[EMAIL PROTECTED] wrote:
Do you mean the clients.conf file? I don't see
require_message_authenticator there. If it is some other file then
please let me know the details. I am a new user so not much aware of the
configuration files.
It's in 2.0.
Alan DeKok.
-
List
[EMAIL PROTECTED] wrote:
The first comment might be giving you just another place to provide your
CA cert, whereas the second comment clearly talks about not permiting
EAP-TLS. I say this, because I don't see why the CA would be required at
all if EAP-TLS will be denied.
Because PEAP uses
Please, help me..
I am confuse
why my freeradius server can´t detect the password that i write on the client?
I am use OpenLDAP for the database
rad_recv: Access-Request packet from host 10.10.53.100:1812, id=76, length=83
User-Name = htrisnadi
Framed-MTU = 1400
Koko Kurniawan wrote:
why my freeradius server can´t detect the password that i write on the
client?
Because the password is NOT in the RADIUS packet. Go read it: no
User-Password attribute.
rad_recv: Access-Request packet from host 10.10.53.100:1812, id=76,
length=83
User-Name =
Hello!
I've installed freeradius on CentOS 5.1 and configured it to use mysql.
freeradius+mysql seems to work fine,
here's the output of radtest command:
radtest myuser mypassword localhost 0 mysecret
Sending Access-Request of id 188 to 127.0.0.1 port 1812
User-Name = user
Hi everyone,
I have been trying to get RADIUS to run a perl script which would
authenticate users (and yes I have tried rlm_perl but I decided
against it). So far all I have in the perl script itself is
#!/usr/bin/perl
use strict;
use Data::Dumper;
exit 3;
Vladi Lemurov wrote:
but when I try to connect to pptpd, pptpd doesn't even try to connect to
radius server (I even tried to listen
with tcpdump on lo for packets going to ports 1812 and 1813, caught
nothing from pptpd) and gives me the following errors:
rc_avpair_new: unknown attribute 6
...
T Kid82 wrote:
I have been trying to get RADIUS to run a perl script which would
authenticate users (and yes I have tried rlm_perl but I decided
against it).
Why? It is *much* more efficient than exec'ing a program.
...
Exec-Program output:
Exec-Program: returned: 3
++[exec] returns ok
Alan DeKok a écrit :
What am I doing wrong? Below I've copypasted config files of pptpd
radius and their debug logs.
sigh Do NOT post the FreeRADIUS dictionaries to this list. There
is nothing wrong with the dictionaries.
DO configure pptpd to point to the RADIUS dictionaries it
Nice one ! Should be really usefull !
Regards,
E:S
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
g] On Behalf Of Thibault Le Meur
Sent: Mittwoch, 19. März 2008 09:57
To: FreeRadius users mailing list
Subject: Re: freeradius+pptpd+mysq - rc_avpair_new: unknown
I've adjusted radiusclient.conf and now everything's fine!
Thanks a lot!
Vladi Lemuroff.
but when I try to connect to pptpd, pptpd doesn't even try to connect to
radius server (I even tried to listen
with tcpdump on lo for packets going to ports 1812 and 1813, caught
nothing from pptpd)
Hi, here is my problem:
0) Cisco APs - Radius - Ldap authentication via 802.1x - PEAP - MSCHAPv2
works.
1) I need to link the group of the user that try to authenticate with
the SSID, so i can allow only a particular group of users to use a
particular SSID/VLAN.
2) I have an OpenLDAP backend
I am using freeradius 2.0. With the default schema which comes with that.
Following is the database entry. It shows a new user never logged in before.
If i give value of Max-All-Data 2147483646 it works fine. Anything above it
doesnt work. Attached is the radius log where it displays negative
Pietro Accerboni wrote:
Hi, here is my problem:
0) Cisco APs - Radius - Ldap authentication via 802.1x - PEAP - MSCHAPv2
works.
That's a good start.
1) I need to link the group of the user that try to authenticate with
the SSID, so i can allow only a particular group of users to use a
thanks for the answer,
i want ask something
what do you mean about the password is NOT in the RADIUS packet??
so where is the user-password??
i have removed Auth-Type := LDAP in users..
it´s still not working. what must i do?
LDAP doesn´t know EAP, so what kind of authentication i must use.
Thanks a lot for the quick answer, it works!
So the ldap filters i wrote are ok, the problem was on the users file. I
have 2 more questions:
1) Now i check the group membership with a numeric constant, like
Ldap-Group!=800.
Say the ldap posixGroup entry is:
cn=staff,dc=mydomain,dc=it
cn=staff
thanks for the answer,
i want ask something
what do you mean about the password is NOT in the RADIUS packet??
so where is the user-password??
Most protocols don't work on password matching but on challenge-response.
i have removed Auth-Type := LDAP in users..
it´s still not working. what must
I've just downloaded the new 2.0.3, and when I tried to generate the
debian packages, I got the following error:
Lab:~/freeradius-server-2.0.3# dpkg-buildpackage -b -uc
parsechangelog/debian: error: found start of entry where expected more
change data or trailer, at file debian/changelog line
rgreiner wrote:
I've just downloaded the new 2.0.3, and when I tried to generate the
debian packages, I got the following error:
Lab:~/freeradius-server-2.0.3# dpkg-buildpackage -b -uc
parsechangelog/debian: error: found start of entry where expected more
change data or trailer, at file
Hi,
Is it possible to send or execute a script to a user when he
authenticated thru wi-fi connection with particular NAS.
Like when user joe successfully authenticated with the sql database, if
he was connected with NAS IP address X, he receive a Welcome message X
and if he authenticated with
Oh,
ok. Tks.
