José M. Peñúñuri wrote:
This is what I am trying to set up:
Cisco AP Aironet 1200 authenticating on a FreeRADIUS running on Linux
Redhat 9... it is supposed that the clients (which the most run windows
XP in their laptops) should authenticate via the freeradius server in
order to gain access to
Henry Le wrote:
Hi,
I got some errors from running freeradius so I want to start everything from scratch,
how can I uninstall freeradius from my system?
Thank you
Hung
What system are you running? How did you install freeradius - from a
package or from source?
Cam
-
List
Dear Stefan,
You wrote that FreeradiusMySQLPEAP works fine at you.
In my system after 5 seconds that the authentication was successfull I lost
the connection. I've no idea.
In the SQL I'm still connected but I'm not really.
When the radius is cleaning up the requests I get disconnected. Why? Can
Thanks you help.
David
- Original Message -
From: Michael Markstaller
To: [EMAIL PROTECTED]
Sent: Tuesday, May 25, 2004 1:38 AM
Subject: RE: url redirect+user status
Behalf Of Szabo David
Sent: Sunday, May 23, 2004 5:44 PM
I would like to set a web page that the users who are
Does anybody successful experience on FreeRADIUS with EAP/TLS working on
wireless MAC OS client?
Regards,
ro0ot
ro0ot wrote:
Hi,
I am using the FreeRADIUS and OpenSSL comes with Red Hat Fedora Core 1.
Regards,
ro0ot
Kevin wrote:
Hi,
What version of openssl and freeradius did you use?
I want to
I'm configuring PEAP. I think the freeradius config is Ok.
...
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type Reject
rad_check_password: Auth-Type = Reject, rejecting user
Nope, it's not.
Alan DeKok.
I think that message comes
Can IP Pool works in a VLAN core switch?
Regards,
ro0ot
ro0ot wrote:
Hi,
How can I configure FreeRADIUS to assign IP address when there is a
successful authentication with FreeRADIUS?
Regards,
ro0ot
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List
hi,
Should I write anything in the domain box when I
want to connect to the wireless network? I'm using PEAP. ( WinXP, Freeradius CVS
snapshot...)
David
On Mon, 24 May 2004, Alexander Lunyov wrote:
Hello freeradius-users,
I have a problem with rlm_ippool - it's not deallocating ip's from
pool, and i think i'm somewhat close to its solution, but i want to
do all things right, that's why i'm here again.
FreeBSD 4.8R-p14,
Still having problems with radwho and utmp type logging, can someone
give me a clue?
Maqbool Hashim wrote:
Hi,
I'm having problems getting utmp accounting to work properly on
FreeRadius (latest version). When the NAS sends an account-request
packet to radius, everything seems ok except for
Hi there,
I'm looking for a testbed to test compliance of a RADIUS server against the RFC or our
internal standard interface.
Objective:
Test if the RADIUS server fully complies to RFC (or subset) by sending different test
RADIUS packets and comparing the received packets with per-defined
I'm getting this error when using rlm_exec:
Exec-Program-Wait: plaintext: No input file specified.
I've search through the source, but can't find any reference to this
error message.
Anyone got any ideas?
Thanks, josh.
--
---
Josh
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I tried to combine users into groups and use group attributes from LDAP to
pass on the NAS. But somehow it does not work. First I tried:
DEFAULT Ldap-Group == vlan_20, \
User-Profile:=uid=vlan_20,ou=profiles,ou=radius,dc=multinet,dc=de
Hi,
I have successfully authenticated a linux client (xsupplicant) with an
ap running hostapd that talks to a radius server ( FreeRADIUS 0.9.3
debian/unstable) with eap-tls.
I have also successfully authenticated an win XP client, but after some
30 seconds the win XP client seems to send a new
On Tue, 25 May 2004, Michael Schwartzkopff wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I tried to combine users into groups and use group attributes from LDAP to
pass on the NAS. But somehow it does not work. First I tried:
DEFAULT Ldap-Group == vlan_20, \
Hi Bob.
I **think** I might have it working now.
I just added to the original config the following lines:
encryption vlan 90 key 1 size 128bit 7 CE78330C1A841439656A9323F25A
transmit-key
encryption vlan 90 mode ciphers wep128
I read thru some examples on the cisco website (mostly for LEAP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
(...)
Run radiusd in debug mode to see exactly what's happening. Are you sure you
have the files module before the ldap module? If it's the other way around
that would explain the VALN id not being read.
Thanks. The location of the files module
Rivera, Denis [EMAIL PROTECTED] wrote:
-Attribute Dump-
Login-LAT-Groups=Users
I was expecting the value Change Password and Users and Luisa
Administrator.
