Hi,
> Sep 30 12:56:36 newdvlanb radiusd[10152]: rlm_eap: No EAP session
> matching the State variable.
> Sep 30 12:00:21 dvlanc radiusd[16053]: WARNING: Child is hung for
> request 782076 in component authenticate module peap.
> Sep 30 12:57:08 newdvlanb radiusd[10152]: Discarding duplicate
> requ
On 30 Sep 2013, at 18:17, John Douglass wrote:
> What exactly do error messages like:
>
> Sep 30 12:56:36 newdvlanb radiusd[10152]: rlm_eap: No EAP session matching
> the State variable.
The State attribute is returned in Access-Challenges by the RADIUS server and
is included in subsequent A
On 30 Sep 2013, at 13:59, "David Peterson"
wrote:
> Send the whole configuration and initial request/response. The snippet below
> is pretty much useless.
also, set your date/time correctly.
The reason why authentication is failing is because no module has take
responsibility in authorize.
Send the whole configuration and initial request/response. The snippet
below is pretty much useless.
David
From:
freeradius-users-bounces+davidp=wirelessconnections@lists.freeradius.org
[mailto:freeradius-users-bounces+davidp=wirelessconnections.net@lists.freera
dius.org] On Behalf Of
On Tue, Sep 24, 2013 at 8:13 PM, Arran Cudbard-Bell <
a.cudba...@freeradius.org> wrote:
>
> On 24 Sep 2013, at 18:12, Arran Cudbard-Bell
> wrote:
> >> Note: Comp128-4 (milenage) is still unknown (please contact one of the
> developers
> >> if you have access to it's specification), but just algor
Alan,
I finally made EAP-GTC using ntlm_auth to work. Basically my initial
configuration inside "gtc" sub-section of raddb/eap.conf was correct and
modifying raddb/modules/ntlm_auth from "%{mschap:User-Name}" to
"%{User-Name}" was also correct. I can also use
%{%{mschap:User-Name}:-%{User-Name}} t
Don wrote:
> Nothing secret, as I said I tried both configuration (one at a time)
> inside "gtc" sub-section of eap.conf.
That's a problem. NOTHING in the documentation or examples says to do
that. LOTS of documentation and examples give the CORRECT way to use
ntlm_auth.
> I did that, but tha
On Fri, Sep 27, 2013 at 6:34 AM, Alan DeKok wrote:
> Don wrote:
> > I tried one of these inside "gtc" sub-section of eap.conf, that don't
> > seem to work:
> > auth_type = ntlm_auth
>
> Setting that *should* be one step of a working configuration.
>
Ok, thank you for confirming that the
Don wrote:
> I tried one of these inside "gtc" sub-section of eap.conf, that don't
> seem to work:
> auth_type = ntlm_auth
Setting that *should* be one step of a working configuration.
> or
> ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
> --domain=MYDOMAIN --username=%{User-
Alan,
Thank you for your reply and please find my inline response below.
On Thu, Sep 26, 2013 at 7:54 PM, Alan DeKok wrote:
> Don wrote:
> > That said, if EAP-GTC can be used along with ntlm_auth how do I
> > configure it to make that work?
>
> Read the "gtc" sub-section of eap.conf. It tell
Don wrote:
> That said, if EAP-GTC can be used along with ntlm_auth how do I
> configure it to make that work?
Read the "gtc" sub-section of eap.conf. It tells you how to make
EAP-GTC use a particular authentication method.
> I tried to execute ntlm_auth passing
> --password=%{User-Password},
On Thu, Sep 26, 2013 at 4:14 AM, Alisson wrote:
> So this error its caused by my application?
>
>
Whatever it is that creates queries to mysql.
In the default schema, radacct will continue to grow. If you're running it
on a production system with significant amount of user on a commodity
hardware
Signup_mail2002 yahoo.com> writes:
>
> I will double check them when I get back to my machine. I think I know
what you mean. Will report back.
>
> > On Sep 25, 2013, at 4:38 PM, Alan Buxey lboro.ac.uk>
wrote:
> >
> > As the msg says. Your preacct {} and accounting {} sections in your
serv
> Are you saying my default file has these sections as empty? Or that the vpn
> clients are sending empty data?
