On Thu, Jul 18, 2013 at 10:46 AM, Alan DeKok al...@deployingradius.com wrote:
Navodit Bhardwaj wrote:
For each Access-Request recieved and authenticated successfully I want
to do following:
1. Verify if Access-Request contains a parameter i.e IMEI of mobile
2. If Not, send Access-Reject.
Greetings,
I am using a Pg datastore to hold authentication data and using the Pg
module for FR to hook into it.
I am using a basic view for the radius_check table:
# SELECT * from radius_check_users where username = 'mzagrabe';
id | username | attribute| op | value
On Mon, Jul 1, 2013 at 3:30 PM, Arran Cudbard-Bell
a.cudba...@freeradius.org wrote:
On 1 Jul 2013, at 17:59, Matt Zagrabelny mzagr...@d.umn.edu wrote:
Greetings,
I am using a Pg datastore to hold authentication data and using the Pg
module for FR to hook into it.
I am using a basic view
Greetings!
Our Cisco VPN concentrator is sending some RADIUS attributes in the
request packet and if certain values appear, then I'd like to only
allow a subset of users to login.
I've looked at:
http://wiki.freeradius.org/SQL-Huntgroup-HOWTO/dbeef165862fe9ba7ef6f7d011889d1f7212cf9b
the SQL
On Wed, Jun 26, 2013 at 9:27 AM, Alan DeKok al...@deployingradius.com wrote:
Mihajlo Joksimovic wrote:
i have an uptodate Debian derivate with samba4.
The base_filter rule in the modules/ldap file is not accepted. There i
gave sambaacctflags but nothing happens. still all users get accepted.
On Mon, May 20, 2013 at 12:58 PM, Roberto Carna
robertocarn...@gmail.com wrote:
Dear, I have:
(A) One Freeradius server on Debian 6: freeradius installation and
client.conf configuration
(B) Another Debian 6 box with sshd: libpam-radius-auth installation
(C) Several Windows and Linux ssh
On Wed, May 8, 2013 at 3:26 PM, Roberto Carna robertocarn...@gmail.com wrote:
Dear, I'm new at Freeredius as an AAA sever in a Linux box and I need to
authenticate Allied switches and Debian/Centos boxes.
What package/module do I have to install in adition to freeradius ???
For the Debian
On Tue, Mar 5, 2013 at 9:17 PM, Arran Cudbard-Bell
a.cudba...@freeradius.org wrote:
On 5 Mar 2013, at 18:03, Matt Zagrabelny mzagr...@d.umn.edu wrote:
On Mon, Mar 4, 2013 at 4:28 PM, Arran Cudbard-Bell
a.cudba...@freeradius.org wrote:
You know SQL supports groups right? and that a group
On Mon, Mar 4, 2013 at 4:28 PM, Arran Cudbard-Bell
a.cudba...@freeradius.org wrote:
You know SQL supports groups right? and that a group matching can be
conditional on attributes in the request? and that you can add aditional
config items to client definitions to mark them as a special
config dir) due to the second
instance? Is it worth it, just to have a single system have all of
your RADIUS servers or should I just stand up another virtual server
and use that instead?
Thanks for any help or hints!
-matt zagrabelny
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
On Mon, Mar 4, 2013 at 3:27 PM, Olivier Beytrison oliv...@heliosnet.org wrote:
On 04.03.2013 22:17, Olivier Beytrison wrote:
On 04.03.2013 21:56, Matt Zagrabelny wrote:
Greetings,
I am configuring a general purpose RADIUS server that any number of
clients can connect to for authn - it uses
On Tue, Feb 12, 2013 at 3:50 PM, T W gqma...@yahoo.com wrote:
All,
I got this working at the end of last year, but now I've having trouble.
