: authentification ldap subgroup
Date: Wed, 24 Apr 2013 10:49:42 +0200
Hello all !
I have configured freeradius 2.1.12-4 with ldap group authorization. My problem
is it's doesn't work with subgroup.
I have a group with subgroup and when ldap verify group of user it doesn't see
subgroup of user.
my ldap
Hello all !
I have configured freeradius 2.1.12-4 with ldap group authorization. My problem
is it's doesn't work with subgroup.
I have a group with subgroup and when ldap verify group of user it doesn't see
subgroup of user.
my ldap configuration modules :
ldap {#Note that this needs to match
On 10/22/2012 09:13 AM, Daniel Ekman wrote:
Hi list,
I have a fairly large user base doing WPA2-enterprise from various
OS'es and smartphones, our FreeRADIUS is running v.2.1.12 and is
authenticating via LDAP and things are running pretty well, only snag
I have currently with this is when
Thanks for replying and sorry if I'm being vague, I'll try and be more specific.
On Tue, Oct 23, 2012 at 10:59 AM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 10/22/2012 09:13 AM, Daniel Ekman wrote:
Hi list,
I have a fairly large user base doing WPA2-enterprise from various
OS'es and
On 23/10/12 10:52, Daniel Ekman wrote:
the send_error was added to version 2.1.11 as a bug fix Allow
EAP-MSCHAPv2 to send error message to client. This change allows some
clients to prompt the user for a new password. See raddb/eap.conf,
mschapv2 section, send_error.
I know that. I mean like
Hi list,
I have a fairly large user base doing WPA2-enterprise from various
OS'es and smartphones, our FreeRADIUS is running v.2.1.12 and is
authenticating via LDAP and things are running pretty well, only snag
I have currently with this is when people change their password. I
realize this has
Hello,
i have got a realy annoing authentification problem and i would be glad if
you could help me.
I use a Cisco Aironet 1130ag Access Point, the radius-server is a Debian
Squeeze (6.0.5) and i installed FreeRadius Version 2.1.10 from the packet
sources.
After i made some changes to the /etc
1 there is no such word as authentification, its just 'authentication'
2 your client is trying to do EAP-TLS
3 check FreeRADIUS compatability matrix because when you do use eg PEAP (and
have the CA cert on the client, the MSCHAPv2 will only work with passwords from
LDAP in certain formats
.1045715.n5.nabble.com/Problem-with-CHAP-Authentification-tp5713646.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sorry everybody to bother you again,
But I saw that the included debug code was missing, so here is the complete
post again with the missing code.
Sorry again for the inconvenience.
Cheers iro
#
Hello everybody,
I am trying now for days
irosaurus wrote:
Hello everybody,
Please subscribe to the list. You're posting from nabble. I'm
inclined to ban nabble for a number of reasons.
I get the following debug error from freeradius:
when I try it with a wrong password, I get this debug error:
has anyone an idea how to
Hello Alan,
Alan wrote:
Please subscribe to the list. You're posting from nabble. I'm inclined
to ban nabble for a number of reasons.
Either (a) you didn't include the error messages, or (b) nabble stripped
them.
Please subscribe to the list
thanks for your fast reply! I am already
irosAurus wrote:
it set up a testuser and if I try a local radcheck on the ubuntu machine,
which hosts the freeradius, everything works out fine.
maw@maweee:~$ radtest user 123 192.168.1.2 0 testsecret
Sending Access-Request of id 2 to 192.168.1.2 port 1812
User-Name = user
irosAurus wrote:
Is there any way to disable CHAP and give it a try with another auth method?
Configure the hotspot to use another authentication method. The
server has NO CONTROL over this.
I am not sure where to change this and I am a bit confused about the
different conf files and the
On 11/06/12 15:39, irosAurus wrote:
First I tried without an SQL-DB and added an user to the users file. That
didn't work, so I just uncommented the user steve in the users file with
the Cleartype-Password. That did not work either. It works local through
radtest, but not for the interaction
Hi,
Is there any way to disable CHAP and give it a try with another auth method?
