魏景鹏 wrote:
One side auth with pap method, but the other side needs chap auth
method, so I have to do some translating work.
chap-string = Packet-Id + Cleartext-Password + authenticator
chap-password = packet-id + md5(chap-string)
Is it possible to get packet id in pre-proxy section?
Robert Roll wrote:
The below is out of the .../share/doc/freeradius/rlm_ldap
Note that it shows the Ldap_Group variable being set in the users file, but
I'm assuming it should not really matter where it gets set ?
DEFAULT Ldap-Group == cn=disabled,dc=company,dc=com
No. See
On 03/22/2011 06:15 PM, Robert Roll wrote:
This does seem to work differently than I thought..
Yeah, like I say: it's a virtual attribute that does the group search
when you compare it.
My model was something like ntlm_auth, which allows an authentication,
but one can also require
Hi Alan,
Im new to freeRADIUS, trying to implement it for my test machine running
currently on Ubuntu 9.04 Server.Im trying to establish a communication between
Windows XP,SP3 client and RADIUS SERVER ( on Ubuntu Server) through EAP/TLS and
cerrtificates.
The problem i m facing is, when i
Thanks for helping me to understand this.
I think the way this really works has more utility than
what I was thinking.
I can actually accomplish what I want using two
ldap instance authorizations. One for the User look up,
then one for the Group VLAN setting. There were
going to be two ldap
Amrita Mandpe wrote:
Ignoring EAP-Type/tls because we do not have OpenSSL support.
Ignoring EAP-Type/ttls because we do not have OpenSSL support.
Ignoring EAP-Type/peap because we do not have OpenSSL support.
You've built the server yourself, without using OpenSSL.
I tried
Hello,
I'm using 2.1.9+dfsg-1ubuntu1. I've got a problem with sqlcounter. I try
to use it as data limit counter. I've read that this counter has got 2GB
limit, but I've got problem even with smaller amount of data.
Info: [noresetbytescounter] sql_xlat finished
Debug: rlm_sqlcounter: Check
I just installed FreeRADIUS on Debian. However, I'm running into a couple
problems.
1. I can't get localhost RADIUS test to work. The users file is almost at
its default state except for the new user/pass I created:
user1 Cleartext-Password := password1
I keep getting access-rejects when
never mind about the first problem. I restarted the rad service and it
magically started working...
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Access-Rejects-and-openSSL-Problems-new-install-tp4259009p4259024.html
Sent from the FreeRadius - User mailing list
Dear all,
I have an issue with the new (development/git) version of the TLV parsing
(nested TLVs for WiMAX) : is there a clean way to end a container TLV ?
Here is my issue : I have to insert several WiMAX-Packet-Flow-Descriptor TLVs
(each containing a WiMAX-Packet-Flow-Id and a
Hello, Freeradius-users.
Does freeradius 2.1.10 support Oracle stored procedures?
I need to call stored procedure in accounting_update_query.
How can I do it?
---
Marat Rabidinov
SaimaTelecom
Bishkek, Kyrgyzstan
tel. +996 312 900159
e-mail:
Adrien Demarez wrote:
Please start a new thread for new topics, rather than using an old thread.
And don't CC me on messages to the list. In case you hadn't noticed,
I *do* read the list. Receiving multiple messages is annoying.
Here, the WiMAX-IP-Technology = 0x06 (but it could be
Hi,
I'm currently trying to configure my Win7 clients to do wired 802.1X
authentication using the credentials a user provides at the login screen. Wired
802.1X auth itself works fine but as soon as I have it use the logon
credentials (using the Automatically use my Windows logon name and
Hello,
I am new to this list and planning to deploy a radius-server.
Sole purpose will be to authenticate against network equipment. Mainly Juniper
and cisco and Sonicwall.
I am looking for best practice solutions for password policy. Is there any way
to force network engineers to change
Will you be using some backend database; LDAP, AD, eDirectory, etc.?
Typically RADIUS either permits or denies based on a query reply it receives
from the backend system. I don't *think* you would be allowed to change your
password via RADIUS (it typically only has RO access to the DB, and I'm
Gary,
Thanks for your swift reply.
As said, i am completely new to radius so trying to figure it all out now.
We have an AD forest with over 1,000 users, with only a few of them needing
access to the devices. Are there possibilities to acheive this?
On the AD domain there are already password
What I did - not saying what you should do - is used FreeRADIUS with a SAMBA
util called ntlm_auth with an argument --require-membership-of [group-name/SID
of group]. (I had to use the SID to get it to work.)
So, you need *nix with FR and SAMBA, and that server needs to be a domain
member to
I'd like to try load balancing EAP/PEAP/MSCHAPV2 using freeradius. I looked at
the proxy.conf and it seems
that there are two options, because you have to insure the same end client
talks to the
same radius server. There seems to be client-balance that uses IP source
addresses and
there is
On 03/23/2011 08:56 PM, Robert Roll wrote:
I'd like to try load balancing EAP/PEAP/MSCHAPV2 using freeradius. I looked
at the proxy.conf and it seems
that there are two options, because you have to insure the same end client
talks to the
same radius server. There seems to be client-balance
Hi freeradius-users@lists.freeradius.org ,
I just light a candle for Japan Victims.
Join us to pray for those who have lost their lives and hope for the best for
those who have survived.
It is time to light a candle and Pray...
Please Light a Candle Now at:
Hi,
I'd like to try load balancing EAP/PEAP/MSCHAPV2 using freeradius. I
looked at the proxy.conf and it seems
that there are two options, because you have to insure the same end client
talks to the
same radius server. There seems to be client-balance that uses IP source
Thanks,
I put the update Load-Balance-Key right at the top of the authorize section in
the ../sites-enabled/default...
that seems to be working pretty well...
I'll look more at the client-port-balance ...
thanks,
Robert
From:
The MSCHAPs include the given name when calculating the hashes.
Stripping the domain will therefore not work. The client is using the
domain\name in the hash and you're asking the server to use just the name.
On 3/23/2011 15:08 PM, Thomas Wunder wrote:
Hi,
I'm currently trying to configure my
23 matches
Mail list logo