Marcotte, Tyler wrote:
I can understand that nowhere in any documentation does it say that an
Access-Reject is sent back (I just double-checked to verify). However,
what I don't understand is why not?
Because it's an EAP method, *and* it's TLS. Go read the debug output
again: the inner
Scott Lambert wrote:
Attached is a simplistic patch to get raddb/certs/bootstrap to work on
systems where make is not GNU make.
...
-make ca server dh random
[EMAIL PROTECTED]@ ca server dh random
That can be done. It's probably better to just fix the Makefile so
it's portable.
Alan
Scott Lambert wrote:
Attached is a simplistic patch to get raddb/certs/bootstrap to work on
systems where make is not GNU make.
I've poked the Makefile. Please test with BSD (or other) Make.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Bryan Evege wrote:
Here's the problem. When a user logs in and is a member of more than
one group radius only uses the first one to match. I've included the
users file below.
In which you tell it to stop matching after the first one.
DEFAULT Ldap-Group == packeteer_read_only,User-Profile
i`m using Mikrotik (Hotspot) + Freeradius + Mysql + perl postscript to
check auth , on perl script i do check quota based on radacct table. if
quota more than xxx Gb then you cant login.
the problem are like this what the result of accounting different with
value that send to NAS. like this
Kris wrote:
i`m using Mikrotik (Hotspot) + Freeradius + Mysql + perl postscript to
check auth , on perl script i do check quota based on radacct table. if
quota more than xxx Gb then you cant login.
the problem are like this what the result of accounting different with
value that send to
-+2147483647
I think there's a patch for Giga accounting table somewhere but I'm not
sure that this is what you're looking for.
Regards,
Liran.
On 10/11/07, Kris [EMAIL PROTECTED] wrote:
how much are 32-bit number ?
any possible way to configure it larger than 32-bit number ?
Alan DeKok
Kris wrote:
how much are 32-bit number ?
Use a calculator.
any possible way to configure it larger than 32-bit number ?
Read the Mikrotik documentation.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
how much are 32-bit number ?
2 times 2 times 2 times etc. 32 times. If that's the numer of bytes than
4GB.
any possible way to configure it larger than 32-bit number ?
Ask Mikrotik (it's a vendor attribute). Or use ordinary input and
output octets.
-
List info/subscribe/unsubscribe? See
how much are 32-bit number ?
any possible way to configure it larger than 32-bit number ?
Alan DeKok wrote:
Kris wrote:
i`m using Mikrotik (Hotspot) + Freeradius + Mysql + perl postscript to
check auth , on perl script i do check quota based on radacct table. if
quota more than xxx Gb then
it is not mikrotik issue cause freeradius send incorret values , that
mean i must configure freeradius to support more than 32-bit right ?
[EMAIL PROTECTED] wrote:
how much are 32-bit number ?
2 times 2 times 2 times etc. 32 times. If that's the numer of bytes than
4GB.
any
Kris wrote:
it is not mikrotik issue cause freeradius send incorret values , that
mean i must configure freeradius to support more than 32-bit right ?
No.
Please follow the instructions on this list.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
yangcuilin wrote:
Attached is my configuration file. I want to use MSCHAPv2 authentication
protocol in my FreeRADIUS.
Let me guess. You edited the configuration file.
This is my first time to configuration about MSCHAPV2. May be something
wrong with the file.
If you're using the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
yangcuilin wrote:
Hi,
Attached is my configuration file. I want to use MSCHAPv2 authentication
protocol in my FreeRADIUS.
Provide the output of radiusd -X; it provides a lot more information.
Also state what you want to acheive as well, and
Wrong. Learn about binary numbers. And read Mikrotik documentation. You
will find out that there are attributes containg something called
gigaword. You will also find out that there is also no need for
shoehorns, hammer and chisel, rewriting operating systems and such in an
attempt to squeeze
http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ#It_still_doesn.27t_work.21
Since you are not using files add database entries.
Ivan Kalik
Kalik Informatika ISP
Dana 11/10/2007, yangcuilin [EMAIL PROTECTED] piše:
Hi,
Attached is my configuration file. I want to use MSCHAPv2
you seem to have EAP commented out. if you want to use
EAP/802.1x then that isnt going to help...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
radius_xlat: '/usr/local/var/log/radius/radacct/172.16.14.23/auth-
detail-20071011'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/
auth-detail-%Y%m%d expands to /usr/local/var/log/radius
Brad Lachel wrote:
We are currently using our RADIUS server to do one thing. It is
authenticating wireless users via Mac address through access points.