I'm setting up SSH access using RADIUS auth on a Ubuntu 12.10 system. Im
using the latest version of libpam-radius-auth (1.3.17-0ubuntu4) and have
On Wed, Nov 21, 2012 at 9:18 AM, David Gethings dgethi...@juniper.net wrote:
Hi All,
It appears that the Debian package for freeradius 2.1.10 does not install
the configuration files. At least that is what is happening on my system. As
I try to resolve this is it possible to get a copy of the
On 06/12/12 15:20, Alan DeKok wrote:
Matt Richards wrote:
Hello,
I have got radius setup to authenticate wireless clients using MS-CHAP
and everything works correctly if the entered user / pass is correct.
If the password is wrong, however, I get a buffer overflow error and
radiusd dies
On 06/13/12 13:04, alan buxey wrote:
Hi,
I did have a retry_msg which was left as the default value of
retry_msg = Re-enter (or reset) the password
After I commented out this line the problem went away.
Thanks for your help. I'm guessing this shouldn't crash with the example
config?
be happening? If you require any
additional info please let me know. One thing I was thinking about
trying it going back a few versions of ntlm_auth and tring again. Its
interesting how I don't seem to be able to find any information relating
to this on the Internet.
Thanks,
Matt.
-
List info
Hi All,
having trouble setting up my RADIUS(FreeRADIUS Version 2.1.7) to
auth to my openldap server (openldap-2.3.43-12.el5_6.7) on CentOS 5.5.
i am trying to configure EAP-TLS and think i am pretty close. I am
currently wondering if possibly i have an incorrect mapping in the
ldap.attrs file
freeradius-users@lists.freeradius.org
Message-ID: 4ea9aa81.50...@deployingradius.com
Content-Type: text/plain; charset=ISO-8859-1
Matt Arguin wrote:
having trouble setting up my RADIUS(FreeRADIUS Version 2.1.7) to
auth to my openldap server (openldap-2.3.43-12.el5_6.7) on CentOS 5.5.
i am trying
I have a setup with four Linksys E4200 wireless routers all sharing the same
SSID. All are configured to authenticate against the same freeradius server via
WPA 2 enterprise. I have freeradius (2.1.7) setup to authenticate against
activedirectory using ntlm_auth via TTLS and mschap. Android and
Sent: 01 March 2011 13:30
To: freeradius-users@lists.freeradius.org
Subject: Re: Using an external CA certificate
Matt Langthorpe matt.langtho...@pmb.ox.ac.uk wrote:
Having a bit of trouble following the official freeradius wiki when it
comes to certificates. Basically I have my own
port 32960 Waking up in 4.9
seconds.
Cleaning up request 0 ID 174 with timestamp +
Cheers,
Matt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
I have uploaded the two files into my raddb/certs folder, but am unsure as to
where to point to them in my eap.conf? I notice none of the cert files listed
in eap.conf have a *.crt extension which is a bit confusing.
Thanks in advance,
Matt
-
List info/subscribe/unsubscribe? See http
section:
if ( %{control:Auth-Type} == EAP ) {
update reply {
EAP-Message := 0x04010004
}
}
The code seems to work as expected, but Windows XP still doesn't seem to
handle it sensibly. But I can live with that.
Thank you, Alan!
-Matt
-
List info/subscribe/unsubscribe? See http
check_cert_issuer and
check_cert_cn would be), in hopes that the rejection would occur during
the auth rather than after it, but the code doesn't seem to have any
effect there.
Thanks in advance for any clues...
-Matt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
it into the authentication
phase via the tls{} section in eap.conf didn't seem to work.
Any other ways to do it?
I'd thought of using rlm_perl, but couldn't see that the cert fields are
passed to the module.
Thanks,
-Matt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 1/27/2011 1:24 PM, Matt Garretson wrote:
Thanks. That's actually my goal. But unlang isn't allowed in
authenticate{}, and my attempts to sneak it into the authentication
phase via the tls{} section in eap.conf didn't seem to work.
Any other ways to do it?