Sections. As the Warning clearly states, sections.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
So this error its caused by my application?
2013/9/25 Arran Cudbard-Bell
>
> On 25 Sep 2013, at 20:54, Alisson wrote:
>
> > This messages are from radius.log
>
> Those errors were generated by the MySQL client library or the MySQL
> server, just because they're included in the radius.log file
I will double check them when I get back to my machine. I think I know what you
mean. Will report back.
> On Sep 25, 2013, at 4:38 PM, Alan Buxey wrote:
>
> As the msg says. Your preacct {} and accounting {} sections in your server
> are not configured to do anything. Add active modules to t
> On Sep 25, 2013, at 4:33 PM, Arran Cudbard-Bell
> wrote:
>
>
>> On 25 Sep 2013, at 21:20, WorkingMan wrote:
>>
>> I have been seen this weird message for two days now. I setup PPTP and IPSec
>> (ikev1) with freeradius + mysql.
>>
>> In both cases I see Access-Acccept and in Accounting-R
As the msg says. Your preacct {} and accounting {} sections in your server are
not configured to do anything. Add active modules to them eg a database call
and things will be different.
alan-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 25 Sep 2013, at 21:20, WorkingMan wrote:
> I have been seen this weird message for two days now. I setup PPTP and IPSec
> (ikev1) with freeradius + mysql.
>
> In both cases I see Access-Acccept and in Accounting-Request I see these two
> message:
>
> WARNING: Empty preacct section. Using
On 25 Sep 2013, at 20:54, Alisson wrote:
> This messages are from radius.log
Those errors were generated by the MySQL client library or the MySQL server,
just because they're included in the radius.log file does not mean they
originated from within the FreeRADIUS code base.
> I've doesn't ch
This messages are from radius.log
I've doesn't changed anything in db... and I haven't custom queries...
2013/9/25 Arran Cudbard-Bell
>
> On 25 Sep 2013, at 20:08, Alisson wrote:
>
> > Hi,
> >
> > I have a lot of logs with deadlocks
>
> Those would be caused by a bug in your custom SQL q
On 25 Sep 2013, at 20:08, Alisson wrote:
> Hi,
>
> I have a lot of logs with deadlocks
Those would be caused by a bug in your custom SQL queries?
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> But in the EAP-TLS section from eap.conf file, I don't see any
> reference to MSCHAPv2and remember the NTLM authentication query is
> set up in the MSCHAPv2 module
EAP-TLS does not use MSCHAPv2. It uses certificates.
I quote Alan DeKok's response to your question on September 18:
> >
Well. There's no such thing as EAP-TLS/MSCHAPv2 . So I'd guess that your
Android device is just doing PEAPv0/EAP-MSCHAPv2 or such and your config allows
it to. If you ran in full debug mode when connecting with the Android device
you'd see exactly what's happening
alan
-
List info/subscribe/
fan
>
>
>> -Original Message-
>> From: freeradius-users-
>> bounces+stefan.paetow=diamond.ac...@lists.freeradius.org
>> [mailto:freeradius-users-
>> bounces+stefan.paetow=diamond.ac...@lists.freeradius.org] On Behalf Of
>> Roberto Carna
>> Sent: 25
lf Of
> Roberto Carna
> Sent: 25 September 2013 15:44
> To: FreeRadius users mailing list
> Subject: Re: Active Directory authentication question
>
> Dear Stephan: Notebook with Windows 7 + AP + EAP-TTLS + MSCHAPv2 +
> Freeradius + AD is working now !!!
>
> But just a doubt:
ius.org
>> [mailto:freeradius-users-
>> bounces+stefan.paetow=diamond.ac...@lists.freeradius.org] On Behalf Of
>> Roberto Carna
>> Sent: 25 September 2013 14:27
>> To: FreeRadius users mailing list
>> Subject: Re: Active Directory authentication question
>>
>&g
; [mailto:freeradius-users-
> bounces+stefan.paetow=diamond.ac...@lists.freeradius.org] On Behalf Of
> Roberto Carna
> Sent: 25 September 2013 14:27
> To: FreeRadius users mailing list
> Subject: Re: Active Directory authentication question
>
> Dear Stephan, just the last question pl
-Original Message-
>> From: freeradius-users-
>> bounces+stefan.paetow=diamond.ac...@lists.freeradius.org
>> [mailto:freeradius-users-
>> bounces+stefan.paetow=diamond.ac...@lists.freeradius.org] On Behalf Of
>> Roberto Carna
>> Sent: 24 September 2013 15:1
24.09.2013 Phil Mayers:
> On 24/09/13 12:25, JB wrote:
>
>> At first glance, this seems to work but I wanted to know if there's a
>> better or more common way to achieve this. Or is this completely
>> stupid after all? (Why?)
