Well, I solved my own problem by creating another instance of the sql
module...
sql myVlanDB {
database = mysql
driver = rlm_sql_${database}
server = db.resnet.bris.ac.uk
port = 3306
login = radiusd
password =
radius_db = VLANS
}
...and then querying it
--On Friday, February 11, 2011 11:36:09 +0530 Rajkumar R
rajkuma...@aricent.com wrote:
Hi,
This query is related to Cisco-7206 equipment behavior.
Indeed, so you should be asking Cisco not FreeRADIUS
We have a Cisco 7206(IOS12.2(33)) equipment associated with freeRadius
server2.1.10.
OK, so the current problem seems to be that I cannot get the ntlm_auth to work.
I read
http://freeradius.1045715.n5.nabble.com/Freeradius-with-Active-Directory-td2747221.html
but that does not seem to apply for me as the ntlm_auth file contains the
exec.
Attached (if that works) is the
Schaatsbergen, Chris wrote:
OK, so the current problem seems to be that I cannot get the ntlm_auth to
work. I read
http://freeradius.1045715.n5.nabble.com/Freeradius-with-Active-Directory-td2747221.html
but that does not seem to apply for me as the ntlm_auth file contains the
exec.
Hello,
I'am searching for a good way to secure the transmission of passwords
with decryption between clients and a radius-server (there is no NAS
between) without client zertificates. At the moment I use default PAP
configuration.
Which ways are possible?
Any hind, how I get this working or
Greetings and thanks for the quick reply.
As stated in my original posting,
http://deployingradius.com/documents/configuration/active_directory.html is
what I have been working with from the beginning.
So far I have done everything there exactly as described with the same outcome.
Why?
Marius.Meisner wrote:
I'am searching for a good way to secure the transmission of passwords
with decryption between clients and a radius-server (there is no NAS
between) without client zertificates. At the moment I use default PAP
configuration.
The User-Password attribute is always
Schaatsbergen, Chris wrote:
Greetings and thanks for the quick reply.
As stated in my original posting,
http://deployingradius.com/documents/configuration/active_directory.html is
what I have been working with from the beginning.
So far I have done everything there exactly as described
Just to close out this thread with a solution...
Turns out that neither rlm_python nor freeradius were the problem.
They are working perfectly. The problem was my idiot wireless
administrator! Once I beat the password out of him and properly
configured the wireless switch, everything started
Hallo Alan,
thx for your response. But there is still a question left.
Am 11.02.2011 15:08, schrieb Alan DeKok:
Marius.Meisner wrote:
I'am searching for a good way to secure the transmission of passwords
with decryption between clients and a radius-server (there is no NAS
between) without
--On Thursday, February 10, 2011 08:25:13 -0500 David Peterson
dav...@wirelessconnections.net wrote:
I am working with a NAS that only sends accounting packets with the EAP
style username. Other than matching up
=7Bam=3D1=7df717cc32fff26ff29ca0baac5833f...@wimax.com with
b...@wimax.com
Marius.Meisner wrote:
Which encryption is used - or is the shared secret meant?
Read RFC 2865. This is the FreeRADIUS list, and not really a place
for generic how does RADIUS work questions.
How may I
change the type of encryption to stronger ones?
You can't.
By documentation I found
Hi Alan,
thx for your quick reply.
Am 11.02.2011 17:14, schrieb Alan DeKok:
Marius.Meisner wrote:
Which encryption is used - or is the shared secret meant?
Read RFC 2865. This is the FreeRADIUS list, and not really a place
for generic how does RADIUS work questions.
Sorry for taken
Hello to all,
I would like to use Freeradius to authenticate my wireless network using
OpenWRT and Freeradius + LDAP. What I've done:
First Authenticated Users in WLan using EAP-TTLS and files in
Freeradius. WORKED! Then I've configured ldap-Modul + added ldap in
the authorize- and
I'm barely a novice with FR, so take this with a grain of salt:
You forced ALL Authentication requests to use LDAP. EAP / LDAP don't play well
together. Remove the Auth Type LDAP - for now.
