--- original message ---
From: Alan DeKok al...@deployingradius.com
Subject: Re: Logging From where?
Date: 03rd December 2009
Time: 6:52:27
as alan has said, latest versions can have custom log - theres also line_log
module - NAS-IP-Address is your friend .old version? Well, what your're after
- 2nd... What is wrong in my configuration? I can not distinguish, at
the moment, which is the entry at logs that I should focus.
[tls] TLS 1.0 Handshake [length 036f], Certificate
-- verify error:num=20:unable to get local issuer certificate
[tls] TLS 1.0 Alert [length 0002],
Great!!
Finally, after several weeks posting question on this forum trying to
solve my first test with EAP-TLS, you give with this tip the correct
solution!!
Thanks a lot Ivan!!
Cheers,
Fernando.
PS: Only for your knowledge... It seems this tip is also applicable to
M.Vista (my case ;-)
Hi,
I'm trying to install freeradius (Version 2.1.7.: tar.bz2), on
suse_sles-11-0-0.001 and following the procedure below, I ran into the
following errors:
Sh: apxs2-prefork: command not found
Error: failed build dependencies:
Db-dvel is needed by freeradius-server-2.1.7-0.i586
And the
Phil Mayers wrote:
Is there a MAC in the Access-Request? If so, the IPPool module
Sadly not. It's from pptp (pppd) radius.so plugin, so the requests
basically only contain:
Ugh. We should fix that to send the MAC in the Calling-Station-Id,
rather than sending the IP address.
Alan
Wagner Pereira wpere...@pop-sp.rnp.br wrote:
Thanks for cheered my model. It's updated now:
http://twitpic.com/rumfq/full
Should I write these lines
DEFAULT NAS-Identifier == switch, LDAP-Group == netref
Service-Type = NAS-Prompt-User, Cisco-AVPair = shell:priv-lvl=15
in
Site Data and DocumentationYes, but good to check updated version from
freeradius website. Most diastros have older versions of software compiled
- Original Message -
From: Alex Bahoor
To: 'FreeRadius users mailing list'
Sent: Thursday, December 03, 2009 2:13 AM
Subject:
Phil Mayers wrote:
You have a typo in your config:
ntlm_auth = usr/bin/ntlm_auth --request-nt-key
You are missing a leading / from the binary, hence it's failing.
Typo corrected.
Now It authenticated users but the Wireless Lan It's still not working.
The Access Point is an HP Wireless
I reboot the server and it's working know.
Thanks for all.
Unai.
-Mensaje original-
De: freeradius-users-bounces+u.garcia=ibermatica@lists.freeradius.org
[mailto:freeradius-users-bounces+u.garcia=ibermatica@lists.freeradius.org]
En nombre de Garcia Herguedas, Unai
Enviado el:
Hi Everybody,
I am getting this error while trying to run the freeradius, pls help me to get
this resolved.
The error is,
radiusd: Instantiating modules
instantiate {
/usr/local/etc/raddb/modules/exec[24]: Invalid version in module 'rlm_exec'
Errors initializing modules
Thanks in
Hi All:
My name is Charles and I need to Configure my FreeRadius to use
ntlm_auth to authenticate NT users.
Actually, I am getting to do this for only one NT group, but I need to do
this for more NT groups.
My configuration in radius.conf for ntlm_auth for one NT group is:
exec
Hi,
Hi All:
My name is Charles and I need to Configure my FreeRadius to use ntlm_auth
to authenticate NT users.
Actually, I am getting to do this for only one NT group, but I need to do
this for more NT groups.
My configuration in radius.conf for ntlm_auth for one NT group is:
On 12/02/2009 07:13 PM, Alex Bahoor wrote:
Does this linux version come with FreeRadius?
Is this a recommended Linux for FreeRadius?
I can't speak for suse but Fedora always has current versions of FreeRADIUS.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
Yagnesh Dave wrote:
I am getting this error while trying to run the freeradius, pls help me
to get this resolved.
The error is,
radiusd: Instantiating modules
instantiate {
/usr/local/etc/raddb/modules/exec[24]: Invalid version in module 'rlm_exec'
Errors initializing modules
Hemlata Shekatkar wrote:
2) I ran the tests with -n 500 and the results were really awful. Only
15 for the 500 requests sent.
