Re: Active Directory authentication question

Sorry, so I'm a bit confused... I'm using Windows 7 clients for accesing the WiFi network through EAP-TLS with X.509 certificates. But in this way, I could see that I can authenticate users or hosts...if I choose users, I can see a dialog box to fill user and password and I suppose they are checke

Re: Active Directory authentication question

Roberto Carna wrote: > Dear, I have several Windows 7 clients over WiFi autheticating throug > EAP-TLS to a Freeradius 2.1 service against a local MySQL database, it > works OK. EAP-TLS doesn't use MySQL for storing credentials. Everything is in the certificate. > Now I have to change the auth

Re: Freeradius2 + MySQL + Accouting

On 17 Sep 2013, at 19:02, Wederson Rodrigues wrote: > I used radtest just to show the attributes that are returning. > > I'm using a debian (ppp) as NAS, with the enabled plugins: plugin > rp-radius.so pppoe.so radattr.so Even better, RTFS. Arran Cudbard-Bell FreeRADIUS Development Team - L

Re: Freeradius2 + MySQL + Accouting

On 17 Sep 2013, at 18:41, Wederson Rodrigues wrote: > Regards, > > I have a server configured with freeradius2 rlm_mysql and have > authentication working well. But the Accouting is only done on start > and stop. Wanted it to be done every 5 minutes (300 interim-update) > but is not working. I

Re: reconnecting to mysql

On 17 Sep 2013, at 18:22, Edgars Makņa wrote: > Hello, > > I just setup 2.2.0 from freebsd ports. In the testing environment it looks > okey except this error: > rlm_sql_mysql: MYSQL check_error: 2006, returning SQL_DOWN > rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 > rlm_sql_mysql:

Re: EAP-TLS works but not PEAP/EAP-TLS

Thanks Martin, I had already changed this in the config, but it lead me to the real issue which was that I'd added a "eap inner-eap" section to my eap.conf, but I also had a modules/inner-eap file from the default config. When I removed modules/inner-eap file it all works fine. Thanks again, John

Re: EAP-TLS works but not PEAP/EAP-TLS

On Tue, Sep 17, 2013 at 07:54:12AM +0100, John Carter wrote: > I've got a Windows 7 machine attempting to connect to FreeRADIUS 2.2.0. > EAP-TLS with a client certificate works fine, but with PEAP/EAP-TLS it > doesn't. Hi. make fragment_size in modules/inner-eap smaller then fragment_size in eap.

Re: Debugging "No EAP session matching the State variable"

Hi, > Sep 16 09:57:56 newdvlanb radiusd[15211]: rlm_eap: No EAP session > matching the State variable. turn on full debug for just a single User-Name or Calling-Station-Id (check radmin docs). whats your authentication clean-up/tidy up times - as if the clients dont respond then the session is cl

Re: Freeradius + 2 x LDAP + VLAN

Thank you, it works with simple modification (not too effective): ldap1 if (ok) { update reply { Tunnel-Type = VLAN Tunnel-Medium-Type = IEEE-802 Tunnel-Private-Group-Id = 1

Re: Last call for Version 2.2.1

On 16 Sep 2013, at 16:08, Alan DeKok wrote: > a.l.m.bu...@lboro.ac.uk wrote: >> ..so many new features... thought 3.x was where the new features and dev >> work was going into ;-) > > Well, yes. 2.2.1 has a lot of tiny features that are minor code > changes. v3

Re: Last call for Version 2.2.1

a.l.m.bu...@lboro.ac.uk wrote: > ..so many new features... thought 3.x was where the new features and dev work > was going into ;-) Well, yes. 2.2.1 has a lot of tiny features that are minor code changes. v3 is nearly everything re-written or updated. Those re-writes allow the addit

Re: Freeradius 2.1.12 Second LDAP Server

Hi, >Could not authenticate user Username%Password with plaintext password >challenge/response password authentication succeeded thats okay. means you couldnt do PAP and only MSCHAPv2 worked. expected for that command. >In this Step, i must edit the following line with this text in

