Hi,
I want to setup EAP-TTLS/PEAP for my wlan. I can find lots of howtos for
setting up EAP-TLS with freeradius. But is there any howto for EAP-TTLS
or PEAP?
--
Regards
Christoph
Christoph Litauer [EMAIL
Does this mean I don't have to edit the config files for winbindd and nmbd?
The freeradius server is not on the same subnet as the domain controller
(NT4), and neither are my clients, and the clients locate the domain
controller via WINS.
Don't I need to configure the freeradius server with WINS
Hi Freeradius Users,
I want digest auths to be validiated against an LDAP Database and I get
the error:
rlm_ldap: - authenticate
rlm_ldap: Attribute User-Password is required for authentication.
modcall[authenticate]: module ldap returns invalid for request 2
modcall: group Auth-Type returns
hi all,
i would know if is it possible using cisco ap350 to
authenticate a user by radius using a login and password
i've try to use mac authentication and i haven't
any problem, but i have trouble to use a simple authentication with login and
passwd.
anyone can help me?
regards,
gio
Hello,
RouterOS will have such a feature that you can kick user from radius
server off while he is online.
Edgars
Nurul Faizal Bin M.Shukeri wrote:
Hi again,
How am I going to kill online users other than radkill, may be
ucd-snmp. Anyone can help me..
**Nurul Faizal Bin M.Shukeri**
Pusat
Hi all,
I have a problem using Exec-Program. I've put the line
in radreply table
(4,'test1','Exec-Program',':=','/path/script') but the
script was not executed.
Can anybody tell me why?
script :
#!/bin/bash
ps aux | grep radiusd result
When I executed the script from the shell(Linux) it
works
On Sun, Oct 03, 2004 at 02:22:17AM -0700, Ivo Petrov wrote:
Hi all,
I'm trying to shape ppp+ interfaces after successful
authentication using Exec-Program. radiusd runs as
root,
in mysql radreply table the last row for the user
contains: Exec-Program = '/etc/ppp/shd %f'. Freeradius
Title: [EMAIL PROTECTED]
Hi
10x for your help..
I just wondering about the vendor dictionaries you told about i will be glad if you can be more specific .
10x again
Elad
Hello,
see what's written in logs. Try Exec-Program-Wait instead.
Edgars
Ivo Petrov wrote:
Hi all,
I have a problem using Exec-Program. I've put the line
in radreply table
(4,'test1','Exec-Program',':=','/path/script') but the
script was not executed.
Can anybody tell me why?
script :
#!/bin/bash
On Mon, Oct 04, 2004 at 02:20:49AM -0700, Ivo Petrov wrote:
I have a problem using Exec-Program. I've put the line
in radreply table
(4,'test1','Exec-Program',':=','/path/script') but the
script was not executed.
Can anybody tell me why?
script :
#!/bin/bash
ps aux | grep radiusd result
Kostas Kalevras wrote:
On Mon, 13 Sep 2004, Evert Meulie wrote:
Hi everyone!
When I go into dialup_admin and then click on RADIUS clients, no clients
are showing, even though I know that one/more clients are active.
How do I fix this...?
Enable sql_debug. Also do you have clients configured in
On Mon, 4 Oct 2004, Evert Meulie wrote:
Kostas Kalevras wrote:
On Mon, 13 Sep 2004, Evert Meulie wrote:
Hi everyone!
When I go into dialup_admin and then click on RADIUS clients, no clients
are showing, even though I know that one/more clients are active.
How do I fix this...?
Title: Define Vendor-Specific Attribute in MYSql freeradius with vendor dictionaries how?
Hi
Alan DeKok 10x for the help
I just wondering about the vendor dictionaries you told about i will be glad if you can be more specific .
10x again
Elad
On Mon, 4 Oct 2004, Jankowski, Jan wrote:
Hi Freeradius Users,
I want digest auths to be validiated against an LDAP Database and I get
the error:
rlm_ldap: - authenticate
rlm_ldap: Attribute User-Password is required for authentication.
modcall[authenticate]: module ldap returns invalid
On Sun, 3 Oct 2004, EROS wrote:
I'm still trying to make the radgroupreply work but it doesn't want
Is somebody has it working (which freeradius version...) and how do I do
to succeed ?
thx
modcall: entering group redundant for request 0
radius_xlat: 'test001'
rlm_sql (sql1):
Kostas Kalevras wrote:
On Mon, 4 Oct 2004, Evert Meulie wrote:
Kostas Kalevras wrote:
On Mon, 13 Sep 2004, Evert Meulie wrote:
Hi everyone!
When I go into dialup_admin and then click on RADIUS clients, no clients
are showing, even though I know that one/more clients are active.
