Newest freeradius Questions

Q&A for system and network administrators

rlm_rest : Handling MSCHAP

I'm writing a django based json rest service for use with rlm_rest. FreeRadius will serve both AAA and DHCP. Despite my scripting skill, The DHCP Part is working correctly ... but have problem with ...

FreeRADIUS / daloRADIUS SSID's restriction

I'm setting up a network with RADIUS-based authentication network and everything is working properly (MySQL, FreeRadius & DaloRadius). The problem is that we've got 2 SSID's and I would like to ...

freeradius rlm_rest option 43

I learn using rlm_rest of freeradius also for the DHCP part. Currently I can alocate IP addres based on User clas and DHCP relay that directly serve the user. Now, I will use UBNT Unifi APs. This ...

FreeRADIUS authentication using Active Directory

I am trying to implement RADIUS authentication using Active Directory. I want requests to RADIUS to be sent to AD server and RADIUS responds according to its result. I've already joined RADIUS server ...

Implement zone migration on nomadix

I am trying to implement zone migration on nomadix. I have made the desired settings on the nomadix. However when I switch between the SSIDs it does not redirect me to the AAA page. Although I get ...

creating SSH accounts using RADIUS pam

I use the REST module of RADIUS to validate login requests (username & password). Now I would like my users to be able to login to some servers using SSH. Their accounts should be all very ...

Packet don't flow over Cisco VPDN (PPP) when using RADIUS

I've extensively searched for everything I can think of regarding this subject online - I hope I'm just missing the obvious. This has been bugging me every evening for 2 weeks now. (It's a Cisco ...

FreeRADIUS & rlm_rest: how to send reply attributes?

I configured FreeRADIUS to make requests to REST service in post-auth section. It successfully sends all request attributes to the service. But I need FreeRADIUS to send both request and reply ...

2FA with Windows NPS

I would like to set up two-factor authentication for my Wireless users. I have an Windows NPS server that is currently authenticating my wireless users and I want to add certificates or any other ...

authenticating Cisco IOS against FreeRADIUS not responding

My company's looking to move from local authentication on it's routers and switches to a central RADIUS server which I have been tasked with developing. I have the FreeRADIUS server properly ...

AddRadiusCookieValid and AuthRadiusCookieValid in Apache Radius module

For one of my projects I have to set up two factor authentication. I have used Apache Free Radius module which acts as a client to Radius server. This setup is already been done and 2FA is working ...

freeradius, rlm_rest : Failed to Authenticate user

I read : Configuring rlm_rest module in FreeRadius My FreeRadius version is 3.0.11 (git #d667a28) My try is using included demo.pl, just change the port. radtest --> radtest testing testing123 127....

how to configure freeradius for separate Code and Password prompts, instead of a single Password prompt?

I've got a Freeradius server set up where the users in /etc/freeradius/users have Auth-Type := PAM. This makes radius refer to the /etc/pam.d/radiusd file, and in this file I have auth requisite ...

radius authentication — spiking load ever two hours on the hour

We're using freeradius & winbindd in order to authenticate our EDUROAM Wifi users against the Active Directory domain. This is working like a charm, but we get load-spikes of 30 and more almost ...

With freeradius and PEAP-MSCHAP, how does one limit connectivity to a single group?

I feel like jumping up and down after I got FreeRadius, samba winbind, XCA w/ ECDSA certs, Active Directory, and Ubiquiti Unifi all talking together. Next problem, any valid account in ...

SSH fallback to local account if Radius server isn't available

I've edited my /etc/pam.d/sshd for Radius authentication; I added this line: auth required pam_radius_auth.so Also, I've commented out the line: @include common-auth Now SSH authentication using ...

radtest no response from outside localhost

I have set up freeradius in a Microsoft Azure VM. When I radtest from 127.0.0.1, it sends Access-Accept. But when I run radtest from another computer, freeradius doesn't respond. I am running ...

