_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Had sent TLV failure. User was rejected earlier in this session.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post
> im trying to authenticate freeradius by doing a search on ldap and using
> the sambaNtpassword and then authenticate with ms-chap to provide wireless
> internet.
> here is the log:
1. You have gone some way into destroying default (read: working)
configuration.
> rad_recv: Access-Request packet
No ideas to help me a little?
At least to know if what described is possible.
Thank's
Simon
Simone Felici ha scritto in data 16/10/2009 11.26:
Hello to all,
I've freeradius installed on a CentOS 4.5: freeradius-1.1.5-0.
I would like to add a new field to my radacct table to log a
DDRESS to add within
'%{Sip-Translated-Request-ID}'.
Can someone help me a little bit?
Thank's
Simon
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Except it's not. That's what I used to login to the box. It's a temp
password of course.
-Jason
Ivan Kalik wrote:
I am migrating from Solaris 8 to Solaris 10 and in the process upgrading
freeradius from 0.9.3 to 2.1.7. I'm having some difficulty in getting
it to work. I've pretty much copi
> I am migrating from Solaris 8 to Solaris 10 and in the process upgrading
> freeradius from 0.9.3 to 2.1.7. I'm having some difficulty in getting
> it to work. I've pretty much copied the users and radiusd.conf files
> over from the old server. Here's some output with debugging turned on.
> Thi
Greetings,
I am migrating from Solaris 8 to Solaris 10 and in the process upgrading
freeradius from 0.9.3 to 2.1.7. I'm having some difficulty in getting
it to work. I've pretty much copied the users and radiusd.conf files
over from the old server. Here's some output with debugging turned on.
AP).
If you have read the comments in ldap module (raddb/modules/ldap) you
needn't of wasted your time. Ldap authentication works *only* for PAP.
http://deployingradius.com/documents/protocols/oracles.html
> I would appreciate if some of you can help me with that or can guide me to
> t
n using PAP (un-checking CHAP).
>
>
>
> I tried every possible option/combination I can think of, but unfortunately
> none of them worked.
>
>
>
> I would appreciate if some of you can help me with that or can guide me to
> the right path
>
>
>
> Thx guy
).
I tried every possible option/combination I can think of, but unfortunately
none of them worked.
I would appreciate if some of you can help me with that or can guide me to
the right path
Thx guys
Ryaz Khan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> I am trying to create a dynamic interface for the dail-up users assign
> it to a vrf and then configure the ip address. The config that I have
> done in the users file is as;
>
> tcl Cleartext-Password := "tcl"
> #...@cisco1.com Cleartext-Password := "tcl"
> Service-Type = Framed-User,
>
Hi,
I am trying to create a dynamic interface for the dail-up users assign
it to a vrf and then configure the ip address. The config that I have
done in the users file is as;
tcl Cleartext-Password := "tcl"
#...@cisco1.com Cleartext-Password := "tcl"
Service-Type = Framed-User,
Salim Engin wrote:
> I was able to use Alcatel Esam VSA in Freeradius 2.1.7 . Thanks a lot
> for your help.
> Note: dictionary.alcatel.esam was not included in dictionary file ... I
> simply added it and it worked.
Ok. I'll include it in the main dictionary file for 2.1
On Wed, Sep 16, 2009 at 5:42 PM, Deepak wrote:
>> Run the server in debugging mode as suggested in the FAQ, README,
>> INSTALL, and nearly daily on this list.
>>
>> Alan DeKok.
>
> I did that. Server runs smoothly without any warning or errors.
>
> Trying to authenticate generates this:
> ==
From: freeradius-users-bounces+flyboy_1628=hotmail@lists.freeradius.org
[mailto:freeradius-users-bounces+flyboy_1628=hotmail@lists.freeradius.or
g] On Behalf Of Ivan Kalik
Sent: Wednesday, September 16, 2009 17:43
To: FreeRadius users mailing list
Subject: Re: help with freeradius authentication
ut I've just
> gotten lost.
>
> All I want is a simple challenge-answer system to authenticate the user to
> the network. It does not have to be via a web portal.
Captive portal is the usual answer to your requirements.
> Can someone please help me or guide me somewhere with a man
All I want is a simple challenge-answer system to authenticate the user to the
network. It does not have to be via a web portal.
Can someone please help me or guide me somewhere with a manual that goes
through every step that isn't outdated as the one's I've tried either rely on
> So, where is the dynamic-clients server? You haven't enabled it.
>
> Ivan Kalik
> Kalik Informatika ISP
I forgot to mention that I have enabled it. It is working.
Thanks again
--
==
Registered Linux User #460714
Currently Using Fedora 10, CentOS 5.3
==
> Did you reverse the changes as you were told? The only
> change you were supposed to make is to comment out the virtual_server
> "something" line.
