Hi,
Is there any way to prevent FreeRadius from showing the password in
logs (debug logs) when authentication is done via LDAP?
dont run in debug mode. debug mode is there for a reason - to debug
problems. verify if things like passwords are correct. look at the mailing list
archive - this
John Douglass wrote:
Any one have any similar battle scars that I can learn from (server
performance tweaks, optimizations, etc?). I've optimized as best I can
the SQL component. This all seems related to the samba/winbind/ntlm_auth.
FreeRADIUS is dependent on other systems. So if Samba or
On Tue, Sep 24, 2013 at 8:13 PM, Arran Cudbard-Bell
a.cudba...@freeradius.org wrote:
On 24 Sep 2013, at 18:12, Arran Cudbard-Bell a.cudba...@freeradius.org
wrote:
Note: Comp128-4 (milenage) is still unknown (please contact one of the
developers
if you have access to it's specification),
Don wrote:
I tried one of these inside gtc sub-section of eap.conf, that don't
seem to work:
auth_type = ntlm_auth
Setting that *should* be one step of a working configuration.
or
ntlm_auth = /usr/bin/ntlm_auth --request-nt-key
--domain=MYDOMAIN --username=%{User-Name}
On Fri, Sep 27, 2013 at 6:34 AM, Alan DeKok al...@deployingradius.comwrote:
Don wrote:
I tried one of these inside gtc sub-section of eap.conf, that don't
seem to work:
auth_type = ntlm_auth
Setting that *should* be one step of a working configuration.
Ok, thank you for
Don wrote:
Nothing secret, as I said I tried both configuration (one at a time)
inside gtc sub-section of eap.conf.
That's a problem. NOTHING in the documentation or examples says to do
that. LOTS of documentation and examples give the CORRECT way to use
ntlm_auth.
I did that, but that
Alan,
I finally made EAP-GTC using ntlm_auth to work. Basically my initial
configuration inside gtc sub-section of raddb/eap.conf was correct and
modifying raddb/modules/ntlm_auth from %{mschap:User-Name} to
%{User-Name} was also correct. I can also use
%{%{mschap:User-Name}:-%{User-Name}} that
Don wrote:
That said, if EAP-GTC can be used along with ntlm_auth how do I
configure it to make that work?
Read the gtc sub-section of eap.conf. It tells you how to make
EAP-GTC use a particular authentication method.
I tried to execute ntlm_auth passing
--password=%{User-Password}, but
Alan,
Thank you for your reply and please find my inline response below.
On Thu, Sep 26, 2013 at 7:54 PM, Alan DeKok al...@deployingradius.comwrote:
Don wrote:
That said, if EAP-GTC can be used along with ntlm_auth how do I
configure it to make that work?
Read the gtc sub-section of
24.09.2013 Phil Mayers:
On 24/09/13 12:25, JB wrote:
At first glance, this seems to work but I wanted to know if there's a
better or more common way to achieve this. Or is this completely
stupid after all? (Why?)
Looks fine to me; you're conditionally executing the rest of your policy
-
From: freeradius-users-
bounces+stefan.paetow=diamond.ac...@lists.freeradius.org
[mailto:freeradius-users-
bounces+stefan.paetow=diamond.ac...@lists.freeradius.org] On Behalf Of
Roberto Carna
Sent: 24 September 2013 15:17
To: FreeRadius users mailing list
Subject: Re: Active Directory
=diamond.ac...@lists.freeradius.org] On Behalf Of
Roberto Carna
Sent: 25 September 2013 14:27
To: FreeRadius users mailing list
Subject: Re: Active Directory authentication question
Dear Stephan, just the last question pleasein your guide you say:
In /etc/raddb/eap.conf, change the ttls
=diamond.ac...@lists.freeradius.org] On Behalf Of
Roberto Carna
Sent: 25 September 2013 14:27
To: FreeRadius users mailing list
Subject: Re: Active Directory authentication question
Dear Stephan, just the last question pleasein your guide you say:
In /etc/raddb/eap.conf, change the ttls
Sent: 25 September 2013 15:44
To: FreeRadius users mailing list
Subject: Re: Active Directory authentication question
Dear Stephan: Notebook with Windows 7 + AP + EAP-TTLS + MSCHAPv2 +
Freeradius + AD is working now !!!
