On 08/10/13 17:01, Rok Kosir wrote:
authentication to mysql), when i run freeradius -X, i get Segmentation
Fault when it reaches dhcp listner.
See doc/bugs.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 08/10/13 17:40, Mulindwa wrote:
Dear pple,
I have looked for this and failed to get it, i have users with set
volume limits and they get knocked off once they hit the limit, however
; i want to have this taken to the next level, i.e once the limit is
hit, the user's profile be changed and
On 8 Oct 2013, at 17:44, Phil Mayers p.may...@imperial.ac.uk wrote:
On 08/10/13 17:01, Rok Kosir wrote:
authentication to mysql), when i run freeradius -X, i get Segmentation
Fault when it reaches dhcp listner.
See doc/bugs.
and skip to section 2. :)
Arran Cudbard-Bell
Thanks Phil,
What am looking at is this,
1. User is assigned a profile with 2GB
2. Once profile of 2GB is depleted, he is assigned another profile of say 100MB
3. Once that one is depleted he is assigned another profile.
Eric M
On Tuesday, October 8, 2013 7:59 PM, Phil Mayers
On 7 Oct 2013, at 02:30, Bruce Nunn ironr...@yahoo.com wrote:
Thanks for the heads-up. I will look for this this coming weekend when I get
2.2.2 in production.
Jonathan Gazeley jonathan.gaze...@bristol.ac.uk wrote:
We've recently upgraded our radius servers from 2.1.12 (CentOS 6
Hi,
if (Service-Type == NAS-Prompt-User) {
if (NAS-IP-Address =~ /^172\.17\.107\./) {
if (User-Name =~ /^wisms\-testing/) {
update control {
Auth-Type := Accept
}
ouch do you realise how dangerous that is? there
should be no need to send an access accept packet back
Hi,
If everyone's in favor, I'll release 2.2.2 on Monday.
hold request
now its monday AM and the load has gone back to higher levels
the server is freaking out and freezing witht he last message in
the log being
Mon Oct 7 07:50:28 2013 : Error: [event.c:2318] Internal sanity check
On 10/07/2013 08:40 AM, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
if (Service-Type == NAS-Prompt-User) {
if (NAS-IP-Address =~ /^172\.17\.107\./) {
if (User-Name =~ /^wisms\-testing/) {
update control {
Auth-Type := Accept
}
ouch do you realise how dangerous that is? there
On 07/10/13 08:40, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
if (Service-Type == NAS-Prompt-User) {
if (NAS-IP-Address =~ /^172\.17\.107\./) {
if (User-Name =~ /^wisms\-testing/) {
update control {
Auth-Type := Accept
}
ouch do you realise how dangerous that is? there
should
On 7 Oct 2013, at 09:59, Jonathan Gazeley jonathan.gaze...@bristol.ac.uk
wrote:
On 07/10/13 08:40, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
if (Service-Type == NAS-Prompt-User) {
if (NAS-IP-Address =~ /^172\.17\.107\./) {
if (User-Name =~ /^wisms\-testing/) {
update control {
Hi,
We're finding these nuggets of code as we dig deeper into James's
legacy config. If the Access-Accept response is not required, then
presumably I can ditch that entire code block and let the
wisms-testing auth attempt go through the system as any other user.
yesbut you'd be better
On 7 Oct 2013, at 10:36, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
We're finding these nuggets of code as we dig deeper into James's
legacy config. If the Access-Accept response is not required, then
presumably I can ditch that entire code block and let the
wisms-testing auth attempt go through
Hi,
Well you want the probes to go through and hit your backed authentication
servers,
and your databases, and any external resource.
..and get a valid user with access accept? bad. you are better off just
semding a reject -
just like RADIUS status server probes. it would be nice if the
On 7 Oct 2013, at 11:31, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
Well you want the probes to go through and hit your backed authentication
servers,
and your databases, and any external resource.
