I think you need to apply this command to the
port:
switchport access vlan dynamic
- Øystein Gåsdal
From: HOWLETT C DsicEmi
[mailto:[EMAIL PROTECTED] Sent: 6. oktober 2005
10:54To: freeradius-users@lists.freeradius.orgSubject:
Using freeradius and 802.1x for dynamic VLAN on Cisco 2950
You don't but that info into your certificate.
The DOMAIN info is only used if you are going to authenticate against a
Windows Domain.
If you are authenticating against the users file, or a SQL Server, just
leave it blank.
- Øystein
-Original Message-
From: Dudley Atkinson [mailto:[EMAIL
I too has experienced problems when I use the built in 802.1x client in
WinXP.
If I try other clients, like Secure2W, it works fine.
My guess is that it is a bug in the built-in client.
- Oystein
-Original Message-
From: Dan Armstrong [mailto:[EMAIL PROTECTED]
Sent: 10. februar 2005 0
> > Anyway, have you been able to authenticate at a very early
> stage, so
> > logon scripts can be used with SecureW2?
> > If not, are there other supplicants that support that?
>
> I had no need for that, but it is documented in the new
> http://www.securew2.com/uk/resources/index.htm#Advanc
005 14:56
> To: freeradius-users@lists.freeradius.org
> Subject: Re: Problems with ttls using SecureW2
>
> Hello Øystein.
>
> Dne petek 04 februar 2005 08:37 je Øystein Gåsdal napisal(a):
>
> > I think Alan wrote that the job with getting ttls to work
> was to set
>
The easiest way to find out if it's the server it is something wrong with,
just turn off validate server certificate under the 802.1x settings in
WindowsXP.
If you are running PEAP, you don't need certificates on the client, just on
the server.
- Øystein
> -Original Message-
> From: Du
SecureW2
>
> Hello Øystein.
>
> Dne petek 04 februar 2005 08:37 je Øystein Gåsdal napisal(a):
>
> > I think Alan wrote that the job with getting ttls to work
> was to set
> > up tls properly... Freeradius works with the built-in 802.1x
> > supplicant, so
Hi again!
I've decided to try the now open source SecureW2 supplicant, because I don't
think the built-in supplicant in WinXP is any good, especially when logging
in to NT Domains.
Anyway, when I try that, I encounter a problem, the Freeradius debug gives
med this error:
I'm just pasting the line
Title: ntlm_auth and Windows Groups
that worked!
thank you very much!
-
Øystein
From: Mike Barber
[mailto:[EMAIL PROTECTED] Sent: 27. januar 2005
12:57To: freeradius-users@lists.freeradius.orgSubject:
RE: ntlm_auth and Windows Groups
Try
Aalesund\\Test
Fr
erate domain/name parts!
So it seems to remove the \ for some reason..
Anyone know how to fix this?
Thanks!
Øystein Gåsdal
Norway
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I didn't use realms to get this working, I think realms is only if you are
going to use freeradius as a radius proxy.
If you want to authenticate users using their domain user and password, you
must get ntlm_auth working (search for it in radiusd.conf), but as Alan here
pointed out to me, it is bes
>
> Try:
>
> ntlm_auth = "/path/to/ntlm_auth --request-nt-key
> --username=%{mschap:User-Name} --domain=%{mschap:NT-Domain}
> --challenge=%{mschap:Challenge:-00}
> --nt-response=%{mschap:NT-Response:-00}"
This worked!! Finally! :)
>
> > so I'm attaching both my radius.conf and the radi
I still can't get this to work...
After configuring samba, I get ntlm_auth to work manually:
[EMAIL PROTECTED] raddb]# ntlm_auth --username=og4 --request-nt-key
--domain=AALESUND
password:
NT_STATUS_OK: Success (0x0)
But it still does not work via radius:
Exec-Program: /usr/bin/ntlm_auth --requ
to the radius
server.
The configuration should look like this:
aaa new-model
aaa authentication dot1x default group radius
radius-server host auth-port 1812 acct-port 1813
key
On the ethernet interface, you shold have this:
dot1x port-control auto
- Øystein Gåsdal
-Original M
acct-port 1813
key
On the ethernet interface, you shold have this:
dot1x port-control auto
- Øystein Gåsdal
> -Original Message-
> From: M.Cerqui - PUBLISHERIA [mailto:[EMAIL PROTECTED]
> Sent: 4. oktober 2004 21:02
> To: [EMAIL PROTECTED]
> Subject: RE: Freeradius,
What is realm used for anyway? Is it just for proxying?
Do we even need to configure that to use ntlm authentication?
Regards,
Øystein Gåsdal
> -Original Message-
> From: Christoph Litauer [mailto:[EMAIL PROTECTED]
> Sent: 8. oktober 2004 09:26
> To: [EMAIL PROTECTED]
&
n of module mschap for string
'Challenge'
mschap2: b9
Is this something to worry about, or is it connected with the ntlm_auth
problem?
Thanks!
Øystein Gåsdal
Norway
> > The freeradius server is not on the same subnet as the domain
> > controller (NT4), and neither are
with WINS too, then?
Thanks,
Øystein Gåsdal
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: 1. oktober 2004 16:38
To: [EMAIL PROTECTED]
Subject: Re: Ntlm_auth how-to
=?iso-8859-1?Q?=D8ystein_G=E5sdal?= <[EMAIL PROTECTED]> wrote:
> Anybody got a step by st
ten a guide for this? :)
Thanks,
Øystein Gåsdal
Norway
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.pem
has a zero-byte size.
Any ideas?
Thanks,
Øystein Gåsdal
Norway
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
e root and
client sertificate seems to be generated without problems.
And when I check under /scripts, where CA.all is located (and where I belive
the newly generated certificates are placed), cert-srv.p12 and cert-srv.pem
has a zero-byte size.
Any ideas?
Thanks,
Øystein Gåsdal
Norway
-
List info
That seemed to work! :)
Thank you all for your help.
Øystein Gåsdal
Norway
-Original Message-
From: Paul Bender [mailto:[EMAIL PROTECTED]
Sent: 19. august 2004 16:15
To: [EMAIL PROTECTED]
Subject: Re: Freeradius v1.0 under Fedore Core2
rpmbuild --rebuild freeradius-1.0.0-1.src.rpm
Could you please explain how i rebuild and install this thing? :)
Thanks,
Øystein Gåsdal
Norway
>I suggest that you download, rebuild and install the FreeRADIUS 1.0.0
source RPM from Fedora Core development
>http://download.fedora.redhat.com/pub/fedora/linux/core/development/SRPMS/f
ree
installdir. So it seems to me it is not installed at all.
But it's very possible i'm doing something wrong, since this whole linux /
freeradius thing is new ground to me :)
Any tips?
Thanks,
Øystein Gåsdal
Norway
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
24 matches
Mail list logo