, perhaps a strange
interaction that the client itself is causing.
Thanks,
James
On 08/01/2013 12:02 AM, Alan DeKok wrote:
Re: WiMAX TLV value correct in debug but not correct in packet capture
James Leavitt wrote:
I just rebuilt a new server on a newer os (and 64 bit vs 32), and I am
still
thinking
I've set something that would make this happen, but I cannot get over
the fact that other values are working fine.
Thanks,
James
On 07/31/2013 10:06 AM, Alan DeKok wrote:
Re: WiMAX TLV value correct in debug but not correct in packet capture
James Leavitt wrote:
After some
, then I now have two sets of broken binaries
(granted they are on the same platform so perhaps it's a library problem?).
Perhaps I should install a whole new system / os and test on it to see
if a similar problem exists. What I will try now is another TLV and see
how it behaves.
Thanks,
James
Understood Alan,
As I admitted I should have followed your example and copied the whole
VSA, not just the TLV section, again mea culpa.
I did however include the PCAP as you had requested, which has the works.
James
On 07/31/2013 02:34 PM, Alan DeKok wrote:
Re: WiMAX TLV value correct
Strange indeed.
I just rebuilt a new server on a newer os (and 64 bit vs 32), and I am
still seeing the same issue.
I must have something messed up somewhere. Only thing is order of the
whole structure is different from my prod, but that shouldn't matter.
Here's my eap.conf just in case there
I've just tried other TLVs and the same problem, meanwhile everything
that is not a TLV works.
Thanks,
James
On 07/31/2013 05:10 PM, James Leavitt wrote:
Re: WiMAX TLV value correct in debug but not correct in packet capture
Strange indeed.
I just rebuilt a new server on a newer os
feel the problem is when the values are copied to the outer tunnel, but
just these TLVs get corrupted.
I'll take a look at 3.0.0 and see if I can work with that and post back
my findings.
Thanks again,
James
On 07/30/2013 11:13 AM, David Peterson wrote:
RE: WiMAX TLV value correct in debug
not letting me
re-auth (I was working on fixing the CSID in the accounting and must
have changed something it doesn't like) so not sure what's up, but I
don't believe v3 is the solution.
I will get a tcpdump if it's worth while.
Thanks,
James
On 07/30/2013 12:01 PM, James Leavitt wrote:
Re: WiMAX TLV
anything
other than a restart of radiusd.
I see the definition in the wimax dictionary is short
Anyhow, if there's a bug / solution / setting that I've blatantly
missed, please let me know.
I am attaching more debug below.
Thanks,
James
Going to the next request
Ready to process requests
Thanks for your usual indulgence and assistance, Alan and all. Much appreciated.
I did the hopelessly illogical thing of testing it from an actual NAS
associated with the proxy. The home server, which had been returning those
rejects thus far, now accepted the user without fuss. Must be
Hi,
Hope someone can give me a pointer on this matter.
We have 2 RADIUS installations, thus:
1. FreeRADIUS/mysql Version 2.1.1, in whose radcheck, Password attribute
is 'User-Password'
2. FreeRADIUS/mysql Version 2.1.10, in whose radcheck, Password
attribute is 'Cleartext-Password'
On both
output indicates the
regular expression is rejecting a valid user. Is there someone that could
confirm the RE?
if (User-Name =~ /^([^@]*)@([-A-Z0-9]+(\\.[-A-Z0-9]+)+)$/) {
...
add the case-insensitive flag i.e. end the line with
$/i) {
instead of your current:
$/) {
Kind regards,
James
need the external ntcrypt
script. All that functionality is built in, just do this:
server INNER-eap {
authorize {
...
update control {
Cleartext-Password := 'thePassword'
MS-CHAP-Use-NTLM-Auth := 0
}
...
}
...
