Phil Mayers wrote:
Slightly confusing, there are two ways to do this:
This should be fixed before 2.0. There should be only one way to do
things.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Nilanjan Sarkar wrote:
I want to test radiusd with radeapclient. I am following from
radeapclient man page, and using ./radeapclient -x localhost auth
testing123 req.txt.
...
But radeapclient is getting access-reject with Failure EAP-Code from
radiusd (running like ./radiusd -X in another
Jeremy M. Guthrie wrote:
The PAM module for RSA(ACE) does work except in one case:
- an account in 'next token mode' or 'new pin mode' causes FreeRADIUS to
spin
out and swallow all of the memory on the host running it till it crashes.
Ouch.
I have not nailed down yet if it is PAM or
Hangjun He wrote:
And I use EAP-TLS and with correct certs. Even if I set wrong
username in Odessey Client, freeRADIUS will return
success.(check_cert_cn not set).
EAP-TLS authenticates users based on certificates. It ignores the
user name.
Can I let freeRADIUS to check if
what's wrong in my configurations?
Not much.
rlm_sqlippool: Framed-IP-Address already exists
modcall[post-auth]: module sqlippool returns noop for request 8
You have Framed-IP-Address already set, probably by the Service-Type
entry in users file. ippool in radiusd.conf has an option to
Hi,
I'm using freeradius to assign ip to my vpn clients.
so I've configured sqlippool to bind ips to my users and groups.
and in pptpd.conf I choose not to assign ip in pptpd.
but connections to pptpd fails ( from win xp ) with error: no assigned ip.
what's wrong in my configurations?
my DB
manIP wrote:
I have a problem when I receive a Event-Timestamp attribute. The
provider assures me that he sends it in seconds (...elapsed since Jan
1st 1970) but My radius server convert it into a date.
It prints it out as a date.
For instance, the operator has sent Event-Timestamp =
Hi Alan, Ivan,
Thanks for the reply. I have posted the log below.
After observing the radiusd log, I guess the authentication failed due to
this
-
rlm_eap_md5: User-Password is required for EAP-MD5 authentication
rlm_eap: Handler failed in EAP/md5
rlm_eap: Failed in EAP select
thanks, it's ok now.
How about assigning a static ip to username without ip-pool.
On Dec 13, 2007 1:54 PM, [EMAIL PROTECTED] wrote:
what's wrong in my configurations?
Not much.
rlm_sqlippool: Framed-IP-Address already exists
modcall[post-auth]: module sqlippool returns noop for
Framed-IP-Address with :=
Ivan Kalik
Kalik Informatika ISP
Dana 13/12/2007, hadi golestani [EMAIL PROTECTED] piše:
thanks, it's ok now.
How about assigning a static ip to username without ip-pool.
On Dec 13, 2007 1:54 PM, [EMAIL PROTECTED] wrote:
what's wrong in my configurations?
with this attribute connection fails in registeration section with this
error: connection closed by remote host
On Dec 13, 2007 2:28 PM, [EMAIL PROTECTED] wrote:
Framed-IP-Address with :=
Ivan Kalik
Kalik Informatika ISP
Dana 13/12/2007, hadi golestani [EMAIL PROTECTED] piše:
thanks,
Nilanjan Sarkar wrote:
Thanks for the reply. I have posted the log below.
That's one piece of the solution.
After observing the radiusd log, I guess the authentication failed due to
this
...
Do you have information about what does it mean?
Yes.
Go read the web page I posted my last
with this attribute connection fails in registeration section with this
error: connection closed by remote host
Registration section???
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hangjun He wrote:
And I use EAP-TLS and with correct certs. Even if I set wrong
username in Odessey Client, freeRADIUS will return
success.(check_cert_cn not set).
EAP-TLS authenticates users based on certificates. It ignores the
user name.
i think, thats not completely
Dana 13/12/2007, Nilanjan Sarkar [EMAIL PROTECTED] piše:
Hi Alan, Ivan,
Thanks for the reply. I have posted the log below.
After observing the radiusd log, I guess the authentication failed due to
this
-
rlm_eap_md5: User-Password is required for EAP-MD5 authentication
rlm_eap:
Message: 9
Date: Wed, 12 Dec 2007 22:41:54 +0100
From: [EMAIL PROTECTED]
Subject: RE: Example listed in huntgroup file does not work
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=ISO-8859-2
Hi,
I should say that I do not want to use an external solution. Creating a
huntgroup for each NAS with the exact same user list does work, but then
if I have to change a user I would then have to modify what could be
over 100 groups.
i think, therein, lies your problem - you havent looked
Hi Alan, Ivan,
After adding entry in users file, this is working correctly now. Thanks a
lot for your help.
