Dear all,
I have a small/big issue and I cannot find a good solution for that.
Scenario:
iPhones with certificates from internal PKI, joining a Wi-Fi network protected
by WPA2-Enterprise authenticating against a Freeradius server v. 2.1.12 (Redhat
6.3). The radius server has as well an
Jim C. Julson
Sr. Network Systems Administrator
C 208.995.3297
jjul...@marketron.commailto:jjul...@marketron.com
[www.marketron.com]http://www.marketron.com/symposium-spring-2013.pdf
The information contained in this e-mail message may be confidential and
protected from disclosure. If you
Dear Alan D.
What Freeraidus is using currently as to keep track. Is it 64bit or 32bit.
Thanks / Regards
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
What Freeraidus is using currently as to keep track. Is it 64bit or 32bit.
FreeRADIUS makes liberal use of 64bit data types.
-Arran
Arran Cudbard-Bell a.cudba...@freeradius.org
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
So I have done a fair amount of RTFM'ing and search engining but am stumped.
Perhaps someone on this list has successfully done what we are trying to do:
Have our FreeRADIUS Server assign a different IDLE-TIMEOUT Value based on what
IP Address is contacting the RADIUS server.
OS: CentOS
Russell Mike wrote:
Dear Alan D.
I may create a new rule. People who address mail to me personally get
unsubscribed.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
If your NAS can take such a value then it can be assigned. Either via eg users
file and huntgroup or via eg unlang
if(%{NAS-Ip-Address} == 192.168.1.1) {
update reply {
Attribute = XYZ
}
}
..'man unlang' for more info
alan
-
List info/subscribe/unsubscribe? See
Alan,
Interesting…
So I man’ed unlang and then did some more reading on huntgroups and the users
file. If at all possible I think we would opt for a combo of the
huntgroups/users file approach. I am still not clear as to how we would do
this though….
Could you please speak to the
John Giordano wrote:
Could you please speak to the interrelationship between the clients file
and the huntgroups file?
The clients.conf file defines IP, secret, type, etc. for the NASes.
The huntgroups file allows you to put clients into logical groups.
These are the two different
Beltramini Francesco wrote:
I have a small/big issue and I cannot find a good solution for that.
Scenario:
iPhones with certificates from internal PKI, joining a Wi-Fi network
protected by WPA2-Enterprise authenticating against a Freeradius server v.
2.1.12 (Redhat 6.3).
...
but when I
Hi,
On Tue, Apr 16, 2013 at 02:05:45PM -0500, John Giordano wrote:
So I man’ed unlang and then did some more reading on huntgroups
and the users file. If at all possible I think we would opt for
a combo of the huntgroups/users file approach. I am still not
clear as to how we would do this
On Tue, Apr 16, 2013 at 04:30:18PM -0400, Alan DeKok wrote:
Beltramini Francesco wrote:
but when I try to remove this feature and use the OCSP
property extracted from the client certificate, the radiusd -X
output is:
[tls] -- Starting OCSP Request
[ocsp] -- Responder URL =
Hi,
For examples this is what we have in our clients config file now (with our
internal IP's changed for obfuscation's sake):
client 10.99.3.0/24 {
secret =XXX
shortname = MSP 7345's
}
client 10.3.99.0/24 {
secret
On Tue, Apr 16, 2013 at 10:39:18PM +0100, a.l.m.bu...@lboro.ac.uk wrote:
client 10.3.99.0/24 {
secret = XX
shortname = SNJ 7000 Switches
}
I'd use %{client:shortname} eg
if (%{client:shortname} == MSP 7345's) {
update reply {
Hi,
We're experimenting with freeradius for authenticating users in a custom
application. It was straightforward to get this authenticating against
the OS:
DEFAULT Auth-Type = System
But what we want to do is maintain a list of usernames and crypt
passwords in an external file, separate to
Hi,
I got there. I added authtype = PAP to the passwd module configuration
and then DEFAULT Auth-Type = PAP to users.
I had tried this earlier but there was a trailing delimiter in the local
password file which wasn't in the format and this seems to have caused
the password verification to
16 matches
Mail list logo