>
> Looks fine to me; you're conditionally executing the rest of your
paul trader wrote:
> hi alan - well, i did both. at first the $INCLUDE was put at the bottom
> of the users file, and there was 1 entry in the included file, at line 1.
Why do you have a $INCLUDE? You did NOT mention it in your other posts.
The help here presumes that you accurately desc
Or ask your distribution provider why they still provide wpa_supplicant package
without eapol_test tool ;)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Tue, 24 Sep 2013 at 10:36, Alan DeKok opined:
AD: It also contradicts your previous messages. You claimed you put the
AD:"users" file entry at line one of the file. But now you talk about a
AD:$INCLUDE statement.
AD:
AD: So... which is it?
hi alan - well, i did both. at first the $INCLU
María Teresa Mondragón Reyes wrote:
> I followed the instructions to configure freeradius plus remote mysql
> server and when put in debug mode freeradius -f -X i get
> this message.
You don't need "-f -X". Just "-X" is good enough.
> rad_recv: Accounting-Request packet from host 192.168.4.224
On 24/09/13 17:58, María Teresa Mondragón Reyes wrote:
rad_recv: Accounting-Request packet from host 192.168.4.224 port 32769,
id=157, length=285
Invalid packet code 4 sent to a proxy port from home server
192.168.4.224 port 32769 - ID 157 : IGNORED
Ready to process requests.
This should be cl
On 24 Sep 2013, at 18:12, Arran Cudbard-Bell wrote:
>>
>> Note: Comp128-4 (milenage) is still unknown (please contact one of the
>> developers
>> if you have access to it's specification), but just algorithms 1-3 are still
>> useful.
>
>
> Actually it's not, it's published in the 3GGP stan
>
> Note: Comp128-4 (milenage) is still unknown (please contact one of the
> developers
> if you have access to it's specification), but just algorithms 1-3 are still
> useful.
Actually it's not, it's published in the 3GGP standards, neat :)
Arran Cudbard-Bell
FreeRADIUS Development Team
-
etow=diamond.ac...@lists.freeradius.org] On Behalf Of
> Roberto Carna
> Sent: 24 September 2013 15:17
> To: FreeRadius users mailing list
> Subject: Re: Active Directory authentication question
>
> Dear, I'm advancing in the Freeradius + AD authenticationjust a
> short que
On 09/24/2013 10:16 AM, Roberto Carna wrote:
> Dear, I'm advancing in the Freeradius + AD authenticationjust a
> short question: when I want to make the eapol_test tool, I get this
> error:
>
> # make eapol_test
> /usr/bin/ld: cannot find -lnl
> collect2: error: ld returned 1 exit status
> mak
Roberto Carna wrote:
> Dear, I'm advancing in the Freeradius + AD authenticationjust a
> short question: when I want to make the eapol_test tool, I get this
> error:
>
> # make eapol_test
> /usr/bin/ld: cannot find -lnl
> collect2: error: ld returned 1 exit status
> make: *** [eapol_test] Erro
On 24/09/13 12:25, JB wrote:
At first glance, this seems to work but I wanted to know if there's a
better or more common way to achieve this. Or is this completely
stupid after all? (Why?)
Looks fine to me; you're conditionally executing the rest of your policy
based on earlier results.
-
Li
paul trader wrote:
> hi phil - thanks for the advice, i figured out that placement of the
> $INCLUDE statement (and user info in general) in the users file is
> important for windows authentication. strangely enough, it doesn't seem
> to matter for a linux dialup, though.
That is a *terrible
u, but I'm not
> up to date on Debian specifically.
