nobody?
Le 07/02/2013 13:25, Hocine M a écrit :
hello,
In ma accounting table there are many records with the same radacctid
for one username.
In this case
| 23547 | SESS-50639-54b752-237134-642 | t...@univ-rouen.fr |
univ-rouen.fr| 2013-02-07 12:38:54 | NULL|
On 02/08/2013 09:04 AM, Hocine M wrote:
nobody?
The only thing that stands out is the Called-Station-Id is different.
This suggests to me that something about the accounting packets changes
as the client moves around (associates to different APs) and that the
accounting SQL queries you are
Hi,
In ma accounting table there are many records with the same radacctid for
one username.
as Phil says - and can be seen, different called-station-id - and different
(NAS id) IP address - what are your accounting statements ?
alan
-
List info/subscribe/unsubscribe? See
I am setting up our Freeradius to do authentication for MAC address for
windows PC. This is to enable PCs to connect to the AD to access Domain
information just before Windows User Logon Screen. The PC is already
connected to a Cisco switch port which has been configured 802.1x.
I have
On 08/02/13 12:52, Tunde Ogedengbe wrote:
see from the log that the MAC addresses is checked and OK. But there is
an [eap] returns reject just after the mac address was successfully
checked. I guess I need a way to get radius to force an EAP accept
after successful checking of the MAC
Hello all,
I'm researching this anomaly myself in all the documentation, but
thought it would also be helpful both to me and to others to post the
problem here.
SYMPTOM: Some Access-Period accounts (accounts which have X number of
seconds to continue logging in and out starting from the
Hi all,
I've inherited a pair of Freeradius servers running Vsn 2.10 and have build a
new server around the 2.2 source code. All of these servers exhibit the same
problem in that after a SIGHUP to reload their configuration files the
sometimes crash.
Firstly the 2.1 servers
We have 2 of them
Alex Sharaz wrote:
Firstly the 2.1 servers
shrug Upgrade.
password files are updated every 15 mins and are followed by a service
freeradius reload command to bring them on line.
See the changelog for 2.2.0. The passwd module had issues with
older versions of the server.
You can
i begin setting up configuration. bit i got two problems :
client with good certificate can be authenticated even if they're not in
users file.
I assume it's due to my code. Here is under authenticate section of default :
Auth-Type eap {
eap
if (
Ok so the question then is: where the hell is radclient getting the
notion that the account has 2366393 seconds left?
That is *entirely* the wrong question. It's why you haven't solved
the problem yet.
Look at the *radius server* debug output. It's the one sending the
Session-Timeout.
Bill Isaacs wrote:
Ok so the question then is: where the hell is radclient getting the
notion that the account has 2366393 seconds left?
From the RADIUS server. This isn't magic. radclient doesn't invent
attributes in reply packets. It receives them from the RADIUS server.
Alan, take a
Hi All,
I'm sure the answer to this is nope, but ...
At a recent Aruba training course in amongst the documentation supplied to us
were a couple of presentation slides showing different types of eap
authentication against recommended RADIUS servers for use with Aruba equipment
(Just to be
Ok. Can you pls help with procedure for configuring pre-login on Windows
for 802.1x? Windows is sending packets to RADIUS as
host/machine-name.domain. I would like to have a dedicated userid/password
configured on windows for pre-login machine authentication.
'Tunde Ogedengbe
On 8 Feb 2013 13:18,
Alex Sharaz wrote:
At a recent Aruba training course in amongst the documentation supplied to us
were a couple of presentation slides showing different types of eap
authentication against recommended RADIUS servers for use with Aruba
equipment (Just to be sure the slide heading said Aruba
As already said, post output of radiusd -X
(that will clearly show the logic taken)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 08/02/13 16:09, Tunde Ogedengbe wrote:
Ok. Can you pls help with procedure for configuring pre-login on Windows
for 802.1x? Windows is sending packets to RADIUS as
host/machine-name.domain. I would like to have a dedicated
userid/password configured on windows for pre-login machine
On 08/02/13 16:19, Alan DeKok wrote:
If it requires tweaking for Aruba, then Aruba has failed to implement
the standards correctly.
