Hi
{cut}
> You will likely need to grab CVS head, as I've just committed a patch
> to fix some issues with reading the detail file.
>
It looks like there is still issue with reading from the file. From
the debugging I did I think that the problem is with freeradius
noticing that it already got
Hi!
Andrew Olson wrote:
I got 2.0.1 patched, compiled and configured. I'm still seeing the same
behaving listed below. Could it be something with my config.
I'm simply doing:
DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm := "realm"
You don't need this if you set virtual-serve
Inner request for PEAP is EAP-MSCHAPv2 not MSCHAPv2.
Ivan Kalik
Kalik Informatika ISP
Dana 6/2/2008, "Andrew Olson" <[EMAIL PROTECTED]> piše:
>I got 2.0.1 patched, compiled and configured. I'm still seeing the same
>behaving listed below. Could it be something with my config.
>
>I'm simply do
I got 2.0.1 patched, compiled and configured. I'm still seeing the same
behaving listed below. Could it be something with my config.
I'm simply doing:
DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm := "realm"
Thanks,
Andrew Olson
Dmitry Sergienko wrote:
Hi!
If you still hav
Hi,
> Wed Feb 6 10:43:04 2008 : Error: rlm_eap: Failed to remember handler!
> Wed Feb 6 10:43:07 2008 : Error: rlm_eap: Failed to remember handler!
> and
> Wed Feb 6 10:43:07 2008 : Error: rlm_eap_tls: Unexpected ACK received
>
>
> the reason i am looking over these logs right now is because th
Joe Vieira wrote:
Wed Feb 6 10:43:44 2008 : Error: TLS Alert write:fatal:bad record mac
Wed Feb 6 10:43:44 2008 : Error: rlm_eap: SSL error error:1408F119:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac
Wed Feb 6 10:43:44 2008 : Error: rlm_eap_tls: SSL_read failed in a
sy
Alan DeKok wrote:
Norbert Wegener wrote:
Should this kind of mechanism in 2.0.1 also be able to do something
similar for eap?
I don't see why not.
Fine
...
This does not work for me. Is it expected to do what I want and I have a
configuration error? Or is this not the right
Phil Mayers wrote:
> I'm sure there are some, but I can't rationalise them out for myself;
> what are they? Or do you mean that some modules obviously won't work on
> VMPS requests?
The modules may look for RADIUS attributes... which don't exist in a
VMPS request.
> I merely mention it because
Joe Vieira wrote:
> Wed Feb 6 10:43:44 2008 : Error: TLS Alert write:fatal:bad record mac
> Wed Feb 6 10:43:44 2008 : Error: rlm_eap: SSL error error:1408F119:SSL
> routines:SSL3_GET_RECORD:decryption failed or bad record mac
> Wed Feb 6 10:43:44 2008 : Error: rlm_eap_tls: SSL_read failed in a
>
Thierry CHICH wrote:
> However, it the accounting is always done with the outer identity
...
> Login OK: [EMAIL PROTECTED]/] (from client ap-rectorat02
> port 0)
> +- entering group post-auth
> expand: %{request.User-Name} ->
That's a typo. It should be ... "%{request:User-Nam
J-P Raymond wrote:
> I've my server setup authentication is working fine but I have no log in
> this directory
>
> detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
The NAS isn't sending accounting packets.
> any clues ?
This is in the FAQ, too.
Alan DeKok.
-
List info/subsc
[EMAIL PROTECTED] wrote:
hi,
we use FR with the VMPS module - and i can see the gotchas
with trying to run it through some of the other modules.
I'm sure there are some, but I can't rationalise them out for myself;
what are they? Or do you mean that some modules obviously won't work on
VMPS
hi,
I am a new user in free radius with mysql, i've configure all the
necessary .config files (viz., sql.conf and radiusd.conf) of the free radius
for connecting to the mysql, but i wouldn't be able to connect to mysql
database. Please tell me how to check that my free radius server is already
c
Hi,
you are using 2.0.0 ...
they output you posted is not complete...
> Ready to process requests.
...which is the LAST line of output before the server is ready -
the output before gives us a lot of information.
can you connect to the mysql database from the command
line using the credential
hi,
we use FR with the VMPS module - and i can see the gotchas
with trying to run it through some of the other modules.
what we have is the VMPS calling post-auth - which runs
a PERL module. the PERL module does our dirty work (check
validity, return the correct VLAN etc) - but theres
no reason w
thanks. I think that's the problem.
Luis
Ivan Kalik escribió:
Could it be a problem from the NAS params sent to radius?
It could - if NAS-Port parameter is the same for all users. If user C
logs out IP adresses will be released from the pool and B will be able
to get A's IP address.
Ivan Ka
Have you uncommented sql entries in radiusd.conf? Debug of the server
startup (the bit that comes before the posted debug) would be more
informative about what's configured (and what's not).
Ivan Kalik
Kalik Informatika ISP
Dana 6/2/2008, "johnson elangbam" <[EMAIL PROTECTED]> piše:
>hi,
>I
Wed Feb 6 10:43:44 2008 : Error: TLS Alert write:fatal:bad record mac
Wed Feb 6 10:43:44 2008 : Error: rlm_eap: SSL error error:1408F119:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac
Wed Feb 6 10:43:44 2008 : Error: rlm_eap_tls: SSL_read failed in a
system call (-1), TLS se
hi,
I am a new user in free radius with mysql, i've configure all the
necessary .config files (viz., sql.conf and radiusd.conf) of the free radius
for connecting to the mysql, but i wouldn't be able to connect to mysql
database. Please tell me how to check that my free radius server is already
I'm looking at using FreeRadius 2.0.1 to merge out old VMPS switches
into the radius-based (SQL-backed) MAC auth.
