hi,
i hope someone can help me to understand this case.
from a nas cisco 1841 i send by pppoe a request to a freeradius Version 1.1.3.
the response ever is NAS-Port=0
--
rad_recv: Accounting-Request packet from host xx:1646, id=114,
length=168
thanks for that, it's done the job.
Now my second problem is dialup admin. I can access it using http://(IP
address)/dialup, however when I click on the left hand side menu options, for
example accounting or statistic, I receive the following error DEBUG(SQL,MYSQL
DRIVER): Connect:
: Acct-Unique-Session-ID = 835b98f7bb6d18ff.
modcall[accounting]: module acct_unique returns ok for request 4
radius_xlat: '/usr/local/var/log/radius/radacct/
192.168.22.2/detail-20100909'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /usr/local/var/log
2010-09-09 07:42:10 err /usr/local/etc/raddb/sites-enabled/default[1]:
Errors parsing authorize section.
2010-09-09 07:42:10 err /usr/local/etc/raddb/policy.conf[10]: Failed to
parse handled entry.
2010-09-09 07:42:10 err /usr/local/etc/raddb/policy.conf[10]: Failed to
load module
John wrote:
2010-09-09 07:42:10 err
/usr/local/etc/raddb/sites-enabled/default[1]: Errors parsing authorize
section.
2010-09-09 07:42:10 err /usr/local/etc/raddb/policy.conf[10]: Failed
to parse handled entry.
2010-09-09 07:42:10 err /usr/local/etc/raddb/policy.conf[10]: Failed
I got same issue in another linux server. I think there are configration
wrong. Can you give me some advise, Thanks.
[r...@device-fc12 ~]# radiusd -X
FreeRADIUS Version 2.1.9, for host i686-pc-linux-gnu, built on Jun 28 2010 at
08:46:11
Copyright (C) 1999-2009 The FreeRADIUS server project
Garber, Neal wrote:
You are a gentleman and a scholar! I have made the changes as you suggested
for PEAP and tested PEAP-MSCHAPv2. It works! I am now able to log the
output from ntlm_auth and MS-CHAP-Error. I'm also excited about the improved
TLS logging in 2.1.10.
:)
I will add
Difan Zhao wrote:
So I guess my first question is that, is it possible to have wildcard
(e.g. “*”) in the realm name?
Read raddb/proxy.conf. Look for regex
realm *~*.gtcorp.com* {
That isn't the correct syntax.
Go back and read the example in proxy.conf again.
Alan DeKok.
-
List
Kevin Ehlers wrote:
I found a solution that works in the mean-time by writing a perl module.
I'm using the perl module during the authorize section in the
inner-tunnel virtual server. What it does is query ldap, and get the
nt-password attribute from our ldap server. It then does a
On Tue, 2010-09-07 at 22:26 +0200, Alan DeKok wrote:
John Horne wrote:
We have been running 3 servers with 2.1.10 (taken from git a while ago)
The proxy change went in August 4.
for some time with no problems. They act as a proxy, receiving requests
from wireless lan controllers and
John Horne wrote:
We don't have that exact scenario, but, for whatever reason, we were
seeing the home servers being marked dead/zombie extremely frequently -
usually every few minutes.
Network packet loss, etc. ...
With the later git version (dated 1 September in the changelog file) we
Uh... eapol-test supports TTLS. See the FreeRADIUS source:
src/tests/eap-ttls-*.conf
Ugh.. I should have checked the doc. I should be able to do the TTLS change
independently (i.e., you can ignore the post to the devel list related to
this). Thanks for enlightening me :-)
-
List
Hello!
We have a problem with a FreeRADIUS and Active Directory (Samba4) installation.
After following:
http://deployingradius.com/documents/configuration/active_directory.html
ntlm_auth is working correctly when I try to authenticate a WinXP SP3 client,
however, the authentication fails
On 09/09/2010 12:59 PM, Бисер Миланов wrote:
Hello!
We have a problem with a FreeRADIUS and Active Directory (Samba4)
installation. After following:
I seems that FreeRADIUS is sending an Access-Challenge but does not
get a reply. What can be the source of the problem?
The client stops
Hi,
I seems that FreeRADIUS is sending an Access-Challenge but does not get a
reply. What can be the source of the problem?
..as per the list archives - this is a client problem. ensure that client
has the CA for the RADIUS server installed
alan
-
List info/subscribe/unsubscribe? See
Alan Buxey wrote:
Hi,
I seems that FreeRADIUS is sending an Access-Challenge but does not get a
reply. What can be the source of the problem?
..as per the list archives - this is a client problem. ensure that client
has the CA for the RADIUS server installed
2.1.10 has a nice fix for
On 09/09/2010 01:42 PM, Alan DeKok wrote:
Alan Buxey wrote:
Hi,
I seems that FreeRADIUS is sending an Access-Challenge but does not get a
reply. What can be the source of the problem?
