Hi again,
I think i found a solution
I dont know why but i had to give -d parameter to show the default config
path, my config path is under freeradius but it searches for radiusd
so..it made the problem.
So is there a way to change default path for radzap/radwho etc?
Hello,
I am using rlm_perl
Oguzhan Kayhan wrote:
Hello,
I am using rlm_perl script for authentication. And logging radacct in sql.
But it is strange that,
i couldnt use radwho radzap radlast etc for a while.. had the error file
not found etc..
So i manually created the files with touch. Now i can see theres records
Marc LEURENT wrote:
Good evening,
I'm sending a group membership query from openser to freeradius...
I would like to send a group membership query, but it's a group
authorize query that is received...
I have no idea what you mean by that. OpenSER sends RADIUS packets to
FreeRADIUS. It
Brian Wilson wrote:
I tried updating to version 2.0. I like the debug interface much
better, it makes it alot easier to read. Nice job!
Thanks. It was a fair amount of work, but I think it's worth it.
Unfortunately, this upgrade introduced a new issue for me. When doing
group ldap
nikitha george wrote:
Please find the debug log below..
rlm_eap_ttls: Session established. Proceeding to decode tunneled
attributes.
+- entering group authorize
++[preprocess] returns ok
expand: %{User-Name} - Catónio
It looks like it's not doing anything to the characters.
Hello,
I have a small problem a little bit annoying, and it seems to me that a lot of
people using LDAP don't know that they have the same problem.
I explain :
I have an access-point, and I want use EAP/TTLS in order to authenticate
people on my LDAP server. The first time, I had then
I have been following you since three years and
I trust you, so I will buy your book. Date: Tue, 15 Jan 2008 17:03:52 +0100
From: [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Subject:
Re: alan's book, or anything new on the horizon Duane Cox wrote: I wonder
if Alan ever
Hello List,
I have a question regarding the ability of rlm_sql setting of the
Autz-Type attribute.
I am attempting to assign/add to the Autz-Type attribute for processing
of sqlcounter instances based on the groups the user belongs to.
User [EMAIL PROTECTED] belongs to a group DSL-LOCAL
I am an idiot,
The Autz-Type and the like are configuration items that are processed in
their own sections. The sql module changes reply and check items.
Sorry for the waisted bandwith.
Kind Regards
Etienne Pretorius
-
List info/subscribe/unsubscribe? See
On 16/01/2008, Ian Begg [EMAIL PROTECTED] wrote:
Hi
Dont know if this is the correct place to ask but I have a problem. I have
got freeradius working with eap/tls and can load the certs to XP laptops and
connect. The problem I have is that if I log onto the laptop using a
different user, no
hi
Catónio if its converted to UTF-8 then it should look like below in hex
format. Try to get ur hex data and compare it with below data.
If you are not getting the UTF-8 decoded information as shown in below then
there must be an issue with encoding mechanism of free radius.
C- 0x43
a- 0x61
Josh Howlett wrote:
...
Sending Access-Challenge of id 3 to x.x.x.x port 1812
MS-CHAP2-Success =
...
EAP-Message =
...
That looks like a bug to me. It's a violation of RFC2548:
No. The bug is different: EAP-MSCHAPv2 is *not* MS-CHAPv2.
The MS-CHAP2-Success attribute has no business
Gopinath Reddy N wrote:
Catónio if its converted to UTF-8 then it should look like below in hex
format. Try to get ur hex data and compare it with below data.
If I cut paste that from my mailer to the config files test
cases, it works. It doesn't mangle the name at all.
If you are not
Le mercredi 16 janvier 2008, Alan DeKok a écrit :
Thierry CHICH wrote:
I have an access-point, and I want use EAP/TTLS in order to authenticate
people on my LDAP server. The first time, I had then something like that:
...
in my intel proset, if I am giving a false identity in my roaming
Alan DeKok Wrote:
No. The bug is different: EAP-MSCHAPv2 is *not* MS-CHAPv2.
The MS-CHAP2-Success attribute has no business being in *any* packet that
also contains EAP.
I've committed a fix for that to CVS head.
Thank you verymuch for the response
How and when do I get this fix
indira kolli wrote:
Thank you verymuch for the response
How and when do I get this fix
The web site contains instructions for obtaining code via CVS.
Also does this fix the reply as type Access-Accept instead of
Access-challenge or
am I interpretting this also wrong
Thierry CHICH wrote:
Le mercredi 16 janvier 2008, Alan DeKok a écrit :
Thierry CHICH wrote:
I have an access-point, and I want use EAP/TTLS in order to authenticate
people on my LDAP server. The first time, I had then something like that:
...
in my intel proset, if I am
Alan DeKok wrote:
Brian Wilson wrote:
I tried updating to version 2.0. I like the debug interface much
better, it makes it alot easier to read. Nice job!
