Cameron Wood wrote:
> Is there a way to identify the vendor/device-type of a radius request?
Look at the side of the box. That's it.
> Do clients send a Vendor-ID/Private Enterprise Number such as that
> listed in a VSA Dictionary.
Do you see that information in a RADIUS packet?
It's rea
Hi Alan
thanks for the reply.
Is there a way to identify the vendor/device-type of a radius request?
Do clients send a Vendor-ID/Private Enterprise Number such as that listed in
a VSA Dictionary.
Cheers
Cam.
--
On Wed, Sep 22, 2010 at 15:46, Alan DeKok wrote:
> Cameron Wood wrote:
> >
Peter Lambrechtsen wrote:
> Hello
>
> I've managed to compile pam_radius-1.3.17 both 32Bit and 64Bit.
>
> I had to add -lsocket as part of linking to get it to work and modified
> the make file to have -m64 to compile on 64bit
>
> When I compile it for 64Bit this is my make output:
...
> But whe
Johan Meiring wrote:
> I've configured originate COA using the originate-coa as an example.
>
> My (relevant/edited for privacy) configuration looks like this:
...
> This works perfectly.
>
> The home_server_pool seems unnecesary though, but if I leave it out,
> freeradius -X complains that the h
shawky skaff wrote:
> Hi,
>
> It seem to have radiusd running ok, but when I run radiusd -X in the
> debug tool, the following lines are highlighted red and I'm not sure
> what they mean or how to fix it.
Don't worry about it. It's fine.
Alan DeKok.
-
List info/subscribe/unsubscribe? See ht
Cameron Wood wrote:
> Hi
> I am trying to find a list of the criteria you can use in the users
> file on the match line, I came across a lengthy list/table earlier but
> can't seem to find it again.
$ man users ?
> I have looked at the attributes RFC, but I'm looking more for something
> that
Hello
I've managed to compile pam_radius-1.3.17 both 32Bit and 64Bit.
I had to add -lsocket as part of linking to get it to work and modified the
make file to have -m64 to compile on 64bit
When I compile it for 64Bit this is my make output:
gcc -Wall -fPIC -m64 -c pam_radius_auth.c -o pam_radiu
Hi,
I've configured originate COA using the originate-coa as an example.
My (relevant/edited for privacy) configuration looks like this:
client 11.22.33.44 {
secret = verysecret
shortname = test
nastype = other
virtual_server = my_virtual_server
co
Hi
I am trying to find a list of the criteria you can use in the users file on
the match line, I came across a lengthy list/table earlier but can't seem to
find it again.
I have looked at the attributes RFC, but I'm looking more for something that
will list things like Group-Name, Auth-Type, and
Hi,
> How i can create several perl instances
> for several virtual hosts (DHCP, AAA etc)?
give them names and identities...then call them that from the virtual host etc
eg
perl dhcp-perl {
stuff here
}
perl main-code {
stuff here
}
where 'stuff here' is taken from the current supplied per
Not possible with the Microsoft supplicant as far as I know. PEAP encapsulation
doesn't support client certificates.
Probably what you want is EAP-TTLS which is not supported by Microsoft. You'll
need a third party supplicant for it.
Might look at this for reference:
http://en.wikipedia.org/wi
A lot of thanks for your answer Mearl Danner, I read the pages of M$ but I
didn´t found any possibilitys to configure the clients so, that the client is
use a username/password and certificate. Do you know how I can do these
settings or if it´s generelly not possible? thanks again
Or
Hi
To install JRadius server, I must install freeRadius server?
thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi!
How i can create several perl instances
for several virtual hosts (DHCP, AAA etc)?
--
Sergey V. Sokolov
nic-hdl: SVS141-RIPE
X-NCC-RegID: ru.gorizont
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Klaus Laus wrote:
> I *only* want to know all the time if it´s possible to login on a client with
> user/userpassword and client certificate. I pleased you *only* to say *no* or
> *yes* and maybe one sentence more.
>
> I know you´re a freeradius expert not a M$ expert but I thought when you know
I *only* want to know all the time if it´s possible to login on a client with
user/userpassword and client certificate. I pleased you *only* to say *no* or
*yes* and maybe one sentence more.
I know you´re a freeradius expert not a M$ expert but I thought when you know
how to set up a server you
EAP/PEAP requires a server certificate. You can opt for the M$ supplicant to
verify it but it does not use a client certificate.
That's why there is no option to pick the client cert when setting up PEAP.
-Original Message-
From: freeradius-users-bounces+jmdanner=samford@lists.freer
Klaus Laus wrote:
> The message is clear. Yes I created a client certificate and imported it into
> the client.
> When I use TLS to connect to the freeradius server I can choose the client
> certificate in the TLS dialog and the client can login successfully.
>
> When I use PEAP to login I have
Hi,
> is it possible to send attributes based on the used SSID?
yes. as that can be gained from RADIUS attributes sent to the
RADIUS server . where you do them, and how you do them - ie unlang,
users, SQL huntgroups etc etc is down to you
alan
-
List info/subscribe/unsubscribe? See http://www.fr
Hello,
is it possible to send attributes based on the used SSID?
Setup:
SSID_X -> Access Point -> Freeradius -> ntlm_auth -> Active Directory
So, if an user enters SSID_X, Freeradius puts him into VLAN1234. If the
same person enters SSID_Y, he shall stay in the default VLAN1000. (Both
SSIDs use
> ++[files] returns noop
Was the key I was editing the wrong users file... all is well now... Thanks
tons!
-Original Message-
From: freeradius-users-bounces+curtis.h.schwartz=nasa@lists.freerad
The message is clear. Yes I created a client certificate and imported it into
the client.
When I use TLS to connect to the freeradius server I can choose the client
certificate in the TLS dialog and the client can login successfully.
When I use PEAP to login I have to type in my username and pa
On 21/09/10 08:57, Alan DeKok wrote:
> Neil Prockter wrote:
>> Well things have taken a turn for the worse. At the weekend we upgraded
>> the last AD Domain controller to 2008r2 (still in AD2003 mode) and the
>> radius servers instantly stopped working with "named pipe disconnected"
>> and now "nt
Neil Prockter wrote:
> Well things have taken a turn for the worse. At the weekend we upgraded
> the last AD Domain controller to 2008r2 (still in AD2003 mode) and the
> radius servers instantly stopped working with "named pipe disconnected"
> and now "ntlm --username" and "wbinfo -a" no longer wo
Klaus Laus wrote:
> I tried to login from another client, but it´s the same problem.
>
> TLS Alert write:fatal:handshake failure
> TLS_accept:error in SSLv3 read client certificate B
> rlm_eap: SSL error error:140890C7:SSL
> routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
>
25 matches
Mail list logo
