On 7/30/07, Roberto Greiner [EMAIL PROTECTED] wrote:
YvesDM wrote:
Hi Robert,
As for m0n0wall (and I guess pfsense too), you can also use the
diable concurrent logins option in the CP setup.
This way there will never be simultaneous use from the same nas.
Kind Regards,
Yves
I have one question to this, you suposed that RADIUS and DataBase services are in the same machine, what happens if these services are in severa or there are replicate servers?
My advice is to create a database trigger on INSERTs, UPDATEs,DELETEs.For example, my postgresql trigger written in
On Mon, 2007-07-30 at 21:23 +0100, Clive Gould wrote:
Hi
I'd be grateful to hear from anyone out there who has got Freeradius (on a
Linux box) running as a proxy server successfully validating usernames and
passwords against a Windows IAS server using the MSChapv2 protocol.
I have the
On Tue 31 Jul 2007, Kennie Lionheart wrote:
Hi,
I have a question about Freeradius' log.
My costomer has used Remote Access VPN with Freeradius and Cisco VPN 3000,
and 2 months ago, they added Cisco ASA on their system in order to expanse
their VPN system. Now their users can use both VPN
Then pipe the susdo command though ssh...
-Peter
On Tue 31 Jul 2007, Santiago Balaguer García wrote:
I have one question to this, you suposed that RADIUS and DataBase services
are in the same machine, what happens if these services are in severa or
there are replicate servers?
My advice is
Hi
Thanks for the replies to my posting yesterday.
Perhaps I can explain the situation more clearly. My goal is to
authenticate login to the digital repository DSpace against a Windows IAS
server. I do not have physical access to the IAS server and cannot change
it's shared secret. So far I
Hi,
I have a setup where my client is trying to perform authentication to
server by using
EAP-TLS. The server is a pass through server, which forwards the packet to
the free radius.
The free radius, instead of sending the server certificates, bails out on
seeing the client Hello and the TLS
On Tue 31 Jul 2007, Clive Gould wrote:
Hi
Thanks for the replies to my posting yesterday.
Perhaps I can explain the situation more clearly. My goal is to
authenticate login to the digital repository DSpace against a Windows IAS
server. I do not have physical access to the IAS server and
Hi Peter
Thanks for the prompt reply.
The Windows IAS server is working fine and I have been successfully
authenticating against it using Moodle/PHP on the Linux server for several
years.
I've put the Freeradius server in between Moodle and IAS purely to test
out my proxing configuration and
Hi everyone
Please ignore my postings about problems with IAS authentication.
I have just read this in the FAQ:
FreeRADIUS is limited to 16 characters for the shared secret.
The shared secret on our IAS server is 25 characters long :-(
Thanks anyway
Clive
-
List
Hi,
I have a setup where my client is trying to perform authentication to
server by using
EAP-TLS. The server is a pass through server, which forwards the packet to
the free radius.
The free radius, instead of sending the server certificates, bails out on
seeing the client Hello and the TLS
Hi Santiago,
Tuesday, July 31, 2007, 11:21:36 AM, you wrote:
I have one question to this, you suposed that RADIUS and DataBase
services are in the same machine, what happens if these services are
in severa or there are replicate servers?
Most probably you will have the radius and the
YvesDM wrote:
On 7/30/07, *Roberto Greiner* [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
YvesDM wrote:
Hi Robert,
As for m0n0wall (and I guess pfsense too), you can also use the
diable concurrent logins option in the CP setup.
This way there will
Clive Gould wrote:
I have just read this in the FAQ:
FreeRADIUS is limited to 16 characters for the shared secret.
The shared secret on our IAS server is 25 characters long :-(
The limit in 1.1.7 is 32 characters, not 16. And if you use
radclient, there is no limit to the secret length.
Jeffrey Sewell wrote:
Looks like that was designed to do exactly what I'm thinking. I
haven't been following the threads on version 2's status, how is it
coming? Anything I can do to help?
There are one or two patches that I think should go into CVS. After
that, we can release 2.0.0-pre2.
Hi,
The limit in 1.1.7 is 32 characters, not 16. And if you use
radclient, there is no limit to the secret length.
1) Use radclient on the machine running FreeRADIUS to test IAS with
the 25-character shared secret. If that works,
2) Type the secret into FreeRADIUS.
hmm, its
[EMAIL PROTECTED] wrote:
hmm, its interesting that the key length is an issue - I guess we
_could_ have a much larger number with no real issue...but would
that actually gain anything security wise? I also note that MANY
NAS devices have much smaller maximum shared secrets (memory is
Hi!
i'm trying to authenticate a Linux client but i'm having some problems.
I'm running the server in debbuging mode, and when i send a request from the
linux client, the server rejects it saying invalid password. The password
it shows is sth like/245/eer/m43 and so on, so i thougth the
Hi!
I seem to be getting errors such as
Tue Jul 31 11:50:23 2007 : Error: Assertion failed in request_list.c, line 1012
in my Radius logs from time to time, especially during high load. This
assertion failure leads to Radius server getting stuck, which in turn
results in my clients getting
Hi everyone
Thanks for all the help and advice so far :-)
I have installed freeradius 1.1.7 and get the appended message when I try
to use it as a proxy between a Linux/Moodle/PHP radius client and a
Windows IAS server. The shared secrets are definitely the same.
The Linux/Moodle/PHP radius
Hi,
Windows IAS server. The shared secrets are definitely the same.
i would beg to say they arent. have you double checked the shared
secrets for both ends of the link ie
linux VLE - FR proxy --- IAS
12
need to check the client and server shared
Thanks for that Claudiu - I'll have to see what I can do :)
Handling the sighup would be a big deal. I am adding my NAS via a php script
so I can easily ask it to give the server a kick once i've added a NAS.
It may be that I can live with an hourly cron job - will have to see. In
theory there
Clive Gould said:
I have installed freeradius 1.1.7 and get the appended message when I try
to use it as a proxy between a Linux/Moodle/PHP radius client and a
Windows IAS server. The shared secrets are definitely the same.
[snip]
Received Access-Accept packet from client 10.200.0.2 port
Hi,
We suffer from exactly the same issue (fr1.1.6). The only workaround I
found is to use a script that checks if freeradius is aliave and if
not - starts it again. Obviously it still causes some disruptions but
it's better then freeradius dying completely.
kind regards
Pshem
On 01/08/07,
Janne Peltonen wrote:
I seem to be getting errors such as
Tue Jul 31 11:50:23 2007 : Error: Assertion failed in request_list.c, line
1012
Which version? 1.1.7 doesn't have an assertion on that line, and it
has a LOT of fixes over earlier versions.
Alan DeKok.
-
List
25 matches
Mail list logo