That seems to indicate that the jradius portion has *extremely* long
latencies.
I have run tests with both -n and -p
options with various request numbers and the
Hello everyone.
Im trying to start my radius server and have some problems doing that.
I think I have missed to uncomment eap somewhere or something like that but I
can find where.
I will give the output from the terminal, i've also tried to make my own
certificate, but it says it has problems
At 08:44 AM 12/3/2009, char...@copel.com wrote:
My environment is: FreeBSD 6.2 + Samba 3.0.26a + freeradius 1.1.7
How can I do this configuration for more than one NT group ? Any idea ?
See my post from Re: separating users, ~6:30, 12/1/09
I tried your approach (separate ntlm_auth execs).
Hi again folks:
I have just been able to go "a bit futher" in my tests, but no so much.
My goal: Try to deploy EAP-TTLS authentication by using "Client
certificate", "Server certificate validation" and "user/password"
authentication.
Client: Windows Vista supplicant software
Test that I
Hi,
...and I guest it is not due to the Client Certificate because it was
succeed authenticated in the previous tests
Probably is due to I am not sure what I should write in the box reserved for
Server or Certificate Name (on the Step 2 of 2 at the supplicant windows
software)
Anyone
Hi,
In modules/ldap, I have:
ldap ldap_staff{
Queries the staff ou in AD
}
ldap ldap_student{
Queries the student ou in AD
}
In authorise section of inner tunnel virtual server I have:
ldap_staff
if (ok) {
update reply {
Tunnel-Type = VLAN
hi,
did you check permissions etc for the freeradius config
directory - need to ensure you have read/write priv for
the user you chose to run as in the certs directory (or
wherever you configured EAP to look for certs etc.
standard install with standard permissions and no configuration/touching
I'd love to know how you will acheive this . I need to do the same
- Original Message - ou wi
From: char...@copel.com
To: freeradius-users@lists.freeradius.org
Sent: Thursday, December 03, 2009 3:44 PM
Subject: FreeRadius with ntlm_auth
Hi All:
My name is Charles and
Charles wrote:
I'd love to know how you will acheive this . I need to do the same
Configure the LDAP module.
Use LDAP-Group checking.
authorize {
...
if (LDAP-Group != foo) {
reject
}
...
}
-
List info/subscribe/unsubscribe? See
Hi,
I am not able to get authenticate from the free radius server. PLease fins the
logs for the same on my LNS
#
072633: Dec 3 22:13:48.335 IST: ppp491 PPP: Authorization required
072634: Dec 3 22:13:48.335 IST: ppp491 PPP:
Hi, Dave.
I hope that can help you: http://twitpic.com/rv5a4/full
--
Wagner Pereira
PoP-SP/RNP - Ponto de Presença da RNP em São Paulo
CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo
http://www.pop-sp.rnp.br
f...@rnp 1015-8902
Yagnesh Dave escreveu:
Hi,
I am not
Dear members,
I have an issue with the default install of freeradius on Ubuntu 9.04.
I only added a user in /etc/freeradius/users:
wim Cleartext-Password := test123
I started freeradius:
/usr/sbin/freeradius -X
But when I try:
radtest wim test123 127.0.0.1 0 testing123
I see:
Can you advice me where this re-authentication settings could be ?
Alvarion technical support.
Furthermore, I would like to know if I change my AAA architecture, could
my NAS (as proxy) forward (alvarion BTS) the interim-update package?
Again, Alvarion technical support. We have no idea what
ldap ldap_staff{
Queries the staff ou in AD
}
ldap ldap_student{
Queries the student ou in AD
}
if(!control:Auth-Type request:NAS-Port-Type == Async Ldap-Group ==
ADGROUP) {
update control {
Auth-Type = ntlm_auth
}
}
ADGROUP is replaced with whichever
On 12/03/2009 12:56 PM, Wim De Hul wrote:
Dear members,
I have an issue with the default install of freeradius on Ubuntu 9.04.