But just a doubt: if I access with my Android device, using EAP-TLS
Message-
From: freeradius-users-
bounces+stefan.paetow=diamond.ac...@lists.freeradius.org
[mailto:freeradius-users-
bounces+stefan.paetow=diamond.ac...@lists.freeradius.org] On Behalf Of
Roberto Carna
Sent: 25 September 2013 15:44
To: FreeRadius users mailing list
Subject: Re: Active
Well. There's no such thing as EAP-TLS/MSCHAPv2 . So I'd guess that your
Android device is just doing PEAPv0/EAP-MSCHAPv2 or such and your config allows
it to. If you ran in full debug mode when connecting with the Android device
you'd see exactly what's happening
alan
-
List
But in the EAP-TLS section from eap.conf file, I don't see any
reference to MSCHAPv2and remember the NTLM authentication query is
set up in the MSCHAPv2 module
EAP-TLS does not use MSCHAPv2. It uses certificates.
I quote Alan DeKok's response to your question on September 18:
On 25 Sep 2013, at 20:08, Alisson alissongoncal...@bsd.com.br wrote:
Hi,
I have a lot of logs with deadlocks
Those would be caused by a bug in your custom SQL queries?
Arran Cudbard-Bell a.cudba...@freeradius.org
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See
This messages are from radius.log
I've doesn't changed anything in db... and I haven't custom queries...
2013/9/25 Arran Cudbard-Bell a.cudba...@freeradius.org
On 25 Sep 2013, at 20:08, Alisson alissongoncal...@bsd.com.br wrote:
Hi,
I have a lot of logs with deadlocks
Those
On 25 Sep 2013, at 20:54, Alisson alissongoncal...@bsd.com.br wrote:
This messages are from radius.log
Those errors were generated by the MySQL client library or the MySQL server,
just because they're included in the radius.log file does not mean they
originated from within the FreeRADIUS
On 25 Sep 2013, at 21:20, WorkingMan signup_mail2...@yahoo.com wrote:
I have been seen this weird message for two days now. I setup PPTP and IPSec
(ikev1) with freeradius + mysql.
In both cases I see Access-Acccept and in Accounting-Request I see these two
message:
WARNING: Empty
As the msg says. Your preacct {} and accounting {} sections in your server are
not configured to do anything. Add active modules to them eg a database call
and things will be different.
alan-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Sep 25, 2013, at 4:33 PM, Arran Cudbard-Bell a.cudba...@freeradius.org
wrote:
On 25 Sep 2013, at 21:20, WorkingMan signup_mail2...@yahoo.com wrote:
I have been seen this weird message for two days now. I setup PPTP and IPSec
(ikev1) with freeradius + mysql.
In both cases I see
I will double check them when I get back to my machine. I think I know what you
mean. Will report back.
On Sep 25, 2013, at 4:38 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
As the msg says. Your preacct {} and accounting {} sections in your server
are not configured to do anything. Add
So this error its caused by my application?
2013/9/25 Arran Cudbard-Bell a.cudba...@freeradius.org
On 25 Sep 2013, at 20:54, Alisson alissongoncal...@bsd.com.br wrote:
This messages are from radius.log
Those errors were generated by the MySQL client library or the MySQL
server, just
Are you saying my default file has these sections as empty? Or that the vpn
clients are sending empty data?
Sections. As the Warning clearly states, sections.
Arran Cudbard-Bell a.cudba...@freeradius.org
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See
Signup_mail2002 signup_mail2002 at yahoo.com writes:
I will double check them when I get back to my machine. I think I know
what you mean. Will report back.
On Sep 25, 2013, at 4:38 PM, Alan Buxey A.L.M.Buxey at lboro.ac.uk
wrote:
As the msg says. Your preacct {} and accounting {}
On Thu, Sep 26, 2013 at 4:14 AM, Alisson alissongoncal...@bsd.com.brwrote:
So this error its caused by my application?