I am not sure where to change this and I am a bit confused about the
different conf files and the sites-enabled/default file.
NAS config - if its sending CHAP then theres nothing you can do at the RADIUS
end
to
Hey all,
NAS config - if its sending CHAP then theres nothing you can do at the
RADIUS end to 'fix it up' - look at your hotspot config to see what you can
change/adjust a that end (and check your shared secret...as its CHAP there
isnt a nice User-Password to give you a hint of incorrect
On Tue, Mar 6, 2012 at 7:27 PM, Javier Ruiz Escalante
fruiz...@hotmail.com wrote:
Hello,
After installing Daloradius I get the following error, could somebody give
me a clue of how to solve it? Befoe everything was working...
Did you read daloradius documentation, just in case it had some
Good afternoon,
I'm new in Radius and I have no clue what happens, can anybody help me? from
the server in the command line works fine, from the wireless client get this
one.
Thanks
Regards
ad_recv: Access-Request packet from host 127.0.0.1 port 35226, id=0, length=200
User-Name
On 05/03/12 13:55, Javier Ruiz Escalante wrote:
Good afternoon,
I'm new in Radius and I have no clue what happens, can anybody help me?
from the server in the command line works fine, from the wireless client
get this one.
Mon Mar 5 12:36:33 2012 : Debug: WARNING: Unprintable characters in
Hi,
the output is quite clear about what is wrong:
Mon Mar 5 12:36:33 2012 : Debug: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
incorrect shared secret
alan
PS there is no such word as 'Authentification'
-
List info
/Authentification-tp5537600p5537725.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
524
Skype: fruiz002
Date: Mon, 5 Mar 2012 06:46:01 -0800
From: whope...@vocollect.com
To: freeradius-users@lists.freeradius.org
Subject: Re: Authentification
Hi,
NOTE the section here:
User-Name = mysqltest
User-Password = O%:snv\nB\334Ξ\300H\035\235e
: freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org
[freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org] on behalf
of Javier Ruiz Escalante [fruiz...@hotmail.com]
Sent: Monday, March 05, 2012 9:03 AM
To: freeradius-users@lists.freeradius.org
Subject: RE: Authentification
-bounces+bjulin=clarku@lists.freeradius.org] On
Behalf Of Javier Ruiz Escalante
Sent: Monday, March 05, 2012 10:04 AM
To: freeradius-users@lists.freeradius.org
Subject: RE: Authentification
Thank you very much, but the password is testsecret, I don't know why it
shows this strange password, I don't
:01 -0800
From: whope...@vocollect.com
To: freeradius-users@lists.freeradius.org
Subject: Re: Authentification
Hi,
NOTE the section here:
User-Name = mysqltest
User-Password = O%:snv\nB\334Ξ\300H\035\235e
And here
Mon Mar 5 12:36:33 2012 : Info: [pap] login attempt
But where is the shared secret? I have written the same secret everywhere...
Javier Ruiz Escalante
Teléfono: 00 34 512 700 524
Skype: fruiz002
From: a.cudba...@freeradius.org
Subject: Re: Authentification
Date: Mon, 5 Mar 2012 16:20:43 +0100
To: freeradius-users@lists.freeradius.org
Hi,
But where is the shared secret? I have written the same secret
everywhere...
on the FreeRADIUS server its in clients.conf (or, if you have configured
SQL to have NAS tables then in the nas table)
on your AP its in the configuration section. note that 'clients' as you know
them
Huh... It seems you're firing with closed eyes and you're expecting to
hit something...
