John wrote:
Now my freeRADIUS(1.1.6)
Why? That version is *years* out of date.
can talk to active-directory. How to get
attributes (such as Session-Timeout and Termination-Action ..) from AD ?
Those attributes aren't in AD until you put them there.
From the debug, freeRADIUS use
I try to upgrade from 1.0.1 (fedora core 3) to 2.1.3
all seems to work fine except regular expressions in my users file
for example
DEFAULT User-Name =~ anonymous
always matches
but
DEFAULT User-Name == anonymous
is correctly filtered
any idea ?
thanks
marc
-
List
Googling suggested that simply catting the 2 certs (server and
intermediate) into a single file (server at top, intermediate at
bottom)
and listing that in the config as the certificate_file should work
No, that's not going to work. Client machine will still look for the
intermediate CA in
So there is no way at all to get the client to pick up the cert chain
without directly installing the intermediate cert on it?
No.
Is this
actually a client issue of it refusing to use chains for this then,
rather than a FreeRADIUS issue of it not passing the chain?
Yes.
Thanks very much for
Hi All,
I used to use FreeRADIUS *years* back (iirc pre v1) on Linux and it
worked rather well :)
Not touched it since, however have just started a new contract and
there is a requirement to use a RADIUS server to connect to our LDAP
box (Red Hat Dir Server) to in turn authenticate some
# Can freeradius talk to the ldap box using TLS/SSL (ldaps)
Yes. See tls section in ldap module.
# Can freeradius read hashed credentials from the LDAP store and then
actually use them???
Yes. You will have to enable auto-headers in pap module if you are
storing them with headers in
Cool, thanks for the info Ivan. Will give it a go and report back
Thanks again
Dan
2009/2/20 t...@kalik.net:
# Can freeradius talk to the ldap box using TLS/SSL (ldaps)
Yes. See tls section in ldap module.
# Can freeradius read hashed credentials from the LDAP store and then
actually use
marc fradin wrote:
I try to upgrade from 1.0.1 (fedora core 3) to 2.1.3
all seems to work fine except regular expressions in my users file
That will be fixed in 2.1.4. We'll probably release it next week.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Meyers, Dan wrote:
I was incorrect about us doing EAP-TLS. We're doing EAP-PEAP, which
does
not require a client certificate. My understanding however is that
for
passing of the server certificate to validate our server to the
clients
the options with the tls subsection of the eap.conf
We have exactly the same setup - verisign root-intermediate-our cert.
What happens with an XP client on our WPA EAP-PEAP network is exactly
the same as documented here:
Also - for info, when I take a tcpdump of eapol_test against
FreeRadius, the TLS records over EAP go as follows:
C :
I currently use (for ease of administration) Webmin with the LDAP
plugin. It works quite nicely, but involves having to login to a
separate interface.
On Thu, Feb 19, 2009 at 11:10 PM, liran tal liransgar...@gmail.com wrote:
On Thu, Feb 19, 2009 at 3:30 PM, SDamron sdam...@gmail.com wrote:
I
= 0x158efa3c2616f5104a2401d082f73222
+- entering group authorize
++[preprocess] returns ok
expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -
/var/log/freeradius/radacct/127.0.0.1/auth-detail-20090220
rlm_detail:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var
On Feb 19, 2009, at 11:11 AM, Tomas wrote:
Do I need to change my modules/mschap config? Currently I have:
ntlm_auth = /usr/bin/ntlm_auth --request-nt-key --username=%
{Stripped-User-Name:-%{User-Name:-None}} --challenge=%
{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}
As Ivan
Dan Hawker wrote:
Hi All,
I used to use FreeRADIUS *years* back (iirc pre v1) on Linux and it
worked rather well :)
Not touched it since, however have just started a new contract and
there is a requirement to use a RADIUS server to connect to our LDAP
box (Red Hat Dir Server) to in turn
i didn't force any authentication, I left the users file by default, when i
tried to login i got this:
..
++[files] returns noop
OK. Files are empty now. But ...
expand: %{User-Name} - juanpal
rlm_sql (sql): sql_set_user escaped user -- 'juanpal'
rlm_sql (sql): Reserving sql socket id:
-IP-Address}/auth-detail-%Y%m%d -
/var/log/freeradius/radacct/127.0.0.1/auth-detail-20090220
rlm_detail:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20090220
expand: %t - Fri Feb 20 04:24:43 2009
++[auth_log
rlm_pap: Normalizing MD5-Password from hex encoding
++[pap] returns updated
Try with Cleartext-Password first. And use := not == as operator.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
I want to return to the radius client radius attributes from LDAP
(authorization).
I configured the module LDAP in radiusd.conf and the authorization in default
site in the authorization section due to uncomment ldap.
Then i added my attribute mappings in the ldap.attrmap:
replyItem
Is this normal or can I configure the radiusd to return all values
from the multivalued
LDAP attribute?
+=
http://wiki.freeradius.org/Operators
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks!
thats it, u made my day ... I should have read this in the mapping
file ... sorry!
have a niche weekend!
2009/2/20 t...@kalik.net:
Is this normal or can I configure the radiusd to return all values
from the multivalued
LDAP attribute?
+=
http://wiki.freeradius.org/Operators
Ivan
I change the password user from md5 to User-Password and can login.
I don't know if that was the suggestion, but thanks a lot
On Fri, Feb 20, 2009 at 10:00 AM, t...@kalik.net wrote:
rlm_pap: Normalizing MD5-Password from hex encoding
++[pap] returns updated
Try with Cleartext-Password
Thanks Alan:
I will be looking into the version 2. really appreciate your advice..:)
Date: Wed, 18 Feb 2009 04:37:33 +0100
From: al...@deployingradius.com
To: freeradius-users@lists.freeradius.org
Subject: Re: newbie question for freeradius
ip freak wrote:
Thanks.
1) rlm unix
I change the password user from md5 to User-Password and can login.
I don't know if that was the suggestion, but thanks a lot
Try with Cleartext-Password first. And use := not == as operator.
No. I ment what I wrote. User-Password shouldn't be used. Use
Cleartext-Password.
Ivan Kalik
Kalik
What is AuthBlock?
An PL/SQL function?
A stored procedure?
Whatever it is, it MUST return data presented as freeradius expect it
(an array that mirror the users file syntax)
Personally, I use a PL/SQL function. Called like this:
authorize_check_query = SELECT * FROM tables (my_sql_func('param1,
Hi,
We are running freeradius, version 1.1.7, on Fedora. We are testing
WPA2/EAP-TLS authentication, with large certificate chains (just under
64K in PEM format). Some individual cert sizes in the chain approach
10K in DER format. If the chain is small enough to fit in a single TLS
message,
Hi,
* Smith, Brian (ESEA ISA) brian.sm...@honeywell.com [Fri, 20 Feb 2009
11:15:01 -0700]:
We are running freeradius, version 1.1.7, on Fedora. We are testing
WPA2/EAP-TLS authentication, with large certificate chains (just under
64K in PEM format). Some individual cert sizes in the chain
/auth-detail-20090220
rlm_detail:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20090220
expand: %t - Fri Feb 20 11:55:31 2009
++[auth_log] returns ok
expand: %{Realm} -
++[attr_filter] returns noop
27 matches
Mail list logo