Very clean, very simple. We would like to increase the security a bit
by having the users authenticate against eDirectory as well.
It works w/o EAP. I can do a radtest with a valid userid and password
on the kerberos server and get authorized (and not get authorized with
bad information).
I can get EAP-TTLS to work if I put a user and a password in the radius
users file but that's not what we want. We need the kerberos
You can start by deleting that. It's totally wrong. That's not a
CHAP-Password (it' not encrypted at all) and you can't use that
attribute with MS-CHAPv2 anyway. Than read available information:
http://wiki.freeradius.org/SQL_HOWTO
Start by populating radcheck table, test it, and (when it works)
Hi,
It works w/o EAP. I can do a radtest with a valid userid and password
on the kerberos server and get authorized (and not get authorized with
bad information).
right
I can get EAP-TTLS to work if I put a user and a password in the radius
users file but that's not what we want. We
Try reading what gigaword is. Then use it properly.
Ivan Kalik
Kalik Informatika ISP
Dana 11/10/2007, Kris [EMAIL PROTECTED] piše:
using freeradius 1.1.7 and use variabel Gigawords, still same problem
modcall: leaving group session (returns ok) for request 0
radius_xlat:
Kris wrote:
using freeradius 1.1.7 and use variabel Gigawords, still same problem
I don't want to presume, but you do know what giga means, don't you?
modcall: leaving group session (returns ok) for request 0
radius_xlat: '/usr/local/bin/rmauth.pl ADMIN 00:16:17:52:8F:94 172.1.1.248'
Ok so my pie in the sky hopes are not possible.
How do I set this up so that we can authenticate with eDirectory. I
can skip the MAC authentication.
On Oct 11, 2007, at 8:50 AM, Alan DeKok wrote:
We are currently using our RADIUS server to do one thing. It is
authenticating wireless
Can you post the debug (radiusd -X) for the same user with and without
EAP (using Kerberos - no users file entry).
Ivan Kalik
kalik Informatika ISP
Dana 11/10/2007, Lisa Besko [EMAIL PROTECTED] piše:
It works w/o EAP. I can do a radtest with a valid userid and password
on the kerberos server
using freeradius 1.1.7 and use variabel Gigawords, still same problem
modcall: leaving group session (returns ok) for request 0
radius_xlat: '/usr/local/bin/rmauth.pl ADMIN 00:16:17:52:8F:94 172.1.1.248'
Exec-Program: /usr/local/bin/rmauth.pl ADMIN 00:16:17:52:8F:94 172.1.1.248
Exec-Program
http://www.novell.com/documentation/edir_radius/index.html
Ivan Kalik
Kalik Informatika ISP
Dana 11/10/2007, Brad Lachel [EMAIL PROTECTED] piše:
Ok so my pie in the sky hopes are not possible.
How do I set this up so that we can authenticate with eDirectory. I
can skip the MAC
We also have this working with the below settings. However in running
ver 1.1.6 (maybe others) we have found that there is some sort of
problem that will cause the Freeradius server to crash. This seems to
be tied to request with incorrect passwords as notated by the following
in the log:
Thu
Phil Mayers wrote:
* Auth-Type is being set in preprocess (virtually impossible, and not a
server default)
* Auth-Type is being set in SQL
* You edited the debug
* You mangled the debug
* There is some amazing bug in FreeRadius which no-one else has seen.
I didn't edit anything
Dear All,
I have a big problem with my freeRadius server
the log file each less than a minute logs that the server can't allocate
memory
Error: FATAL: Thread create failed: Cannot allocate memory
I have this configuration
start_servers = 20
max_servers = 400
min_spare_servers = 30
Amr,
Please include some details.
What Operating System
What Version of Free Radius?
How Long has the server been running?
What changed before this started happening?