Whatever it is that creates queries to mysql.
In the default schema, radacct will continue to grow. If you're running it
on a production system with significant amount of
On Mon, 23 Sep 2013 at 22:03, Phil Mayers opined:
PM:Carefully examine the two entries on line 1 and 172, determine what's
PM:different, examine the unredacted data in the packets, and correct it.
hi phil - thanks for the advice, i figured out that placement of the
$INCLUDE statement (and
to date on Debian specifically.
Stefan
-Original Message-
From: Roberto Carna [mailto:robertocarn...@gmail.com]
Sent: 23 September 2013 19:16
To: Paetow, Stefan (DLSLtd,RAL,LSCI)
Subject: Re: Active Directory authentication question
Dear Stepahn, I use Debian 7 for my Freeradius
paul trader wrote:
hi phil - thanks for the advice, i figured out that placement of the
$INCLUDE statement (and user info in general) in the users file is
important for windows authentication. strangely enough, it doesn't seem
to matter for a linux dialup, though.
That is a *terrible*
On 24/09/13 12:25, JB wrote:
At first glance, this seems to work but I wanted to know if there's a
better or more common way to achieve this. Or is this completely
stupid after all? (Why?)
Looks fine to me; you're conditionally executing the rest of your policy
based on earlier results.
-
Roberto Carna wrote:
Dear, I'm advancing in the Freeradius + AD authenticationjust a
short question: when I want to make the eapol_test tool, I get this
error:
# make eapol_test
/usr/bin/ld: cannot find -lnl
collect2: error: ld returned 1 exit status
make: *** [eapol_test] Error 1
On 09/24/2013 10:16 AM, Roberto Carna wrote:
Dear, I'm advancing in the Freeradius + AD authenticationjust a
short question: when I want to make the eapol_test tool, I get this
error:
# make eapol_test
/usr/bin/ld: cannot find -lnl
collect2: error: ld returned 1 exit status
make: ***
...@lists.freeradius.org] On Behalf Of
Roberto Carna
Sent: 24 September 2013 15:17
To: FreeRadius users mailing list
Subject: Re: Active Directory authentication question
Dear, I'm advancing in the Freeradius + AD authenticationjust a
short question: when I want to make the eapol_test tool, I get
Note: Comp128-4 (milenage) is still unknown (please contact one of the
developers
if you have access to it's specification), but just algorithms 1-3 are still
useful.
Actually it's not, it's published in the 3GGP standards, neat :)
Arran Cudbard-Bell a.cudba...@freeradius.org
On 24 Sep 2013, at 18:12, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
Note: Comp128-4 (milenage) is still unknown (please contact one of the
developers
if you have access to it's specification), but just algorithms 1-3 are still
useful.
Actually it's not, it's published in
On 24/09/13 17:58, María Teresa Mondragón Reyes wrote:
rad_recv: Accounting-Request packet from host 192.168.4.224 port 32769,
id=157, length=285
Invalid packet code 4 sent to a proxy port from home server
192.168.4.224 port 32769 - ID 157 : IGNORED
Ready to process requests.
This should be
María Teresa Mondragón Reyes wrote:
I followed the instructions to configure freeradius plus remote mysql
server and when put in debug mode freeradius -f -X i get
this message.
You don't need -f -X. Just -X is good enough.
rad_recv: Accounting-Request packet from host 192.168.4.224 port
On Tue, 24 Sep 2013 at 10:36, Alan DeKok opined:
AD: It also contradicts your previous messages. You claimed you put the
AD:users file entry at line one of the file. But now you talk about a
AD:$INCLUDE statement.
AD:
AD: So... which is it?
hi alan - well, i did both. at first the
Or ask your distribution provider why they still provide wpa_supplicant package
without eapol_test tool ;)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
paul trader wrote:
hi alan - well, i did both. at first the $INCLUDE was put at the bottom
of the users file, and there was 1 entry in the included file, at line 1.
Why do you have a $INCLUDE? You did NOT mention it in your other posts.