>
> Stefan
>
>
>> -Original Message-
>> From: Roberto Carna [mailto:robertocarn...@gmail.com]
>> Sent: 23 September 2013 19:16
>> To: Paetow, Stefan (DLSLtd,RAL,LSCI)
>> Subject: Re: Active Direc
On Mon, 23 Sep 2013 at 22:03, Phil Mayers opined:
PM:Carefully examine the two entries on line 1 and 172, determine what's
PM:different, examine the unredacted data in the packets, and correct it.
hi phil - thanks for the advice, i figured out that placement of the
$INCLUDE statement (and user
-->Please suggest any document which can help in better understanding on
TLS Authentication.
Arvind, I also faced the same issue at beginning , but I would suggest to
read Freeradius own documentation. That is probably the best.
On Mon, Sep 23, 2013 at 7:45 PM, arvind132 . wrote:
> Hi,
> I am
On 23/09/2013 18:19, paul trader wrote:
hi phil - ok, here's the full debug for a successful request:
[files] users: Matched entry test at line 1
Versus
and here's the full output of a failed request:
[files] users: Matched entry DEFAULT at line 172
The two request look very similar, but
On Mon, 23 Sep 2013 at 14:42, John Dennis opined:
JD:You have all the information you need to debug your problem. It does
JD:require reading the debug output carefully. But you should really try
JD:to do that yourself first. As a said earlier, verify you're reading the
JD:exact same users file
Hey I wanted to say thanks for the tips! I convinced the peers that it was
not a good idea to allow auto certificate acceptance and to just have the
clients accept it when the new certificate went online.
Cheers,
- Trevor
On Thu, Sep 12, 2013 at 3:46 PM, Brian Julin wrote:
> > Mathieu wrote
paul trader wrote:
> i used a default v2 install and only changed the users and clients.conf
> files. everything else was left alone.
Well, there's no magic. If the "users" file entry doesn't match, it's
because the User-Name isn't "test".
Alan DeKok.
-
List info/subscribe/unsubscribe? Se
On 09/23/2013 02:07 PM, paul trader wrote:
> On Mon, 23 Sep 2013 at 13:31, John Dennis opined:
>
> JD:You still haven't sent the full debug.
>
> hi john - thanks for your reply. i sent the output from running radiusd
> -X, are you saying i need to run -Xxx and send that instead?
No. It means a
On Mon, 23 Sep 2013 at 18:49, Rui Ribeiro opined:
RR:Your not crazy for sure. The problem authenticating with Windows boxen
RR:is that they only support MSCHAPv2… kudos to Microsoft.
hi rui - thanks for that, although my family and co workers may disagree!
according to this wiki faq entry:
h
eOn Mon, 23 Sep 2013 at 17:52, Phil Mayers opined:
PM:It's difficult to say, because the debug you sent has all the useful
PM:bits trimmed out - like the original packet, and the full module
PM:processing chain.
hi phil - ok, here's the full debug for a successful request:
rad_recv: Access-Req
On 09/23/2013 01:19 PM, paul trader wrote:
> eOn Mon, 23 Sep 2013 at 17:52, Phil Mayers opined:
>
> PM:It's difficult to say, because the debug you sent has all the useful
> PM:bits trimmed out - like the original packet, and the full module
> PM:processing chain.
You still haven't sent the ful
rg
>
> You can reach the person managing the list at
> freeradius-users-ow...@lists.freeradius.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
On 23/09/13 17:33, paul trader wrote:
am i doing something glaringly wrong, or just going plain crazy?
It's difficult to say, because the debug you sent has all the useful
bits trimmed out - like the original packet, and the full module
processing chain.
Send a full debug, and odds are som
On Mon, 23 Sep 2013 at 13:31, John Dennis opined:
JD:You still haven't sent the full debug.
hi john - thanks for your reply. i sent the output from running radiusd
-X, are you saying i need to run -Xxx and send that instead?
or are you looking for the startup output as well? i only included t
Thank you Alan I will pursue that line of inquiry further.
On 9/23/2013 8:18 PM, Alan DeKok wrote:
Daniel Baker wrote:
[ldap] performing search in dc=citlao,dc=local, with filter (uid=root)
[ldap] object not found
[ldap] search failed
What part of that is unclear?
