ultaman khoo wrote:
btw the nas ip changes is due to NAS system supplying the radius acct
has failover to the backup unit, radius acct is then supply from there.
so it get change
It's still garbage.
The FreeRADIUS SQL queries assume that one NAS sends all of the
accounting traffic for
Thank you. This is only thing that i want to know.
2013/8/14 Cornelius Kölbel cornelius.koel...@lsexperts.de
Hi Sergii,
this is in fact possible, but not with the OSS components of LinOTP.
Unfortunately, the SQL Resolver is at the moment only part of an
enterprise edition.
To go with the
Hi again,
Clarify that DHCP server is running in the same or an other machine,
depends of the stage.
Thanks.
El 14/08/13 12:03, Fernando Pizarro escribió:
Hi all,
I'm using Freeradius version 2.1.12 with MySQL backend and EAP-TLS
authentication to serve dynamic VLAN and a DHCP server to
On 14 Aug 2013, at 11:02, Nikolaos Milas nmi...@noa.gr wrote:
Hi,
I am using FreeRadius v2.2.0 on CentOS 6.4 x86_64.
I am trying to adapt Plain Mac-Auth as described at:
http://wiki.freeradius.org/guide/Mac-Auth to work work from LDAP.
(Note: The server is also used for eduroam and
On 14 Aug 2013, at 11:03, Fernando Pizarro fea...@gmail.com wrote:
Hi all,
I'm using Freeradius version 2.1.12 with MySQL backend and EAP-TLS
authentication to serve dynamic VLAN and a DHCP server to leases this IP
address. This setup work sucefully but IP address of supplicants doesn't
Roberto Carna wrote:
I can authenticate with Windows, Linux and Android devices, but I
can't authenticate with Apple devices (iphone and ipad) at all.
Is it an intrinsic problem of Freeradius ???
No, Apple devices auth off FreeRADIUS just fine.
More likely it is a problem with certs/CAs,
Dear, the debug is this:
[chap] Login attempt by pepe with CHAP password
[chap] Using clear text password 1234 for user pepe authentication
[chap] Password check failed
++[chap] Returns reject
Failed to authenticate the user
THe password is 1234 and I try many times...
Any idea ??? Because from
[mailto:freeradius-users-bounces+bjulin=clarku@lists.freeradius.org]
On Behalf Of Roberto Carna
Sent: Wednesday, August 14, 2013 10:01 AM
To: FreeRadius users mailing list
Subject: Re: Apple devices can´t authenticate
Dear, the debug is this:
[chap] Login attempt by pepe with CHAP
Roberto Carna wrote:
Dear, the debug is this:
[chap] Login attempt by pepe with CHAP password
[chap] Using clear text password 1234 for user pepe authentication
[chap] Password check failed
++[chap] Returns reject
Failed to authenticate the user
THe password is 1234 and I try many
Kurt Hillig wrote:
radiusd.conf includes these listen sections (omitting comments):
listen {
type = auth
ipaddr = *
port = 1812
interface = eth0
}
Why not just bind it to the IP of the interface? And remove the
interface line?
Alan DeKok.
-
List
On 14/08/13 15:07, Kurt Hillig wrote:
But radiusd isn't seeing any of the inbound RADIUS traffic on eth1 -
tcpdump shows it coming in, but radiusd -X shows no indication of
this traffic (but is reporting all of the traffic on eth0).
If radiusd -X isn't reporting *anything*, then it's not
I tried with Android device and it use CHAP authentication as Apple devices.
OK, here is the complete logthanks a lot!!!
rad_recv: Accounting-Request packet from host 127.0.0.1 port 3799,
id=74, length=172
Acct-Status-Type = Interim-Update
User-Name = pagos
On 14/08/13 15:55, Roberto Carna wrote:
I tried with Android device and it use CHAP authentication as Apple devices.
Ok, there is some confusion here.