Replying to myself here I
On 1/27/2011 3:41 PM, Matt Garretson wrote:
The XP client still tries three times (duh), but at least radius.log reflects
a failure:
Error: TLS_accept: error in SSLv3 read client certificate B
Error: rlm_eap: SSL error error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no
with
one of the methods described earlier in this thread.
Thanks,
-Matt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
Are check lines in the users file short-circuit AND evaluated from
left to right? Extrapolating this presumption out to radgroupcheck
when using a MySQL database, are the check items evaluated simply in
order of column id value (ie. the order they are returned from the
SELECT)?
As usual, thanks Alan. I appreciate the help.
-M
On Wed, Jun 16, 2010 at 7:55 AM, Alan DeKok al...@deployingradius.com wrote:
Matt Hite wrote:
Are check lines in the users file short-circuit AND evaluated from
left to right?
Yes.
Extrapolating this presumption out to radgroupcheck
when
I'd love to use inner-tunnel if I could get it to work.
so..whats the error then - radiusd -X - it should be quite obvious
Alan: I believe I posted the errors I have been getting. I have posted
the debug output in previous posts in this thread. If there is more
information that you think I
Ok, well like I said, mysql wasn't being queried by the inner-tunnel
server. Still not clear on why that was happening, but I worked around
it by commenting out inner-tunnel as the virtual server to use for
peap. So the default server is being used and working.
er, it wasnt working when
someone please shed some light on this for me
please.
Here is my inner-tunnel file and debug output (long).
Thanks, Matt
/etc/freeradius/sites-enabled/inner-tunnel :
server inner
Now I've read a million posts on the web, including this list where
people have reported the same problem. In most cases the problem was
that the inner-tunnel server wasn't configured for sql. I definitely
have sql on in the inner-tunnel file (which I will post in a sec). The
mysql server IS
Hello.
I would like to log the client IP of failed successful
authentications to my RADIUS-enabled switches. Right now
failed/success show up like this:
radiusd[13877]: Login incorrect: [xyzzy] (from client SW-2745-C1.sv4 port 0)
radiusd[13877]: Login OK: [plugh] (from client SW-2745-C1.sv4
fine
with Cisco kit though.
Mystery solved!
-M
On Sun, May 9, 2010 at 1:19 AM, Alan DeKok al...@deployingradius.com wrote:
Matt Hite wrote:
It looks like I can possibly enable auth_badpass and auth_goodpass in
radiusd.conf and then set:
msg_goodpass = %{Calling-Station-Id}
msg_badpass
On Fri, Apr 9, 2010 at 8:46 AM, Rosario Lumia ery...@gmail.com wrote:
Sorry for my (very) bad english. Only for clearness: I'd want to know if
there is a way to log the end of a 802.1x session. I mean: a client turn off
his wireless card and (I think) AP can (??) send a message to freeradius
On Fri, Apr 9, 2010 at 12:11 PM, Garber, Neal
neal.gar...@energyeast.com wrote:
From what I've read, supplicants can send an EAPOL-Logoff message to
If the requirement is to determine when the user disconnects, isn't this best
handled by accounting data? That is, if the authenticator
On 01/04/2010, at 1:44 PM, Matt Harlum wrote:
On 01/04/2010, at 7:39 AM, Bruno Kremel wrote:
On Wednesday 31 March 2010 21:28:48 Alan DeKok wrote:
What should be there?
Beacuse I don't know I am using Daloradius web interafce for adding data to
database, so I just loaded default
On 01/04/2010, at 8:40 PM, Bruno Kremel wrote:
2010/4/1 Matt Harlum m...@cactuar.net:
On 01/04/2010, at 1:44 PM, Matt Harlum wrote:
On 01/04/2010, at 7:39 AM, Bruno Kremel wrote:
On Wednesday 31 March 2010 21:28:48 Alan DeKok wrote:
What should be there?
Beacuse I don't know I am
Hi,
What OS is the client machine running?