..and get a valid user with access accept? bad. you are better off just
semding a reject -
a.l.m.bu...@lboro.ac.uk wrote:
now its monday AM and the load has gone back to higher levels
the server is freaking out and freezing witht he last message in
the log being
Mon Oct 7 07:50:28 2013 : Error: [event.c:2318] Internal sanity check failed
At least that's clearer.
It would
Hi,
clarification/agreement from Stefan or others?
tried the newest GIT this morning and the proxy issues were gone.
I haven't seen your Internal sanity check failed just yet (and am not
looking forward to it :-/ ).
Stefan
alan
-
List info/subscribe/unsubscribe? See
Congratulations Alan, Arran for pushing this out of the nest,
all the while being so attentive on the mailing list, along with Phil
and the other Alan :-)
You guys are truly obsessed. I get exhausted just reading your commit logs.
:-)
-
List info/subscribe/unsubscribe? See
:10 PM
To: FreeRadius users mailing list
Subject: Re: radwho not working
Clint Petty wrote:
I am not blaming, I am just wanting to get the radwho command to work.
That is *entirely* the wrong attitude. There is no just get it to
work. There *are* multiple pieces involved, each of which has
On 7 Oct 2013, at 22:39, Clint Petty cpe...@luthresearch.com wrote:
Hi Alan,
Well I discovered a way to display a list of all active users without having
to implement FreeRadius accounting, which BTW is not as straight forward as
it should be.
I was able to display all active users
Clint Petty wrote:
Hi Alan,
Well I discovered a way to display a list of all active users without having
to implement FreeRadius accounting, which BTW is not as straight forward as
it should be.
I was able to display all active users through my StrongSwan server, with the
simple
Brian Julin wrote:
You guys are truly obsessed. I get exhausted just reading your commit logs.
:-)
It's what I do.
I spend a fair amount of time on other things, too. But pushing
FreeRADIUS ahead is a high priority.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
On 7 Oct 2013, at 23:00, Alan DeKok al...@deployingradius.com wrote:
Brian Julin wrote:
You guys are truly obsessed. I get exhausted just reading your commit logs.
:-)
It's what I do.
I'm just in it for the groupies. Everyone knows girls dig guys who have a
working knowledge of
On 7 Oct 2013, at 23:23, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
On 7 Oct 2013, at 23:00, Alan DeKok al...@deployingradius.com wrote:
Brian Julin wrote:
You guys are truly obsessed. I get exhausted just reading your commit
logs. :-)
It's what I do.
I'm just in it for
Hi,
More debug output would help. The last patch came from output sent by
Stefan. The patch seems to help. But there's an underlying issue which is
harder to debug. It looks like a Linux specific IPv6 problem. I don't see
any issue with v4.
interesting..the culprit may have been
a.l.m.bu...@lboro.ac.uk wrote:
interesting..the culprit may have been found. put HEAD onto server this
afternoon...
the logs had plenty of core messages but look
...
no 'bad logs' since that restart logged.
Good. It's the problem I thought it was, but the earlier fixes
weren't
Thanks for the heads-up. I will look for this this coming weekend when I get
2.2.2 in production.
Jonathan Gazeley jonathan.gaze...@bristol.ac.uk wrote:
We've recently upgraded our radius servers from 2.1.12 (CentOS 6
packaged default) to 2.2.1 (latest stable from FR, built by hand).
A
Hi,
Hello,
I am facing issue with MS CHAP authentication in Ubuntu 13.04 . Also
NTLM Authentication takes place when putting 'wait = no' in
/etc/freeradius/modules/ntlm_auth
is ntml_auth on the command line working?
Please provide some debug output.
regards
-andreas
--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi.
Wondering what authentication method you are using as maybe looking at wrong
ntlm check the mschap module for its ntlm_auth incantation. Also, if you
have doubts about the AD account used to bind them follow that up. Get it
bound in
On 4 Oct 2013, at 10:19, Alex Sharaz alex.sha...@york.ac.uk wrote:
Hi,
Yesterday caught an email about the release of FR 2.2.2 on Monday to fix a
proxy problem. As I've just migrated 2 of my servers from 2.2.0 to 2.2.1 the
sudden release of 2.2.2 sounds important. What does 2.2.2 fix?