Check this five blog posts and you'll see that RADIUS is not black box
when you want to read something...
http://www.serveradminblog.com/category/freeradius/
On 3/5/2012 6:20 PM, Alan Buxey wrote:
Hi,
thanks for quick reply
Arran Cudbard-Bell (a.cudba...@freeradius.org) [11.09.28 08:28] wrote:
Yes, home server pools let you specify a 'fallback' home server
which can point to a virtual server. It should be working in v2.1.x
but is currently broken in 3.x.
See proxy.conf for details.
On 28 Sep 2011, at 12:11, Zeus V Panchenko wrote:
thanks for quick reply
Arran Cudbard-Bell (a.cudba...@freeradius.org) [11.09.28 08:28] wrote:
Yes, home server pools let you specify a 'fallback' home server
which can point to a virtual server. It should be working in v2.1.x
but is
Zeus V Panchenko wrote:
but than, I need configure EAP/TLS on fallback.radius.my.domain
identical to core.radius.my.domain one, correct?
Yes. Just copy the config the files.
since without the same server certificates my clients will not be able
authenticate with
Hi,
*please*, I need advice in choosing the strategy for the distributed EAP
authentification scheme
so, here are details of what I have and want:
I run FreeRadius with EAP configured
all my WiFi AP are configured to communicate with the radiusd and
everything works fine
now I need to extend
On 28 Sep 2011, at 07:12, Zeus V Panchenko wrote:
Hi,
*please*, I need advice in choosing the strategy for the distributed EAP
authentification scheme
so, here are details of what I have and want:
I run FreeRadius with EAP configured
all my WiFi AP are configured to communicate
Une messagerie gratuite, garantie à vie et des services en plus, ça vous tente ?
Je crée ma boîte mail www.laposte.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Markus Burghart wrote:
But I want to perform my authentifications while the system is currently
booting because i use a LDAP Directory Server and i can't login against
the LDAP Server if i haven't got a running Network-Connection (i will
get the Connection if the 802.1X Authentification
the Connection if the 802.1X Authentification is successful.
So i use wpa supplicant on Linux and w2secure on Windows to perform the
Authentification while my system boots.
That should work.
But the debug mode tells me, at the first authentification test, that
i'm running in a access-challenge
the Connection if the 802.1X Authentification is successful.
So i use wpa supplicant on Linux and w2secure on Windows to perform the
Authentification while my system boots.
But the debug mode tells me, at the first authentification test, that
i'm running in a access-challenge (no reasons were given). Now, if i
Hey Alan!
Alan DeKok al...@deployingradius.com hat am 1. September 2010 um 15:46
geschrieben:
Jan Zacharias wrote:
To speed up the debugging, I introduced a sleep of varying duration in
the ntlm_auth_wrapper.
I found that freeradius kills the ntlm stuff if it takes longer than ten
Jan Zacharias wrote:
Alan DeKok al...@deployingradius.com hat am 1. September 2010 um 15:46
geschrieben:
Yes. Any child script which takes that long is broken.
No, it can also be just someone pulling a network cord/routing changes
etc.etc.
Let me be clear: RADIUS clients and servers
Alan DeKok al...@deployingradius.com hat am 31. August 2010 um 13:18
geschrieben:
Jan Zacharias wrote:
Call me dump, but I have no idea what to look for.
Neither do I. It's your system...
One idea: is ntlm_auth referred to as child? Maybe I sould
write a wrapper and see how long
Jan Zacharias wrote:
To speed up the debugging, I introduced a sleep of varying duration in
the ntlm_auth_wrapper.
I found that freeradius kills the ntlm stuff if it takes longer than ten
seconds to complete.
Yes. Any child script which takes that long is broken.
My suggestion is that
Hey Alan, you suggested:
Fix is so that nothing is blocking the server.
Call me dump, but I have no idea what to look for.
One idea: is ntlm_auth referred to as child? Maybe I sould
write a wrapper and see how long execution of this helper program
takes, or can I somehow log what
Jan Zacharias wrote:
Call me dump, but I have no idea what to look for.
Neither do I. It's your system...
