Bjarni Hardarson wrote:
Hi list!
Recently upgraded from 1.1.3 to 1.1.4 to support EAP-PEAP for Windows
Vista clients. That works fine but now I got problems with missing reply
attributes for Mac OSX clients using EAP-TTLS.
FreeRADIUS sends an Access-Challenge with the correct attributes
Alan DeKok wrote:
Please try the attached patch. If it works, I'll add it to 1.1.5.
Never mind, it doesn't work. Give me a bit...
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List
Hi!
Is it possible to implement such functionality with the usage of attr_rewrite
module that whenever a packet arives to freeradius module will check if
particular parameter exists in a request and if it doesn't, it will try to
create it from other set of packet parameters? Maybe it can be
Bjarni Hardarson wrote:
Recently upgraded from 1.1.3 to 1.1.4 to support EAP-PEAP for Windows
Vista clients. That works fine but now I got problems with missing reply
attributes for Mac OSX clients using EAP-TTLS.
FreeRADIUS sends an Access-Challenge with the correct attributes but
they
Hi
Is it possible to do the ntlm_auth authorization used for PEAP with a
perl-script over rlm_perl?
And if yes how?
Greetings
Lukas
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von [EMAIL
PROTECTED]
Gesendet: Donnerstag, 15. Februar 2007
Alan DeKok wrote:
I've tested committed a fix that will be in 1.1.5.
Thanks.
Do you know when 1.1.5 will be released?
regards/mvh
Bjarni Hardarson
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Habegger Lukas, ERZ-AZD-AIL wrote:
Hi
Is it possible to do the ntlm_auth authorization used for PEAP with a
perl-script over rlm_perl?
Why? The MSCHAP module already does this for you.
If you want to know how to re-do all of that work in the Perl module,
look at the code in the mschap
Hi All,
Authentication take more time when 2 ldap servers are configured and one is
not reachable. I have configured the redundant ldap module as specified in
the doc.
authorize {
;;
;;
redundant {
ldap-server-1
ldap-server-2
}
}
authenticate {
;;
;;
Auth-Type LDAP {
redundant {
Bjarni Hardarson wrote:
Alan DeKok wrote:
I've tested committed a fix that will be in 1.1.5.
Thanks.
Do you know when 1.1.5 will be released?
Soon, I think. In the mean time, branch_1_1 in CVS has the fix.
Alan DeKok.
--
http://deployingradius.com - The web site of the
Alan DeKok wrote:
Walter Goulet wrote:
How does FreeRADIUS's rlm_eap module choose the cipher suite used for
EAP-TLS/TTLS sessions?
It relies on OpenSSL to do the negotiation.
RFC 2246 for TLS states that the client presents the list of
ciphersuites supported to the server and
The help is necessary.
Is 2 RADIUS servers and 1 NAS, it is necessary if authorization has
not passed on the first to be authorized on the second, what it is necessary
for this purpose?
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
El mar, 13-02-2007 a las 12:14 +0100, Angel L. Mateo escribió:
Hello,
More info about my problem... In the radius.log file I have a lot of
entries of the form:
Tue Feb 13 12:12:13 2007 : Error: rlm_radutmp: Logout for NAS ap port
1627, but no Login record
Tue Feb 13 12:12:35 2007 :
Because I have a perl script to switch between two different Samba-servers for
authorization.
I had several problems with this setup because parallel requests cause that the
wrong domain is
available (The domain-switch wouldn't be blocked for a request).
Is there an easier way to do the
On Thu 15 Feb 2007 11:37, Max Jonborn wrote:
Personally i'd recommend a distro with a functioning package handler, my
suggestion is debian. Feels good when you update the whole system with
the ease of one command. The wet dream of every admin.
Yep. Debian has apt-get upgrade, SUSE has rug
This is documented in radiusd.conf in the detail section.
-Peter
On Fri 16 Feb 2007 06:46, Foo JH wrote:
Thanks Peter and Alan for your replies.
I don't mind recompiling, except that I need to run FreeRadius as a
Windows service, and I don't know what it takes to enable mysql in the
Habegger Lukas, ERZ-AZD-AIL wrote:
Because I have a perl script to switch between two different Samba-servers
for authorization.
Which doesn't work too well. Samba isn't designed to do that.
I had several problems with this setup because parallel requests cause that
the wrong domain is
Hi,
I have changed from freeradius 1.1.2 to freeradius 1.1.3 and now it
works with the same configuration. I don't know the reason, but now it
works.
..bit 1.1.4 is current release ;-)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi!
What does the TTY stand for when i do a radwho?
//Max
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok wrote:
Bjarni Hardarson wrote:
Thanks.
Do you know when 1.1.5 will be released?
Soon, I think. In the mean time, branch_1_1 in CVS has the fix.
Thanks again, seems to be working :)
regards/mvh
Bjarni Hardarson
-
List info/subscribe/unsubscribe? See
On Fri 16 Feb 2007 13:27, Larin Denis wrote:
The help is necessary.