Thanks
On 10/11/07 9:01 AM, Amr el-Saeed [EMAIL PROTECTED] wrote:
Dear All,
I have a big problem with my freeRadius server
Amr el-Saeed wrote:
the log file each less than a minute logs that the server can't allocate
memory
Error: FATAL: Thread create failed: Cannot allocate memory
Odds are that the server is trying to start too many threads, and that
there is some OS limitation on the number of threads per
Thanks for the help so far. Part of the problem is we have probably
tried so many things we probably messed something up along the way don't
remember what is is.
I think I have all the right stuff in the config files. I'll do a
little cut and paste here and maybe you will spot something I
On Thu, Oct 11, 2007 at 11:28:36AM -0400, Lisa Besko wrote:
Thanks for the help so far. Part of the problem is we have probably tried
so many things we probably messed something up along the way don't remember
what is is.
I think I have all the right stuff in the config files. I'll do a
Having made no changes to the config but using radtest from the command
line this is the debug output using kerberos but not EAP:
rad_recv: Access-Request packet from host 127.0.0.1:49649, id=40, length=65
User-Name = [EMAIL PROTECTED]
User-Password =
You should start another topic and add some more information: operating
system, kerberos version, does this happen every time or is it
unpredictable ...
Ivan Kalik
Kalik Informatika ISP
Dana 11/10/2007, Reynolds, Walter [EMAIL PROTECTED] piše:
We also have this working with the below settings.
[EMAIL PROTECTED] wrote:
Send Freeradius-Users mailing list submissions to
freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or
On Thu, Oct 11, 2007 at 09:55:49AM +0200, Alan DeKok wrote:
Scott Lambert wrote:
Attached is a simplistic patch to get raddb/certs/bootstrap to work on
systems where make is not GNU make.
I've poked the Makefile. Please test with BSD (or other) Make.
That appears to work. Thanks!
--
Thank you for the response, even if it was ridden with unnecessary
sarcasm.
I wasn't trying to argue, I was trying to understand why an
Access-Reject wasn't sent back. Thank you for explaining that.
While I don't necessarily agree with your logic, I can see why you would
think this is sufficient
What freeradius version is this?
If it is 1.1.7 leave radiusd.conf as default. Comment out the DEFAULT
entry with Auth-Type System in users file (since you are using sql and
not files).
EAP-MD5 will work then. As Alan says: EAP-MD5 just works. I have set
it up on the test system and tested it
Hello,
I use freeradius-1.0.4-1.FC4.1 version in a PC Linux Fedora Core 4.
This radius server
authenticates to user in function to his login and key, if the
information is correct the
radius server must send to user to the vlan 2 according to forms in
the file users of the
radius server.
rad_recv: Access-Request packet from host 127.0.0.1:49649, id=40, length=65
User-Name = [EMAIL PROTECTED]
User-Password =
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
..
users: Matched entry DEFAULT at line 5 ===
modcall[authorize]:
Hi,
I use freeradius-1.0.4-1.FC4.1 version in a PC Linux Fedora Core 4.
I wont even bother starting with the upgrade to 1.1.7 stuff. if you want to run
buggy older and insecure versions then thats YOUR choice.
carlos Auth-Type := EAP, User-Password == carlos
Service-Type =
If I change the fall through to yes it still matches as many groups as the
user is in. How can I tell freeradius which attributes to send back?
If you want to send sets of attributes according to the NAS user is
trying to log into use huntgroups.
For example, bevege is a member of the following
On Thu, 2007-10-11 at 15:11 -0400, Marcotte, Tyler wrote:
Thank you for the response, even if it was ridden with unnecessary
sarcasm.
I wasn't trying to argue, I was trying to understand why an
Access-Reject wasn't sent back. Thank you for explaining that.
While I don't necessarily agree
Message: 6
Date: Thu, 11 Oct 2007 21:13:21 +0100
From: [EMAIL PROTECTED]
Subject: Re: Problem with LDAP and Groups
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=ISO-8859-2
If I change the fall
Read instructions in huntgroups file. Group devices in huntgroups:
cisco NAS-IP-Address == a.b.c.d
cisco NAS-IP-Address == a.b.c.e
etc.
linux NAS-IP-Address == z.y.x.w
linux NAS-IP-Address == z.y.x.v
etc.
Add Huntgroup-Name to the DEFAULT entries:
DEFAULT Huntgroup-Name == cisco,
48 matches
Mail list logo