Was it Aruba who we had all the issues with terminating PEAP/TTLS
locally on the controller, then transforming the inner EAP-MSCHAPv2 to
plain MSCHAPv2 and
--
An HTML attachment was scrubbed...
URL:
http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130208/f72a3bc9/attachment-0001.html
--
Message: 3
Date: Fri, 08 Feb 2013 09:35:59 -0600
From: Bill Isaacs bill.isa...@island-wifi.com
On Fri, Feb 08, 2013 at 10:10:05AM -0500, Alan DeKok wrote:
Alex Sharaz wrote:
Anyone else seen serve crashes on a reload?
Unfortunately I've seen this before. I haven't seen enough
information to track it down and fix it, though.
One workaround is to just do a restart instead of a
here is the output :
Evaluating (%{TLS-Client-Cert-Subject} =~//) - TRUE
++? if (%{TLS-Client-Cert-Subject} =~ /\/xx\// ) - TRUE
++- entering if (%{TLS-Client-Cert-Subject} =~ /\/O=\// ) {...}
+++? if (%{TLS-Client-Cert-Subject} =~ /\/OU=\// )
Alex Sharaz wrote:
Anyone else seen serve crashes on a reload?
Unfortunately I've seen this before. I haven't seen enough
information to track it down and fix it, though.
|One workaround is to just do a restart instead of a reload. It's
|not likely to make much of a difference.
:-)
Aruba now say they only support eap-tls and eap-peap when you offload eap onto
their mobility controllers.
Rgds
Alex
On 8 Feb 2013, at 16:46, freeradius-users-requ...@lists.freeradius.org wrote:
Re: Any interoperability issues with Aruba and Freeradius
-
List info/subscribe/unsubscribe? See
--
An HTML attachment was scrubbed...
URL:
http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130208/f72a3bc9/attachment-0001.html
--
Message: 3
Date: Fri, 08 Feb 2013 09:35:59 -0600
From: Bill Isaacs bill.isa...@island-wifi.com
To: FreeRadius
Alex Sharaz wrote:
Aruba now say they only support eap-tls and eap-peap when you offload
eap onto their mobility controllers.
That is a stupid response from them.
If they follow the specs, they should pass EAP straight through to the
RADIUS server. If they do anything else, they are
Alex Sharaz wrote:
And from the control-socket code
In older versions of the software. Version 2.2.0 does *not* have that
text.
The servers are in a production environment. I'd really like to try just
reloading the passwd module to see if it makes any difference to the server
stability
I have to say that in their defence, the eap offloading is switched off by
default and you do actually have to switch it on.
A
On 8 Feb 2013, at 17:27, Alan DeKok al...@deployingradius.com wrote:
Alex Sharaz wrote:
Aruba now say they only support eap-tls and eap-peap when you offload
eap onto
* there is one problem that FreeRADIUS doesn't return the inner ID into the
outer one when using EAP-TTLS (but does when using EAP-PEAP), but this is
nothing Aruba-specific and probably a configuration error in FreeRADIUS on
our part.
I've got a strange thing here as well. In the
Think I just had senior moment.
The server runs 2.2 code compiled from source but I copied all the configs over
from the UKERNA freeradius sample and then amended them to run against our AD
service. The UKERNA control-socket config does have the text.
My fault
Rgds
Alex
On 8 Feb 2013, at
Hi,
* there is one problem that FreeRADIUS doesn't return the inner ID into the
outer one when using EAP-TTLS (but does when using EAP-PEAP), but this is
nothing Aruba-specific and probably a configuration error in FreeRADIUS on
our part.
stick something like this into your 'inner-tunnel
Hi,
Anyone else seen serve crashes on a reload?
dont HUP, do a restart. its clean and it pretty much just as quick.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
|$ radmin -e hup passwd
|
And from the control-socket code
#
# Control socket interface.
#
# HIGHLY experimental! It should NOT be used in production
# environments.
#
The servers are in a production environment. I'd really like to try just
reloading the
Hi,
Think I just had senior moment.