Re: Last call for Version 2.2.1

Hi, ..so many new features... thought 3.x was where the new features and dev work was going into ;-) PS has anyone tested it with MariaDB? Wondering if its 100% drop-in compatible? (I'm postgres myself but looks like MySQL is dying) alan - List info/subscribe/unsubscribe? See http://www.freerad

Re: Freeradius 2.1.12 Second LDAP Server

Beliars Fire wrote: > The next Step wbinfo -a *user*%*password *works too, but i`m getting > this Error-Message: > > /Could not authenticate user Username%Password with plaintext password/ > challenge/response password authentication succeeded > > Is this normal? How can I fix it? The Response se

RE: Freeradius 2.1.12 Second LDAP Server

Hi, thanks for the Help. Actually im decided to create a new VM and reinstall the complete Server. I`m following the complete How-To, but i`m getting two different Errors. The First One is this: It`s under the first Point: Configuring Authentification with Active Directory I`m startet the

Re: Last call for Version 2.2.1

On 16 Sep 2013, at 13:44, Alan DeKok wrote: > The list of changes is large: Seems sort of small to me :) Here's the changelog: https://github.com/FreeRADIUS/freeradius-server/blob/v2.x.x/doc/ChangeLog Arran Cudbard-Bell FreeRADIUS Development Team - List info/subscribe/unsubscribe? See htt

Re: Windows Phone CA verification debugging

Hi, 2013/9/16 > > we've had no problems with self-signed CA or with 3rd party CA and standard > RADIUS certificate BUT the certificate must have CRLDP (CRL distribution > point) > URL defined. that can either be at CA level or RADIUS level - or both. > > eg > > crlDistributionPoints = URI:http:/

Re: Windows Phone CA verification debugging

Hi, >encountering some issues with those (yet quite rare) people with Windows >Phone 8 (WP8) systems. >WP8 devices are yet able to connect without (any) CA or common name >verification, but seem >to fail when I let them check the CA by choosing it from the device' CA >stor

Re: static ip allocation

Petre Bandac wrote: > I have a rp-pppoe/freeradius/mysql instance running, with ip addresses > dynamically allocated from defined pools. > > I want for some users to have static ip addresses, the same ip at every > connect. > > this can be achieved by manually entering the Framed-IP-Attribute >

Re: configuration parameters for perl module in rlm_perl

Am 14.09.2013 14:50, schrieb Alan DeKok: > Cornelius Kölbel wrote: >> I would like to avoid having the perl module read an additional >> configuration file. > Then edit the source code to rlm_perl, and add those features. > >> Is there a possibility to add such paramters somewhere in the freerad

Re: configuration parameters for perl module in rlm_perl

Cornelius Kölbel wrote: > I would like to avoid having the perl module read an additional > configuration file. Then edit the source code to rlm_perl, and add those features. > Is there a possibility to add such paramters somewhere in the freeradius > config like in > /etc/freeradius/modules/pe

Re: Freeradius 2.1.12 Second LDAP Server

Hi While I generally chime in with Alan's later message, one important you should start reading about and differentiating is Authentication and Authorization (the later is Accounting of AAA with RADIUS). While you can do Authorization using LDAP with AD, you can't do the Authentication part using

Re: FreeRadius DHCP against LDAP

On 13/9/2013 9:35 μμ, Nikolaos Milas wrote: Where can I find the v3.0.0 source branch? Oh, I found it and it includes a spec file for redhat: https://github.com/FreeRADIUS/freeradius-server/tree/release_branch_3.0.0/redhat Is the spec file in a well-working condition? (I might test, but k

Re: FreeRadius DHCP against LDAP

On 13 Sep 2013, at 19:47, Nikolaos Milas wrote: > On 13/9/2013 9:35 μμ, Nikolaos Milas wrote: > >> >> Where can I find the v3.0.0 source branch? > > Oh, I found it and it includes a spec file for redhat: > https://github.com/FreeRADIUS/freeradius-server/tree/release_branch_3.0.0/redhat > >

Re: FreeRadius DHCP against LDAP

On 13/9/2013 8:40 μμ, Arran Cudbard-Bell wrote: If you do it the way I suggested I highly recommend you use V3.0.0 (release_branch_3.0.0 or master/HEAD) instead, as the list/attribute handling is much better. Thanks, I'll look into rlm_cache. I wonder if anyone in this list has created a v

