Robert Graham wrote:
Thanks for the quick response. The reason I generated my own certs was that
if we can get 802.1x to work, when we move to production we will want to
have the certificate signed by our Windows CA. So I wanted this to be part
of the test plan.
That's nice.
Are you
Start off without it. If it works... it's good enough.
When I require any further pieces of information on this matter what would be
the preferred way of communication, e.g. should I keep using this thread or
open a new one on developer list?
Best regards,
Seppo
Seppo Sandberg wrote:
Start off without it. If it works... it's good enough.
When I require any further pieces of information on this matter what would be
the preferred way of communication, e.g. should I keep using this thread or
open a new one on developer list?
The devel list is
Rob Yamry wrote:
No it still wont work. In fact, I install both the ca cert and the
server cert on the device. Both install fine and say they are trusted.
But when I try to connect to the wireless again it says the cert is not
verified (just as in the original case) and the connection
Dear Community,
I am trying to compile freeradius2.1.10 with oracle instantclient11.2
and having problems where it is not detecting oracle libraries and
header files. where the oracle home is /opt/instantclient_11_2
there are two steps that I am trying and both are failing.
a: standard compile
#
Hi all,
I had read and configure like
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
I have test ntlm_auth with success but
radtest user passwd localhost 0 testing123
fail
I attach my debug output
Thanks
--
David Dumortier
FreeRADIUS Version 2.0.4, for host
David Dumortier wrote:
Hi all,
I had read and configure like
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
You didn't follow the steps. If you had, it would have worked.
See also http://deployingradius.com/. It includes instructions on
configuring Active
Alan,
While running that command in mysql it clear the session of user. But with
radius unlang it is giving error in radius log.
Thanks
On Fri, Jan 14, 2011 at 3:41 PM, Alan DeKok al...@deployingradius.comwrote:
Bishal Pun wrote:
if(User-Name){
%{sql: UPDATE radacct set
Hi,
Le Fri Jan 14 2011 � 11:36:04AM +0100, Alan DeKok dit :
David Dumortier wrote:
Hi all,
I had read and configure like
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
You didn't follow the steps. If you had, it would have worked.
If it had worked I
Hi everybody,
I want to implement a RADIUS load-balancing and failover scenario using
FreeRadius and Cisco ACS. The idea I have in mind is to have these two servers
answering to RADIUS requests in a round-robin fashion and should one of them
for some reason go down, the other one would take
On 2011/01/14 12:50 PM, Bishal Pun wrote:
Alan,
While running that command in mysql it clear the session of user. But with
radius unlang it is giving error in radius log.
I might be wrong, but as far as I know rlm_mysql expects something to come
back from the query.
Can't think of a
On 14/01/11 10:59, David Dumortier wrote:
You're running 2.0.4. I suggest upgrading to 2.1.10.
I'm on Debian/lenny, I will stay on lenny.
Sigh. So you're not willing to follow the advice people give you. Why ask?
I admit I can have made a mistake but currently I don't see it, so I
David Dumortier wrote:
If it had worked I woundn't have post here.
OK... so the documentation which works for everyone else doesn't work
for you.
Or, based on the debug output you posted, you didn't follow the
documentation.
See also http://deployingradius.com/. It includes
Juan Perez wrote:
I want to implement a RADIUS load-balancing and failover scenario using
FreeRadius and Cisco ACS. The idea I have in mind is to have these two
servers answering to RADIUS requests in a round-robin fashion and should
one of them for some reason go down, the other one would
On Fri, Jan 14, 2011 at 1:57 PM, Johan Meiring
jmeir...@pcservices.co.za wrote:
On 2011/01/14 12:50 PM, Bishal Pun wrote:
Alan,
While running that command in mysql it clear the session of user. But
with
radius unlang it is giving error in radius log.
I might be wrong, but as far as I
On 2011/01/14 02:07 PM, Alan DeKok wrote:
I attach my debug output
You're running 2.0.4. I suggest upgrading to 2.1.10.
I'm on Debian/lenny, I will stay on lenny.
That's your choice. But... not our recommendation.
I run debian lenny and 2.1.10.
Download the source.
Extract.
run
Le Fri Jan 14 2011 � 12:05:36PM +, Phil Mayers dit :
On 14/01/11 10:59, David Dumortier wrote:
You're running 2.0.4. I suggest upgrading to 2.1.10.