The help here presumes that you accurately
On 23 Sep 2013, at 11:27, Husnain Taseer husnain.tas...@gmail.com wrote:
Even I don't get any request from asterisk server in radius logs.
You're looking at the wrong layer for the problem.
Fire up tcpdump. Do you see any radius traffic leaving the asterisk box? Does
it reach the RADIUS
On 23 Sep 2013, at 12:32, ken.farrington ken.farring...@802.co.uk wrote:
Hi All,
I really do try to read the forums in full before I post, but I have seen
much out there on this, but just cant find out why this is happening.
Please see below.
The only think I dont have is sim_files
In tcpdump asterisk not sending request to the freeradius can u tell after
configuring freeradius what configurations are needed to be done in
asterisk.
Regards,
Husnain Taseer
On Mon, Sep 23, 2013 at 4:11 PM, Adam Bishop adam.bis...@ja.net wrote:
On 23 Sep 2013, at 11:27, Husnain Taseer
Hi Arran,
Im not sure if I have interpreted this right. Are you agreeing with my
statement, that it is not needed or are you saying it is needed? I seem to
recall I get an error when I put the sime_files in the default file.
Many thx indeed for the lightning fast response mate :)
Ken
On 23
On 23/9/2013 3:14 μμ, Free-Radius wrote:
I wonder if the Freeradius to authenticate a client by IP number,
without using login and password, only the IP. If possible, how to do?
You can authenticate a client based on MAC Address. See
http://wiki.freeradius.org/guide/Mac-Auth for various
Just also beware that the MAC and be spoofed also with lots of programs :)
On 23 September 2013 at 13:46 Nikolaos Milas nmi...@noa.gr wrote:
On 23/9/2013 3:14 μμ, Free-Radius wrote:
I wonder if the Freeradius to authenticate a client by IP number,
without using login and password, only
Also, if I put the sim_files entry before eap in the default file I get the
following error when I try and start Radiusd -s -X
Module: Linked to sub-module rlm_eap_sim
Module: Instantiating eap-sim
Module: Checking authorize {...} for more modules to load
/usr/local/etc/raddb/radiusd.conf[643]:
Husnain Taseer wrote:
In tcpdump asterisk not sending request to the freeradius can u tell
after configuring freeradius what configurations are needed to be done
in asterisk.
You were told to ask this question on the asterisk mailing list.
We are not asterisk, and we know nothing about
Am Montag, 23. September 2013, 13:53:14 schrieb ken.farrington:
Just also beware that the MAC and be spoofed also with lots of programs :)
Yes: ip link dev ... set addr ...
On 23 September 2013 at 13:46 Nikolaos Milas nmi...@noa.gr wrote:
On 23/9/2013 3:14 μμ, Free-Radius wrote:
I
Daniel Baker wrote:
[ldap] performing search in dc=citlao,dc=local, with filter (uid=root)
[ldap] object not found
[ldap] search failed
What part of that is unclear?
What can I try to fix the authentication issues so that all ports are being
successfully authenticated ?
Ensure
Thank you Alan I will pursue that line of inquiry further.
On 9/23/2013 8:18 PM, Alan DeKok wrote:
Daniel Baker wrote:
[ldap] performing search in dc=citlao,dc=local, with filter (uid=root)
[ldap] object not found
[ldap] search failed
What part of that is unclear?
What can I try
On Mon, 23 Sep 2013 at 13:31, John Dennis opined:
JD:You still haven't sent the full debug.
hi john - thanks for your reply. i sent the output from running radiusd
-X, are you saying i need to run -Xxx and send that instead?
or are you looking for the startup output as well? i only included
...@lists.freeradius.org
You can reach the person managing the list at
freeradius-users-ow...@lists.freeradius.org
When replying, please edit your Subject line so it is more specific
than Re: Contents of Freeradius-Users digest...
Today's Topics:
1. Re: FreeRadius Error Access Rejected Only
On 23/09/13 17:33, paul trader wrote:
am i doing something glaringly wrong, or just going plain crazy?
It's difficult to say, because the debug you sent has all the useful
bits trimmed out - like the original packet, and the full module
processing chain.
