Martin Whinnery wrote:
Now, I'd like to set up our switches to use radius to allow our
technicians to login. And they are all members of an LDAP group. Let's
call it cn=techies,ou=groups,dc=example,dc=org. I only want this to be
the case for some client devices, namely our switches.
Can
On 2010/07/21 10:37 PM, Alan DeKok wrote:
The only reference book available now is the O'Reilly book. I don't
recommend it, as I don't think it will help you.
What *specifically* are you looking for? The Wiki, documentation, and
my http://deployingradius.com/ site contain a lot of
This is well known. It is in the FAQ, and in the comments in
raddb/eap.conf.
In short, you did *not* get a certificate that Windows will accept.
Read the documentation for details. Look for Windows.
I know these problems, but the certificate support extensions. It's a cert that
should be
Is it possible to display type of authentication ( Auth-type ) that
the
clients used during the authentication ?
In 2.1.9, see msg_goodpass in radiusd.conf. You can out anything
you want in there.
Hi Alan
Thank you for your answer. This feature is really useful, thanks.
However how should
Jevos, Peter wrote:
Thank you for your answer. This feature is really useful, thanks.
However how should look like the string for the Auth-Type ?
I tried:
msg_goodpass = , NAS: %{Calling-Station-Id}, Auth-Type: %{Auth-Type}
but it doesn't work
It's in the control list:
...
Environment: PPTP+PPP+FREERADIUS+MYSQL+LINUX
I want to separate users, for example, there are 10 users
user1, user2 ... user10
I want user1, user2 ... user5 can only login server1
I want user6.user10 can only login server2
if user1 login server2, could I sent a login failure? How
What I would do.
Use the etc_group module
Create som groups for your users
Group1
Group2
Add the respective users to the correct groups
In the users file I will create a line for each login server (client to the
raidus server)
Something like this:
Client-IP-Address == [login server1],
Hello Radius People
I'm running freeradius 2.1.8 working great
I'm using the radius servers to many different clients, specially Cisco nodes,
and some Unix servers.
I'm using the module passwd working fine, and I have enabled unix
authentication in my default section.
Now when a specific
Madsen.Jan JMD wrote:
I’m using the module passwd working fine, and I have enabled unix
authentication in my default section.
Don't. Use pap. It can do crypt authentication.
Thu Jul 22 13:22:21 2010 : Auth: [unix] [jmd]: invalid shell [/usr/bin/bash]
Thu Jul 22 13:22:21 2010 : Info:
Hi
I have in the modules/ntlm_auth_vpn command:
exec ntlm_auth_vpn {
wait = yes
program = /usr/bin/ntlm_auth --request-nt-key
--domain=%{mschap:NT-Domain} --username=%{mschap:User-Name}
--password=%{User-Password} --require-membership-of=domain1
}
Jevos, Peter wrote:
I have in the modules/ntlm_auth_vpn command:
..
Is it possible to add another command ( with different domain ) and to
add OR in order to choose which one will pass ?
Something like this:
exec ntlm_auth_vpn {
program = /usr/bin/ntlm_auth
I have in the modules/ntlm_auth_vpn command:
..
Is it possible to add another command ( with different domain ) and to
add OR in order to choose which one will pass ?
Something like this:
exec ntlm_auth_vpn {
program = /usr/bin/ntlm_auth --request-nt-key
Hi,
I have in the modules/ntlm_auth_vpn command:
there is another way to.
simply make a second copy of that moduleeg have
ntlm_auth_vpn1
and
ntlm_auth_vpn2
(each configured with what you want/need)
and then read: http://wiki.freeradius.org/Fail-over
you can then have this sort of
Jevos, Peter wrote:
Yes I was thinking about it but I don't know how can I pass the
aregumens to that script ( like mschap:User-Name and so on )
When and who will call this script ?
You can call the script instead of calling ntlm_auth.
Passing arguments to the script is really a Unix
I have in the modules/ntlm_auth_vpn command:
there is another way to.
simply make a second copy of that moduleeg have
ntlm_auth_vpn1
and
ntlm_auth_vpn2
(each configured with what you want/need)
and then read: http://wiki.freeradius.org/Fail-over
you can then have this sort of
Hi,
I'm trying to get the the pam radius module to work.
I've built a test radius server (FreeRADIUS Version 2.1.9) and I've setup a
linux box with the pam radius module (1.3.17)
The server seems to be setup properly to authenticate users:
# radtest testing password 127.0.0.1 0 testing123
Hi,
I have a setup with a laptop, access-point, wireless-controller, freeradius
2.1.8 (ubuntu 10.04)
and SLES 10 eDirectory.
When I put the username and password in the users file everything works fine
(802.1x, PEAP)
When I try to move authentication with the eDirectory with ldap, I get the
On 07/22/2010 08:26 PM, newtownz wrote:
The password stored in eDirectory is valid.
My understanding of eDirectory is that it will never let you see the actual
password
of a user, it will hash it first. Is this behavior of freeradius normal?
There is eDirectory support in the rlm_ldap module
I'm currently using Freeradius v2.1.9 and I'm trying to write a
condition in the authorize section to use a different module depending
on whether Mac-auth or someother auth is being called.
In reading the wiki (http://wiki.freeradius.org/Mac-Auth) it appears
that I want to check (Chap-Password
19 matches
Mail list logo