Hi Clint,
On Thu, Oct 03, 2013 at 09:53:57PM +, Clint Petty wrote:
...
[detail] expand: %t - Thu Oct 3 21:45:27 2013
++[detail] returns ok
++[unix] returns ok
[radutmp] expand: /var/log/radius/radutmp - /var/log/radius/radutmp
[radutmp] expand: %{User-Name} - test
On 10/04/2013 07:02 AM, Shameek Bhattacharya wrote:
Hello,
I am facing issue with MS CHAP authentication in Ubuntu 13.04 .
Also NTLM Authentication takes place when putting 'wait = no' in
/etc/freeradius/modules/ntlm_auth
ie
exec ntlm_auth {
wait = no
wait = no is wrong here.
On 4 Oct 2013, at 10:37, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
On 4 Oct 2013, at 10:19, Alex Sharaz alex.sha...@york.ac.uk wrote:
Hi,
Yesterday caught an email about the release of FR 2.2.2 on Monday to fix a
proxy problem. As I've just migrated 2 of my servers from 2.2.0
Hi,
a couple of logic issues that meant case/switch and if() worked different
to 2.x - thats been fixed. ..and an issue if your server does a lot of proxying
work - in which worker threads arent dealt with properly - your log file
will be full of core and module messages if you are being hit.
Hmm
like these then?
Fri Oct 4 11:24:12 2013 : Info: WARNING: Child is hung for request 17630 in com
ponent core module thread.
Fri Oct 4 11:24:13 2013 : Info: WARNING: Child is hung for request 17635 in com
ponent core module thread.
Fri Oct 4 11:24:14 2013 : Info: WARNING: Child is hung for
Yep, those are the ones. :-)
Stefan
Hmm
like these then?
Fri Oct 4 11:24:12 2013 : Info: WARNING: Child is hung for request
17630 in com ponent core module thread.
Fri Oct 4 11:24:13 2013 : Info: WARNING: Child is hung for request
17635 in com ponent core module thread.
Fri Oct 4
On 4 Oct 2013, at 12:00, Alex Sharaz alex.sha...@york.ac.uk wrote:
Hmm
like these then?
Fri Oct 4 11:24:12 2013 : Info: WARNING: Child is hung for request 17630 in
com
ponent core module thread.
Fri Oct 4 11:24:13 2013 : Info: WARNING: Child is hung for request 17635 in
com
ponent
Does anyone have any tips for debugging this in a minimally disruptive way?
At the moment we don't have any development WLCs but we might have to get
some so we can have a separate environment for testing. In the meantime I'm
trying to get this code block to work so we can use the newer
On 04/10/13 13:46, Arran Cudbard-Bell wrote:
If I asked particularly nicely, and promised you a beer at the next networkshop
we were both in attendance at, would you be willing to try git head?
I'll roll a v2.2.2_rc0 if it sweetens the deal any? It'd just be really good to
know that that
Hi,
If I asked particularly nicely, and promised you a beer at the next
networkshop
we were both in attendance at, would you be willing to try git head?
I'll take the beer - am running HEAD since last night on one server :-)
(as I said to Alan, i'll report at end of day)
alan
-
List
Woah! that's getting g to be lots of beer.
I'll run it on one of my outward facing servers. Point me at something I can
build and run
A
On 4 Oct 2013, at 14:33, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
If I asked particularly nicely, and promised you a beer at the next
networkshop
we were
Hi
early report :(
2.2.2 HEAD still showing:
Fri Oct 4 13:20:43 2013 : Info: WARNING: Child is hung for request 3767589 in
component core module thread.
Fri Oct 4 13:20:45 2013 : Info: WARNING: Child is hung for request 3767589 in
component core module thread.