Send a full debug, and odds are
On 09/23/2013 01:19 PM, paul trader wrote:
eOn Mon, 23 Sep 2013 at 17:52, Phil Mayers opined:
PM:It's difficult to say, because the debug you sent has all the useful
PM:bits trimmed out - like the original packet, and the full module
PM:processing chain.
You still haven't sent the full
eOn Mon, 23 Sep 2013 at 17:52, Phil Mayers opined:
PM:It's difficult to say, because the debug you sent has all the useful
PM:bits trimmed out - like the original packet, and the full module
PM:processing chain.
hi phil - ok, here's the full debug for a successful request:
rad_recv:
On Mon, 23 Sep 2013 at 18:49, Rui Ribeiro opined:
RR:Your not crazy for sure. The problem authenticating with Windows boxen
RR:is that they only support MSCHAPv2… kudos to Microsoft.
hi rui - thanks for that, although my family and co workers may disagree!
according to this wiki faq entry:
On 09/23/2013 02:07 PM, paul trader wrote:
On Mon, 23 Sep 2013 at 13:31, John Dennis opined:
JD:You still haven't sent the full debug.
hi john - thanks for your reply. i sent the output from running radiusd
-X, are you saying i need to run -Xxx and send that instead?
No. It means all
paul trader wrote:
i used a default v2 install and only changed the users and clients.conf
files. everything else was left alone.
Well, there's no magic. If the users file entry doesn't match, it's
because the User-Name isn't test.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Hey I wanted to say thanks for the tips! I convinced the peers that it was
not a good idea to allow auto certificate acceptance and to just have the
clients accept it when the new certificate went online.
Cheers,
- Trevor
On Thu, Sep 12, 2013 at 3:46 PM, Brian Julin bju...@clarku.edu wrote:
On Mon, 23 Sep 2013 at 14:42, John Dennis opined:
JD:You have all the information you need to debug your problem. It does
JD:require reading the debug output carefully. But you should really try
JD:to do that yourself first. As a said earlier, verify you're reading the
JD:exact same users file
On 23/09/2013 18:19, paul trader wrote:
hi phil - ok, here's the full debug for a successful request:
[files] users: Matched entry test at line 1
Versus
and here's the full output of a failed request:
[files] users: Matched entry DEFAULT at line 172
The two request look very similar,
--Please suggest any document which can help in better understanding on
TLS Authentication.
Arvind, I also faced the same issue at beginning , but I would suggest to
read Freeradius own documentation. That is probably the best.
On Mon, Sep 23, 2013 at 7:45 PM, arvind132 . arvind...@gmail.com
thanks Alan
On Fri, Sep 20, 2013 at 9:44 PM, Alan DeKok al...@deployingradius.comwrote:
Mehdi Ravanbakhsh wrote:
*i can not find any detailed document on this.*
doc/rlm_sql. It's on the Wiki, and distributed with the server tar
file.
Alan DeKok.
-
List info/subscribe/unsubscribe?
On 22/09/2013 15:12, WorkingMan wrote:
I am wondering is it possible to configure one server using a single IP to
handle PPTP/IPSEC --- freeradius? Does it make sense (or possible) to create
a virtual servers against PPTP and IPSEC separately? I am just wondering
what's the best practice. I
WorkingMan wrote:
I am wondering is it possible to configure one server using a single IP to
handle PPTP/IPSEC --- freeradius?
Yes.
Does it make sense (or possible) to create
a virtual servers against PPTP and IPSEC separately?
If you want. Read raddb/sites-available/README. It
WorkingMan wrote:
My design is that I don't actually care about secondary authentication with
RADIUS since it's already doing certificate validation from strongswan side
before doing secondary authentication. All is good if I was only need
secondary authentication since I can bypass with
Alan DeKok aland at deployingradius.com writes:
WorkingMan wrote:
I am wondering is it possible to configure one server using a single IP
to
handle PPTP/IPSEC --- freeradius?
Yes.
Does it make sense (or possible) to create
a virtual servers against PPTP and IPSEC separately?
