SV: Controlling with Auth-Type a client must use

Hello Alan Thanks for the answer. But I allready did that !!! I configured my passwd module with kmdov3 works fine. I added the kmdov3 in the top pf the authorize section of sites-enabled/default preprocess # # If you want to have a log of authentication requests,

PAP dont decrypt

I need help with the pap module. I set modules/pap auto_header = yes, but if I start a test connect pap say: [pap] No clear-text password in the request. Not performing PAP. The password is MD5. Lionne Stangier Radius -X Its looks like the pap module can't load.

Fwd: return a special value in reply when simultaneous use

Hello again, I continue working on this, but I can't find the solution. Can I check the result of simul_count_query? Thank you again Ana Gallardo Gómez - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: PAP dont decrypt

Lionne Stangier wrote: I need help with the pap module. I set modules/pap auto_header = yes, but if I start a test connect pap say: [pap] No clear-text password in the request. Not performing PAP. The password is MD5. You have edited the default configuration files and broken them.

Re: PAP dont decrypt

Lionne Stangier wrote: I need help with the pap module. I set modules/pap auto_header = yes, but if I start a test connect pap say: [pap] No clear-text password in the request. Not performing PAP. The password is MD5. You have edited the default configuration files and broken them.

AW: PAP dont decrypt

You have edited the default configuration files and broken them. You deleted eap from the authorize section, and then sent the server and EAP request. Don't do that. It was only a try ;) And if the passwords are stored as MD5, go read:

Re: Mac-auth checking in sites-enabled/default

On 07/22/2010 11:50 PM, Tom Leach wrote: I'm currently using Freeradius v2.1.9 and I'm trying to write a condition in the authorize section to use a different module depending on whether Mac-auth or someother auth is being called. In reading the wiki (http://wiki.freeradius.org/Mac-Auth) it

Re: AW: PAP dont decrypt

On 07/23/2010 09:18 AM, Lionne Stangier wrote: You have edited the default configuration files and broken them. You deleted eap from the authorize section, and then sent the server and EAP request. Don't do that. It was only a try ;) Sadly, many people take a hatchet to the

Re: Mac-auth checking in sites-enabled/default

On Jul 23, 2010, at 1:31 AM, Phil Mayers wrote: On 07/22/2010 11:50 PM, Tom Leach wrote: I'm currently using Freeradius v2.1.9 and I'm trying to write a condition in the authorize section to use a different module depending on whether Mac-auth or someother auth is being called. In reading

LDAP search problem

I have FreeRADIUS 2.1.1 setup on SUS server 10.1 We are wanting to do a LDAP connection to Novell edirectory server for our users. From the debug out put the LDAP session binded corectly The searched part failed. I would like to know did the radius server send out the loging name as

No-AUTH method

Hi, Dear Feeradius USER After correcting my default file in /etc/freeradius/sites-available, I've got the following errors after testing authentication: It's seems to be a missing authentification method in my configuration. We're using a CISCO4400 controler, and the 'Web RADIUS

AW: AW: PAP dont decrypt

Sadly, many people take a hatchet to the configs then seem surprised when things don't work! Best to make small changes one at a time and test them, and put your configs into version control so you can roll them back. I test freeradius. I can roll back every time ;) Won't work really

AW: LDAP search problem

When i do a ldapsearch -h 10.219.176.30 -b ou=USERS,ou=ELS-FRERE,ou=AMATOLA,ou=HLT,o=EC -x uid=53986067  I get no results. If i use -x cn=53986067 the user is found. Open the ldap modul config set: Filter = (cn=%{Stripped-User-Name:-%{User-Name}}) Lionne Stangier - List

Re: No-AUTH method

Isabelle RECH wrote: It's seems to be a missing authentification method in my configuration. We're using a CISCO4400 controler, and the 'Web RADIUS authentication' parameter is set to 'PAP' on my Controller./ Did you configure a known good password for the user? rlm_pap: WARNING! No known

Re: AW: PAP dont decrypt

Lionne Stangier wrote: You have edited the default configuration files and broken them. You deleted eap from the authorize section, and then sent the server and EAP request. Don't do that. It was only a try ;) The FAQ, man radiusd page, and other documentation all say to *not*

Re: SV: Controlling with Auth-Type a client must use

Madsen.Jan JMD wrote: But still the unix authorization is used and the client is rejected because of the invalid shell. Because you listed unix in the authorization section. If you don't want to use the Unix module, delete it from the authorization section. Alan DeKok. - List

