.conf I have the following:
ldap {
server = 192.168.0.3
identity = uid=dot1x_read_user,ou=People,dc=mydomain,dc=com
password = ldapreadpasswd
basedn =
Make another ldap instance that has that basedn. Machine usernames have $
at the end - use unlang to test for that and switch ldap instance as
required.
I see how to create another instance but really don't see where and how
to use unlang to switch between the 2 instances depending on the
if(User-Name =~ /\$$/ ) {
ldapmachine
}
else {
ldapuser
}
Ivan Kalik
Kalik Informatika ISP
Dana 5/2/2009, Laurent CARON lca...@lncsa.com piše:
t...@kalik.net wrote:
regex.
Thanks Ivan,
Can you please give me some hint about what to put in config's stanzas ?
Thanks
-
List
in my radiusd.conf file I've got 2 stanzas like this:
ldap {
server =
port =
}
ldap2 {
server =
port =
}
I did copy/paste the lines you gave me just over the first server =
... line but it doesn't seem to do anything.
Any clue ?
That should be:
Now I want to implement a check, that verifies if a user authenticating with
10...@realma.com is also in the group realmA and reject the request if this
is not the case. This way I want to implement a user X purchased product Y?
Already tried this: Adding in the radusergroup table:
whats the difference between Accounting stop and AcctStatusType=stop?
It's the same thing.
Accounting stop and AcctStatusType=tunnel-stop
Big. One is for accounting user sessions and the other for tunnel (which
carries user sessions) sessions.
If i send accounting stop packets and
I see Framed-IP-Address = 10.218.3.41 but at the end of the logs he have:
Sending Access-Accept of id 32 to 10.218.7.243 port 1025
Framed-IP-Address = 255.255.255.254
Why he sending 255.255.255.254 .
Some part of the configuration *you* added does this. The default
Can perl overwrite the value from users file? From debug he did give the
new address for $RAD_REPLY but it did not overwrite the previous value
(from users file).
The perl module is supposed to *replace* the reply attributes with
whatever it has. So a lingering IP address is strange.
I need to store packets with Acct-Status-Type := Stop only in db
'radacct', rest of the packets needs to be ignored. How to proceed. Plz give
suggestion.
Note: am using freeradius1.1.6 version.
In sql.conf leave only accounting_stop_query_alt and comment out the
others. You are aware that this
Hi Alan,Appreciated if you could give me some tips how to solve the problem.I
ready have not idea why this happen or where did i get wrong..newbie.Thank in
advance.
What are you using to connect to the AP? Whatever you are using is
broken. Fix it or get a new one.
Ivan Kalik
Kalik Informatika
You are aware that this will disable Simultaneous-Use?
could you explain me more.
If you don't record Start packets you won't be able to detect double
(or multiple) logins by the same user. Potentially, one user can pay you
and reveal his user/pass to everybody and all of them will be able to
I have a Monowall athorizing and accounting on a Freeradius 2.1.1
I have news for you - you don't. Some other server does that. Yours just
proxies requests to it.
[suffix] Looking up realm dialup.usp.br for User-Name =
nbati...@dialup.usp.br
[suffix] Found realm dialup.usp.br
[suffix] Adding
I executed freeradius on debug mode, then I used the radtest command.
The message is almost the same,
Almost is the key word here.
but the proxy (@dialup,usp.br - another
radius server in another city) returns OK.
Why using radtest it returns OK and using monowall it retorns Reject?
Who knows
Could it be the problem?:
radius server is in 10.10.10.0/24 and the nas is in the 192.168.1.1/27
the packets bridged, the nas can ping the radius server... can the
different mask be a problem?
No. Shared secret is wrong. Have you retyped it both on radius server and
on the NAS?
WARNING:
did you could configure Daloradius ?? Because i have this error when i try to
login
Database connection error
Error Message: DB Error: connect failed
Debug: [nativecode=Access denied for user 'root'@'localhost' (using password:
NO)] ** mysql://root:@127.0.0.1/radius
I'd like to check if a request that I received from a radius server will be
proxied back to that same server resulting in a proxy loop.
The way I see things there is no other way to find out to which server the
request will be proxied to.
Create a table proxy with information form proxy.conf.
I'm afriad, but this won't work in my environment. I will need a different
subnetmask.
Can you explain why do you think 255.255.255.255 netmask won't work for
you. Do you know how that netmask works?
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = ale, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap]
I think the problem is in the AP(nas), not in the radius.