Alan DeKok aland at deployingradius.com writes:
WorkingMan wrote:
My design is that I don't actually care about secondary authentication
with
RADIUS since it's already doing certificate validation from strongswan
side
before doing secondary authentication. All is good if I was only
WorkingMan wrote:
So from what I gather I can make my VPN servers pointing to different ports
(in strongswan.conf) and have freeradius's listen{} pointing to matching
ports but I can keep the same IP for the virtual servers.
Yes.
Does this look correct (or at least conceptually)? My test
WorkingMan wrote:
Can you give me an example on how to always accept connection on EAP-*
authentication (it will be password based from xauth-eap from strongswan)
No. EAP doesn't (and can't) work that way.
but at the same time still honour Expiration logic? I am not sure what to
do it
Which version is this?
2.2.0 should have DHCP support enabled by default. Older version (e.g. the
one bundled with debian/ubuntu) might not have that support yet.
--
Fajar
On Mon, Sep 23, 2013 at 10:17 AM, bayu setiawan baydongko...@gmail.comwrote:
Hi,
i have problem when i configured for
this is my version
*radiusd: FreeRADIUS Version 2.1.12, for host i386-redhat-linux-gnu*
On Mon, Sep 23, 2013 at 10:25 AM, Fajar A. Nugraha l...@fajar.net wrote:
Which version is this?
2.2.0 should have DHCP support enabled by default. Older version (e.g. the
one bundled with
On Mon, Sep 23, 2013 at 10:34 AM, bayu setiawan baydongko...@gmail.comwrote:
this is my version
*radiusd: FreeRADIUS Version 2.1.12, for host i386-redhat-linux-gnu*
Short version: upgrade.
If you know how to build a package from source (i.e. rpmbuild), 2.2.0 has a
working spec file. Due to
Is dhcp not available in 2.1.12 version?
and is my configure automaticly exitst if i built package from source for
latest 2.x.x version? so i don't need reconfigure it?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Mon, Sep 23, 2013 at 11:35 AM, bayu setiawan baydongko...@gmail.comwrote:
Is dhcp not available in 2.1.12 version?
Yes, if you enable it.
and is my configure automaticly exitst if i built package from source for
latest 2.x.x version? so i don't need reconfigure it?
No idea what you
On 20 Sep 2013, at 14:00, Mehdi Ravanbakhsh baba...@gmail.com wrote:
Hi all
I need the algorithm that use to create acct_unique ID that use in radacct
table.
any one can help on this ?
It's MD5 of the string representation of the subset of attributes configured
for the
On 20 Sep 2013, at 13:55, Mehdi Ravanbakhsh baba...@gmail.com wrote:
Hi All
for some reason (change database structure and limitation on sql module for
sql connection and ...) i need to develop something like SQL module to
exchange check data in all section on my database .
so in
On 20 Sep 2013, at 17:04, Nasser Heidari nas...@rasana.net wrote:
Hi,
I'm trying to setup eap-ttls with freeradius, all my tests in LAB was
successful. I've test it with both users file and sql and it was working.
Now I'm going to prepare it for real setup, my only problem is that all my
Mehdi Ravanbakhsh wrote:
*i can not find any detailed document on this.*
doc/rlm_sql. It's on the Wiki, and distributed with the server tar
file.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
thanks
On Sep 20, 2013 5:54 PM, Arran Cudbard-Bell a.cudba...@freeradius.org
wrote:
On 20 Sep 2013, at 14:00, Mehdi Ravanbakhsh baba...@gmail.com wrote:
Hi all
I need the algorithm that use to create acct_unique ID that use in
radacct table.
any one can help on this ?
It's MD5 of
What I mean is that EAP-TLS is easier to me than AD authentication at
this point, because I've just put it to work...and if I want to use AD
auth I have to take EAP-TLS out and start again with NTLM / AD
authenticationis it OK ???
Roberto, you don't have to remove EAP-TLS to support
Hi,
is the firmware on that iPad particularly old? Or maybe your OpenSSL on
the server side?
Things like mismatching cipher requirements or force secure
renegotiation might cause some of these issues.
