Hi
I try to configure authentication via ntlm_auth to check the user group.
All authentication attempts are rejected
The same configuration without checking groups is working correctly
policy.conf:
extract_ssid {
if(Called-Station-Id =~
On Wed, Dec 7, 2011 at 4:11 PM, Сергей Усов us...@pomorsu.ru wrote:
Hi
I try to configure authentication via ntlm_auth to check the user group. All
authentication attempts are rejected
What does the debug log say when the authentications are rejected?
--
Fajar
-
List
Thanks for your reply
radiusd: Loading Virtual Servers
server { # from file /etc/freeradius/radiusd.conf
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_mschap
Module: Instantiating module mschap from file
You need to update the AD-Group in the inner-tunnel virtual server,
not in the default one.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dear All,
i installed FR v 2.1.2 and mysql 5.1.55. user database is in mysql DB.
1. I was lucky to auth Wifi users via cisco AP (NAS type cisco). but
Simulteneous-Use is not working.
2. my wimax users (vendor Alvarion) cannot authenticate. Althou, i can
authenticate them from users file.
what
I have changed inner_tunnel, but unsuccessfully
server inner-tunnel {
authorize {
preprocess
extract_ssid
mschap
suffix
update control {
Proxy-To-Realm := LOCAL
}
eap {
ok = return
}
expiration
On Wednesday 07 December 2011 01:26:08 Fajar A. Nugraha
wrote:
On Wed, Dec 7, 2011 at 1:15 PM, mic...@casa.co.cu wrote:
google search and it turns out all the variations I have
encountered are
implementing freeradius with PEAP TLS and mysql which
should generate
certificates and then
Dear All,
i installed FR v 2.1.2 and mysql 5.1.55. user database is in mysql DB.
1. I was lucky to auth Wifi users via cisco AP (NAS type cisco). but
Simulteneous-Use is not working.
2. my wimax users (vendor Alvarion) cannot authenticate. Althou, i can
authenticate them from users file.
what
Hi,
After configuration and running the FreeRadius in debug mode, I see that
binding with LDAP server is successful as : *[ldap] Bind was successful*
Then it does searching of user with filter and gives the error as : *[ldap]
ldap_search() failed: Operations error after*
*[ldap] search failed*
On 07/12/11 14:22, suggestme wrote:
Hi,
After configuration and running the FreeRadius in debug mode, I see that
binding with LDAP server is successful as : *[ldap] Bind was successful*
Then it does searching of user with filter and gives the error as : *[ldap]
ldap_search() failed: Operations
Сергей Усов wrote:
I have changed inner_tunnel, but unsuccessfully
You didn't do what I said, so I'm not surprised it didn't work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
tolik_shavlov...@mail.ru wrote:
1. I was lucky to auth Wifi users via cisco AP (NAS type cisco). but
Simulteneous-Use is not working.
See the FAQ for it doesn't work
2. my wimax users (vendor Alvarion) cannot authenticate. Althou, i can
authenticate them from users file.
Without the
suggestme wrote:
Hi,
After configuration and running the FreeRadius in debug mode, I see that
binding with LDAP server is successful as : *[ldap] Bind was successful*
Then it does searching of user with filter and gives the error as : *[ldap]
ldap_search() failed: Operations error
I am trying to use src/modules/rlm_example/Makefile using configure files.
In this makefile stated :
# The RLM_LIBS definition should list ALL required libraries.
# These libraries really should be pulled from the 'config.mak'
# definitions, if at all possible. These definitions are also
#
Mustafa Reşit Şahin wrote:
Which file mentioned with These definitions are also # echoed into
another file in ../lib, ?
Files automatically produced by the builds.
I could not find this file. As far as i understand, i have to add
shared/static libraries ( which i link from my new module )
here is debug:
ad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10,
length=135
User-Name = KeepAliveUserNameAndPassword
NAS-IP-Address = 10.152.98.23
NAS-Port-Type = Wireless-802.16
NAS-Port = 0
Calling-Station-Id = \000\000\000\000\000
NAS-Identifier =
The only requests I see are User-Name = KeepAliveUserNameAndPassword
This is just a keep-alive packet all Alvarion Extreme base stations send out.