You are using a captive portal, so it's actually your captive portal
web-based login that is doing CHAP - the Apple/Android devices are just
to PAP
++[pap] returns noop
Found Auth-Type = LDAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group LDAP {...}
[ldap] login attempt by testu...@.fi with password testpass
[ldap] user DN: cn=Tauno Testaaja,ou=,ou=Customers,dc=demonet,dc=local
[ldap] (re
Before running radius in debug mode, try iptables -F with root privileges, it
disables iptables default rules
Phil Mayers p.may...@imperial.ac.uk ha scritto:
On 14/08/13 15:07, Kurt Hillig wrote:
But radiusd isn't seeing any of the inbound RADIUS traffic on eth1 -
tcpdump shows it coming in,
@lists.freeradius.org] On
Behalf Of Matteo Vocale
Sent: Wednesday, August 14, 2013 2:32 PM
To: FreeRadius users mailing list
Subject: Re: How to accept RADIUS traffic on multiple interfaces?
Before running radius in debug mode, try iptables -F with root privileges, it
disables iptables default rules
Phil Mayers
: freeradius-users-bounces+mcnuttj=missouri@lists.freeradius.org
[mailto:freeradius-users-bounces+mcnuttj=missouri@lists.freeradius.org] On
Behalf Of Matteo Vocale
Sent: Wednesday, August 14, 2013 2:32 PM
To: FreeRadius users mailing list
Subject: Re: How to accept RADIUS traffic
If your NAS can't send accounting then there's nothing you can do at the
freeradius end to make it do accounting
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
itquestioner wrote:
We've found in the freeradius wiki, that the correct way to manage
connection to mysql is to initiate the connection in the CLONE function.
But where should we put $dbh-disconnect() to be sure that any connection
will also be closed ? Whatever the result of the request
Sergii Bieliaievskyi wrote:
I am currently trying to install LinOTP with FreeRADIUS. I spent 3-4
hours to get to work perl script
http://www.howtoforge.com/how-to-use-freeradius-with-linotp-2-to-do-two-factor-authentication-with-one-time-passwords.
That site isn't part of FreeRADIUS.
David Aldwinckle wrote:
Is there a way that I can deny a specific realm when an access request
is received from a specific client?
Yes.
I tried adding something to policy.conf but I couldn't get the syntax right:
So... what happened? Did you get an error? Is it a secret?
#Prevent
Hi Sergii,
this is in fact possible, but not with the OSS components of LinOTP.
Unfortunately, the SQL Resolver is at the moment only part of an
enterprise edition.
To go with the OSS components you need to create a flatfile resolver.
But as Alan stated, this is no topic for this mailing list,
Brian Julin wrote:
Alan DeKok wrote:
Well... I tried it, and I didn't see any errors.
Can you check that you're really running a *stock* binary, and a
*stock* configuration?
Attached is a recipe for how I replicated it (and another doublefree) on a
clean system.
I've pushed a
Hi
That's just an authentication request accounting packets is what you need.
Is your kit configured to send accounting to this RADIUS server?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks for quick reply,
well I guess not. Can you give me a hint how I can figure it out how I
can configure this ?
I'm I right that I have to configure the accounting in the RADIUS
conf-files or is it part of the NAS it self.
Well OK I had a look into Wikipedia RADIUS and it looks like it
Thanks, it works.
2013/8/6 Arran Cudbard-Bell a.cudba...@freeradius.org
On 6 Aug 2013, at 14:29, Maciej Lew mac...@lanserver.pl wrote:
The problem is we have databases in slave mode, only reading is allowed.
We want pass these informations to another database...
Modules can have
On 08.08.2013 19:16, Shaw, Colin M. wrote:
[peap] Using saved attributes from the original Access-Accept
User-Name = testx
[peap] Saving response in the cache
Your inner-tunnel virtual server returns only User-Name attribute in
Access-Accept. Configure your inner-tunnel virtual
On 9 Aug 2013, at 10:40, Jonathan Gazeley jonathan.gaze...@bristol.ac.uk
wrote:
For a while I've been using FreeRADIUS with a set of includes.d-style
directories that I can drop modules, virtual sites, etc into. This works well
- until today. So far I've only had one included policy file
On 09/08/13 10:52, Arran Cudbard-Bell wrote:
Whilst making up features is a fun pastime it's not very productive.