Kind Regards,
Nilanjan
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
us.org] On Behalf Of Alan DeKok
Sent: Thursday, December 13, 2007 4:47 PM
To:
I did, but the user list is not being recognized by more than one.
How can I get that user list to be used for all NAS that are in that
huntgroup? Or is this a bug?
No, it's not a bug. It's a flat file entry. Every entry is matched
separately. i.e. one entry doesn't know what's listed under
in windows xp after verifying username and password.
On Dec 13, 2007 3:02 PM, [EMAIL PROTECTED] wrote:
with this attribute connection fails in registeration section with this
error: connection closed by remote host
Registration section???
Ivan Kalik
Kalik Informatika ISP
-
List
I am looking at that option, but I should not have to. Per the
huntgroups file:
# This file can also be used to define restricted access
# to certain huntgroups. The second and following lines
# define the access restrictions (based on username and
#
Hi,
I've configured freeradius with eap-ttls, and is working fine, but I
have one doubt:
Can I use this kind of settings for use several APs with WDS?
I ask this because I've read this:
This means that Wi-Fi Protected Access (WPA) and other dynamic key
assignment technology may not be used
Dana 13/12/2007, Reynolds, Walter [EMAIL PROTECTED] piše:
I am looking at that option, but I should not have to. Per the
huntgroups file:
# This file can also be used to define restricted access
# to certain huntgroups. The second and following lines
#
Hi,
# This file can also be used to define restricted access
# to certain huntgroups. The second and following lines
# define the access restrictions (based on username and
# UNIX usergroup) for the huntgroup.
#
so why not do as i
That's ment about the link between APs not between AP and the user.
Ivan Kalik
Kalik Informatika ISP
Dana 13/12/2007, Sergio Belkin [EMAIL PROTECTED] piše:
Hi,
I've configured freeradius with eap-ttls, and is working fine, but I
have one doubt:
Can I use this kind of settings for use several
That's nothing to do with freeradius. Debug PPP and see what's missing.
Netmask?
Ivan Kalik
Kalik Informatika ISP
Dana 13/12/2007, hadi golestani [EMAIL PROTECTED] piše:
in windows xp after verifying username and password.
On Dec 13, 2007 3:02 PM, [EMAIL PROTECTED] wrote:
with this
it's ok when delegate is commented
On Dec 13, 2007 7:34 PM, [EMAIL PROTECTED] wrote:
That's nothing to do with freeradius. Debug PPP and see what's missing.
Netmask?
Ivan Kalik
Kalik Informatika ISP
Dana 13/12/2007, hadi golestani [EMAIL PROTECTED] piše:
in windows xp after verifying
With 1.1.7 I want to add attributes to an eap authenticated client.
The rules for applying vlan are somewhat unusual, that I decided to use
mysql and stored procedures to determine the values that have to be applied.
When I call the corresponding sql module from the authorize section, I
run
Hi Phil,
Here is the detail configs and logs. Please let me
know.
Thanks and Regards.
modules {
ldap {
server = ldap://x:1389;
identity =
uid=appuser,ou=appadm,o=entitlement
password = **
basedn =
Norbert Wegener wrote:
With 1.1.7 I want to add attributes to an eap authenticated client.
The rules for applying vlan are somewhat unusual, that I decided to use
mysql and stored procedures to determine the values that have to be
applied.
When I call the corresponding sql module from the
Phil Mayers wrote:
Norbert Wegener wrote:
With 1.1.7 I want to add attributes to an eap authenticated client.
The rules for applying vlan are somewhat unusual, that I decided to
use mysql and stored procedures to determine the values that have to
be applied.
When I call the corresponding sql
Hi all
As the debian upgrade, i also upgrade the freeradius
version to from 1.0.2 to 1.1.3 in debian package
the radius database is migrated to this new debian
I use the NTRADping utiliy to tests the new freeradius
login fine.
When I put it in the production, the radius.log is
showing
Error:
Hi,
I've a Freeradius on a Debian Etch with Mysql but when I'm triying to
test with NTRadPing always got the same error.