I do not see the CPE attempting to authenticate.
David
From: freeradius-users-bounces+david.peterson=acc-corp@lists.freeradius.org
[acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address =
10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id =
KeepAliveSessionId,User-Name = KeepAliveUserNameAndPassword'
[acct_unique] Acct-Unique-Session-ID = d83a716ff7f93aa5.
++[acct_unique] returns ok
[suffix] No '@' in User-Name =
On Wed, Dec 7, 2011 at 11:02 PM, tolik_shavlov...@mail.ru
tolik_shavlov...@mail.ru wrote:
SELECT id, username, attribute,
value, op FROM radcheck WHERE username = 'KeepAliveUserNameAndPassword'
ORDER BY id
SELECT groupname FROM radusergroup
WHERE username = 'KeepAliveUserNameAndPassword'
I know it’s Extreme because we sell Alvarion WiMax for all of North America J
Keepaliveusernameandpassword is a generic request coming from the BTS which can
either be accepted or denied. Either response is fine.
The Extreme uses EAP-TTLS as does all WiMax so the username should be
Angelica Delgado-2 wrote
Freeradius, it gives NT_STATUS_WRONG_PASSWORD.
I am having a similar issue to this. I have LDAP authentication working.
However, my wireless controller, Nortel/Avaya 2382, will not work.
Radius ping from the localhost and a server works fine.
Radius log when I
Hi, Alan
Sorry, but I can not to not run because of:
1. FreeRadius stop working in not debug mode once or more time for a day
2. In debug mode it may work about week without problem
3. In debug mode I can run it only from console or in 'screen'
4. I run it on screen when it fails with help of
Hi,
I am having a similar issue to this. I have LDAP authentication working.
However, my wireless controller, Nortel/Avaya 2382, will not work.
and what type of request is coming through? If its not a PAP
type of request - as per from your server test, then you wont have
%{User-Password}
Thank you all for the suggestions.
I have already installed FreeRadius 2.1.12 which I am running, an I have got
ldap in file /usr/local/etc/raddb/modules/ldap; I have gone through it and I
am still not sure where the problem lies.
I have here included below the part of debug mode output that I
Alan Buxey wrote
and what type of request is coming through? - check the mschap module
to see the challenge response
example and 'radiusd -X' for help does help...
Alan, thank you, my wireless controller was set to send MSCHAP-v2. Changing
the controller to PAP allows it to
lint wrote
Alan, thank you, my wireless controller was set to send MSCHAP-v2.
Changing the controller to PAP allows it to complete a successful radius
ping. However, I have moved onto another problem, an 802.1x client will
not authenticate sending EAP-PEAP/EAP-MSCHAP-v2.
So, if I
You certainly dont need to set anything in your users file for 802.1X with an
AD backend
As already stated, where is your radiusd -X ?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan Buxey wrote
You certainly dont need to set anything in your users file for 802.1X with
an AD backend
As already stated, where is your radiusd -X ?
I really apologize, I misunderstood you. Thank you so much!
Here it is:
FreeRADIUS Version 2.1.11, for host x86_64-redhat-linux-gnu,
Hi,
Ready to process requests.
.and then nothing.the output is only useful if you show a failing
request actually being handled :-)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Module: Instantiating module ntlm_auth from file
/etc/raddb/modules/ntlm_auth
exec ntlm_auth {
wait = yes
program = /usr/bin/ntlm_auth --request-nt-key
--domain=domain.net--username=%{mschap:User-Name}
^^
PS you have a typo
alan
-
List
Alan Buxey wrote
Hi,
Module: Instantiating module ntlm_auth from file
/etc/raddb/modules/ntlm_auth
exec ntlm_auth {
wait = yes
program = /usr/bin/ntlm_auth --request-nt-key
--domain=domain.net--username=%{mschap:User-Name}
^^
PS you have a
The freeradius daemon reads ALL files in the modules directory. You have
duplicates and eg .rpmnew . Remove those and things may just work nicely for you
alan
--
Message may be brief as it has been sent from my mobile
-
List info/subscribe/unsubscribe? See
On Thu, Dec 8, 2011 at 3:57 AM, suggestme samanaupadh...@hotmail.com wrote:
Thank you all for the suggestions.