Fri Oct 4 13:20:47 2013 :
Using EAP? use the EAP cache and populate the entry with whatever is needed.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 10/04/2013 06:53 AM, a.l.m.bu...@lboro.ac.uk wrote:
a couple of logic issues that meant case/switch and if() worked different
to 2.x - thats been fixed.
I need a clarification. Do you mean worked differently ONLY IN 2.2.1?
But 2.2.2 is 100% logic consistent with all 2.x, except 2.2.1?
--
On Fri, Oct 04, 2013 at 09:54:29AM -0400, Garber, Neal wrote:
Can someone tell me if it is possible in FR to cache in memory
(for a short amount of time) Calling-Station-Id from successful
rlm_cache ?
http://wiki.freeradius.org/modules/Rlm_cache
Matthew
--
Matthew Newton, Ph.D.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Some things started acting differently in 2.2.1 compared to previous releases
of 2.x
2.2.2 should revert that so things behave the same - so far that seems to be
true but we are still seeing stalled module in core messages that we did not
see
On 4 Oct 2013, at 17:43, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Some things started acting differently in 2.2.1 compared to previous releases
of 2.x
2.2.2 should revert that so things behave the same - so far that seems to be
true
More debug output would help. The last patch came from output sent by
Stefan. The patch seems to help. But there's an underlying issue which is
harder to debug. It looks like a Linux specific IPv6 problem. I don't see any
issue with v4.
Alan DeKok.
On 2013-10-04, at 9:41 AM,
Garber, Neal wrote:
Can someone tell me if it is possible in FR to cache in memory (for a
short amount of time) Calling-Station-Id from successful machine
authentications so that subsequent user authentications can test whether
the user is connecting from an authorized device? This is a
Hi,
I would like to display the active Radius connections. When I run radwho I
get the following results (showing nothing but the titles) even though I know
I have an active connection:
using the utmp/wtmp modules? what does your FreeRADIUS debug show when
someone logging in?
alan
-
List
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I really wouldn't recommend running in full debug mode on a production server
full time... its only single threaded so if you have to service lots of
requests you have an immediate bottleneck.
What sort of weird problems are you facing? You know
How can we run radiusd -x logname such that we have different
logname for each day?
Clement, may I suggest a cron job?
At midnight, move the log, kill and restart the radius server with a new log in
the name? Of course you run the risk of possibly killing any authentication
attempts that
On 3 Oct 2013, at 10:14, stefan.pae...@diamond.ac.uk wrote:
How can we run radiusd -x logname such that we have different
logname for each day?
Clement, may I suggest a cron job?
At midnight, move the log, kill and restart the radius server with a new log
in the name? Of course you
On 3 Oct 2013, at 10:57, matthew pideil matthew.pid...@teledetection.fr wrote:
Hello,
I want to perform dynamic VLAN assignment by username through wifi
access. I set up this configuration few time ago but didn't works.
I want to know which WiFi APs are compatible and/or what is the term
Usuário do Sistema wrote:
how to deny access by group ? if user is member of the group it's able
login in otherwise the user is deny
See the FAQ. Put this at the top of the users file:
DEFAULT LDAP-Group != allowed, Auth-Type := Reject
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Hi,
this is FreeRADIUS list, not general Linux lsit - I'd suggest looking at some
guides for
the EXACT thing you need eg
http://www.cyberciti.biz/faq/linux-unix-formatting-dates-for-display/
(and ensure your escape quotes are the right way around)
alan
-
List info/subscribe/unsubscribe? See
=company,dc=com
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] attempting LDAP reconnection
[ldap] (re)connect to xx.xx.xx.126:389, authentication 0
[ldap] bind as cn=Admin,dc=company,dc=com/ to xx.xx.xx.126:389
[ldap] waiting for bind result ...
[ldap
Clint Petty wrote:
Below is the results from radiusd -X (debug mode), while logging in:
rad_recv: Access-Request packet from host xx.xx.xx.79 port 40379, id=79,
length=138
The radwho file logs *accounting* packets. That is an
*authentication* packet.