Greetings,
Stefan Winter
Am 19.09.13 06:27, schrieb val john:
hi guys
we are getting
val john wrote:
Tue Sep 17 13:36:25 2013 : Error: TLS Alert read:warning:close notify
This means that the *other* end shut down the TLS connection. To be
polite, it sent a notification that it was doing so.
Do you guys any idea what cause this issue
Maybe there's something in the CA /
John,
The IPhone Configuration Utility can do remote debugging with iPads, it
helped me diagnose some EAP-TLS issues.
John.
From:
freeradius-users-bounces+jcarter=identitynetworks@lists.freeradius.org
[mailto:freeradius-users-bounces+jcarter=identitynetworks.com@lists.freeradi
Nikolaos Milas wrote:
I would like to ask how we can direct FR dhcp server (using an ldap
backend) to relay to another dhcp server.
...
update control {
DHCP-Relay-To-IP-Address := 192.2.3.4
}
...
The idea is that we have a db of known MAC
On 19/9/2013 3:40 μμ, Alan DeKok wrote:
In 2.2.1, it can handle dynamic IP allocation. See
raddb/sites-available/dhcp. Look for pool.
Thanks. I guess it is supported in 3.0.0 as well ?
Nick
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Nikolaos Milas wrote:
Thanks. I guess it is supported in 3.0.0 as well ?
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks Stepahn for all your important help.
Regards,
Roberto
2013/9/19 stefan.pae...@diamond.ac.uk:
What I mean is that EAP-TLS is easier to me than AD authentication at
this point, because I've just put it to work...and if I want to use AD
auth I have to take EAP-TLS out and start again
rich carroll wrote:
I am having problems getting freeradius with ubuntu and postgres to
work. I have set up this setup on freebsd several time successfully. I
believe that it is not checking the database at all. Below is my radtest
command and my debug command.
It's not using Postgresql
On Thu, Sep 19, 2013 at 12:00:47PM -0500, rich carroll wrote:
I am having problems getting freeradius with ubuntu and postgres to work. I
have set up this setup on freebsd several time successfully. I believe that
it is not checking the database at all. Below is my radtest command and my
debug
That was the trick. Thanks, uncommented a couple sql's and its working like
it should.
Really? If you configure sql.conf, then that *isn't* enough. Read
raddb/sites-available/default, and look for sql.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Roberto Carna wrote:
Dear, I have several Windows 7 clients over WiFi autheticating throug
EAP-TLS to a Freeradius 2.1 service against a local MySQL database, it
works OK.
EAP-TLS doesn't use MySQL for storing credentials. Everything is in
the certificate.
Now I have to change the
Sorry, so I'm a bit confused...
I'm using Windows 7 clients for accesing the WiFi network through
EAP-TLS with X.509 certificates. But in this way, I could see that I
can authenticate users or hosts...if I choose users, I can see a
dialog box to fill user and password and I suppose they are
On 18 Sep 2013, at 15:39, Roberto Carna robertocarn...@gmail.com wrote:
Sorry, so I'm a bit confused...
I'm using Windows 7 clients for accesing the WiFi network through
EAP-TLS with X.509 certificates. But in this way, I could see that I
can authenticate users or hosts...if I choose
On 09/18/2013 11:01 AM, Roberto Carna wrote:
Arran, I have a private CA and I've created the server and client
certs of course...and I've generated the .p12 cert (includind the CA
cert) to install in my Windows 7 clientsit works OK.
What I mean is that EAP-TLS is easier to me than AD
Arran, I have a private CA and I've created the server and client
certs of course...and I've generated the .p12 cert (includind the CA
cert) to install in my Windows 7 clientsit works OK.
What I mean is that EAP-TLS is easier to me than AD authentication at
this point, because I've just put
Roberto Carna wrote:
Sorry, so I'm a bit confused...
Because you're unfamiliar with the correct terminology, and with how
things really work. To recap:
EAP-TLS uses certificates to identify users. And nothing else. No
passwords, etc.
AD is a database. MySQL is a database. They store
201 - 300 of 59048 matches
Mail list logo