I'm on Debian/lenny, I will stay on lenny.
Sigh. So you're not willing to follow the advice people give you. Why ask?
Mmmmh seems to
David Dumortier wrote:
Le Fri Jan 14 2011 � 12:05:36PM +, Phil Mayers dit :
Sigh. So you're not willing to follow the advice people give you. Why ask?
Mmmmh seems to be pretty offensive !
If you're offended when we give advice, I suggest you stop asking
questions on this list.
In a
I wrote this patch which should allow freeradius to correctly detect
oracle librairies and headers (if you provide the necessary option for
configure).
copy it to the top level directory of the sources and patch using
patch -p0 filename.patch
then re-run ./autogen.sh, then configure, make
Le Fri Jan 14 2011 � 01:49:28PM +0100, Alan DeKok dit :
David Dumortier wrote:
[...]
So radtest can't make an mschap request ?
In 2.1.10, yes.
But you want to use tools which are years out of date.
I have some constraint, one is to be lenny compliant with lenny
software, no
Hello Alexandre,
Thanks for the patch
it tried its failing
here is the error message
[root@aaa-dev freeradius-server-2.1.10]# patch -p0 oracle.patch
patching file src/modules/rlm_sql/drivers/rlm_sql_oracle/configure.in
Hunk #1 FAILED at 86.
patch: malformed patch at line 77:
David,
I think you really are taking it the wrong way.
Advices given by Alan are good ones. There's no point feeling offended
by an email... it's even quite ridiculous (don't be offended).
For Lenny there is absolutely no pb building a nice package from
sources or even use backports repository
also adding to that,
i have manually typed in the changes in the configure.in file as
suggested by the patch.
when i do autogen.sh
i get this error
./autogen.sh
Remember to add `AC_PROG_LIBTOOL' to `configure.in'.
Using `AC_PROG_RANLIB' is rendered obsolete by `AC_PROG_LIBTOOL'
libtoolize:
Juan Perez wrote:
I want to implement a RADIUS load-balancing and failover scenario using
FreeRadius and Cisco ACS. The idea I have in mind is to have these two
servers answering to RADIUS requests in a round-robin fashion and should
one of them for some reason go down, the other one
David Dumortier wrote:
I have some constraint, one is to be lenny compliant with lenny
software, no backport.
Our constraints are that when people ask questions, they follow the
instructions in the answers.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
On Fri, Jan 14, 2011 at 02:39:58PM +0200, Johan Meiring wrote:
On 2011/01/14 02:07 PM, Alan DeKok wrote:
I attach my debug output
You're running 2.0.4. I suggest upgrading to 2.1.10.
I'm on Debian/lenny, I will stay on lenny.
That's your choice. But... not our recommendation.
I
Alan DeKok al...@deployingradius.com wrote:
I want to implement a RADIUS load-balancing and failover scenario using
FreeRadius and Cisco ACS. The idea I have in mind is to have these two
servers answering to RADIUS requests in a round-robin fashion and should
one of them for some reason go
On Fri, Jan 14, 2011 at 02:57:26PM +0100, joy wrote:
On Fri, Jan 14, 2011 at 02:39:58PM +0200, Johan Meiring wrote:
On 2011/01/14 02:07 PM, Alan DeKok wrote:
I attach my debug output
You're running 2.0.4. I suggest upgrading to 2.1.10.
I'm on Debian/lenny, I will stay on lenny.
Oh mates! Free hugs here. : D!
* Martín Ruiz*
* *
*Ibersystems Solutions, SL*
* *
Dpto. Redes Inalámbricas
Tel. 902 909 858
93 184 52 13
669 37 95 21
Fax 93 758 63 01
http://www.ibersystems.es
martinr...@ibersystems.es
*Estemensaje puede contener información confidencial y/o
On 14/01/11 12:44, David Dumortier wrote:
Le Fri Jan 14 2011 � 12:05:36PM +, Phil Mayers dit :
On 14/01/11 10:59, David Dumortier wrote:
You're running 2.0.4. I suggest upgrading to 2.1.10.
I'm on Debian/lenny, I will stay on lenny.
Sigh. So you're not willing to follow the
On 2011/01/14 03:57 PM, Josip Rodin wrote:
Actually it's even simpler. Add lenny-backports to sources.list, update,
and just install the new packages.