It would seem like an issue with the client to me.
Regards,
Matt Harlum
On 31/03/2010, at 8:31 PM, Christian Pinedo Zamalloa wrote:
wrong version num
ber
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
of the log?... also radtest gives
me
Accept-Accept only on correct login and password so I think that it's not
that
SQL...
As Alan said, it was simply ignored because of the misconfiguration
Regards,
Matt Harlum
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
broke it?
Regards,
Matt Harlum
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 24/03/2010, at 8:21 PM, Fajar A. Nugraha wrote:
On Wed, Mar 24, 2010 at 3:51 PM, Matt Harlum m...@cactuar.net wrote:
Hi,
I'm running Freeradius 2.1.6 on MacOSX 10.5.7 on a Dual-G4 867Mhz PowerMac
Since march last year I've had 2.1.6 installed however it's been switched
off
been disabled. must be a weird OSX thing
Sorry for wasting your time guys and thanks for the help
Regards,
Matt Harlum
On 24/03/2010, at 8:27 PM, Matt Harlum wrote:
On 24/03/2010, at 8:21 PM, Fajar A. Nugraha wrote:
On Wed, Mar 24, 2010 at 3:51 PM, Matt Harlum m...@cactuar.net wrote:
Hi
Hi,
is it possible that make server generated a new CA etc?
I'd recommend making a copy of the current CA cert on each machine and doing a
diff
Regards,
Matt Harlum
On 24/03/2010, at 9:21 PM, sphaero wrote:
Hi All,
I've been searching the archives for a while on some guidance
,
Matt Harlum
On 24/03/2010, at 11:30 PM, John Dennis wrote:
On 03/24/2010 06:21 AM, sphaero wrote:
Hi All,
I've been searching the archives for a while on some guidance into setting
up multiple radius servers using the same CA for use with EAP/TTLS.
I've generated a CA which is distributed
After my previous email I've successfully re-installed my custom config and am
able to auth my clients again
Regards,
Matt Harlum
On 25/03/2010, at 12:11 AM, Gary Gatten wrote:
If u really want 2 knw the issue, undo the changes one by one until it breaks
again.
- Original Message
Hi,
Even though you're running it in production I'd recommend updating every now
and again.
IMHO it's worth it, RADIUS is used for Authentication after all. I tend to keep
a copy of my last build in case I need to revert anyway.
Regards,
Matt Harlum
On 25/03/2010, at 10:35 AM, Zhang, Ge
Can you clarify this statement:
but my user still got the privilege to connect to all the routers in
the network
Do you send a specific RADIUS attribute, like a VSA? Or are you making
this statement based upon receiving an Access-Accept?
-M
On Thu, Mar 11, 2010 at 5:16 AM, Siryx XL
Did you perform step #3 in the How-To?
radiusd.conf:
update request {
Huntgroup-Name := %{sql:select groupname from radhuntgroup where
nasipaddress=\%{NAS-IP-Address}\}
}
On Wed, Mar 10, 2010 at 12:53 PM, Siryx XL djsi...@hotmail.com wrote:
I tried the huntgroups but it didn't work.
I
On Wed, Mar 3, 2010 at 10:44 AM, Phil Mayers p.may...@imperial.ac.uk wrote:
but how to set the fail VLAN and guest VLAN to Y ???
Setting the Fail and Guest VLAN by radius doesn't make any sense.
The Fail vlan is what to use when the radius server is unavailable.
The Guest vlan is what to do
AP's
are not acting as) that could group all our Access Point devices into a
group s we wouldn't have to have a statement in the users file like the one
above for every single wireless access point in our network.
Any advice is appreciated.
Thanks
Matt
-
List info/subscribe/unsubscribe
Hello --
I am running freeradius2-2.1.7 with MySQL as the backend datastore.
I've got a deployment up and running supporting the admin login to
about 200 switches from a single vendor. I'm looking to expand my
deployment and thus some new requirements have surfaced.