Re: FreeRadius DHCP against LDAP

On 31/8/2013 12:03 πμ, Arran Cudbard-Bell wrote: 1. Is DHCP functionality supported against an LDAP Server (in v2.2.0)? Yes. I am having a hard time trying to adapt the example at: http://wiki.freeradius.org/guide/dhcp-for-static-ip-allocation to work from ldap. We are starting from a p

Re: FreeRadius DHCP against LDAP

> > Is it correct as above? Do I have to call ldap_dhcp separately in each > section (i.e. twice)? Hopefully someone else will chime in who's actually used it, but this is what I believe the order of operations should be: * Receive DHCP-Discover - Call LDAP to get the IP assignment for

Re: Freeradius 2.1.12 Second LDAP Server

Beliars Fire wrote: > -> I`m worked to this Tutorial Step-by-Step. On the last two steps, i`m > configured Freeradius to use ntlm_auth > This was obviousy wrong, cause > i want to implement LDAP-Severs. Please, don't think you're smarter than people with decades more experience than you. It's n

Re: unsubscribe

Romeo Mihalcea wrote: > unsubscribe > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Is it really that difficult? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius authenticate against Active directory

On Fri, Sep 13, 2013 at 12:23:47AM +0100, trevor obba wrote: > expand: --username=%{mschap:User-Name:-None} -> --username=t...@abc.ac.uk ... > Exec-Program output: Logon failure (0xc4f) > How can I fix the problem of authentication users that type > in there local realm @abc.ac.uk with their

RE: EAP + SSL + Certificate chains

> Mathieu wrote: > At least from that side there is hope for improvements with Android 4.3 > onwards there > are API calls for enterprise wireless configuration. > > Maybe "someone" steps up by making an application that can manage > profiles or something like this. That is promising, but I hope

RE: EAP + SSL + Certificate chains

> Trevor Jennings wrote: > We are using freeradius with EAP/SSL and although it is working fine, I was > wondering if there was a way to prevent the user from getting the prompt to > accept the certificate? I have combined the intermediate and server > certificates to one file and used that fil

Re: Freeradius + 2 x LDAP + VLAN

On 12 Sep 2013, at 18:18, Miroslav Lednicky wrote: > Hello, > > I have Freeradius 2.1.10 with 2 LDAP servers (ldap1 + ldap2) and Ubuntu 12.04 authorize { ldap1 if (ok) { update reply { Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802 Tunnel-Private-Group-Id = 1

Re: EAP + SSL + Certificate chains

2013/9/12 Brian Julin > > > Trevor Jennings wrote: > > [...] > > > On OSX, the certificates are marked as valid, including the root, > intermediate > > and server, but still prompts the user to accept. Is there a way around > this? > > About the only way I can think of is to install a profile (.m

Re: Freeradius 2.1.12 Second LDAP Server

> It's like you're asking for flying lessons, and showing up with a > bicycle. There's a bit of a disconnect somewhere. Not true, they make these awesome little fold up bikes you can chuck in the back of the plane. Arran Cudbard-Bell FreeRADIUS Development Team - List info/subscribe/unsubsc

Re: Freeradius 2.1.12 Second LDAP Server

Kevin Bigalke wrote: > i`m running a Freeradius Server 2.1.12 on a Ubuntu 13.04 VM. The Login > with 802.1 works perfectly. I`m using a Windows LDAP Server for the > Login and want to add a second LDAP-Server for a Fail Over. I`m > following the Tutorials to setup my Freeradius Server: **Click > <

Re: Freeradius 2.1.12 Second LDAP Server

On 12 Sep 2013, at 15:47, Kevin Bigalke wrote: > Hello, > i`m running a Freeradius Server 2.1.12 on a Ubuntu 13.04 VM. The Login with > 802.1 works perfectly. I`m using a Windows LDAP Server for the Login and want > to add a second LDAP-Server for a Fail Over. I`m following the Tutorials to

