30.08.2010 13:59:23
Topic:
New to TekRADIUS need help
admin
Administrator
Posts: 877
|
Hi,
As far as I understand TekRADIUS is installed behind a NAT gateway. If so you'll enter WAN IP address of your NAT gateway to Open-Mesh configuration.
You can enter the same IP address as secondary IP address. You can enter any NAS ID (TekRADIUS e.g.) You must add mapping for RADIUS authentication (UDP 1812)
and RADIUS Accounting (RADIUS 1813) services in NAT configuration of your gateway. Do not forget add a default client entry for Open-Mesh at TekRADIUS Manager / Clients tab.
Best regards,
Yasin KAPLAN
|
29.08.2010 04:20:59
Topic:
New to TekRADIUS need help
vsubramanian
Posts: 1
|
I use open-mesh dashboard and need to setup radius authentication for wireless users. I have TekRADIUS installed on a Windows XP SP3 desktop. On open-mesh dashboard i have the option to mention the IP of two radius servers as well as NASID.
I use DHCP in my wired network and same on several access points on my mesh network with about 14 nodes. I have created a test user name and password on the radius server side. What IP Address and what NASID should I use to test for wireless user login. I do not yet have a WAN ip for my Tekradius server box ( i mean the xp desktop).
Kindly get back to me.
Thanks,
Subra
|
25.08.2010 17:56:09
Topic:
time-limit
admin
Administrator
Posts: 877
|
Hi,
If your access server supports RADIUS accounting you can define time based quota limits for your users. When you add Session-Timeout to
user profile as a reply item, it's the access server's responsiblity to disconnect user session after session timer expiry. Check vendor resources
if your access server supports session expiration using Session-Timeout attribute.
Best regards,
Yasin KAPLAN
|
25.08.2010 16:35:49
Topic:
Error 628 after registration in vpn connecion
admin
Administrator
Posts: 877
|
You welcome
|
25.08.2010 16:09:13
Topic:
time-limit
majid_std
Posts: 3
|
Dear Friend,
how do i disconnect user after time-limit is reached ?
i used session-timeout but session time out is related to session and after disconnect and reconnect user has new session time ?
for example i created a daily user with time-limit(check)=1440 and session-timeout(success-Reply)=1440. 1) if user disconnected in the middle of day and reconnect it can use until one day and in fact use 1.5 days instead of one day ! and for my network my users connect to my network more than 10 days ! without discconection.
if i use credit per period , does the radius send disconnect reply to NAS after credit is zero ? or NOT ?
|
25.08.2010 15:47:07
Topic:
Error 628 after registration in vpn connecion
majid_std
Posts: 3
|
it does not need , only i set Generate-MS-MPPE-Keys in group profile and it is solved, thanks for help,
|
25.08.2010 11:52:32
Topic:
Error 628 after registration in vpn connecion
admin
Administrator
Posts: 877
|
Hi,
Please try following settings at VPN connection's Properties / Advanced (Custom Settings) / Settings:
Best regards,
Yasin KAPLAN
|
24.08.2010 21:06:48
Topic:
Error 628 after registration in vpn connecion
majid_std
Posts: 3
|
Dear friend,
i get error 628 in vpn in windows 7
|
24.08.2010 09:22:51
Topic:
TekRadius and Windows server 2008
admin
Administrator
Posts: 877
|
Hi,
Yes, you can install TekRADIUS to Windows 2008 Server.
Best regards,
Yasin KAPLAN
edited by admin on 24.08.2010
|
24.08.2010 03:24:24
Topic:
TekRadius and Windows server 2008
mashi
Posts: 1
|
Hello
can install on windows server 2008 or AD 2008?
had problem with NAP
regards
regards
|
23.08.2010 10:04:52
Topic:
Active sessions ...
admin
Administrator
Posts: 877
|
When you disable wireless connection from "Network Connections", Windows bypasses D-Link driver functions and
client can not send a proper signal to the AP for disconnection.
TekRADIUS does not have a feature to check if user session still active in the access server. This is the access server's
responsibility.
|
23.08.2010 09:49:24
Topic:
Installation
admin
Administrator
Posts: 877
|
Hi,
Here are my quick answers;
1. No
2. Access Point must support RADIUS authentication using 802.1X method.
3. There is no special need for WiFi card.
Best regards,
Yasin KAPLAN
|
23.08.2010 05:11:21
Topic:
Active sessions ...
segaodma
Posts: 14
|
still no solution ...
|
23.08.2010 03:40:09
Topic:
Installation
xyn
Posts: 1
|
Hi Everyone! I just want to ask some details coz I dont have an idea how this stff work..
