Thx for help dear
Michael Lecuyer [EMAIL PROTECTED] wrote: You can send a Disconnect-Message
from the RADIUS server to the client
to disconnect them if the NAS supports DM/COA. The DM will cause the NAS
to drop the connection effectively disconnecting them from any services
they were using.
Evan Vittitow wrote:
Alright, I'm going to step back and talk conceptually. The issue is that
the laptops use a combination of LDAP and Kerberos to authenticate to
the Domain Controllers.
If that's what you've designed your system to do, then it's seems to
be a problem you created for
Guido wrote:
Hello list, Im using freeradius-1.1.2 whit ms-sql. I'm having serius
problems with return-codes on reject messages. All was working fine with
previus version of freeradius. I was reading something about that is not
allowed return-codes on reject, but I think it is wrong because
Hello,
I want to use two ippools. That's no problem of course. But which IP pool
to assign I can decide only in Exec-Program-Wait script. Now I have the
following lines in users file:
DEFAULT Auth-Type := Accept
Exec-Program-Wait = /etc/raddb/authclient
authclient script checks text
Thanks!
The file mysql.sock is actually in /tmp/.
regards
Guoxian
2007/1/29, Ranner, Frank MR [EMAIL PROTECTED]:
Use the socket method. If you don't know where the socket file is try:
find / -name mysql.sock
It will probably be in /tmp if it isn't in /var/lib/mysql
regards
Frank Ranner
Hi
I delete the entry Auth := Ldap in users file. As pointed about in
freeradius wiki FreeRadius, OpenLDAP, Windows XP, and
802.1xhttp://www.mycohq.com/2006/02/freeradius-openldap-windows-xp-and.htmlhow
to, I set ldap in the authentication authorization part
of radius.conf. My ldap search
On Wed 31 Jan 2007 13:48, satish patel wrote:
Dear ALL
I have useing freeradius with microsoft mssql now my
question is how do i disconnect user from freeradius means example:- user
xyz is online and i want to disconnect user from radius so what is the
option for this task ??
John Wan wrote:
I have setup the chillispot+freeRadius+Win2k3AD for my wireless
network. Everything is working but the AD authentication. Apparently the
reason not working is because AD does not like the CHAP authentication
and AD likes MS-CHAP. I do not know how to configure and where to
Hello,
Here is two lines of the radius.log.
Everything in tables looks like okay. Where must I search, I don't
understand the first line below. So, why is the second line good ?
What does mean cli at the end of the second line ?
Wed Jan 31 15:45:05 2007 : Info: rlm_sql (sql): No matching entry
Jean Frontin wrote:
Hello,
Here is two lines of the radius.log.
Everything in tables looks like okay. Where must I search, I don't
understand the first line below. So, why is the second line good ?
Perhaps your username is in users file and is not in database?
What does mean cli at the
Folks,
sorry for bringing this up again.
I am running FreeRADIUS 1.1.4 and OpenLDAP 2.3.32 on two Solaris10/x86
hosts.
Non-redundant config works fine with FreeRADIUS and OpenLDAP on a single
host.
modules {
ldap {
}
}
authorize {
...
ldap
}
authenticate {
...
Can the freeradius be used to work as a proxy between a PEAP_MSChapv2
request and a central LDAP server ?
I read a lot in the mailing forum, but its not clear.
regards,
Thomas
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi!
I have a smart card emluator which suports AES, not MD5 encryption
algorithm. Is it possible to enable Freeradius to support my smart card
emlulator?
I have an idea as follow:
First,amending client agent (NAS) daemon program to make it send
chap-password which is produced with AES,
Thomas Sterber (tsterber) wrote:
Can the freeradius be used to work as a proxy between a PEAP_MSChapv2
request and a central LDAP server ?
The question uses confused terminology, which makes it difficult to
answer properly.
I read a lot in the mailing forum, but its not clear.
Have you
yao guoxian wrote:
Hi!
I have a smart card emluator which suports AES, not MD5 encryption
algorithm. Is it possible to enable Freeradius to support my smart card
emlulator?
Edit the code.
I have an idea as follow:
First,amending client agent (NAS) daemon program to make it
Alexei Monastyrnyi wrote:
When I use a redundant config as per instruction in docs, I have the
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user in debugs and user is rejected. Please see
config and debug output below. I guess I am mussing some
Thanks Alan.
But I do define it when switching from singe server to redundant group, don't I?
Auth-Type LDAP {
ldap
}
to
Auth-Type LDAP {
redundant {
ds-02
ds-01
}
}
Isn't
Alexei Monastyrnyi wrote:
But I do define it when switching from singe server to redundant group, don't
I?
Yes.
Isn't that enough?
What did my previous response say?
You can argue with me, or you can try what I suggested, and verify for
yourself that it works.
As a hint: when the
no arguing here, just clearing up things... :-) stay cool
this works as expected, though it is not that obvious that Auth-Type
name refers to module name, and not just names the method... Or I might
have missed that from the documentation. Anyway, fail-over section
does not reflect this IMO.
Alexei Monastyrnyi wrote:
this works as expected, though it is not that obvious that Auth-Type
name refers to module name, and not just names the method...
It defines the method, but doesn't make the module set Auth-Type to
that method.
Or I might
have missed that from the documentation.
the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module preprocess returns ok for request 6
radius_xlat:
'/home/radmgr/freeradius/var/log/radius/radacct/158.109.1.15/auth-detail-20070201'
rlm_detail:
/home/radmgr/freeradius/var/log
I was thinking I could do something like this with a regular expression:
User-Name =~ tr/-//d
but I'm not sure where to do it and if it will work. I'm using a
mysql back end so I was thinking in the sql.conf file.
Has anyone done something like this before?
