Hi,
a somewhat sophisticated problem: in a mail server, we'd like to record the IP
address of the client that triggered the IMAP authentication request. The
IMAP server uses PAM, specifically pam_radius_auth.
Is there a way to tell pam_radius_auth to send a value in Calling-Station-Id?
Is
Edwin van Zyl wrote:
I've configured with the following options: ./configure --enable-debug
--enable-developer and re-build, but still don't see the raw data. I've
looked at the binary traces and can see that the EAP message contains
encrypted application data and the size is less then
Wayne Lee wrote:
What I need to be able to do is send back different info based on the
incoming request from a set of NAS's.
In 2.0, just write the policy. See man unlang.
Or, use virtual servers.
client foo {
ipaddr = 1.2.3.4
...
virtual_server = one # or two
Dmitry Sergienko wrote:
Situation gets more clear if eap module is being called in post-proxy
section of proxy-inner-tunnel:
I've updated the proxy-inner-tunnel example to work.
It sends the MS-CHAP2-Success as part of the EAP session.
And please don't CC me on messages to the list. I
In 2.0, much of the huntgroup functionality can be done with a little
bit of magic:
client foo {
ipaddr = 127.0.0.1
secret = x
huntgroup = foo # invent ANYTHING here! foo = bar, x = y, etc.
}
Then in unlang:
...
if (%{client:huntgroup} == foo) {
That worked. thx.
rad_recv: Access-Request packet from host 127.0.0.1:50067, id=101,
length=79
User-Name = edwinvanzyl
Called-Station-Id = internet
EAP-Message = 0x021001656477696e76616e7a796c
Message-Authenticator = 0xd649ab055e13bef1b25863bcab47f81e
Wed
Edwin van Zyl wrote:
That worked. thx.
...
Wed Feb 13 11:22:56 2008 : Debug: rlm_eap_ttls: Session established.
Proceeding to decode tunneled attributes.
TTLS tunnel data in : 01 0d 65 64 77 69 6e 76 61 6e 7a 79 6c 02 09 74
TTLS tunnel data in 0010: 65 73 74 69 6e 67 1e 0a 69 6e 74
Ranner, Frank MR wrote:
UNCLASSIFIED
Config as requested - I did uncomment and configure the identity
section
- is this not required?
ldap {
#
# Note that this needs to match the name in the LDAP
# server certificate, if you're
Hi,
Tue Feb 12 23:45:21 2008 : Error: Warning: Found 2 auth-types on request
for user '[EMAIL PROTECTED]'
Tue Feb 12 23:45:21 2008 : Debug: rad_check_password: Auth-Type = Accept,
accepting the user
whoah. WinXP is very fussy (as should all EAP clients) about getting a proper
EAP
Phil Mayers wrote:
I've never had cause to look at it before, but I discovered today that
accouting doesn't support huntgroups; specifically, an attempt to match
on Huntgroup-Name in acct_users
Is this expected?
The preprocess module doesn't do huntgroups for accounting requests.
This
Arran Cudbard-Bell wrote:
Woah, get that working with SQL and you have an insanely useful feature.
Oooo what VLANS does this NAS support, hmm i'll just check the client
VLAN tags. Where is this NAS located, hmm i'll just check the
arbitrarily populated location tag.
Err... why? You can do
Ashraf Al-Basti wrote:
Dear All,
im using freeradius as a proxy radius and need to proxy the accounting
to two different servers, can i do that?
Yes and no. You can proxy it to another server, *and* log to a
detail file. You can then have it read the detail file, and proxy
that to another
Hi,
Arran Cudbard-Bell wrote:
Woah, get that working with SQL and you have an insanely useful feature.
Oooo what VLANS does this NAS support, hmm i'll just check the client
VLAN tags. Where is this NAS located, hmm i'll just check the
arbitrarily populated location tag.
Err... why?
Perhaps you mis-read my post,
I have read the SQL howto (and the FAQ and Wiki) before posting to the
list and the server it is currently working fine using SQL , I just
did not understand how to reply to different NAS's with different
info.like I said my SQl foo is rubbish.
I guess what I'm
Simple authentication with login/password can be handled in large
numbers with a recent cpu and freeradius.
.
EAP authentication on the other hand requires a great amount of cpu
processing.