FreeRadius Scalability with multiple NAS worldwide

Our network setup consists of 5 network access servers in 5 different locations worldwide and it is expected to expand in the coming days to 15 network access servers and more in future. Currently we ...

ddwrt + Freeradius + LDAP

I am trying to set up an LDAP server for authenticating multiple servers such as ftp and radius (maybe even ssh?) I have a router (ddwrt) which I have been able to authenticate with plaintext ...

Can a FreeRadius presenting a SHA1 certificate accept SHA2 client certificates and validate them against a CA that accepts SHA1 and SHA2 certificates?

Can a FreeRadius presenting a SHA1 certificate accept SHA2 client certificates and validate them against a CA that accepts SHA1 and SHA2 certificates? Another option would be that the FreeRadius ...

Freeradius VLAN assignment with EAP-TLS and WiFi 802.1x

I'm using FreeRadius with a Ubitquiti WiFi AP with 802.1x auth using EAP-TLS (mutual client/server cert based auth). This is working well for static VLANs (i.e. specified on the AP). I'd like to ...

freeradius+ external users database

I need authenticate users with freeradius, these users are located in an existing external database. I think that the rest_module can help me to do that, in that case, which values the rest api ...

Freeradius is ignoring Packets

currently i'm installing a Cisco ASR1k as an PPPoE BRAS. I'm using freeradius as authentication service. The setup is an Ubuntu 14.04LTS with a quite outdated freeradius 2.1.12 installed via APT. ...

How to import large mysql database (innodb , myisam tables) to MySQL NDB cluster

Mysqlcluster used:- GA 7.4, Centos 7 I have 30GB each physical memory in 2 datanodes and SSD 200GB each but the database size(cumulative size of multiple db's belonging to free radius ) is around ...

FreeRadius can't get new openssl version

I just beginning with FreeRadius. I have installed FreeRadius 2.2.9 but when I try to debug with radiusd -X I got this error Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 ...

I'm trying to integrate freeradius with active directory in cenos 7

I'm trying to integrate freeradius with active directory in cenos 7. The steps I did to join the client to AD domain here: yum install realm realm discover 10.8.10.109 test.uy type: kerberos realm-...

freeRADIUS TLS Alert read:fatal:unknown CA

I am trying to implement Hotspot 2.0 / Passpoint feature using the following: FreeRADIUS v3.0.11 Google Nexus 6P device running Marshmallow 6.0 OS Cisco Wireless LAN ( WLC Controller ) with 3702 AP. ...

develop my own freeradius module [on hold]

i'm working on a project with freeradius in which i have to develop a module, which for doing authentication, will send a request to another application (maybe on another server) to do so. i'm a ...

FreeRadius configure two different authentication types

Have a particular scenario in that we would like to use FreeRadius to log into switchs using Kerberos credentials and network devices using EAP-TLS. Currently have this configured and working, but ...

Recover active config from memory in FreeRADIUS?

I have a problem on one of my FreeRADIUS servers. I got a corrupted configfile for one of my virtual servers due to the disk going full mid-write. Normally I would just pull the file from Veeam backup,...

FreeRadius authentication issue

Having an odd issue with pptp and freeradiuss on CentOS 6.4 VPSs. I have 1 VPS as the main freeradius server. 2 other VPS are used to connect to via pptp using the remote freeradius to authenticate. 1 ...

Freeradius pppoe user transfer quota

I got BRAS in production with Juniper for PPPoE service running, currently we are running Unlimited & Volume base service. For current we have php script to check the volume of Volume profile ...

Windows cannot connect to Enterprise WPA2 WiFi access point with EAP-TTLS PAP authentication using freeradius

I was working on having an Enterprise WiFi access point where my clients need to enter username and password (which are in OpenLDAP directory), using AES, TTLS PAP. I setup my freeradius according to ...

MS Active Directory with Google Authenticator

I am currently designing our new internal IT services, including IAM and e-mail. We currently use more or less no IAM or single sign-on solution. We have a WordPress based website, postfix + dovecot ...

