On 10/26/2011 12:11 AM, freeradius-users-requ...@lists.freeradius.org
wrote:
You just add the attributes, and the server will take care of
encapsulating them in TLVs.
Is there any thing i must pay attention to with regard to either (or
both of):
1. The order in which i define the
James T. Mugauri wrote:
Is there any thing i must pay attention to with regard to either (or
both of):
1. The order in which i define the attributes, especially when i am
defining 2 QoS-Descriptors (for downlink and uplink e.g.) and 2 or more
Packet-Flow-Descriptors (for controlling
Apologies for my incorrectly headed last response:
On 10/26/2011 12:11 AM, freeradius-users-requ...@lists.freeradius.org
wrote:
You just add the attributes, and the server will take care of
encapsulating them in TLVs.
Is there any thing i must pay attention to with regard to either (or
First, thanks for your answer.
I think that I understand the basics but I had a doubt with second_detail
file because before appeared when I executed a ls. Now I have clear (I knew
that second_detail was removed when was readed, but only if the packets were
transmited).
I have redone the
Hello,
On Tue, 25 Oct 2011 21:09:31 +0100, Alan Buxey a.l.m.bu...@lboro.ac.uk
however, as Alan said. in single thread mode, you only have one process
dealing with
requests.so one single open connection to SQL, one single sesion to
LDAP etc etc
(whatever you use) - eg even a local file
On Wed, Oct 26, 2011 at 3:07 PM, tonimanel
antoniofernan...@fabergames.com wrote:
Now, I don't have clear why configuring proxy.conf and implementing
copy-acct-to-home-server, accounting packets have different times(I know
that these are using different timestamp).
That's the way it is.
You
Did the very same test here, with very same results.
I find this a little bit scary to imagine that some accounting packets
are lost (meaning I have no proof the requests was answered and how.
regards
Le 26/10/2011 10:21, Pierre Rondou a écrit :
Hello,
On Tue, 25 Oct 2011 21:09:31 +0100,
Pierre Rondou wrote:
Here is what I had thought about: FreeRadius correctly treats the requests
(answer are always received), but there is a locking problem with the log
files, meaning that basically, only one thread can write inside.
Edit raddb/detail, and add locking = yes
Alan DeKok.
-
Hi,
I have managed to auth a Greenpacket WiMAX MS via an eap ttls tunnel.
Thanks to Alan's direction earlier, I can also send the service flow
definitions correctly.
I have now found that subsequent db writes (and logging) associated with
accounting and postauth functions are the encrypted
Hi Francois,
As you did not gave any linl to your SRPM, could you share your spec ?
I still have some trouble with radrelay using my own spec with git
2.1.x, which is not version 2.2.0 ...
Best regards,
Fred
2011/10/25 Francois Gaudreault fgaudrea...@inverse.ca:
Hi,
The spec is a bit buggy,
Alexandre Chapellon wrote:
Did the very same test here, with very same results.
I find this a little bit scary to imagine that some accounting packets
are lost (meaning I have no proof the requests was answered and how.
Ah... after thinking about it some more, there is no problem.
The
2011/10/25 Fred fred.mai...@gmail.com:
Phil,
Yes, I am sure, but I don't have traces on hand...
I will try to get some radiusd -X on 2.1.11 ASAP, as I can't do it now
because I try to find a solution as I have to restart production in
the next few hours ...
Anyway, Thank a lot for your kind
James T. Mugauri wrote:
I have managed to auth a Greenpacket WiMAX MS via an eap ttls tunnel.
Thanks to Alan's direction earlier, I can also send the service flow
definitions correctly.
That's good.
I have now found that subsequent db writes (and logging) associated with
accounting and
Hi,
I have two servers A and B configured. I have some doubts:
I would like to get to copy accounting data (same set of information) from A
to B. I have configured this and works fine (copy-acct-to-home-server
proxy.conf), BUT in radacct table of server B, the records have different
Hi,
I've spent too much time trying to fix this issue and going nowhere...
I am trying to make MACHINE auth working on Windows/CiscoWLC and Freeradius.
I have no problem with USER auth.
