Newest freeradius Questions

Q&A for system and network administrators

Freeradius pppoe user transfer quota

I got BRAS in production with Juniper for PPPoE service running, currently we are running Unlimited & Volume base service. For current we have php script to check the volume of Volume profile ...

how to configure freeradius for separate Code and Password prompts, instead of a single Password prompt?

I've got a Freeradius server set up where the users in /etc/freeradius/users have Auth-Type := PAM. This makes radius refer to the /etc/pam.d/radiusd file, and in this file I have auth requisite ...

Can a FreeRadius presenting a SHA1 certificate accept SHA2 client certificates and validate them against a CA that accepts SHA1 and SHA2 certificates?

Can a FreeRadius presenting a SHA1 certificate accept SHA2 client certificates and validate them against a CA that accepts SHA1 and SHA2 certificates? Another option would be that the FreeRadius ...

Freeradius authentication: LDAP group and SSID matching

I'm running a freeradius v3 instance with an LDAP backend for the authentication.The backend is working fine but I'v issues with my users.conf file.In this file, I'm trying to implement some rules to ...

freeradius gives “no shared cipher” for windows 10 client

I have a working configuration of 802.1X authentification on my switch. The radius server is a freeradius instance with EAP-TLS configured. Everything works fine on linux (and android devices), but ...

I'm trying to integrate freeradius with active directory in cenos 7

I'm trying to integrate freeradius with active directory in cenos 7. The steps I did to join the client to AD domain here: yum install realm realm discover 10.8.10.109 test.uy type: kerberos realm-...

FreeRadius Scalability with multiple NAS worldwide

Our network setup consists of 5 network access servers in 5 different locations worldwide and it is expected to expand in the coming days to 15 network access servers and more in future. Currently we ...

SSH fallback to local acount if Radius server isnt available

Ive edited my /etc/pam.d/sshd for radius authentication, i added this line auth required pam_radius_auth.so Also ive commented out the line: @include common-auth Now SSH authentication using ...

FreeRADIUS / daloRADIUS SSID's restriction

I'm setting up a network with RADIUS-based authentication network and everything is working properly (MySQL, FreeRadius & DaloRadius). The problem is that we've got 2 SSID's and I would like to ...

creating SSH accounts using RADIUS pam

I use the REST module of RADIUS to validate login requests (username & password). Now I would like my users to be able to login to some servers using SSH. Their accounts should be all very ...

MacOS clients sporadically disconnect from WPA Enterprise wireless network

We have a small office with ~20 people, each using a MacBook, and optionally connecting with a mobile phone too. Previously we used usual Wi-Fi with a shared key, but recently I reconfigured it to WPA ...

Cannot connect with WPA2 ((AES)) algorithm + EAP-TTLS PAP with freeradius auth

I setup successfully an enterprise wifi connection with LDAP authentication by the mediation of Freeradius. I used EAP-TTLS PAP because I have hashed passwords in my OpenLDAP directory. In case I used ...

MS Active Directory with Google Authenticator

I am currently designing our new internal IT services, including IAM and e-mail. We currently use more or less no IAM or single sign-on solution. We have a WordPress based website, postfix + dovecot ...

radtest no response from outside localhost

I have set up freeradius in a Microsoft Azure VM. When I radtest from 127.0.0.1, it sends Access-Accept. But when I run radtest from another computer, freeradius doesn't respond. I am running ...

freeradius+ external users database

I need authenticate users with freeradius, these users are located in an existing external database. I think that the rest_module can help me to do that, in that case, which values the rest api ...

