Hello,
do I need for EAP Authentifikation certificates?
Pretty generic question. If I were to answer it in the same generic way then
the answer would simply be maybe.
The verbose answer is: the name EAP stands for Extensible Authentication
Protocol. It is a framework that allows you mostly
Hello
We want to deny/accept a user access to resources based on payment. If he has
payed for access to one resource he should be able to log into this resource
(NAS), and others resources (NAS) he shouldnt be able to log into. An user
shall be able to pay for several resources at the same
Hello!
I've a little problem with ntlm_auth:
To boot the daemon winbindd, I MUST do this :
chmod 750 /var/run/samba/winbindd_privileged
But if I do this, when I try to authenticate an user by Freeradius, I
have in the log :
Exec-Program-Wait: plaintext:winbind client not authorized to use
On Fri, Apr 15, 2005 at 08:15:14PM -0400, Alex Vishnev wrote:
Date: Fri, 15 Apr 2005 20:15:14 -0400
From: Alex Vishnev [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Subject: CISCO-AVPairs
Forgive me if this has been addressed before. I searched the archive and
only found
Hello!!!
We have installed the server radius (freeradius) but
we have a problem. We want to see the users that are conecting at the moment
but we cant. The daemon radwho run
ok but how the file radutmp not update we cant see the users are
conecting.
Help please.
If you dont
Hallo,
freeradius 1.0.2
I'm using MPD VPN.
Freeradius with mysql.
when conecting from vpn client i have this output
[pptp1] RADIUS: using /usr/local/etc/raddb/radiusd.conf
[pptp1] RADIUS: rad_config: /usr/local/etc/raddb/radiusd.conf:23: invalid
timeout
i try to change every timeout
Hello,
I'm tying to make an authentication using freeradius-1.0.1-1 on Fedora
Core 3, Cisco Catalyst 2950 as authenticator and WinXP (SP2) as a client.
I didn't manage to make it work and I found a document describing that I
should make a TLS authentication first, then go to MS-CHAP v2, but it
On Monday 25 April 2005 08:57, [EMAIL PROTECTED] wrote:
Hallo,
freeradius 1.0.2
I'm using MPD VPN.
Freeradius with mysql.
when conecting from vpn client i have this output
[pptp1] RADIUS: using /usr/local/etc/raddb/radiusd.conf
[pptp1] RADIUS: rad_config:
Witaj Zoltan,
W Twoim licie datowanym 25 kwietnia 2005 (15:19:13) mo¿na przeczytaæ:
ZO On Monday 25 April 2005 08:57, [EMAIL PROTECTED] wrote:
Hallo,
freeradius 1.0.2
I'm using MPD VPN.
Freeradius with mysql.
when conecting from vpn client i have this output
[pptp1] RADIUS: using
Hi,
I sucessufully install freeradius, dialup-admin, mySQL and openssl to
work with my linksys Access Point.
But work only using file users.
What is the minimum INSERTs to setup a working user into mySQL DB?
(like the row:
testuser User-Password == Secret149
in the users file)
II°
i want to use openldap with freeradius eap-tls what do i,
__
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails !
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/
I have been trying to troubleshoot a RADIUS issue with my upstream provider.
We've recently started seeing places in our accounting logs where we are
receiving 5 start and 5 stop packets for each caller.
They have told us... ... This proves, at least now, we are not receiving
multiple
On Monday 25 April 2005 09:29, [EMAIL PROTECTED] wrote:
[pptp1] RADIUS: using /usr/local/etc/raddb/radiusd.conf
[pptp1] RADIUS: rad_config: /usr/local/etc/raddb/radiusd.conf:23:invalid
Ok, I didn't know what I was talking about.. Is this the output when you start
radius or debug output
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
radius_xlat: '/var/log/radius/radacct/
XXX.XXX.XXX.130/auth-detail-20050425'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct
Hi, Thank you for information.
Actually I read the manual and tried as it writes. The problem is I
don't know how to use SNMP_Session and BER, where should I put
SNMP_Session.pm and BER.pm? Second, do I need to change the
checkrad.pl, and how? I am using peap in authentication of radius.
Sorry for
Chris Carver [EMAIL PROTECTED] wrote:
I believe so. Here is what is a custom dictionary file thats included
in /etc/raddb/dictionary:
Ok...
I still see the same behavior as before. The users file completely
ignores the existance of a redirectPort80 in the access-request, but it
can
Sylvain Clerc [EMAIL PROTECTED] wrote:
And if I test : chmod 75[1--7] /var/run/samba/winbindd_privileged,
the daemon winbind doesn't boot so I can't use the ntlm_auth command
if winbind doesn't work.
Has someone already got the same problem and known how do to erase it?
Run radiusd as
Hi guys,
I still have this hair pulling prroblem:
gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5
-I/usr/local/ssl/include -Wall -D_GNU_SOURCE -DNDEBUG -I../../include
-I./libeap -o .libs/radeapclient radeapclient.o
On Mon, 25 Apr 2005, Mike Cisar wrote:
I have been trying to troubleshoot a RADIUS issue with my upstream provider.
We've recently started seeing places in our accounting logs where we are
receiving 5 start and 5 stop packets for each caller.
They have told us... ... This proves, at least
Hi,
I have a lucent portmaster and I which internal IP
is NATed with a public address but the NAS-IP-address field in radius accounting
packetcontents the internal IP and not the NATed public IP
address.