}
Kind regards,
James
--
James J J Hooper
I ran into an issue where proxy.conf was globally readable for some reason,
freeradius wouldn't start because of this and this wasn't picked up by
radiusd -C. Can this check be added?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
* globally writable I mean
On Tue, Nov 27, 2012 at 8:55 AM, James Devine fxmul...@gmail.com wrote:
I ran into an issue where proxy.conf was globally readable for some
reason, freeradius wouldn't start because of this and this wasn't picked up
by radiusd -C. Can this check be added?
-
List
radiusd -XC seems to produce what I was looking for, thanks.
On Tue, Nov 27, 2012 at 9:10 AM, Alan DeKok al...@deployingradius.comwrote:
James Devine wrote:
* globally writable I mean
It already checks that.
$ chmod a+w raddb/proxy.con
$ radiusd -XC
...
Configuration file ./raddb
I have a freeradius server which has multiple IPs aliased on the same
interface. This works if I specify each IP explicitly in its own listen {
} section but if I try to listen on * all responses are sent from the same
IP regardless of which IP the request was received on.
-
List
On Fri, Nov 9, 2012 at 12:47 PM, Phil Mayers p.may...@imperial.ac.ukwrote:
James Devine fxmul...@gmail.com wrote:
I have a freeradius server which has multiple IPs aliased on the same
interface. This works if I specify each IP explicitly in its own
listen {
} section but if I try to listen
You definitely can. The Cisco configuration would look like this:
!
version 15.0
!
aaa new-model
aaa group server radius FreeRadius
server 192.168.0.1 auth-port 1812 acct-port 1813
ip radius source-interface Vlan10
aaa authentication login default group FreeRadius local
aaa authorization exec
(buffer + 44, sizeof(buffer) - 44,
^^^ ^^^
?
Kind regards,
James
--
James J J Hooper
Senior Network Specialist, University of Bristol
http://wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
separate logical instances running a single daemon.
-James
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
completed Phil's suggestions, check
the logs on your domain controllers for anomalies.
-James
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the user for the
correct password], and when the response comes in it isn't sent to
do_mschap()
Am I mistaken and this functionality hasn't been written yet? ...or have I
mis-configured something?
Debug snippet appended.
Thanks,
James
## INITIAL ATTEMPT WITH BAD PASSWORD:
Debug
On 11/04/2012 17:24, James J J Hooper wrote:
Hi All,
FR 2.1.x Git, doing PEAP against AD via ntlm_auth. I thought that with:
allow_retry = yes [in modules/mschap]
and
send_error = yes [in modules/eap]
...FR has the functionality to take the second password attempt, and
re-try it against AD
-domain: %{mschap:NT-Domain}
-James
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, this means NPS and IAS discard a lot of
valid packets!
If you are proxying to IAS or NPS, filter the attributes very carefully
before they hit the MS radius servers.
Regards,
James
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
for solutions to this error message, but have not been able to find
any that work. Could you please tell us what we did wrong.
James M. DeLuca
Network Administrator
Kiski Area School District
200 Poplar St
Vandergrift, PA 15690
Office: 724-845-6188
Cell: 724-640-4681
-
List info/subscribe/unsubscribe
mailing list
Subject: Re: FreeRadius questions
Please make sure that port 1812/1813 are enabled on your server firewall.
Hashim Mohammed Zayed
Moeen IT
On 2012 2 28 17:10, James DeLuca
jdel...@wiu.k12.pa.usmailto:jdel...@wiu.k12.pa.us wrote:
Hope you can help us out. First time dealing with RADIUS
Changed the radtest to
radtest bob hello 10.0.8.9 0 testing123
Now in the terminal windows where we ran radiusd -X we get the following error
Ignoring request to authentication address 10.0.8.9 port 1812 from unknown
client 10.0.8.9 port 56524
The terminal session we ran the
radtest bob
will apply ;)
-James
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
,
James
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
5353472 cli
9.72.8.13)
If you want FR to handle the CHAP for you:
[chap] Cleartext-Password is required for authentication
If FR doesn't know the correct password, you can't expect it to do CHAP.