Thanks,
Andy
On Jan 31, 2007, at
I am doing this using the attr_rewrite module in radiusd.conf, i
have the following section:
modules {
attr_rewrite macaddress_rewrite {
attribute = User-Name
searchin = packet
searchfor = -
replacewith =
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello All!
FR Version: 1.1.3
OS Version: Fedora Core 5
cmd line for radrelay = /usr/bin/radrelay -n rad1_server -a
/var/log/radacct -d /etc/raddb detail.relay
We've recently switched to FreeRadius from Cistron, and we didn't have
this problem with Cistron. So, I'm hoping someone can help.
We
I have setup freeradius 1.1.4 to log Cisco VOIP records into Postgres as
described in src/billing. I am getting records just fine, but I am getting
16 entries logged into the database (radacct table) per phone call.
Is this normal? If so, how do I figure out what the final one (or pair if I
On Thu, 1 Feb 2007, Stephen Baker wrote:
Can you be a bit more specific? =)
--
Jeremy L. Gaddis, MCP, GCWN [EMAIL PROTECTED]
LinuxWiz Consulting http://linuxwiz.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Good afternon,
I have just migrated a freeradius from a Red Hat Linux release 7.3 to
a FreeBSD 6.1 and when executing: '#/usr/local/etc/rc.d/radiusd start'
i get the folowing:
Starting radiusd.
Thu Feb 1 15:32:27 2007 : Info: Starting - reading configuration files ...
tailf -f
In such an emergency where you don't have to ability to be more specific the
typical procedure is to call 911, 123, 000 or whatever your country uses for
its emergency telephone code... At least they have the ability to tell where
you are calling from :-)
--
Peter Nixon
-Original Message-
When I try a Mac (PowerMac 10.4.8, but have tried also on 10.3.x), it
seems to not work. The Mac throws an error 802.1x Authentication has
failed.
After more testing, and staring at the debug's, it seems this is where
the break-down is, the MAC isn't answering
Thanks that did the trick for User-Name and User-Password after I put
what I renamed the name macaddress_rewrite to in the authorization
section.
Andy Zirkel
On Feb 1, 2007, at 12:53 PM, Markus Krause wrote:
I am doing this using the attr_rewrite module in radiusd.conf, i
have the
Hi,
I have just migrated a freeradius from a Red Hat Linux release 7.3 to
a FreeBSD 6.1 and when executing: '#/usr/local/etc/rc.d/radiusd start'
ah. that first sentence is what concerns me. FreeBSD handles its
passwords etc different to RedHat. a quick google brings up several
instant results
On Thu 01 Feb 2007 20:52, Chris Halverson wrote:
I have setup freeradius 1.1.4 to log Cisco VOIP records into Postgres as
described in src/billing. I am getting records just fine, but I am getting
16 entries logged into the database (radacct table) per phone call.
Is this normal? If so, how
Hi,
I am starting the freeradius with my mysql server and I noticed this
erro: rlm_sql_mysql: Mysql error 'Host 'mysql1.wireless.intranet' is
not allowed to connect to this MySQL server'
But I already give the privileges to my user radius and add the server
mysql1.wireless.intranet to my list of
Hi,
I am starting the freeradius with my mysql server and I noticed this
erro: rlm_sql_mysql: Mysql error 'Host 'mysql1.wireless.intranet' is
not allowed to connect to this MySQL server'
But I already give the privileges to my user radius and add the server
mysql1.wireless.intranet to my list of
Yes, it looks like your Mac may not like the MSCHAPv2 response for
some reason. On your Mac (as root), create the directory /var/log/
eapolclient, then retry your authentication. The EAP client is OS X
should write out debugging information for the EAP session into that
directory and
Well, im new to freeradius and i got the task of migrating it from
red-hat to freeBSD, so nothing is trivial for me, i'd appreciate i bit
more info for repairing (or at least give it a try) things myself.
Thanks in advance.
ELLV
On 2/1/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi,
I
Let me re-phrase, as I think I'm not quite making sense.
openssl req -new -keyout kurama.pem -out kurama.pem -days 730
openssl x509 -in kurama.pem -out kurama.crt
openssl req -new -keyout altanis.pem -out altanis.pem -days 730
openssl x509 -in altanis.pem -out altanis.crt
openssl req -new
Ramon Barquier wrote:
We are trying to set up an environment with 802.1x + Freeradius for our
Wireless net. Our goal is to authenticate Windows XP clients using EAP.
Then... configure EAP.
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: Ignoring NAK with request for unknown EAP
King, Michael wrote:
After more testing, and staring at the debug's, it seems this is where
the break-down is, the MAC isn't answering the tunneled-Access
Challenge.
Version 1.1.4 (and the CVS head) have a patch applied that makes it do
MS-CHAP more correctly. This may be the issue, if the
Hi, all
In FreeRADIUS, EAP-AKA has not been supported yet, though a
EAP-AKA patch for version 1.1.2 can be found in the former lists.
EAP-AKA is more and more popular, so I want to know:
(1). When EAP-AKA can be offically supported by FreeRADIUS?
(2). How does FreeRADIUS support
lishuai zhao wrote:
Hi, all
In FreeRADIUS, EAP-AKA has not been supported yet, though a
EAP-AKA patch for version 1.1.2 can be found in the former lists.
The patch is also in bugzilla.
EAP-AKA is more and more popular, so I want to know:
(1). When EAP-AKA can be offically
John Brittain wrote:
We are running 2 servers with radrelay. When a user gets authenticated
on server #1, it logs their Login OK in the radius.log file, but does
NOT log it on server #2 (and vise versa). So I would like to know if
there's a way to have the log files on both servers sync up?
43 matches
Mail list logo