There is one global policy section at the top level. Virtual servers do not
have different policy name spaces.
Hi Arran,
Thanks for this. So you're saying that there can only
On Fri, Aug 09, 2013 at 11:05:47AM +0100, Jonathan Gazeley wrote:
On 09/08/13 10:52, Arran Cudbard-Bell wrote:
Whilst making up features is a fun pastime it's not very productive.
There is one global policy section at the top level. Virtual servers do not
have different policy name spaces.
Hi,
Thanks for this. So you're saying that there can only be one policy
{} section in the whole server, and if I wish to load two sets of
policies I will have to merge the two files?
each policy has its own name/tag - in FR 3, there is a policy.d directory
in which policy files get put...each
On 09/08/13 11:18, Matthew Newton wrote:
On Fri, Aug 09, 2013 at 11:05:47AM +0100, Jonathan Gazeley wrote:
On 09/08/13 10:52, Arran Cudbard-Bell wrote:
Whilst making up features is a fun pastime it's not very productive.
There is one global policy section at the top level. Virtual servers do
Hi.
Your approach (use an external script) finally worked
It's definitely a hack, as I discovered that Linuxes don't do any
DHCP-Release (and I expected to send a radius acct stop at this point).
Nevertheless, it will help me to emulate a mobile operator network
behaviour, when a machine
On 9 Aug 2013, at 15:35, Fabrice-externe SEGURA
fabrice-externe.seg...@erdfdistribution.fr wrote:
Hi.
Your approach (use an external script) finally worked
It's definitely a hack, as I discovered that Linuxes don't do any
DHCP-Release (and I expected to send a radius acct stop at
Fabrice-externe SEGURA wrote:
A word on documentation however : It's quite an understatement to say
that it can be improved.
We've had ~15 years of people complaining about this. So far,
contributions have been sporadic.
Doing documentation takes a concerted effort, and commitment. It's
Alan DeKok wrote:
Well... I tried it, and I didn't see any errors.
Can you check that you're really running a *stock* binary, and a
*stock* configuration?
Attached is a recipe for how I replicated it (and another doublefree) on a
clean system.
1) started on a fresh system that had
On 9 Aug 2013, at 16:14, Brian Julin bju...@clarku.edu wrote:
Alan DeKok wrote:
Well... I tried it, and I didn't see any errors.
Can you check that you're really running a *stock* binary, and a
*stock* configuration?
Attached is a recipe for how I replicated it (and another
On 9 Aug 2013, at 16:27, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
On 9 Aug 2013, at 16:14, Brian Julin bju...@clarku.edu wrote:
Alan DeKok wrote:
Well... I tried it, and I didn't see any errors.
Can you check that you're really running a *stock* binary, and a
*stock*
You could move files above eap but IMO it's better (cleaner, more
obvious) to run this in post-auth like so:
authorize {
...
eap {
ok = return
}
...
}
post-auth {
...
files
...
}
Note that you'll need to set the postauth_usersfile on your files
Thank
On 08/08/13 11:07, Shaw, Colin M. wrote:
difference. Lastly, for testing purposes, if I insert the required
attributes into the default post-auth then it all works and the wired
client is assigned the correct vlan, so again the switch side must be ok
and I also therefore presume all the
Fabrice-externe SEGURA wrote:
I'm trying to use Freeradius 2.2.0 to catch DHCP request on a local
network (a specific interface and physical network of my machine), and
forward it to another radius server (through another interface), using
the radius protocol, to get authorized, and get the IP
Brian Julin wrote:
I tried to replicate on a test server with lightly modified 3.0 stock
configs. The error only
happens when everything is running through the same server/eap instances, so
good
instincts there. Replicating it is easy: just uncomment the peap
virtual-server directive
Am Donnerstag, 8. August 2013, 09:19:30 schrieb Fabrice-externe SEGURA:
Hi.