Requirements:
- Different
Hello list.
I have been testing FreeRADIUS for a project we are looking at running
to authenticate users for Giganews.
I have got the authentication part working well, and the
authentication attempts get logged correctly into MySQL.
Now, I am trying to log the session details, such as data to
-Password = abc.123
NAS-IP-Address = 127.0.0.1
I'm wondering what could cause this? Any help is appreciated.
Thanks
Matt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I just figured that out via a sniff. Thanks for the note. I'll go after the
requesting software now.
From: Garber, Neal [mailto:neal.gar...@energyeast.com]
Sent: November 25, 2009 2:27 PM
To: 'm...@unb.ca'; 'FreeRadius users mailing list'
Subject: RE: showing NAS-IP of 127.0.01 instead of
Builds okay on Fedora 7 and Fedora 10:
./configure --with-system-libtool --prefix=/opt/radius --localstatedir=/var
make tests also passes on both, FWIW. But I won't be able
to actually install it for a week or two.
Alan, thanks for all of your hard work on FreeRADIUS!
-Matt
-
List info
Are you planing improve CRL support in version 2.0 in some near future?
What do you mean by better support? Are you asking for a way to
update CRLs without a bounce of freeradius?
--
Matt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
--
Matt
On Fri, Feb 13, 2009 at 12:11 PM, Meyers, Dan d.mey...@lancaster.ac.uk wrote:
I'm sure I must just be being thick with our FreeRADIUS config, but i've
completed failed to find anything online or in the docs explaining
*what* i'm doing wrong, so i'm posting here.
We've had a FreeRADIUS
locations so I need to build a solution enabling rapid
provisioning of the devices with minimal local technical oversight.
--
Matt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
Thoughts?
--
Matt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
with mschap before ldap in your authorize{}
block, FreeRADIUS will handle the challenge-response stuff correctly for
MSCHAPv2 using the NT hash from OpenLDAP. Make sure you bind to OpenLDAP
with sufficient privilege to read the NT hash!
HTH
Matt
-
List info/subscribe/unsubscribe? See http
On Oct 15 Alan DeKok wrote:
Matt Bernstein wrote:
So saith FreeRADIUS 2.1.1, but I wasn't trying to do multiple levels of
TLS nesting. I'm trying to use virtual servers so that a single radiusd
can terminate TTLS/PEAP for multiple subrealms, _and_ use the
inner-tunnel trick, keeping
At 14:19 +0200 Alan DeKok wrote:
Matt Bernstein wrote:
We will have multiple server certificates; our departments are rather
independent here.
Ugh. There's not really any good reason for this. If the
departmental certs are signed by a university CA, then you can still get
away with one
${confdir}/maths/inner/ldap.common which contains
identity = cn=radiusd,dc=maths,dc=qmul,dc=ac,dc=uk
basedn = dc=maths,dc=qmul,dc=ac,dc=uk
and so on.
I'm guessing that such parameters aren't scoped locally enough.
HTH
Matt
-
List info/subscribe/unsubscribe? See http
Success
++[dcs-inner-eap] returns handled
So.. I hope this is useful. Do drop me a mail on- or off-list on
mb/[EMAIL PROTECTED], if you want any further information or if
I'm not being clear enough.
Matt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Would it make more sense then to use a Perl program instead for the
authorization and then have that program:
- verify credentials against ldap.
- do the regexp matching on the entitlement field?
Thanks,
Matt
[EMAIL PROTECTED]
-Original Message-
From: Alan DeKok [mailto:[EMAIL
Is there a way to regexp checking on the group_membership field instead?
Thanks
Matt Ashfield
[EMAIL PROTECTED]
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Monday, July 28, 2008 3:23 PM
To: [EMAIL PROTECTED]; FreeRadius users mailing list
Subject: Re
That's what I was afraid of. Any suggestions to getting around this?