Freeradius / python / package import fail

I'am tring to import an external library into (PyJWT) for a freeradius authorization, but when i run freeradius -X i get this error message. # Instantiating module "python" from file /etc/...

freeradius: include sql result in log file after auth

We have a limited mac-auth wifi network with sql lookups. This is working fine, and mac addresses are matched and authorised. I'd like to add a bit more to the logs (just using destination=syslog and ...

Roaming Issue with FreeRadius

I am using a FreeRadius Server (running on Centos 6.8) with CloudTrax (OpenMesh r5xx). When people try to roam between Access Points, they get logged off. Are there some settings in FreeRadius I ...

freeradius can't find libpython2.7.so

I'm following the steps @freeradius.org to enable python. After the initial round of changes, I start the server and get this amongst the startup chatter: Failed loading libpython symbols into global ...

Freeradius Server Migration

Good Afternoon. I have a working freeradius 2.1.1 server installed in Debian 5.0 and IO would like to migrate it to a fereradius 3.0.11 installed on Ubuntu Server 14.04 LTS. My question would be , ...

openvpn radius-plugin does not assign framed-ip-address from freeradius to clients

I am new to openvpn. I have an openvpn setup on ubuntu 14.04 which has a radius AAA backend for authentication, authorization and accounting. In addition to this, we have configured freeradius to ...

ttls-pap : unknown reply attribute

What is the right radius reply attribute to send 'Framed-pool' to TTLS-PAP Client ? My radius sent : (6) Sent Access-Accept Id 6 from 127.0.0.1:1812 to 127.0.0.1:56789 length 0 (6) MS-MPPE-Recv-...

accounting in rlm_rest Module freeradius

I work on a Hotspot Project with Coova Chilli and Freeradius. I Use FreeRADIUS in the latest stable Version 3.0.11. I created my rest and sites-enabled config file according to this post: Configuring ...

FreeRadius: No User-Password or CHAP-Password attribute in the request

I've create a VPN Server(PPTP + FreeRadius2.1.12) on Ubuntu, the radtest command was succeed,but on OSX use pptp to login the VPN is not. Here's the configuration. Server: Ubuntu Client: OSX ...

CentOS 6 ssh is not prompting for the verification code?

I have installed the pam radius rpm package, and successfully configured /etc/pam.d/sshd, /etc/ssh/sshd_config, & /etc/pam_radius.conf. I know it is working, as i am getting a push notification to ...

MacOS clients sporadically disconnect from WPA Enterprise wireless network

We have a small office with ~20 people, each using a MacBook, and optionally connecting with a mobile phone too. Previously we used usual Wi-Fi with a shared key, but recently I reconfigured it to WPA ...

freeradius gives “no shared cipher” for windows 10 client

I have a working configuration of 802.1X authentification on my switch. The radius server is a freeradius instance with EAP-TLS configured. Everything works fine on linux (and android devices), but ...

free radius vlan authentication

I have FreeRADIUS installed on my server, and also have many vlan managed by this server. Let's say vLAN A:192.168.1.0, and vLAN B: 192.168.2.0. I'm using FreeRADIUS in combination with postgres ...

Checking RadHuntGroup And Radgroupcheck to login specific NAS

I am actually setting up a FreeRADIUS Version 2.1.12, server that will manage authentication Users Cisco Switchs in company .. and i have one problem : I need to create some accounts that can be ...

Cannot connect with WPA2 ((AES)) algorithm + EAP-TTLS PAP with freeradius auth

I setup successfully an enterprise wifi connection with LDAP authentication by the mediation of Freeradius. I used EAP-TTLS PAP because I have hashed passwords in my OpenLDAP directory. In case I used ...

Using FreeRADIUS to filter accounting packets before forwarding

I am trying to see if it is possible to use FreeRADIUS to filter certain request types before forwarding the request on to its final destination. I have the following topology for RADIUS accounting ...
Translating... 0%