I'm trying to use Freeradius 2.2.0 to catch DHCP request on a local
network (a specific interface and physical network of my machine), and
forward it to another radius server (through another interface), using the
+ the acct start request.
Icing on the cake : dhcp-release should also transform into an acct stop.
Best regards
Fabrice
De :al...@deployingradius.com
A : freeradius-users@lists.freeradius.org
Date : 08/08/2013 14:42
Objet : Re: Configuring the DHCP module to forward request
Alan DeKok wrote:
Brian Julin wrote:
I tried to replicate on a test server with lightly modified 3.0 stock
configs.
The error only
happens when everything is running through the same server/eap
instances, so good
instincts there. Replicating it is easy: just uncomment the peap
...and it doesn't matter that example.com defaults to home_server
localhost, it does not get that far.
Well... I tried it, and I didn't see any errors.
Can you check that you're really running a *stock* binary, and a
*stock* configuration?
I will -- should I preferably be testing
Fabrice-externe SEGURA wrote:
A suggestion for v3 : It should be possible then to turn the simple dhcp
request into 2 radius request : the auth request + the acct start
request. Icing on the cake : dhcp-release should also transform into an
acct stop.
That's a lot harder.
As always,
On 8 Aug 2013, at 16:45, Alan DeKok al...@deployingradius.com wrote:
Fabrice-externe SEGURA wrote:
A suggestion for v3 : It should be possible then to turn the simple dhcp
request into 2 radius request : the auth request + the acct start
request. Icing on the cake : dhcp-release should also
As a hack just use exec and radclient to generate the packets and feed
them back into the server.
Interesting. That suggest there might be a way to make it work after
all...(I merely need a hack, it's for the purpose of simulating behavior
of an operators's GGSN towards a system that
On 08/08/13 16:16, Shaw, Colin M. wrote:
Thanks for the reply Phil.
difference. Lastly, for testing purposes, if I insert the required
attributes into the default post-auth then it all works and the wired
client is assigned the correct vlan, so again the switch side must be
ok and I also
Jochen Gatternig wrote:
rlm_eap: SSL error error:06065064:digital envelope
routines:EVP_DecryptFinal_ex:bad decrypt
rlm_eap_tls: Error reading private key file
/usr/local/etc/raddb/certs/server.pem
The password for the key file is wrong.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Hi
How are you generating the certs and what format are they in?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 08/06/2013 05:29 PM, Alan DeKok wrote:
Dominique Frise wrote:
Is there any other flag/function that would indicate that an
Access-Challenge packet was received from the NAS?
A NAS will NEVER send an Access-Challenge to the server.
A proxy will receive an Access-Challenge from a home
On 7 Aug 2013, at 07:51, Dominique Frise dominique.fr...@unil.ch wrote:
On 08/06/2013 05:29 PM, Alan DeKok wrote:
Dominique Frise wrote:
Is there any other flag/function that would indicate that an
Access-Challenge packet was received from the NAS?
A NAS will NEVER send an
On 07.08.2013 08:51, Dominique Frise wrote:
Did a fresh install from
http://github.com/FreeRADIUS/freeradius-server/tree/v2.x.x
./radiusd -v
radiusd: FreeRADIUS Version 2.2.1 (git #12be9f6), for host
x86_64-unknown-linux-gnu, built on Aug 6 2013 at 21:51:33
Copyright (C) 1999-2013 The
On 7 Aug 2013, at 09:35, Olivier Beytrison oliv...@heliosnet.org wrote:
On 07.08.2013 08:51, Dominique Frise wrote:
Did a fresh install from
http://github.com/FreeRADIUS/freeradius-server/tree/v2.x.x
./radiusd -v
radiusd: FreeRADIUS Version 2.2.1 (git #12be9f6), for host
Works here just fine. Once you've created the correctly formatted value for the
radius attribute FR displays it as an integer but whatever happens in the
background the HP switch just does its stuff
Rgds
A
Sent from my iPhone
On 6 Aug 2013, at 00:39, Andy a...@brandwatch.com wrote:
Hello,
On 7 Aug 2013, at 10:56, Alex Sharaz alex.sha...@york.ac.uk wrote:
Works here just fine. Once you've created the correctly formatted value for
the radius attribute FR displays it as an integer but whatever happens in the
background the HP switch just does its stuff
Yes the HP switch
Arran Cudbard-Bell wrote:
I'm honestly not entirely sure why the freeradius dictionary has the
attribute as an unsigned int
That's what the RFCs say. And the server doesn't really have a way of
packing arbitrary structures from attributes.
