Alan DeKok wrote:
Alexander Serkin [EMAIL PROTECTED] wrote:
Can anybody explain me the scenario of rlm_sql_... module actions while DB is
inaccessible?
I mean what happens whith daemon when
1) it starts and encounters that its sql store is down.
Have you tried checking this yourself? It's
Hi,
Is there someone who can point me in the direction of achieving this?,
I have searched google to find some posts that it is possible.
the scheme for mySQL creates a table nas, its columns are quite
self-explaining. Then in sql.conf at the very end there is a section
# Set to 'yes' to
Hello all,
My server is running in PEAP mschapv2 and I've a problem when I want
to authenticate a user with a ldap database (all is ok without the
ldap). My version of freeradius is 1.0.2
apparently, the ldap can't find the User-Name attribute Could it
be because of mschapv2
I try to
Hi guys!
I know it's a bit OT, it would better fit in a ppp mailing list, but
I think this ml is worth a try! :-)
I have following problem:
I am using a Debian Woody VPN Server with PPTP and L2TP/IPSEC. Currently
I authenticate users via the ppp radius-plugin, it works fine.
But I have to
Hi,
I have set up hotspot with radius authentication (AP
connected to freeradius server) and everything works
fine with clients that connect with wlan cards (PCI od
PCMCIA).
Problem is when client connecting with AP in client
mode. How can such user be authenticated with
freeradius?
Thanks,
I have that problem...
Now I set MACAUTH feature in chillispot and auth my clients using MAC
but I dont know what about WPA sequrity in this feature... I just
haven't test it yet.
Dnia 12-04-2005, wto o godzinie 03:26 -0700, silvia troselj napisa(a):
Hi,
I have set up hotspot with radius
Hi,
I have some 3COM access points AP 7250.
In the accounting packets I get things like:
Tue Apr 12 13:11:59 2005
Acct-Status-Type = Alive
Acct-Session-Id = 000e356a0cfa-000e6ad5defe-0344
NAS-IP-Address = 192.168.36.3
Acct-Input-Octets = 32733
Thank you Jim! Interesting thread. Although it doesnt enterely solves my
problem, I think Im getting near.
-- Diego.
On Monday 11 April 2005 23:34, Jim Seymour wrote:
Diego M. Vadell [EMAIL PROTECTED] wrote:
Hi,
I've been fighting my ignorance for a week now. I'm trying to setup
Hi guys
I am trying to install freeradius
freeradius-0.9.0-2 , radiusclient-0.4.8
i checked everything like it explained in this HOW-TO
http://www.iptel.org/ser/doc/ser_radius/ser_radius.html
when i am trying to check my radius installation with :
radclient -f digest localhost auth secret
i
First you are clearly off topic for
the samba list this is clearly a radius config issue.
Second in order to use ldap.attrmap
you must have the file ldap.attrmap in /etc/raddb for Suse Linux
This information is available in the
radius ldap documentation.
example
#
# Mapping of RADIUS
Hi guys and girls!
I was wondering if RADIUS attributes show when I run the server in debug
mode. It spits out a lot of things, is the configured attributes there
between? In other words, does one see the attributes configured just by
looking at the output from the debugger?
Thanks all!
Peace
Hi,
I've been thinking about this and have another question: I noticed that in
the authorize sections there are a lot of SQL activity, but in the
authenticate section, none. That's where mschap should compare the password
from the network with the password in the SQL . Where can I tell
Hello all. I'm not sure what's up here, but 'check-radiusd-config' reports
that /etc/raddb/huntgroups is not readable. I looked at the permissions
(even tried changing them to 666), but that did not fix it. The file was
blank, but at least present, and with the right permissions. So then I
Hello,
Can someone tell me if the syntax of the dictionary file(s) is documented
somewhere in an RFC or not? (And if freeradius implements that RFC or not?)
I'm asking this because the 'ecnrypt=1' after User-Password in the dictionary
file is breaking the perl module Authen::Radius, I mailed
The format of the dictionary file is implementation specific (see the
query a few days ago regarding a dictionary supplied in SBR format, to
which I replied). Several implementers have chosen to use the same
format but it's not mandated in any RFC AFAIK.
Rgds,
Guy
-Original Message-
I have been using 802.1x with PEAP/Windows XP/AD for a while. We now have
some walkup stations in place that are giving me trouble. Since the
machine does not have cached credentials of the user logging in, it cannot
get past the login screen to start the EAP auth and activate the port on my
hi - is anyone aware of a hardware device which can do radius proxying,
chosing targets according to the username domains?
the advantages of a hardware device are:
1. fast reboot times
2. possibly faster packet processing
3. lower maintenance and support compared to a
Take a look at pGina.
josh.