Thanks. It was a fair amount of work, but I think it's worth it.
Unfortunately, this upgrade introduced a new issue for me. When
Hello,
I run a few NAS devices, all Lucent/Ascend Max TNT with a freeradius
server. Im trying to locate some documentation on the Max TNT to
change some options and the site I used to use - hal-pc.org/~ascend
doesnt seem to be available any longer. Thought I might try my luck
here.
What I am
John Dennis wrote:
Where is the LDAP-UserDN being set from?
It is set by rlm_ldap by performing an LDAP search on the USER_NAME
attribute. If the search succeeds the ldap-userdn is set to the dn the
user name was found under. This dn can then be used to efficiently point
to the user data
Hello everyone,
I am trying to do a more complicated query for a custom session time
counter, but I am running into problems.
Can someone please answer the following questions?
Problem: When I have the attribute Session-Timeout in the radcheck table, I
get a Segmentation Fault after the query as
Thierry CHICH wrote:
freeradius Version 1.1.3 ??? I can't believe it ! I thank I was using the
version 1.1.6 ! Is it possible it change the beahvior if I upgrade ?
In 1.1.x you can set the User-Name inside of the tunnel, and then set
use_tunneled_reply = yes in the EAP config. This will use
Spam Eater wrote:
Problem: When I have the attribute Session-Timeout in the radcheck
table, I get a Segmentation Fault after the query as run, no matter if
it returns results or not.
doc/bugs
a) I've noticed that freeradius performs Accounting-Request when this
attribute is set, is this
Hello Alan,
What is the expected callflow for EAP-MSCAHPv2
Access-request
Access-Challenge
Access-request
Access-Accept
Why am I getting Access-challenge again
..Indi
On Jan 16, 2008 10:30 AM, Alan DeKok [EMAIL PROTECTED] wrote:
indira kolli wrote:
Thank you verymuch
Hello Alan,
Thank you so much for your quick response!
Please check my comments inline below:
Problem: When I have the attribute Session-Timeout in the radcheck
table, I get a Segmentation Fault after the query as run, no matter if
it returns results or not.
doc/bugs
a) I've
indira kolli wrote:
What is the expected callflow for EAP-MSCAHPv2
Read the specification, or the source code.
Access-request
Access-Challenge
Access-request
Access-Accept
Why am I getting Access-challenge again
You're not saying which supplicant you're using.
Let me
Hi,
Thierry CHICH wrote:
freeradius Version 1.1.3 ??? I can't believe it ! I thank I was using the
version 1.1.6 ! Is it possible it change the beahvior if I upgrade ?
In 1.1.x you can set the User-Name inside of the tunnel, and then set
use_tunneled_reply = yes in the EAP config.
Hi,
Do you provide co-location service in Sth Africa ?
I am looking to have a rackspace or half down there.
Regards,
Abdul Hakeem
IPEX Telecom
+447931800952
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Keith Dovale
Sent: 15 January 2008 16:41
To: 'FreeRadius users
then dont keep it under 400.
more info is better. ( and real examples too )
thanx.
On 16/01/2008, Alan DeKok [EMAIL PROTECTED] wrote:
orion wrote:
alan , can we have the TOC of the book ?
It's still in development, and I'm re-arranging it occasionally. At a
high level:
Introduction
b) Is there a limit to the sql query length?
In 1.1.x, yes. About 253 octets in many cases. If the queries are in
the configuration (e.g. rlm_sql_ippool), then the queries can be very
long.
Ok, this is certainly a problem for me. I can't change freeradius version
(at least not
Is there a way to open two ports (1645 and 1812) for auth at the same time?
We want to find a way to open 1645, 1812, 1646, and 1813 for auth and acct in
parallel.
Thanks,
Kevin
-
Never miss a thing. Make Yahoo your homepage.-
List
Greetings,
I have looked at the documentation included with the 2.0 distribution for
setting up radius 2.0 and I am either blind, or it doesn't have when I am
looking for.
What I am trying to do is set up my main realm to handle either no realm or
deal with the default realm, The
Spam Eater wrote:
Ok, this is certainly a problem for me. I can't change freeradius
version (at least not now, maybe in the future) so I assume the only
option is to 'exec' external scripts to perform more complex queries, am
I right?