Alan DeKok.
-
List info/subscribe/unsubscribe?
On 7 Aug 2013, at 13:46, Alan DeKok al...@deployingradius.com wrote:
Arran Cudbard-Bell wrote:
I'm honestly not entirely sure why the freeradius dictionary has the
attribute as an unsigned int
That's what the RFCs say. And the server doesn't really have a way of
packing arbitrary
Cudbard-Bell
Sent: 07 August 2013 14:06
To: FreeRadius users mailing list
Subject: Re: returning a HEX String as a HEX String (bit string) instead
ofthe decimal equivalent - FreeRADIUS 2.1.10
On 7 Aug 2013, at 13:46, Alan DeKok al...@deployingradius.com wrote:
Arran Cudbard-Bell wrote:
I'm
Thank you everyone so much :)
Wow, what a great list :D
OK. First, you're not doing PPP, remove the default entries in the
users file for Framed-Protocol and Framed-Compression.
I have commented this out now.
And again thank you for your wireshark capture, and perfect
explanations of the
Hi,
peap {
default_eap_type = mschapv2
proxy_tunneled_request_as_eap = yes
copy_request_to_tunnel = no
use_tunneled_reply = yes
tls = eduroam-eap-tls
}
okay
Any request that tries to go to the proxy causes this to happen:
Wed Aug 7 11:57:35 2013 :
a.l.m.bu...@lboro.ac.uk [a.l.m.bu...@lboro.ac.uk] wrote:
how did you configure the server...from scratch or copy pasting bits over
from a 2.x ?
It's a mongrel, not an alteration of fresh 3.0. It was working on a pre-talloc
3.0 development branch.
does this 'eap' module use its own
I assume that's the freeradius2 package rather than freeradius as 1.x doesn't
have unlang
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thank You for reply Alan.
I have working eap-tls for my staff and
Dnia 5 sierpnia 2013 21:52 a.l.m.bu...@lboro.ac.uk napisał(a):
Hi,
gt; In that situation i need to have active, both sql and ldap, authorization
gt; modules in inner-tunnel. So users, who should identify by login/pass in
gt; guest
Hi, yes thank you, that is the guide I have been following..
And as that guide highlights the switch needs a 'bit string', not a
decimal number;
The value of Egress-VLANID is a bit string, the first 8 bits specify
whether the VLAN is tagged or untagged and must be either 0x31 (tagged)
or 0x32
Ahh,
No. The HP switch does not care that FreeRADIUS displayed (but later
encoded correctly) your hex string as an integer.
It does care that you don't seem to understand how to convert decimal
numbers to hex and are actually specifying VLAN 18 tagged, which
probably doesn't exist if you're
It still doesn't work :(
Sorry but I have been working on RFC 4675 for a long time before I
emailed this list, which is why I was a bit short in my first reply
(sorry) and jumped the gun before reading all of your email. I /really/
have trawled every page I can find..
I have changed
On 6 Aug 2013, at 10:50, Andy a...@brandwatch.com wrote:
Hi, yes thank you, that is the guide I have been following..
And as that guide highlights the switch needs a 'bit string', not a decimal
number;
The value of Egress-VLANID is a bit string, the first 8 bits specify whether
the VLAN
On 6 Aug 2013, at 12:35, Dominique Frise dominique.fr...@unil.ch wrote:
Hi,
I have no luck with testing the Reponse-Packet-Type in the post-proxy
section, after rad_recv: Access-Challenge packet...