What can I try to
Daniel Baker wrote:
> [ldap] performing search in dc=citlao,dc=local, with filter (uid=root)
> [ldap] object not found
> [ldap] search failed
What part of that is unclear?
> What can I try to fix the authentication issues so that all ports are being
> successfully authenticated ?
Ensur
Am Montag, 23. September 2013, 13:53:14 schrieb ken.farrington:
> Just also beware that the MAC and be spoofed also with lots of programs :)
Yes: ip link dev ... set addr ...
> > On 23 September 2013 at 13:46 Nikolaos Milas wrote:
> >
> > On 23/9/2013 3:14 μμ, Free-Radius wrote:
> > > I wonder
Husnain Taseer wrote:
> In tcpdump asterisk not sending request to the freeradius can u tell
> after configuring freeradius what configurations are needed to be done
> in asterisk.
You were told to ask this question on the asterisk mailing list.
We are not asterisk, and we know nothing about
Also, if I put the sim_files entry before eap in the default file I get the
following error when I try and start Radiusd -s -X
Module: Linked to sub-module rlm_eap_sim
Module: Instantiating eap-sim
Module: Checking authorize {...} for more modules to load
/usr/local/etc/raddb/radiusd.conf[643]: F
Just also beware that the MAC and be spoofed also with lots of programs :)
> On 23 September 2013 at 13:46 Nikolaos Milas wrote:
>
> On 23/9/2013 3:14 μμ, Free-Radius wrote:
>
> >
> > I wonder if the Freeradius to authenticate a client by IP number,
> > without using login and password, only the
On 23/9/2013 3:14 μμ, Free-Radius wrote:
I wonder if the Freeradius to authenticate a client by IP number,
without using login and password, only the IP. If possible, how to do?
You can authenticate a client based on MAC Address. See
http://wiki.freeradius.org/guide/Mac-Auth for various sce
Hi Arran,
Im not sure if I have interpreted this right. Are you agreeing with my
statement, that it is not needed or are you saying it is needed? I seem to
recall I get an error when I put the sime_files in the default file.
Many thx indeed for the lightning fast response mate :)
Ken
> On 23
In tcpdump asterisk not sending request to the freeradius can u tell after
configuring freeradius what configurations are needed to be done in
asterisk.
Regards,
Husnain Taseer
On Mon, Sep 23, 2013 at 4:11 PM, Adam Bishop wrote:
> On 23 Sep 2013, at 11:27, Husnain Taseer wrote:
>
> > Even I
On 23 Sep 2013, at 12:32, ken.farrington wrote:
> Hi All,
> I really do try to read the forums in full before I post, but I have seen
> much out there on this, but just cant find out why this is happening.
> Please see below.
>
> The only think I dont have is "sim_files" entry in the sites-e
On 23 Sep 2013, at 11:27, Husnain Taseer wrote:
> Even I don't get any request from asterisk server in radius logs.
You're looking at the wrong layer for the problem.
Fire up tcpdump. Do you see any radius traffic leaving the asterisk box? Does
it reach the RADIUS server?
If no traffic is l
On Mon, Sep 23, 2013 at 11:35 AM, bayu setiawan wrote:
> Is dhcp not available in 2.1.12 version?
>
>
Yes, if you enable it.
> and is my configure automaticly exitst if i built package from source for
> latest 2.x.x version? so i don't need reconfigure it?
>
>
No idea what you mean by that.
If
Is dhcp not available in 2.1.12 version?
and is my configure automaticly exitst if i built package from source for
latest 2.x.x version? so i don't need reconfigure it?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Mon, Sep 23, 2013 at 10:34 AM, bayu setiawan wrote:
> this is my version
>
> *radiusd: FreeRADIUS Version 2.1.12, for host i386-redhat-linux-gnu*
>
>
Short version: upgrade.
If you know how to build a package from source (i.e. rpmbuild), 2.2.0 has a
working spec file. Due to a recently discov
this is my version
*radiusd: FreeRADIUS Version 2.1.12, for host i386-redhat-linux-gnu*
On Mon, Sep 23, 2013 at 10:25 AM, Fajar A. Nugraha wrote:
> Which version is this?
