Hi folks,
I'd want to know is anyone is using dialupadmin along with php5..
Thanks in advance!
--
--
Sergio Belkin http://www.sergiobelkin.com
Watch More TV http://sebelk.blogspot.com
LPIC-2 Certified - http://www.lpi.org
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
Hi folks,
How long time does radwho/radutmp store accounting information?
Thanks in advance
--
--
Sergio Belkin http://www.sergiobelkin.com
Watch More TV http://sebelk.blogspot.com
LPIC-2 Certified - http://www.lpi.org
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
ppleTalkNetwork mapped to RADIUS
Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS
Tunnel-Private-Group-Id
conns: 0x6cb0ac0
Module: Checking authorize {...} for more modules to load
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
server inner-tunnel-peap { # from file
/etc/raddb-testing/sites-enabled/inner-tunnel-peap
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: Opening IP addresses and Ports
listen {
type = "auth"
ipaddr = 192.168.1.5
port = 0
}
listen {
type = "acct"
ipaddr = 192.168.1.5
port = 0
}
listen {
type = "control"
listen {
socket = "/usr/local-test/var/run/radiusd/radiusd.sock"
}
}
listen {
type = "status"
ipaddr = 127.0.0.1
port = 18120
client admin {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "YellowSubmarine"
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18121
}
Listening on authentication address 192.168.1.5 port 1812
Listening on accounting address 192.168.1.5 port 1813
Listening on command file /usr/local-test/var/run/radiusd/radiusd.sock
Listening on status address 127.0.0.1 port 18120 as server status
Listening on authentication address 127.0.0.1 port 18121 as server inner-tunnel
Ready to process requests.
any ideas?
--
--
Sergio Belkin http://www.sergiobelkin.com
Watch More TV http://sebelk.blogspot.com
LPIC-2 Certified - http://www.lpi.org
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
2012/7/12 Fajar A. Nugraha :
> On Fri, Jul 13, 2012 at 1:42 AM, Sergio Belkin wrote:
>> Storing data in a sql db looks interesting. I've never configured it.
>> If I use sql only for logging is /etc/raddb/sql.conf the main file
>> that I have to look?
>
> http
2012/7/12 Fajar A. Nugraha :
> On Thu, Jul 12, 2012 at 3:17 AM, Sergio Belkin wrote:
>
>> Alan, thanks for your advice, always in this mailing list I was
>> willing to learn and to admit when I have to fix something. Mail from
>> Tamás it looked somewhat sarcastic and ha
2012/7/11 Alan DeKok :
> Sergio Belkin wrote:
>> What a pity, I thought you had something interesting to teach us!
>> Oh I see you are trying to teach us something of social engineering in
>> a open source mailing list!
>> Wow...
>
> You're getting upse
2012/7/11 Tamás Becz :
>
>
>> -Original Message-
>> From:
>> freeradius-users-bounces+tamas.becz=ericsson.com@lists.freerad
> ius.org [mailto:freeradius-users->
> bounces+tamas.becz=ericsson@lists.freeradius.org] On
>> Behalf Of Sergio Belkin
that I am doing something wrong...
>
> Packet-Src-IP-Address, on the other hand, is whatever the radius sees
> the packet coming from, which should be the NAS/firewal's public IP
> address in your case.
>
> --
> Fajar
>
> On Mon, Jun 25, 2012 at 11:13 PM, Sergio Belkin
Hi,
I wonder radwho can show the "actual" Nas-IP-Address os and not the
Nat device IP nat. Another interesting option would be NAS-Identifier.
Is that feasible?
Thanks in advance!
--
--
Sergio Belkin http://www.sergiobelkin.com
Watch More TV http://sebelk.blogspot.com
LPIC-2 Certif
2012/6/6 Matthew Newton :
> On Wed, Jun 06, 2012 at 03:56:54PM -0300, Sergio Belkin wrote:
>> Good idea, I've tried appending %{EAP-Type) that to detail.log but
>> sending nothing
>> eg:
>>
>> auth-detail-AP-XXX-DEFAULT--20120606
>>
>> Between &qu
2012/6/6 Alan DeKok :
> Sergio Belkin wrote:
>> Good idea, I've tried appending %{EAP-Type) that to detail.log
>
> What does that mean?
>
>> but
>> sending nothing
>> eg:
>>
>> auth-detail-AP-XXX-DEFAULT--20120606
>>
>> Betwe
2012/6/6 Matthew Newton :
> On Wed, Jun 06, 2012 at 10:28:27AM -0300, Sergio Belkin wrote:
>> I've added this files because I like to separate logs when supplicants
>> are using PEAP or TTLS
>
> I'd still use just one file, and filter the logs instead.
