Hi, Thanks for your reply :) I have a better news that: By using OpenLDAP for FR Authen & Authorization => I can configure multiple passwords for each user (Uid) and use 1 of those passwords for successfully Authentication!
Although it is done manually now, but somehow it solves the matter ! If anyone have experienced this, please give some advices ! Example: How to do it automatically or How to create a pool of passwords then use the pool for multiple users :) Regards! Message: 3 Date: Tue, 15 Nov 2011 16:09:29 +0700 From: "Fajar A. Nugraha" <l...@fajar.net> Subject: Re: Help: FreeRadius Users with multiple passwords To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Message-ID: <CAG1y0sffWuNVw08KH5XT8_Ny3NLCe=NFWB4U+=wexfcmiq0...@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 On Tue, Nov 15, 2011 at 4:00 PM, Duong Manh Truong <ngoahotanglon...@gmail.com> wrote: > Hi all, > I have encounter with an issue and can not find the solution after several > days of thinking :( > I set up FreeRadius & Mysql successfully, testing with some account ok, > but my real case: Lot of my users?have more than 1 passwords, > Example: User: "truongdm" comes with the password "abc123" or the password > "123abc" is both ok Short version: you can't. Long version: it's doable, but ONLY if: - your user sends clear-text password (read: not using MSCHAP or PEAP-MS-CHAP v2, which is the one most often used by windows clients) - you create additional logic to handle authentication, either using unlang or external script (perl, php, whatever). Hint: see http://wiki.freeradius.org/Auth%20Type . Your additional logic would have to set Auth-Type := Accept when conditions (e.g. password) match. -- Fajar ------------------------------ Vào 18:00 Ngày 15 tháng 11 năm 2011, < freeradius-users-requ...@lists.freeradius.org> đã viết: > Send Freeradius-Users mailing list submissions to > freeradius-users@lists.freeradius.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.freeradius.org/mailman/listinfo/freeradius-users > or, via email, send a message with subject or body 'help' to > freeradius-users-requ...@lists.freeradius.org > > You can reach the person managing the list at > freeradius-users-ow...@lists.freeradius.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Freeradius-Users digest..." > > > Today's Topics: > > 1. Re: EAP-TLS CRL checking when multiple CAs used (Martin ?mel?k) > 2. Help: FreeRadius Users with multiple passwords (Duong Manh Truong) > 3. Re: Help: FreeRadius Users with multiple passwords > (Fajar A. Nugraha) > 4. Re: mysql module help (Alan DeKok) > 5. Re: Issues with EAP-TLS and OpenSSL (Alan DeKok) > 6. Re: PEAP/mschapv2 - opendirectory (Alan DeKok) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 15 Nov 2011 09:23:23 +0100 > From: Martin ?mel?k <martin.cme...@gmail.com> > Subject: Re: EAP-TLS CRL checking when multiple CAs used > To: FreeRadius users mailing list > <freeradius-users@lists.freeradius.org> > Message-ID: > <cagff+_kctw6bet1jmxxjeijmf1djtk2cekaixoztvtifpuy...@mail.gmail.com > > > Content-Type: text/plain; charset=UTF-8 > > Hi all, > > problem has been on my side. I miss to add another one CRL into certs > directory. > > Thank you for all your help! > > Best regards, > > ? > Martin ?mel?k > > > > 2011/11/14 Martin ?mel?k <martin.cme...@gmail.com>: > > Hi Alan, > > > > I did, there is nothing about it. > > > > Only this: > > > > # ?Check the Certificate Revocation List > > # > > # ?1) Copy CA certificates and CRLs to same directory. > > # ?2) Execute 'c_rehash <CA certs&CRLs Directory>'. > > # ? ?'c_rehash' is OpenSSL's command. > > # ?3) uncomment the line below. > > # ?5) Restart radiusd > > # ? ? ? check_crl = yes > > > > We have all CAs in ca.pem and CRL lists in separate file > > crl1.pem+.der, crl2.pem+.der, ect... > > > > Stefan, > > > > that's what I did. > > OK I will try to do same thing with previous configuration. Maybe that > > I miss something. > > > > Thank you > > > > > > ? > > Martin ?mel?k > > > > > > > > > > 2011/11/14 Alan DeKok <al...@deployingradius.com>: > >> Martin ?mel?k wrote: > >>> Question is: When Freeradius receive user certificate how daemon find > >>> correct CRL list in certs directory? > >> > >> ?Read raddb/eap.conf. ?This is documented. > >> > >> ?Alan DeKok. > >> - > >> List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > >> > > > > > > ------------------------------ > > Message: 2 > Date: Tue, 15 Nov 2011 16:00:27 +0700 > From: Duong Manh Truong <ngoahotanglon...@gmail.com> > Subject: Help: FreeRadius Users with multiple passwords > To: freeradius-users@lists.freeradius.org > Message-ID: > <CAPY3iihX7xHE_kH5+yDB6Fv9=+fswxveoom1r5ftmc8ynzo...