One idea: is ntlm_auth referred to as child? Maybe I sould
write a wrapper and see how long execution of this helper program
takes,
Possibly, yes.
Alan DeKok.
-
List
Hi Alan,
I did more tests (now with two winXP clients and one OSX client),
the problem is still unsolved:
Wed Aug 18 18:03:21 2010 : Auth: Login OK: [jan/via Auth-Type = EAP] (from
client swba1-00-test port 0 via TLS tunnel)
Wed Aug 18 18:03:21 2010 : Auth: Login OK: [jan/via Auth-Type
Jan Zacharias wrote:
I did more tests (now with two winXP clients and one OSX client),
the problem is still unsolved:
shrug The solution is still the same.
The strange thing: freeradius is started with the no childs option:
freeradius 60384 0.0 0.4 11560 9240 4 S11:57AM
Jan Zacharias wrote:
Sun Aug 15 10:01:39 2010 : Error: Discarding duplicate request from
client swba1-00-test port 1645 - ID: 157 due to unfinished request 125603
As always, something is blocking the server.
The entry Sun Aug 15 10:01:39 2010 is interesting as no client was
connected to
Something strange is going on: we do re-authentification every ten seconds with
one WinXP SP3 client
hooked up to a Cisco 3560G Switch. The reauth interval is small to stress-test
the setup.
It works w/a problems for 1-2 Days, then we get:
Sun Aug 15 10:00:51 2010 : Auth: Login OK
On 2010/05/18 10:47 PM, dorra aa wrote:
is there somebody want to tell what's the utility of it?
From: dj_dido2...@hotmail.com
To: freeradius-users@lists.freeradius.org
Subject: authentification
Date: Tue, 18 May 2010 19
.
Regards,
David
P.D: Sorry for my poor english
2010/5/18 dorra aa dj_dido2...@hotmail.com
is there somebody want to tell what's the utility of it?
--
From: dj_dido2...@hotmail.com
To: freeradius-users@lists.freeradius.org
Subject: authentification
Date: Tue, 18
thank you for the explication
Date: Wed, 19 May 2010 08:41:05 +0200
Subject: Re: authentification
From: davidse...@gmail.com
To: freeradius-users@lists.freeradius.org
Hi.
With MAC Address Authentication you can use freeradius to authenticate all the
network elements (like camcorders, routers
hi freeradius,i want to ask how to use MAC Address Authentication in my
freeradius.besides, i add an address mac with the daloradius. how can i test
the succes of thatthnak you
_
Hotmail:
is there somebody want to tell what's the utility of it?
From: dj_dido2...@hotmail.com
To: freeradius-users@lists.freeradius.org
Subject: authentification
Date: Tue, 18 May 2010 19:40:28 +
hi freeradius,i want to ask how to use MAC Address Authentication in my
freeradius.besides, i
Noro Hasina wrote:
Hi everybody,
My project have changed, and I should use Active Directory instead of
mysql for authentication because we use AD for user's domain administration.
My server can join the domain but my problem is that ms-chap does'nt do
anything during radtest.
Because
Hi!
Thank you for your answer Alan.
I've already read this tuto and I follow it, but I don't understand what you
mean.by sending packet?
What request should I do I did
$ radtest testrad testrad localhost 0 radsecret
which testrad is an user in the active directory.
-
List
Hi everybody,
My project have changed, and I should use Active Directory instead of mysql
for authentication because we use AD for user's domain administration.
My server can join the domain but my problem is that ms-chap does'nt do
anything during radtest. here is the result
when i run radiusd
After one week search the web for a solution, i come to this maling list.
That's a week wasted. Freeradius is under active development and
information on the Internet is in most cases out of date. Like the
instructions you followed. If only you followed examples in users file ...
I
have to
Hello gentlemen's,
After one week search the web for a solution, i come to this maling list. I
have to set up a mac-based authentication system (pretty simple) with HP
procurve swtichs. I have see lot of tutorials, buy a book, download more, but
it still don't work (access-request denied).
