Hi,
Ivan Kalik escribió:
You have experlty deleted all the relevant information from the debug and
your configuration. Post the complete debug.
I solved the problem commenting the line
virtual_server = inner-tunnel
in the peap section of eap.conf
which means you are not using the
Hi,
We have two FR servers (running 1.1.15) on Red Hat machines.
1.1.5 ?
upgrade to 1.1.7 to fix lots of known bugs/issues
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi,
are you sure that there isnt a legacy secret entry in clients.conf
file?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Don't know if this is an issue for you, but: Cisco equipment does not
support command authorization via RADIUS (*any* RADIUS...) [for pure
business greed reasons]. So if you really need per-command
authorization, you'll have to stick with TACACS+ which, sadly, is well
catered by ACS.
hi,
are you sure that there isnt a legacy secret entry in clients.conf
file?
Nope...
[EMAIL PROTECTED] sbin]# more /usr/local/etc/raddb/clients.conf
#**
Hi,
It still leaves one item open. I can't seem to get radclient to
be able to take the NAS-IP-Address and then the secret for that
NAS-IP-Address.
It seems no matter what, it wants to use the secret for the localhost. Is
this how its supposed to work, or is there a bug somewhere?
Hi,
It still leaves one item open. I can't seem to get radclient to
be able to take the NAS-IP-Address and then the secret for that
NAS-IP-Address.
It seems no matter what, it wants to use the secret for the localhost. Is
this how its supposed to work, or is there a bug
Hi,
Tech calls in and say that he can't get an appliance working in the
field.
I ask him what secret he's using and the IP address of the appliance. I want
to
be able to be locally logged onto the radius server and use
radtest/radclient/rad
to be able to query radius asking If
Hi,
Tech calls in and say that he can't get an appliance working in the
field.
I ask him what secret he's using and the IP address of the appliance. I
want to
be able to be locally logged onto the radius server and use
radtest/radclient/rad
to be able to query radius
If you have a spare box on a local network, switch that supports VLANs
and a router that can tag VLANs - you can spoof the whole outside
network with simple IP/VLAN configuration:
configure a gateway IP interface for the network you want to spoof on
your router and tag it with testing VLAN ID -
Hi Ivan,
Really, I appreciate the information. I'm sure between the suggestions
given I could do it. However, if it is more than a command line or script on
the radius server itself, its too involved for the person I have to turn it
over to. I just saw that radtest took nasname as an
ImagineNet_Detail {
+- entering group accounting
expand: /var/log/radius/radacct/imaginenet/detail-%Y%m%d -
/var/log/radius/radacct/imaginenet/detail-20080504
rlm_detail: /var/log/radius/radacct/imaginenet/detail-%Y%m%d expands to
/var/log/radius/radacct/imaginenet/detail-20080504
expand: %t - Sun
I recently upgraded to 2.0.4, and now I'm seeing the following error when I
start FreeRADIUS:
radiusd -X:
/opt/freeradius-2.0.4/etc/raddb/radiusd.conf[210]: Error binding to port for
0.0.0.0 port 1812
radius.log:
Sat May 3 20:21:39 2008 : Error: ERROR: Failed to open socket:
Sat May 3
FreeRADIUS 2.0.4
Some documentation I've read recommends running FreeRADIUS as user=radius
group=radius. It said that you shouldn't use nobody because that is reserved
for a special purpose (I think it was the Hassel book).
Around line 116 of radiusd.conf, I found the option for user/group,
Lemaster, Rob wrote:
Some documentation I've read recommends running FreeRADIUS as user=radius
group=radius. It said that you shouldn't use nobody because that is
reserved for a special purpose (I think it was the Hassel book).
You should run it as radius/radius. The problem with using
15 matches
Mail list logo