The certificate is fine, I've created it using xpextension. I've also
tried a Windows-CA certificate.
I've
On 26/10/11 13:49, Bonald wrote:
WARNING: !! EAP session for state 0xd4ade9e4d6a8f086 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
Did you follow the link? Did you read it?
Most likely, you need to ensure your certificate CA is trusted by the
Yes i've read it.
Yes the certificate is trusted on the machine and the user store.
It must be something else, using USER auth it's working. MACHINE auth
is failling.
On Wed, Oct 26, 2011 at 10:14 AM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 26/10/11 13:49, Bonald wrote:
WARNING: !! EAP
On 26/10/11 14:24, Bonald wrote:
Yes i've read it.
Yes the certificate is trusted on the machine and the user store.
It must be something else, using USER auth it's working. MACHINE auth
is failling.
Well, I guess it's just broken then. Oh well.
Seriously - it's important to understand that
On 10/26/2011 02:49 PM, freeradius-users-requ...@lists.freeradius.org
wrote:
On Access-Accept, store the unencrypted User-Name in the DB, along
with a Class attribute. When you receive an accounting packet, look up
the Class attribute to find the unencrypted User-Name.
Thanks
I notice
Phil Mayers wrote:
Seriously - it's important to understand that the CLIENT stops
responding. FreeRADIUS can't do anything more in this case - the client
has stopped sending EAPOL packets, so the client must think that
something is wrong.
That's the main issue people have with RADIUS. The
James T. Mugauri wrote:
On 10/26/2011 02:49 PM, freeradius-users-requ...@lists.freeradius.org
wrote:
On Access-Accept, store the unencrypted User-Name in the DB, along
with a Class attribute. When you receive an accounting packet, look up
the Class attribute to find the unencrypted
I edit the wrong site... sorry
Am 26.10.2011 15:48, schrieb Andreas Rudat:
Hello,
I work with this tutorial
http://deployingradius.com/documents/configuration/active_directory.html
all works fine, since I try to use ntlm_auth with radius directly
I added a user tester / testen
users:
Ok, I have been watching your discourse from afar and I have to say this:
This kind of QA thing helps no one here! ...
Two things. Number one, he IS answering your questions. He is just not GIVING
you the answer. Number two, the gentleman in question is quite possibly the
preeminent
Hi,
See Below (I won't put the comments section) for RHEL5:
Summary: High-performance and highly configurable free RADIUS server
Name: freeradius2
Version: 2.1.12
Release: 1%{?dist}
License: GPLv2+ and LGPLv2+
Group: System Environment/Daemons
URL: http://www.freeradius.org/
Source0:
Francois Gaudreault wrote:
Even more weird, we have had the same issue lately with one controller
model, and not the other. We were using the same config on the client,
on the server, and the same certs.
Ouch. The whole EAP ecosystem is fragile to the point of insanity.
There are times
Even more weird, we have had the same issue lately with one controller
model, and not the other. We were using the same config on the client,
on the server, and the same certs.
Ouch. The whole EAP ecosystem is fragile to the point of insanity.
There are times when I'm surprised it
Hi all,
First, sorry my bad English.
I have a FreeRadius + MySQL setup with MikroTik as NAS.
And a few days ago I have some warnings and errors in the log:
Tue Oct 25 04:02:41 2011 : Info: Released IP xxx.xxx.xxx.xxx (did
via-pppoe-01 cli xx:xx:xx:xx:xx:xx user dmnzs-test)
Tue Oct 25 05:30:36
On 26/10/11 14:58, Phil Mayers wrote:
On 26/10/11 14:47, Sergio NNX wrote:
This kind of QA thing helps no one here! Many people are reporting the
same issue on different platforms! I don't think the problem is either
with the client or the certificates since I conducted some testing using
the
On Wed, Oct 26, 2011 at 10:08 PM, Daniel Menezes lis...@dmnzs.com.br wrote:
I read something about slow backend, tables indexes and other things.
I've used the backend script 'mysqltuner.pl' to adjust the performance.
It's better now, but the warnings and erros persists.