I
Le Tuesday 28 April 2009 11:42:27 Ivan Kalik, vous avez écrit :
adius is under active development and
information on the Internet i
Youre right. It works! I m so ... disapointed.
Thanks a lot kalik.
--
Service informatique
IBGC CNRS
1 rue Camille Saint Saens
33077 BORDEAUX CEDEX
Tel. +33
On 28/4/09 12:30, sserre wrote:
Le Tuesday 28 April 2009 11:42:27 Ivan Kalik, vous avez écrit :
adius is under active development and
information on the Internet i
Youre right. It works! I m so ... disapointed.
Thanks a lot kalik.
Loads of people seem to be asking for this, so i've hashed
I want to use freeRADIUS for a global MAC authentification but I cannot
find any tutorials for that.
What must I do realize it?
Thanks in advance.
Best regards,
F. Niedernolte
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[EMAIL PROTECTED] wrote:
I want to use freeRADIUS for a global MAC authentification but I cannot
find any tutorials for that.
You just need to authenticate based on the User-Name and/or the
password. There's nothing magic about MAC authentication. You're just
calling the User-Name a MAC
authentification
[EMAIL PROTECTED] wrote:
I want to use freeRADIUS for a global MAC authentification but I cannot
find any tutorials for that.
You just need to authenticate based on the User-Name and/or the
password. There's nothing magic about MAC authentication. You're just
calling
Am Mittwoch, 22. Oktober 2008 10:41 schrieb
[EMAIL PROTECTED]:
So a simple entry like
User42 MAC := 02:01:02:03:04:05
in the users file would be enough!?
It depends in which format your NAS sends the MAC address. Somtimes FR get
something like 00-01-02-03-04-05
Please FR with option -X to
[EMAIL PROTECTED] wrote:
So a simple entry like
User42 MAC := 02:01:02:03:04:05
in the users file would be enough!?
No. I mentioned the User-Name attribute, not the MAC attribute.
Do you see the MAC attribute in the RADIUS packet? Does reading the
man page for the users file lead
mailing list
Betreff: Re: AW: MAC authentification
Am Mittwoch, 22. Oktober 2008 10:41 schrieb
[EMAIL PROTECTED]:
So a simple entry like
User42 MAC := 02:01:02:03:04:05
in the users file would be enough!?
It depends in which format your NAS sends the MAC address. Somtimes FR get
something
the authentification request from the
client to the RADIUS-server.
This server should check if the clients MAC address is allowed and then send
back the result to the access point.
F. Niedernolte
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Alan DeKok
Gesendet
+frederik.niedernoltefreeradius-users-bounces%2Bfrederik.niedernolte
[EMAIL PROTECTED] Im Auftrag von Michael Schwartzkopff
Gesendet: Mittwoch, 22. Oktober 2008 10:54
An: FreeRadius users mailing list
Betreff: Re: AW: MAC authentification
Am Mittwoch, 22. Oktober 2008 10:41 schrieb
[EMAIL PROTECTED]:
So a simple
An: FreeRadius users mailing list
Betreff: Re: AW: MAC authentification
Am Mittwoch, 22. Oktober 2008 10:41 schrieb
[EMAIL PROTECTED]:
So a simple entry like
User42 MAC := 02:01:02:03:04:05
in the users file would be enough!?
It depends in which format your NAS sends the MAC address. Somtimes FR
points this task should be done by the RADIUS-server
for all access points.
So every access point should forward the authentification request from the
client to the RADIUS-server.
This server should check if the clients MAC address is allowed and then send
back the result to the access point
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
The scheme used almost universally for Mac-Based authentication is
User-Name == Calling-Station-ID, unfortunately the format of the two mac
addresses often differ.
Here are the examples from our configuration to perform mac-based
authorisation.