You're blaming FreeRADIUS because
Of Alan DeKok
Sent: Thursday, October 03, 2013 10:53 AM
To: FreeRadius users mailing list
Subject: Re: radwho not working
cpetty wrote:
Below is the results from radiusd -X (debug mode), while logging in:
rad_recv: Access-Request packet from host xx.xx.xx.79 port 40379, id=79,
length=138
Hi,
I am not blaming, I am just wanting to get the radwho command to work. I
have now turned on accounting info to be sent from the StrongSwan server to
the FreeRadius server. For I can see the accounting info in
/var/log/radius/radacct/IP_Address/detail-20131003 file. However I am
: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] attempting LDAP reconnection
[ldap] (re)connect to xx.xx.xx.126:389, authentication 0
[ldap] bind as cn=Manager,dc=company,dc=com/secret to xx.xx.xx.126:389
[ldap] waiting for bind result ...
[ldap] Bind was successful
[ldap
Clint Petty wrote:
I am not blaming, I am just wanting to get the radwho command to work.
That is *entirely* the wrong attitude. There is no just get it to
work. There *are* multiple pieces involved, each of which has to be
verified. I'm trying to convince you to use a methodical approach.
'help' to
freeradius-users-requ...@lists.freeradius.org
You can reach the person managing the list at
freeradius-users-ow...@lists.freeradius.org
When replying, please edit your Subject line so it is more specific
than Re: Contents of Freeradius-Users digest...
Today's
Jean Carlos Coelho wrote:
I need to configure one radius server with ldap integration and dynamic
vlan assign per user or group, didn't find any documentation about this
procedures, someone knows any url about this?
See the NAS documentation for which attributes it expects in an
George Innocent wrote:
I seek your support and advice to resolve this incidence relating to the
Radius server used for authentification.
There is a user created on the Radius that is used by Netcool for the
synch with the SAM server.
The user authenticates successfully but there is
st...@comitcon.be wrote:
I have rebuild freeradius on debian 7.0. I have added rlm_raw and have a
working dynamic client configuration where I use Called_Station_ID to
authenticate / validate that a NAS is allowed to use this radius server.
That's not a recommended configuration.
I wait
Are you sure the RADIUS secret is the right one?
On Wed, Oct 2, 2013 at 12:14 PM, JB list.freerad...@me.com wrote:
Hi!
We're proxying auth requests to another RADIUS service and encounter the
following problem:
The password seems to get changed somewhere along the way.
In our case, a 9
On 02/10/13 17:14, JB wrote:
Hi!
We're proxying auth requests to another RADIUS service and encounter the
following problem:
The password seems to get changed somewhere along the way.
In our case, a 9 character password arrives as 16 character garbage at the home
server, which then -of
Has anyone encountered a similar situation?
Yes, it's called getting the shared secret wrong between two of your servers.
To prove this, enable Message-Authenticator validation on the home server.
I believe recent versions of FreeRADIUS will include the Message-Authenticator
attribute by
Yes, we double checked the secret.
Am 02.10.2013 um 18:20 schrieb Francois Gaudreault fgaudrea...@cloudops.com:
Are you sure the RADIUS secret is the right one?
On Wed, Oct 2, 2013 at 12:14 PM, JB list.freerad...@me.com wrote:
Hi!
We're proxying auth requests to another RADIUS service
Dear Alan
see my comments below
st...@comitcon.be wrote:
I have rebuild freeradius on debian 7.0. I have added rlm_raw and have a
working dynamic client configuration where I use Called_Station_ID to
authenticate / validate that a NAS is allowed to use this radius server.
That's not a
On 02/10/13 17:30, JB wrote:
Yes, we double checked the secret.
Well, you missed something.
There is no other reasonable explanation for the behaviour you're
seeing. In *theory* it could be broken MD5 libraries at one end, but
that's so unlikely that the possibility can be discarded.