--On Tuesday, April 12, 2005 09:14:31 -0500 [EMAIL PROTECTED] wrote:
I have been using 802.1x with PEAP/Windows XP/AD for a while. We now have
some walkup stations in place that are giving me trouble. Since the
machine does not have cached credentials of the user
Alexander Serkin [EMAIL PROTECTED] wrote:
Have you tried checking this yourself? It's not hard.
If i have, i wouldn't ask this. Sometimes the question has a reason to be
asked.
I do not have an available test environment right now.
I strongly recommend setting up a test system. It's
[EMAIL PROTECTED] wrote:
Hello all. I'm not sure what's up here, but 'check-radiusd-config'
... doesn't work in 1.0.2.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hello,
I was wondering about setting up radius for eap-tls with certificates
and the issue of using mysql for everything. Are there any gotchas with
regards to this? What would go in the users section of the database, if
anything? Has anyone done this? I have a fully functioning setup with
Bram [EMAIL PROTECTED] wrote:
I'm asking this because the 'ecnrypt=1' after User-Password in the dictionary
file is breaking the perl module Authen::Radius, I mailed the author of this
module (informing him about it) and he found the used syntax strange...
There are *much* stranger
clerc sylvain [EMAIL PROTECTED] wrote:
My server is running in PEAP mschapv2 and I've a problem when I want
to authenticate a user with a ldap database
No, you don't. LDAP is NOT an authentication server.
apparently, the ldap can't find the User-Name attribute Could it
be because of
Tomasz Wolniewicz [EMAIL PROTECTED] wrote:
I have some 3COM access points AP 7250.
In the accounting packets I get things like:
...
Vendor-Specific =
0x45415020557365726e616d652069733a203337303740636572747966696b6174792e756d6b2e706c
Vendor-Specific =
vicky [EMAIL PROTECTED] wrote:
I was wondering if RADIUS attributes show when I run the server in debug
mode. It spits out a lot of things, is the configured attributes there
between? In other words, does one see the attributes configured just by
looking at the output from the debugger?
Thank you for your response, but how do I make it stop trying to use
huntgroups? I figured commenting them out of the configuration file
would take care of it, but apparently not. Please advise.
Bryce Porter . Network Administrator
. . . . . . . . . . . . . . . . . . . . . . . . . .
Heart
Hi,
Is anyone using freeradius with Gentoo Linux?
Also, is anyone using freeradius-dialupadmin and mysql?
Sincerely,
Don James
Henderson, Texas USA
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Diego M. Vadell [EMAIL PROTECTED] wrote:
I've been thinking about this and have another question: I
noticed that in the authorize sections there are a lot of SQL
activity, but in the authenticate section, none.
SQL servers don't authenticate anyone.
That's where mschap should compare
kat [EMAIL PROTECTED] wrote:
I was wondering about setting up radius for eap-tls with certificates
and the issue of using mysql for everything. Are there any gotchas with
regards to this? What would go in the users section of the database, if
anything?
Whatever RADIUS attributes you want
Bryce Porter [EMAIL PROTECTED] wrote:
Thank you for your response, but how do I make it stop trying to use
huntgroups? I figured commenting them out of the configuration file
would take care of it, but apparently not. Please advise.
It's difficult to do in 1.0.2. I suggest just making the
Yes, there is an issue starting 'radiusd' as well, even though
/etc/raddb/huntgroups exists (empty, but readable by everyone), it
complains about not being able to read it.
Bryce Porter . Network Administrator
. . . . . . . . . . . . . . . . . . . . . . . . . .
Heart Technologies, Inc.
3105
I'm trying to, but it's being a PITA. If you get it to work, please let
me know how. I had to force it to use 1.0.2-r2, even though it was
masked, because 1.0.1 would not even compile.
Bryce Porter . Network Administrator
. . . . . . . . . . . . . . . . . . . . . . . . . .
Heart Technologies,
Bryce Porter [EMAIL PROTECTED] wrote:
Yes, there is an issue starting 'radiusd' as well, even though
/etc/raddb/huntgroups exists (empty, but readable by everyone), it
complains about not being able to read it.
Hmm... I think that's a bug in the module. Put some empty nonsense
into the
I've been using it on Gentoo since 0.9.3, using the ebuilds.
I have our accounting info stored in MySQL and use LDAP for auth.
What problems are you having?