Re: Freeradius 2.1.12 Second LDAP Server

On 12 Sep 2013, at 16:29, Arran Cudbard-Bell wrote: > >> It's like you're asking for flying lessons, and showing up with a >> bicycle. There's a bit of a disconnect somewhere. > > Not true, they make these awesome little fold up bikes you can chuck in the > back of the plane. Still trying t

Re: Building FreeRadius with custom LDAP libraries

Nikolaos Milas wrote: > ldconfig -v output does not list any *ldap* libraries in /usr/lib64 > although they exist (while it lists *ldap* libs in > /usr/local/openldap/lib64), obviously because: Well... this is a local OS issue. You'll need to consult your OS documentation to figure out what's

Re: Building FreeRadius with custom LDAP libraries

On 12/9/2013 2:46 μμ, Arran Cudbard-Bell wrote: Your linker's search path doesn't include the directory the libraries are in. Hmm, it seems the path is included but the ldap libs therein are not used because there is an "override" in /etc/ld.so.conf: # ldconfig -v | grep -v ^$'\t' /usr/lib6

Re: Building FreeRadius with custom LDAP libraries

On Thu, Sep 12, 2013 at 3:25 PM, Nikolaos Milas wrote: > Hello, > > I am trying to use http://www.packetfence.org/**downloads/PacketFence/** > freeradius/freeradius-2.2.0-2.**el6.src.rpmto > create custom

Re: Building FreeRadius with custom LDAP libraries

On 12 Sep 2013, at 11:02, Nikolaos Milas wrote: > On 12/9/2013 11:47 πμ, Arran Cudbard-Bell wrote: > >> >> --with-rlm-ldap-lib-dir= >> --with-rlm-ldap-include-dir= >> >> Top level configure. > > Thanks Arran, > > It worked! I have built and installed the new RPMs and things are working OK.

Re: Building FreeRadius with custom LDAP libraries

On 12/9/2013 11:47 πμ, Arran Cudbard-Bell wrote: --with-rlm-ldap-lib-dir= --with-rlm-ldap-include-dir= Top level configure. Thanks Arran, It worked! I have built and installed the new RPMs and things are working OK. Interestingly, trying to build with the default system libs was failing:

Re: Replicating to multiple servers.

On 12 Sep 2013, at 10:35, "Cooper, Tom" wrote: > I did that as well. I included that in the original post. No you didn't. You included a bunch of shit config that didn't work in your first post. You can't put server sections in realms, it doesn't work. Just because the server doesn't complai

Re: Replicating to multiple servers.

I did that as well. I included that in the original post. On 12/09/2013 09:28, Arran Cudbard-Bell wrote: > > On 12 Sep 2013, at 08:17, "Cooper, Tom" wrote: > >> Sorted. >> I did this in my acct_users file: >> >> DEFAULT Replicate-To-Realm := "ALLOT-SMP",Replicate-To-Realm += >> "Procera-SMP" > >

Re: Building FreeRadius with custom LDAP libraries

--with-rlm-ldap-lib-dir= --with-rlm-ldap-include-dir= Top level configure. > > Thanks, > Nick > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Replicating to multiple servers.

On 12 Sep 2013, at 08:17, "Cooper, Tom" wrote: > Sorted. > I did this in my acct_users file: > > DEFAULT Replicate-To-Realm := "ALLOT-SMP",Replicate-To-Realm += > "Procera-SMP" or preacct { update control { Replicate-To-Realm := "ALLOT-SMP" Replicate-T

Re: Replicating to multiple servers.