..as per the list archives - this is a client problem. ensure that client
has the CA for the RADIUS server
Ww, is THAT really the problem?! I will test it as soon as I finish
writing this post. I have disabled the client to check the server and it still
needs the FreeRADIUS certificate?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
UPDATE: I istalled the FreeRADIUS certificate and selected it so that the
client will check it when it authenticates. I still get the same error. Now I
will recreate the same scenario with Samba3 to see if it works. By the way, I'm
running FreeRADIUS 2.1.8 and Samba4.0.0alpha12
-
List
- /var/log/freeradius/radacct/192.168.0.72/detail-20100909
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.0.72/detail-20100909
expand: %t - Thu Sep 9 08:36:57 2010
++[detail] returns ok
++[unix] returns ok
Hi,
In my testing lab (yes, I'm new to FreeRadius), usernames entered (e.g. with
attribute User-Password in sql radcheck table) via my NAS (dd-wrt with
Chillispot) refuse to authenticate (error below), whereas attribute=Auth-Type
(what DaloRadius calls a PIN) works fine. I'm using the
Am 09.09.2010 17:59, schrieb Sean Wingert:
WARNING: Unprintable characters in the password.Double-check the shared
secret on the server and the NAS!
Read this message and check the shared secret
Stephan
smime.p7s
Description: S/MIME Cryptographic Signature
-
List
Okay,
So my config is failing to even allow freeradius to initialize. I get the
following errors in my radius.log
Thu Sep 9 11:46:11 2010 : Error:
/etc/raddb/sites-enabled/inner-tunnel[161]: Failed to parse elsif
subsection.
Thu Sep 9 11:46:11 2010 : Error:
Nathan McDavit-Van Fleet wrote:
Okay,
So my config is failing to even allow freeradius to initialize. I get the
following errors in my radius.log
Thu Sep 9 11:46:11 2010 : Error:
/etc/raddb/sites-enabled/inner-tunnel[161]: Failed to parse elsif
subsection.
So... what does that
Hi Alan,
Thank you for the quick response! I read again and tried and this one
worked!!
realm ~\.gtcorp\.com
However I did try the one which is same syntax as the example in the
proxy.conf file:
realm ~*\\.gtcorp\\.com$
The radiusd -X can't start and I got this.
realm ~*\.gtcorp\.com$ {
I have in post-auth:
If(outer.NAS-IP-Address == x.x.x.x)
{
Cisco-AVPair += http:url-redirect=http://www.cisco.com;
}
Since Cisco's documentation doesn't provide any information for url-redirect
aside from inside Cisco ACS, I don't know where exactly to put this code.
The only thing I
Thanks to Alan and Stephen, I am closer to a solution. I realized the scrambled
password was due to hotspotlogin.php (I need to study Chillispot more), so for
now I commented out its uamsecret line, which -- although it still fails on the
123 account -- provides different output in debugging
On Thu, Sep 9, 2010 at 8:01 PM, Sean Wingert se...@norris-stevens.com wrote:
Thanks to Alan and Stephen, I am closer to a solution. I realized the
scrambled password was due to hotspotlogin.php (I need to study Chillispot
more), so for now I commented out its uamsecret line, which -- although
Hi,
rad_check_password: Found Auth-Type CHAP
!!!
!!!Replacing User-Password in config items with Cleartext-Password.
!!!
!!!
Hi,
I have in post-auth:
If(outer.NAS-IP-Address == x.x.x.x)
{
Cisco-AVPair += http:url-redirect=http://www.cisco.com;
}
huh? you are checking for a condition and then trying to 'run' that Cisco
attribute. what you want to do is SET that attribute...eg
if(outer.NAS-IP-Address
/freeradius/radacct/192.168.0.72/detail-20100909
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.0.72/detail-20100909
expand: %t - Thu Sep 9 11:34:59 2010
++[detail] returns ok
++[unix] returns ok
expand: /var/log
Hi,
Thanks again, Alan. Sorry, not selectively. I do not understand how to
proceed. What does your configuration refer to specifically? (users,
radcheck, *.conf, chillispot?) I grepped all the config files for known and
none appeared to be insightful (to my newbie understanding of radius).
Hi,
I am a newbie with Radius and I have problems to authenticate XP wireless
clients with eap. I think that my first problem is due to the fact that
Windows XP client requires a Certificate Authority since Windows only
recognized signed certificate. I could not find the certificate
Got it. Thanks.
--- 10年9月9日,周四, Alan DeKok al...@deployingradius.com 写道:
发件人: Alan DeKok al...@deployingradius.com
主题: Re: Failed to load module handled
收件人: FreeRadius users mailing list freeradius-users@lists.freeradius.org
日期: 2010年9月9日,周四,下午3:56
John wrote:
2010-09-09 07:42:10 err
I want to use 'radacct' to detect whether the accoounting aervice is alive or
not. What kind Acct-Status-Type should I include in accounting message?
Accouting-On or Accouting-start or others? Can you give some advice?
John
-
List info/subscribe/unsubscribe? See
John wrote:
I want to use 'radacct' to detect whether the accoounting aervice is
alive or not. What kind Acct-Status-Type should I include in accounting
message? Accouting-On or Accouting-start or others? Can you give some
advice?
See RFC 5997. It's been implemented in FreeRADIUS for
Stephane Brodeur wrote:
I am a newbie with Radius and I have problems to authenticate XP
wireless clients with eap. I think that my first problem is due to the
fact that Windows XP client requires a Certificate Authority since
Windows only recognized signed certificate. I could not find the
37 matches
Mail list logo