El vie, 19-02-2010 a las 11:47 +0100, Alan DeKok escribió:
Trujillo Carmona, Antonio wrote:
...
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for gdxtrujo with NT-Password
[mschap] expand: --username=%{mschap:User-Name:-None} -
--username=gdxtrujo
Hi,
Apologies if this has been asked before.
I am trying to configure freeradius to replicate our current radius
server, there are a couple of things that im not clear about.
We tend to use a anonym...@realm identity for the EAP outer ID, in our
current radius server this is defined in a
ZHANG Gina wrote:
I have a question regarding to the default_eap_type setting for ttls
configuration in
file eap.conf. From TTLS protocol, it is not necessary to do
authentication in the tunnel
Huh? It is absolutely necessary to do authentication in the tunnel.
and
it is the user who
Am I overlooking something? How do you edit the wiki. I can't find a way to
register an account to edit wiki pages.
I was about to add some comments about the rlm_sql_iodb driver since
everybody need to know the driver looks for the DSN in radius_db config
option and not in the server
Hi,
Alan,
All I want to do is to use inner username to lookup the database table
to authorize.
so long as you call the relevant SQL module in the authorize {} section
of innter-tunnel then the default config will work fine for you.
- once the server is in inner-tunnel (called via EAP) it
Hi,
We tend to use a anonym...@realm identity for the EAP outer ID, in our
current radius server this is defined in a users file and has the format
of anonymous Encrypted-Password=nevermatch is there a similar thing in
freeradius and where should this be defined ?
IIRC, this is just so
I changed Cleartext-Password in ldap.attrmap to User-Password
and now:
rlm_ldap: LDAP userPassword mapped to RADIUS User-Password
and checked with password_header = {clear} and without it. b
--- On Tue, 2/23/10, Fajar A. Nugraha fa...@fajar.net wrote:
From: Fajar A. Nugraha fa...@fajar.net
Hi
Thanks for the quck reply.
Hi,
We tend to use a anonym...@realm identity for the EAP outer ID, in our
current radius server this is defined in a users file and has the format
of anonymous Encrypted-Password=nevermatch is there a similar thing in
freeradius and where should this be
Excuse me my reply was incomplete and sent with error.
I changed Cleartext-Password in ldap.attrmap to User-Password
and now:
rlm_ldap: LDAP userPassword mapped to RADIUS User-Password
and checked with password_header = {clear} and without it. but error is the
same as before.
--- On Tue,
Hi,
I thought it should be ttls but I found this to be a little confusing
aye. there are a couple of 'default_eap_type' lines - one for the main
EAP engine..and then entries under a couple of the tunnelled types (eg peap
and ttls)
eap {
default_eap_type = ttls
...
...
}
is correct
On 23/02/2010 10:44, Alan Buxey wrote:
Hi,
aye. there are a couple of 'default_eap_type' lines - one for the main
EAP engine..and then entries under a couple of the tunnelled types (eg peap
and ttls)
eap {
default_eap_type = ttls
...
...
}
is correct
under the ttls {}
I want to change authentication pap to chap. The users with clear
passwords are in ldap server. but the is error with clear password in
rlm-ldap
radiusd -x
Starting - reading configuration files ...
Using deprecated naslist file. Support for this will go away soon.
Module: Loaded exec
Hi,
This is what was confusing me I would have thought I should put ttls
here but I have already defined that as the default eap type, I know
that pap is not a eap-type but that what we are using in the tunnel,
could I put md5 here and configure ldap in the inner-tunnel file ?
yes - you
please help.It confused me !
I want to change authentication pap to chap. The users with clear passwords are
in ldap server. but the is error with clear password in rlm-ldap
radiusd -x
Starting - reading configuration files ...
Using deprecated naslist file. Support for this will go away soon.
Thank you very much.
Your comment and advice are very helpful to understand Radius mechanism
I replaced the AP(Belkin54g) with new one(DWL-8200AP, D-Link).
As a result, the delay time is reduced from 18 sec to 0.15 sec
I measured the time stamp the captured packet-based on Network Monitor
Yes I read doc/Simultaneous-Use
what makes a session unique?
What does the perl script need to know from the controller? We may be able to
work with the script to pull that information out. We think its looking through
for a cisco VPN device by default and not a wireless controller.
Alan
On 02/23/2010 01:32 AM, Eric Eric wrote:
Hi
I want to change authentication pap to chap. The users with clear
passwords are in ldap server. but the is error with clear password in
rlm-ldap
What version of FreeRADIUS are you running? Normally it's the first
thing in the debug output, except
On 02/23/2010 08:07 AM, Eric Eric wrote:
please help.It confused me !