Sorted. I did this in my acct_users file: DEFAULT Replicate-To-Realm := "ALLOT-SMP",Replicate-To-Realm += "Procera-SMP" On 12/09/2013 08:29, Tom Cooper wrote: > Hi all, > How can I replicate to more than 1 server? I have set up replication to > one host, but when I set up a second host it does n

Re: FreeRadius DHCP against LDAP

Nikolaos Milas wrote: > My understanding is that the term "production system" implies the > definition above. It's just a warning. If it works for you, it works. > Does the reference to "code" apply to the configuration file only > (sites-available/dhcp) or to the DHCP FreeRadius module (as I

Re: FreeRadius DHCP against LDAP

On 11/9/2013 5:05 μμ, Arran Cudbard-Bell wrote: Define production-ready... Production-ready DHCP Server: A DHCP Server that can be used as such in a real-life, mission-critical, organizational environment, i.e. in a network where clients (hosts) will only get an IP address if and only if th

Re: FreeRadius DHCP against LDAP

On 11 Sep 2013, at 15:37, Nikolaos Milas wrote: > On 11/9/2013 5:05 μμ, Arran Cudbard-Bell wrote: > >> Define production-ready... > > Production-ready DHCP Server: A DHCP Server that can be used as such in a > real-life, mission-critical, organizational environment, i.e. in a network > where

RE: free radius setup

> That's because EAP-TTLS/PAP doesn't use EAP on the inner tunnel. Just > PAP. So "default_eap_type" is irrelevant. > > You support EAP-TTLS/PAP by ensuring PAP is working in the inner tunnel > - by populating a cleartext or hashed password and calling the "pap" > module in the authorize/authentica

Re: FreeRadius DHCP against LDAP

On 11 Sep 2013, at 14:49, Nikolaos Milas wrote: > On 31/8/2013 5:57 μμ, Nikolaos Milas wrote: > >> I'll look into DHCP... > > Looking at the sites-available/dhcp example setup (on v2.2.0) I see that the > DHCP code is not production-ready. > > Based on user feedback and on your involvement w

Re: FreeRadius DHCP against LDAP

On 31/8/2013 5:57 μμ, Nikolaos Milas wrote: I'll look into DHCP... Looking at the sites-available/dhcp example setup (on v2.2.0) I see that the DHCP code is not production-ready. Based on user feedback and on your involvement with next FreeRadius release(s) development, do you expect the D

Re: free radius setup

On 11/09/13 12:05, stefan.pae...@diamond.ac.uk wrote: The alternative is getting your users to install something like SecureW2 (which I believe requires a license now), and using EAP-TTLS- PAP which submits the users password in plaintext, or I believe more recent flavours of Windows support EAP-

Re: radclient error

thanks Arran It is solved Best regards. On Wed, Sep 11, 2013 at 3:03 PM, Arran Cudbard-Bell < a.cudba...@freeradius.org> wrote: > > On 11 Sep 2013, at 11:03, Mehdi Ravanbakhsh wrote: > > > Hi All > > > > I have this Error when using radclient: > > > > > > radclient: Nothing to send. > > rad

RE: free radius setup

> The alternative is getting your users to install something like > SecureW2 (which I believe requires a license now), and using EAP-TTLS- > PAP which submits the users password in plaintext, or I believe more > recent flavours of Windows support EAP-TTLS too. If I remember correctly, when using E

Re: radclient error

On 11 Sep 2013, at 11:03, Mehdi Ravanbakhsh wrote: > Hi All > > I have this Error when using radclient: > > > radclient: Nothing to send. > radclient:: Expected end of line or comma > > I do not know what is means ? It means you've not specified any input pairs, use the -f option, or pipe t

Re: Debug show cleartext password

On 11 Sep 2013, at 08:43, a.l.m.bu...@lboro.ac.uk wrote: > Hi, > >> i am getting a problem on Freeradius installed on CentOS. When i set the >> service Radiusd in debug mode and send an access request (default type >> PAP) through Radtest the debug show the password in cleartext. >> Is t

Re: Debug show cleartext password

Hi, > no. I guess we should do something with it to make it FIPS compliant but it's > not a big priority. You're welcome to submit a patch. ..you mean sniffable by NSA? it passes that requirement already ;-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Debug show cleartext password

Hi, >i am getting a problem on Freeradius installed on CentOS. When i set the >service Radiusd in debug mode and send an access request (default type >PAP) through Radtest the debug show the password in cleartext. >Is there an option to do not show the fiedl User-Password in cleart

Re: Debug show cleartext password

On 11 Sep 2013, at 07:52, Marco Aresu wrote: > Hi All > > i am getting a problem on Freeradius installed on CentOS. When i set the > service Radiusd in debug mode and send an access request (default type PAP) > through Radtest the debug show the password in cleartext. > Is there an option to