Roberto
Alan DeKok wrote:
rgreiner wrote:
I've just downloaded the new 2.0.3, and when I tried to generate the
debian packages, I got the following error:
Lab:~/freeradius-server-2.0.3# dpkg-buildpackage -b -uc
parsechangelog/debian: error: found start of entry where
Koko Kurniawan wrote:
thanks for the answer,
i want ask something
what do you mean about the password is NOT in the RADIUS packet??
I mean it's not.
so where is the user-password??
Some authentication protocols do not require exchanging the password.
CHAP, MS-CHAP, and EAP all work
Hi, Ivan.
Thanks for your answer.
It's very strange. I don't delete anything.
Just modified the option in eap md5 to peap, but when I try to reload the
radius with radiusd -X the program can't work and send it errors.
I have another test server, and same configurations work fine.
I have copied
Hi, Ivan.
Thanks for your answer.
It's very strange. I don't delete anything.
Just modified the option in eap md5 to peap, but when I try to reload the
radius with radiusd -X the program can't work and send it errors.
I have another test server, and same configurations work fine.
I have copied
Pietro Accerboni wrote:
Thanks a lot for the quick answer, it works!
Yes. It's really that easy.
The hard part is usually figuring out how to phrase the policies
correctly. If the policies are phrased incorrectly, it's *impossible*
to get the server to do what you want... because the
Guillaume Chartrand wrote:
Is it possible to send or execute a script to a user when he
authenticated thru wi-fi connection with particular NAS.
$ man unlang
You can write a policy that matches any condition you want, and then
run a script. See also the exec module.
Like when user joe
Gustavo Chavelas wrote:
It's very strange. I don't delete anything.
Just modified the option in eap md5 to peap, but when I try to reload
the radius with radiusd -X the program can't work and send it errors.
Then the server was built *without* SSL support. PEAP needs SSL, so...
I have
Okey, i've searched and searched for a hint, hopefully this isn't one of
those RTFM messages, and hopefully I didn't read an invalid FM ;-)
I'm trying to emulate the edunet network wireless roaming network,
which primarily uses (in this order):
EAP-TTLS
PEAP
EAP-MSCHAPv2
My Access point
Hi,
Okey, i've searched and searched for a hint, hopefully this isn't one of
those RTFM messages, and hopefully I didn't read an invalid FM ;-)
I'm trying to emulate the edunet network wireless roaming network, which
primarily uses (in this order):
EAP-TTLS
PEAP
EAP-MSCHAPv2
My
Okey, i've searched and searched for a hint, hopefully this isn't one of
those RTFM messages, and hopefully I didn't read an invalid FM ;-)
Not hard enough ;-)
http://lists.freeradius.org/pipermail/freeradius-users/2008-March/070076.html
Ivan Kalik
Kalik Informatika ISP
-
List
Please let me know if this topic is already discussed
or has doc/wiki. If yes please guide me to the right
thread. Thanks.
We are going to use MACaddress as silent
authentication. When the users tries to connect to the
WIFI Access point, Aptilo Networks is going to send
MacAddress as User-Name
James McOrmond wrote:
This is a Samba NT domain, not AD. I do not have access to the plain
text password through Samba or LDAP.
Samba is a lot friendlier about passwords than AD is.
The Protocol and Password Compatibility chart and the Authenticaiton
Systems and Password Compatibility
You have put significant effort into butchering the default
configuration. Why?
I got this from the comments in exec-program-wait (which has been
deprecated) where it explains how to use rlm_exec. It says,
An entry for the module 'rlm_exec' must be added to the file
'radiusd.conf' with the
On Mar 19, 2008, at 11:34, T Kid82 wrote:
You have put significant effort into butchering the default
configuration. Why?
I got this from the comments in exec-program-wait (which has been
deprecated) where it explains how to use rlm_exec. It says,
An entry for the module 'rlm_exec' must be
Alan DeKok wrote:
James McOrmond wrote:
This is a Samba NT domain, not AD. I do not have access to the plain
text password through Samba or LDAP.
Samba is a lot friendlier about passwords than AD is.
Of course it is.. G I probably should have mentioned samba in the
original
James McOrmond wrote:
Using secureW2 in the windows client - if I put anything in the DOMAIN
field, it doesn't work well - likely because my userid is still
[EMAIL PROTECTED] when it attempts to connect to ldap.
possibly I have the ntdomain hack stuff wrong? or maybe some realm
settings
T Kid82 wrote:
I got this from the comments in exec-program-wait (which has been
deprecated) where it explains how to use rlm_exec. It says,
An entry for the module 'rlm_exec' must be added to the file
'radiusd.conf' with the path of the script.
Yes... but from the debug output you
Thanks a lot of Alan.
I will try to install the SSL as you suggest me.
Saludos cordiales,
Message: 4
Date: Wed, 19 Mar 2008 17:07:17 +0100
From: Alan DeKok [EMAIL PROTECTED]
Subject: Re: Error EAP
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID:
I have a cronjob that pulls down a CRL, runs openssl to verify it's OK, and
then stops radius, copies the crl into place, and then starts radius.
Occasionally, around two or three times a month, I get the following errors
and no one can auth to radius until the next run of the cronjob when the
With that, and a few configuration options (like making sure the host was
connected to the domain and ntlm_auth functioned as required), i've managed
to get PEAP and EAP-MSCHAPv2 working fine to the ntdomain.
EAP-TTLS works fine with an account in the users file that has a clear
text
40 matches
Mail list logo