Hola: 

[EMAIL PROTECTED] wrote:  Send Freeradius-Users mailing list submissions to
[email protected]

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]

You can reach the person managing the list at
[EMAIL PROTECTED]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."


Today's Topics:

1. Cisco sslvpn authentication with freeradius (satish patel)
2. freeRADIUS with Active-derectory (Hangjun He)
3. Re: freeRADIUS with Active-derectory (Alan DeKok)
4. Re: SSL certificate problems (Alan DeKok)
5. Re: Class attribute in accounting record. (Alan DeKok)
6. Re: web based admin (satish patel)


----------------------------------------------------------------------

Message: 1
Date: Tue, 30 Oct 2007 05:41:30 +0000 (GMT)
From: satish patel 

Subject: Cisco sslvpn authentication with freeradius
To: freeradius-users 
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"

Dear all

I have cisco SSLVPN gateway and i want to authenticate user freeradius 
authentication server but i need more input from community what type of control 
i can done with it ?? Is it possible to control some user session or number of 
time to control is there anybody have done it ??/




$ cat ~/satish/url.txt 

http://www.linuxbug.org
_____________________________________________________________________________________________________


---------------------------------
5, 50, 500, 5000 - Store N number of mails in your inbox. Click here.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

------------------------------

Message: 2
Date: Tue, 30 Oct 2007 14:25:24 +0800 (CST)
From: Hangjun He 
Subject: freeRADIUS with Active-derectory
To: FreeRadius users mailing list

Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="gb2312"

Hi,
I have configured ntlm_auth in freeRADIUS talk to AD(user store). And It works 
well.
Now I want to use ldap to get attribute from AD, It failed.

It seems ldapsearch will search user's display name. And ntlm_auth will search 
user's user logon name.

If I set display name same with user logon name, It can work. Is there a way 
let ldapsearch to search user logon name too??


relate configure in radiusd.conf:
authorize { 
mschap   suffix eap files ldap 
}   
  
authenticate { 
Auth-Type MS-CHAP { 
mschap 
} 
eap 
ldap 
} 


---------------------------------
?????????? 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

------------------------------

Message: 3
Date: Tue, 30 Oct 2007 07:38:59 +0100
From: Alan DeKok 
Subject: Re: freeRADIUS with Active-derectory
To: FreeRadius users mailing list

Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1

Hangjun He wrote:
> I have configured ntlm_auth in freeRADIUS talk to AD(user store). And
> It works well.
> Now I want to use ldap to get attribute from AD, It failed.
> 
> It seems ldapsearch will search user's *display name*. And ntlm_auth
> will search user's *user logon name.*
> 
> If I set display name same with user logon name, It can work. Is
> there a way let ldapsearch to search user logon name too??

The LDAP search strings are editable in radiusd.conf.

Alan DeKok.


------------------------------

Message: 4
Date: Tue, 30 Oct 2007 07:40:24 +0100
From: Alan DeKok 
Subject: Re: SSL certificate problems
To: FreeRadius users mailing list

Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1

Walter Gould wrote:
> Sorry to bother you guys again - I created new SSL certificates per
> your above instructions... After the certs were created, I then:
> 
> 1. copied them to the /etc/raddb/certs directory
> 2. updated /etc/raddb/eap.conf with the certificate names & private key
> password
> 3. copied and installed the new certificate (server.pem) onto my XP
> laptop and
> 4. started radiusd in debug mode, below is the output
> 
> It is acting as you describe in the FAQ -

You didn't add the root certificate to the XP machine. See the
EAP-TLS "howto's" on the web site.

> So, I am wondering will I need to install the hotfix as listed in the
> FAQ - and, will this have to be done on ALL Windows machines? I am
> thinking that I still do not have something configured right on my
> side. If I uncheck the "validate server certs" box on the XP client, I
> can connect and authenticate successfully.

Yup. "Ignore that we have no idea where this certificate came from,
and do PEAP anyways".

Alan DeKok.


------------------------------

Message: 5
Date: Tue, 30 Oct 2007 07:41:38 +0100
From: Alan DeKok 
Subject: Re: Class attribute in accounting record.
To: [EMAIL PROTECTED], FreeRadius users mailing list

Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1

Mark Elkins wrote:
> .. which keeps personal changes to one place (sql.conf and files
> in /etc/raddb) and saves me from upsetting Alan DeKok's karma* - a bad
> thing to do.


The files are editable for a reason. If all you see is ASCII
"Class" attributes, add the following to the bottom of raddb/dictionary:

ATTRIBUTE Class 25 string

Alan DeKok.


------------------------------

Message: 6
Date: Tue, 30 Oct 2007 09:01:19 +0000 (GMT)
From: satish patel 

Subject: Re: web based admin
To: FreeRadius users mailing list

Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"

Dear 

i need also this kind of setup i want to replace AAA ACS with freeradius but i 
dont know how accouning work in this case and authorization of cisco LEVEL base 
can u provide me doucment of URL for this setup 

"Hawkins, Michael" wrote: Hi all,

I am very familiar with Cisco Secure ACS for AAA of Cisco devices. I am
considering using FreeRadius at another customer site instead of Cisco
Secure ACS.

Will I still be able to control command execution (authorization) etc
via FreeRadius? Or would I be restricted to authentication only?

What do people recommend I use as a web front end for FreeRadius when
managing AAA on a Cisco network via FreeRadius?

I've seen daloradius but that is geared to wireless hotspots. I've taken
a quick look at phpRADmin and also ASN but I'm not sure which one is
more mature and would like to know other peoples thoughts. Or is
dailupadmin itself good enough?

Any advice given is very much appreciated.

Mike Hawkins
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
The information contained in this email is confidential and may also contain 
privileged information. Sender does not waive confidentiality or legal 
privilege. If you are not the intended recipient please notify the sender 
immediately; you should not retain this message or disclose its content to 
anyone.
Internet communications are not secure or error free and the sender does not 
accept any liability for the content of the email. Although emails are 
routinely screened for viruses, the sender does not accept responsibility for 
any damage caused. Replies to this email may be monitored.
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



$ cat ~/satish/url.txt 

http://www.linuxbug.org
_____________________________________________________________________________________________________


---------------------------------
Unlimited freedom, unlimited storage. Get it now
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 

------------------------------

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


End of Freeradius-Users Digest, Vol 30, Issue 107
*************************************************



               CON CARIÑO
MARIBEL HERNÁNDEZ LÓPEZ
                             

 __________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to