Question 1. Should I need 2 NIC as a hardware reqirement for a server ?, I have only XP pro on my OLD P4
Question 2. Is there any requirement on the AP?
Question 3. Is there any wifi card or mobile or any wifi gadget requirement to connect?
|
21.08.2010 18:18:42
Topic:
What is the difference between these versions??
admin
Administrator
Posts: 877
|
• Version 3.7 - Log files are kept in <Application Directory>\Logs directory and rotated daily.
• Version 3.7 - You can define a “default” user profile to be used when a matching user profile cannot be found for an incoming RADIUS authentication request. TekRADIUS manual for configuring this feature.
• Version 3.6 - You can specify credit limits for daily, weekly or monthly periods and you can run and check result of an external executable (External-Executable) as a check item. See TekRADIUS manual for configuring these features.
• Version 3.5 - Generate-MS-MPPE-Keys usage has been changed in version 3.5. See TekRADIUS manual for details.
• Version 3.5 - Version 3.5 introduces two new attributes; Failure-Reply-Type and Secondary-Group. You can have a secondary group membership for a user other than user's default group. If you add this attribute to user's profile, TekRADIUS will try to authenticate incoming access-request with user attributes and primary group attributes first and if it fails, TekRADIUS will try to authenticate again with user attributes and secondary group attributes. Secondary-Group is a string type attribute and can exist only as a check attribute in user profiles. Secondary-Group is not supported with PEAP authentication.
You can add Failure-Reply-Type attribute as a check attribute to user or group profiles. This attribute alter behavior of TekRADIUS when Failure-Reply attributes exists in user or group profile. You can set its value to Accept or Reject. When you set its value to Accept, Failure-Reply attributes are sent in an Access-Accept and if you set its value to Reject, Failure-Reply attributes are sent in an Access-Reject message. If this attribute does not exist in user or group profile and Failure-Reply attributes are configured, TekRADIUS will send Failure-Reply attributes in an Accepts-Accept message. Failure-Reply-Type is a integer type attribute and can exist only as a check attribute in user profiles.
• Version 3.5 - You can also specify your own delimiter character to be used to enter string type multiple instance reply attributes in user or group profiles. Its default value is semi-colon “;”. You can set it Settings / SQL Connection tab.
• Version 3.4 - A new reply type is introduced in version 3.4. If you would like to provide restricted access to unauthenticated users add Failure-Reply attributes to user or group profiles. TekRADIUS will reply with Access-Accept containing Failure-Reply attributes if user or group profile has Failure-Reply attributes when authentication fails. If user or group profile has not Failure-Reply attributes, TekRADIUS will reply with Access-Reject message (This feature is not available for PEAP authentication, VPN authentication and when authentication failure caused by invalid authentication method).
Use this feature with extreme care; if Default user group has Failure-Reply attributes, all failed authentication attempts will be replied by Access-Accept messages containing Failure-Reply attributes. When a user is authorized with Failure-Reply Simultaneous-Use, Expire-Date, Login-Time, TekRADIUS-Status and Quota check will not be done.
edited by admin on 21.08.2010
|
20.08.2010 23:32:03
Topic:
What is the difference between these versions??
Warnielle
Posts: 1
|
Hello, I know the difference between versions 3.6 and 3.7, do I use the 3.4 and wanted to know what's changed in new versions. 
|
18.08.2010 13:31:41
Topic:
How to supply a "Service-Type" via TekRADIUS
admin
Administrator
Posts: 877
|
You welcome
|
18.08.2010 11:27:33
Topic:
How to supply a "Service-Type" via TekRADIUS
Daniel.Lukic
Posts: 3
|
Hi Yasin,
thank you for your help. What you suggested works perfectly for me.
Regards, Daniel
|
18.08.2010 09:15:51
Topic:
WPA2 Authentication
admin
Administrator
Posts: 877
|
Hi,
You can have TLS-Certificate attribute in group profile. But you should have a unique password for each user profile.
User attributes override group attributes.
|
18.08.2010 09:08:35
Topic:
How to supply a "Service-Type" via TekRADIUS
admin
Administrator
Posts: 877
|
Hi,
Please try adding Service-Type attribute as a Success-Reply attrbiute in the user profile.
Best regards,
Yasin KAPLAN
|