Hello,
I'm using free radius server 2.1.11 on Linux Enterprise Server 6.1.
OS: Linux Enterprise Server 6.1
Radius: free radius server 2.1.11
Database: Mysql
The users are using WIFI devices connect to the WIFI network. The
authentiction type is being used is EAP-PEAP.
Can you please give
Hey, thanks, I get it. But could you detail in a few steps the procedure of
generating the hash from a new password, so I could change it ?
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Using-encrypted-passwords-in-users-file-tp4758890p4761351.html
Sent from the
Hi Alan
Thank you,it can reply correct attribute.
some more question pls.
1.sometimes it can login while sometimes failure, it is random. I am using
the same user/password for PEAP authentication and totally the same
configuration both server and client PC/user.
2.after user success login,
Dom dvers...@tekcorner.ca writes:
[pap] WARNING! No known good password found for the user.
Looks good so far, but you need to tell freeradius the password for this
user...
E.g. by adding something like this to the users file:
aew...@domain.com Cleartext-Password := password
or configure
EAP-PEAT, is that the Irish version of EAP-PEAP?
Can you please give some advise, to save none-cleartext password in MySQL
database radcheck table?
Well you have two choices Cleartext-Password or NT-Password. Those are the only
two that will work with the MSCHAPv2 inner.
Just add the
Hi,
I encountered this error when starting radiusd –X trying to make it work
with peap. Can you help me fix this or give me an idea how to?
Ignoring EAP-Type/tls because we do not have OpenSSL support.
Ignoring EAP-Type/ttls because we do not have OpenSSL support.
Hi All,
Need help a bit, I've several freeradius (2.x) servers with mysql as
backend running for several services. Lately I noticed there is 1 of the
radius who will accept any password so long the user account is exist in
radcheck. Still trying to trace where the problem is, and would
On 2 Sep 2011, at 10:29, cktan wrote:
Hi All,
Need help a bit, I've several freeradius (2.x) servers with mysql as backend
running for several services. Lately I noticed there is 1 of the radius who
will accept any password so long the user account is exist in radcheck. Still
trying to
OK, I think I know what is the problem d, I noticed the operator of
User-Password is set to :=, when I changed it to ==, it work fine and
wrong password would be rejected. Can someone confirm this?
Regards
CK
On 09/02/2011 04:29 PM, cktan wrote:
Hi All,
Need help a bit, I've several
Hi,
OK, I think I know what is the problem d, I noticed the operator of
User-Password is set to :=, when I changed it to ==, it work fine and
wrong password would be rejected. Can someone confirm this?
it should be :=
and in fact it should be Cleartext-Password :=
(though thats if you
I've conducted another test at another machine, the result is same,
whenever User-Password the OP is :=, the password would not be check.
Changed to == then OK.. By the way, my FR is running on 2.1.7-7
CK
On 09/02/2011 05:27 PM, Alan Buxey wrote:
Hi,
OK, I think I know what is the
Tested on 3rd FR (same 2.1.7-7), both OP (:= ==) work fine. would
it be my configuration error? Hereby confirmed op == is working fine but
not for :=. Any different to use := or ==?
CK
On 09/02/2011 05:36 PM, cktan wrote:
I've conducted another test at another machine, the result is
Hi,
I've conducted another test at another machine, the result is same,
whenever User-Password the OP is :=, the password would not be check.
Changed to == then OK.. By the way, my FR is running on 2.1.7-7
well, thats wrong - and do you have fail-through = yes ? if so, then it'll fall
On 2 Sep 2011, at 11:36, cktan wrote:
I've conducted another test at another machine, the result is same, whenever
User-Password the OP is :=, the password would not be check. Changed to ==
then OK.. By the way, my FR is running on 2.1.7-7
If you want an answer it helps to actually
You broke the server... somehow...
On 9/2/2011 11:36 AM, cktan wrote:
I've conducted another test at another machine, the result is same,
whenever User-Password the OP is :=, the password would not be check.
Changed to == then OK.. By the way, my FR is running on 2.1.7-7
CK
On
Alexander Clouter a...@digriz.org.uk wrote:
I've put some pre releases of 2.1.12 on the web site:
http://git.freeradius.org/pre/
Priming up my end for a burn in...
24 hours later, still churning happily. Running 2.1.12 (bfe2c025).
Cheers
--
Alexander Clouter
.sigmonster says: The
I'm beginning the process of replacing a home-grown RADIUS server with
freeradius, a good idea on many many fronts. The server will interact
with our backend databases in order to determine attributes to inject
into the access-accept messages. For initial development, I've begun
work on a perl
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -
/var/log/freeradius/radacct/160.98.156.6/auth-detail-20110902
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/160.98.156.6/auth-detail
On 09/02/2011 09:43 AM, Norman Elton wrote:
I'm beginning the process of replacing a home-grown RADIUS server with
freeradius, a good idea on many many fronts. The server will interact
with our backend databases in order to determine attributes to inject
into the access-accept messages. For
Of course a script error shouldn't segfault the server. It would have been
much more useful if you had explained what the script error was and a stack
trace from the segfault.
Oh, I've experienced lots of them! So many, in fact, that I figured it
was a common and well understood occurrence.
