Any idea?
Feladó: freeradius-users-bounces+tdajka=geomant@lists.freeradius.org
[freeradius-users-bounces+tdajka=geomant@lists.freeradius.org],
meghatalmaz#243;: Dajka Tamás [tda...@geomant.com]
Küldve: 2009. január 15. 11:44
Címzett: freeradius
Hi all,
I'm facing a really strange problem. The setup:
IAS+RRAS on Windows 2k3 server - FW with proxy - FREERADIUS on linux
There are to clients for the freeradius:
- Linksys WRT300N ( 802.1x + WPA2 on wifi )
- Cisco 3750G ( 802.1x on wired port )
The freeradius is configured as a proxy
Hi all,
Is it possible to include a VLAN tag in the reply, so that client is assigned
to the appropirate VLAN based on it's auth group ( so, if USER_A is member of
GROUP_A, than it's assigned to VLAN_A)
Is this possible? Or should be done elsewhere, than the radius?
Thanks,
That's what I've tried. The authorize section:
redundant {
# if I comment the folloing line out, the password is accepted, but I
get % Authorization failed. from the switch (this is coused by the incorrect
users file maybe).
files
ldap
ciscopwd
Uncommented the Auth-Type in users, and the debug output:
radiusd: Instantiating modules
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = yes
input_pairs = request
shell_escape = yes
}
Module: Linked to module
Now, the users file is empty, and still the same (%Authorization failed on the
switch). The log:
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++- entering policy redundant
rlm_ldap: -
As I see, that I should provide Service-Type = Login-User in the reply. Is it
possible somehow?
Feladó: [EMAIL PROTECTED] [EMAIL PROTECTED], meghatalmaz#243;: Dajka Tamás
[EMAIL PROTECTED]
Küldve: 2008. október 28. 11:48
Címzett: FreeRadius users mailing
Working, thanks. What about LDAP group membership checking?
DEFAULT
Ldap-Group != cn=routing_admins,ou=groups,dc=mydomain,dc=hu,
Auth-Type := Reject
This is not working (inserted after DEFAULT Service-Type = Login-User)
Tamas
Feladó: [EMAIL
help for configuration - LDAP with custom files Failover
Add Fall-Through = 1 for Service-Type entry.
Ivan Kalik
Kalik Informatika ISP
Dana 28/10/2008, Dajka Tamás [EMAIL PROTECTED] piše:
Working, thanks. What about LDAP group membership checking?
DEFAULT
Ldap-Group != cn=routing_admins
What's the difference (commas or new lines)?
BTW, it's working as it should. Thanks.
Tamas
Feladó: [EMAIL PROTECTED] [EMAIL PROTECTED], meghatalmaz#243;: [EMAIL
PROTECTED] [EMAIL PROTECTED]
Küldve: 2008. október 28. 13:48
Címzett: FreeRadius users
Hi,
I want to use a freeradius server for the following purposes:
- grant authorizaton to Cisco switches via LDAP (group membership checking,
etc).
- make a WIFI with WPA+802.1x via MS IAS/RRAS (the main auth is done by the
IAS, so the freeradius acts as client for IAS/RRAS, and the WIFI APs
Dear All,
I'm facing a problem with Freeradius 2.0.4. I want to make a configuration to
allow our Cisco routers to auth via RADIUS. For this, we're using a password
file now (let's call it ciscopwd) and another file for granting rights.
I want to change the config file, so that the auth is
12 matches
Mail list logo