Sorry, no more questions about it . I think the CISCO 861 router(new)
has something problem.
I would seriously doubt that. Your server would be much bigger suspect.
It can't find openSSL either.
Ivan Kalik
Kalik Informatika ISP
-
List
That should happen only if IP allocation has expired (see lease-duration
in sqlippool.conf). There is another allocate-find query that issues
random IPs.
Hmmm, maybe there is another problem in my config. I tried two requests within
ten seconds. Attached you'll find the debug. During the
Ok you are told me that my router are not sending chap ???
Yes. Thatćs what debug suggests. It also suggests that you are forcing
freeradius server to process request as chap. And there is no such
instruction in database info you posted.
I will chek on monday and will send again my config.
We
I should note that in my radiusd.conf file, I'm not including eap.conf nor
sites-enabled/, but other than that I have all default settings.
Well done! By removing /sites-enabled you have stopped the server from
processing all As from AAA (authentication, authorization and
accounting) in one
How can i instruct to the database that i will use chap ?
Don't. Just don't.
If you use default configuration and send pap request, server will
process it as pap, if you send chap, it will process it as chap, if you
send mschap it will process it as mschap, if you send eap ... Well you
should be
Ah, sql groups don't work properly in 1.x. Upgrade.
Ivan Kalik
Kalik Informatika ISP
Dana 31/1/2009, Alex M freerad...@lrcommunications.net piše:
I guess its different in newer version of radius but in my 1.5 the only
table that has PRIO is radgroupreply
and there is table radusergroup
Here is a trick from the old days:
Create a huntgroup like:
blocked Calling-Station-Id == whatever
SQL-Group == suspend
Where suspend is the group with Auth-Type := Reject in it. That will blok
him if he is in suspend group or not (only the message in radius.log
will be
I have installed Freeradius and diualup admin and mysql
I configurated the both ! I have an an aplication called vyatta. I am trying
that this vyatta validate the users with the freeradius
I configurated in the admin.conf with chap and clear-password and i set that
the password are store in
..
Listening on authentication address 192.168.1.49 port 1812
Listening on accounting address * port 1813
Listening on proxy address 192.168.1.49 port 1814
Ready to process requests.
You didn't send the request. The idea is to debug the request processing
that isn't working.
Ivan Kalik
Kalik
and my freeradius -X was :
FreeRADIUS Version 2.1.0, for host i486-pc-linux-gnu, built on Nov 14 2008 at
11:57:03
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may
I have this when the user try to authenticate but on Monday i will post all
info of the freeradius -X
The request would be nice.
why the radius sayd me rlm_chap: Attribute CHAP-Password is required for
authentication. ???
Because you are forcing Auth-Type CHAP on something that isn't a chap
I am looking for a solution that will allow a captive portal to
authenticate against eDirectory but also check the accounting database
to ensure a user has not exceeded their bandwidth allocation. I would
prefer not to import the eDirectory users into a SQL database but
rather keep the actual
I use freeradius (FreeRADIUS Version 1.1.4, with security changes
through 1.1.7, for host apple.com, built on Sep 23 2007 at 22:52:08)
on Mac OS X Server 10.5.6.
My problem is that I get messages that I do not understand in the log
file
It looks like this:
Thu Jan 29 16:10:41 2009 : Auth:
Now, the behaviour of the server changed in the way, that the freeradius
reserves only one ip-address per user. if the same user logs in again on the
same nas (without accounting-stop-packet before), the old ip-address is freed
and the user receives a new one.
That should happen only if IP
Yes. eDirectory will replace radcheck and radreply while accounting
will go to radacct.
I was under the impression that radcheck would have to check
eDirectory and accounting info.
No. eDirectory will be searched by ldap module.
I want to allow access based on
eDirectory credentials AND
Hi i just tried to add following (as adviced) into my radcheck table in
MySQL:
UserName: DEFAULT
Attribute: Calling-Station-Id
op: ==
Value: 00:0b:6a:xx:xx:xx, Auth-Type := Reject
And it did not work
guessI just can not add value with operator in it, but still how can i
reject user based on
Tried that...
now i'm getting all users rejected regardless of mac address in the given
group :(
That shouldn't happen. Post the debug.
How do i set priorities?
You have priority field in radusergroup table.
I though priorities only apply to radreply.
There are no priorities in radreply.
It's fine. Send it direct.
