Dear friends:
I am trying to set up a freeradius-1.1.0 server for authenticating users
using MS-CHAP passwords.
I pretend to authenticate users against shadow.
I am using the default radius.conf and users files. I have included the
microsoft dictionary in radiusclient.conf file.
ra
Hi, everyoneI installed FreeRADIUS and OpenSSL on my computer,then I want to create self-signed certificates usingscripts CA.all in freeradius source package, but I goterror like:Using Configuration from/usr/local/openssl/ssl/openssl.cnf./demoCA/serial: No such file or directoryerror while loading
Phil Mayers <[EMAIL PROTECTED]> wrote:
> Ok, different libntlm then. Have you got the URL handy?
http://josefsson.org/libntlm/
> I don't know what you mean by this. Samba can act as both a client and
> (member) server for win2k/win2k3 authentication methods (GSS-SPNEGO
> primarily) using machin
Alan DeKok wrote:
Phil Mayers <[EMAIL PROTECTED]> wrote:
Isn't libntlm client-side NTLM?
It validates NTLM requests, and uses username/passwd to generate
NTLM requests to send to a server.
Ok, different libntlm then. Have you got the URL handy?
As far as I know, to execute the required
Title: RE: on the right track?
I just worked this out yesterday.
Best way for me (I found) was to create two groups (one is pubnet-dialup the other is pubnet-extend)
I set this in the /etc/raddb/users file
# Authentication for pubnet-dialup group
DEFAULT Auth-Type = System, Gro
Robert Myers <[EMAIL PROTECTED]> wrote:
> I'm having a problem with my Cisco 2950 and EAP/TLS...I've already
> configured this to work on my HP 5300, so I'd assume that everything on
> the freeradius end is proper...
Yup.
> Sending Access-Challenge of id 9 to 192.168.2.161:1812
> EAP-
"Will Urbanski" <[EMAIL PROTECTED]> wrote:
> I am fairly new to FreeRADIUS and I am looking for some documentation on the
> format of the log produced by the FreeRADIUS daemon.
Which log? radius.log? There's no documentation for that.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
"Dave Huff" <[EMAIL PROTECTED]> wrote:
> rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal
> certificate_unknown
> TLS Alert read:fatal:certificate unknown
SSL is telling FreeRADIUS that the certificate sent by the client is
bad.
You're probably doing EAP-TLS where the server has one cer
"Carl Wahlin" <[EMAIL PROTECTED]> wrote:
> So, we are testing ciscos new Airespace wlan controller and would like to
> map users based on "OrganizationalUnit" (or something else) in the
> certificate to a specific VLAN.
That's not really possible right now. You'll have to update the
server sour
I'm having a problem with my Cisco 2950 and EAP/TLS...I've already
configured this to work on my HP 5300, so I'd assume that everything on
the freeradius end is proper...
However I am receiving this from the debug log:
rad_recv: Access-Request packet from host 192.168.2.161:1812, id=9,
lengt
Phil Mayers <[EMAIL PROTECTED]> wrote:
> Isn't libntlm client-side NTLM?
It validates NTLM requests, and uses username/passwd to generate
NTLM requests to send to a server.
> As far as I know, to execute the required RPCs you need a machine
> account
Which Samba doesn't do. Remember, Samba
Hello,
I am fairly new to FreeRADIUS and I am looking for some
documentation on the format of the log produced by the FreeRADIUS daemon. I
have checked the website and the wiki but have not been able to come up with
much… google also returned little. I am looking for at least an overvie
Guy Fraser wrote:
The hints file was originally designed to classify users and determine
what methods of connection were allowed, by using an uppercase
character or other pattern. It provided a similar function to what
Yes we've had this discussion and I have explained this, and the OP has
e
Alan DeKok wrote:
Phil Mayers <[EMAIL PROTECTED]> wrote:
Download Samba, ensuring it is 3.0.21rc1 or later which includes the
patch Alan talks about. Compile and install samba. Read the samba
documentation. Configure your Samba server. Ensure winbindd and nmbd are
running. Join the AD domain.
Hello,
Quite new to radius, so this might be a stupid question. Although I have
been searching google for the last 2 hours trying to find the answer
without any luck...
So, we are testing ciscos new Airespace wlan controller and would like to
map users based on "OrganizationalUnit" (or something
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
> Of Alan DeKok
>
> "Dave Huff" <[EMAIL PROTECTED]> wrote:
> > I would like to configure this setup using Freeradius. My WinXP
> > client (Intel ProSET) supports this, but FR chokes on it
> when enab
"Dave Huff" <[EMAIL PROTECTED]> wrote:
> I would like to configure this setup using Freeradius. My WinXP client
> (Intel ProSET) supports this, but FR chokes on it when enabled.
Would you be willing to run the serve rin debugging mode, as
suggested in the FAQ, README, INSTALL, and daily on this
Looks like that's set in the users file. As the entry for that email
says DEFAULT.
