Hello Alan
Thanks for the answer.
But I allready did that !!!
I configured my passwd module with kmdov3 works fine.
I added the kmdov3 in the top pf the authorize section of sites-enabled/default
preprocess
#
# If you want to have a log of authentication requests,
I need help with the pap module.
I set modules/pap auto_header = yes, but if I start a test connect pap say:
[pap] No clear-text password in the request. Not performing PAP.
The password is MD5.
Lionne Stangier
Radius -X
Its looks like the pap module can't load.
Hello again,
I continue working on this, but I can't find the solution.
Can I check the result of simul_count_query?
Thank you again
Ana Gallardo Gómez
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Lionne Stangier wrote:
I need help with the pap module.
I set modules/pap auto_header = yes, but if I start a test connect pap say:
[pap] No clear-text password in the request. Not performing PAP.
The password is MD5.
You have edited the default configuration files and broken them.
Lionne Stangier wrote:
I need help with the pap module.
I set modules/pap auto_header = yes, but if I start a test connect pap say:
[pap] No clear-text password in the request. Not performing PAP.
The password is MD5.
You have edited the default configuration files and broken them.
You have edited the default configuration files and broken them.
You deleted eap from the authorize section, and then sent the
server and EAP request. Don't do that.
It was only a try ;)
And if the passwords are stored as MD5, go read:
On 07/22/2010 11:50 PM, Tom Leach wrote:
I'm currently using Freeradius v2.1.9 and I'm trying to write a
condition in the authorize section to use a different module depending
on whether Mac-auth or someother auth is being called.
In reading the wiki (http://wiki.freeradius.org/Mac-Auth) it
On 07/23/2010 09:18 AM, Lionne Stangier wrote:
You have edited the default configuration files and broken them.
You deleted eap from the authorize section, and then sent the
server and EAP request. Don't do that.
It was only a try ;)
Sadly, many people take a hatchet to the
On Jul 23, 2010, at 1:31 AM, Phil Mayers wrote:
On 07/22/2010 11:50 PM, Tom Leach wrote:
I'm currently using Freeradius v2.1.9 and I'm trying to write a
condition in the authorize section to use a different module depending
on whether Mac-auth or someother auth is being called.
In reading
I have FreeRADIUS 2.1.1 setup on SUS server 10.1
We are wanting to do a LDAP connection to Novell edirectory server for our
users.
From the debug out put the LDAP session binded corectly
The searched part failed.
I would like to know did the radius server send out the loging name as
Hi, Dear Feeradius USER
After correcting my default file in /etc/freeradius/sites-available,
I've got the following errors after testing authentication:
It's seems to be a missing authentification method in my configuration.
We're using a CISCO4400 controler, and the 'Web RADIUS
Sadly, many people take a hatchet to the configs then seem surprised
when things don't work! Best to make small changes one at a time and
test them, and put your configs into version control so you can roll
them back.
I test freeradius. I can roll back every time ;)
Won't work really
When i do a ldapsearch -h 10.219.176.30 -b
ou=USERS,ou=ELS-FRERE,ou=AMATOLA,ou=HLT,o=EC -x uid=53986067
I get no results.
If i use -x cn=53986067 the user is found.
Open the ldap modul config set:
Filter = (cn=%{Stripped-User-Name:-%{User-Name}})
Lionne Stangier
-
List
Isabelle RECH wrote:
It's seems to be a missing authentification method in my configuration.
We're using a CISCO4400 controler, and the 'Web RADIUS authentication'
parameter
is set to 'PAP' on my Controller./
Did you configure a known good password for the user?
rlm_pap: WARNING! No known
Lionne Stangier wrote:
You have edited the default configuration files and broken them.
You deleted eap from the authorize section, and then sent the
server and EAP request. Don't do that.
It was only a try ;)
The FAQ, man radiusd page, and other documentation all say to *not*
Madsen.Jan JMD wrote:
But still the unix authorization is used and the client is rejected because
of the invalid shell.
Because you listed unix in the authorization section. If you
don't want to use the Unix module, delete it from the authorization
section.
Alan DeKok.
-
List
Wayne Van der Merwe wrote:
I have FreeRADIUS 2.1.1 setup on SUS server 10.1
We are wanting to do a LDAP connection to Novell edirectory server for
our users.