Must say I didn't know that backports also maintained freeradius.
--
Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021)
Juan Perez wrote:
Let's suppose that I have two servers running the latest and
shiniest version of FreeRadius and for some reason there is a bug in
FreeRadius that causes the server to crash when a specially crafted
RADIUS packet is received.
Hmm... that's hard to do:
Let's suppose that there is also an attacker
(a disglunted employee maybe?), who knows about this bug and decides
to
attack my FreeRadius servers, so he starts sending these
specially crafted packets to each server and since the two servers
have
the same bug, both of them would die upon
Le Fri Jan 14 2011 � 02:13:04PM +0100, Alexandre dit :
David,
I think you really are taking it the wrong way.
I'm upset about my problem and not english speaker. I'm reading docs
many times about a subject I don't understand quite good.
I reacted a bit angrily, my apologizes.
Advices given by
Le Fri Jan 14 2011 � 02:32:12PM +, Phil Mayers dit :
[...]
Even though you are bridling at my advice, I'm going to try one last
time to be helpful. An MS-CHAP request looks like this:
User-Name = theuser
MS-CHAP-Challenge = 0x32 hex digits
MS-CHAP2-Response = 0x100 hex digits
...and
David Dumortier wrote:
-follow the steps presented in documentation.
file raddb/modules/ntlm_auth doesn't exist (the directory modules
doesn't either).
Because you're running an old version.
With all due respect, nothing prevents you from downloading 2.1.10,
and *not* installing it.
Title: mail Kezia : Fabien COMBERNOUS
On 14/01/2011 15:32, Phil Mayers wrote:
[...]
Even though you are bridling at my advice, I'm going to try one
last time to be helpful.
Imagine that David is alone, on an very isolated island without any
I have followed what looks to be the proper format, but I am getting an
error:
Errors reading dictionary: dict_init:
/usr/local/share/freeradius/dictionary.wimax[209]: END-TLV WiMAX-Classifier
does not match any previous BEGIN-TLV
Which is very clear, thanks for the awesome debug info.
Here
Hi,
Could someone please share with me the best way to do external
authentication using FreeRADIUS and a script written in Python or PHP?
Thanks in advance,
Craig
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The patch should apply flalessly on the 2.1.10 source tree. At least
it does here. Are you sure you applied it on a clean source trre
unpacked from the 2.1.10 tarball?
Never the less it seems ,there are autoconf or libtool issues with
your environement (wich is?).
Do you have the same error
Oops the patch is indeed bad.
A bad copy/paste inserted a line break wich mess it up: here is a good
one attached.
sorry for that (unfortunately this won't resolve your issue with
libtool/autoconf or whatever).
2011/1/14 Alexandre alxg...@gmail.com:
The patch should apply flalessly on the 2.1.10
Hi,
do you know how to test a FR server with mikrotik routeros too? I need to
make something like radtest to avoid going to my APs with a laptop to test
the server from an AP. There I have a SSH console, Telnet and routerOS
scripting to test this.
I know this is a *bit* offtopic.. but perhaps I
Dear Alexandre,
I am sorry I should have mentioned the env previously ..
its CentOS 5.4 64bit
if I do ./autogen.sh without applying patch on a clean extract from
the tarball it gives the same error.
I am not good with libtool and autoconf. can you head me to a
direction where i can figure out
Clarification from my previous email.
From
http://freeradius.org/features/authentication.html
If a password is not available locally for some reason, the server can
pass the authentication to another system such as LDAP, PAM, Unix
(/etc/passwd), Kerberos, Active Directory, or RADIUS server via
personnally I got it working with libtool 1.5 and autoconf 2.61
2011/1/14 Waqas Toor waqasnasirt...@gmail.com:
Dear Alexandre,
I am sorry I should have mentioned the env previously ..
its CentOS 5.4 64bit
if I do ./autogen.sh without applying patch on a clean extract from
the tarball it
A workaround for your very own problem could be to change all
references to libnnz10 to libnnz11 in the configure file (in the same
directory).
