Hola: [EMAIL PROTECTED] wrote: Send Freeradius-Users mailing list submissions to [email protected]
To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of Freeradius-Users digest..." Today's Topics: 1. Cisco sslvpn authentication with freeradius (satish patel) 2. freeRADIUS with Active-derectory (Hangjun He) 3. Re: freeRADIUS with Active-derectory (Alan DeKok) 4. Re: SSL certificate problems (Alan DeKok) 5. Re: Class attribute in accounting record. (Alan DeKok) 6. Re: web based admin (satish patel) ---------------------------------------------------------------------- Message: 1 Date: Tue, 30 Oct 2007 05:41:30 +0000 (GMT) From: satish patel Subject: Cisco sslvpn authentication with freeradius To: freeradius-users Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" Dear all I have cisco SSLVPN gateway and i want to authenticate user freeradius authentication server but i need more input from community what type of control i can done with it ?? Is it possible to control some user session or number of time to control is there anybody have done it ??/ $ cat ~/satish/url.txt http://www.linuxbug.org _____________________________________________________________________________________________________ --------------------------------- 5, 50, 500, 5000 - Store N number of mails in your inbox. Click here. -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 2 Date: Tue, 30 Oct 2007 14:25:24 +0800 (CST) From: Hangjun He Subject: freeRADIUS with Active-derectory To: FreeRadius users mailing list Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="gb2312" Hi, I have configured ntlm_auth in freeRADIUS talk to AD(user store). And It works well. Now I want to use ldap to get attribute from AD, It failed. It seems ldapsearch will search user's display name. And ntlm_auth will search user's user logon name. If I set display name same with user logon name, It can work. Is there a way let ldapsearch to search user logon name too?? relate configure in radiusd.conf: authorize { mschap suffix eap files ldap } authenticate { Auth-Type MS-CHAP { mschap } eap ldap } --------------------------------- ?????????? -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 3 Date: Tue, 30 Oct 2007 07:38:59 +0100 From: Alan DeKok Subject: Re: freeRADIUS with Active-derectory To: FreeRadius users mailing list Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1 Hangjun He wrote: > I have configured ntlm_auth in freeRADIUS talk to AD(user store). And > It works well. > Now I want to use ldap to get attribute from AD, It failed. > > It seems ldapsearch will search user's *display name*. And ntlm_auth > will search user's *user logon name.* > > If I set display name same with user logon name, It can work. Is > there a way let ldapsearch to search user logon name too?? The LDAP search strings are editable in radiusd.conf. Alan DeKok. ------------------------------ Message: 4 Date: Tue, 30 Oct 2007 07:40:24 +0100 From: Alan DeKok Subject: Re: SSL certificate problems To: FreeRadius users mailing list Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1 Walter Gould wrote: > Sorry to bother you guys again - I created new SSL certificates per > your above instructions... After the certs were created, I then: > > 1. copied them to the /etc/raddb/certs directory > 2. updated /etc/raddb/eap.conf with the certificate names & private key > password > 3. copied and installed the new certificate (server.pem) onto my XP > laptop and > 4. started radiusd in debug mode, below is the output > > It is acting as you describe in the FAQ - You didn't add the root certificate to the XP machine. See the EAP-TLS "howto's" on the web site. > So, I am wondering will I need to install the hotfix as listed in the > FAQ - and, will this have to be done on ALL Windows machines? I am > thinking that I still do not have something configured right on my > side. If I uncheck the "validate server certs" box on the XP client, I > can connect and authenticate successfully. Yup. "Ignore that we have no idea where this certificate came from, and do PEAP anyways". Alan DeKok. ------------------------------ Message: 5 Date: Tue, 30 Oct 2007 07:41:38 +0100 From: Alan DeKok Subject: Re: Class attribute in accounting record. To: [EMAIL PROTECTED], FreeRadius users mailing list Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1 Mark Elkins wrote: > .. which keeps personal changes to one place (sql.conf and files > in /etc/raddb) and saves me from upsetting Alan DeKok's karma* - a bad > thing to do. The files are editable for a reason. If all you see is ASCII "Class" attributes, add the following to the bottom of raddb/dictionary: ATTRIBUTE Class 25 string Alan DeKok. ------------------------------ Message: 6 Date: Tue, 30 Oct 2007 09:01:19 +0000 (GMT) From: satish patel Subject: Re: web based admin To: FreeRadius users mailing list Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" Dear i need also this kind of setup i want to replace AAA ACS with freeradius but i dont know how accouning work in this case and authorization of cisco LEVEL base can u provide me doucment of URL for this setup "Hawkins, Michael" wrote: Hi all, I am very familiar with Cisco Secure ACS for AAA of Cisco devices. I am considering using FreeRadius at another customer site instead of Cisco Secure ACS. Will I still be able to control command execution (authorization) etc via FreeRadius? Or would I be restricted to authentication only? What do people recommend I use as a web front end for FreeRadius when managing AAA on a Cisco network via FreeRadius? I've seen daloradius but that is geared to wireless hotspots. I've taken a quick look at phpRADmin and also ASN but I'm not sure which one is more mature and would like to know other peoples thoughts. Or is dailupadmin itself good enough? Any advice given is very much appreciated. Mike Hawkins --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- The information contained in this email is confidential and may also contain privileged information. Sender does not waive confidentiality or legal privilege. If you are not the intended recipient please notify the sender immediately; you should not retain this message or disclose its content to anyone. Internet communications are not secure or error free and the sender does not accept any liability for the content of the email. Although emails are routinely screened for viruses, the sender does not accept responsibility for any damage caused. Replies to this email may be monitored. --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html $ cat ~/satish/url.txt http://www.linuxbug.org _____________________________________________________________________________________________________ --------------------------------- Unlimited freedom, unlimited storage. Get it now -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html End of Freeradius-Users Digest, Vol 30, Issue 107 ************************************************* CON CARIÑO MARIBEL HERNÁNDEZ LÓPEZ __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