How do I fix
Hi, thanks for the answer.
Which config.h file?
The find command show me 13 config.h files:
bash-3.00# find . -name config.h -print
./libltdl/config.h
./src/modules/rlm_attr_rewrite/config.h
./src/modules/rlm_checkval/config.h
./src/modules/rlm_counter/config.h
Sorry, i didn't post the answer in the last reply.
Hi, thanks for the answer.
Which config.h file?
The find command show me 13 config.h files:
bash-3.00# find . -name config.h -print
./libltdl/config.h
./src/modules/rlm_attr_rewrite/config.h
We are using freeradius 1.0.1 for eap/tls authentication with no
problems so far.
One of our customers has has a pki infrastructure, where some employees
have the same name and therefore the same CN in their certificate.
To distinguish between them, we would like to use the certificate's
Mahesh S Kudva [EMAIL PROTECTED] wrote:
I did the same:
username Auth-Type:= CHAP, CHAP-Password == test
Service-Type = Framed-User,
Framed-Protocol = PPP
But still the server rejects the user.
sigh
Configure a CLEAR-TEXT password
Christoph Litauer [EMAIL PROTECTED] wrote:
I want to setup EAP-TTLS/PEAP for my wlan. I can find lots of howtos for
setting up EAP-TLS with freeradius. But is there any howto for EAP-TTLS
or PEAP?
Nope. Configure EAP-TLS, and then the ttls{} and peap{} subsections
of the eap{}
=?iso-8859-1?Q?=D8ystein_G=E5sdal?= [EMAIL PROTECTED] wrote:
Does this mean I don't have to edit the config files for winbindd and
nmbd?
I have no idea.
The freeradius server is not on the same subnet as the domain
controller (NT4), and neither are my clients, and the clients locate
the
Jankowski, Jan [EMAIL PROTECTED] wrote:
Is there a problem of translating the digest password into an LDAP
password or something like that?
I really don't understand what's going on :(
The default configuration for the digest module in the server is
commented out, but correct. Uncomment it,
Giovanni Torrisi [EMAIL PROTECTED] wrote:
i would know if is it possible using cisco ap350 to authenticate a user =
by radius using a login and password
Using EAP, yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
M.Cerqui - PUBLISHERIA [EMAIL PROTECTED] wrote:
1. How do I have to configure the Windows XP Client? I
found out, that the only setup that tries to authenticate before the
users logs in is PEAP with Authenticate as computer when information is
available. Is that correct?
Elad Kugman [EMAIL PROTECTED] wrote:
I just wondering about the vendor dictionaries you told about i will be glad
if you can be more specific .
About what? You haven't said what you want to do.
Read your NAS documentation to see what vendor attributes it
expects. Read through the vendor
On Mon, 4 Oct 2004, Norbert Wegener wrote:
We are using freeradius 1.0.1 for eap/tls authentication with no
problems so far.
One of our customers has has a pki infrastructure, where some employees
have the same name and therefore the same CN in their certificate.
To distinguish between
"
That will happen automatically when you use PEAP.
..."
Are you sure with this? The catalyst and Freeradius don't even move a bit before a successful windows login if I only use this "use user information from windows login" option. Only when I activate "Authenticate as computer when
Hi everybody,
I just followed the howto http://dslrcs.clanspace.com/forum/remark,9286052
+ the EAPTLS howto, using the some hw as the document:
AP ZyAIR B1000v2,
PCMCIA XP ZyAIR G-100,
I dont see any log between the AP and Freeradius...
The certified were installed on XP like a charm but still I
Philip Ershler [EMAIL PROTECTED] wrote:
OK, so here is where I'm confused.Andreas Wolf put together a binary
distribution of freeradius with a module for osxauth.
Ah, OK.
He made the statement that if one sets auth_type to system, the server
would figure out which module to call.
Hello,
i'm finding in logs such errors. But i know that there is 40MB free
memory on the radius server, so how it could be explained?
Mon Oct 4 17:02:58 2004 : Error: No memory
Mon Oct 4 17:02:58 2004 : Auth: Login OK: [edgars/no User-Password
attribute] (from client Test port 46 cli 1.1.1.2)
Isn't it a seccurity problem clear tex password to permit CHAP?
Le lundi 4 Octobre 2004 09:18, Alan DeKok a écrit :
Mahesh S Kudva [EMAIL PROTECTED] wrote:
I did the same:
username Auth-Type:= CHAP, CHAP-Password == test
Service-Type = Framed-User,
M.Cerqui - PUBLISHERIA [EMAIL PROTECTED] wrote:
Are you sure with this?
If cofnigured correctly, yes.
The catalyst and Freeradius don't even move a bit before a
successful windows login if I only use this use user information
from windows login option.