You only need to post your question once, posting it again and again in
frustration because no one immediately answered you is not polite.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
On 02/23/2010 05:31 AM, Eric Eric wrote:
I changed Cleartext-Password in ldap.attrmap to User-Password
Don't do that, that's got nothing to do with finding the user's password
in your directory.
It's the password_attribute in your ldap config which controls how to
find the users password
J Brandon Polley wrote:
Yes I read doc/Simultaneous-Use
what makes a session unique?
The fields in the radutmp file, or the simul_count_query and
simul_verify_query in the SQL configuration.
What does the perl script need to know from the controller?
Huh?
We may be
able to work
Alan,
Thanks for all the help! I need to modify my question. I am using
mschapv2 inside ttls tunnel. Upon receipt of the MS-CHAP2-Success AVP,
the client is able to authenticate the FR. If the authentication
succeeds, the client sends and EAP-TTLS packet to FR containing no data.
Only upon
Neville wrote:
Anyone please, as this is driving me mad...
2^31 issues? Check the code for unsigned int...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How does one go about monitoring freeradius in that to see if it is reaching
process limits or max clients etc..
If I run it in debug mode it laces limits on it hat are not in normal mode.
Is snmp the only way?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi there,
I'm trying to setup a freeRadius on MacOSX host 10.6. This OS use
FreeRADIUS Version 2.1.3.
I'm looking for informations about how to permit a client device to ask
an IP address when it is plugged on the network. The switch forward the
request to radius server. The radius server
Le mardi 23 février 2010 à 13:39 -0500, Mark Jones a écrit :
How does one go about monitoring freeradius in that to see if it is reaching
process limits or max clients etc..
I have made a cacti template, it won't do any sentry upon max-client or
process-limit as you asked for. But it may
On Tue, 23 Feb 2010, Mark Jones wrote:
How does one go about monitoring freeradius in that to see if it is reaching
process limits or max clients etc..
If I run it in debug mode it laces limits on it hat are not in normal mode.
Proactive network monitoring with Nagios and check_radius or
This is very clear.Thanks.
--- On Mon, 2/22/10, Doug Hardie bc...@lafn.org wrote:
From: Doug Hardie bc...@lafn.org
Subject: Re: modules instantiation
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Date: Monday, February 22, 2010, 10:56 PM
I tried to correct the
Hi,
I am using freeradius 2.1.3.
Is there a way in freeradius to forward the requests to all the configured
realms one after the other, if it gets rejected say for null or default realms
??
I did not find anything like that in the configuration ?
Any response is grately appreciated.
Mark Jones wrote:
How does one go about monitoring freeradius in that to see if it is
reaching process limits or max clients etc..
If I run it in debug mode it laces limits on it hat are not in normal mode.
Err... what does that mean?
For general OS CPU / memory monitoring: see monit.
Fabien COMBERNOUS wrote:
Hi there,
I'm trying to setup a freeRadius on MacOSX host 10.6. This OS use
FreeRADIUS Version 2.1.3.
I'm looking for informations about how to permit a client device to ask
an IP address when it is plugged on the network.
Is this for PPP?
(a) Yes: use the
i would like to listen to the address assigned to the computer.
192.168.1.12
FreeRADIUS Version 2.1.0
g...@lisa:/sbin$ sudo freeradius -X
FreeRADIUS Version 2.1.0, for host i486-pc-linux-gnu, built on Sep 17
2009 at 17:22:02
Copyright (C) 1999-2008 The FreeRADIUS server project and
Sorry was in a hurry and did not notice my spelling mistakes.
I am not looking to see if radius is failing or not running but as to how
many of the options under the thread pool are being used at any given point
in time.
if I run the server with -X then it only runs one thread so that does
On 02/23/2010 04:36 PM, George Greene wrote:
i would like to listen to the address assigned to the computer.
192.168.1.12
FreeRADIUS Version 2.1.0
g...@lisa:/sbin$ sudo freeradius -X
Failed binding to socket: Address already in use
Then stop the already running radius server, you can only
hi,
radiusd is already running and bound to port 1812 - either stop the current
process
using the relevant tool that started it... eg /sbin/service radiusd stop
or /etc/init.d/radiusd stop or kill it eg killall radiusd
THEN run the daemon in full debug mode
alan
-
List
Could someone tell me what the syntax error on the Proxy-To-Realm line is
please?
preacct {
detail
suffix
if ((Proxy-To-Realm = DEFAULT) (User-Name =~
/@.*.domain.tld$/))
update control {
Proxy-To-Realm := NULL
}
On Wed, Feb 24, 2010 at 1:32 AM, Alan DeKok al...@deployingradius.com wrote:
Neville wrote:
Anyone please, as this is driving me mad...
2^31 issues? Check the code for unsigned int...
So you're suggesting to change the source code for rlm_sqlcounter and recompile?
-
List
36 matches
Mail list logo