You
1. FreeRadius lacks the ability to actually run Nas's behind a link with a
dynamic IP. Although not recommended, this software does not support a
proper way of dealing with this.
Nonsense. This is a fundamental limitation of the RADIUS protocol.
If you want to use dynamic IPs, use a
For those interested:
Information gotten from
http://sourceforge.net/apps/trac/hotcakes/wiki/YfiTechDynamicClients
In regards to the usage of Called_Station_Id, rlm_raw and SQL checks.
Kind regards
Steve
1. FreeRadius lacks the ability to actually run Nas's behind a link with
a
dynamic
Alan
first of all thank you for replying although I must sense quite some
hostility in your replies. On the other hand, I have read previous emails
coming from your end and this appears to be the way you respond.
Secondly I have read the documentation, but RTFM still appears to be the
common way
Clint Petty wrote:
How can I change the radius default testing123 password? Is there a
command I need to run to do this?
Edit raddb/clients.conf. Look for testing123.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
st...@comitcon.be wrote:
For those interested:
Information gotten from
http://sourceforge.net/apps/trac/hotcakes/wiki/YfiTechDynamicClients
In regards to the usage of Called_Station_Id, rlm_raw and SQL checks.
Which notes that rlm_raw doesn't come with the server. The reason is
st...@comitcon.be wrote:
first of all thank you for replying although I must sense quite some
hostility in your replies. On the other hand, I have read previous emails
coming from your end and this appears to be the way you respond.
Perhaps you could read the *content* of my messages,
Philip Walenta wrote:
I'm trying to do what might be an odd configuration.
I'm attempting to digest auth users without caring about their
User-name attribute.
That should work.
So in other words I want to auth on the Digest-User-Name = testuser
that comes in as part of the
On 2 Oct 2013, at 19:06, st...@comitcon.be wrote:
Alan
first of all thank you for replying although I must sense quite some
hostility in your replies. On the other hand, I have read previous emails
coming from your end and this appears to be the way you respond.
Firstly, you ignored what
-
From: freeradius-users-bounces+cpetty=luthresearch@lists.freeradius.org
[mailto:freeradius-users-bounces+cpetty=luthresearch@lists.freeradius.org]
On Behalf Of Alan DeKok
Sent: Wednesday, October 02, 2013 12:50 PM
To: FreeRadius users mailing list
Subject: Re: how to change the radius
Replied in between
st...@comitcon.be wrote:
first of all thank you for replying although I must sense quite some
hostility in your replies. On the other hand, I have read previous
emails
coming from your end and this appears to be the way you respond.
Perhaps you could read the *content*
On 2 Oct 2013, at 19:06, st...@comitcon.be wrote:
Alan
first of all thank you for replying although I must sense quite some
hostility in your replies. On the other hand, I have read previous
emails
coming from your end and this appears to be the way you respond.
Firstly, you ignored
Clint Petty wrote:
Hi Alan,
Thanks for your reply. However, I have already changed the instances of the
password testing123 in the following files:
StrongSwan:/etc/strongswan/strongswan.conf
That's good.
Radius:/etc/raddb/proxy.conf
That's not good. The secret there is for home
st...@comitcon.be wrote:
It is fairly clear that the experts claim they have the knowledge , but
are guarding it.
Ah, yes. That's why I've wrote tons of documentation for the server,
and have answered questions daily for 15 years. I'm trying to hide
RADIUS knowledge.
I am secondly not
Bruce Bauman wrote:
We want to stop executing the BUNCH OF UNLANG CODE in the first two
cases (infected and tempsus), effectively doing something like a return.
There is a return code. See doc/configurable_failover.rst:
ok {
ok = return
}
That may work. The issue is that
We want to stop executing the BUNCH OF UNLANG CODE in the first two cases
(infected and tempsus), effectively doing something like a return.