Is 2 RADIUS servers and 1 NAS, it is necessary if authorization has
not passed on the first to be authorized on the second, what it is
necessary for this purpose?
Most NAS support multiple radius servers.. Have a look at the
Hello;
I installed freeradius v1.1.4 (standard build) to authenticate my Cisco
routers. Radius.h defines this:
#define PW_AUTH_UDP_PORT1812
as it should. My Cisco has this:
radius-server host 192.168.3.1 auth-port 1812 acct-port 1813
as it should. /etc/services
I am trying to authenticate Cisco enable password requests via freeradius
(1.1.3.) on a mysql
(5.0.26) database.
As per http://wiki.freeradius.org/Cisco, the router tries to authenticate user
$enab15$ but it
doesn't get matched on mysql query because '$' gets escaped to '=24'
radius_xlat:
OK. I have tried to get this to work but cannot figure out how to do
this. Could you point me in the right direction.
Thanks
-Original Message-
From:
[EMAIL PROTECTED]
g
[mailto:[EMAIL PROTECTED]
adius.org] On Behalf Of Alan DeKok
Sent: Wednesday, February 07, 2007 7:58 PM
To:
After removing the rlm_perl directory and rebuilding freeradius (no
errors), I am getting:
# radius.exe -X
...
Module: Library search path is /usr/local/lib
radiusd.conf[10] Failed to link to module 'rlm_sql': Permission denied
radiusd.conf[1850] Unknown module sql.
radiusd.conf[1779] Failed to
[EMAIL PROTECTED] wrote:
I am trying to authenticate Cisco enable password requests via freeradius
(1.1.3.) on a mysql
(5.0.26) database.
As per http://wiki.freeradius.org/Cisco, the router tries to authenticate
user $enab15$ but it
doesn't get matched on mysql query because '$' gets
If you look in sql.conf you should see:
# Safe characters list for sql queries. Everything else is replaced
# with their mime-encoded equivalents.
# The default list should be ok
safe-characters
= @abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /
You can add $ to that
Frank DiGennaro wrote:
...
as it should. My Cisco has this:
radius-server host 192.168.3.1 auth-port 1812 acct-port 1813
Which is the port which packets are sent TO.
as it should. /etc/services is also 1812. So I run radius –x and try to
log into the Cisco. My radius server responds like
hi sir ,
i hope you are all fine , sir i don't found dictionary.tunnel file , what can i
do , because i have to add the users on the different vlan , with out this file
(dictionary.tunnel) can i add the users on different vlan
looking forward to hear from you
regards
adnan
According to my research, FreeRADIUS supposedly does work from
behind an LVS load balancer. My current configuration works
perfectly outside of the LVS, but once it is put behind the LVS it
ceases to work. Connections seem to succeed even behind the LVS,
until they get to an access
Sam Schultz wrote:
From what little information I could find on this, it looks like
the freeradius thinks these are proxied requests due to ip mangling
done by the LVS load balancer (Basically, it's a 1:1 NAT).
Has anyone come across anything like this? Any pointers for work-
arounds
Unfortunately, it isn't possible to use direct routing on this
network. I was thinking there may be some way to coerce FR into
thinking the load balancer is another radius server sending over
proxied requests, or something like that.
Sam Schultz wrote:
From what little information I could
Hi guys
I was just wondering why we have a nas table in mysql when it doesn't act
like clients.conf ive tried putting nas details into the nas config with out
any nas's in clients.conf but radius does not start so, what is the nas
table actually for then?
-
List info/subscribe/unsubscribe?
adnan khan wrote:
i hope you are all fine , sir i don't found dictionary.tunnel file ,
what can i do , because i have to add the users on the different vlan ,
with out this file (dictionary.tunnel) can i add the users on different vlan
See dictionary.rfc2868. It was renamed.
Alan DeKok.
VeNoMouS wrote:
I was just wondering why we have a nas table in mysql when it doesn't act
like clients.conf ive tried putting nas details into the nas config with out
any nas's in clients.conf but radius does not start so, what is the nas
table actually for then?
Storing client information.
Sam Schultz wrote:
According to my research, FreeRADIUS supposedly does work from
behind an LVS load balancer. My current configuration works
perfectly outside of the LVS, but once it is put behind the LVS it
ceases to work. Connections seem to succeed even behind the LVS,
until they
When using EAP-TLS as the only method in freeradius, is there a way to
define a list of allowed users, perhaps by the CN on their client
certificate?
I want it so that not *everyone* who has a certificate signed by the CA list
can authenticate, but rather a select few (of which I know the CN of
But when I had a client in the nas table and I tried to auth, it didn't work
its like it didn't even check in there, are u sure the nas table is used?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Alan DeKok
Sent: Saturday, 17 February 2007 1:36 p.m.
Hi All,
Authentication takes more time when two ldap servers are configured ( for
redundancy ) and one is not reachable. I have configured the redundant ldap
module as specified in the doc.
authorize {
;;
;;
redundant {
ldap-server-1
ldap-server-2
}
}
authenticate {
;;
;;
Auth-Type ldap-server-1
38 matches
Mail list logo