Change things so FR knows the password, or do plain text authn as per your
first scenario.
-James
On 10/26/2011 12:11 AM, freeradius-users-requ...@lists.freeradius.org
wrote:
You just add the attributes, and the server will take care of
encapsulating them in TLVs.
Is there any thing i must pay attention to with regard to either (or
both of):
1. The order in which i define the
Apologies for my incorrectly headed last response:
On 10/26/2011 12:11 AM, freeradius-users-requ...@lists.freeradius.org
wrote:
You just add the attributes, and the server will take care of
encapsulating them in TLVs.
Is there any thing i must pay attention to with regard to either (or
Hi,
I have managed to auth a Greenpacket WiMAX MS via an eap ttls tunnel.
Thanks to Alan's direction earlier, I can also send the service flow
definitions correctly.
I have now found that subsequent db writes (and logging) associated with
accounting and postauth functions are the encrypted
On 10/26/2011 02:49 PM, freeradius-users-requ...@lists.freeradius.org
wrote:
On Access-Accept, store the unencrypted User-Name in the DB, along
with a Class attribute. When you receive an accounting packet, look up
the Class attribute to find the unencrypted User-Name.
Thanks
I notice
to use
PEAP i.e. MS-CHAPv2 inner, it's not possible:
http://wiki.freeradius.org/FAQ#How+do+I+permit+access+to+any+user+regardless+of+password%3F
You could perhaps do it with TTLS/PAP.
-James
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I am running 2.1.12 in an attempt to auth Wimax users. However I am
having difficulty defining TLVs for WiMAX-QoS-Descriptor and associated
WiMAX-Packet-Flow-Descriptor
I used a post on the matter in the freeradius mailing list which
suggested something to the effect of:
INSERT INTO
a plain text
password, or the NTLM hash of the password.
If your LDAP directly has plain text passwords, or NTLM hashes, then you
can use it for authentication.
You can use LDAP for authorization in any case.
Regards,
James
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
-cert.pem -noout -text
and verify the properties of the cert you have.
-James
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
but then says:
2) do:
openssl -in /path/to/your/raddb/server-cert.pem -noout -text
and verify the properties of the cert you have.
I forgot the x509, it should have been:
openssl x509 -in /path/to/your/raddb/server-cert.pem -noout -text
-James
-
List info/subscribe/unsubscribe? See http
can all see what's actually happenning?
-James
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
will tell you which files it's
reading. Check it's reading your mschap file (the one you configured, not
some other one).
-James
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
://freeradius.org/rfc/rfc2866.html#Acct-Terminate-Cause
If you need to know precisely when your NAS sets one or other value for
this attribute, you would have to ask the NAS manufacturer.
-James
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
before it
goes to ntlm_auth against your AD).
Regards,
James
--
James J J Hooper
Senior Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 13/10/2011 21:35, James J J Hooper wrote:
On 13/10/2011 21:16, Kevin Chan wrote:
Hi all,
hopefully i got to the right group of people.
We are trying to use Freeradius to do PEAP/MSCHAPv2
authentication against Active Directory (2003). Our realm is
abc.acme.edu, but since Eduroam doesn't
How do I get freeradius to deny access based on the ldap attribute
nsAccountLock = true?
http://g.bfbcs.com/175/pc_Lt%20Lotz.png Description: pc_Lt Lotz
image003.jpg-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi, All
Thanks a bunch for this. I have tested both the ubuntu and CentOS/RedHat
variants successfully on separate machines, integrated with postgresql.
(The mysql was a typo incited by a previous install of freeradius-mysql).
Ironically, i also managed to build deb packages from the 2.1.12
else having the same
issue?) ... or is it just me?
-James
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Apologies for the late response. Our mail system went down at a terrible
time!
From: Johan Meiringjmeir...@pcservices.co.za
Subject: Re: Rewriting wimax calling-station-id with perl
Which version of debian do you need packages for?