Freeradius is ignoring Packets

currently i'm installing a Cisco ASR1k as an PPPoE BRAS. I'm using freeradius as authentication service. The setup is an Ubuntu 14.04LTS with a quite outdated freeradius 2.1.12 installed via APT. ...

accounting in rlm_rest Module freeradius

I work on a Hotspot Project with Coova Chilli and Freeradius. I Use FreeRADIUS in the latest stable Version 3.0.11. I created my rest and sites-enabled config file according to this post: Configuring ...

freeradius: include sql result in log file after auth

We have a limited mac-auth wifi network with sql lookups. This is working fine, and mac addresses are matched and authorised. I'd like to add a bit more to the logs (just using destination=syslog and ...

freeradius rlm_rest option 43

I learn using rlm_rest of freeradius also for the DHCP part. Currently I can alocate IP addres based on User clas and DHCP relay that directly serve the user. Now, I will use UBNT Unifi APs. This ...

Windows cannot connect to Enterprise WPA2 WiFi access point with EAP-TTLS PAP authentication using freeradius

I was working on having an Enterprise WiFi access point where my clients need to enter username and password (which are in OpenLDAP directory), using AES, TTLS PAP. I setup my freeradius according to ...

free radius vlan authentication

I have FreeRADIUS installed on my server, and also have many vlan managed by this server. Let's say vLAN A:192.168.1.0, and vLAN B: 192.168.2.0. I'm using FreeRADIUS in combination with postgres ...

With freeradius and PEAP-MSCHAP, how does one limit connectivity to a single group?

I feel like jumping up and down after I got FreeRadius, samba winbind, XCA w/ ECDSA certs, Active Directory, and Ubiquiti Unifi all talking together. Next problem, any valid account in ...

freeradius, rlm_rest : Failed to Authenticate user

I read : Configuring rlm_rest module in FreeRadius My FreeRadius version is 3.0.11 (git #d667a28) My try is using included demo.pl, just change the port. radtest --> radtest testing testing123 127....

Roaming Issue with FreeRadius

I am using a FreeRadius Server (running on Centos 6.8) with CloudTrax (OpenMesh r5xx). When people try to roam between Access Points, they get logged off. Are there some settings in FreeRadius I ...

freeRADIUS TLS Alert read:fatal:unknown CA

I am trying to implement Hotspot 2.0 / Passpoint feature using the following: FreeRADIUS v3.0.11 Google Nexus 6P device running Marshmallow 6.0 OS Cisco Wireless LAN ( WLC Controller ) with 3702 AP. ...

authenticating Cisco IOS against FreeRADIUS not responding

My company's looking to move from local authentication on it's routers and switches to a central RADIUS server which I have been tasked with developing. I have the FreeRADIUS server properly ...

FreeRADIUS & rlm_rest: how to send reply attributes?

I configured FreeRADIUS to make requests to REST service in post-auth section. It successfully sends all request attributes to the service. But I need FreeRADIUS to send both request and reply ...

Freeradius Server Migration

Good Afternoon. I have a working freeradius 2.1.1 server installed in Debian 5.0 and IO would like to migrate it to a fereradius 3.0.11 installed on Ubuntu Server 14.04 LTS. My question would be , ...

Implement zone migration on nomadix

I am trying to implement zone migration on nomadix. I have made the desired settings on the nomadix. However when I switch between the SSIDs it does not redirect me to the AAA page. Although I get ...

FreeRADIUS authentication using Active Directory

I am trying to implement RADIUS authentication using Active Directory. I want requests to RADIUS to be sent to AD server and RADIUS responds according to its result. I've already joined RADIUS server ...

Freeradius / python / package import fail

I'am tring to import an external library into (PyJWT) for a freeradius authorization, but when i run freeradius -X i get this error message. # Instantiating module "python" from file /etc/...

Recover active config from memory in FreeRADIUS?

I have a problem on one of my FreeRADIUS servers. I got a corrupted configfile for one of my virtual servers due to the disk going full mid-write. Normally I would just pull the file from Veeam backup,...

FreeRadius: No User-Password or CHAP-Password attribute in the request

I've create a VPN Server(PPTP + FreeRadius2.1.12) on Ubuntu, the radtest command was succeed,but on OSX use pptp to login the VPN is not. Here's the configuration. Server: Ubuntu Client: OSX ...

openvpn radius-plugin does not assign framed-ip-address from freeradius to clients

I am new to openvpn. I have an openvpn setup on ubuntu 14.04 which has a radius AAA backend for authentication, authorization and accounting. In addition to this, we have configured freeradius to ...

