Jacob Dawson wrote:
Further testing suggests that neither of the Perl or Realm modules is
applying the Stripped-User-Name in the right scope.
I have no idea what that means. The Stripped-User-Name isn't magic.
It's just an attribute. If it exists in the request list, you can refer
to it
On Jul 14, 2011, at 9:57 PM, Phil Mayers wrote:
On 07/14/2011 06:09 PM, Arran Cudbard-Bell wrote:
1. HTML tags like 'pre' will not be parsed by all renderers, just
because it works in Gollum, doesn't mean it will work with a proper
renderer for that markup format.
For markdown its 3
Op 14 jul 2011, om 21:30 heeft Alexander Clouter het volgende geschreven:
Serge van Namen svna...@snow.nl wrote:
I'm working on a proof-of-concept for 802.1x and dynamic vlan's on
switches.
All this works perfectly with user@realm, but now I want to read the
vlan ID from a ldap
Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
There is no better alternative. You need to indent code blocks for
them to be easily legible, as it breaks them out of the normal flow of
the document.
I think that's Phil's point. The code he is cutting and pasting in is
no doubt
On Jul 15, 2011, at 10:30 AM, Alexander Clouter wrote:
Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
There is no better alternative. You need to indent code blocks for
them to be easily legible, as it breaks them out of the normal flow of
the document.
I think that's Phil's
Serge van Namen svna...@snow.nl wrote:
In our situation the user is bound to a VLAN, so on every workstation
in the building the user authenticates and the switchport becomes a
member of the correct VLAN.
I *strongly* recommend not mixing host and user authentication, it's
just too much
Op 15 jul 2011, om 11:26 heeft Alexander Clouter het volgende geschreven:
Serge van Namen svna...@snow.nl wrote:
In our situation the user is bound to a VLAN, so on every workstation
in the building the user authenticates and the switchport becomes a
member of the correct VLAN.
I
Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
Ok. I'm not saying these things to be an asshole. The point of moving
to Gollum was that users would be able to contribute to the bundled
documentation. The wiki now serves as a repository for server docs (or
will do once we figure out
It is my first time to setup Juniper ERX-1440 with freeradius. All my
other NAS's are cisco.
I was trying to setup checkrad to check for simultaneous connections and
realized that juniper is not listed in nas type list.
Can someone help me with getting chekrad to work with Juniper ERX?
Thank
On 15 Jul 2011, at 02:51, Alan DeKok wrote:
Jacob Dawson wrote:
Further testing suggests that neither of the Perl or Realm modules is
applying the Stripped-User-Name in the right scope.
I have no idea what that means. The Stripped-User-Name isn't magic.
It's just an attribute. If it
Serge van Namen svna...@snow.nl wrote:
'un-registered' (user bootstrapped) workstations go into VLAN
'users-unmanaged' whilst our equipment goes into 'users-staff'.
Hope that makes sense...? :)
Do you mean: unauthorized, user be put in default (jailed) vlan?
I work for a university so
Jacob Dawson daw...@vt.edu wrote:
Unfortunately, when you set nostrip in the config, it doesn't add a
Stripped-User-Name attribute to the request, but when you unset it,
rlm_realms adds a Stripped-User-Name attribute and also updates the
User-Name attribute to the same value.
I am 90% sure
Op 15 jul 2011, om 14:34 heeft Alexander Clouter het volgende geschreven:
Serge van Namen svna...@snow.nl wrote:
'un-registered' (user bootstrapped) workstations go into VLAN
'users-unmanaged' whilst our equipment goes into 'users-staff'.
Hope that makes sense...? :)
Do you mean:
OK, sorry as this is a long mail because Im going to include as much config
as possible.
I have been playing around trying to get this to work with little success
though the debug error messages have changed since yesterday
Im having trouble getting freeradius to use ntlm_auth - the error massage
On Jul 15, 2011, at 4:26 PM, Edge wrote:
Exec-Program output: Exec-Program: FAILED to execute
/usr/local/etc/raddb/modules/ntlm_auth: Permission denied
Exec-Program-Wait: plaintext: Exec-Program: FAILED to execute
/usr/local/etc/raddb/modules/ntlm_auth: Permission denied
Helps to actually
Phil Mayers p.may...@imperial.ac.uk wrote:
Unfortunately, when you set nostrip in the config, it doesn't add a
Stripped-User-Name attribute to the request, but when you unset it,
rlm_realms adds a Stripped-User-Name attribute and also updates the
User-Name attribute to the same value.
I am
Exec-Program output: Exec-Program: FAILED to execute
/usr/local/etc/raddb/modules/ntlm_auth: Permission denied
Exec-Program-Wait: plaintext: Exec-Program: FAILED to execute
/usr/local/etc/raddb/modules/ntlm_auth: Permission denied
Your path to ntlm auth is wrong. You need to specify the path to
Hi
Arran, I did read the debug messages, I just didn't understand what they
were telling me, I couldn't understand why it had failed to execute as the
file was there, I was root and I even tried using an admin account - just in
case..
Gary has given me a clue so off I go hunting..
Thanks Guys
If I may interject... if Gary's hint does not pan out I would suggest also
checking that the ntlm_auth binary is accessible to the FR daemon, I had an
issue on my box that the file permissions were correct but one of the
directories in the path was denying me access. So not only does the file
I can't guarantee the syntax of the ntlm_auth command is correct for OP's
particular environment, but I will guarantee you must specify the correct path
to the Samba ntlm_auth binary.
As for perms, I agree they can be tricky. If I run into issues I typically
start running stuff as root. Not
cat /usr/share/freeradius/dictionary.juniper
Best regards,
Fred MAISON
2011/7/15, Igor Smitran si...@blic.net:
It is my first time to setup Juniper ERX-1440 with freeradius. All my
other NAS's are cisco.
I was trying to setup checkrad to check for simultaneous connections and
realized that
Serge van Namen svna...@snow.nl wrote:
I accomplished to strip the username, it authenticates successfully against
LDAP.
But eventually it fails on EAP I think, because the username isn't the
original from the request.
[snipped]
users: Matched entry DEFAULT at line 7
22 matches
Mail list logo