>
>
2012/6/5 Matthew Newton :
> On Mon, Jun 04, 2012 at 11:43:07AM -0300, Sergio Belkin wrote:
>> 2012/6/4 Alan DeKok :
>> > The debug for the "inner-tunnel" *clearly* shows NOT using the "files"
>> > module.
>>
>> So, sorry for the stupid q
-Type LDAP {
ldap
}
eap
}
session {
radutmp
}
post-auth {
reply_log
Post-Auth-Type REJECT {
attr_filter.access_reject
}
}
pre-proxy {
}
post-proxy {
post_proxy_log
eap
}
EOF
Thanks in advance!
--
--
Sergio Belkin http://www.sergiobelkin.com
Watch More TV http://seb
2012/6/4 Alan DeKok :
> Sergio Belkin wrote:
>> I've appended something like to huntgroups file
>>
>> mb NAS-IP-Address == 10.129.189.1
>> mb NAS-IP-Address == 10.129.84.1
>> mb Called-Station-Id == 00-1B-7E-DC-AB-1A:UP-PVIII-I
>>
>> And in
2012/1/17 Sergio Belkin
>
>
>
> 2012/1/16 Alan Buxey
>>
>> Where's the log for when this happens? As MAC auth wouldn't go through EAP
>> tunnel it would suggest that some entry in eg users file is coming into
>> play...
>>
>> ala
e entries in
/var/log/radius/radiusd-inner-tunnel-* log files
Please could you explain me?
I don't use mac based authentication...
Thanks in advance!
--
--
Sergio Belkin http://www.sergiobelkin.com
Watch More TV http://sebelk.blogspot.com
LPIC-2 Certified - http://www.lpi.org
-
I mentioned exactly that last week but he disregarded it!
> Subject: Re: eapol_test giving up and win-like error?
> From: p.may...@imperial.ac.uk
> Date: Mon, 23 Jan 2012 10:12:08 +
> To: freeradius-users@lists.freeradius.org
>
> Phil Mayers wrote:
>
> >Mschap v1 doesn't validate the repl
Are we still having problems with this 'never ending' issue? Sending you
Alberto another email
Date: Tue, 17 Jan 2012 13:18:57 +0100
Subject: Re: EAP-session did no finish! (Linux)
From: alberto_marti...@deusto.es
To: freeradius-users@lists.freeradius.org
The problem is ALWAYS the same.
dius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Instantiating detail
detail {
detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating attr_filter.accounting_response
attr_filter attr_filter.accounting_response {
attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
}
radiusd: Opening IP addresses and Ports
listen {
type = "auth"
ipaddr = 192.168.1.5
port = 0
}
listen {
type = "acct"
ipaddr = 192.168.1.5
port = 0
}
listen {
type = "status"
ipaddr = 127.0.0.1
port = 18120
client admin {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "YellowSubmarine"
}
}
Listening on authentication address 192.168.1.5 port 1812
Listening on accounting address 192.168.1.5 port 1813
Listening on status address 127.0.0.1 port 18120 as server status
Ready to process requests.
--
--
Sergio Belkin http://www.sergiobelkin.com
Watch More TV http://sebelk.blogspot.com
LPIC-2 Certified - http://www.lpi.org
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
2011/12/17 Alan DeKok :
> Sergio Belkin wrote:
>> Ooops, sorry it says "could not extract EAP-Message from
>> RADIUS message"
>
> That's a message on the NAS. Ask the NAS manufacturer what it means.
>
>> Hmmm, so it should something wrong in the netw
2011/12/17 Alan DeKok :
> Sergio Belkin wrote:
>> I have a really weird problem. We have a lot of NAS'es and no one of
>> them had this problem, except only one! It gets always login
>> incorrect.
>
> Throw the NAS in the garbage.
