Thanks. Alan
--- 13年4月12日,周五, Alan DeKok al...@deployingradius.com 写道:
发件人: Alan DeKok al...@deployingradius.com
主题: Re: Freeradius +LDAP + Samba integrates to Active Derectory
收件人: FreeRadius users mailing list freeradius-users@lists.freeradius.org
日期: 2013年4月12日,周五,下午9:48
John wrote:
We
Hi all,
We deploy freeradius integrated to Active Directory, but the AD enabled
Require signing option (see the attachement).
net join is OK after we set LDAP SASL wrapping to 'sign'. But LDAP search
failed. Is there a way to let LDAP search work? Can someone show me some
reference or
John wrote:
We deploy freeradius integrated to Active Directory, but the AD enabled
Require signing option (see the attachement).
That's really an AD question.
net join is OK after we set LDAP SASL wrapping to 'sign'. But LDAP
search failed. Is there a way to let LDAP search work? Can
Hello,
I have two machines. Freeradius + Samba as PDC. I auth. wlan clients
against Radius and I want to store any user data on my Samba. The
client auth, will be realized with PEAP+MSCHAPv2. So the problem is the
bad thing with MSCHAPv2 and NTLMv1. So an other way could be kerberos
and I
Andreas Rudat wrote:
but is it usefull to use kerberos with two machines?
Most of the time: no.
I think it would be
a contradiction of kerberos and would it work without AD/ldap?
I have no idea what that means.
And could
I use a sql database to save the encrypted passwords by using
Am 21.09.2011 22:09, schrieb Alan DeKok:
Andreas Rudat wrote:
but is it usefull to use kerberos with two machines?
Most of the time: no.
I think it would be
a contradiction of kerberos and would it work without AD/ldap?
I have no idea what that means.
And could
I use a sql database
Am 24.04.09 23:23 schrieb(en) Ivan Kalik:
rlm_eap: Identity does not match User-Name, setting from EAP
Identity.
Username was altered.
Got it - Win sends the domain in uppercase, and I had conversion to
lowercase enabled. Works fine now.
Thanks, Albrecht.
pgp85LHExAchz.pgp
database is in OpenLDAP with the Samba schema, which
Freeradius shall check;
- every user who can authenticate properly shall get access.
I am now at a point where Freeradius picks up the requests and
authorises the user against ldap, but then eap authentication fails:
rlm_ldap: ldap_get_conn
rlm_eap: Identity does not match User-Name, setting from EAP Identity.
Username was altered.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dear All,
I want to use my /etc/smbpasswd file for authenticating MSCHAP V2 .Is it
possible??? .If so what configuration changes to be made in
raius.conf,eap.conf etc..
Thanks in advance..
Regards.
VIJAY
-
List info/subscribe/unsubscribe? See
Am 04.06.2008 um 11:40 schrieb vijayakumar:
Dear All,
I want to use my /etc/smbpasswd file for authenticating MSCHAP
V2 .Is it possible??? .If so what configuration changes to be
made in raius.conf,eap.conf etc..
If I remember well , there is an example for the SAMBA
Dear members,
Thank you so far for your help, but I guess I have do describe my problem a
second time. I try to set up a security solution for a network using
freeradius. I want to port authenticate all Clients on a HP Switch and assign a
vlan to each port dynamically. The WXPSP2 Hosts are
Dear List-Members,
Im trying to setup a port access control using freeradius, but I cant succeed
so far. Im looking for a solution fitting the following points: Port
authentication trough an hp switch, dynamic vlan assignment by the freeradius
server. I solved the problem for clients that
Christian Hohmann wrote:
Now the Problem: Some workstations are added to a samba managed domain
and can only login on the samba service.
It seems to me, that the winxpsp2 supplicant first wants to authenticate at
the samba server. But the switch doesn�t allow the connection, because the
port
The Windows clients can be configured to log on with machine
credentials. For this, they will need accounts in AD. This has been
tested to work with FreeRADIUS for a while.
I haven't done it myself, but search the net docs. It does work.
Once that happens, the switch thinks that the
Thanks for help. I think so too, but I have no idea how or even if it
is possible. The WXPSP2 Client with user authentication is not able to
authanticate against the freeradius. There is not even a request
arriving on the freeradius. If I toggle to Identify with
ComputerInformation if
Sorry for my delay :P
The Samba version is '3.0.23c-2' and works fine like my old AD Domain.
The winbind package is not install, but there is a process running
'winbindd', it was installed when i install the samba. I use a Debian linux
server.
Robinson Santos, where u from ? :)
-
List
Did you install winbind
Can you do winbind -u ?
On 4/2/07, joe vieira [EMAIL PROTECTED] wrote:
Sérgio Kojima wrote:
Hello all.
My freeradius1.1.5 is configured to work with openldap and samba PDC,
resume, it works fine when i login with username/password/domain, but
this user
Sérgio Kojima wrote:
Hello all.
My freeradius1.1.5 is configured to work with openldap and samba PDC,
resume, it works fine when i login with username/password/domain, but
this user already logon one time on domain, that is, the user is on
cache in this windows machine (XP and W2kPRO).
Hello all.
My freeradius1.1.5 is configured to work with openldap and samba PDC,
resume, it works fine when i login with username/password/domain, but this
user already logon one time on domain, that is, the user is on cache in this
windows machine (XP and W2kPRO).
When i try with a
Sérgio Kojima wrote:
Hello all.
My freeradius1.1.5 is configured to work with openldap and samba PDC,
resume, it works fine when i login with username/password/domain, but
this user already logon one time on domain, that is, the user is on
cache in this windows machine (XP and W2kPRO).
Hello all.
My freeradius1.1.5 is configured to work with openldap and samba PDC,
resume, it works fine when i login with username/password/domain, but this
user already logon one time on domain, that is, the user is on cache in this
windows machine (XP and W2kPRO).
When i try with a
Eric Faden wrote:
users: Matched entry DEFAULT at line 152
rad_check_password: Found Auth-Type System
auth: type System
ERROR: Unknown value specified for Auth-Type. Cannot perform
That error seems pretty telling. Don't set the Auth-Type. If you
didn't do it in LDAP, check around
Alright. I unset all of the Auth-Types in users and it is getting
closer, but not there yet. Here is the new output. It is getting the
correct NT-Passwords, but doesn't actually seem to test them.
-Eric
halogen:/etc/freeradius# freeradius -X -A
Starting - reading configuration files ...
Eric Faden [EMAIL PROTECTED] wrote:
Alright. I unset all of the Auth-Types in users and it is getting
closer, but not there yet. Here is the new output. It is getting the
correct NT-Passwords, but doesn't actually seem to test them.
Because Auth-Type is Local, not PAP. The CVS head
And how exactly would I do all of that? I know how to set the AuthType
to nt-pap, but am not sure exactly what to do with the other two.
-Eric
Alan DeKok wrote:
Eric Faden [EMAIL PROTECTED] wrote:
Alright. I unset all of the Auth-Types in users and it is getting
closer, but not there
Sorry for spam last email was missing subject. I little sleep
deprived right this minute.
-Eric
Eric Faden wrote:
Debug log is below, censored of course. It seems to be pulling the
correct things out of the LDAP database, e.g. the NT-Password, but
then mschap returns noop instead of
27 matches
Mail list logo