How could I change this?
how could change the ip in packets sent to the
authentication
Witaj Zoltan,
W Twoim licie datowanym 25 kwietnia 2005 (17:58:42) mo¿na przeczytaæ:
On Monday 25 April 2005 09:29, [EMAIL PROTECTED] wrote:
[pptp1] RADIUS: using /usr/local/etc/raddb/radiusd.conf
[pptp1] RADIUS: rad_config:
/usr/local/etc/raddb/radiusd.conf:23:invalid
Ok, I didn't
[EMAIL PROTECTED] wrote:
This is output from pptpd deamon (mpd)
You have configured pptpd to read radiusd.conf? Why?
Don't do that. Ever. It won't work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Moktar KONE [EMAIL PROTECTED] wrote:
I have a lucent portmaster and I which internal IP is NATed with a
public address but the NAS-IP-address field in radius accounting packet
contents the internal IP and not the NATed public IP address.
How could I change this?
attr_rewrite, probably
[EMAIL PROTECTED] wrote:
OKI, tommorow I try to disable this line in mpd.conf
But this is from mpd manual.
No, it's not.
The mpd.conf manual says to use radius.conf, which is something
very, very, different.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Just thought I would run an idea by the insightful list members.
This seems to work but I was looking for ideas or improvements
Huntgroups:
Huntgroup1 NAS-IP-Address == 192.168.1.1,
Group = vpn,
Group = internet-access
Users:
DEFAULT Huntgroup-Name ==
I thought there where plans to be able to store NAS information in an ldap
database can anyone give me a heads up on this.
(1) is it really planned?
(2) is there any info on how it is planned to implement it. I would like to try
to plan for it now if at all possible
Regards
alan
--
No
I'm triing to use radzap but it seems that i'm doing something wrong.
radwho -r
Login Name What TTY WhenFromLocation
testadsl,testadsl,PPP, S-1875771310, Thu 15:33, 192.168.240.2 ,
192.168.241.23
radzap 192.168.241.23 S-1875771310 testadsl
If I
Hi,
Does anybody know how to force a user to usea proxy server maybe using an
AVPair ?
E.g. we force all of our dial customers to use 192.168.1.45:3128 for http
traffic ?
Thanks for your help
Adam Binks
Adam Binks
Chief Technology Officer
t. 0871 220 2233
f. 0871 575 0165
m. 07799 850 850
mlgjd mlgjd [EMAIL PROTECTED] wrote:
I'm triing to use radzap but it seems that i'm doing something wrong.
radzap doesn't work in 1.0.2. There will be a fix in 1.0.3, which I
guess we should release sometime soon...
Alan Dekok.
-
List info/subscribe/unsubscribe? See
Adam Binks [EMAIL PROTECTED] wrote:
E.g. we force all of our dial customers to use 192.168.1.45:3128 for http
traffic ?
That's an issue for the NAS. Read the NAS documentation to see:
1) If it supports this behavior
2) what radius attribute is used to configure this behavior
Alan
Thanks... However, I am using a shared NAS and therefore have no control
over it hence why I need to do this via radius
Can you help further ?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: 25 April 2005 21:29
To:
Adam Binks [EMAIL PROTECTED] wrote:
Thanks... However, I am using a shared NAS and therefore have no control
over it hence why I need to do this via radius
Huh?
Can you help further ?
...
Read the NAS documentation to see:
...
2) what radius attribute is used to configure this
I had this working, I don't know why but for some reason it doesn't anymore.
Any user in LDAP receives an Access-Accept. Here's my entire radiusd.conf and
the output of a user that is not in the VPN group receiving an Access-Accept
using radtest. Is there something wrong with my configuration?
Ok, the NAS that we use is from a major UK telco !
We dont have any control over it and can not make changes to it The
telco sends radius packets to our radius servers were we then hand out an IP
address and DNS servers
I also want to use our Radius server to send back a proxy server
On Monday 25 of April 2005 22:27, Alan DeKok wrote:
mlgjd mlgjd [EMAIL PROTECTED] wrote:
I'm triing to use radzap but it seems that i'm doing something wrong.
radzap doesn't work in 1.0.2. There will be a fix in 1.0.3, which I
guess we should release sometime soon...
Alan Dekok.
-
Adam Binks [EMAIL PROTECTED] wrote:
I also want to use our Radius server to send back a proxy server address
forcing all HTTP traffic through the proxy server.
I hope this is clearer
It was perfectly clear from your first message. This isn't an
unusual request.
What is NOT clear,
Micko [EMAIL PROTECTED] wrote:
I have the same problem with 1.0.1. Is it possible that in version 1.0.1
radzap doesn't work too?
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ok please accept my apologies
There are two environments here
1. Cisco AS5300
2. Cisco 7204xvr terminating a BT adsl pipe
Adam
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: 25 April 2005 21:50
To:
With every vendor making up there own Attributes and Values
it has me wondering how whether any one has a simple solution
to putting all the similar Attributes into the acctterminatecause
field. I have been thinking that I would use :
Thanks for help, Alan. I think I have the problem resolved. Just for
fun when I used radclient I specified the dictionary location with -d
and it worked! Maybe radclient was thinking the custom dictionary file
was somewhere else? I'm not sure, but it seems to work now and thats
the only
A good resource is www.austux.net/resources/network/eaptls.html
Also, make sure you are using windows zero configuration on the
WinXP client.
Jon
[EMAIL PROTECTED] wrote:
Hello,
I'm tying to make an authentication using freeradius-1.0.1-1 on Fedora
Core 3, Cisco Catalyst 2950 as authenticator and
41 matches
Mail list logo