-Matt
Bryce Porter wrote:
I'm trying to, but it's being a PITA. If you get it to work, please let
me know how. I had to force it to
I have it working as well. 802.1x, Gentoo to LDAP. Post any specific problems.
- joe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
clerc sylvain [EMAIL PROTECTED] wrote:
In reality, I must link my freeradius server with an Active Directory
and not a real ldap database and someone tells me that active
directory understand only PEAP ( I believe it was in this mailing list
but I don't remember exactly).
No. Active
Bram wrote:
I'm asking this because the 'ecnrypt=1' after User-Password in the
dictionary file is breaking the perl module Authen::Radius, I mailed
the author of this module (informing him about it) and he found the
used syntax strange...
Found on
Ok, added that to the file, permissions on the /etc/raddb/huntgroups
file are still 666, and I still get the same error: Permission denied
(rlm_preprocess: Error reading /etc/raddb/huntgroups).
Any more ideas?
Bryce Porter . Network Administrator
. . . . . . . . . . . . . . . . . . . . . . .
On Wed, Apr 06, 2005 at 03:30:34PM +0300, Pasi Kärkkäinen wrote:
Hi!
I've tried to get this working for a long time, trying almost every kind of
possible solution.. with no luck yet :(
Alan,
Could you please comment on this..
If I'm trying to do something that won't work, please tell
Found on http://search.cpan.org/~manowar/RadiusPerl-0.12/Radius.pm ...
load_dictionary ( [ DICTIONARY ] )
Loads the definitions in the specified Radius dictionary file (standard
Livingston radiusd format). Tries to load '/etc/raddb/dictionary' when no
argument is specified, or dies. NOTE:
Hi guys,
I would like to know how i can enable digest authentication in
freeradius. This what i understand i need in order to authenticate sip
clients.
inside radiusd.conf i have digest { } and i have unchecked the digest
value under authorize and under authenticate.
what i need to do in order
Hi, All,
I am setting up a freeradius server to do PEAP authentication with
MS-CHAPv2. My freeradius version is 1.0.1. The supplicant is a PC
running aegis client version 2.0.5.
The authenticator is a Cisco Switch with dot1x enabled.
When trying to authenticate the client, I always received the
Hi, All,
I am setting up a freeradius server to do PEAP authentication with
MS-CHAPv2. My freeradius version is 1.0.1. The supplicant is a PC
running aegis client version 2.0.5.
The authenticator is a Cisco Switch with dot1x enabled.
When trying to authenticate the client, I always received the
Bram [EMAIL PROTECTED] wrote:
This brings me back to my question: is there an agreement between different
radius-servers (or an rfc) on the syntax for dictionary files
No.
Many dictionary formats are *similar*, but not identical.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Alex [EMAIL PROTECTED] wrote:
I would like to know how i can enable digest authentication in
freeradius. This what i understand i need in order to authenticate sip
clients.
Just tell the server a sample username password, and digest
authentication should work.
Alan DeKok.
-
List
Maybe someone else would know, as this is a fresh install (less than a
week old) of Gentoo 2005.0 and Freeradius 1.0.2.
Bryce Porter . Network Administrator
. . . . . . . . . . . . . . . . . . . . . . . . . .
Heart Technologies, Inc.
3105 N. Main St.
E. Peoria, IL 61611
p. 309.427.7282
f.
Pasi =?iso-8859-1?Q?K=E4rkk=E4inen?= [EMAIL PROTECTED] wrote:
If I'm trying to do something that won't work, please tell me.. :)
I have no idea why you're using attr_rewrite to search for nothing,
and add Pool-Name.
Why not just add the Pool-Name attribute in the authorize section?
Alan
I am trying to limit each entry in chap-secrets to one simultaneous
connection per user/pass. In other words, no more than one person can
be using the same user/pass in any given time.
Some information...
[EMAIL PROTECTED] root]# pptpd --version
Poptop v1.2.1
[EMAIL PROTECTED] root]# radiusd -v
Helo Radiususers,
I have just setup a radius server with a LDAP backend for user auth for our
WLAN.
It auths pretty good with certs for client/server.
I was wondering, to let Radius to check if cert has not expired. So I do next
copy server.public.pem to /etc/ssl
copy server.privatekey.pem
ob Mancker [EMAIL PROTECTED] wrote:
I am pretty sure it requires freeradius, I read somewhere. As far as
the config options in what files I'm still pretty confused... can
someone help?
doc/Simultaneous-Use
Alan DeKok.
-
List info/subscribe/unsubscribe? See
50 matches
Mail list logo