I'm slightly curoous here. What happens when Script Kiddie then spoofs
an appropriate MAC address? You have other mitigating measures in place?
Sent from my iPhone
On 22 Oct 2008, at 12:12, Arran Cudbard-Bell [EMAIL PROTECTED]
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Anders Holm wrote:
I'm slightly curoous here. What happens when Script Kiddie then spoofs
an appropriate MAC address? You have other mitigating measures in place?
MAC auth just checks the MAC. If someone spoofs their MAC, they can
circumvent security.
MAC auth is not secure in the face of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Anders Holm wrote:
I'm slightly curoous here. What happens when Script Kiddie then spoofs
an appropriate MAC address? You have other mitigating measures in place?
There's nothing you can do, but then Mac-Based authentication should
only ever be
i'm using freeradius-1.1.6 and mysql database...
for now running well..
but i need something add to authentification process..
i have one table Payment_Table (username,payment)
all username in radcheck already copied to username field,payment field
filled by '0' or '1'
this is what i need :
while
Hello,
Finally my boss is not interested in an PEAP authentication due to
password and login stocked in clear in the OpenLDAP database, and he
doesn't want to use the ntlm_auth to ask a Active Directory Server.
So I wonder if that kind of authentication is possible.
PEAP(MsCHAP) request --
On 7 Jun 2006, at 13:07, thomas hahusseau wrote:
Hello,
Finally my boss is not interested in an PEAP authentication due to
password and login stocked in clear in the OpenLDAP database, and he
doesn't want to use the ntlm_auth to ask a Active Directory Server.
So I wonder if that kind of
thomas hahusseau [EMAIL PROTECTED] wrote:
So I wonder if that kind of authentication is possible.
PEAP(MsCHAP) request -- Freeradius server (extract the hashed
password )
There is NO hashed password in MSCHAP. Extraction is IMPOSSIBLE.
PAM is used as mediator to permit comparason with
Hello,
After an authentification with a certificate, the user-name who is
return is the common name of the certificate.
How can i do to use another field (subject, email, serial number...)
because some person can have a same common name ?
Thanks in advance
-
List info/subscribe/unsubscribe
[EMAIL PROTECTED] (Philippe Chataigner) wrote:
After an authentification with a certificate, the user-name who is
return is the common name of the certificate.
How can i do to use another field (subject, email, serial number...)
because some person can have a same common name ?
Edit
hiMy authentifacation, with the users freeradius files, start and run perfectly. But now I would like to use Ldap.What is the configuration for it? PleaseThanks a lot for your help.
Faites de Yahoo! votre page d'accueil sur le web pour retrouver directement vos services
I already running the server in debugging mode.And he always xrite this error:Auth: Login incorrect: [vlan4/no User-Password attribute] (from client localhost port 0) Fri Apr 21 09:01:50 2006 : Auth: Login incorrect: [vlan4/no User-Password attribute] (from client symbol port 29 cli
ludovic cailleau wrote:
I already running the server in debugging mode. And he always xrite this
error:
Auth: Login incorrect: [vlan4/no User-Password attribute] (from client
localhost port 0)
Fri Apr 21 09:01:50 2006 : Auth: Login incorrect: [vlan4/no
User-Password attribute] (from client
Good morning,I wish to realize an authentication 802.11x for a wireless network. I use a switch wireless Symbol, and Freeradius under fedora 5.The authentication will have to verified 3 parameters: the login, the password, and the SSID. The switch Symbol with the Vendor Specific
ludovic cailleau [EMAIL PROTECTED] wrote:
I start freeradius, and when I want to connect me with a client PC
I'm reject. Logs indicates me:
Why are you not running the server in debugging mode? That's what
the documentation says. Many times. Many, many, many times.