For various reasons, the easiest thing for me would be to proxy the VMPS
requests as PAP to our existing mac auth servers.
The comments in raddb/sites-available/vmps imply that th
Le mercredi 06 février 2008, Alan DeKok a écrit :
> Thierry CHICH wrote:
> > With the previous release of freeradius 1.1.7, I could do the following
> > things:
> > - people with a correct outer identity and inner identity
> > (login/password) could be authorized and authenticate on a LDAP server,
FreeRADIUS Version 1.1.6 Rhel3
I hope it's an easy one
I've my server setup authentication is working fine but I have no log in this
directory
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
The Client-IP-Address directory exist (automatic) but I've no detail-xxx files
in
Configure something to send a request to it. Put user name and password
in users file. Put details of the device sending requests into
clients.conf.
If you haven't got the device that can send requests you can test with
something like JRadius Simulator.
Ivan Kalik
Kalik Informatika ISP
Dana 6/2
johnson elangbam wrote:
> hi,
> I am a new user in free radius with mysql, i've configure all the
> necessary .config files (viz., sql.conf and radiusd.conf) of the free
> radius for connecting to the mysql, but i wouldn't be able to connect to
> mysql database.
And the debug log says... ?
Thierry CHICH wrote:
> With the previous release of freeradius 1.1.7, I could do the following
> things:
> - people with a correct outer identity and inner identity (login/password)
> could be authorized and authenticate on a LDAP server, using an EAP-TTLS
> tunnel, obtained a WPA key.
> - with
hi Thierry,
on your /etc/raddb/users file, you can put the follwing to copy the
inner identity to the outer identity (works with freeradius 1 and 2):
DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1
User-Name := `%{User-Name}`,
Fall-Through = yes
Thierry CHICH <[EMAIL PROTECTED]> a
Hello,
I know that my problem is so simple that I should be ashamed to ask help, but
I have to say that I can't find a good way to do what I want to do.
With the previous release of freeradius 1.1.7, I could do the following
things:
- people with a correct outer identity and inner identity (lo
hi,
I am a new user in free radius with mysql, i've configure all the
necessary .config files (viz., sql.conf and radiusd.conf) of the free radius
for connecting to the mysql, but i wouldn't be able to connect to mysql
database. Please tell me how to check that my free radius server is already
Hi,
I am completely new to using freeradius 1.1.7.
Can you please give me an insight to how we can test MSCHAP V2 using
this?
Thanks
Please do not print this email unless it is absolutely necessary. Spread
environmental awareness.
The information contained in this electronic message and any att
Norbert Wegener wrote:
> Should this kind of mechanism in 2.0.1 also be able to do something
> similar for eap?
I don't see why not.
...
> This does not work for me. Is it expected to do what I want and I have a
> configuration error? Or is this not the right way to do this? If it
> should work
Alan DeKok schrieb:
[EMAIL PROTECTED] wrote:
How do I set up a freeradius server so that if the password fails for
the primary radius server it tries the secondary for the password.
In 2.0.1, you should be able to do:
authenticate {
...
Auth-Type pap {
Hi!
If you still have no luck with 1.1.7 proxying mschapv2, try to move to 2.0.1 with patches in event.c discussed yesterday
in freeradius-users. I'm trying to do the same authentication - extract MS-CHAPv2 from PEAP and authorize inner request
against external RADIUS server. With 2.0.1 and a p
>
>Could it be a problem from the NAS params sent to radius?
It could - if NAS-Port parameter is the same for all users. If user C
logs out IP adresses will be released from the pool and B will be able
to get A's IP address.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
Hi!
I am using freeradius 1.1.3 and I have some problems with dial-up users using
a dynamic pool of ip adresses.
When user A are logged in with ip address 1, its ip is marked as used in the
pool only for 2/3 minutes.
After that if an user B logs in, then this new user can received the same ip
Dmitry Sergienko wrote:
> Thanks for the tip.
> successfully_proxied_request() also needs patching:
Fixed, thanks.
> The second oddity: when setting "proxy_tunneled_request_as_eap = no"
> proxying is not working because no inner MSCHAPv2 request extracted.
> Debug looks like this:
..
> Solution
[EMAIL PROTECTED] wrote:
> How do I set up a freeradius server so that if the password fails for
> the primary radius server it tries the secondary for the password.
In 2.0.1, you should be able to do:
authenticate {
...
Auth-Type pap {
pap
if (re
Stephane Bortzmeyer wrote:
> Which RFC should I read, by the way? 2865 says very little about
> Server-Status.
I have an expired I-D that I'll be updating soon.
> Otherwise, your explanation makes sense. But, in that case, the
> example in the man page of radclient is wrong:
Fixed, thanks.
> For using EAP-TLS with the Windows Mobile devices I still have to solve
> one
> problem, which I think would be no problem for you, the problem with the
> username of the devices.
>
> If I disable the option "check_cert_cn = %{User-Name}" in eap.conf I get a
> working configuration, but finally
Stefan Puch wrote:
@Alan DeKok
I'll bet that if you posted the final Access-Accept from 1.1.7 and from
2.0.1, that they would be *different*. If you make them the same, I'll also
bet that the NAS will accept the user.
You were right (you win the bet), I accidentally commented out an e
@Alan DeKok
> I'll bet that if you posted the final Access-Accept from 1.1.7 and from
> 2.0.1, that they would be *different*. If you make them the same, I'll also
> bet that the NAS will accept the user.
You were right (you win the bet), I accidentally commented out an entry in the
"default"-fi
40 matches
Mail list logo