>
> 2.2.0 should have DHCP support enabled by default. Older version (e.g. the
> one bundled with debian/ubuntu) might not
Which version is this?
2.2.0 should have DHCP support enabled by default. Older version (e.g. the
one bundled with debian/ubuntu) might not have that support yet.
--
Fajar
On Mon, Sep 23, 2013 at 10:17 AM, bayu setiawan wrote:
> Hi,
>
> i have problem when i configured for dhcp relay,
>
> i
WorkingMan wrote:
> Can you give me an example on how to always accept connection on EAP-*
> authentication (it will be password based from xauth-eap from strongswan)
No. EAP doesn't (and can't) work that way.
> but at the same time still honour Expiration logic? I am not sure what to
> do
WorkingMan wrote:
> So from what I gather I can make my VPN servers pointing to different ports
> (in strongswan.conf) and have freeradius's listen{} pointing to matching
> ports but I can keep the same IP for the virtual servers.
Yes.
> Does this look correct (or at least conceptually)? My t
Alan DeKok deployingradius.com> writes:
>
> WorkingMan wrote:
> > My design is that I don't actually care about secondary authentication
with
> > RADIUS since it's already doing certificate validation from strongswan
side
> > before doing secondary authentication. All is good if I was only n
Alan DeKok deployingradius.com> writes:
>
> WorkingMan wrote:
> > I am wondering is it possible to configure one server using a single IP
to
> > handle PPTP/IPSEC <---> freeradius?
>
> Yes.
>
> > Does it make sense (or possible) to create
> > a virtual servers against PPTP and IPSEC separ
WorkingMan wrote:
> My design is that I don't actually care about secondary authentication with
> RADIUS since it's already doing certificate validation from strongswan side
> before doing secondary authentication. All is good if I was only need
> secondary authentication since I can bypass with
WorkingMan wrote:
> I am wondering is it possible to configure one server using a single IP to
> handle PPTP/IPSEC <---> freeradius?
Yes.
> Does it make sense (or possible) to create
> a virtual servers against PPTP and IPSEC separately?
If you want. Read raddb/sites-available/README. It
On 22/09/2013 15:12, WorkingMan wrote:
I am wondering is it possible to configure one server using a single IP to
handle PPTP/IPSEC <---> freeradius? Does it make sense (or possible) to create
a virtual servers against PPTP and IPSEC separately? I am just wondering
what's the best practice. I don
thanks Alan
On Fri, Sep 20, 2013 at 9:44 PM, Alan DeKok wrote:
> Mehdi Ravanbakhsh wrote:
> > *i can not find any detailed document on this.*
>
> doc/rlm_sql. It's on the Wiki, and distributed with the server "tar"
> file.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://
thanks
On Sep 20, 2013 5:54 PM, "Arran Cudbard-Bell"
wrote:
>
> On 20 Sep 2013, at 14:00, Mehdi Ravanbakhsh wrote:
>
> > Hi all
> >
> > I need the algorithm that use to create acct_unique ID that use in
> radacct table.
> >
> > any one can help on this ?
>
> It's MD5 of the string representatio
Mehdi Ravanbakhsh wrote:
> *i can not find any detailed document on this.*
doc/rlm_sql. It's on the Wiki, and distributed with the server "tar"
file.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 20 Sep 2013, at 17:04, Nasser Heidari wrote:
> Hi,
>
> I'm trying to setup eap-ttls with freeradius, all my tests in LAB was
> successful. I've test it with both users file and sql and it was working.
> Now I'm going to prepare it for real setup, my only problem is that all my
> User-Passwo
On 20 Sep 2013, at 13:55, Mehdi Ravanbakhsh wrote:
> Hi All
>
> for some reason (change database structure and limitation on sql module for
> sql connection and ...) i need to develop something like SQL module to
> exchange check data in all section on my database .
>
> so in need to know
On 20 Sep 2013, at 14:00, Mehdi Ravanbakhsh wrote:
> Hi all
>
> I need the algorithm that use to create acct_unique ID that use in radacct
> table.
>
> any one can help on this ?