Re: LDAP search problem

Wayne Van der Merwe wrote: I have FreeRADIUS 2.1.1 setup on SUS server 10.1 We are wanting to do a LDAP connection to Novell edirectory server for our users. From the debug out put the LDAP session binded corectly The searched part failed. I would like to know did the radius server

Re: Setting up pam_radius_auth

Mike J wrote: Now obviously is says there's a problem with the secret, but I believe I've setup the secret correctly in the configs I've shown above. Does anybody have any ideas what I'm doing wrong? Either the password is incorrect, or the MD5 calculations on the PAM or server side are

Re: return a special value in reply when simultaneous use

Hello again, I'm working with Freeradius 2.1.8 I'm using session (sql) to control simultaneous use. I would like to return a special value if an user try to access with credentials in use. I have it working adding a new attribute to request list whit the result of the simul_count_query,

Re: Freeradius-Users Digest, Vol 63, Issue 86

Wayne Van der Merwe wrote: I have FreeRADIUS 2.1.1 setup on SUS server 10.1 We are wanting to do a LDAP connection to Novell edirectory server for our users. From the debug out put the LDAP session binded corectly The searched part failed. I would like to know did the radius

LDAP

Please don't reply to a digest message. It confuses message threading. Wayne Van der Merwe wrote: rlm_ldap: performing search in ou=USERS,ou=ELS-FRERE,ou=AMATOLA,ou=HLT,o=EC, with filter (cn=53986067) [ldap] No default NMAS login sequence You need to set eDir-Auth-Option. Read

How to set properly failover ?

Hi guys I'm really trying but it's not easy to find somehitng in the documenatiion. I have 2 modules ntlm_auth_vpn1/2 and I like to do failover. I tried this but I was not sucesfull: In the modules I have 2 files, ntlm_auth_vpn1 and ntlm_auth_vpn2 In the sites-available/default I have:

Re: How to set properly failover ?

This how I do, but it's not the only way and may not feet your needs: In radiusd.conf, instantiate a redundant module: instantiate { ... redundant ha_auth_name { ntlm_auth_vpn1 ntlm_auth_vpn2 } ... } In default sites config, section authorize

Certificate validation time

Hi, I'm using freeradius 2.1.1 and i created my certificates with the makefile and the config-files. Is it possible to rise the time the cerficate is valid, because if i change the entrys default_days and default_crl_days in the ca.cnf to an higher value, nothing happens after I recreat the

RE: How to set properly failover ?

Hi alex, thank you for your mail, helped a lot : ) Now it's working, no idea why and how but working : ) Here is my config: Users: DEFAULT Auth-Type := vpn_auth_name,Huntgroup-Name == vpn Fall-Through = Yes Radiusd.conf: instantiate { redundant

Re: Certificate validation time

_Stefan_H wrote: I'm using freeradius 2.1.1 and i created my certificates with the makefile and the config-files. Is it possible to rise the time the cerficate is valid, because if i change the entrys default_days and default_crl_days in the ca.cnf to an higher value, nothing happens after I

Another LDAP/RADIUS integration problem.

OK, I had LDAP 'working' but radiusd -X was showing the old 'WARNING: No known good password was found in LDAP' errors. Ignoring much of the 'wisdom' on other sites to just ignore the error, I'm trying to squash all errors from the -X output. It was failing because the bind failed (due to a

Re: Another LDAP/RADIUS integration problem.

Tom Leach wrote: To correct the bind problem, I added an ACL to the directory to allow 'uid=admin,o=radtree' to access the userPassword attribute, then configured the ldap module to use 'uid=admin,o=radtree' as the identity and 'secret' as the password. Now the bind succeeds, the -X output

RE: How to set properly failover ?

Le vendredi 23 juillet 2010 à 20:09 +0200, Jevos, Peter a écrit : Hi alex, thank you for your mail, helped a lot : ) Now it's working, no idea why and how but working : ) Here is my config: Users: DEFAULT Auth-Type := vpn_auth_name,Huntgroup-Name == vpn

Re: Another LDAP/RADIUS integration problem.

On 07/23/2010 02:59 PM, Alan DeKok wrote: Tom Leach wrote: To correct the bind problem, I added an ACL to the directory to allow 'uid=admin,o=radtree' to access the userPassword attribute, then configured the ldap module to use 'uid=admin,o=radtree' as the identity and 'secret' as the password.

Re: Another LDAP/RADIUS integration problem.

John Dennis wrote: Just from looking at the rlm_ldap code (not actual testing) I thought if auto_header was set to True in the ldap config then rlm_ldap after looking up the configured password attribute would perform the steps you describe above. (strip the hash prefix and add a new attribute