,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http
them again yourself.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe
it will build (may not be the actual fix, but gets it to
build I'm not using rlm_sql).
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn
to support a few additional
options in their built-in supplicant, rather than just the couple
of odd combinations that they want.)
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United
Hi,
It's working!
On Fri, Jan 20, 2012 at 08:28:49AM +0100, Alan DeKok wrote:
Matthew Newton wrote:
Does anyone know if FreeRADIUS now supports Microsoft
PEAP/EAP-TLS, i.e. when you select PEAP with Certificates in
It's not a widely used feature.
Obviously :-) SoH is the only reasonably
)
is trivial as all the Debian stuff is there to build your package
for you :-).
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253
Validate server certificate.
(Then think if this is the best way to do it, and consider
installing the root certificate and ticking the box again.)
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester
to distribute the CA cert
(which we do) to the clients
If you can easily push the certs out, I'd go for the more secure
self-singned certs, as the main objection to it seems to be
pushing out the CA cert.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network
:/home/sqauser#
root@FreeRadius:/home/sqauser# wbinfo -u
Error looking up domain users
If you've only just joined the domain, you likely need to restart
winbindd.
But get your time synchronized properly first.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks
be harder.
I'm rather guessing here, but I wonder if LDAP searching the AD
global catalogue (ports 3268/3269) would make this work with one
search?
But that's not really a FreeRADIUS issue. You'd probably be better
finding a samba or AD list.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems
up why,
and a mini how-to at http://q.asd.me.uk/pet
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info
On Thu, Feb 02, 2012 at 06:27:31PM -0600, Dan Letkeman wrote:
On Thu, Feb 2, 2012 at 4:47 PM, Matthew Newton m...@leicester.ac.uk wrote:
That will work, but you shouldn't. Create a different certificate
for each client, and for the radius server, all signed by the same
CA.
This would
Hi,
On Fri, Feb 03, 2012 at 08:22:38AM +0100, NdK wrote:
Il 02/02/2012 21:59, Matthew Newton ha scritto:
/usr/bin/net ads search -P (mail=%{User-Name}) sAMAccountName|grep
sAMAccountName|sed s/^[^ ]* //
(maybe it's possible to do the same without using grep and sed, but it's
been just
of the log string.
Cheers,
Matthew
From 089c108c472a6a9d2a21ae86b41343b06274f95d Mon Sep 17 00:00:00 2001
From: Matthew Newton m...@leicester.ac.uk
Date: Sun, 5 Feb 2012 23:05:27 +
Subject: [PATCH] Add syslog_facility option to rlm_linelog
---
src/modules/rlm_linelog/rlm_linelog.c | 86
).
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http
...
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http
the mysql database. There's no need to have that running on the
same box...
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn
fields, and as such its much better to expand personal
horizons than give in an hire someone.
:-) My thoughts exactly.
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH
study are possibly most useful to your
question.
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
unnecessarily (doesn't often happen), but I
didn't play to find out. But if importing the intermediate makes
it work, that might help point you in the right direction.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University
, I added earlier
created client.pem, but server fails to authenticate with message unknown
ca cert, I also tried to use ca.pem, but with negative result.
The CA for client cert validation goes in CA_file - did you set
that?
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
use of SoH.
is there someone who tryed this method with freeradius2 ?
is this supported ?
I did it a few weeks ago, and wrote up the reasons for it, and
examples.
http://q.asd.me.uk/pet
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services
and not recommended for production use.
http://freeradius.org/features/eap.html
So you need to look at configuring eap2, rather than eap.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH
does not handle this gracefully.
Last I saw (looking at the comments in the FR rlm_eap_peap
source), PEAPv1 is not supported, only v0.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
of any windows trace files, that we could see.
Unfortunately it's not easily repeatable.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact
/responses etc - I forget the exact details
now. Maybe Windows did automatically retry a couple of times,
which tripped it up.
(This is Cisco wireless LAN controllers - switches may be
similar.)
We still see it with this off (see in other e-mail) but much less
often.
Matthew
--
Matthew Newton
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
groupmembership_filter = ((objectClass=group)(member=%{Ldap-UserDn}))
groupmembership_attribute = memberOf
Run in debug, look at what it's actually searching, match to the
config file, tweak, rinse repeat.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services
, and I was actually doing
something else, so it might not be correct. It just niggled me
enough at the time to dig a bit deeper, and I put it down to the
standard case of Windows being stupid, and moved on. I'd like to
be proven incorrect.
Thanks,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
been released.
...
* Added support for %{rand:...}, which generates a uniformly
distributed number between 0 and the number you specify.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester
.x arrives, there is a new feature that lets you do it in an
eap-tls virtual server authorize section, but that's not available
yet. Still, there should be no need for that unless you want to
reject connections based on TLS certificate data, rather than just
set the VLAN.
Matthew
--
Matthew
section.
Hint: put your whole config in version control (e.g. git) and then
it makes it easy to go back to a working config when you break it.