>
> Ivan Kalik
> Kalik Informatika ISP
>
Thanks for pointing out. Actually I had a backup copy of the original
and just restored it from there. When
> Full output of debug mode
>
...
> including files in directory /etc/raddb/sites-enabled/
> including configuration file /etc/raddb/sites-enabled/default
> including configuration file /etc/raddb/sites-enabled/inner-tunnel
> including configuration file /etc/ra
>> Run the server in debugging mode as suggested in the FAQ, README,
>> INSTALL, and nearly daily on this list.
>>
>> Alan DeKok.
>
> I did that. Server runs smoothly without any warning or errors.
>
> Trying to authenticate generates this:
> ===
> Ignoring request to authentication addre
> Run the server in debugging mode as suggested in the FAQ, README,
> INSTALL, and nearly daily on this list.
>
> Alan DeKok.
I did that. Server runs smoothly without any warning or errors.
Trying to authenticate generates this:
===
Ignoring request to authentication address * port 1812
Deepak wrote:
> Thank you all for the valuable suggestions.
A large part of the problems you're running into is because you're not
following the documentation.
> Since dynamic-clients is in action, I thought I can authenticate
> through my local AP (since any ip should be fine with this config)
Alan,
I was able to use Alcatel Esam VSA in Freeradius 2.1.7 . Thanks a lot for
your help.
Note: dictionary.alcatel.esam was not included in dictionary file ... I
simply added it and it worked.
Salim Engin
On Sun, Sep 13, 2009 at 6:08 PM, Alan DeKok wrote:
> Salim Engin wrote:
> > 1-
Thank you all for the valuable suggestions.
I have one AP connected directly to radius server. For this, I have a
entry in the nas table and was working fine.
Now I have this
client dynamic {
ipaddr = 0.0.0.0
netmask = 0
dynamic_clients = dynamic_client_server
lifetim
Barbara Picci wrote:
> I've nas entry in the db because I've modified the authentication query
> so that I need a nas entry, and the IP-Address can be as you want, also
> fantasy IP Address. Only, freeradius don't start if there are two
> identical IP-address in the Nas table or in the nas table an
I've nas entry in the db because I've modified the authentication
query so that I need a nas entry, and the IP-Address can be as you
want, also fantasy IP Address. Only, freeradius don't start if there
are two identical IP-address in the Nas table or in the nas table and
in the clients file.
> There is still something not clear to me regarding the secret and
> entry in nas table.
>
> My question is:
>
> 1) Do I need entry in nas table or not?
No. You don't need that. You can have a single static shared secret value
in the dynamic-clients configuration.
> I want that each NAS have
> d
On Tue, Sep 15, 2009 at 6:01 AM, Alan Buxey wrote:
> Hi,
>
>> server dynamic_client_server {
>
>
>
> what have you done? why have you added all of that stuff to the
> default example???
>
> dynamic_client_server is a very basic virtual server for one function -
> its not a complete virtual host.
Hi,
> server dynamic_client_server {
what have you done? why have you added all of that stuff to the
default example???
dynamic_client_server is a very basic virtual server for one function -
its not a complete virtual host.
all you need is something like
client dynamic {
ipaddr = 0
> I am using freeradius 2.1.6 in CentOS 5.3 with mysql backend.
>
> As a follow up question to my previous posting, I have modified the
> following in dynamic-clients file.
Why did you feel the urge to modify anything apart from the shared secret???
>
> server dynamic_client_server {
>
> au
Hi,
I am using freeradius 2.1.6 in CentOS 5.3 with mysql backend.
As a follow up question to my previous posting, I have modified the
following in dynamic-clients file.
==
client dynamic {
ipaddr = 0.0.0.0
netmask = 0
dy
Salim Engin wrote:
> 1- From its customer documentation;
>
> General
> Vendor ID 637 is used for 7302 ISAM.
> The vendor specific attribute type has a length of two bytes long where
> the highest
> byte is the project ID and the lowest byte is the project specific
> attribute ID.
> The project ID
Hi,
Thanks for the reply.
What I have about the Alcatel VSA is
1- From its customer documentation;
General
Vendor ID 637 is used for 7302 ISAM.
The vendor specific attribute type has a length of two bytes long where the
highest
byte is the project ID and the lowest byte is the project specific
Salim Engin wrote:
> I have problem in adding new VSA dictionary file into Freeradius 2.1.6.
> Below you can find the steps I performed;
...
> According to my analysis, freeradius does not like the hex values in the
> VSA dictionary file i.e : 0x0700 .
In 2.1.x, it can handle hex values just fin
Hello,
I have problem in adding new VSA dictionary file into Freeradius 2.1.6.