Where you have ok in the case stanzas, put
ok {
ok = return
}
-Arran
Arran Cudbard-Bell a.cudba...@freeradius.org
FreeRADIUS Development Team
=luthresearch@lists.freeradius.org]
On Behalf Of Alan DeKok
Sent: Wednesday, October 02, 2013 2:02 PM
To: FreeRadius users mailing list
Subject: Re: how to change the radius default testing123 password
Clint Petty wrote:
Hi Alan,
Thanks for your reply. However, I have already changed the instances
Hi,
A simple thing:
infected case
update control {
Tmp-String-0 := stop
}
...
if (Tmp-String-0 != stop) {
BUNCH OF UNLANG CODE
}
That should work. Ugly, but functional.
this is pretty much what I was
Hi,
Thanks for your reply. However, I have already changed the instances of the
password testing123 in the following files:
if you are dealing with a shared secret between a NAS and the FreeRADIUS
server, there are only
2 thigns to configure
1) the shared secret on the NAS - I would guess
[mailto:freeradius-users-bounces+cpetty=luthresearch@lists.freeradius.org]
On Behalf Of Alan DeKok
Sent: Wednesday, October 02, 2013 2:02 PM
To: FreeRadius users mailing list
Subject: Re: how to change the radius default testing123 password
Clint Petty wrote:
Hi Alan,
Thanks for your reply
hi,
pretty definitive. incorrect shared secret - are you SURE that you havent got
any white spaces
etc lurking around? keep the shared secret in quotes if in doubt
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 2 Oct 2013, at 22:57, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
A simple thing:
infected case
update control {
Tmp-String-0 := stop
}
...
if (Tmp-String-0 != stop) {
BUNCH OF UNLANG CODE
}
That should work. Ugly,
=luthresearch@lists.freeradius.org]
On Behalf Of Alan Buxey
Sent: Wednesday, October 02, 2013 3:31 PM
To: FreeRadius users mailing list
Subject: RE: how to change the radius default testing123 password
hi,
pretty definitive. incorrect shared secret - are you SURE that you havent got
any white
Simon,
Did you enable the 'ldap' entry in the authorize section(s) of your default and
inner-tunnel servers?
It is commented out by default.
Stefan
From: freeradius-users-bounces+stefan.paetow=diamond.ac...@lists.freeradius.org
Simon Grierson wrote:
Authentication via Active Directory, but with access granted depending
on AD Group membership.
That should be possible.
EG: User A Is allowed Wifi access, as they are in Wifi-Users group
User B is not as they do not have membership of this group.
That's easy.
Send the whole configuration and initial request/response. The snippet
below is pretty much useless.
David
From:
freeradius-users-bounces+davidp=wirelessconnections@lists.freeradius.org
[mailto:freeradius-users-bounces+davidp=wirelessconnections.net@lists.freera
dius.org] On Behalf Of
On 30 Sep 2013, at 13:59, David Peterson dav...@wirelessconnections.net
wrote:
Send the whole configuration and initial request/response. The snippet below
is pretty much useless.
also, set your date/time correctly.
The reason why authentication is failing is because no module has take
On 30 Sep 2013, at 18:17, John Douglass john.dougl...@oit.gatech.edu wrote:
What exactly do error messages like:
Sep 30 12:56:36 newdvlanb radiusd[10152]: rlm_eap: No EAP session matching
the State variable.
The State attribute is returned in Access-Challenges by the RADIUS server and
is
Hi,
Sep 30 12:56:36 newdvlanb radiusd[10152]: rlm_eap: No EAP session
matching the State variable.
Sep 30 12:00:21 dvlanc radiusd[16053]: WARNING: Child is hung for
request 782076 in component authenticate module peap.
Sep 30 12:57:08 newdvlanb radiusd[10152]: Discarding duplicate
request
On 09/30/2013 02:45 PM, Matthew Ceroni wrote:
Is there any way to prevent FreeRadius from showing the password in
logs (debug logs) when authentication is done via LDAP?
Current I see :
rad_recv: Access-Request packet from host 192.168.100.2 port 31011,
id=13, length=129
User-Name =
101 - 200 of 59048 matches
Mail list logo