attribute from ldap to radius,
if not in dictionary/ldap.attrmap, then just defined your own. Then
you have flexibility of using these attribute/value in your logic at
post-auth section.
Thanks all for the hints and help!
Schilling
On Tue, Nov 1, 2011 at 4:08 PM, Phil Mayers p.may...@imperial.ac.uk
Any ACL on AP network which might block your debian server IP but not
your ubuntu IP?
Schilling
On Wed, Apr 27, 2011 at 3:59 PM, John Corps env...@gmail.com wrote:
Hello,
I had freeradius setup and running perfectly on an ubuntu test machine and
now I have done the exact same setup
Could we extend the AD schema with another accessible ntPassword hash,
and thus use LDAP against AD for PEAP/MSCHAP?
Schilling
On Sun, Apr 24, 2011 at 4:33 AM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 04/24/2011 12:48 AM, Thomas Smith wrote:
While Samba 3.5 and Likewise 6 fixed
attributes to drop the user session in the VLAN.
Schilling
On Tue, Apr 5, 2011 at 9:07 AM, Götz Reinicke - IT-Koordinator
goetz.reini...@filmakademie.de wrote:
Hi,
may be someone can point me into the right direction:
we do have a new wlan - freeradius - ldap setup and want to assign two
main
of student0[1234] vlan.
[root@auth1 raddb]# perl -V | grep -i multip
usethreads=define use5005threads=undef useithreads=define
usemultiplicity=define
Compile-time options: MULTIPLICITY PERL_IMPLICIT_CONTEXT
Any insight?
Schilling
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
as its hash algorithm. And we
already have the flexibility in radius long long time ago.
Schilling
On Fri, Feb 18, 2011 at 9:16 AM, Dean, Barry b.d...@liverpool.ac.uk wrote:
I have been asked to do just this and I am working on the solution now.
We wanted to use multiple pools of VLANs/Subnets
what's your biggest subnet for the wireless? How do you deal with
excessive broadcast protocols?
Thanks,
Schilling
On Fri, Feb 18, 2011 at 9:26 AM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 18/02/11 14:16, Dean, Barry wrote:
I have been asked to do just this and I am working
assignment.
Also, we agree with the consensus of use eap/peapv0 for 802.1x. Just
no hassle to install third party supplicant to M$ computers. And it
could work with either AD or LDAP with ntPassword hash.
Schilling
On Fri, Feb 18, 2011 at 9:36 AM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 18/02
-Medium-Type = IEEE-802
Tunnel-Private-Group-Id = facstaff1
}
}
}
Will I be able to do this in the post-auth with unlang?
Thanks,
Schilling
-- Forwarded message --
From: schilling schilling2...@gmail.com
Date: Tue, Jan 25, 2011 at 10:19
on the list. I am using peap because of we
don't want to install a third party supplicant.
Schilling
On Fri, Feb 11, 2011 at 3:44 PM, Gary Gatten ggat...@waddell.com wrote:
PS: We also use ntlm_auth for 802.1x. All the docs I read and the comments
within the various FR files say EAP and LDAP
I was thinking about this too. Do we need separate ldap call to retrieve
certain attributes from AD, and then use ntlm_auth for authentication?
Schilling
On Wed, Feb 2, 2011 at 10:23 AM, Brett Littrell blittr...@musd.org wrote:
Hey Brian,
Very interesting, I would have thought
{
display the mac is blocked and call helpdesk
}
We use this to gain a lot of knowledge/experience on dot1x, and are
now moving toward 802.1x.
Schilling
On Wed, Feb 2, 2011 at 2:15 PM, Jim Rice jmrice6...@yahoo.com wrote:
Thanks, Alan.
The MikroTik routers can be configured to send a variety
ldap to radius,
if not in dictionary/ldap.attrmap, then just defined your own. Then
you have flexibility of using these attribute/value in your logic at
post-auth section.
Thanks all for the hints and help!
Schilling
On Tue, Jan 25, 2011 at 4:23 AM, Alexander Clouter a...@digriz.org.uk wrote
^M
} # server auth^M
Thanks,
Schilling
On Fri, Jan 21, 2011 at 3:49 AM, Alexander Clouter a...@digriz.org.uk wrote:
schilling schilling2...@gmail.com wrote:
Where should I put the perl script? I already have a perl module for
another virtual server to use radscript.
I also tried unlang
as logic to assign
user to different VLANs. Can I do that in your pm?
fooEduPSHRdeptName: Information Technology Service (ITS)
fooEduPSHRDepartmentNumber: 123456
fooEduEmployeeStatus: Active
employeeStatus: Active
Thanks,
Schilling
On Mon, Jan 24, 2011 at 4:38 PM, Alexander Clouter
attributes in perl script, Do I need to make
another call to them via LDAP in the perl module? Where should I put
the perl script in?