regards
2011/1/14 Alexandre alxg...@gmail.com:
personnally I got it working with libtool 1.5 and autoconf 2.61
2011/1/14 Waqas Toor
Todd,
I did a setup with FR 2.1.9, Apache 2.2.15, MySQL 5.1 on OpenSUSE (11.2 or
11.3) recently. Can't recall the specific PHP 5 version offhand. It did
take a bit of tweaking, but in the end it all worked (or at least the parts
that I was interested in which had more to do with administering
Dear Alexandre,
Thanks, I have autoconf 2.59
after patching I had to do
#aclocal
# ./autogen.sh
# ./configure --with-oracle-include-dir=/opt/instantclient_11_2/sdk/include/
--with-experimental-modules
--with-oracle-lib-dir=/opt/instantclient_11_2/
now the error is
configure: configuring in
Let me append this (with corrected proper syntax), the issue is not one
sub-tlv but one sub and one sub-sub-tlv
ATTRIBUTE TLV-1 1 tlv
BEGIN-TLV TLV-1
ATTRIBUTE SUBTLV1 1 tlv
BEGIN-TLV SUBTLV1
ATTRIBUTE SUB-SUB-TLV 1 tlv
BEGIN-TLV SUB-SUB-TLV1
Hardcoding libnnz11should be done in configure not in configure.in. and so
there is no need to run. ./autogen.sh
Le 14 janv. 2011 20:19, Waqas Toor waqasnasirt...@gmail.com a écrit :
Dear Alexandre,
Thanks, I have autoconf 2.59
after patching I had to do
#aclocal
# ./autogen.sh
#
Martín Ruiz [Ibersystems.es] martinr...@ibersystems.es wrote:
do you know how to test a FR server with mikrotik routeros too? I need to
make something like radtest to avoid going to my APs with a laptop to test
the server from an AP. There I have a SSH console, Telnet and routerOS
scripting
David Peterson wrote:
Let me append this (with corrected proper syntax), the issue is not one
sub-tlv but one sub and one sub-sub-tlv
ATTRIBUTE TLV-1 1 tlv
BEGIN-TLV TLV-1
ATTRIBUTE SUBTLV1 1 tlv
BEGIN-TLV SUBTLV1
ATTRIBUTE SUB-SUB-TLV 1 tlv
BEGIN-TLV
mikal wrote:
If you're still trying to get this to work then I can try and get access to
that server this weekend.
See also the v2.1.x branch on http://git.freeradius.org. It contains
a number of fixes which should help.
Please post your fixes here so that they can be integrated into the
Craig Smith wrote:
How do I do the authentication of users via a shell script?
See the exec module.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fabien COMBERNOUS wrote:
Imagine that David is alone, on an very isolated island without any
others humans. And he needs to eat. He asks help to learn how to kill
animals of this island. Your answer was go to the supermarket. This
answer didn't consider the question enough.
He was told
Alan,
Thanks for the tips. I followed everything, PAP worked fine, but I still
had problems with EAP even with using the certificates from the Radius
disto. The part that didn't make a lot of sense to me was it would go thru
all the process, and MSCHAP showed success:
[mschap] Creating
Ty
Martín Ruiz
El 14/01/2011, a las 21:40, Alexander Clouter a...@digriz.org.uk escribió:
Martín Ruiz [Ibersystems.es] martinr...@ibersystems.es wrote:
do you know how to test a FR server with mikrotik routeros too? I need to
make something like radtest to avoid going to my APs with a
Rob -
Does this problem also happen with iOS 4.x devices other than the iPod
Touch?
Does the problem happen with non-Enterasys gear? (Do you have any that you
can test with?) Additionally, what firmware version are you running on the
Enterasys gear? Can you share your config (or at least the
Hello Edi,
Enclosing sql statement inside empty if gives same error:
if(User-Name){
if(%{sql: UPDATE radacct set
AcctStopTime=ADDDATE(AcctStartTime,INTERVAL AcctSessionTime SECOND),
AcctTerminateCause='Clear-Stale Session' WHERE UserName='%{User-Name}' and
try appending the following snippet to the end of the SQL statement:
; SELECT COUNT(*) col FROM dual WHERE 1=1;
the result is numeric 1 is returned, and the requirement that something must
return is satisfied.
I believe there may be some other statement you can append instead to
query the
I should not give that error according to the source. It definitely
works in the latest version. Perhaps its the space between 'sql:' and
'UPDATE' that is preventing the parser from recognising it as a
non-select query. Try removing it?
On Sat, Jan 15, 2011 at 4:02 AM, Bishal Pun
61 matches
Mail list logo