You almost never want to set the Auth-Type directly, FR figures it out from
the request. For testing
Hello, I'm trying to do the same thing, I know I have to use winbind and
samba to get it, but in reading the news I found this freeradius 2.1 Added
Password-With-Header == userPassword to raddb / ldap.attrmap This Will
automaticallyconvert more passwords
[]'s
--
Vinicius Teixeira Coelho
As for accomplishing your goal, unfortunately others will have to help you
with that - I don't know FR/LDAP/EAP well enough. But, I don't THINK you
can authenticate EAP requests against LDAP directly because of the no clear
text password issue.
I think he is right ... I know that we had
So far I have done everything there exactly as described with the
same outcome.
No.
If you get the error Failed to link to module 'rlm_ntlm_auth':...,
it means you did something *other* than what is on the web page.
This is I believe indeed the missing piece, problem is I cannot
Yeah, but that's SAMBA - not LDAP. (Added Password-With-Header ==
userPassword to raddb / ldap.attrmap ) sounds interesting!
From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org
Yes, but your samba is using the ldap
[]'s
--
Vinicius Teixeira Coelho
Registered Linux User #469313
The Ubuntu Counter Project - user number # 21463
On Fri, Feb 11, 2011 at 4:35 PM, Gary Gatten ggat...@waddell.com wrote:
Yeah, but that’s SAMBA – not LDAP. (Added Password-With-Header ==
I don't think ntlm_auth makes any ldap calls.
From: Vinicius Teixeira Coelho [mailto:vinicius...@gmail.com]
Sent: Friday, February 11, 2011 12:41 PM
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Subject: Re: Freeradius + LDAP for WPA-Enterprise
Yes, but your samba is
Marius.Meisner wrote:
Am 11.02.2011 17:14, schrieb Alan DeKok:
Marius.Meisner wrote:
Which encryption is used - or is the shared secret meant?
Read RFC 2865. This is the FreeRADIUS list, and not really a place
for generic how does RADIUS work questions.
Sorry for taken your time. Its
Gary Gatten wrote:
You forced ALL Authentication requests to use LDAP. EAP / LDAP don't play well together.
Remove the Auth Type LDAP - for now.
If I remove that the radtest failed for a LDAP-User. It returns a
rejected Message.
As for accomplishing your goal, unfortunately others will
We just started using WPA2-Enterprise. We use SAMBA / ntlm_auth / AD. I
honestly don't know if / how you can do it using pure LDAP. Someone else
posted something about new LDAP attributes that may work, but that's way over
my head. Maybe if you use certs instead of uname/passwords it will
PS: We also use ntlm_auth for 802.1x. All the docs I read and the comments
within the various FR files say EAP and LDAP won't work - for Authentication.
Authorization should be fine.
G
-Original Message-
From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org
If you want to use ldap as authentication source, either you have
plaintext password in ldap or ntPassword hash stored in ldap. You can
search the list of my name, I just got both eap/peap against Active
Directory w/ ntlm_auth and against ldap w/ ntPassword recently. I
posted my configuration on
Hi All,
I am a newbie to freeradus. I am planning to run a second SSHD on a higher
port on my server which will allow me to authenticate separately from my
existing SSHD. Can somebody help me by telling me what are the steps I need
to take to perform this . The Server I will be using is a RHEL5.
Hi JK,
I am not close with RE, but in Debian you may need the packet
libpam-radius-auth. I have chosen the way over PAM Module to communicate
between radius and sshd. So you may configure files like /etc/pam.d/sshd
- if its the same under RE.
MM
Am 12.02.2011 00:03, schrieb Jaikanth
Hi JK,
I am not close with RE, but in Debian you may need the packet
libpam-radius-auth. I have chosen the way over PAM Module to communicate
between radius and sshd. So you may configure files like /etc/pam.d/sshd
- if its the same under RE.
MM
Am 12.02.2011 00:03, schrieb Jaikanth
this is great, i will search.
Enviado via iPhone
Em 11/02/2011, às 19:04, schilling schilling2...@gmail.com escreveu:
If you want to use ldap as authentication source, either you have
plaintext password in ldap or ntPassword hash stored in ldap. You can
search the list of my name, I just
30 matches
Mail list logo