And don't set
hi all!
i want to configure the freeradius server (1.0.5) to use ldap, sql and pam as
source for user authentification. i only get the first two to work at the same
time (ldap and sql) but not together with pam.
if i use this in /etc/raddb/users:
# users
wlanAuth-Type = EAP
testuser
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Jérémy CluzelSent: 02 September 2005 00:37To:
freeradius-users@lists.freeradius.orgSubject: RE: Windows Client
Authentification bevore Domain logonHi Guy,Do you
know working supplicants with a GINA
802.1x authentification beforelogon on xp. And what are the prerequisites ?Marc-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
://www.freeradius.org/list/
users.html
Can you explain how we can activate 802.1x authentification before
logon on xp. And what are the prerequisites ?
Marc
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Marc-Henri Boisis-delavaud
Sent: 01 September 2005 15:19
To: FreeRadius users mailing list
Subject: Re: Windows Client Authentification bevore Domain logon
Le 31 août 05 à 18:53, Alan DeKok a écrit :
=?ISO-8859-1?Q?J
Please use correct terminology.
It's AUTHENTICATION, not authentification!
To authenticate = authentication
To authorize = authorization
To account = accounting
To identify = identification
--
Groeten, Regards, Salutations,
Thor Spruyt
M: +32 (0)475 67 22 65
E: [EMAIL PROTECTED]
W: www.thor
Hi Guy,
Do you know working supplicants with a GINA module ? aegis ? secureW2 ?
Regards,
Jeremy
[EMAIL PROTECTED] a crit:
Date: Thu, 1 Sep 2005 17:10:14 +0100
From: "Guy Davies" [EMAIL PROTECTED]
Subject: RE: Windows Client Authentification bevore Domain logon
To: "F
How can I add this OID to my machine certs ? using CA.certs script and xpextensions file ?
Regards,
Jeremy
Ben Walding ben.walding at gmail.com wrote:
I also found using machine certificates to be hit and miss (some
machines they'd be picked up, others they wouldn't - all XP SP2 with
Sorry, but I didn't find any references of this OID in the creation scripts in the
scripts directory (Ca.all, CA.certs...).
The only OID added seem to be 1.3.6.1.5.5.7.3.1 and 1.3.6.1.5.5.7.3.2 (in
xpextensions).
Is there any way to do this without patching openssl (like explained there
check this out Jeremy
http://www.linuxjournal.com/article/8095
On Wed, 2005-08-31 at 14:22 +0200, Jérémy Cluzel wrote:
Sorry, but I didn't find any references of this OID in the creation scripts
in the scripts directory (Ca.all, CA.certs...).
The only OID added seem to be 1.3.6.1.5.5.7.3.1
System pocztowy Galtex S.A. informuje, iz Twoja wiadomosc zostala dostarczona
Wiadomosc wygenerowana automatycznie przez system pocztowy uzytkownika belskia
Prosze na ta wiadomosc nie odpowiadac.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks for the answert Alan, but what do you mean that it should be made more prominent in EAP-Conf? Could you give me detailed instructions how i can get this OID to my certificates?ArminFreeRadius users mailing list freeradius-users@lists.freeradius.org schrieb am 25.08.05 17:35:11:Ben Walding
Armin,
At 15:40 24/08/05, you wrote:
Ok, the hole day i tried to get it to work but this time when i install
the certificate as a machine zertifikate the radius authentifikation log
ends up with this log below.
The Certificates where generated with openssl and all works fine as User
I also found using machine certificates to be hit and miss (some
machines they'd be picked up, others they wouldn't - all XP SP2 with
appropriate patches).
And then I stumbled on this
http://lists.cistron.nl/pipermail/freeradius-users/2004-July/034141.html
1.3.6.1.4.1.311.17.2
After I started
Hi, i found this thred yesterday and tried it out to add this OID but it had no effekt...OK maybe i made somthing wrong. Could you describe how you added this oid to your machine zertifikate? Today i built completely new root,server and client certificates depending on the article in
1 - 100 of 128 matches
Mail list logo