What I'm trying to do is retrieve the user group from the OpenDirectory instead
of setting a static one. There is only one NAS and the Mac OS X Server runs a
standalone OpenDirectory Master so I don't need any huntgroups then?
On 24 sep 2010, at 05:42,
Esteban TALAVERA wrote:
I configured a freeradius server with EAP_TLS to authenticate clients
that connects to Cisco AP.
When I run freeradius -X I got a lot of activity output but the client
is still trying to authenticate
Which says:
Sending Access-Challenge of id 51 to 192.168.X.X
Alan DeKok al...@deployingradius.com wrote:
So my assumption is that the eap module doesn't use the inner tunnel for
tls.
Yes.
The solution is to move the LDAP checks to the post-auth stage.
Just something for the archives...
Or *after* eap in authorize{} where eap is called by:
Hi,
* Panagiotis Georgopoulos pa...@comp.lancs.ac.uk [2010-09-24 04:17:16+0100]:
I am afraid your suggestion though to add the above in my inner-tunnel
virtual server didn't solve the problem. After having searched the archives
of the list, I found out that this is an OpenSSL bug and there is
Hi,
compiled and runs on a test server (but no real traffic load).
One thing has changed from recently: on my openSUSE 11.2 i586
previously, I had to compile ---with-system-libtool, and *not using
that* would break the build.
Now, it's vice versa: --with-system-libtool breaks, and without
Is it possible to send accounting packets to two home servers?
In fact, one server is real auth+acct server, and another server is a
web filter that applies rules according information at start packets.
--
С уважением, Евгений Кожуховский
Руководитель группы сервисных платформ
УИТ ЦИТС МГТС
Hi everyone!
First a little bit of explaining...
- auth_server 1
client - fr_proxy -[
- auth_server 2
(client=random NAS, fr_proxy=freeradius, auth_server=two-factor auth server(s))
Currently we have clients authenticating directly to auth_server 1.
We would
I don't think that is possible, most of the time you would want to either tie
the RADIUS server into your web filter or the web filter into your RADIUS, not
send to both independently. The security risks in doing such a thing are just
too much.
Just My $.02
Jake Sallee
Godfather Of Bandwidth
SORY! I misread your message!
Accounting packets may be different, I was thinking authentication. My
apologies.
Jake Sallee
Godfather Of Bandwidth
Network Engineer
Fone: 254-295-4658
Phax: 254-295-4221
-Original Message-
From:
Hello all,
I am resending this to the list as the debugging output was more
than 100KB and the message was rejected.
Alexander who was copied in my email, kindly provided feedback
already. In short, use_tunneled_reply = yes should be able to solve the
problem with session
Hi,
* Panagiotis Georgopoulos pa...@comp.lancs.ac.uk [2010-09-24 16:09:18+0100]:
I am resending this to the list as the debugging output was more
than 100KB and the message was rejected.
Alexander who was copied in my email, kindly provided feedback
already. In short, use_tunneled_reply
Evgeniy Kozhuhovskiy wrote:
Is it possible to send accounting packets to two home servers?
Read raddb/sites-available/copy-acct-to-home-server
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Stefan Winter wrote:
One thing has changed from recently: on my openSUSE 11.2 i586
previously, I had to compile ---with-system-libtool, and *not using
that* would break the build.
Now, it's vice versa: --with-system-libtool breaks, and without it,
stuff works.
Yes... I changed it so that
I want Multiple databases
group1 == databases1
group2 == databases 2
..
..
Please Help me
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 24/09/10 17:18, sekchel lee wrote:
I want Multiple databases
group1 == databases1
group2 == databases 2
..
..
Please Help me
Have you read any docs? Or tried anything?
People don't like it when you ask questions but aren't willing to do any
of the work.
You will need something like
Hi,
The only bug here is that the server should complain if you have two
instances of the same module defined. That would prevent the server
from starting in this case, and highlight the fact that the
configuration is wrong.
that would be the obvious and ideal way to deal with
I currently have my RADIUS servers setup to handle authentication for
my various NAS's to grant users access to network resources.
I would like to use the same servers to handle authentication for SSH
for various routers. This all works, but I'm having a hard time
getting the RADIUS server to
Alan DeKok al...@deployingradius.com wrote:
If there are any issues, let me know now. Otherwise we'll release
2.1.10 on Monday.
Is it worth tweaking the eap.conf comment so that it is explicitly
mentioned that for session resumption to work sensibly for TTLS/PEAP
that
Hello Alexander, all,
I wish it was that simple! It seems that when I do
use_tunneled_reply = yes and although the authentication with FR succeeds,
the 4-way handshake between the client (wpa_supplicant 0.7.3) and the access
point (hostapd 0.7.2) fails with wpa_supplicant reporting :
Hi,
* Panagiotis Georgopoulos pa...@comp.lancs.ac.uk [2010-09-24 22:33:14+0100]:
I wish it was that simple! It seems that when I do use_tunneled_reply
= yes and although the authentication with FR succeeds, the 4-way
handshake between the client (wpa_supplicant 0.7.3) and the access
point
Alexander Clouter wrote:
Alan DeKok al...@deployingradius.com wrote:
If there are any issues, let me know now. Otherwise we'll release
2.1.10 on Monday.
Is it worth tweaking the eap.conf comment so that it is explicitly
mentioned that for session resumption to work sensibly for TTLS/PEAP
Alan Buxey wrote:
Hi,
The only bug here is that the server should complain if you have two
instances of the same module defined. That would prevent the server
from starting in this case, and highlight the fact that the
configuration is wrong.
that would be the obvious and ideal way to
22 matches
Mail list logo