It's MD5 of the string representation of the subset of attributes configured
for the rlm_acct_unique module, wh
That was the trick. Thanks, uncommented a couple sql's and its working like
it should.
> Really? If you configure sql.conf, then that *isn't* enough. Read
> raddb/sites-available/default, and look for "sql".
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius
On Thu, Sep 19, 2013 at 12:00:47PM -0500, rich carroll wrote:
> I am having problems getting freeradius with ubuntu and postgres to work. I
> have set up this setup on freebsd several time successfully. I believe that
> it is not checking the database at all. Below is my radtest command and my
> de
rich carroll wrote:
> I am having problems getting freeradius with ubuntu and postgres to
> work. I have set up this setup on freebsd several time successfully. I
> believe that it is not checking the database at all. Below is my radtest
> command and my debug command.
It's not using Postgresql
Thanks Stepahn for all your important help.
Regards,
Roberto
2013/9/19 :
>> What I mean is that EAP-TLS is easier to me than AD authentication at
>> this point, because I've just put it to work...and if I want to use AD
>> auth I have to take EAP-TLS out and start again with NTLM / AD
>> authen
Nikolaos Milas wrote:
> Thanks. I guess it is supported in 3.0.0 as well ?
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 19/9/2013 3:40 μμ, Alan DeKok wrote:
In 2.2.1, it can handle dynamic IP allocation. See
raddb/sites-available/dhcp. Look for "pool".
Thanks. I guess it is supported in 3.0.0 as well ?
Nick
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Nikolaos Milas wrote:
> I would like to ask how we can direct FR dhcp server (using an ldap
> backend) to relay to another dhcp server.
...
update control {
DHCP-Relay-To-IP-Address := 192.2.3.4
}
...
> The idea is that we have a db of known MAC add
John,
The "IPhone Configuration Utility" can do remote debugging with iPads, it
helped me diagnose some EAP-TLS issues.
John.
From:
freeradius-users-bounces+jcarter=identitynetworks@lists.freeradius.org
[mailto:freeradius-users-bounces+jcarter=identitynetworks.com@lists.freeradi
us
val john wrote:
> Tue Sep 17 13:36:25 2013 : Error: TLS Alert read:warning:close notify
This means that the *other* end shut down the TLS connection. To be
polite, it sent a notification that it was doing so.
> Do you guys any idea what cause this issue
Maybe there's something in the CA / s
Hi,
is the firmware on that iPad particularly old? Or maybe your OpenSSL on
the server side?
Things like mismatching cipher requirements or "force secure
renegotiation" might cause some of these issues.
Greetings,
Stefan Winter
Am 19.09.13 06:27, schrieb val john:
> hi guys
>
> we are getting
> What I mean is that EAP-TLS is easier to me than AD authentication at
> this point, because I've just put it to work...and if I want to use AD
> auth I have to take EAP-TLS out and start again with NTLM / AD
> authenticationis it OK ???
Roberto, you don't have to remove EAP-TLS to support NT
Roberto Carna wrote:
> Sorry, so I'm a bit confused...
Because you're unfamiliar with the correct terminology, and with how
things really work. To recap:
EAP-TLS uses certificates to identify users. And nothing else. No
passwords, etc.
AD is a database. MySQL is a database. They store
Arran, I have a private CA and I've created the server and client
certs of course...and I've generated the .p12 cert (includind the CA
cert) to install in my Windows 7 clientsit works OK.
What I mean is that EAP-TLS is easier to me than AD authentication at
this point, because I've just put it
On 09/18/2013 11:01 AM, Roberto Carna wrote:
> Arran, I have a private CA and I've created the server and client
> certs of course...and I've generated the .p12 cert (includind the CA
> cert) to install in my Windows 7 clientsit works OK.
>
> What I mean is that EAP-TLS is easier to me than AD
On 18 Sep 2013, at 15:39, Roberto Carna wrote:
> Sorry, so I'm a bit confused...
>
> I'm using Windows 7 clients for accesing the WiFi network through
> EAP-TLS with X.509 certificates. But in this way, I could see that I
> can authenticate users or hosts...if I choose users, I can see a
> dial
201 - 300 of 63261 matches
Mail list logo