The user already exists in database
rad_recv: Access-Request packet from host 192.168.1.109:4027, id=2,
length=49
User-Name = test-user
User-Password =
Hey,
I am not sure, no specialist, but try to make this query in your mysql:
SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username =
'test-user' ORDER BY id
Make sure, that your mysql server/login/password/database are correct.
Take a look how is you password handled...
please?
Thanks in advance,
Pablo
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__ Información de NOD32, revisión 2721 (20071213) __
Este mensaje ha sido analizado
Delete that Auth-Type entry from the database. You don't need it.
Ivan Kalik
Kalik Informatika ISP
Dana 13/12/2007, ann kok [EMAIL PROTECTED] piše:
Hi all
As the debian upgrade, i also upgrade the freeradius
version to from 1.0.2 to 1.1.3 in debian package
the radius database is migrated to
Send radiusd -X output. Have you done something to sql.conf apart from
database connection details?
Ivan Kalik
Kalik Informatika ISP
Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše:
Hi,
I've a Freeradius on a Debian Etch with Mysql but when I'm triying to
test with NTRadPing always
help please?
Thanks in advance,
Pablo
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__ Información de NOD32, revisión 2721 (20071213) __
Este mensaje ha sido
/subscribe/unsubscribe? See
http://www.freeradius.org/list/usershtml
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
__ Información de NOD32, revisión 2721 (20071213) __
Este mensaje ha sido analizado con NOD32 antivirus system
http
/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__ Información de NOD32, revisión 2721 (20071213) __
Este mensaje ha sido analizado con NOD32 antivirus system
http://www.nod32.com
help please?
Thanks in advance,
Pablo
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/usershtml
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
__ Información de NOD32, revisión 2721 (20071213) __
Este mensaje
CoMeC,
Thanks for your reply, Yes I have read the FAQ, and understand why we
need to wrap at 4GB, just can't get a solution working to limit users
above 4GB. Accounting works fine above 4GB.
We have been using Mikrtoik with Freeradius for around 4 years, yeah it
works good :)
Btw I forgot to
/users.html
__ Información de NOD32, revisión 2721 (20071213) __
Este mensaje ha sido analizado con NOD32 antivirus system
http://www.nod32.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
-
List info/subscribe/unsubscribe? See http
/unsubscribe? See http://www.freeradius.org/list/usershtml
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__ Información de NOD32, revisión 2721 (20071213) __
Este mensaje ha sido analizado con NOD32 antivirus system
http://www.nod32.com
-
List info
2721 (20071213) __
Este mensaje ha sido analizado con NOD32 antivirus system
http://www.nod32.com
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/usershtml
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Use rlm_perl instead of sqlcounter. That way you can return both gigaword
and octet limiting VSAs.
Ivan Kalik
Kalik Informatika ISP
Dana 13/12/2007, Russell Tester [EMAIL PROTECTED] piše:
CoMeC,
Thanks for your reply, Yes I have read the FAQ, and understand why we
need to wrap at 4GB, just
/unsubscribe? See
http://www.freeradius.org/list/usershtml
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
__ Información de NOD32, revisión 2721 (20071213) __
Este mensaje ha sido analizado con NOD32 antivirus system
http://www.nod32.com
://www.freeradius.org/list/users.html
__ Información de NOD32, revisión 2721 (20071213) __
Este mensaje ha sido analizado con NOD32 antivirus system
http://www.nod32.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
-
List info/subscribe/unsubscribe? See
/subscribe/unsubscribe? See
http://www.freeradius.org/list/usershtml
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
__ Información de NOD32, revisión 2721 (20071213) __
Este mensaje ha sido analizado con NOD32 antivirus system
http://www.nod32
Yes. It sounds good.
Check common name in the certificate with databases(users or others).
John
[EMAIL PROTECTED] 写道:
Hangjun He wrote:
And I use EAP-TLS and with correct certs. Even if I set wrong
username in Odessey Client, freeRADIUS will return
success.(check_cert_cn not
/unsubscribe? See http://www.freeradius.org/list/users.html
__ Información de NOD32, revisión 2721 (20071213) __
Este mensaje ha sido analizado con NOD32 antivirus system
http://www.nod32.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
-
List
HI
I am using EAP_TLS authentication ie certificate based authentication with
free radius.The setup is working fine .
I have one query.Is there any way to lock the client certificate to a
particular laptop MAC address so that the certificate cannot be used in another
machine..Is there any
52 matches
Mail list logo