It's an option, but not the only one. You can use Perl
orion wrote:
then dont keep it under 400.
more info is better. ( and real examples too )
It's a lot of typing, and a lot of copy-editing.
The main issue with examples is that adding NAS examples is almost
impossible. There are dozens of manufacturers, and hundreds of possible
Kevin J wrote:
Is there a way to open two ports (1645 and 1812) for auth at the same time?
We want to find a way to open 1645, 1812, 1646, and 1813 for auth and
acct in parallel.
See the listen directive in radiusd.conf. This is documented.
Alan DeKok.
-
List info/subscribe/unsubscribe?
William wrote:
What I am trying to do is set up my main realm to handle either no realm or
deal with the default realm,
I'm not sure what you mean by that. Do you want those requests to
both be proxied, or handled in the local server?
Talking about the local server as a main realm
On Wednesday 16 January 2008 16:39:38 Alan DeKok wrote:
Configure... what, exactly? I think you're getting stuck on trying to
make particular configurations work. You should instead state the
requirements as clearly as possible. Odds are that a simple
configuration will be
William wrote:
The situation is that we have a lot of legacy users who only enter a
username,
without realm information, and passwords for their connections. Those work
fine. When newer users enter [EMAIL PROTECTED] for their password I need to
strip off the realm, and authenticate that
On Wednesday 16 January 2008 16:58:09 Alan DeKok wrote:
William wrote:
The situation is that we have a lot of legacy users who only enter a
username, without realm information, and passwords for their connections.
Those work fine. When newer users enter [EMAIL PROTECTED] for their
Ok, this is certainly a problem for me. I can't change freeradius
version (at least not now, maybe in the future) so I assume the only
option is to 'exec' external scripts to perform more complex queries, am
I right?
It's an option, but not the only one. You can use Perl or Python,
Hi Alan,
I am curious about your book.
When will it be available? Will it be sold at Amazon or other online store?
Thanks!
On Jan 16, 2008 9:23 PM, Alan DeKok [EMAIL PROTECTED] wrote:
orion wrote:
then dont keep it under 400.
more info is better. ( and real examples too )
It's a lot of
Hi,
option is to 'exec' external scripts to perform more complex queries, am
I right?
It's an option, but not the only one. You can use Perl or Python, too.
Sorry if this seems studpid, but, do you mean that I can embed Perl in
radiusd.conf?
no - you can call PERL from pre-auth,
Hi,
the first request looks like this.NOTE the test order...
rad_recv: Access-Request packet from host 192.168.1.64 port 32775, id=35,
User-Name = test
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[unix] returns updated
OK, since that's correct I had a look at the debug. You are not doing
group checking at all. You have done something to sql.conf to break it.
Go back to the original sql.conf and just alter the connection details
(user, pass, server). Leave rest as it is (we will sort out sumultaneous
use later).
Hi all,
In message
[EMAIL PROTECTED], Rupert
Finnigan [EMAIL PROTECTED] writes
Try importing the Certificate to the Local Computer Certificate Store
rather than the User one..
On XP, go Start - Run, and run mmc. Then, go File - Add/Remove
Snap-In and add the Certificates Snap in and rather
Thierry CHICH wrote:
I have an access-point, and I want use EAP/TTLS in order to authenticate
people on my LDAP server. The first time, I had then something like that:
...
in my intel proset, if I am giving a false identity in my roaming profile
with
a good identity and a good password, it
DEFAULT NAS-IP-Address == so.me.bo.x, Auth-Type := Accept
Ivan Kalik
Kalik Informatika ISP
Dana 16/1/2008, Chad Whitten [EMAIL PROTECTED] piše:
Hello,
I run a few NAS devices, all Lucent/Ascend Max TNT with a freeradius
server. Im trying to locate some documentation on the Max TNT to
change
orion wrote:
alan , can we have the TOC of the book ?
It's still in development, and I'm re-arranging it occasionally. At a
high level:
Introduction
Concepts
Participants and their roles
User Devices
NAS
RADIUS Servers
Databases
AAA Overview
Authentication
Oh my God!!! This problem is killing me!I back the original sql.conf and
have no Auth-Type in radcheck and other no in tables too.I put := in
Simultaneous-Use.I test the connection and no groups table was read. The
radius log is the same.I did install freeradius in other server and do the
same. No
[EMAIL PROTECTED] wrote:
you are calling the unix auth module before suffix - therefore the magic
hasnt yet happened. I'd try putting the unix module after the modules
that play around with User-Name
i.e. the order in the default configuration is wrong, too.
I've fixed it.
Alan DeKok.
50 matches
Mail list logo