Radius and FE80::/16 ignoring client

Why is my freeradius sever ignoring FE80::/16 clients? client.conf: client localhost { ipaddr = 127.0.0.1 < secret = testing123< require_message_authenticator = no nastype = ...

2FA with Windows NPS

I would like to set up two-factor authentication for my Wireless users. I have an Windows NPS server that is currently authenticating my wireless users and I want to add certificates or any other ...

CentOS 6 ssh is not prompting for the verification code?

I have installed the pam radius rpm package, and successfully configured /etc/pam.d/sshd, /etc/ssh/sshd_config, & /etc/pam_radius.conf. I know it is working, as i am getting a push notification to ...

Packet don't flow over Cisco VPDN (PPP) when using RADIUS

I've extensively searched for everything I can think of regarding this subject online - I hope I'm just missing the obvious. This has been bugging me every evening for 2 weeks now. (It's a Cisco ...

radius authentication — spiking load ever two hours on the hour

We're using freeradius & winbindd in order to authenticate our EDUROAM Wifi users against the Active Directory domain. This is working like a charm, but we get load-spikes of 30 and more almost ...

ttls-pap : unknown reply attribute

What is the right radius reply attribute to send 'Framed-pool' to TTLS-PAP Client ? My radius sent : (6) Sent Access-Accept Id 6 from 127.0.0.1:1812 to 127.0.0.1:56789 length 0 (6) MS-MPPE-Recv-...

How can I use winbind to return a filter-id based on group membership?

I have a couple of FreeRadius 3.0.9 servers which were just put into production on our Meraki network. We want to use user group membership in Active Directory to determine policy to be carried out by ...

How to import large mysql database (innodb , myisam tables) to MySQL NDB cluster

Mysqlcluster used:- GA 7.4, Centos 7 I have 30GB each physical memory in 2 datanodes and SSD 200GB each but the database size(cumulative size of multiple db's belonging to free radius ) is around ...

rlm_rest : Handling MSCHAP

I'm writing a django based json rest service for use with rlm_rest. FreeRadius will serve both AAA and DHCP. Despite my scripting skill, The DHCP Part is working correctly ... but have problem with ...

FreeRadius authentication issue

Having an odd issue with pptp and freeradiuss on CentOS 6.4 VPSs. I have 1 VPS as the main freeradius server. 2 other VPS are used to connect to via pptp using the remote freeradius to authenticate. 1 ...

Why do i need freeradius's keytab?

I'm trying to set up 802.1x for the wifi. I'm working with freeradius an windows server 2012. I need SSO ... help :) Currently I'm not able to set up freeradius krb. 'radtest' doesn't make it trough. ...

FreeRadius can't get new openssl version

I just beginning with FreeRadius. I have installed FreeRadius 2.2.9 but when I try to debug with radiusd -X I got this error Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 ...

AddRadiusCookieValid and AuthRadiusCookieValid in Apache Radius module

For one of my projects I have to set up two factor authentication. I have used Apache Free Radius module which acts as a client to Radius server. This setup is already been done and 2FA is working ...

Checking RadHuntGroup And Radgroupcheck to login specific NAS

I am actually setting up a FreeRADIUS Version 2.1.12, server that will manage authentication Users Cisco Switchs in company .. and i have one problem : I need to create some accounts that can be ...

How to check if the request is coming from nomadix using called station id

I want to do the following on the radius server :- Do an if statement to determine if we're dealing with a Nomadix using the %{Called-Station-Id} and if yes then need to execute a select query on a ...

FreeRadius configure two different authentication types

Have a particular scenario in that we would like to use FreeRadius to log into switchs using Kerberos credentials and network devices using EAP-TLS. Currently have this configured and working, but ...
Translating... 0%