Sourav Chakraborty wrote:
Hi Everyone,
We are tring to add our own VSA to the Access-Accept message sent out
by FreeRADIUS server.Can you please outline the steps as to how this
can be done?We require this urgently.
Create a dictionary. Tell FreeRADIUS to use it. Then, configure it
just
This is definitely more elegant than my suggestion but I found that many
FreeRADIUS admins get confused by the
CA_file
CA_path
options. They think that they need to place the CA chain from *their
FreeRADIUS servers SSL certificate* in the file/directory specified in above
options. But by doing
Reimer Karlsen-Masur, DFN-CERT wrote:
This is definitely more elegant than my suggestion but I found that many
FreeRADIUS admins get confused by the
CA_file
CA_path
options. They think that they need to place the CA chain from *their
FreeRADIUS servers SSL certificate* in the
On Thu 10 Jan 2008, mohsen rahmanian wrote:
I install freeradius-1.1.7-7.1.i386.rpm few days ago, When I try to
install, upgrade or remove freeradius-1.1.7-7.1.i386.rpm get this
error:
/var/tmp/rpm-tmp.25681: line 1: fg: no job control
error: %postun( freeradius-1.1.7-7.1.i386)
Alan DeKok wrote on 10.01.2008 11:26:
Reimer Karlsen-Masur, DFN-CERT wrote:
This is definitely more elegant than my suggestion but I found that many
FreeRADIUS admins get confused by the
CA_file
CA_path
options. They think that they need to place the CA chain from *their
FreeRADIUS
Reimer Karlsen-Masur, DFN-CERT wrote:
Whereas IMO the SSL cert of the RADIUS server should be issued by a CA which
has its root CA certificate preinstalled in the standard certificate stores...
No. You are saying that the supplicant should trust those root CA's
for ALL authentication.
Dear All,
I have freeradius-1.1.7-1.
it was installed on RHEL 3
SNMP net-snmp-5.0.9-2.30E.22
every thing was going OK
i just installed RHEL 564-bit
recompiled the freeradius on the new OS and reinstall
the radius is working Ok
i have SNMP version net-snmp-5.3.1-19.el5
but every time
Hi,
RADIUS certificates for EAP should ALMOST ALWAYS be self-signed. That
means that no one else can successfully convince the users to send them
the passwords.
seconded/thirded. as UK eduroam support I agree that such a closed-loop
system provides a better protection. though more config
Hi
I have configured the Free Radius Server to work as proxy radius server with
the following in the proxy.conf
realm NULL {
type = radius
authhost = 100.100.0.2:1812
accthost = 100.100.0.2:1813
secret = testing123
}
All the other conf files are configured properly. AM getting the
January 10, 2007 - Version 2.0.0 has been released.
We are pleased to announce that Version 2.0.0 has been released.
This version is a tremendous step forward in functionality for the server.
See http://freeradius.org for more information, including downloads,
and major updates to the web
[EMAIL PROTECTED] wrote on 10.01.2008 14:53:
Hi,
RADIUS certificates for EAP should ALMOST ALWAYS be self-signed. That
means that no one else can successfully convince the users to send them
the passwords.
seconded/thirded. as UK eduroam support I agree that such a closed-loop
Hi,
If the supplicant is not configured that strictly, at the end of the day it
does not matter if you rolled your own self-signed RADIUS server cert or
you have a cert with its root CA pre-installed.
Actually, It's not quite the same: if the user at least managed to enable to
CA checking,
Reimer Karlsen-Masur, DFN-CERT wrote:
Actually we were talking about server side config.
Yes. The server has been updated simplify configurations without
EAP-TLS, and to document the issues involved in certificates.
Looking at the supplicant, the user strongly should enter a fully qualified
You haven't posted the debug output. Post one that has both access and
accounting requests for the same user.
Ivan Kalik
Kalik Informatika ISP
Dana 10/1/2008, Jayaraman Balasubramanian
[EMAIL PROTECTED] piše:
Hi
I have configured the Free Radius Server to work as proxy radius server with
the
Stefan Winter wrote on 10.01.2008 15:51:
Hi,
If the supplicant is not configured that strictly, at the end of the day it
does not matter if you rolled your own self-signed RADIUS server cert or
you have a cert with its root CA pre-installed.
Actually, It's not quite the same: if the user
Alan T DeKok wrote:
January 10, 2007 - Version 2.0.0 has been released.
We are pleased to announce that Version 2.0.0 has been released.
This version is a tremendous step forward in functionality for the server.
This is great news Alan! Any idea if a *BSD port is going to be released
Alan T DeKok wrote:
January 10, 2007 - Version 2.0.0 has been released.
We are pleased to announce that Version 2.0.0 has been released.
This version is a tremendous step forward in functionality for the server.
See http://freeradius.org for more information, including downloads,
and
Hi,
It seems that the bzip2 file of the new version 2.0.0 is actually a gzip
file:
freeradius-server-2.0.0.tar.bz2: gzip compressed data, from Unix, last
modified: Thu Jan 10 13:33:14 2008
I downloaded this from the main FreeRADIUS web site. Just something to
be aware of :-)
John.
