I am not sure if it is even an established standard yet, but thought I'd
ask...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I have noticed that during my PEAP-MS-CHAPv2
authentication that a user who's username is all capital letters in AD
can sometimes authenticate when they enter their username lowercase but
most of the time not. Is there a way in FR to allow it to try both
upper and lower case? I am guessing that I
Has anyone successfully tested the new
mschap ntlm_auth code with EAP yet?
Steve
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Have you tried TAC?Steve[EMAIL PROTECTED] wrote: -To: [EMAIL PROTECTED]From: "Lisa Casey" [EMAIL PROTECTED]Sent by: [EMAIL PROTECTED]Date: 04/16/2004 09:10AMSubject: Re: OFF TOPIC: but need some helpHi,I have "encapsulation ppp" configured on both of my serial interfaces.Here is a show user.40
Has anyone on this list purchased an SSL certificate
from a Certificate
Authority (like Thawte or Verisign) for doing PEAP or EAP-TTLS?
The
scripts that come with Freeradius for generating a self-signed
certificate include a special ExtendedKeyUsage attribute.
What I have done is generated a
Is it easy
convert? I did a google search to find out about
converting IIS certificates to Apache and all the results I got back
made it sound like rocket science.
The documentation on it is not very
good, it is actually surprisingly simple.
1.) on Unix box w/openssl :
#
openssl genrsa
Are the only user authentication methods
available to PEAP local, as in users typed into users file? You can't
use PAM or any external user databases?
Steve
make sure /usr/local/lib is first on your system
library
path (check with crle).
Thanks!! I never knew about that command, jeez
what a great one!
What version of Kerberos are you using ?
1.3.3 binary from MIT
To insure
everything works properly and that you don't have some conflicts between
I am getting:
ld: fatal: library -lcom_err: not found
ld: fatal: File processing errors. No
output written to .libs/rlm_krb5-1.0.0-pre0.so
when trying to compile rlm_krb, I have
googled and do not see any reference to this library, what is it?
TIA,
Steve
You
really did not give very much info but I suspect you don't
have Kerberos installed in the machine...
I do have the Solaris 9 binaries from
MIT Kerberos installed. In /usr/local/include there is com_err.h
but I am not sure if that is what it is looking for. It finds all
the other libraries.
I edited the makefile and moved -lcom_err
from the RLM_LIBS line to the HEADERS line and make seemed to work. Not
sure if that is a bug...
Steve
If userprofile is on LDAP I think it would work
since
LDAP bind/search would return userPassword attribute,
where as AD does not. Thus CHAP cannnot be done in AD
case. Is this true ?
Does anyone know how the LDAP lookup
works against AD? Does it actually get the password (doubtful) or
does it
Question: Can FreeRADIUS use ntlm_auth from Samba
to make this happen ?
or Kerberos?
TIA,
Steve
Does anyone know if wireless authentication
(LEAP, PEAP, EAP, TLS, TTLS) is possible using freeradius authenticating
to Windows AD without having to enter usernames or any user information
on the freeradius box? I am still not sure why it cannot use the
LDAPS connection that I have working from
So do I need to compile with rlm_krb?
I am on Solaris 9 and was trying to compile with Kerberos but the
Solaris distro does not include the necessary header files and I did not
really want to open a whole new can of worms. What I was hoping to
do was to have the freeradius box be root CA and the
It is amazing how top posting gets scourged, but it is
for good reason.
The quickest way to annoy mailing users is to top post, makes it much
more difficult to read. Also making snide comments doesn't earn many
brownie points either. Many time's I have asked question's and gotten
minimal
From: Steve OBrien
Sent: Thursday, 1 April 2004 9:17 AM
No offense Alan but how many developers are supporting this project?
*puts his hand up*
This list is pretty devoid of help, sad because it is such a cool
project with so much potential.
Devoid of help? I see lots of lively
Is it possible to use LDAP to authenticate LEAP clients? If so does anyone have the particulars?
TIA,
Steve
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I have been searching through the arhives
for the proper filter for ldap to strip out the Windows domain name from
a query. All of the articles were addressing a [EMAIL PROTECTED] situation.
I am seeing a DOMAIN\\username in the debug:
rlm_ldap: performing search in dc=ci,dc=bend,dc=or,dc=us,
In reference to this article:
http://lists.cistron.nl/pipermail/freeradius-users/2003-April/018305.html
I am wondering if all the work I have
done over the past couple of weeks is in vain. I have finally gotten
freeradius to authenticate via ldaps to Active Directory, this works perfectly
for
this the hard way - trial and error, eliminating possibilities one by
one.