-detail-%Y%m%d -
/var/log/freeradius/radacct/160.98.156.6/auth-detail-20110902
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/160.98.156.6/auth-detail-20110902
[auth_log] expand: %t - Fri Sep 2 15:45:08 2011
++[auth_log
-
/var/log/freeradius/radacct/160.98.156.6/auth-detail-20110902
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/160.98.156.6/auth-detail-20110902
[auth_log] expand: %t - Fri Sep 2 15:45:08 2011
++[auth_log] returns ok
] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -
/var/log/freeradius/radacct/160.98.156.6/auth-detail-20110902
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address
It is running on one of my production servers. So far no problems, but it has
only run for q few hours.
Sent from Verizon Wireless
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dom dvers...@tekcorner.ca writes:
That is why I am so confused. I do have this user in the users file
and even tested authentication using NTradping and it works fine going
directly from the Internet to the radius server. However when I try
to authenticate via the LNS I see this error.
Hi,
Oh, I've experienced lots of them! So many, in fact, that I figured it
was a common and well understood occurrence. Let me come up with an
easily reproducible example and I'll post the relevant information.
2.1.11 is out...and 2.1.12 is almost ready for release - does your system
behave
Hi,
okay7k auths through so far and all fine so far.for auths..
however, i have noticed a bug/change of bahviour which doesnt
seem right.
Fri Sep 2 17:15:04 2011 : Error: Unauthorized connection to
/var/run/radiusd/radiusd.sock from gid 101
Fri Sep 2 17:15:16 2011 : Error:
Alan Buxey a.l.m.bu...@lboro.ac.uk writes:
Oh, I've experienced lots of them! So many, in fact, that I figured it
was a common and well understood occurrence. Let me come up with an
easily reproducible example and I'll post the relevant information.
2.1.11 is out...and 2.1.12 is almost ready
On Fri, Sep 02, 2011 at 07:16:26PM +0200, Bjørn Mork wrote:
Alan Buxey a.l.m.bu...@lboro.ac.uk writes:
Oh, I've experienced lots of them! So many, in fact, that I figured it
was a common and well understood occurrence. Let me come up with an
easily reproducible example and I'll post the
2.1.11 is out...and 2.1.12 is almost ready for release - does your system
behave in the same way with 2.1.11?
Are you using a pre-built package for freeradius or one that you have
built yourself?
I am using RedHat's pre-built packages, both FreeRADIUS and Perl. I
have not tried newer
On 29/08/2011 15:13, Alan DeKok wrote:
I've put some pre releases of 2.1.12 on the web site:
http://git.freeradius.org/pre/
Please let me know if there are any problems. If not, this can become
2.1.12.
All seems good so far.
-James
radmin show version
FreeRADIUS Version 2.1.12, for
I've used GDB to generate a stack trace, specifically using the
instructions on http://freeradius.org/radiusd/doc/bugs.
For this particular test case, I configured as I described above, but
instead of a stripped-down example.pl, I just the one provided, but
put my $i = 1/0; in the test_call
Use a wrapper around the demon, eg 'monit' ?
Around the radiusd daemon? Nope. Running it from bash, or in this
case, from within gdb.
Norman
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok al...@deployingradius.com wrote:
I've put some pre releases of 2.1.12 on the web site:
http://git.freeradius.org/pre/
Please let me know if there are any problems. If not, this can become
2.1.12.
Something handy to add if it is not too late.
We suffered a power failure
Would be handy to change Acct-Interim-Interval to something like:
update reply {
Acct-Interim-Interval := 3000 + %{rand:1200}
}
This would give me Acct-Interim-Interval set to 1hr+-10mins.
As it is set now, I just got 1MB of journal recorded to file accounting
On Friday, September 2, 2011, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
I meant that if you use eg monit then you can have a service recovery
rather than a corner case killing off your radius daemon in middle of night
Oh, definitely. We'd do that as a failsafe anyway. My main question is
Norman Elton wrote:
Oh, definitely. We'd do that as a failsafe anyway. My main question is
whether this is failing by design?
The intention is to *not* crash.
But... FreeRADIUS is dependent on the libraries it uses. If they
misbehave, then there's little we can do.
If so, is there a
40,000 authentications in about 6 and a half hours. I use eap, eap-peap, ldap,
mschap, files, sql (mysql), proxy, and postauth mostly. No problems. The files
and sql modules are where I have my wildest modifications, but that is that not
much compared to what some people on this list are doing.
Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
No your check will not iterate over every instance of a value.
In order to do that you'll need to use FreeRADIUS 3.x and use the
foreach unlang construct or perl.
Last time I checked[1] it seemed trivial to backport to 2.1.x.
Cheers
[1]
On 2 Sep 2011, at 23:16, Alexander Clouter wrote:
Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
No your check will not iterate over every instance of a value.
In order to do that you'll need to use FreeRADIUS 3.x and use the
foreach unlang construct or perl.
Last time I
Thanks, I ended up deleting all the recently created files in
/etc/raddb/certs and issuing the bootstrap command.
I did have to mkdir /var/run/radiusd after I saw an error about a file
radiusd was looking for there, but it works fine afterwards.
On Thu, Sep 1, 2011 at 11:53 PM, Alan DeKok
41 matches
Mail list logo