Something like :
post-proxy {
...
if (Response-Packet-Type == Access-Challenge) {
Hi,
Hi, I would like to store freeradius session information like
Acct-Session-Id, Acct-Start-Time, Acct-Stop-Time, Acct-Input-Octets,
Acct-Output-Octets, Framed-IP-Address, NAS-IP-Address in external
database.
the defauly config does this - you just need to edit the SQL module
On 08/06/2013 01:55 PM, Arran Cudbard-Bell wrote:
On 6 Aug 2013, at 12:35, Dominique Frise dominique.fr...@unil.ch wrote:
Hi,
I have no luck with testing the Reponse-Packet-Type in the post-proxy section, after
rad_recv: Access-Challenge packet...
Something like :
post-proxy {
...
if
On 08/06/2013 02:31 AM, Alan Buxey wrote:
I assume that's the freeradius2 package rather than freeradius as 1.x
doesn't have unlang
The OP said Fedora. Fedora has never had a freeradius2 package (only
ever existed in RHEL 5.x). Fedora has had 2.x for many years. So either
the OP is using an
HPO switch debug;
0049:03:34:00.18 MAC mWebAuth:Port: 29 MAC: 080027-e4b2cd new client
detected on vid: 11.
0049:03:34:00.18 MAC mWebAuth:Port: 29 MAC: 080027-e4b2cd RADIUS CHAP
authentication started, session: 2985.
0049:03:34:00.20 MAC mWebAuth:Port: 29 MAC: 080027-e4b2cd vid
On 6 Aug 2013, at 13:20, Dominique Frise dominique.fr...@unil.ch wrote:
On 08/06/2013 01:55 PM, Arran Cudbard-Bell wrote:
On 6 Aug 2013, at 12:35, Dominique Frise dominique.fr...@unil.ch wrote:
Hi,
I have no luck with testing the Reponse-Packet-Type in the post-proxy
section, after
The problem is we have databases in slave mode, only reading is allowed. We
want pass these informations to another database...
2013/8/6 a.l.m.bu...@lboro.ac.uk
Hi,
Hi, I would like to store freeradius session information like
Acct-Session-Id, Acct-Start-Time, Acct-Stop-Time,
Hi,
I forgot to mention that I am using freeradius-2.2.0-2.el6.x86_64.
Should this version support it or not?
no, it wont support it. you need the latest code from the GIT to use that
feature.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
If I disable the var 'sql_log' it will stop do write on relay log file,
right?
but will still writing on radpostauth table correctly?
2013/7/31 Alisson alissongoncal...@bsd.com.br
Hi Alan,
the sql_log var, just write a text file with the sql statements, correctly?
2013/7/31 Alan DeKok
Maciej Lew wrote:
The problem is we have databases in slave mode, only reading is allowed.
We want pass these informations to another database...
Then configure another SQL module to talk to another database.
There's no magic here. If you want to write to a database, configure
the server
On 08/06/2013 03:36 PM, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
I forgot to mention that I am using freeradius-2.2.0-2.el6.x86_64.
Should this version support it or not?
no, it wont support it. you need the latest code from the GIT to use that
feature.
alan
-
List info/subscribe/unsubscribe?
Dominique Frise wrote:
Is there any other flag/function that would indicate that an
Access-Challenge packet was received from the NAS?
A NAS will NEVER send an Access-Challenge to the server.
A proxy will receive an Access-Challenge from a home server. As was
said, you need the latest
On 6 Aug 2013, at 14:29, Maciej Lew mac...@lanserver.pl wrote:
The problem is we have databases in slave mode, only reading is allowed. We
want pass these informations to another database...
Modules can have multiple instances.
sql.conf
sql sql_write {
sql config
}
Alisson wrote:
If I disable the var 'sql_log' it will stop do write on relay log file,
right?
Yes.
but will still writing on radpostauth table correctly?
Yes.
It helps to understand the servers configuration. You should read ALL
of the configuration files you have enabled. It's what
On 06/08/13 16:04, Horatiu Nimigean wrote:
i have pptpd on a centos 6 box configured to use radius for auth.
radius in turn checks credentials in ldap.
the user in ldap has a samba extension and a configured password (i used
ldap account manager to set it up) it also has a sambaNTPassword field
Horatiu Nimigean wrote:
the auth fails however when i try conencting from my windows8 client.
i need to mention that i am sure i'm inputting correct passwords.