From the debug out put the LDAP session binded corectly
The searched part failed.
I would like to know did the radius server
Mike J wrote:
Now obviously is says there's a problem with the secret, but I believe
I've setup the secret correctly in the configs I've shown above.
Does anybody have any ideas what I'm doing wrong?
Either the password is incorrect, or the MD5 calculations on the PAM
or server side are
Hello again,
I'm working with Freeradius 2.1.8
I'm using session (sql) to control simultaneous use.
I would like to return a special value if an user try to access with
credentials in use.
I have it working adding a new attribute to request list whit the result of
the simul_count_query,
Wayne Van der Merwe wrote:
I have FreeRADIUS 2.1.1 setup on SUS server 10.1
We are wanting to do a LDAP connection to Novell edirectory server for
our users.
From the debug out put the LDAP session binded corectly
The searched part failed.
I would like to know did the radius
Please don't reply to a digest message. It confuses message threading.
Wayne Van der Merwe wrote:
rlm_ldap: performing search in
ou=USERS,ou=ELS-FRERE,ou=AMATOLA,ou=HLT,o=EC, with filter (cn=53986067)
[ldap] No default NMAS login sequence
You need to set eDir-Auth-Option.
Read
Hi guys
I'm really trying but it's not easy to find somehitng in the
documenatiion.
I have 2 modules ntlm_auth_vpn1/2 and I like to do failover.
I tried this but I was not sucesfull:
In the modules I have 2 files, ntlm_auth_vpn1 and ntlm_auth_vpn2
In the sites-available/default I have:
This how I do, but it's not the only way and may not feet your needs:
In radiusd.conf, instantiate a redundant module:
instantiate {
...
redundant ha_auth_name {
ntlm_auth_vpn1
ntlm_auth_vpn2
}
...
}
In default sites config, section authorize
Hi,
I'm using freeradius 2.1.1 and i created my certificates with the makefile
and the config-files.
Is it possible to rise the time the cerficate is valid, because if i change
the entrys default_days and default_crl_days in the ca.cnf to an higher
value, nothing happens after I recreat the
Hi alex, thank you for your mail, helped a lot : )
Now it's working, no idea why and how but working : )
Here is my config:
Users:
DEFAULT Auth-Type := vpn_auth_name,Huntgroup-Name == vpn
Fall-Through = Yes
Radiusd.conf:
instantiate {
redundant
_Stefan_H wrote:
I'm using freeradius 2.1.1 and i created my certificates with the makefile
and the config-files.
Is it possible to rise the time the cerficate is valid, because if i change
the entrys default_days and default_crl_days in the ca.cnf to an higher
value, nothing happens after I
OK, I had LDAP 'working' but radiusd -X was showing the old 'WARNING: No
known good password was found in LDAP' errors. Ignoring much of the
'wisdom' on other sites to just ignore the error, I'm trying to squash
all errors from the -X output. It was failing because the bind failed
(due to a
Tom Leach wrote:
To correct the bind problem, I added an ACL to the directory to allow
'uid=admin,o=radtree' to access the userPassword attribute, then
configured the ldap module to use 'uid=admin,o=radtree' as the identity
and 'secret' as the password. Now the bind succeeds, the -X output
Le vendredi 23 juillet 2010 à 20:09 +0200, Jevos, Peter a écrit :
Hi alex, thank you for your mail, helped a lot : )
Now it's working, no idea why and how but working : )
Here is my config:
Users:
DEFAULT Auth-Type := vpn_auth_name,Huntgroup-Name == vpn
On 07/23/2010 02:59 PM, Alan DeKok wrote:
Tom Leach wrote:
To correct the bind problem, I added an ACL to the directory to allow
'uid=admin,o=radtree' to access the userPassword attribute, then
configured the ldap module to use 'uid=admin,o=radtree' as the identity
and 'secret' as the password.
John Dennis wrote:
Just from looking at the rlm_ldap code (not actual testing) I thought if
auto_header was set to True in the ldap config then rlm_ldap after
looking up the configured password attribute would perform the steps you
describe above. (strip the hash prefix and add a new attribute
31 matches
Mail list logo