Dave Huff wrote:
I would like to configure this setup using Freeradius. My WinXP client
(Intel ProSET) supports this, but FR chokes on it when enabled. I've got
PEAP-EAP-MSCHAPV2 working with just password
"George C. Kaplan" <[EMAIL PROTECTED]> wrote:
> I assume we can still override this (or example, to authorize with LDAP,
> but authenticate with kerberos) as we're doing with 1.0.5.
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I would like to configure this setup using Freeradius. My WinXP client
(Intel ProSET) supports this, but FR chokes on it when enabled. I've got
PEAP-EAP-MSCHAPV2 working with just password authentication.
I noted this
http://www.opensubscriber.com/message/freeradius-users@lists.freeradius.org/
[EMAIL PROTECTED] wrote:
> We have a Cisco AS5300 terminal server that already uses freeradius w/
> kerberos to authenticate users. We would like to take that a step further
> and use freeradius to limit usage time based on the user name (certain
> users are allowed 8hrs while all others are given
Alan DeKok wrote:
> Peter Manckok <[EMAIL PROTECTED]> wrote:
>
>>For example, if I have a GPRS access I would like to
>>authenticate against my first LDAP server (instance
>>ldap1). How can I say to the FreeRadius server to use
>>the authenticate method of the l1 instance?
>
>
> In 1.1.0, once
On Wed, 2006-22-02 at 07:34 +0100, Stefan Winter wrote:
> Hi,
>
> > You don't have to have a User-Name in the request to use that file. If
> > it isn't there and you need it for further processing you can add it.
>
> Well, no. That's exactly the point: the hints file is *skipped* if there is
> n
Peter Manckok wrote:
authenticate {
..
Auth-Type LDAP1 {
interface1
}
Auth-Type LDAP2 {
interface2
}
Auth-Type LDAP3 {
interface3
}
}
In my authorize section I have:
authorize{
files
...
}
In my users file I have:
DEFAULT NAS-IP-Add
Hello all!
I've tried to search the web and the archives for an answer to this
question and didn't come up with anything, so I hope I'm not duplicating a
question that's already been answered.
Currently, where I work, we run two modem pools. One pool is limited to
certain users who are allowed t
Peter Manckok <[EMAIL PROTECTED]> wrote:
> For example, if I have a GPRS access I would like to
> authenticate against my first LDAP server (instance
> ldap1). How can I say to the FreeRadius server to use
> the authenticate method of the l1 instance?
In 1.1.0, once you select an LDAP module dur
Phil Mayers <[EMAIL PROTECTED]> wrote:
> Download Samba, ensuring it is 3.0.21rc1 or later which includes the
> patch Alan talks about. Compile and install samba. Read the samba
> documentation. Configure your Samba server. Ensure winbindd and nmbd are
> running. Join the AD domain. Ensure samba
"Torkel Mathisen" <[EMAIL PROTECTED]> wrote:
> I don't use client certificates I think. Atleast I haven't installed any
> certificates on my clients.
It looks like the client is sending one.
> So how can I fix that? Just delete the client certificate from the
> radius server ?
No, delete it
I will try to explain it better
In my modules section I have:
modules {
...
ldap2 interface1 {
server = 10.x.y.a
...
}
ldap2 interface2 {
server = 10.x.y.b
...
}
ldap2 interface3 {
server = 10.x.y.c
...
}
...
}
In the authenticate sec
Thanks for the info
Thanks,
Scott Gilmour
Software Engineer
ENET, & ENSRT
Enterasys Networks
Phone: 978-684-1236
Email:[EMAIL PROTECTED]
www: http://www.enterasys.com
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
.org] On Behalf Of Phil Mayers
Sent: Wednesday, Feb
Hy all,
I am not sure how to configure my scenario.
I explain it to you:
We have 3 LDAP servers running. We authenticate
against one or other depending the type of access
(GPRS, Callback...).
I am going to create three instances of the ldap
module. But I dont know how and where to say which is
I saw something very similar on one of my FBSD6 boxes. My issue was due to
running out of SysV IPC space. I corrected the issue by adding the following
lines to /boot/loader.conf:
kern.ipc.shmmni=2048
kern.ipc.shmseg=2048
kern.ipc.semmni=128
kern.ipc.semmns=512
Hope this helps,
Junior
-Or
Gilmour, Scott wrote:
I read that you need to setup ntlm_auth to get Machine Authentication to
work with Active Directory.
How do I properly set up ntlm_auth to do this?
Download Samba, ensuring it is 3.0.21rc1 or later which includes the
patch Alan talks about. Compile and install samba. R
Hi all,
I have recently encountered this problem on one of my FreeBSD 6.0 boxes.
After many recompiles reinstalls and even an upgrade of MySQL to 4.1 I still
run into a core dump when enabling the sql option.
Here is the debug.
START -
radiusd -X
Starting - re
Alan DeKok wrote:
> "Torkel Mathisen" <[EMAIL PROTECTED]> wrote:
> > Anyway, here is the debug log and as you can see I get an unknown CA
> > error. However I got all certs in the correct location on the
> > freeradius server.
>
> The issue isn't the server certificates.
>
Ok.
> > rlm_eap_
35 matches
Mail list logo