Hi,
It seems that NAS is configured to send the same log with the same
Acct-Session-Id 6 times .
Regards.
On Thu, Jun 17, 2010 at 4:51 PM, Omer Faruk Sen omerf...@gmail.com wrote:
I think answer to my question is suppress field to remove. I am using
1.1.8 and I see that for every unique
Kyle Plimack wrote:
I have pap working (i.e. I ran radtest and got an access-accept).
I don’t want to configure certs on each of my hosts for each of my
clients, so I’d like to use PEAP/msChapV2 so that dot1x clients are
prompted for and username/password.
According the the
Date: Thu, 17 Jun 2010 22:14:45 +0100
From: a.l.m.bu...@lboro.ac.uk
To: freeradius-users@lists.freeradius.org
Subject: Re: eduroam PEAP + TTLS
Hi,
Hi thank you very much for you quick answer !
I'm trying to implement PEAP-MSCHAPV2 support in an existing and working
configuration
-Identifier = ap
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -
/var/log/radius/radacct/192.168.252.17/auth-detail-20100618
[auth_log]
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
Finally, you're right, there is a confusion with PEAP and TTLS... When I say
our FreeRADIUS server doesn't support TTLS but only PEAP, that works...
So this is the true question, what error in my configuration can cause this ?
Thank you very much !
J-P.
From: le...@hotmail.com
To:
Hi all,
I need to authorize wireless users by the protocol EAP-PEAP on Cisco
Air 350, but,
unfortunately, the radius of the billing system can not EAP-PEAP.
Freeradius server
in proxy mode terminates the tunnel TLS, and requests the radius of
the billing system
goes on algorithm mschapv2.
All
Hi,
# users
DEFAULT Auth-Type := eap
DEFAULTAuth-Type := Kerberos
Fall-Through = 1
those are 2 conflicting entries. you should never need the
first one. the second one is what you'll need...but the Fall-Through
is superfluous
alan
-
List
Hi,
I need to authorize wireless users by the protocol EAP-PEAP on Cisco
Air 350, but,
unfortunately, the radius of the billing system can not EAP-PEAP.
Freeradius server
in proxy mode terminates the tunnel TLS, and requests the radius of
the billing system
goes on algorithm mschapv2.
Hi,
So this is the true question, what error in my configuration can cause this ?
I cannot read minds..and you havent supplied eg eap.conf (obfuscated as is
reasonable)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ok,
Here is my eap.conf.
eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = yes
cisco_accounting_username_bug = no
max_sessions = 4096
tls {
certdir = ${confdir}/certs
cadir =
tangfu wrote:
Hi,guys.Anybody know how to complie freeradius 2.19 under cygwin.I feel
the FreeRADIUS.net is out of date but lots of complie error make me
mad.any proposal will be appreciated.
Try posting the errors to the list.
Also, cygwin isn't really a supported platform. But if you
Jakob Hirsch wrote:
Since the update to 2.1.9 a new log file is _only_ opened on HUP. Is
this behaviour intended?
Yes. It's the way most daemons work.
Is the only possibility to reopen the log file now to send HUP to the
server? I don't feel very comfortable with this. The server reloads
On 06/18/2010 02:01 AM, Alan DeKok wrote:
Kyle Plimack wrote:
I have pap working (i.e. I ran radtest and got an access-accept).
I don’t want to configure certs on each of my hosts for each of my
clients, so I’d like to use PEAP/msChapV2 so that dot1x clients are
prompted for and
Bjørn Mork, 2010-06-17 18:28:
* re-open log file after HUP. Closes bug #63.
FWIW we have been HUPing the server from a daily, unattended process
with FR 2.1.8 since it was released (we need it to rotate log files
Ok. That's what we are doing now, too. After all, other daemons (apache,
Jakob Hirsch wrote:
I just wonder why there is such a change in a patch level update. And
what the above mentioned bug was about...
The bug was that it *wasn't* re-opening the log file on HUP. Since
this is expected behavior, it needed to be fixed.
Alan DeKok.
-
List
Doing an ldapsearch put me on the right track, I had created a user 'radiusd',
but that user did not have the rights to request the userPassword.
The error I am getting now is:
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap]
Kyle Plimack wrote:
I added an entry to ldap.attrmap, “checkItem Cleartext-Password
userPassword”
The Password is not cleartext, but I read somewhere that radius is
supposed to figure that out automatically from a header. This is what
is returned:
rlm_ldap: userPassword -
So how do I get pap to do it?
On 6/18/10 12:50 PM, Alan DeKok al...@deployingradius.com wrote:
Kyle Plimack wrote:
I added an entry to ldap.attrmap, checkItem Cleartext-Password
userPassword
The Password is not cleartext, but I read somewhere that radius is
supposed to figure that out
On 06/18/2010 02:11 PM, Kyle Plimack wrote:
Doing an ldapsearch put me on the right track, I had created a user
‘radiusd’, but that user did not have the rights to request the
userPassword.
The error I am getting now is:
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request
Kyle Plimack wrote:
So how do I get pap to do it?
To do what?
If you're asking why PAP works, go read the table. It's not hard.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
That has to go in the wiki somewhere. That's possibly the best explanation of
how FreeRADIUS processes requests I've ever heard... :)
-Arran
On Jun 18, 2010, at 1:50 PM, John Dennis wrote:
On 06/18/2010 04:03 PM, Kyle Plimack wrote:
So how do I get pap to do it?
If you're asking how to you
So I gave in and connected radius to my active directory (which we wish we
could get rid of).
I'm getting the following error now
Any thoughts on correcting this winbind error?
[mschapv2] +- entering group MS-CHAP {...}
[mschap] NT Domain delimeter found, should we have enabled
I have a bit of a puzzle:
I have a FreeRADIUS server that takes a TTLS request, handles the TLS outer
authentication locally, and then proxies the MSCHAPv2 inner authentication to
another server based on the realm specified in the user request.
When it receives the MSCHAPv2 access-accept
23 matches
Mail list logo