Re: free radius setup

On 09/10/2013 06:54 PM, Arran Cudbard-Bell wrote: > On the registration page you use to 'activate' users accounts for the > service, you get them to login. Once their password is verified > against OpenLDAP you do an LDAP modify and store the plaintext > version. This is exactly what we did at Uni

Re: free radius setup

I have a population of 2000 college students who have little idea of what > security really is. Well that's a fairly small user base. You should be able to handle that load on any fairly recent desktop machine. Hell you might even be able to do it on a Rasberry Pi provided they don't re-au

RE: free radius setup

-Original Message- From: freeradius-users-bounces+cswenson=curry@lists.freeradius.org [mailto:freeradius-users-bounces+cswenson=curry@lists.freeradius.org] On Behalf Of Arran Cudbard-Bell Sent: Tuesday, September 10, 2013 3:07 PM To: FreeRadius users mailing list Subject: Re

Re: sql_counter module doesn't count

Hi, I am willing to help, What kind of NAS do you use? Does your NAS support accounting ? Thanks RM -- On Mon, Aug 12, 2013 at 9:50 PM, lucia wrote: > Thanks for quick reply, > > well I guess not. Can you give me a hint how I can figure it out how I can > configure this ? > > I'm I right that

RE: free radius setup

-profit such as my college is. Chris S. -Original Message- From: John Dennis [mailto:jden...@redhat.com] Sent: Tuesday, September 10, 2013 6:09 PM To: FreeRadius users mailing list Cc: Swenson, Chris Subject: Re: free radius setup On 09/10/2013 02:15 PM, Swenson, Chris wrote: >

Re: free radius setup

On 09/10/2013 02:15 PM, Swenson, Chris wrote: > I understand a bit more why people were bring up plain text passwords now. > > > > My radius server is being presented with peap ms-chapV2 credentials and > I want it to receive authentication from my openldap server. > > It seems that the creden

Re: free radius setup

On 10 Sep 2013, at 19:15, "Swenson, Chris" wrote: > I understand a bit more why people were bring up plain text passwords now. > > My radius server is being presented with peap ms-chapV2 credentials and I > want it to receive authentication from my openldap server. What happened to that web

Re: freeradius eam sim authorization to everyone

Maxim Shoustin wrote: > Can I configure to give "OK" to any sim based on provider only, like > "Orange", for example/ No. The design of EAP-SIM makes that impossible. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: my Radius goal radius and openldap.

On 09/09/2013 08:46 PM, Swenson, Chris wrote: > Yeah, bit the goal is that it is passed to the server via a secure web > page. The end goal here is getting authenticated users the right to > connect to the secure ssid's. The Aruba wireless controllers are > supposed to do that. If I am way over my

Re: my Radius goal radius and openldap.

Yeah, bit the goal is that it is passed to the server via a secure web page. The end goal here is getting authenticated users the right to connect to the secure ssid's. The Aruba wireless controllers are supposed to do that. If I am way over my head I have a consultant on contract. RHIP. Sent f

Re: my Radius goal radius and openldap.

On 10 Sep 2013, at 00:19, "Swenson, Chris" wrote: > No, they are encrypted in the ldap database in md5 hash. Right, but you have the plaintext version from the user? > I might be too old to do bleeding edge stuff like 3.0 RC1 > I will take a look and a poke at it though. Fair enough. Arran C

Re: problem with initial setup solved

Hi, >NEVER agreed. still a useful reference. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: my Radius goal radius and openldap.

On 9 Sep 2013, at 23:00, "Swenson, Chris" wrote: > I already have functioning openldap with SSL. (actually a neat little multi > master setup.) > I would like to get this radius to authenticate against the openldap. You have plaintext passwords then? > I have dug around Google and found some

RE: my Radius goal radius and openldap.