---Attribute Dump-
Login-LAT-Groups=Users, Change Password, Administrator
The string Change Password
Rivera, Denis [EMAIL PROTECTED] wrote:
I tried getting info from the site... I've tried calling and I got an
operator error says this number is no longer in service
Whoops. I didn't update all of the web pages with my contact
information.
all email addresses are bouncing back. :(
Hmm...
On Tue, 25 May 2004, Michael Schwartzkopff wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
(...)
Run radiusd in debug mode to see exactly what's happening. Are you sure you
have the files module before the ldap module? If it's the other way around
that would explain the VALN id not
Szabo David [EMAIL PROTECTED] wrote:
Should I write anything in the domain box when I want to connect to the
wireless network? I'm using PEAP. ( WinXP, Freeradius CVS snapshot...)
Whatever you want. But if FreeRADIUS doesn't know about the domain,
then it probably won't work.
Hmm... I was
[EMAIL PROTECTED] wrote:
Test if the RADIUS server fully complies to RFC (or subset) by sending
different test RADIUS packets and comparing the received packets with
per-defined packets.
radclient can do that. But there isn't an existing testbed set
up. You'll have to write wrappers around
I was under the impression that 1 AP = 1 VLAN. Has trunking been added?
-Original Message-
From: Artur Hecker [mailto:[EMAIL PROTECTED]
Sent: Monday, May 24, 2004 5:40 PM
To: [EMAIL PROTECTED]
Subject: Re: Dynamic VLAN assignment
i don't know, but i would say execute an external
I don't know. That does have me concerned about my test AP...
On May 25, 2004, at 6:56 AM, Chris Bshaw wrote:
Hi Bob.
I **think** I might have it working now.
I just added to the original config the following lines:
encryption vlan 90 key 1 size 128bit 7 CE78330C1A841439656A9323F25A
Hello all,
I am using Freeradius 0.9.3 on an X86 machine running
Gentoo Linux. I compiled Freeradius myself from
source. We are authenticating users from
authentication data in a MySql database. I am also
using the PHP interface called DialupAdmin, and we
have 3 Ascend Max's as NAS gear. One NAS
Oh yes You can use the eth port as a trunk, and the radio can
either tie different SSIDs to VLANs, or different users can be put into
different VLANs if you are using some sort of authentication.
Willey Kurt D wrote:
I was under the impression that 1 AP = 1 VLAN. Has trunking been
(this is now kind of off the topic of radius but... )
Yes, it is a bit heavy What this is really doing is kind of sort of
mimicking private VLANs in the Catalyst sense. Where each user in a
VLAN cannot see each other, but they can all send traffic towards one
assigned port...
I am
IIRC, the Aironets can only take either 8 or 16 VLANs.
You may be better off using the filtering functions in the Aironet to
restrict the forwarding of frames between wireless stations, instead of
using VLANs like this.
josh.
On Tue, 2004-05-25 at 15:27, Dan Armstrong wrote:
(this is now kind
well, i thought Dan was speaking about a new VLAN per user not per AP.
this is possible with Cisco APs. as far as i know, 1200 and 1100 can do
trunking.
ciao
artur
Willey Kurt D wrote:
I was under the impression that 1 AP = 1 VLAN. Has trunking been added?
-Original Message-
From:
I've done trunking of more than 3 vlans with the 1200 series. I
configured one as my native network management vlan, and two others
bound to different SSIDs. I think it's possible to have even more than
that, but only one Guest mode VLAN.
-Original Message-
From: Artur Hecker
Why not use public secure password forwarding?
Public Secure Packet Forwarding (PSPF) prevents client devices
associated to an access point from inadvertently sharing files or
communicating with other client devices associated to the access point.
It provides Internet access to client
Hi to all FreeRADIUS users,
I know that it is possible to use EAP-TLS for authentication purposes together
with My-SQL for authorization. However I cannot figure out what to put in
radiuscheck in lieu of the password attribute (using eap-tls users don't have
passwords but certificates).
Thank
Hi,
I would like to set freeradius up to authenticate from an LDAP
directory. I can successfully authenticate a user this way from the
radtest client. What I am trying to do is authenticate wireless clients
(Windows XP). There is a ldap_howto.txt file but it's pretty
complicated. I just
Hi,
I've have the same problem.
Why does the Xp client lose the connection when the RAdius server is
cleaning up requests?
David
- Original Message -
From: Ulf Jakobsson
To: [EMAIL PROTECTED]
Sent: Tuesday, May 25, 2004 2:06 PM
Subject: eap-tls with XP client and linux client
Hi,
I
Szabo David [EMAIL PROTECTED] wrote:
Why does the Xp client lose the connection when the RAdius server is
cleaning up requests?
It doesn't. The two events are completely independent.
What's probably happening is that there's a Session-Timeout sent in
the reply, which tells the AP to kick
James [EMAIL PROTECTED] wrote:
I know that it is possible to use EAP-TLS for authentication
purposes together with My-SQL for authorization. However I cannot
figure out what to put in radiuscheck in lieu of the password
attribute
Nothing.