The server runs 2.2 code compiled from source but I copied all the configs
over from the UKERNA freeradius sample and then amended them to run against
our AD service. The UKERNA control-socket config does have the text.
My fault
who is UKERNA?
;-)
On 08/02/13 17:14, Alex Sharaz wrote:
Aruba now say they only support eap-tls and eap-peap when you offload
eap onto their mobility controllers.
Well, don't do offload - it's a pretty bad idea anyway, and vendors have
a history of mangling it.
-
List info/subscribe/unsubscribe? See
Hi folks,
Having managed to get freeradius 2.10 to run on Debian squeeze with a
username and password defined in /etc/freeradius/users, I was hoping
to take a step forward by getting it to authenticate users through
PAM. But, that's not working out as I had hoped.
Could sombody please
Try by adding
jwinius Cleartext-Password := xxx
On Fri, Feb 8, 2013 at 11:41 AM, Jaap Winius jwin...@umrk.nl wrote:
Hi folks,
Having managed to get freeradius 2.10 to run on Debian squeeze with a
username and password defined in /etc/freeradius/users, I was hoping to
take a step forward
Sorry about the incomplete previous email,
Try by adding
jwinius Auth-Type = pam
Cleartext-Password := xxx
Deepti
On Fri, Feb 8, 2013 at 12:31 PM, Deepti kulkarni deepti.kde...@gmail.comwrote:
Try by adding
jwinius Cleartext-Password := xxx
On Fri, Feb 8, 2013 at
Deepti kulkarni wrote:
Sorry about the incomplete previous email,
Try by adding
jwinius Auth-Type = pam
Cleartext-Password := xxx
That won't work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jaap Winius wrote:
...
[eap] processing type md5
rlm_eap_md5: Cleartext-Password is required for EAP-MD5 authentication
You can't use PAM and EAP-MD5 together. It's impossible.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Quoting Deepti kulkarni deepti.kde...@gmail.com:
Try by adding
jwinius Auth-Type = pam
Cleartext-Password := xxx
Thanks for your reply, but that makes virtually no difference. The
result is the same and freeradius' debug output only changes slightly:
Quoting Alan DeKok al...@deployingradius.com:
You can't use PAM and EAP-MD5 together. It's impossible.
That sounds like important information! To turn off EAP, I commented
out all of the lines related to EAP in
/etc/freeradius/sites-enabled/default and in
Jaap Winius wrote:
That sounds like important information! To turn off EAP, I commented out
all of the lines related to EAP in /etc/freeradius/sites-enabled/default
and in
/etc/freeradius/sites-enabled/inner-tunnel.
No. You can't turn off EAP. The client is sending EAP to the server.
You
On 02/08/2013 09:50 AM, Alan DeKok wrote:
Bill Isaacs wrote:
Ok so the question then is: where the hell is radclient getting the
notion that the account has 2366393 seconds left?
From the RADIUS server. This isn't magic. radclient doesn't invent
attributes in reply packets. It receives
Bill Isaacs wrote:
Alan, you're so much more fun when you're not being myopic. lol Of
course it's getting the answer from the radius server. You really think
I don't know that?
I can only read what you write. You asked *twice* why radclient had
that Session-Timeout. The second time,
Again Alan, read between the lines. I've been scanning these emails
from this group for about year through google searches.
What I've learned from this mailing list is that you routinely castigate
people who ask questions on here. That's rude. Your tone is arrogant.
And that's rude.
Yes,
Bill Isaacs wrote:
Again Alan, read between the lines. I've been scanning these emails
from this group for about year through google searches.
What I've learned from this mailing list is that you routinely castigate
people who ask questions on here. That's rude. Your tone is arrogant.
Bill Isaacs wrote:
Here is the telling part of the freeradius -X output that I ran earlier
this morning and printed out to use as a reference in my inquiries:
[accessperiod] expand: %{sql:SELECT
IF(COUNT(radacctid=1),(UNIX_TIMESTAMP() -
IFNULL(UNIX_TIMESTAMP(AcctStartTime),0)),0) FROM
Alan,
Being a moderator does NOT give you moral license to treat people like
children. You're a rude man. Please ban me.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
47 matches
Mail list logo