I am trying to install it on ubuntu 11.04
Hi,
As you are undoubtedly aware, the ubuntu/debian package of freeradius
comes without the wimax module (despite having the wimax module)
installed. My own attempts to compile/install/build deb package for
ubuntu always die with the infamous undefined reference to
`lt_preloaded_symbols'
: WARNING: silently not building rlm_sql_postgresql.
[10:12:31.2] configure: WARNING: FAILURE: rlm_sql_postgresql requires:
libpq-fe.h libpq.
Fix this, and then re-compile it.
-James
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 17/09/2011 01:56, Alan DeKok wrote:
James J J Hooper wrote:
Above won't work since:
https://github.com/alandekok/freeradius-server/commit/1a00da32c13fb979e11748250da469c7ac4474a8
-James
https://github.com/alandekok/freeradius-server/commit/1a00da
In fact this dictionary change breaks
/freeradius-server/commit/1a00da32c13fb979e11748250da469c7ac4474a8
-James
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Don't do that.
Instead, don't reject the in the first place. For example:
authorize {
...
sql
if (notfound) {
update control {
Auth-Type := Accept
}
}
}
Above won't work since:
https://github.com/alandekok/freeradius-server/commit/1a00da32c13fb979e11748250da469c7ac4474a8
-James
https
when this was changed?
Apparently, a long time ago:
https://github.com/alandekok/freeradius-server/commits/master/raddb/modules/acct_unique
-James
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 29/08/2011 15:13, Alan DeKok wrote:
I've put some pre releases of 2.1.12 on the web site:
http://git.freeradius.org/pre/
Please let me know if there are any problems. If not, this can become
2.1.12.
All seems good so far.
-James
radmin show version
FreeRADIUS Version 2.1.12
Total denied auths: 0
Total lost auths: 0
...so it seems you need User-Name, Calling-Station-Id and Service-Type.
-James
--
James J J Hooper
Senior Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http
on how you are
generating the CoA this may be problematic, but is easily solved with a
line in your iptables config:
*nat
-A POSTROUTING -p udp --dport 3799 -d NAS-IP -j SNAT --to-source
radius-server-IP:radius-listening-port
COMMIT
-James
--
James J J Hooper
Senior Network Specialist
, or with real users.
(3) Android probably isn't a good OS to use for AAA testing, because
depending on which version you have there are various bugs with it's
enterprise wi-fi support.
Regards,
James
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
that FR cant read the file unless it is chmod o+r.
[upgrade and] fix the permissions and it will work.
-James
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
that, e.g:
ssid1 - 192.0.2.1:1645
ssid2 - 192.0.2.1:1812
Then use a different FreeRADIUS virtual server to handle each (i.e. on
virtual server listening on port 1812 , and one listening on port 1812).
This way you can keep the intricacies of each separate.
-James
-
List info/subscribe
staff to see what is going on without needing to
ssh to anything.
-James
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
=192.0.2.99
: LDAP URL as per http://www.ietf.org/rfc/rfc2255.txt
-James
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How do I deny access based on the ldap attribute nsAccountLock = true?
http://g.bfbcs.com/175/pc_Lt%20Lotz.png Description: pc_Lt Lotz
image003.jpg-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
header = %t
}
-James
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
?
Thanks,
James
[updated] returns updated
+++- if ((Calling-Station-Id) %{Calling-Station-Id} =~
/^%{config:policy.mac-addr}$/i) returns updated
+++ ... skipping else for request 750: Preceding if was taken
++- policy create.uob-stripped-mac returns updated
SoH-Supported = yes
On 04/05/2011 11:24, Phil Mayers wrote:
On 04/05/11 10:42, James J J Hooper wrote:
[updated] returns updated
+++- if ((Calling-Station-Id) %{Calling-Station-Id} =~
/^%{config:policy.mac-addr}$/i) returns updated
+++ ... skipping else for request 750: Preceding if was taken
++- policy
On 04/05/2011 11:37, Phil Mayers wrote:
On 04/05/11 10:42, James J J Hooper wrote:
Hi All,
Sorry for the sketchy details
We got an
ASSERT FAILED xlat.c[1048]: outlen 0
with a PEAP user. The bit of the -X I have is as below, and the soh
virtual server config is attached. I have no further
On 10/04/2011 07:03, Alan DeKok wrote:
James J J Hooper wrote:
I've may have mis-understood the code, but I think the EAP MS-CHAP-v2
Failure packet, should be an EAP *request* (currently it's EAP failure)??