@mail.gmail.com > > > Content-Type: text/plain; charset="iso-8859-1" > > > Hi all, > > I have encounter with an issue and can not find the solution after several > days of thinking :( > > I set up FreeRadius & Mysql successfully, testing with some account ok, > > but my real case: Lot of my users *have more than 1 passwords*, > > > Example: User: "truongdm" comes with the password "abc123" or the password > "123abc" is both ok > > > Please help me: How can i set it up? > > - I try to insert serveral records with the same "username" and difference > "value" - password- in the "radcheck" table > but at one time, the server accept 1 pair of "username/value" only :( > > - I try to edit the file "users" manually but no help ..... > > Anyone has had this matter, please help me find the direction! > > Thanks & Best Regards! > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > https://lists.freeradius.org/pipermail/freeradius-users/attachments/20111115/0c35664f/attachment.html > > > > ------------------------------ > > Message: 3 > Date: Tue, 15 Nov 2011 16:09:29 +0700 > From: "Fajar A. Nugraha" <l...@fajar.net> > Subject: Re: Help: FreeRadius Users with multiple passwords > To: FreeRadius users mailing list > <freeradius-users@lists.freeradius.org> > Message-ID: > <CAG1y0sffWuNVw08KH5XT8_Ny3NLCe=NFWB4U+=wexfcmiq0...@mail.gmail.com > > > Content-Type: text/plain; charset=ISO-8859-1 > > > On Tue, Nov 15, 2011 at 4:00 PM, Duong Manh Truong > <ngoahotanglon...@gmail.com> wrote: > > Hi all, > > I have encounter with an issue and can not find the solution after > several > > days of thinking :( > > I set up FreeRadius & Mysql successfully, testing with some account ok, > > but my real case: Lot of my users?have more than 1 passwords, > > > Example: User: "truongdm" comes with the password "abc123" or the > password > > "123abc" is both ok > > Short version: you can't. > > Long version: > it's doable, but ONLY if: > - your user sends clear-text password (read: not using MSCHAP or > PEAP-MS-CHAP v2, which is the one most often used by windows clients) > - you create additional logic to handle authentication, either using > unlang or external script (perl, php, whatever). Hint: see > http://wiki.freeradius.org/Auth%20Type . Your additional logic would > have to set Auth-Type := Accept when conditions (e.g. password) match. > > -- > Fajar > > > > ------------------------------ > > Message: 4 > Date: Tue, 15 Nov 2011 10:10:16 +0100 > From: Alan DeKok <al...@deployingradius.com> > Subject: Re: mysql module help > To: Ski Mountain <ski_the_mount...@yahoo.com>, FreeRadius users > mailing list <freeradius-users@lists.freeradius.org> > Message-ID: <4ec22c78.50...@deployingradius.com> > Content-Type: text/plain; charset=ISO-8859-1 > > Ski Mountain wrote: > > I am trying to get freeradius working with mysql on a new system. I > > even copied the configuration files from a working system, but I am > > still having trouble getting the mysql module to load. Yes I have > > $INCLUDE sql.conf > > uncommitted from radius.conf > > Read raddb/sites-available/default. Look for "sql" > > Then, read the SQL documentation on the wiki. > > Alan DeKok. > > > ------------------------------ > > Message: 5 > Date: Tue, 15 Nov 2011 10:24:31 +0100 > From: Alan DeKok <al...@deployingradius.com> > Subject: Re: Issues with EAP-TLS and OpenSSL > To: FreeRadius users mailing list > <freeradius-users@lists.freeradius.org> > Message-ID: <4ec22fcf.2000...@deployingradius.com> > Content-Type: text/plain; charset=UTF-8 > > Houston-III, Lester L wrote: > > I?m trying to configure my FreeRADIUS server to support EAP-TLS but it > > keeps reporting that there is no OpenSSL support. > > You need to install the openssl-dev package. It includes the OpenSSL > header files. > > This is probably on the Wiki, under "building it yourself". > > Alan DeKok. > > > ------------------------------ > > Message: 6 > Date: Tue, 15 Nov 2011 10:27:38 +0100 > From: Alan DeKok <al...@deployingradius.com> > Subject: Re: PEAP/mschapv2 - opendirectory > To: FreeRadius users mailing list > <freeradius-users@lists.freeradius.org> > Message-ID: <4ec2308a.1070...@deployingradius.com> > Content-Type: text/plain; charset=ISO-8859-1 > > Kemal YILDIRIM wrote: > > Hello all, > > I've just able to implemented Wired 802.1x system with PEAP/mschapv2 > > authentication against opendirectory which is running on MacOSX server > > 10.6.8 Leopard. > > At the end I have a "working" setup, but I like to learn more to fix my > > faults. > > What is going wrong? > > You've posted a long message showing authentication succeeded, but no > errors. > > Alan DeKok. > > > ------------------------------ > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > End of Freeradius-Users Digest, Vol 79, Issue 49 > ************************************************ >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html