Many Thanks,
Schilling
On Thu, Jan 20, 2011 at 2:15 PM, Alan DeKok al...@deployingradius.com wrote:
schilling wrote:
Basically, I want to achieve
If (ldap
? Where to start?
Thanks,
Schilling
fromschilling schilling2...@gmail.com
to FreeRadius users mailing list freeradius-users@lists.freeradius.org
dateTue, Dec 14, 2010 at 3:14 PM
subject Re: One virtual server for MS-chapv2 against AD w/ ntlm_auth,
the other one against ldap ntpasswd hash
in condition at: %{User-Name} =~ /\@/
fooEmployeeStatus =~ /active/i )
/home/sding/opt/etc/raddb/sites-enabled/inner-tunnel[276]: Errors
parsing post-auth section.
How can I reference User-Name in post-auth section of inner-tunnel?
Thanks,
Schilling
On Thu, Jan 20, 2011 at 2:15 PM, Alan DeKok
not wait to see the finish of
the book. There are so many internals to be understood.
Schilling
On Wed, Dec 8, 2010 at 2:12 AM, Alan DeKok al...@deployingradius.com wrote:
schilling wrote:
Just to be sure. Both user(username and usern...@foo.edu) will use
eap, mschapv2 to authenticate
We use perl
$RAD_REPLY{'Service-Type'}= Framed-User;
$RAD_REPLY{'Tunnel-Type'} = VLAN;
$RAD_REPLY{'Tunnel-Medium-Type'} = IEEE-802;
$RAD_REPLY{'Tunnel-Private-Group-Id'} = resnet;
Schilling
On Thu, Dec 9, 2010 at 10:17 AM, Alan Buxey
. So we would
like to have student sign on with usern...@foo.edu, so we can
manipulate the radius configuration to direct usern...@foo.edu to use
ldap ntPassword authentication.
Is there anyway using freeradius to accomplish this?
Thanks for any insight!
Schilling
-
List info/subscribe/unsubscribe
Hi Alan,
Thanks for the hint.
Just to be sure. Both user(username and usern...@foo.edu) will use
eap, mschapv2 to authenticate. But there is only one mschap module in
etc/raddb/modules/?
Regards,
Schilling
On Tue, Dec 7, 2010 at 3:41 PM, Alan DeKok al...@deployingradius.com wrote:
schilling
Thanks.
Could you please share the perl scripts and the corresponding
configuration in radiusd.conf like authorize and post-auth section
related to these logs?
Schilling
On Wed, Nov 10, 2010 at 10:04 PM, Garber, Neal
neal.gar...@iberdrolausa.com wrote:
Could you please summarize what you
Hi,
Could you please summarize what you did to log the output from
ntlm_auth and MS_CHAP-Error? Even with configuration snippet will be
greatly appreciated!
Thanks,
Schilling
On Wed, Sep 8, 2010 at 5:02 PM, Garber, Neal
neal.gar...@iberdrolausa.com wrote:
Hmm... OK. The issue appears
the error and focus on the
Auth-Type error?
I will reinstall 2.1.0 with all default, and try it again.
Thanks,
Schilling
[ldap] looking for check items in directory...
[ldap] ntPassword - NT-Password == 0x771cfdfe02a8c15e15b3e0e4974602fa
[ldap] looking for reply items in directory...
WARNING
{
ok = return
}
}
authenticate {
eap
}
}
Thanks,
Schilling
On Fri, Nov 5, 2010 at 7:12 AM, schilling schilling2...@gmail.com wrote:
I asked the ldap admin to change the format of the ntPassword to
prepend with 0x, now radius -X get the right hash
Hi All,
We had ntPassword hash in our ldap server, now the authentication from
peap from windows computer and radtest -t mschap fail. Attached please
find the full debug information. My username is sding for the testing.
Thanks,
[r...@auth2 opt]# ./sbin/radiusd -X
FreeRADIUS Version 2.1.10,
==
0x3737314346444645303241384331354531354233453045343937343630324641
[ldap] looking for reply items in directory...
WARNING: No known good password was found in LDAP. Are you sure
that the user is configured correctly?
Could someone kindly shed me some light on this please?