Can anyone help me on
On Wed, Oct 26, 2011 at 10:08 PM, Daniel Menezes lis...@dmnzs.com.br wrote:
Tue Oct 25 15:43:20 2011 : Error: WARNING: Unresponsive child for request
784, in module radutmp component accounting
Another thing to try, are you using radutmp? If no (e.g.
session/simultaneous use check is using
On 26/10/11 16:14, Phil Mayers wrote:
Sorry, this is long.
tl;dr version - under Windows 7, if you import the CA certificate into
the Trusted Root Certification Authorities hierarchy in the MMC
Certificates snap-in, Windows 7 user- and machine-auth work just fine
against an out-of-the-box
If you are using the default config then your eap.conf must have
default_eap_type = md5
Try with peap.
On Wed, Oct 26, 2011 at 12:14 PM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 26/10/11 14:58, Phil Mayers wrote:
On 26/10/11 14:47, Sergio NNX wrote:
This kind of QA thing helps no one
On 26/10/11 16:54, Bonald wrote:
If you are using the default config then your eap.conf must have
default_eap_type = md5
Yes. The client NAKs the EAP-MD5 and asks for PEAP.
Try with peap.
Just to placate you, I have done so. It made no difference, except save
one round-trip. User- and
On 26/10/11 14:24, Bonald wrote:
Yes i've read it.
Yes the certificate is trusted on the machine and the user store.
It must be something else, using USER auth it's working. MACHINE auth
is failling.
What is the client operating system and version, including service pack?
Are you using the
Hi Daniel,
I have a FreeRadius + MySQL setup with MikroTik as NAS.
And a few days ago I have some warnings and errors in the log:
Tue Oct 25 04:02:41 2011 : Info: Released IP xxx.xxx.xxx.xxx (did
via-pppoe-01 cli xx:xx:xx:xx:xx:xx user dmnzs-test) Tue Oct 25 05:30:36
2011 :
Error: Received
On 26/10/11 17:15, Phil Mayers wrote:
On 26/10/11 14:24, Bonald wrote:
Yes i've read it.
Yes the certificate is trusted on the machine and the user store.
It must be something else, using USER auth it's working. MACHINE auth
is failling.
What is the client operating system and version,
Yes, there is a large number of rows in the radacct and radposauth tables.
The attribute 'Acct-Interim-Interval' works very well but makes many
records.
I rotate these tables to archive old records, I think I'll do this every
month.
Of course, the script wouldn't solve all my problems, but it was
On Thu, Oct 27, 2011 at 12:13 AM, Daniel Menezes lis...@dmnzs.com.br wrote:
Yes, there is a large number of rows in the radacct and radposauth tables.
The attribute 'Acct-Interim-Interval' works very well but makes many
records.
Interim update aren't suppose to add records, they simply update
Client is Windows7 w/SP1. Using Cisco PEAP it's working. When using
Microsoft PEAP it's failing for machine auth.
I am on WLAN
netsh wlan show profile just shows my SSID
That fixed my problem. I needed to check the correct CA in the
protected PEAP properties.
Correct me if I am wrong, but that should not be needed when you are not
validating server certificate.
That would mean windows is trying to validate server cert when doing
machine auth even if the profile says otherwise??
On 11-10-26 2:36 PM, Bonald wrote:
Client is Windows7 w/SP1. Using
On 10/26/2011 07:53 PM, Francois Gaudreault wrote:
Correct me if I am wrong, but that should not be needed when you are not
validating server certificate.
There are a few issues; let me try to lay them out.
First: it seems you MUST install the CA on the client (in one or both of
the user or
Hi all,
I apologize in advance if this question has been answered previously
but I have searched extensively and cannot find discussion of this
particular topic.
What I am wanting to setup, at least initially, is a WPA2 enterprise
(802.11i) wireless access point that will authorize ANY user
On 27/10/2011 00:51, Toby wrote:
Hi all,
I apologize in advance if this question has been answered previously
but I have searched extensively and cannot find discussion of this
particular topic.
What I am wanting to setup, at least initially, is a WPA2 enterprise
(802.11i) wireless access
43 matches
Mail list logo