>
>> If I run
>
og/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/192.168.2.53/detail-20111216
[detail] expand: %t -> Fri Dec 16 09:50:00 2011
++[detail] returns ok
++[unix] returns noop
[radutmp] expand: /usr/local/var/log/radius/radutmp ->
/usr/local
l-20111216
[detail] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/192.168.2.53/detail-20111216
[detail]expand: %t -> Fri Dec 16 09:50:00 2011
++[detail] returns ok
++[unix] returns noop
[radutmp] expand: /usr/local/va
2011/12/16 Sergio Belkin :
> 2011/12/16 Sergio Belkin :
>> Hi,
>>
>> I have a really weird problem. We have a lot of NAS'es and no one of
>> them had this problem. It gets always login incorrect. If I run
>> eapol_test it complains saying. I've tried re
2011/12/16 Sergio Belkin :
> Hi,
>
> I have a really weird problem. We have a lot of NAS'es and no one of
> them had this problem. It gets always login incorrect. If I run
> eapol_test it complains saying. I've tried replacing the nas a few
> times and makes no diffe
rom: p.may...@imperial.ac.uk
> To: freeradius-users@lists.freeradius.org
> Subject: Re: IPv6 ready?
>
> On 31/10/11 16:19, Sergio NNX wrote:
> > Cool, what can i do about it? I'm new to FR so I don't know how to
>
> Personally I'd advise running it on a Uni
o: freeradius-users@lists.freeradius.org
> Subject: Re: IPv6 ready?
>
> On 31/10/11 15:58, Sergio NNX wrote:
> > Thanks Phil. Can you try 'mkdir 0:0:0:0:0:0:0:0' on a Windows box and
> > let mw know if it works?
>
> I can tell you for absolute certain it won't without even
Thanks Phil. Can you try 'mkdir 0:0:0:0:0:0:0:0' on a Windows box and let mw
know if it works?
> Date: Mon, 31 Oct 2011 15:46:47 +
> From: p.may...@imperial.ac.uk
> To: freeradius-users@lists.freeradius.org
> Subject: Re: IPv6 ready?
>
> On 31/10/11 15:32, Ser
will be, for instance, 0:0:0:0:0:0:0:0, and the path becomes :
${radacctdir}/0:0:0:0:0:0:0:0/detail-%Y%m%d.log
but FR crashes since it cannot create a folder with that name. Is there any way
of overcoming this issue? replace : with . or so???
Thanks again for your help.
S
g about :: or ::1
Do the below lines from radiusd.conf require any change when IPv6?
...
...
detail {
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d.log
}
...
...
Sorry about asking many questions at the same time but the
This kind of Q&A thing helps no one here! Many people are reporting the same
issue on different platforms! I don't think the problem is either with the
client or the certificates since I conducted some testing using the same client
and the same certificates but an old FR version (1.1.7) and the
radius.org/Certificate_Compatibility. However, no one seems to
know the answer/solution to this issue.
Just bear in mind I'm new to this project and my ignorance may contribute to
. you know!
Thanks in advance.
Sergio.
> From: martin.ub...@uwe.ac.uk
> To: freeradius-users@lists.freer
Hi Alan,
Thanks for your reply.
That's all ... after the following lines: EAP-Message =
0x737420526f6f742043412028
Message-Authenticator =
0x
State =
0x2
40813064c6f6e646f6e311430120603550407130b576573746d696e73746572311c301a060355040a13134d617465415220495420536f6c7574696f6e7331173015060355040b130e504b49204465706172746d656e7431223020060355040313195465
EAP-Message = 0x737420526f6f742043412028
Message-Authenticator = 0x
oyingradius.com/documents/configuration/pap.html. Very useful, by
the way.
PAP, MSCHAP and MSCHAPv2 work ok, but I'm unable to get any EAP tests to pass.
I've tries almost everything, including:
http://deployingradius.com/documents/configuration/eap-problems.html
I need some help!
Thanks
e've found that it seems that
firewall device at the edge of the network is causing such that
issues.
Thanks
--
--
Sergio Belkin http://www.sergiobelkin.com
Watch More TV http://sebelk.blogspot.com
LPIC-2 Certified - http://www.lpi.org
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Instantiating d
Are we in a bad mood?
> Date: Tue, 11 Oct 2011 08:46:28 +0200
> From: al...@deployingradius.com
> To: freeradius-users@lists.freeradius.org
> Subject: Re: Local Auth if Proxy Auth fails ---OR--- Proxy Auth if Local Auth
> fails
>
> Яцко Эллад Геннадьевич (ngs) wrote:
> > I am beginner in RADIUS
LinkedIn
Sergio Belkin requested to add you as a connection on LinkedIn:
--
Glen,
I'd like to add you to my professional network on LinkedIn.
- Sergio
Accept invitation from Sergio Belkin
http://www.linkedin.com/e/f5ihn8-gpo
>>
>> I was testing openfire but it can't choose the attribute, only uses
>> userPassword, and has a radius plugin a bit outdated...