Alan DeKok.
-
List info/subscribe/unsubscribe?
Barry Stewart [EMAIL PROTECTED] wrote:
I know you need to bind to LDAP with a clear text password. Apparently
this isn't possible with eap/peap.
Exactly.
According to the docs you need to extract the password from LDAP
first and then do the comparison from instead of authenticating from
Felipe Neuwald [EMAIL PROTECTED] wrote:
I'm running 'radiusd -l syslog' and it still logging to
/var/log/radius.log.
Hmm... I suggest filing a bug on bugs.freeradius.org, then.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi
Most of you use eap-tls with XP.
Is there a way to use Windows2000 for eap-tls?
Kevin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Service Pack 4 includes an 802.1x client, but it's disabled by default.
Peruse through the Services MMC, and you should find it.
--Mike
On Tue, 2004-05-25 at 12:25, Kevin wrote:
Hi
Most of you use eap-tls with XP.
Is there a way to use Windows2000 for eap-tls?
Kevin
-
List
Sure - get a supplicant (client) software package (such as Odyssey from Funk Software
- I think and comes bundled with some of the WiFi capable cards such as the Linksys
wireless-G card WPC54G - at least here in the US).
I use this very setup for a Win2000 laptop
Gary N. McKinney
Network
Thanks,
I guess I'm making things more complicated than they really are. I
started with fresh conf files. I uncommented the tls and peap sections
of eap.conf. I now get the following output:
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
Keith Yoder [EMAIL PROTECTED] wrote:
Okay, I went digging through the code and found the solution. There are
two operators, , and |, that can separate Day definitions. If I use
a comma, Freeradius ignores the second day definition. Using a |
everything works as expected. As a reminder:
Barry Stewart [EMAIL PROTECTED] wrote:
I now get the following output:
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure,
Barry Stewart [EMAIL PROTECTED] wrote:
modcall: entering group Auth-Type for request 7
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: doing MS-CHAPv2 for bstewart with NT-Password
I currently have FreeRADIUS setup to authenticate users against Active
Directory and the local users file. Now I want to use it as the RADIUS
server for my Extreme network switches. My hope is to be able to use the
Active Directory accounts to authenticate the users to the switch via
Hi all
How to use MySQL for store users using Digest:
this is put in users file:
[EMAIL PROTECTED] Auth-Type := Digest, User-Password == mera
Reply-Message = Authenticated,
Sip-Rpid = 16010
I'am sorry my poor english :(
thks a lot
Welesley Sibelson dias
-
List
thks Alan DeKok more question i need chage sql.conf
too to use MySQL schema because i use SER( Sip Express Router)
with freeradius and Logs is write in files ou write in MySQL ?
thks a lot
Welesley Sibelson Dias
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
How to use MySQL for store
Hmn,
I guess I'm missing something then? I thought it would use the LDAP
password. I did set password_attribute = userPassword in
radiusd.conf. Shouldn't this be using the password sent by the client,
grabbing the plaintext password from LDAP, encypting the LDAP password,
and comparing
Barry Stewart [EMAIL PROTECTED] wrote:
I guess I'm missing something then? I thought it would use the LDAP
password.
If it retrieves the password from LDAP, yes.
Shouldn't this be using the password sent by the client, grabbing
the plaintext password from LDAP, encypting the LDAP
Alan,
I'd first would like to extend my gratitude for answering my email.
I'd also like to apoligize for my confusion.
Is radius supposed to only return back a single attribute?
That's what you told it to do. An attribute with one value (even
with commas) is very different than attributes
It's not even trying to connect to the LDAP server. Is this something I
have to configure in the users file? I stopped telling the server to
authenticate via LDAP and now ethereal confirms it doesn't query the
server for anything. The LDAP info is in the radiusd.conf file. What
is supposed
On Tue, 2004-05-25 at 17:05, Barry Stewart wrote:
It's not even trying to connect to the LDAP server. Is this something I
have to configure in the users file? I stopped telling the server to
authenticate via LDAP and now ethereal confirms it doesn't query the
server for anything. The
Hello List,
I have a question - I need to Authenticate users with different options.
It looks as below:
1) Receive User-name Password,
2) If not exist or not matched - check Framed-IP-Address
3) If both not matched - Access-Reject
What I need to do?
Manipulations with username will choice a
I bugged this: http://bugs.freeradius.org/show_bug.cgi?id=73.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
respected sir,
I am working on freeradius-0.9.3 version in linux.
I have used PAP authentication successfully with both
the radtest and radclient commands available.
It return me Login Successful.
But the problem is in using CHAP.
1. If I use the freeradius server and client for
56 matches
Mail list logo