--
Alan T DeKok wrote:
January 10, 2007 - Version 2.0.0 has been released.
Congratulations, and thanks for all your hard work on FreeRADIUS!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
congrats guys.
On 10/01/2008, Matt Garretson [EMAIL PROTECTED] wrote:
Alan T DeKok wrote:
January 10, 2007 - Version 2.0.0 has been released.
Congratulations, and thanks for all your hard work on FreeRADIUS!
-
List info/subscribe/unsubscribe? See
John Horne wrote:
It seems that the bzip2 file of the new version 2.0.0 is actually a gzip
file:
Fixed, thanks.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mother wrote:
This is great news Alan! Any idea if a *BSD port is going to be released
for it soon?
The ports should be updated at some point...
One goal of 2.0 was to be backwards compatible with 1.1.x as much as
possible. So in *most* cases that I'm aware of, the old configuration
Hi all,
In message [EMAIL PROTECTED], Mother
[EMAIL PROTECTED] writes
Alan T DeKok wrote:
January 10, 2007 - Version 2.0.0 has been released.
We are pleased to announce that Version 2.0.0 has been
released.
This version is a tremendous step forward in functionality for the server.
hi,
congratulations, and thank you very much for all the work you put on
freeradius.
cheers,
pedro
--
you don't code php. you merely edit it until it works. - merlyn
Information in this email including any attachments may be privileged,
confidential and is intended exclusively for the
Is it possible to authenticate with radius and the have ISC DHCP hand out
out an IP (etc)?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Thursday 10 January 2008 08:41:30 Amr el-Saeed wrote:
but every time i wanted to snmpwalk from the radius i got that error
RADIUS-AUTH-SERVER-MIB::radiusMIB = No Such Object available on this
agent at this OID
the command i execute is snmpwalk -v2c -c testsnmp -m
Hi,
Oh, it exists. It's called subject_match within a network { } stanza of
wpa_supplicant, and all the Windows supplicants I've seen so far allow you
set your expectations on the server name. It's turned off by default though.
agreed. it is there.
however, this puts the security on the
this is the log
[smux_accept] accepted fd 12 from 127.0.0.1:57180
Jan 10 20:38:26 RADIUS-1-A snmpd[32488]: refused smux peer: oid
SNMPv2-SMI::enterprises.3317.1.3.1, descr radiusd
Jan 10 20:38:26 RADIUS-1-A snmpd[32488]: [smux_accept] accepted fd 12
from 127.0.0.1:57181
Jan 10 20:38:26
Hi,
I can't still figure it out why I can't access from Linux clients.
I use version 1.1.7 of freeradius. Linux client is a Fedora 8 system.
I use Freeradius+eap+ttls. Users accounts are stored in a LDAP server.
My eap.conf is:
eap {
default_eap_type = ttls
Hi,
Hi,
I can't still figure it out why I can't access from Linux clients.
I use version 1.1.7 of freeradius. Linux client is a Fedora 8 system.
what is the linux client config?
i see the following in your debug
rlm_eap: Request found, released from the list
rlm_eap: EAP/md5
rlm_eap:
hi,
known SNMP issues with 64bit and that version of SNMP.
you will need to follow the debug instructions to help debug
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Yes.
Ivan Kalik
Kalik Informatika ISP
Dana 10/1/2008, [EMAIL PROTECTED] [EMAIL PROTECTED] piše:
Is it possible to authenticate with radius and the have ISC DHCP hand out
out an IP (etc)?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List
...
rlm_ldap: Added password {SSHA}F8XliBuxscoShNf0k7RxlC7niB7ISswp in check
items
...
rlm_eap_md5: User-Password is required for EAP-MD5 authentication
...
You can't use encrypted passwords with EAP-MD5.
http://deployingradius.com/documents/protocols/compatibility.html
Ivan Kalik
Kalik
David Wood wrote:
I am about to start working on an update of that port to 2.0.0 - and it
will likely be renamed net/freeradius2 at the same time, as it's no
longer a development version. My part of this isn't likely to take too
long (hopefully 12 hours to submit the FreeBSD PR barring
however, this puts the security on the client end...and they'll still
get a connection with the proper server even if they've ommitted
all the checks. this is bad generally - you need to have a way
of the server checking that these client settings are enforced.
oh well. I guess thats what
Alan,
I tried with the configuration you had given below, but it does not work
out. Still radius server is accepting TLS method.
Thanks,
Nikitha
On 1/9/08, Alan DeKok [EMAIL PROTECTED] wrote:
nikitha george wrote:
Hi,
I want to enable only TTLS authentication and if the client is
nikitha george wrote:
Alan,
I tried with the configuration you had given below, but it does not
work out. Still radius server is accepting TLS method.
And debug mode says ?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Stefan Winter wrote:
For the built-in supplicant in XP/Vista: it generally sucks. There is the
new Wireless Native API that is supposed to allow scripted auto-setups of
802.1X settings for an SSID, but we haven't tested if that's really
practical. If you can find a student to code on that
38 matches
Mail list logo