Ivan Kalik
Kalik Informatika ISP
Dana 28/1/2009, Josh Hiner j...@remc1.org piše:
t...@kalik.net wrote:
list. I would think that what I am doing is fairly popular? Why are more
people not complaining? This is too bad and if true, very poor.
Can you post the
When I try to do MAC auth, it shows No User, though it works fine when
I
remove the Calling-Station-Id check item from MySQL. Debug shows
quotes
around MAC.I put MAC in database with and without quotes and still
errors.
No quotes.
Any ideas?
Log into your database and post here the
i'm not splitting user name from realm (well i don't know), below is
an example with NT-Domain expand: (not working host/host.domain.local
eap/peap but works ppp authorization from all domains User-name is
DOMAIN\\user and domain is correctly expanded it works also with
OTHERDOMAIN\\otheruser -
I'm setting up a freeradius configuration for authenticating users on a
number of technologies (pix, nokia, ...). Users accounts are stored in a
backend OpenLDAP.
I'm willing to allow users to authenticate to specific machines, that I
would like to choose and administrer from the accounts on the
Hm, does it see NULL greater than now()? Replace NULL in expiry_time
column with -00-00 00:00:00 (that's what MySQL thinks null
datetime is - it will match IS NULL). And in that previous query replace
= NULL with = '-00-00 00:00:00'.
If this is so, sqlippool schema will need to be
Try SELECT * FROM radcheck WHERE value='00-1C-B3-B1-3E-07' and see if
that line gets listed. You might have white space around it. It should
match.
Ivan Kalik
Kalik Informatika ISP
That correctly returns it:
7 eric1328 Calling-Station-Id == 00-1C-B3-B1-3E-07
I've tried many things. Do you
Is there another possibility to reassign the same ip-address to the user again?
Not while first connection is still active. That can't possibly work.
NAS will reject such IP.
Are you trying to create a multilink? That is NAS, not radius capability.
Ivan Kalik
Kalik Informatika ISP
-
List
Hm, does it see NULL greater than now()? Replace NULL in expiry_time
column with -00-00 00:00:00 (that's what MySQL thinks null
datetime is - it will match IS NULL). And in that previous query
replace
= NULL with = '-00-00 00:00:00'.
If this is so, sqlippool schema will need
I have attached new schema and queries for mysql sqlippool. These should
work with both 4 and 5 MySQL versions (I have done some manual testing
on both; 4 on Linux and 5 on Windows). In version 5 (at least the
Windows one I have tested on) CURRENT_TIMESTAMP defaults to '-00-00
00:00:00'
I try to add prepaid system to my equipment.
In this case when quota is reached, equipment sends Access-Request with
quota comsumed and I need to store this data in sql. But. Unfortunately,
I must think about how many on-line customers send quota to sql in same
time. Yes, I can write perl script
Both the LDAP authentication and proxying to RSA are working properly. To get
the two working together
.. you need a two factor authentication manager. Freeradius isn't one.
I don't know of any open source ones.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
Fall-Through (yes and Yes work; checked just in case).
Ivan Kalik
Kalik Informatika ISP
Dana 28/1/2009, Mark Jones mjo...@mnsi.net piše:
Ok at least I know it does work.
I will post the debug tommorrow.
But in the mean time can you confirm what the exact attribute you have in
your rad reply
Update the reply. In the inner-tunnel server, post-auth section, add:
...
update outer.reply {
User-Name = %{User-Name}
}
...
Done this, doesn't seem to work. I guess the NAS doesn't accept it.
Post the debug. Lets see what name is in the Access-Accept
list. I would think that what I am doing is fairly popular? Why are more
people not complaining? This is too bad and if true, very poor.
Can you post the eapol.log and wzctrace.log for the same attempt. I'll
dig through that and see if I can find what is going on.
Ivan Kalik
Kalik Informatika
it seems, as if this is working...
But there seems to be another problem or even a bug:
What does this errormessage mean?
rlm_sql_mysql: MYSQL check_error: 1064 received
sqlippool_command: database query error in: 'UPDATE radippool SET
nasipaddress = '',
i know about this expand but it's expanding to only first section of
domain (eg. domain.com mschap expand gives only domain)
i'm wondering it is possible to get to work correct expand beceause
sometimes radius must authorize users from other thrusted domains.
Can you post an example. If you are
the idea is to authenticate users with LDAP, but once authenticated
check your Calling-Station-Id, and depends on the mac is due to a
specified VLAN
-
Why don't you do this in authorize section where this is normally done?
