I don't know if my chiming in will make a difference or not.
But windows can authenticate with a machine certificate or a user
certificate
If you're doing the machine certificates, please say so, I'm a little
confused as to what exactly you are doing now.
-Bob
Thibault Le Meur wrote:
Just as a follow up, this has solved my issue.
Alan DeKok wrote:
Robert Myers <[EMAIL PROTECTED]> wrote:
I got the following when running radiusd -X with openssl .0.9.7c on
gentoo, radius 1.1.1-r1
1.1.3 was released a few weeks go. Try it.
Alan DeKok.
--
Alan,
Thanks, I will do that. Do you think this is just a quirk in 1.1.1?
-Bob
Alan DeKok wrote:
Robert Myers <[EMAIL PROTECTED]> wrote:
I got the following when running radiusd -X with openssl .0.9.7c on
gentoo, radius 1.1.1-r1
1.1.3 was released a few weeks go.
I'm wondering if anyone else has seen this.
My setup is as follows, Seimens controller doing .1x auth, EAP-TLS
Both requests are from different users, and what I have now, is set
max_requests_per_server to 300
Doesn't seem to have helped, as radwatch is reporting that another
radiusd died...
I realize this is about a month later.
But I pass down vlan id with Tunnel-Private-Group-Id = , where int
is the vlan id.
I dunno if that'll help you or not. :)
-Bob
radhika putty wrote:
Hi..
When we use VLAN tunneled attributes how do we send the VLAN id value.
For ex if i give a vlan g
You don't export the certificates from Freeradius. They are generated
with openssl.
There is an excellent tutorial on the front page of the Freeradius site,
it even gives you a script to create your first certificates.
There are also some excellent how-to's on openssl, search on google for
There is a link at the bottom of every message, on that page at the
bottom is a link for searching the archives via google.
Good Luck.
-Bob
Guillaume wrote:
2006/3/6, Alan DeKok <[EMAIL PROTECTED]>:
Guillaume <[EMAIL PROTECTED]> wrote:
I run the freeradius version 1.0.4.
Y
I'm having some odd troubles here with the check_crl = yes
I've added what I think is the appropriate config file directives, I
must be missing something.
Here is the debug output, any help would be much appreciated
-Bob
rad_recv: Access-Request packet from host 192.168.2.169:1038, id=37,
Is there a way to send access-accept all of the time?
I've tried to do the DEFAULT in username, but that didn't seem to work
for me.
-Bob
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Is FreeRadius TNC compliant?
-Bob
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Does this only apply if the supplicant uses a server cert during eap/tls?
The reason I ask, is that I'm using a client cert signed by my CA to do
eap/tls, and it's working. I have not implemented the server cert as of
yet.
-Bob
Alan DeKok wrote:
"Dave Huff" <[EMAIL PROTECTED]> wrote:
Fo
Well, you'd approach it the same way you'd do group authentication in
the users file. Check out the users file documentation, then just
understand that rlm_sql is just another users file.
-Bob
Carl Wahlin wrote:
What I'm doing to set these, is via the rlm_sql module.
The tables are pretty s
What I'm doing to set these, is via the rlm_sql module.
The tables are pretty straight forward, and could be manipulated
programmatically. The sql tables are setup just like the users file,
and has group support and all.
Maybe when you issue the cert, you could do some inserts into the DB?
I'm having a problem with my Cisco 2950 and EAP/TLS...I've already
configured this to work on my HP 5300, so I'd assume that everything on
the freeradius end is proper...
However I am receiving this from the debug log:
rad_recv: Access-Request packet from host 192.168.2.161:1812, id=9,
lengt
Looks like that's set in the users file. As the entry for that email
says DEFAULT.
Dave Huff wrote:
I would like to configure this setup using Freeradius. My WinXP client
(Intel ProSET) supports this, but FR chokes on it when enabled. I've got
PEAP-EAP-MSCHAPV2 working with just password
I've not done PEAP yet, but I have done EAP/TLSthere is a good
document on the main web page for EAP/TLS and maybe it will shoot you in
the right direction. check out the news items from Oct 5, 2004, and
11 May 2004, I've used both and they are extremely helpful.
-Bob
Gilmour, Scott w
x27;t be a need to have a user in the
'users' file, as you could just put them in the radcheck table with the
appropriate local password
I was able to authenticate via EAP, then from the radcheck table, find
my user, then from the radreply table get the appropriate attributes.
-
Sorry, this would be the radreply table, not the radcheck table, as the
radcheck is for checking attributes. :)
My bad. :)
-Bob
Robert Myers wrote:
I must be missing this in the documentation.
If I authenticate via the users file/LDAP/SQL , is there a way to add
replies from the radcheck
I must be missing this in the documentation.
If I authenticate via the users file/LDAP/SQL , is there a way to add
replies from the radcheck table in sql?
-Bob
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The documentation is how I found out what questions to ask. :)
Thanks for the point in the right direction.
-Bob
Alan DeKok wrote:
Robert Myers <[EMAIL PROTECTED]> wrote:
How would I go about setting replies for groups of users, when I don't
know the specific usernames? Like
So let me ask you this, this allows me to set specific replies for each
user.
How would I go about setting replies for groups of users, when I don't
know the specific usernames? Like if I'd want to assign a specific
reply based on an LDAP group?
-Bob
Alan DeKok wrote:
Ro
I'm trying to understand how to send dynamic replies based on user.
If I authenticate via LDAP or some other mechanism, I can authorize via
the sql tables?
Is that right?
-Bob
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Anyone seen this?
I'm getting some strange errors from postgres, it's almost as if my
queries aren't filled in the whole way.
What am I missing? Is my switch just not returning all of the proper
accounting info?
-Bob
--- Walking the entire request list ---
Cleaning up request 2 ID 87
Is there any way to send back specific radius attributes based on a sql
query?
So, say I have a user, and then I want to sernd back a specific
attribute based on some other information.
Is this a case for a custom module?
-Bob
-
List info/subscribe/unsubscribe? See http://www.freeradi
You can also add the following to a file called xpextensions
RPM-vmware ssl # cat xpextensions
[ xpclient_ext] extendedKeyUsage = 1.3.6.1.5.5.7.3.2
[ xpserver_ext ] extendedKeyUsage = 1.3.6.1.5.5.7.3.1
Then when you sign the cert, you add -extfile = xpextensions
That should get rid of the e
This is probably really a question for a windows mailing list. :)
You can install the root certificates via GPO
Under Computer Configuration -> Windows Settings -> Security Settings ->
Public Key policies.
The problem you're going to run into is configuring the 802.1x client on
all 300 machi
26 matches
Mail list logo