Tarun
-Original Message-
From: Steve OBrien [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 23 March 2004 11:00 AM
To: [EMAIL PROTECTED]
Subject: RE: Using freeradius to authenticate users to a Windows 2000 AD
OK I got
C:\Tools\ldapbrowser\lbecacerts]
End Doc ==
-Original Message-
From: Steve OBrien [mailto:[EMAIL PROTECTED]
Sent: Sunday, 21 March 2004 12:28 PM
To: [EMAIL PROTECTED]
Subject: RE: Using freeradius to authenticate users
fingerprints:
MD5: something
SHA1: something
Trust this certificate? [no]: yes
Certificate was added to keystore
[Saving C:\Tools\ldapbrowser\lbecacerts]
End Doc ==
-Original Message-
From: Steve OBrien [mailto:[EMAIL
OK I got it going here too, just some
login syntax issues with the ldabrowser. Now I can login with ssl
there but am still getting errors with freeradius radtest. On a side
note radtest is now working with identical radiusd.conf without ssl. To
roll this out I need SSL to work. Here's Debug:
Yeah, if you pay that much for hardware somethig oughta be free!!Steve[EMAIL PROTECTED] wrote: -To: radius-users [EMAIL PROTECTED]From: John De Villiers [EMAIL PROTECTED]Sent by: [EMAIL PROTECTED]Date: 03/20/2004 12:51PMSubject: Re: heyOn Sat, 2004-03-20 at 07:52, Paul Hampson wrote: Hey,
-
To: [EMAIL PROTECTED]
From: "Tarun Bhushan" [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
Date: 03/18/2004 10:58PM
Subject: RE: Using freeradius to authenticate users to a Windows 2000 AD
Steve
I don't know the Windows side well - you might need to do some Googling to find out what this erro
PROTECTED]From: "Tarun Bhushan" [EMAIL PROTECTED]Sent by: [EMAIL PROTECTED]Date: 03/18/2004 10:58PMSubject: RE: Using freeradius to authenticate users to a Windows 2000 ADSteveI don't know the Windows side well - you might need to do some Googling to find out what this error means. Sorry.Al
If you are complaining about the support on free software then you
are a bigger idiot than your post made you look. Grow up.
[EMAIL PROTECTED] wrote: -To: [EMAIL PROTECTED]From: "Brian Schuetz" [EMAIL PROTECTED]Sent by: [EMAIL PROTECTED]Date: 03/19/2004 12:06PMSubject: heyAlan,
Is your last
Steve,
Here is a link to that earlier
post of mine, it might be more helpfull. Feel free to post your radiusd.conf
and I will see if I can help.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve
OBrien
Sent: Wednesday, March 17, 2004 5:21 PM
To: [EMAIL PROTECTED]
Subject: RE
: Using freeradius to authenticate
users to a Windows 2000 AD
Steve,
Here is a link to that earlier
post of mine, it might be more helpfull. Feel free to post your radiusd.conf
and I will see if I can help.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve
OBrien
Sent
by FreeRadius LDAP interface, and could go to DCs that you did not
configure in your radiusd.conf file, depending on the DNS resolution
returned. You can see if this happening by setting ldap_debug = 0x0001.
Tarun
-Original Message-
From: Steve OBrien [mailto:[EMAIL PROTECTED]
Sent: Friday
Here is part of my config, I can't send
it all because the listserver keeps bouncing it back...
[snip]
ldap {
server = 192.168.2.247
identity = CN=freeradius,CN=Users,DC=testdc,DC=win2K3,DC=bend
password = freerad1us
basedn = DC=testdc,dc=win2K3,dc=bend
mber=%{Ldap-UserDn}))"
timeout =
10
timelimit =
10
net_timeout =
5
#ldap_debug =
0x
#ldap_debug =
0x0001
compare_check_items =
yes
access_attr_used_for_allow = no
}
Tarun
-Original Message-
From:
Steve OBrien
[mailto:[EMAIL PROTECTED]
Sent:
Friday, 19 March 20
if this helps or if
you have any further questions and
again my thanks to Richard for all his help in getting this working!
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On
Behalf Of Steve OBrien
Sent: Wednesday, March 17, 2004 2:24 PM
To: [EMAIL PROTECTED]
Subject
35 matches
Mail list logo