: Authenticating SSH login on a Cisco IOS switch to
AD
So far I have done everything there exactly as described with the
same outcome.
No.
If you get the error Failed to link to module
'rlm_ntlm_auth':...,
it means you did something *other* than what is on the web page.
This is I
Schaatsbergen, Chris wrote:
OK, I think I found out where things are going wrong.
In my Radius -X log I noticed the Starting - reading configuration files is
short, compared to those of others. What is missing is actually:
including files in directory /usr/local/etc/raddb/modules/
...
-users-
bounces+chris.schaatsbergen=aleo-solar...@lists.freeradius.org] Im
Auftrag von Alan DeKok
Gesendet: Montag, 14. Februar 2011 12:40
An: FreeRadius users mailing list
Betreff: Re: AW: AW: AW: Authenticating SSH login on a Cisco IOS switch
to AD
Schaatsbergen, Chris wrote:
OK, I think I
Schaatsbergen, Chris wrote:
That is clear, but it seems it is missing in the Lenny Package somehow as
http://lists.freeradius.org/pipermail/freeradius-users/2011-January/msg00192.html
has exactly the same problem as me, no modules folder being read causing the
ntlm_auth not being recognized
+chris.schaatsbergen=aleo-solar...@lists.freeradius.org] Im
Auftrag von Alan DeKok
Gesendet: Montag, 14. Februar 2011 12:57
An: FreeRadius users mailing list
Betreff: Re: AW: AW: AW: AW: Authenticating SSH login on a Cisco IOS
switch to AD
Schaatsbergen, Chris wrote:
That is clear, but it seems
Hi,
That is clear, but it seems it is missing in the Lenny Package somehow as
http://lists.freeradius.org/pipermail/freeradius-users/2011-January/msg00192.html
has exactly the same problem as me, no modules folder being read causing the
ntlm_auth not being recognized as module.
Where can
Buxey
Gesendet: Montag, 14. Februar 2011 13:48
An: FreeRadius users mailing list
Betreff: Re: AW: AW: AW: Authenticating SSH login on a Cisco IOS switch
to AD
Hi,
That is clear, but it seems it is missing in the Lenny Package
somehow as http://lists.freeradius.org/pipermail/freeradius-users
On 2011/02/14 01:50 PM, Schaatsbergen, Chris wrote:
That is clear, but it seems it is missing in the Lenny Package somehow as
http://lists.freeradius.org/pipermail/freeradius-users/2011-January/msg00192.html
has exactly the same problem as me, no modules folder being read causing the
Schaatsbergen, Chris wrote:
Thanks! Actually in this case I was too early writing the mail (because I was
rather annoyed), something I should not allow myself to happen. The
radiusd.conf file is documented on the Wiki site (though the link there that
should point to the latest version is
Most of the howtos assume you're running a recent version of the
server. Some systems have *old* versions of the server. We're unable
to maintain copies of the documentation for each version of the server.
This makes life harder for the average admin, but we have to draw the
line
users mailing list
Betreff: Re: AW: AW: AW: AW: AW: Authenticating SSH login on a Cisco
IOS switch to AD
Schaatsbergen, Chris wrote:
We are running a current version of the server (2.1.10), but somehow
the radiusd.conf file is not right.
The radiusd.conf file isn't over-written when
An: freeradius-users@lists.freeradius.org
Betreff: Re: AW: AW: AW: AW: Authenticating SSH login on a Cisco IOS
switch to AD
On 2011/02/14 01:50 PM, Schaatsbergen, Chris wrote:
That is clear, but it seems it is missing in the Lenny Package
somehow as http://lists.freeradius.org/pipermail/freeradius
OK, so the current problem seems to be that I cannot get the ntlm_auth to work.
I read
http://freeradius.1045715.n5.nabble.com/Freeradius-with-Active-Directory-td2747221.html
but that does not seem to apply for me as the ntlm_auth file contains the
exec.
Attached (if that works) is the
Schaatsbergen, Chris wrote:
OK, so the current problem seems to be that I cannot get the ntlm_auth to
work. I read
http://freeradius.1045715.n5.nabble.com/Freeradius-with-Active-Directory-td2747221.html
but that does not seem to apply for me as the ntlm_auth file contains the
exec.
Greetings and thanks for the quick reply.
As stated in my original posting,
http://deployingradius.com/documents/configuration/active_directory.html is
what I have been working with from the beginning.
So far I have done everything there exactly as described with the same outcome.
Why?
Schaatsbergen, Chris wrote:
Greetings and thanks for the quick reply.
As stated in my original posting,
http://deployingradius.com/documents/configuration/active_directory.html is
what I have been working with from the beginning.
So far I have done everything there exactly as described
So far I have done everything there exactly as described with the
same outcome.
No.
If you get the error Failed to link to module 'rlm_ntlm_auth':...,
it means you did something *other* than what is on the web page.
This is I believe indeed the missing piece, problem is I cannot
Gary
Would you mind if I contacted you directly (I have your e-mail) about this? I
have seen a very nice discussion and reading this a second time has proven that
what you describe here is exactly what we are looking for. But I would still
really appreciate some help getting it to work.
Thanks,
Oliver Elliott wrote:
I had a look into this and as far as I could tell, the conversation
between the switch and the radius server was not encrypted unless you
use TACACS. Does anyone know if this conversation can be encrypted while
using Freeradius, as otherwise the domain login details are
SSH login on a Cisco IOS switch to AD
Gary
Would you mind if I contacted you directly (I have your e-mail) about this? I
have seen a very nice discussion and reading this a second time has proven that
what you describe here is exactly what we are looking for. But I would still
really appreciate
Greetings Gary,
Well, this does sound like what I would like to achieve, we only have 3 users
to administer the Cisco switches, though all domain admins (7) could do it.
We currently have one admin user account and all domain admins know the
password.
To go to priv level (enable) we will
I had a look into this and as far as I could tell, the conversation
between the switch and the radius server was not encrypted unless you
use TACACS. Does anyone know if this conversation can be encrypted while
using Freeradius, as otherwise the domain login details are presumably
being sent
11:05 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: AW: Authenticating SSH login on a Cisco IOS switch to AD
I had a look into this and as far as I could tell, the conversation
between the switch and the radius server was not encrypted unless you
use TACACS. Does anyone know
[mailto:freeradius-users-bounces+ggatten=waddell@lists.freeradius.org] On
Behalf Of Oliver Elliott
Sent: Wednesday, February 09, 2011 11:05 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: AW: Authenticating SSH login on a Cisco IOS switch to AD
I had a look into this and as far as I could tell
On Wed, Feb 09, 2011 at 09:35:35AM -0800, Brett Littrell wrote:
I think it is always a good idea to keep the switch management on a
separate management vlan, regardless of wether you encrypt the info or
not. Between Cisco and Radius servers it does encrypt the password but
I
Ya, your right, I meant the CAM table. flooding the CAM table with MAC
addresses caused all the traffic to broadcast to all ports. My bad, but it
is/was a fundamental flaw in the way switches work, I know Cisco had a fix out
for it but it did not work with dot1x and DVlans.
The moral of
26 matches
Mail list logo