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester
what it's doing, as usual.
Use unlang in your inner-tunnel authorize section to check the
ldap group, something along the lines of (very untested):
if (!(Ldap-group == 'cn=group,dc=example,dc=com')) {
reject
}
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX
WARNING:
!!
windows never responds.
Ready to process requests.
---
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks
something
like e.g.
update reply {
Session-Timeout := 600
}
to cause the remote client to have to reauth after 600 seconds
rather than the NAS default. Of course, you want some mechanism to
deny them access when they come back asking for access the next
time.
Matthew
--
Matthew Newton
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
Hi,
On Thu, Apr 05, 2012 at 02:36:25PM +0800, cktan wrote:
Can the proxy radius return an additional attribute to NAS apart
from the attribute return by the actual radius server? I've an
update reply {
...
}
in the post-proxy section of your config.
Matthew
--
Matthew Newton, Ph.D. m
users vlan
}
}
# Case for other realm - put on to visitors VLAN
case {
update reply {
Tunnel-Private-Group-Id := eduroam visitor vlan
}
}
}
(I set Stripped-User-Realm earlier with unlang.)
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems
://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks
a problem.
I'll dig a bit more, but the easy solution is to change the
logrotate script to restart, rather than reload/HUP.
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH
On Thu, Apr 12, 2012 at 04:45:56PM +0200, Jan Weiher wrote:
Am 12.04.2012 16:32, schrieb Matthew Newton:
I'll dig a bit more, but the easy solution is to change the
logrotate script to restart, rather than reload/HUP.
Yes, that would be a solution for me as well, because when logrotate
,
WISPr-Bandwidth-Max-Down = 200
in your users file (there are plenty of other ways to do this -
unlang, sql, etc) will mean that all users get 1Mbit up and 2Mbit
down. You can send these with different values per user if you
want.
Cheers,
Matthew
--
Matthew Newton, Ph.D. m
where we used xlats for EAP/MSCHAPv2, but realise they
are in the ntlm_auth line for the Challenge/Response.
So, looking good so far - thanks Alan!
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester
timeout = 4
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http
.
Cheers
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http
RADIUS
goodness (although if you don't install the freeradius-mysql
package you'll have to remove /etc/freeradius/modules/dhcp_sqlippool
to get it to start).
Matthew
[0] http://notes.asd.me.uk/2012/01/27/compiling_freeradius_from_git_on_debian/
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems
the latter.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http
with EAP-TTLS/MSCHAP is also fine, as there is no
Access-Challenge sent; it's a direct Access-Accept with
EAP-Message 0x030a0004 (Success).
As Alan noted, EAP-TTLS/EAP-MSCHAP-V2 also seems fine.
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks
-auth {
Post-Auth-Type REJECT {
# here
}
}
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List
you use a 3rd party supplicant or Windows 8.
Windows built-in only supports PEAP/MS-CHAPv2 for auth. The
password has to be stored clear-text or as an NT hash.
http://deployingradius.com/documents/protocols/compatibility.html
This was posted to the list just earlier today.
Matthew
--
Matthew
dh_installinit --noscripts
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info
,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http
think it's been posted today so far...
http://deployingradius.com/documents/protocols/compatibility.html
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help
in error, please do not forward and destroy immediately.
#
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
be there.
Matthew
-Original Message-
From: freeradius-users-bounces+amorris=cardiffmet.ac...@lists.freeradius.org
[mailto:freeradius-users-bounces+amorris=cardiffmet.ac...@lists.freeradius.org]
On Behalf Of Matthew Newton
Sent: 24 April 2012 10:54
To: FreeRadius users mailing list
{...}
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http
realm 'externalaaa' in your proxy.conf file, as
normal.
There must be many ways to do this. Another possibility in your
users file -
b...@bob.comProxy-To-Realm := 'whatever'
DEFAULT Auth-Type := Reject
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX
.
Ensure you have 'aaa override' enabled on each of the WLANs,
otherwise it won't. It's at the top-left, second option down, of
the far right tab in the WLAN GUI, if memory serves correctly.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T
.
Debugging Output:
Not really useful - you showed radiusd -X, but stopped before any
packets hit. Good job we can occasionally mind-read[0] ;)
Cheers
Matthew
[0] Warning: mind reading is sub-optimal and often wrong.
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks
. Gives more ways of verifying things look ok.
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
are not the same thing.
Read up on unix files and inodes.
Could the same behavior be implemented to auto-rotation of FR2 logs?
Send a HUP. It's the Right Thing.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester
of ways of copying files between two machines.
If you're using a database, do whatever method that uses to copy
data across.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United
-Station-Id =~ /eduroam/) {
or you may want something more like
if (Called-Station-Id =~ /:eduroam$/) {
to check that it ends in :eduroam
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
, auth, status, etc.
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe
On Mon, May 21, 2012 at 02:23:12PM +0100, Matthew Newton wrote:
Looks like radclient has support:
Forget that - I've not had enough coffee yet today :) You need to
respond to the challenge, not send one yourself...