>>
>
> Have you tried PAM and pam_radius?
> -
No yet :)
--
--
Sergio Belkin http://www.sergiobelkin.com
Watch More TV http://s
2011/5/27 Phil Mayers :
> On 27/05/11 16:58, Sergio Belkin wrote:
>>
>> I mean use a xmppserver as a NAS. I think that it provide more
>> flexibility to choose based on what attributes is performed the
>> authentication.
>
> So, would the idea be that:
>
2011/5/27 Phil Mayers :
> On 27/05/11 16:31, Sergio Belkin wrote:
>>
>> Hi,
>>
>> I'd want to know if anyone there is using freeradius along with a xmpp
>> server.
>
I mean use a xmppserver as a NAS. I think that it provide more
flexibility to choose
Hi,
I'd want to know if anyone there is using freeradius along with a xmpp server.
I'd like to read experiences about it.
Thanks in advance!
--
--
Sergio Belkin http://www.sergiobelkin.com
Watch More TV http://sebelk.blogspot.com
LPIC-2 Certified - http://www.lpi.org
-
List info
;> t without response.
>
> server doesnt lie. check the shared secret for the ACCOUNTING part of the
> NAS
>
> alan
Oops, sorry it's my fault. I forget to append
append "$var" "acct_server_shared_secret=$secret" "$N"
to openwrt NAS. It resulted in a
thing, because the secret on both radius server and NASes
are the same!
I don't understand the problem!
Thanks in advance!
--
--
Sergio Belkin http://www.sergiobelkin.com
Watch More TV http://sebelk.blogspot.com
LPIC-2 Certified - http://www.lpi.org
-
List info/subscribe/unsubscribe
nsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.ht
to add one line like above per NAS. Is a nicer way to do it?
The second one is that I don't know how to do it for Ldap users.
Thanks in advance!
--
--
Sergio Belkin http://www.sergiobelkin.com
Watch More TV http://sebelk.blogspot.com
LPIC-2 Certified - http://www.lpi.org
-
List info/subscr
Hi,
Is there a way to restrict an LDAP user to be authorized only from an
specific NAS (Access Point)?
I'm using FreeRADIUS Version 2.1.1
Thanks in advance!
--
--
Sergio Belkin http://www.sergiobelkin.com
Watch More TV http://sebelk.blogspot.com
LPIC-2 Certified - http://www.lpi.org
-
ll 192.168.188.187, length 28
12:46:14.920228 ARP, Reply 192.168.188.1 is-at 00:25:9c:14:06:6c (oui
Unknown), length 28
Thanks in advance!
--
--
Sergio Belkin http://www.sergiobelkin.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
How does freeradius consider that "Bind as user failed"
Thanks in advance!!
--
--
Sergio Belkin http://www.sergiobelkin.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ss, Client-IP-Address,
NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Instantiating detail
detail {
detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm =
Hi,
I have a certificate with xpextensions but its "SubjectAltName" is empty.
Is Mandatory or only is wrong when its content doesn't match with FQDN?
Thanks in advance!
--
--
Sergio Belkin http://www.sergiobelkin.com
Watch More TV http://sebelk.blogspot.com
Sergio Belki
2010/4/5 Sergio Belkin :
> Hi,
>
> I've enabled on users file something like that:
>
> guest Cleartext-Password := "guest"
>
>
> How can I limit that user to one only NAS IP Address?
>
> Thanks in advance!
>
> --
> --
Hmmm.. I wonder either
Hi,
I've enabled on users file something like that:
guest Cleartext-Password := "guest"
How can I limit that user to one only NAS IP Address?
Thanks in advance!
--
--
Open Kairos http://www.sergiobelkin.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
List
2010/3/31 Julien Savoie :
> Sergio Belkin wrote:
>>>
>>> and proxy.conf
>>>
>>> realm DEFAULT {
>>> strip
>>> }
>>>
>>> If you only have one domain this will work. If you have different
>&
p the individual realms. Sounds like in your case you
> don't though.
>
>
Hi Julien, file /etc/raddb/modules/mschap is as original one. I use
no domain, only user+password. Sorry, but I forget the subject before.
Thanks in advance!