I only added a user in /etc/freeradius/users:
wim Cleartext-Password := test123
I started freeradius:
/usr/sbin/freeradius -X
But when I try:
radtest
...and I guest it is not due to the Client Certificate because it was
succeed authenticated in the previous tests
Probably is due to I am not sure what I should write in the box reserved
for Server or Certificate Name (on the Step 2 of 2 at the supplicant
windows software)
Anyone knows what
Hi,
I am not able to get authenticate from the free radius server. PLease fins
the logs for the same on my LNS
Where is your password?
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
It's not there and you have no sql or ldap.
Please let me know where I have done a
I have an issue with the default install of freeradius on Ubuntu 9.04.
I only added a user in /etc/freeradius/users:
wim Cleartext-Password := test123
I started freeradius:
/usr/sbin/freeradius -X
But when I try:
radtest wim test123 127.0.0.1 0 testing123
I see:
Sending
t...@kalik.net wrote:
Some Windows versions refuse to recongnise server certificate as an
intermediate CA. Try altering certs/Makefile to sign client certificates
with ca certificate instead of server certificate.
This will be fixed in 2.1.8.
Alan DeKok
-
List info/subscribe/unsubscribe?
On 12/03/2009 01:40 PM, t...@kalik.net wrote:
Since you have cleartext password in users file crypt one is probably
coming from /etc/passwd (but since you edited the debug it's hard to say
for sure). Comment out unix in authorize and password from users file will
be used.
ah yes, good point
--
Having just followed all of those instructions to
build out my production systems, I have a few
tweaks to fix all those little things that drive
one insane when following someone's instructions
because they never tested them.
Using FreeRADIUS2
Rick Steeves 091203
freeradi...@corwyn.net
Hi,
Install freeradius2:
yum clean all
yum install freeradius2 freeradius2-utils freeradius2-ldap
note, there are other packages should you need eg SQL support
Exec-Program output: winbind client not
authorized to use winbindd_pam_auth_crap. Ensure
permissions on
At 05:27 PM 12/3/2009, Alan Buxey wrote:
note, there are other packages should you need eg SQL support
Not if you're not using SQL support (which I'm not). You'd them also
need a lot of instructions on setting up SQL :-)
you didnt note if you were SELinux enabled and any issues that
might
Thanks, i'll give it a try.
On Wed, Dec 2, 2009 at 7:52 PM, t...@kalik.net wrote:
With FreeRadius, is it possible to lock out users after a specified
number
of failed login attempts?
Can someone please point me in the right direction.
Use perl to count the number of failed attempts (and
Guys,
I currently have FreeRadius working with a MySQL back-end to authenticate
VPN users on my 2800 Cisco router. I have been trying to get the
download-able access list feature working but am hitting a brick wall. If i
enable cisco-avpair:=ipsec:inacl=185 i can see the radius server responding
/users.html
__ Information from ESET NOD32 Antivirus, version of virus signature
database 4658 (20091203) __
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
__ Information from ESET NOD32 Antivirus, version of virus signature
database 4659 (20091203
I currently have FreeRadius working with a MySQL back-end to authenticate
VPN users on my 2800 Cisco router. I have been trying to get the
download-able access list feature working but am hitting a brick wall. If
i
enable cisco-avpair:=ipsec:inacl=185 i can see the radius server
responding
if you're unsure
alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
__ Information from ESET NOD32 Antivirus, version of virus signature
database 4658 (20091203) __
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
After downloading latest freeradius v2.1.7 sources, and configuring
(./configure --without-openssl --without-snmp) i start make and see next
messages:
# make
Make.inc, line 82: Missing dependency operator
Make.inc, line 85: Need an operator
Make.inc, line 87: Missing dependency operator
Andrew Rikhlivsky wrote:
After downloading latest freeradius v2.1.7 sources, and configuring
(./configure --without-openssl --without-snmp) i start make and see next
messages:
# make
Use gmake. FreeRADIUS requires GNU Make.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Alex Bahoor alexbah...@sbcglobal.net writes:
I'm curios, I loaded a fully blown about 5 gig OS, why did it not come with
all that is needed?
Because all *everyone* is going to need is considerably more than that.
E.g., if you are going to download a complete Debian stable for amd64,
that's
45 matches
Mail list logo