Therefore I have a simple(?) question:
Did someone already calcute the theoretically maximum number of
Hi Alan,
Thanks for helping me in configuring my freeradius with mysql.
I've uncommented the sql in the file
/usr/local/etc/raddb/sites-enabled/default . And now I've seen message
trying to commucinate with mysql. But still there is a problem of not
getting the mysql driver. I am using
Hi
I use freeradius 1.1.7 (PLD Linux distribution).
In default configuration freeradius work OK but I have problem
checking Calling-Station-Id - for check mac adres client validation.
My user file contains:
Waldi User-Password == 12345,
It's working. It also works when I add ip
-Password = t1
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
+- entering group authorize
++[preprocess] returns ok
expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
-
/usr/local/var/log/radius/radacct/10.1.1.170/auth-detail-20080213
rlm_detail:
/usr
I've followed the Cisco docs as much possible, and believe I have done all
that is required.
My Cisco config now has the following:
aaa new-model
!
!
aaa authentication ppp default group radius
aaa authorization network default group radius
Alan DeKok wrote:
Arran Cudbard-Bell wrote:
Woah, get that working with SQL and you have an insanely useful feature.
Oooo what VLANS does this NAS support, hmm i'll just check the client
VLAN tags. Where is this NAS located, hmm i'll just check the
arbitrarily populated location tag.
Hi there !
After 1.1.7 had been running for about a month without any problems,
radiusd has now died silently or completely stuck (it has to be kill
-9ed) a couple of times. In either case, I get no logs about what's wrong.
My platform is Solaris 10/x64 with quite current patches. Are there
2008/1/10, [EMAIL PROTECTED] [EMAIL PROTECTED]:
Hi,
Hi,
I can't still figure it out why I can't access from Linux clients.
I use version 1.1.7 of freeradius. Linux client is a Fedora 8 system.
what is the linux client config?
i see the following in your debug
rlm_eap: Request found,
johnson elangbam wrote:
rlm_sql (sql): Could not link driver rlm_sql_mysql: rlm_sql_mysql.so:
cannot open shared object file: No such file or directory
rlm_sql (sql): Make sure it (and all its dependent libraries!) are in
the search path of your system's ld.
Read the FAQ.
Alan DeKok.
-
David W Bell wrote:
Ranner, Frank MR wrote:
UNCLASSIFIED
Config as requested - I did uncomment and configure the identity
section
- is this not required?
ldap {
#
# Note that this needs to match the name in the LDAP
# server
Norbert Wegener wrote:
Simple authentication with login/password can be handled in large
numbers with a recent cpu and freeradius.
.
EAP authentication on the other hand requires a great amount of cpu
processing.
It's all in the SSL rsa keying setup.
Therefore I have a simple(?)
Ooops, because of the emotion I pasted old config files. Well here are
the fresh files:
prefix = /usr/local2
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = ${prefix}/var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
Frank Winkler wrote:
After 1.1.7 had been running for about a month without any problems,
radiusd has now died silently or completely stuck (it has to be kill
-9ed) a couple of times. In either case, I get no logs about what's wrong.
My platform is Solaris 10/x64 with quite current patches.
Edwin van Zyl wrote:
I've been simulating the traffic with JRadiusSimulator and used the
EAP-TTLS/PAP option.
It *should* be working...
Is there any other simulator you know of which I
can use to simulate EAP-TTLS/(PAP and MS-CHAPv1)? I appreciate your help.
eapol_test, which is part of
2008/1/11, Arran Cudbard-Bell [EMAIL PROTECTED]:
[EMAIL PROTECTED] wrote:
Store cleartext passwords and all eap types will work. Real problem is
the encrypted password not the eap type.
Ivan Kalik
Kalik Informatika ISP
Dana 11/1/2008, Sergio Belkin [EMAIL PROTECTED] piše:
I've been simulating the traffic with JRadiusSimulator and used the
EAP-TTLS/PAP option. Is there any other simulator you know of which I
can use to simulate EAP-TTLS/(PAP and MS-CHAPv1)? I appreciate your
help.
On 13 Feb 2008, at 12:20 PM, Alan DeKok wrote:
Edwin van Zyl wrote:
That
[EMAIL PROTECTED] wrote:
yep - but i think the default schema for clients didnt have these
extra features added. at least someone mentioned synchronising them
recently
more importantly for other people - do these attributes get passed
through the message structure for PERL and Python?
cengiz coþkun wrote:
Hi,
I have configured freeradius 2.0.0 EAP-ttls and
configured a mysql db to store the users.