> Sergio Belkin wrote:
>
> There are a f
t.com
Sergio Belkin -
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
great!!
bye and thanks :)
--
Sergio
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
2010/3/17 Alan DeKok :
> Sergio Belkin wrote:
>> When I run on the shell do it fine, but when it is launched by root it
>> fails, resulting in:
>>
>> radclient: dict_init:
>> /usr/local/share/freeradius/dictionary.freeradius[47]: dict_addattr:
>> attribu
2010/3/17 Sergio Belkin :
> Hi, I have a simple script as follows:
>
> #! /bin/bash
> echo "Message-Authenticator = 0x00, FreeRADIUS-Statistics-Type = 16" |
> radclient localhost:18120 status YellowSubmarine | tee
> /var/log/radius/status-"$(date -d "yes
tmp/whatsup 2>&1
Please could you help to solve it?
Thanks in advance
--
--
Sergio Belkin http://www.sergiobelkin.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
e a
way to get *only* stats from Client?
Thanks in advance!
--
--
SB http://www.sergiobelkin.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi my name is Sergio Ormeño, i am from Chile, and i with some partners are
trying to create a Captive portal with NoCatAuth+RADIUS+LDAP and we have
problems with the conection between RADIUS+LDAP with a radtest everything if
fine and the packet is accepted, but in the login page of NoCat dosn`t
ization and authentication.
>
> So don't. Use it just for accounting.
>
>> Can I use that module only for
>> easiest log handling *only* ?
>
> What does that mean?
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe?
2009/10/29 Ivan Kalik :
> Sergio Belkin wrote:
>>
>> 2009/10/29 Ivan Kalik :
>>
>>>
>>> Sergio Belkin wrote:
>>>
>>>>
>>>> Hi,
>>>>
>>>> Sorry for the stupid question, but I'd want to get how
2009/10/29 Ivan Kalik :
> Sergio Belkin wrote:
>>
>> Hi,
>>
>> Sorry for the stupid question, but I'd want to get how many time every
>> user is connected, please could you provide some kind of guideliness?
>> Using Version 2.1.1.
>>
>
> SE
Hi,
Sorry for the stupid question, but I'd want to get how many time every
user is connected, please could you provide some kind of guideliness?
Using Version 2.1.1.
Thanks in advance!
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
2009/10/23 Alexander Clouter :
> Sergio Belkin wrote:
>>
>> Is there a way to get the las time that user got Accept-Accept and
>> Accept-Reject, of course I can parse log files but I wonder if there a
>> radius tool that can do it.
>>
> -> SQL
>
> SE
Hi,
Is there a way to get the las time that user got Accept-Accept and
Accept-Reject, of course I can parse log files but I wonder if there a
radius tool that can do it.
Thanks in advance
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin
2009/10/14 Arran Cudbard-Bell :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 13/10/2009 18:53, Sergio Belkin wrote:
>> Hi,
>>
>> Is there a way to log if a supplicant is using either wpa or wpa2?
>>
>> Thanks in advance!
>>
>
>
Hi,
Is there a way to log if a supplicant is using either wpa or wpa2?
Thanks in advance!
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sorry for the stupid question Is possible on FreeRADIUS Version 2.1.1
create log files both on daily and weekly basis?
Thanks in advance!
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
List info/subscribe/unsubscribe? See http
2009/9/3 Sergio Belkin :
> 2009/9/1 Ivan Kalik :
>>>> I have configured three virtual servers: "default", "inner" (uses
>>>> eap-ttls), "inner-peap" (uses eap-peap). I guess that "out of tunnel"
>>>> attempts go to &quo
sed without TTLS
or PEAP. So I don't understand why some OK's was sent to default
server log. Because of that now I use
requests =
${logdir}/radiusd-%{%{Virtual-Server}-%Y%m%d.log and now there are no
entries on default log server, I wonder if what I am doing is right, I
mean if I am omitt
2009/8/31 Sergio Belkin :
> Hi,
>
> I have configured three virtual servers: "default", "inner" (uses
> eap-ttls), "inner-peap" (uses eap-peap). I guess that "out of tunnel"
> attempts go to "default server" log files.
>
> cr
= 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Instantiating detail
detail {
detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating attr_filter.accounting_response
attr_filter attr_filter.accounting_response {
attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
}
radiusd: Opening IP addresses and Ports
listen {
type = "auth"
ipaddr = 192.168.1.5
port = 0
}
listen {
type = "acct"
ipaddr = 192.168.1.5
port = 0
}
Listening on authentication address 192.168.1.5 port 1812
Listening on accounting address 192.168.1.5 port 1813
Ready to process requests.