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX
of it.
But this is all mildly off-topic for FreeRADIUS...
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info
On Wed, May 23, 2012 at 02:02:02PM +0200, Alan DeKok wrote:
Matthew Newton wrote:
I'm not sure who looks after them now, or if they are maintained.
I've just found radiusclient-ng, which looks more recent, but have
no experience of it.
But this is all mildly off-topic for FreeRADIUS
on that. At this stage you know that setting
the AVPs there works, so if it's broken it must be your perl code
or rlm_perl settings :-)
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH
.
Then further down
...
radiusd: Loading Clients
client 127.0.0.1 {
require_message_authenticator = no
secret = testing123
shortname = localhost
nastype = other
}
...
etc.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks
Acct-Terminate-Cause = User-Request
Acct-Session-Time = 77
Acct-Delay-Time = 0
Calling-Station-Id = 0.0.0.0
Called-Station-Id = 172.18.47.242
Cisco-AVPair = nas-update=true
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network
the module isn't being
called when you've just added it, then the module is not being
called and you're configuring things in the wrong place.
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester
the module that
checks huntgroups.
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info
happen.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http
of id 192 to 10.129.85.1 port 39402
Finished request 0.
End of Output
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith
disconnected at the right time, then work out why the NAS isn't
kicking the user off.
and noting wrote in output of freeradius -X command
You won't necessarily see anything in the output of freeradius,
unless the NAS also sends an Accounting Stop at the same time.
Matthew
--
Matthew Newton, Ph.D
and resources. This config stops that happening. In short,
you generally just need to leave it alone and not worry about it.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
. Then you won't be checking this
stuff for the anonymous user in the outer anyway.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn
-IP-Address, etc), then just check for membership of the
huntgroup.
Just rememeber Packet-Src-Ip-Address can't easily be spoofed,
whereas attributed in the incoming packet can be.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T
to load the
private key in every format it can, but failing to understand any
of them.
There's generally not a problem with FreeRADIUS and wpa_supplicant
(or eapol_test), so check your certificates.
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks
to EAP-TTLS/PAP, for example, and try again.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info
No such virtual server coa
...and there's no virtual server configured to handle coa
requests...
} # server coa
Sending CoA-NAK of id 0 to 10.42.154.231 port 35046
...which is why you get a CoA-NAK.
honestly I can't understand why CoA-NAK is sent.
Really?
Matthew
--
Matthew Newton, Ph.D. m
On Tue, Jun 19, 2012 at 03:02:09AM -0700, akkouche wrote:
I try to configure TLS withPAP it does not work?
http://wiki.freeradius.org/FAQ#It-still-doesn%27t-work%21
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University
= titi
...
How many people need to tell you? Your shared secret is wrong. You
send one password, and the RADIUS server sees a different one.
Your shared secret is wrong.
Check your shared secret matches in clients.conf and on your NAS.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems
On Fri, Jun 22, 2012 at 04:17:21PM +0100, Malla reddy Sama wrote:
Please check once now. I am facing same problem..
Your netmask is wrong, or your subnet is wrong
client 172.20.0.0/24 {
should probably be
client 172.20.68.0/24 {
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems
On Sat, Jun 23, 2012 at 06:24:40AM +0800, John wrote:
Is there a way that freeradius can tell it is a VOICE device?
Like ACS server: Cisco-AVPair = device-traffic-class=voice.
man unlang
update reply {
cisco-avpair := device-traffic-class=voice
}
Matthew
--
Matthew Newton, Ph.D. m
other more useful manufacturers they use many
different prefixes for their phones. That pushes you to have to
use a database of some kind if you use their system (which
thankfully we don't).
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network
On Sat, Jul 07, 2012 at 07:10:49PM +0530, Prateek Kumar wrote:
NAS-IP-Address so clients (using PEAP/MSCHAPv2) associating to particular
...
Is there some thing I have missed ?
set copy_request_to_tunnel=yes in the peap {} section of eap.conf
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
) and see what
happens.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe
to you, but you've
stopped responding.
Can anybody shed any light please?
Diff the configs certs for a start.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
state
it is), it's the job of the NAS (the AP) to disconnect the user at
the specified time.
The user will keep working until the NAS kicks them off.
As the user isn't being disconnected, it's the NAS that needs
investigating.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect
won't tell you if your user is still actually alive; you
need a doctor for that.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn
:-)
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http
server when it
looses a client ?
The NAS informs the RADIUS server; the RADIUS server doesn't
request the information.
So when a client is disconnected, the NAS notices and sends an
appropriate Accounting packet.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks
or
otherwise.
c) backport the tls virtual server patch to 2.x - it's pretty
simple.
Cheers
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk
(see dictionary.freeradius.internal)
and as such doesn't appear in any packets in transit.
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact
1 - 100 of 216 matches
Mail list logo