It was working fine until i recently decided to
convert the database-stored passwords to md5
encryption.
Store the passwords as MD5-Password. See man rlm_pap.
You do
Dear All :
rlm_ippool return duplicate ip address
in past i used version Version 1.0.5 , so i thought that may be bug in the
version
so i installed Version 2.0.1 and the problem is still appears
but in the last version the problem appears always in specific ips for example
x.x.117.63 ,
Stefan Winter wrote:
Is there a way to tell pam_radius_auth to send a value in Calling-Station-Id?
Source code edits.
Is there a way at all to send variables to PAM at all, to be used for setting
Calling-Station-Id within pam_radius_auth?
Source code edits.
Alan DeKok.
-
List
Hi,
I've been simulating the traffic with JRadiusSimulator and used the
EAP-TTLS/PAP option. Is there any other simulator you know of which I can
use to simulate EAP-TTLS/(PAP and MS-CHAPv1)? I appreciate your help.
wpa_supplicant is a good tool
alan
-
List info/subscribe/unsubscribe? See
Hi,
Am I right in thinking that most alpha numeric characters are escaped
before being inserted into SQL databases, and that the resultant string
is =Ascii value as hex ?
For example, the Reply-Message 'HP Networking equipment makes me sad,
angry and staby.' would be entered as 'HP
David W Bell wrote:
David W Bell wrote:
Ranner, Frank MR wrote:
UNCLASSIFIED
Config as requested - I did uncomment and configure the identity
section
- is this not required?
ldap {
#
# Note that this needs to match the name in the LDAP
Alan DeKok wrote:
..
$ openssl speed
Or
$ openssl speed rsa
http://www.madboa.com/geek/openssl/#benchmark-speed
For 2048 bit rsa keys, the web page gives 77 signs/s for a 2GHz Intel
Core 2. My 1GHz laptop gives around 20/s.
That number becomes the limiting factor for any TLS-based
We're bringing a Cisco (formerly Airespace) lightweight wireless system
online, and I'm seeing some odd things in the accounting.
Specifically, the usernames can change in the accounting packets. This
causes the default SQL queries (at least, the ones for Postgres under
1.1.7) to generate
Your comment *should* focussed my attention on the JRadius simulator
and I finally got it to work. Problem: Old version of
JRadiusSimulator. The one I used, I've downloaded from http://sourceforge.net/projects/jradius
. Rather use the java web start option at
Can someone guide me with the steps to enable the Challenge Response in
Freeradius server?
Thanks,
Deepak
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I am using EAP-TTLS with eap.conf, it is working, but I was looking in
debugging messages and output of sniffing that I can see the User-Name
(pepino, in this example), earlier in radius 1.17 only showed
anonymous... I see no passwords (I think that it's safe onto tunnel,
isn't it?). Is that
Phil Mayers wrote:
We're bringing a Cisco (formerly Airespace) lightweight wireless system
online, and I'm seeing some odd things in the accounting.
Specifically, the usernames can change in the accounting packets. This
causes the default SQL queries (at least, the ones for Postgres under
I am using FreeRADIUS v1.0.5 in a non-production lab environment. I am
using the group and passwd files for RADIUS authentication. I'm not
using the standard ones, but copies that I have created just for
FreeRADIUS and stored in another directory (so it doesn't interfere with
regular systems
Hello, I want to use freeradius 2.0.1 to do
accouting for my DSL users.
I would like to acheive the following setup:
NASes send request to the first radius (SunOS
radius) which only handles authentication request
and proxies accouting request to Freeradius
(v2.0.1). I'd like freeradius to do
Lemaster, Rob wrote:
I am using FreeRADIUS v1.0.5 in a non-production lab environment.
Well... I suggest upgrading.
What hashing algorithm is used to store passwords in passwd?
$ man passwd
i.e. whatever your system supports.
Does FreeRADIUS have an option to read passwords in clear
Alexandre Chapellon wrote:
To do this I setup freeradius 2.0.1 with 1 default
virtual server writing accouting to mysql and to a
detail file and one other virtual server which
listen the detail file ( listen { type = detail}
) and proxies request
The problem is that the proxying is done
47 matches
Mail list logo