Yes, thanks.
Also, args to pairmove2 are wrong way around, as attached.
-James
On 10/04/2011 12:16, James J J Hooper wrote:
On 10/04/2011 07:03, Alan DeKok wrote:
James J J Hooper wrote:
I've may have mis-understood the code, but I think the EAP MS-CHAP-v2
Failure packet, should be an EAP *request* (currently it's EAP failure)??
Yes, thanks.
Also, args to pairmove2
On 10/04/2011 12:39, James J J Hooper wrote:
On 10/04/2011 12:16, James J J Hooper wrote:
On 10/04/2011 07:03, Alan DeKok wrote:
James J J Hooper wrote:
I've may have mis-understood the code, but I think the EAP MS-CHAP-v2
Failure packet, should be an EAP *request* (currently it's EAP failure
On 10/04/2011 12:57, James J J Hooper wrote:
On 10/04/2011 12:39, James J J Hooper wrote:
On 10/04/2011 12:16, James J J Hooper wrote:
On 10/04/2011 07:03, Alan DeKok wrote:
James J J Hooper wrote:
I've may have mis-understood the code, but I think the EAP MS-CHAP-v2
Failure packet, should
Failure packet, should be an EAP *request* (currently it's EAP failure)??
http://tools.ietf.org/html/draft-kamath-pppext-eap-mschapv2-01#page-12
...as per attached diff?
-James
p3.txt.gz
Description: GNU Zip compressed data
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
applying the patches to 2.1.x git -- maybe because they got
mushed during the email process.
Adding the bits by hand seemed to work, and I can confirm the result is as
you describe on an iPhone (that's all I had to hand to test).
Attached are the two 'git diff' that I ended up with.
-James
--On Thursday, April 07, 2011 13:33:33 +0100 James J J Hooper
jjj.hoo...@bristol.ac.uk wrote:
Attached are the two 'git diff' that I ended up with.
gzipped so they don't get messed up.
-James
p1.txt.gz
Description: Binary data
p2.txt.gz
Description: Binary data
-
List info/subscribe
On 07/04/2011 13:33, James J J Hooper wrote:
--On Wednesday, April 06, 2011 15:42:11 -0500 john.hayw...@wheaton.edu wrote:
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
I don't know if this should be sent to the developers list instead.
=== Background
can
I fix it?
...configure the basedn correctly!!
wrong: basedn = dn=my-domain,dn=com
correct:basedn = dc=my-domain,dc=com
-James
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
/eap.conf#L471
(also line 570 - once for TTLS, once for PEAP)
-James
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a CN to match, so using a
self-signed cert, and setting the client just to trust that CA mitigates
the public CA vector.
-James
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
On 07/03/2011 22:18, Arran Cudbard-Bell wrote:
On Mar 7, 2011, at 4:05 PM, James J J Hooper wrote:
On 07/03/2011 21:42, John Dennis wrote:
I changed default_eap_type=md5 to default_eap_type=ttls and now the
Macs are able to authenticate without Certs or any configuration on their
side
/credential stealing attacks etc. This may be
acceptable in your environment, but if not, you'll still need to actively
configure the client.
-James
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http
.
That could be fixed for 2.1.11, I guess. If someone can test it...
Yes please, and will do.