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
2009/8/28 Sergio Belkin :
> Hi I am using Version 2.1.1 with openldap on Centos 5
> I wonder if is feasible dumping to logs when user gets login incorrect
> if due to non-existance of that uid on Ldap.
>
> Thanks in advance!
>
> --
> --
Shame on me! That's is somethi
Hi I am using Version 2.1.1 with openldap on Centos 5
I wonder if is feasible dumping to logs when user gets login incorrect
if due to non-existance of that uid on Ldap.
Thanks in advance!
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin
gt; List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
know
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
Sorry for the stupid question, what does "EAP-Message =* ANY" mean?
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Bel
2009/6/5 John Dennis :
> Sergio Belkin wrote:
>> Hi,
>>
>> Let's suppose that John Doe comes and login with jdoe uid, then Joe
>> comes and wants to use wireless network, but he has not entry neither
>> Ldap nor in radius users file, so he ask for jdoe th
2009/6/5 :
> Hi,
>> Hi Sergio,
>>>
>>> Is possible that Reply-message can be seen from laptops running the
>>> supplicant?
>>
>> Not with EAP no. You can use EAP-Notification packets, but very few
>> supplicants display the contents
Hi,
Is possible that Reply-message can be seen from laptops running the supplicant?
Thanks in advance!
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
event that from radius? (please don't tell me to fire John
Doe ;) ).
Thanks in advance!
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.1, for host x86_64-unknown-linux-gnu,
built on Oct 21 2008 at 15:14:37
I'd thank you your help!
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hen a user come and connect to that cheating
Access Point. Please tell me if that risk exists and if is wothy of
worrying. If it is, how I can do for check radius server name on
modern distro Linux?
Thanks in advance and happy new year
--
--
Open Kairos http://www.openkairos.com
Wat
2008/12/17 :
> AP uses DHCP not radius to assign IPs. So - no. You can reserve IPs for
> devices but not users.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 17/12/2008, "Sergio Belkin" piše:
>
>>Hi,
>>
>>I wonder if radius force to a
Hi,
I wonder if radius force to a given user eg jdoe that only get from
an Access Point always the same IP address?
Thanks in advance
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
List info/subscribe/unsubscribe? See http
2008/12/15 Alexander Clouter :
> Sergio Belkin wrote:
>>
>> Thanks for ideas,
>>
>> In fact, some things you suggest I am using right now :) for example:
>>
>> *Automatized SecureW2 installer (ttls)
>> *Web Page with "secondary" password fo
atized SecureW2 installer (ttls)
*Web Page with "secondary" password for peap
But even so, some users find somewhat hard to use.
I've tried with no success at this moment use more than one SSID on
OpenWRT on Linksys WRT54GL...
All in all, you and Paul have provided me interesting
rn queries to ldap server.
I'd want to know if CoovaAP (or something similar, what?) can perform
such task as portal captive installed on APs.
I'd be glad to read suggestions
Thanks in advance!!
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Se
s.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
20: 0005 001f 3a1b 4e8b 776c 3000 1000 :.N.wl0.
0x0030: 5000 fc59 fb00 0101 00PY.
00:10:40.337119 EAP code=1 id=1 length=0
Please, what could be the problem?
Thanks in advance
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://seb
2008/12/5 Alan DeKok <[EMAIL PROTECTED]>:
> Sergio Belkin wrote:
>> That solved it. Now it remains a little problem on radiusd.log:
>>
>> Thu Dec 4 09:07:51 2008 : Error: rlm_ldap: ldap_search() failed: LDAP
>> connection lost.
>
> Your LDAP serve
2008/12/3 Alan DeKok <[EMAIL PROTECTED]>:
> Sergio Belkin wrote:
>> Hi, I use freeradius with EAP-TTLS y EAP-PEAP, below there is ldap
>> log, I wonder why radius "bothers" to query for anonymous uid and not
>> only for uid into the tunnel
>
> Because
tries=1 text=
Dec 3 08:55:05 sinclair slapd[11285]: conn=1264 fd=15 closed (idletimeout)
Does make sense to query for anonymous?
Thanks in advance
Thanks in advance!
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
be glad to read suggestions and comments...
Thanks in advance
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I've upgraded to OpenWRT Kamikaze and problem seems goes away...
2008/11/6 Alan DeKok <[EMAIL PROTECTED]>:
> Sergio Belkin wrote:
>> Alan, thanks, That's really a quite convincing answer :)
>
> Yup. I'm not just a random loudmouth on this list.
>
1 - 100 of 269 matches
Mail list logo