mimir wrote:
One more question.. is it possible to replicate to virtual hosts?
No.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I have working radius - AD authentication via winbind (MSCHAP
challnge-response).
But I do not want to give all domain users ability to use VPN. I want to use
special AD group.
I have considered LDAP authorization. I've read this manual
http://wiki.freeradius.org/Rlm_ldap
and configured correct
mimir wrote:
Can you please share docs links? I only check configuration files comments.
I could not find any detailed docs for configurations, or my account do not
have access?
There is no magical secret store of documentation. Everything is public.
Alan DeKok.
-
List
PENZ Robert wrote:
I've a setup where it is possible to deny a request at various places for
different reasons. I use sql_log in post-auth to log the replies. It would
now be nice to add a comment variable which I fill at the various stations,
that can deny a request, so I know why a
Hello Andreas,
How to tell freeradius, that after successful MSCHAP auth against AD
it must browse AD via LDAP and check that te username belongs to
specified group?
I think, you need to write a script that makes sure that the user is
part of a specific group. I would do that in perl, because
On Tue, Apr 03, 2012 at 11:24:04AM +0200, Thomas Glanzmann wrote:
How to tell freeradius, that after successful MSCHAP auth against AD
it must browse AD via LDAP and check that te username belongs to
specified group?
I think, you need to write a script that makes sure that the user is
Hello Matthew,
Why do in perl what you can do in FR directly? That will just
slow things down.
if (!(Ldap-group == 'cn=group,dc=example,dc=com')) {
reject
}
will this work with nested groups?
Cheers,
Thomas
-
List info/subscribe/unsubscribe? See
Hi,
Is there any difference between original accounting packets and replicated
(which are modified and some attributes added) accounting packets?
I asked this question because when I check the radius servers in debug mode,
I see that slave radius servers are sending Accounting Response but
Hello,
I am adding custom attributes and replicate or proxy them to other radius
servers.
But I also want to log this operation.
I test it via sql xlat. ( I will also use ldap xlat, I think they will be
same like %ldap: . )
For example, I am waiting 20 digit number from my queries. But, if
mimir wrote:
Is there any difference between original accounting packets and replicated
(which are modified and some attributes added) accounting packets?
If you modify them, then yes... there are differences.
I asked this question because when I check the radius servers in debug mode,
I
Hi Alan,
Do you have any advice on my configuration?
I want to send same accounting packages to multiple nodes like replication.
But, I want to log home_servers responses. You advised configuring proxy.
But, proxy mode only sends accounting packets to one node because of
failover or loadbalance
mimir wrote:
Do you have any advice on my configuration?
Read the documentation?
I want to send same accounting packages to multiple nodes like replication.
But, I want to log home_servers responses. You advised configuring proxy.
So I did.
But, proxy mode only sends accounting packets
Apologies for reviving an old thread, but we have a response from RIM
regarding this issue.
The problem is with the version of OpenSSL on phone models 9360, 9380, and
9790.
For full details, see: http://blackberry.com/btsc/kb29914
The workaround reads Turn off secure renegotiation on the
Note: Since PacketFence relies so much on FreeRADIUS and our integration
is growing with time, we would welcome applications from students
willing to work on FreeRADIUS or FreeRADIUS / PacketFence integration!
Work all summer long on a hard-core Network Security project written in
Perl!
jaimeventura wrote:
Now, if the user enters wrong credentials, windows prompts for credentials
again with a message stating that the user credentials are invalid. The
problem is that if the user now types the correct credential, the access
will still be denied. After the third retry, windows
Apologies for keeping this going on the freeradius list when it is nothing to
do with it, but has anyone seen this behaviour on anything but a Windows
supplicant? I'm trying to debug whether it's a supplicant or NAS issue.
As Alan has said, this is not a freeradius issue. I see the same
Hello,
I wonder if the radius encryption between radius client and radius is
secure enough if you choose a decent password like the following:
'O([G6krj\9[9FN#GVn(/|9+8h5vq2!W*J:OrA;2Uvk1G*z~-6'emgQV 2X5iDa('
Or if someone should always protect the connection between radius client
to radius server
Changed subject line to reflect new topic.
I've taken your advice and asked for the project requirements to be
modified. We'll just have to deal with incompatible devices (and their
users) on an ad-hoc basis - and maybe give some people an reason to
upgrade. ;-)
I'm now using a bog standard
On Wed, Apr 4, 2012 at 4:01 PM, Glen Harris ast...@iamnota.org wrote:
Replaying the SQL query from the debug manually:
mysql SELECT id, username, attribute, value, op FROM radcheck WHERE
username = 'user01' ORDER BY id;
++--++---++
| id |
On 04/04/12 11:21, Fajar A. Nugraha wrote:
On Wed, Apr 4, 2012 at 4:01 PM, Glen Harrisast...@iamnota.org wrote:
Replaying the SQL query from the debug manually:
mysql SELECT id, username, attribute, value, op FROM radcheck WHERE
username = 'user01' ORDER BY id;
I've been using freeradius for quite a while now, but never really
grokked the config file. There is lots of documentation that gives you
a narrow peep hole into the specific section it's concerned with and how
to do common basic things, but there's nothing I've found that really
talks about the
21 matches
Mail list logo