I have already installed FreeRadius 2.1.12 which I am running, an I have got
ldap in file /usr/local/etc/raddb/modules/ldap; I have gone through it and I
am still not sure where the
On Thu, Dec 8, 2011 at 6:11 AM, lint l...@pillclan.com wrote:
Alan, here is the output of everything with a failed request:
Did you read this?
Module: Linked to module rlm_chap
Module: Instantiating module chap from file /etc/raddb/modules/chap
Module: Linked to module rlm_mschap
Module:
Fajar A. Nugraha-2 wrote
Did you read this?
Module: Linked to module rlm_chap
Module: Instantiating module chap from file /etc/raddb/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module mschap from file
/etc/raddb/modules/mschap.org
mschap {
On Thu, Dec 8, 2011 at 9:26 AM, lint l...@pillclan.com wrote:
I made backups of the files in modules before I
modified them, as I always do with configuration files. I didn't realize
that FreeRADIUS loads all modules. I will move the backups to my home
directory and try again tomorrow
Fajar A. Nugraha-2 wrote
Somewhat off topic, did you know you can use git to keep track of
configuration changes? Something like this should make your live a lot
easier
- cd /etc/raddb
- git init
- everytime you make a change, do git commit -a
--
Fajar
I have heard of git in the
Hello Everyone,
I tried to compile FreeRADIUS with LDAP support however, rlm_ldap has
not been compiled.
Are libldap-2.4-2 libldap-dev not sufficent? Do I need to install OpenLDAP?
Thanks in Advance,
Nick.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello. Евгений
ufa-rad2:# screen -d -m freeradius -X -d /etc/freeradius/test/
Works without any problem on Linux
But I guess you should find out the cause of problem and not try to
workaround it by running FreeRADIUS in debug
1. FreeRadius stop working in not debug mode once or more time
Hi all,
After authentication by Freeradius each and every packet is going through
server. Or after authentication access point or router will handle all
this thing.
--
Warm Regards
Harish Mandowara
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
Hi,
after auth each packet will go throu NAS (Ap, Router)
08 декабря 2011, 10:28 от Harish Mandowara hari...@cdac.in:
Hi all,
After authentication by Freeradius each and every packet is going through
server. Or after authentication access point or router will handle all
this thing.
David,
usually Alvarion WIMAX 802.16 is 4M products. Extreme is 802.16 standard but
for nonWiMAX band = 5 GHz. All Alvarion hexes username, like 97697...@wimax.com
So, you just gess it was Extreme?))
07 декабря 2011, 20:33 от David Peterson-19 [via FreeRadius]
Hi,
mysql use freeradius;
Database changed
mysql select * from radcheck;
++-+++--+
| id | username| attribute | op | value|
++-+++--+
| 1 | user
2011/12/8 Толик Шавловский tolik_shavlov...@mail.ru:
Hi,
mysql use freeradius;
Database changed
mysql select * from radcheck;
++-+++--+
| id | username | attribute | op | value |
Толик Шавловский wrote:
Hi,
mysql use freeradius;
Database changed
mysql select * from radcheck;
++-+++--+
| id | username| attribute | op | value|
Коньков Евгений wrote:
BUG: you must not detach from console when 'radiusd -X'
FreeRADIUS does *not* detach from the console when using radiusd -X.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
suggestme wrote:
I have already installed FreeRadius 2.1.12 which I am running, an I have got
ldap in file /usr/local/etc/raddb/modules/ldap; I have gone through it and I
am still not sure where the problem lies.
The problem is you.
You were told to look for operations error in
47 matches
Mail list logo