-bounces+cswenson=curry@lists.freeradius.org] On Behalf Of Arran Cudbard-Bell Sent: Monday, September 09, 2013 6:54 PM To: FreeRadius users mailing list Subject: Re: my Radius goal radius and openldap. On 9 Sep 2013, at 23:00, "Swenson, Chris" wrote: > I already have functioning open

Re: problem with initial setup

Swenson, Chris wrote: > Hi all, I have not used radius in about 15 years and found a need recently. > I have set up the rpm on a red hat 5.6 server and when I run radius -X the > system starts fine with the expected info. You're running a VERY old version. You may need the "freeradius2" pack

RE: problem with initial setup solved

27 PM To: FreeRadius users mailing list Subject: RE: problem with initial setup That did it, In the version 1 the radtest must have been installed with the radius, not as a separate package. I have now also successfully tested. I wonder why the in the ticket I opened with red hat support they di

Re: problem with initial setup

On 09/09/2013 12:52 PM, Swenson, Chris wrote: > Thanks for the replies: > Ok, uninstalled #1 and updated to freeradius2 > > radiusd started without a hitch with testing Cleartext-Password := > "password" in users file. > > When I ran radtest testing password localhost 0 testing123 > > Receive

Re: problem with initial setup

On 09/09/2013 12:18 PM, Swenson, Chris wrote: > Hi all, I have not used radius in about 15 years and found a need > recently. I have set up the rpm on a red hat 5.6 server and when I > run radius -X the system starts fine with the expected info. On RHEL5 make sure you install the freeradius2 set o

Re: problem with initial setup solved

NEVER On Sep 9, 2013, at 10:34 AM, "Swenson, Chris" wrote: > I guess I need to recycle my 2002 Shell O'Reilly book. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: problem with initial setup

- From: John Dennis [mailto:jden...@redhat.com] Sent: Monday, September 09, 2013 1:11 PM To: FreeRadius users mailing list Cc: Swenson, Chris Subject: Re: problem with initial setup On 09/09/2013 12:52 PM, Swenson, Chris wrote: > Thanks for the replies: > Ok, uninstalled #1 and upda

Re: problem with initial setup

Received -bash: /usr/bin/radtest: No such file or directory It means radtest command was not found. On Mon, Sep 9, 2013 at 10:22 PM, Swenson, Chris wrote: > Thanks for the replies: > Ok, uninstalled #1 and updated to freeradius2 > > radiusd started without a hitch withtesting Cleartext-Pa

Re: problem with initial setup

On 9 Sep 2013, at 17:18, "Swenson, Chris" wrote: > Hi all, I have not used radius in about 15 years and found a need recently. > I have set up the rpm on a red hat 5.6 server and when I run radius -X the > system starts fine with the expected info. That'd be version 1.x.x? Which doesn't supp

RE: problem with initial setup

Thanks for the replies: Ok, uninstalled #1 and updated to freeradius2 radiusd started without a hitch withtesting Cleartext-Password := "password" in users file. When I ran radtest testing password localhost 0 testing123 Received -bash: /usr/bin/radtest: No such file or directory For aca

Re: [ANN] Version 3.0.0-rc1

On Mon, Sep 09, 2013 at 03:18:06PM +0100, Arran Cudbard-Bell wrote: > This negates problems caused by installing over the top of a > previous installation, which IMHO is always an extremely bad > idea with any unpackaged software. ...or even packaged software. FWIW, I put all freeradius config in

Re: [ANN] Version 3.0.0-rc1

On 9 Sep 2013, at 14:24, Alan DeKok wrote: > Stefan Winter wrote: >> The idea is that make install is not supposed to touch my production >> config in any way. I don't want it to generously add directories without >> me knowing. There's also: #!/bin/sh make clean if ! git pull; then ex

Re: [ANN] Version 3.0.0-rc1

Stefan Winter wrote: > The idea is that make install is not supposed to touch my production > config in any way. I don't want it to generously add directories without > me knowing. Honestly, the simplest might be to edit Make.inc, at the top where it defines raddbdir and modconfdir: ifeq "$(rad

Re: [ANN] Version 3.0.0-rc1

On 09/09/13 14:04, Stefan Winter wrote: Hi, mv raddb raddb-noinst mkdir raddb touch raddb/all.mk make install do 'mkdir raddb/mods-config' you've 'messed around' with the configuration directory which assumes that mods-config exists... i guess that could be fixed to make dir directory first