Why do you want to do it in post-auth? You don't need policy.conf;
unlang
Hi I have a problem:
1. The ldap don't replace(expand) the calling-station-id to the mac
address, just one time(first)
first time:
[ldap] expand:
((employeeType=TRUE)(cn=%{Stripped-User-Name:-%{User-Name}})(macAddress=%{Calling-Station-Id}))
-
But there seems to be a problem with this statement now:
-
SELECT framedipaddress FROM radippool WHERE pool_name = 'poolDE' AND
expiry_time NOW() ORDER BY (username 'peter2'), (callingstationid
''), expiry_time LIMIT 1 FOR UPDATE
This statement should receive
Just to clarify that I am understanding things correctly.
if you have read_groups = no you can overide it with the fall-through
attribute
Yes.
if you have read_groups = yes you can not overide it with the fall-through
attribute.
It will have no effect.
Ivan Kalik
Kalik Informatika ISP
-
When I try to do MAC auth, it shows No User, though it works fine when I
remove the Calling-Station-Id check item from MySQL. Debug shows quotes
around MAC.I put MAC in database with and without quotes and still errors.
No quotes.
Any ideas?
Log into your database and post here the result of
thanks for your return. I have added:
$RAD_REPLY{'Framed-IP-Address'} = 10.218.6.1;
return RLM_MODULE_OK;
but no change, he use the pool included into the cisco ASA (10.218.4.5)
a error of me ?
Do a debug (radiusd -X) and see did the attribute
Whoops, I thought I solved this but I didnt. I tried setting up eap-tls
on a few different laptops each using windows xp to configure eap-tls
(not the wireless card client). I get the same results there. I have
nothing in my /etc/raddb/users file. I tried putting:
josh Auth-Type := eap
We have different Network Access Servers, which are located in different
locations. The users, which login to this NAS, will be assigned an ip-address
by the sqlippool-module.
I read a lot of the documentation and tried a lot of different things, but i
don't know, how to configure the
hello for all!
I've configured freeradius to work with 802.x connection, everything
working well but rlm_mschap expanding user name and domain
host/host123.domain.com to:
username - host123$
domain - domain (without .com)
in ntlm_auth i have no correct domain name (without .com) so i've
added
Your perl script changes this:
rlm_perl: Added pair Framed-IP-Address = 10.218.4.120
into this (use IP pool on the NAS):
rlm_perl: Added pair Framed-IP-Address = 255.255.255.254
I don't see this:
$RAD_REPLY{'Framed-IP-Address'} = 10.218.6.1;
at all. Fix your script.
Ivan Kalik
Kalik
thanks but nope:
rlm_mschap: Unknown expansion string Domain-Name
Sorry it's NT-Domain:
--domain=%{NT-Domain}
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I did find the Makefile. Thanks! I tried to do a make caclient.pem but
it threw this error:
openssl req -new -out caclient.csr -keyout caclient.key -config
../client.cnf
Generating a 2048 bit RSA private key
+++
+++
writing new private key to 'caclient.key'
-
openssl ca
Ok, made new client cert and now it shows valid and displays Provides
your identity to a remote Computer as the intended purpose and on the
Details tab displays the correct info etc... The Certification Path
displays valid. Still same problem though (exact same problem) of just
sitting there at
sorry, i have change my script for test into the pool:
$RAD_REPLY{'Framed-IP-Address'} = 10.218.4.120;
$RAD_REPLY{'Framed-IP-Netmask'} = 255.255.255.0;
return RLM_MODULE_OK;
OK. That's in sub authorize.
i don't know why i
Ok, made new client cert and now it shows valid and displays Provides
your identity to a remote Computer as the intended purpose and on the
Details tab displays the correct info etc... The Certification Path
displays valid.
But windows was unable to find a certificate to log you on
..
I want to know if I can handle VLAN's on file policies and create a
conditions with Calling-Station-Id
Can you explain in more detail. Give some examples.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Yes the cert is there, does report the correct oid etc.. etc.. Attached
is the client certificate I am using. I even went into the configuration
and made it so XP asks me to select my certificate manually. I select
the certificate manually and it still gives the same error as above
(Error in
/*
* sql xlat function. Right now only SELECTs are supported. Only
* the first element of the SELECT result will be used.
*/
Oh, I am really very interested in INSERT sql. Please, tell me, Is this
right? Can I insert or update any data into my DB? Can I use another way
for INSERT
501 - 600 of 2007 matches
Mail list logo