So you've configured the AP
Luis Daniel Lucio Quiroz schrieb:
Isn't it a seccurity problem clear tex password to permit
CHAP?
Depending on your configuration, it may be one.
Essentially, there are two possible points of attack:
- the network: Try to intercept the password during
transfer.
- the configuration files: Try
Hernan Cortez schrieb:
Hi, thanks for the answer.
Which config.h file?
The find command show me 13 config.h files:
Sorry, I should have mentioned I was working from
memory, without access to the sources at that moment
- and of course I got the name wrong:
The file I modified is
I rather preffer pap, you just only put on risk one account not everibody
Le lundi 4 Octobre 2004 10:59, [EMAIL PROTECTED] a écrit :
Luis Daniel Lucio Quiroz schrieb:
Isn't it a seccurity problem clear tex password to permit
CHAP?
Depending on your configuration, it may be one.
I been trying to find how to disconnect an actual logged user,
radclient has a disconnect option, I wonder if anyone on the list
has managed to work it out with it.
The nas is a Cisco AS5300
Thanks
Armando Leal.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sorry for my bad english... the problem is, that I can't post any debug
information because there isn't any. I start freeradius -X and turn debug
radius on my catalyst on, but with the following windows xp configuration
nothing occurs on the server and switch until I have logged in and the
desktop
[EMAIL PROTECTED] wrote:
I been trying to find how to disconnect an actual logged user,
radclient has a disconnect option, I wonder if anyone on the list
has managed to work it out with it.
The nas is a Cisco AS5300
Check the NAS documentation to see if it accepts disconnect packets,
and
M.Cerqui - PUBLISHERIA [EMAIL PROTECTED] wrote:
Sorry for my bad english... the problem is, that I can't post any debug
information because there isn't any. I start freeradius -X and turn debug
radius on my catalyst on, but with the following windows xp configuration
nothing occurs on the
Christopher Price [EMAIL PROTECTED] wrote:
I am running freeradius 1.0.0 and I am attempting to configure an LDAP
backend DB to authenticate Windows users. The Windows users are using
PEAP with MSCHAPv2. Earlier I got the LDAP authentication working with
clear passwords, but now that the
No wireless, wired environment! Authentication is required because the port
goes into unauthenticated state and I haven't got any network access.
[EMAIL PROTECTED] said...
-Original Message-
From: Alan
My Mysql database is about 50 megs right now.. because of the accounting
table.
How large does most people let it get before rolling it?
I Guess other people will just roll it on a Time/Date basis in cron..
But what if I want to keep it for a year so I can pull stats out of it?
Can it get to a
Well, I had the LDAP auth working when I passed a cleartext password, so I assumed that they were stored in the clear. (I am not the administrator of the eDirectory server that I am authenticating against) I attempted to use the Microsoft built-in 802.1x client in conjunction
Christopher Price [EMAIL PROTECTED] wrote:
Well, I had the LDAP auth working when I passed a cleartext password, so
I assumed that they were stored in the clear.
No. Read the debug log to see what kind of passwords are read from LDAP.
I attempted to use the Microsoft built-in 802.1x client
cris boisvert escreveu:
My Mysql database is about 50 megs right now.. because of the accounting
table.
How large does most people let it get before rolling it?
My radacct table is over 500 MB / 1.3 million records right now. For
now I'm just letting it grow. Make sure you have plenty of
I got 4 gigs of ram.. I hope its enough..
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Keith
Yoder
Sent: Monday, October 04, 2004 3:52 PM
To: [EMAIL PROTECTED]
Subject: Re: MYSQL Accounting Table Size?
cris boisvert escreveu:
My Mysql database is
cris boisvert escreveu:
I got 4 gigs of ram.. I hope its enough..
I've only got 1 so you should be fine.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Mon, 4 Oct 2004, cris boisvert wrote:
My Mysql database is about 50 megs right now.. because of the accounting
table.
How large does most people let it get before rolling it?
I Guess other people will just roll it on a Time/Date basis in cron..
But what if I want to keep it for a year
Hi,
Thx for you help
I've commented out the sql { } lines, causes it doesn't want to work
with it.
I've this line in my radiusd.conf
sql sql1 {
$INCLUDE ${confdir}/sql_local.conf
}
If I don't comment the sql { } line in sql_local.conf the debug tells me
that it doesn't know
On 4 Oct 2004 at 15:05, Alan DeKok wrote:
am trying something like
./radclient -s 192.168.1.1 disconnect secret User-Name=username
and on NAS:
aaa pod server server-key secret
but radclient, hangs, and I done on NAS a debug aaa pod but no request is being
sent
have you manage it to work?
51 matches
Mail list logo