Thanks,
Schilling
Packet 0
rad_recv: Access-Request packet from host
put server string = MAT-DESKTOP
On Thu, Oct 28, 2010 at 3:24 PM, Rowley, Mathew
mathew_row...@cable.comcast.com wrote:
$ hostname
mat-desktop.security.lab.net
Short name is just mat-desktop
Mathew Rowley
IIS Network Security Architecture
On 10/28/10 12:41 PM, Sallee, Stephen
'server name' /etc/samba/smb.conf
$ grep 'server string' /etc/samba/smb.conf
server string = MAT-DESKTOP
# server string is the equivalent of the NT Description field
# server string = %h server (Samba, Ubuntu)
On 10/28/10 1:31 PM, schilling schilling2...@gmail.com wrote:
put server string
Hi All,
Can I have one virtual server listening on 1812/1813 for
authenticating with ms-chapv2 against AD, and then another virtual
server listening on 1814/1815 authenticating with ms-chapv2 against
LDAP with ntpassword hash?
We are able to get a instance running for against AD, but not able to
ntpassword and unwrapped
ntpassword, if they are the same, authentication accept.
Thanks,
Schilling
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
There is smbencrypt radius-utils to generate LM Hash and NT Hash, Any
known good perl script to do this?
sd...@palm:/usr/bin$ smbencrypt schilling
LM Hash NT Hash
a server certificate for both radius1 and
radius2 if we want supplicant to verify the server certificate?
Thanks,
Schilling
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Between the Mac Authentication Bypass and 802.1x, how do you force the
port to reauthenticate?
Schilling
On Mon, Feb 1, 2010 at 11:12 AM, Amaru Netapshaak
postfix_am...@yahoo.com wrote:
From: Alan Buxey a.l.m.bu...@lboro.ac.uk
To: FreeRadius users mailing
Sorry, my bad. I mean radtest nasname parameter.
Schilling
On Fri, Dec 5, 2008 at 1:58 AM, Alan DeKok [EMAIL PROTECTED]wrote:
schilling wrote:
radiusd nasname could be host name only. It would be convenient if it
could also be ip as radiusserver in radtest.
What does that mean
Hi,
radiusd: FreeRADIUS Version 1.1.7
radiusd nasname could be host name only. It would be convenient if it could
also be ip as radiusserver in radtest.
Is it supported in new version?
Thanks.
Schilling
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
This is the catch, I swear we tried at some point, apparently, we were
missing something else at that time.
Now everything worked out now.
Thanks all for reply.
Have a nice day.
Regards,
shiling
On Nov 7, 2007 4:49 PM, [EMAIL PROTECTED] wrote:
Hi,
userx Cleartext-Password := hello
We read all dynamic vlan related posts in this mailing list archive,
but still can't get it to work even the authentication is working
good.
We are trying to get dynamic vlan assigmnet from freeradius version
with local user database using eap-ttls-pap. But client PC was
able to
On Nov 7, 2007 1:38 PM, [EMAIL PROTECTED] wrote:
Hi,
We read all dynamic vlan related posts in this mailing list archive,
but still can't get it to work even the authentication is working
good.
in your eap.conf have you set the copy to inner tunnel to be yes?
Are you referring to
ttls {
On Nov 7, 2007 3:40 PM, [EMAIL PROTECTED] wrote:
TTLS: Got tunneled reply RADIUS code 2
Service-Type = Framed-User
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = 802
Tunnel-Private-Group-Id:0 = 552
Wed Nov 7 11:48:33 2007 : Debug: TTLS: Got tunneled
We are trying to explore the 802.1x in university resnet. One thing we want
to do is put the cisco switch port in a walled garden VLAN if the username
or calling-station-id match a blocklist. If username/calling-station-id is
not in the blocklist, they will just get to the static access VLAN
On 11/6/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi,
We are trying to explore the 802.1x in university resnet. One thing we
want
to do is put the cisco switch port in a walled garden VLAN if the
username
or calling-station-id match a blocklist. If username/calling-station-id
is
On 11/6/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Suppose we use Users file, where else in the freeradius configuration, we
can check and how to rewrite the VLAN?
Thanks.
Shiling
alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
On Nov 6, 2007 5:29 PM, [EMAIL PROTECTED] wrote:
Hi,
Thanks for this info. One more step, is there any place in the freeradius
configuration file that we can run a script to check the incoming radius
request user-name/calling-station-id agaist a file for example
youAreBlocked.txt, and
On Dec 29, 2005, at 8:39 AM, LeRoy DeVries wrote:
On Thursday 29 December 2005 04:16, mfred wrote:
Hi,
The clients can login (through chillispot login page) and
authenticate via
the radius server and mysqldb. So they have an IP like 192.168.182.5.
But even if they get authenticated they
On Oct 13, 2005, at 10:44 PM, Infusino, Michael - ADP Dataphile wrote:
Very nice.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: Thursday, October 13, 2005 11:41 PM
To: FreeRadius users mailing list
Subject: Re: IP address assignment
Infusino, Michael -
47 matches
Mail list logo