No, you're not.
[mschap] Found NT-Password
[mschap] Creating challenge hash with username: testuser1
[mschap] Told to
Hi,
Is there any other flag/function that would indicate that an
Access-Challenge packet was received from the NAS?
dont know..I have the following on a 2.2.0 box in the authenticate section:
if (handled (Response-Packet-Type == Access-Challenge)) {
packet from host 127.0.0.1 port 1812, id=13,
length=112
MS-CHAP-Error = \000E=691 R=1
C=f20ec16aa685d6a06f1ed900857d9c0e V=3 M=Re-enter (or reset) the
password
On 8/6/2013 6:31 PM, Phil Mayers wrote:
On 06/08/13 16:04, Horatiu Nimigean wrote:
i have pptpd on a centos 6 box
oook the damn password is letmein for testing purposes.
i can't seriously mistype it that many times.
and i did not. it turns out lam successfully reports changing both unix
and samba passwords but upon closer inspection and verifying with
smbencrypt cli tool the samba hases are NOT
On 6 Aug 2013, at 19:49, Roberto Carna robertocarn...@gmail.com wrote:
Dear, when I execute freeradius -X the daemon starts in debug mode.
After that when a any user authenticate againts freradisu service, I can see
in the screen something like this:
[sql] expand: %{User-Name} -
On 6 Aug 2013, at 16:38, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
Is there any other flag/function that would indicate that an
Access-Challenge packet was received from the NAS?
dont know..I have the following on a 2.2.0 box in the authenticate section:
if (handled
Hi,
My password is encrypted with MD5 but it can be seen in the debug screen.
Is there any way to disallow or masquerade the use's password in debug
mode ???
its debug mode. the entire purpose is to ensure that things are
what they appear to be and silly things like, 'its doesnt
On 08/06/2013 05:29 PM, Alan DeKok wrote:
Dominique Frise wrote:
Is there any other flag/function that would indicate that an
Access-Challenge packet was received from the NAS?
A NAS will NEVER send an Access-Challenge to the server.
A proxy will receive an Access-Challenge from a home
On 5 Aug 2013, at 08:20, rajeev sr rajee...@gmail.com wrote:
Hello,
I am trying to run the radtest on local machine which is CentOS 6.0. But am
getting the following error while sending the Access Request message from
client which is another machine.
The user name is defined in
Hi,
User-Password = \334a\004\305\355x\321\332G\306\362b\226~\355+
that lineand the following in the debug:
Fri Aug 2 16:45:38 2013 : Debug: WARNING: Unprintable characters in the
password. Double-check the shared secret on the server and the NAS!
are quite clear.
On Mon, Aug 05, 2013 at 12:50:20PM +0530, rajeev sr wrote:
I am trying to run the radtest on local machine which is CentOS 6.0. But am
getting the following error while sending the Access Request message from
client which is another machine.
The user name is defined in users file under
Hi,
file users:
DEFAULT Ldap-Group ==
Huntgroup-Name ==
multiple lines? the first line is CHECK items. other lines are REPY items
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Thank you for your reply.
It was my mistake, when i was testing.
Corrected DEFAULT Ldap-Group == , Huntgroup-Name ==
Still not working as i want.
Br,
Ville
Hi,
file users:
DEFAULT Ldap-Group ==
Huntgroup-Name ==
multiple lines? the first line is CHECK items.
Hi,
It was my mistake, when i was testing.
Corrected DEFAULT Ldap-Group == , Huntgroup-Name ==
Still not working as i want.
output?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Here comes:
rlm_ldap::ldap_groupcmp: User found in group
and user still access in. I noticed that if i disable ldap
and put user in users file like this:
vi...@.fi Cleartext-Password := , Huntgroup-Name ==
it works and i can filter users based on huntgroup.
Br,
Ville
601 - 700 of 59048 matches
Mail list logo