Thanks
Matt Ashfield
[EMAIL PROTECTED]
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Monday, July 28, 2008 3:23 PM
To: [EMAIL PROTECTED]; FreeRadius users mailing list
Subject: Re
Hmmm...welll I was hoping for another way to assign vlans based on ldap
attributes, but I don't figure on rewriting rlm_ldap.
Thanks
Matt
[EMAIL PROTECTED]
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 30, 2008 3:49 PM
To: [EMAIL PROTECTED
=~ .*staff1, Autz-Type := Ldap1, Auth-Type := Ldap1
Where unbldap-Ldap-Group gets set via
groupmembership_attribute = eduPersonPrimaryAffiliation
and eduPersonEntitlement: urn:mace:uni.ca:wireless?vlan=staff1 in LDAP
Thanks
Matt Ashfield
[EMAIL PROTECTED]
From: [EMAIL PROTECTED
=student1
So I'd need to parse the value as well to pull out the vlan name, in this
case student1.
I'm unsure how to get around these two issues. Any suggestions are welcome.
Thanks
Matt
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Thu, Jul 17, 2008 at 7:49 AM, Alan DeKok [EMAIL PROTECTED]
wrote:
[EMAIL PROTECTED] wrote:
I've enabled detail auth_log and detail reply_log (it'd be great
if there was a way to tie auths and replies together from the
different log files somehow) and FreeRadius is creating new logs each
Alan DeKok wrote:
Slava wrote:
Could anyone tell me if there exists a solution to integrate FR with a
POP3 server
Look for patches to let cucipop do RADIUS authentication. If there
are none, maybe cucipop does PAM authentication. You could then use the
PAM RADIUS module.
FWIW, Qpopper
will
# add MS-CHAP-MPPE-Keys for MS-CHAPv1 and
# MS-MPPE-Recv-Key/MS-MPPE-Send-Key for MS-CHAPv2
#
#use_mppe = no
use_mppe = no
Thoughts?
Matt Ashfield
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED
Exciting stuff!
On Fri, Jun 20, 2008 at 2:48 PM, Alan DeKok [EMAIL PROTECTED]
wrote:
I've commited some code (~1K LoC) to CVS head that will go into 2.0.6.
In short, there's no point in using SNMP any more. The good news is
that the Status-Server packet is overloaded to get all sorts of
, you should be able to see that from the config files in your
$raddb directory. You can post the config if you have questions.
Matt
On Wed, Jun 11, 2008 at 6:44 PM, Newall, Bryce [EMAIL PROTECTED] wrote:
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:freeradius-users-
[EMAIL
: Debug: Ready to process requests.
Matt
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ivan Kalik
Sent: Tuesday, June 10, 2008 11:21 AM
To: freeradius-users@lists.freeradius.org
Subject: RE: FR and PEAP question
eapol_test from
of id 97 to 127.0.0.1 port 32769
Tue Jun 10 10:07:35 2008 : Debug: Waking up in 4.9 seconds.
Tue Jun 10 10:07:40 2008 : Debug: Cleaning up request 0 ID 97 with timestamp
+17
Tue Jun 10 10:07:40 2008 : Debug: Ready to process requests.
Any assistance is appreciated.
Thanks
Matt
[EMAIL PROTECTED
I'd like to test this with PEAP/MSCHAP requests if possible. Is there a
howto? Clearly I'm down the wrong path here.
Matt
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Ivan Kalik
Sent: Tuesday, June 10, 2008 11:02 AM
To: freeradius
In our company, we do have certificates signed by multiple Certificate
Authorities...but there is a hierarchy. So, some users come in from Domain
A (root CA) some come in from Domain B (intermediate CA). So then it's
easyjust maintain the CA_path containing the root and any necessary
I'm happy to be wrong about this, but in my experience, this parameter:
-CApath ca.pem
Needs to be an actual path, not a PEM CA file, where you have performed
these steps:
download certificate authority cert in PEM format
run c_rehash . (openssl script)
On Thu, May 15, 2008 at 10:37 AM,
I can't seem to get to deployingradius.com website. Anyone know if this is
down?