-James
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--On Friday, March 04, 2011 11:49:50 +0100 Alan DeKok
al...@deployingradius.com wrote:
James J J Hooper wrote:
That could be fixed for 2.1.11, I guess. If someone can test it...
Yes please, and will do.
Try this patch. You should see MSCHAP Failure in the debug log,
where
--On Friday, March 04, 2011 12:04:51 + James J J Hooper
jjj.hoo...@bristol.ac.uk wrote:
--On Friday, March 04, 2011 11:49:50 +0100 Alan DeKok
al...@deployingradius.com wrote:
James J J Hooper wrote:
That could be fixed for 2.1.11, I guess. If someone can test it...
Yes please
--On Friday, March 04, 2011 13:32:35 +0100 Alan DeKok
al...@deployingradius.com wrote:
Alan DeKok wrote:
James J J Hooper wrote:
rlm_eap_mschapv2.c: In function `mschapv2_authenticate':
rlm_eap_mschapv2.c:658: error: called object is not a function
rlm_eap_mschapv2.c:658: error: too few
by 40% by doing this. N.B Resumed
sessions will not touch your inner-tunnel config, so you have to make sure
that you pay attention when (re-)assigning VLANs / other returned
attributes based on username.
-James
--
James J J Hooper
Network Specialist, University of Bristol
http
will take
host\\computer.domain.name and turn it in to computer$ automatically).
-James
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
the given IP from an accounting packet though. Use a
DB to match things up.
Regards,
James
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
manually in the database are there other methods for
achieving this?
Configure RADIUS to send the inner User-Name b...@wimax.com back in the
outer Access-Accept. Your NAS should then use this User-Name when
Accounting (if it doesn't, you need to refer to your NAS manufacturer).
Regards,
James
...and then testing it:
echo 'User-Name = 現年快樂' | radclient -x 137.222.253.91:16010 auth
SECRET
Sending Access-Request of id 161 to 137.222.253.91 port 16010
User-Name = 現年快樂
rad_recv: Access-Accept packet from host 137.222.253.91 port 16010, id=161,
length=20
Regards,
James
--
James J J Hooper
it though.
Hi Brett,
It sounds like the linelog module may do what you need, in conjunction
with unlang for the conditionals:
https://github.com/alandekok/freeradius-server/blob/v2.1.x/raddb/modules/linelog
Regards,
James
--
James J J Hooper
Network Specialist
Information Services
University
-freeradius-case-study.pdf
Regards,
James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 11/10/2010 22:14, James J J Hooper wrote:
On 11/10/2010 12:37, Phil Mayers wrote:
On 09/10/10 15:01, Garber, Neal wrote:
Thanks to a lot of work by Phil Mayers, the server now has support for
Microsoft SoH in PEAP, normal RADIUS (MS VPN gateway), and in DHCP.
Wow! That *must* have been
with that user. Then you can
move onto LDAP. Keeping a dump of the debug output at each step can
be handy too - then you can compare them.
Hope this helps.
Phil, Thank you very much the advice worked like a charm, and now I
have everything up and running again...
- james
-
List info/subscribe
file(on the radius server).
So compare the reply in that case with the reply in this case, and
configure the radius server to send the same attributes.
Will try this today, thank you very much for the informative advice.
- james
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
in this area?
- james
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to the radius server, please
let me know if this helps(or if you would like more information on my
config)
Thanks in advance,
- James
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[files] users: Matched
On Dec 3, 2010, at 10:52 AM, Phil Mayers wrote:
You haven't said what your problem is
Sorry! My server tells me that it ldap did not find a correct matchup,
but then returns true.
[ldap] performing search in cn=Users,dc=ds,dc=saintjoe,dc=edu, with
filter (samaccountname=jwn6657)
[ldap]
You need to be more specific with your questions. The config files have
examples on your question as well
Description: Description: MCITP(rgb)_1084_1085
Description: Description: Description: rhct_logo-clr
Description: Description:
1 - 100 of 375 matches
Mail list logo