Re: [ANN] Version 3.0.0-rc1

Hi, > Because that all.mk file for the rlm_perl module installs example perl > scripts in mod-config, the same with rlm_python and rlm_ruby. > I guess we'll have to come up with a proper fix. Does the file need to be created by the rlm's "make install"? The example scripts could be put into sou

Re: [ANN] Version 3.0.0-rc1

Hi, >>> mv raddb raddb-noinst >>> mkdir raddb >>> touch raddb/all.mk >>> make install > > do 'mkdir raddb/mods-config' > > you've 'messed around' with the configuration directory which assumes > that mods-config exists... i guess that could be fixed to make dir > directory first if it doesnt ex

Re: [ANN] Version 3.0.0-rc1

Hi, > > mv raddb raddb-noinst > > mkdir raddb > > touch raddb/all.mk > > make install do 'mkdir raddb/mods-config' you've 'messed around' with the configuration directory which assumes that mods-config exists... i guess that could be fixed to make dir directory first if it doesnt exist. alan

Re: [ANN] Version 3.0.0-rc1

On 9 Sep 2013, at 08:44, Stefan Winter wrote: > Hi, > >> We are in feature freeze for 3.0. The configuration format and behaviour for >> 3.0 will be stable between now and the final release (as it was with >> release_3_0_0_rc0). >> >> If you are planning on deploying 3.0 and have an existing

Re: [ANN] Version 3.0.0-rc1

nings. > * LDAP schemas to load dynamic clients from LDAP > * the control socket is now marked "stable" > * Added RFC 6929 dictionary, along with a few others > * Clean up proxy ID allocation / re-allocation > * pairbasicfree() has been replaced by talloc_free() > * Added %{de

Re: [ANN] Version 3.0.0-rc1

On 09/06/2013 04:31 PM, stefan.pae...@diamond.ac.uk wrote: > I shall try a RHEL6/CentOS6 compatible build tomorrow or Monday. > > Shouldn't be a problem. John D, I'll update my tag, you guys will probably do > the same. FYI: rc1 is packaged and built for Fedora in rawhide (unreleased latest). At

Fwd: Re: smbencrypt calculates false hash for German umlauts and other non-ASCII letters

Sorry, my mail program tricked me and used the wrong destination address. -- Weitergeleitete Nachricht -- Betreff: Re: smbencrypt calculates false hash for German umlauts andother non-ASCII letters Datum: Samstag 07 September 2013, 19:13:17 Von: Matthias Nagel An: Alan

Re: smbencrypt calculates false hash for German umlauts and other non-ASCII letters

Arran Cudbard-Bell wrote: > Can't we assume src as UTF8 for NAI (RFC4282)? Ha, ha, ha, ha . 4282 is wrong. And no one implements any of it. The MS-CHAP RFCs are silent on the subject of character encoding. The unofficial word from Microsoft is "MS-CHAP uses the local encoding". Ok... w

Re: smbencrypt calculates false hash for German umlauts and other non-ASCII letters

On 7 Sep 2013, at 16:43, Alan DeKok wrote: > Matthias Nagel wrote: >> Hi Phil, >>> Probably a fairly trivial patch if you feel like it ;o) >> I had a quick glace at the source code and I found two files named >> "smbencrypt.c". If you give me a hint, which is the correct file to start >> with,

Re: smbencrypt calculates false hash for German umlauts and other non-ASCII letters

Matthias Nagel wrote: > Hi Phil, >> Probably a fairly trivial patch if you feel like it ;o) > I had a quick glace at the source code and I found two files named > "smbencrypt.c". If you give me a hint, which is the correct file to start > with, I will brosw the source code from that point and see

Re: Segmentation Fault on "[pap] Normalizing SSHA1-Password from base64 encoding"

lain your final configuration state? The problem is that SSHA1-Password's data type triggers the wannabe-decoding. The workaround was to define another attribute myself, with another data type, which stops this from happening; and later re-coding into the original attribute name explicitl

<    1   2   3   4   5   6   7   8   9   10   >