Matt
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
2008 : Error: Discarding duplicate request from client
hh2380:20001 - ID: 200 due to unfinished request
1428
Any help is greatly appreciated.
Thanks
Matt A
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sergio Belkin wrote:
I can't compile freeradius-2.0.2 on Centos 5.1 x86_64. It outputs:
/usr/lib/libltdl.so: could not read symbols: File in wrong format
collect2: ld returned 1 exit status
You might try using your system's own libtool. Try these
configure options:
The nas table definition can be found at the bottom of this page
http://wiki.freeradius.org/MySQL_DDL_script
make sure to set:
readclients = yes (probably at the bottom of sql.conf)
the column names in the nas table are pretty self-explanatory after you
have that set up. Just be sure to
Alan T DeKok wrote:
January 10, 2007 - Version 2.0.0 has been released.
Congratulations, and thanks for all your hard work on FreeRADIUS!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I have a freeradius server configured to do both EAP-TLS and LDAP auth. It
works great so far. If I have a cert. configured, then I'm authenticated
with the cert. If I don't have a cert then I get prompted for my un/pw on
my NAS's Captive Portal page, which then passes my username/password on
What kind of error messages are you getting in your log when it blows up?
Quoting Phil Mayers [EMAIL PROTECTED]:
On Mon, 2007-09-24 at 15:39 -0400, Nathan Hay wrote:
I am a newbie, running 3 (for redundancy) FreeRadius servers (1.1.7)
on SUSE 10 SP1 (32-bit) to authenticate our wireless
client
hh2380:20006 - ID: 133 due to unfinished request 922
After the error it crashed. Not sure why I'm seeing this. Any thoughts are
welcome!?
thanks
Matt
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt
Ashfield
Sent: Tuesday
version of FR? modules or backend auth system used?
Using FR 1.1.5 and using mod_auth_ldap for auth
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
is appreciated.
Matt
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi...
Matt Ashfield wrote:
We're running FR to authenticate users on our wireless network. It appears
that radius is randomly stopping/crashing. I have checked logs, but have
been unable to locate the problem and am wondering if someone could point me
For what it's worth (probably not much
scratch. The current version in Fedora 7
is 1.1.6, and 1.1.7 is available in the development repo. (I am
running 1.1.7 built from the devel source RPM.)
-Matt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
snip out if you don't actually need to build/use the
stuff which depends on them.)
But /usr/include/mysql doesn't exist on the machine.
I'm guessing none of the MySQL packages are installed. Try:
yum install mysql mysql-devel.
-Matt
-
List info/subscribe/unsubscribe? See http
... upon looking deeper, it looks
like it might be an autoconf/libtool issue with x86_64 under Fedora 7.
If I come up with any potentially useful info, I'll post it here.
Sorry for the noise.
-Matt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, this isn't a bug report... i'm just hoping for tips on how to
proceed... thanks in advance for any clues.
-Matt
### begin complete users file ###
DEFAULT Auth-Type:=Kerberos
### end complete users file ###
### begin partial radiusd.conf ###
# stuff that was changed from the default 1.1.6
Tried that already.
cobb Cleartext-Password := secret
It just spits out an error that says I didn't use User-Password and
fails:
Thread 1 handling request 0, (1 handled so far)
NAS-Identifier = localhost
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Hello,
thats why. you cant use a plain password.
alan
[Cobb] What should I use? I have tried User-Password==,
Cleartext-Password:=, Cleartext-Password==,
NT-Password==0x0123456789abcdef...,
NT-Password==0123456789abcdef..
All complain that the NT Response is invalid and all but
1 - 100 of 204 matches
Mail list logo