Below you can find the steps I performed;
- create the file named *dictionary.alcatel.esam* with the following
content in */usr/local/share/freeradius/* folder;
#
#
VENDOR Alcatel-ESAM637
BEGIN-VENDOR
ramesh p wrote:
> i'm trying to replace username = '' with some username = "Usernamenull"
> in my test radius server.
>
> am using code as below:
>
> attr_rewrite attr_rewrite_username {
Why? Use "unlang". It's more powerful, and a lot simpler.
Alan DeKok.
-
List info/subscribe/unsubscri
*searchfor = "''"*
replacewith = "Usernamenull"
new_attribute = no
ignore_case = no
max_matches = 1
append = no
}
placed attr_rewrite_username in defualt server file under preprocess
section.
The ab
>> ...
>>>rad_check_password: Found Auth-Type LDAP
>>> auth: type "LDAP"
>>
>> Remove that from users file. Let pap module do the authentication. Ldap
>> should return the password to radius via ldap.attrmap.
>
> I still need this in the users file though. Without it, I get rejections.
> It s
Quoting "Ivan Kalik" :
Ok. You can remove redundant (module is not failing, so no failover
needed). Just list the two modules one below the other.
Removing the redundant lines, seems to make this work!
...
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
Remove that from us
> Quoting "Ivan Kalik" :
>
>> So what does first ldap section return when user is missling - fail or
>> reject (I see you have access attribute configured there)? If it's
>> reject
>> you need unlang (ie 2.x).
>>
>
> Here is my output of radtest with a user on the second LDAP server.
> This server
AJ wrote:
> I would appreciate some pointers because I am just not getting it.
>
> redundant {
>
> rhds_ldap
> notfound = 1
> ok = return
You need brackets around everything:
redundant {
rhds_ldap {
Quoting "Ivan Kalik" :
So what does first ldap section return when user is missling - fail or
reject (I see you have access attribute configured there)? If it's reject
you need unlang (ie 2.x).
Here is my output of radtest with a user on the second LDAP server.
This server never gets quier
>> Redundant should work in 1.1.7. But in 2.x you can use unlang for even
>> more flexibility. Not to mention all the bug and security fixes and
>> enhancements in years since 1.1.7. If you are upgrading go for the
>> latest
>> version.
>
> I have upgraded to 1.1.7, and I still have the same behavi
AJ wrote:
> I know this has been discussed before on the list and there is
> documentation for this, but I have literally spent days on this and I
> cannot get the result that I am looking for. I am hoping someone can
> share a configuration with me that works. Basically, I am looking to
> have
Quoting "Ivan Kalik" :
Redundant should work in 1.1.7. But in 2.x you can use unlang for even
more flexibility. Not to mention all the bug and security fixes and
enhancements in years since 1.1.7. If you are upgrading go for the latest
version.
I have upgraded to 1.1.7, and I still have the s
>> Upgrade. Then create redundant section for ldap servers in authorize.
>>
>
> Would I be able to go to latest 1.1.x release to get this working or
> do I need to go to 2.x?
Redundant should work in 1.1.7. But in 2.x you can use unlang for even
more flexibility. Not to mention all the bug and sec
Quoting "Ivan Kalik" :
Upgrade. Then create redundant section for ldap servers in authorize.
Would I be able to go to latest 1.1.x release to get this working or
do I need to go to 2.x?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> I know this has been discussed before on the list and there is
> documentation for this, but I have literally spent days on this and I
> cannot get the result that I am looking for. I am hoping someone can
> share a configuration with me that works. Basically, I am looking to
> have radius au
only list one. What seems to
happen with this configuration is that it only trys the first LDAP
server, and if the user does not exist, it quits right there and does
not try the second (ad_ldap). Any help would be greatly appreciated.
I am running the following version of freeradius
Thanks. It's working fine.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
OK Kalik,
Thanks!
2009/8/25 Ivan Kalik :
>> Hi Buxey,
>>
>> After generating the certificates the file server.der was not created!
>> Ca.der ok!!!
>>
>> What can I do???
>
> It's server.crt.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.
> Hi Buxey,
>
> After generating the certificates the file server.der was not created!
> Ca.der ok!!!
>
> What can I do???
It's server.crt.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Buxey,
After generating the certificates the file server.der was not created!
Ca.der ok!!!
What can I do???
Best regards
2009/8/18 Alan Buxey :
> Hi,
>
>> Hi ALL!!!
>
> Hi!
>
> ignore the tutorials. install latest version from source...ensure
> /usr/local/etc/raddb or /
Dave wrote:
> Ive been using freeradius for years to authenticate pppoe users for my
> WISP., Customers get dynamic IP addresses from an IP pool.
> Im going to be implementing a new monitoring system, and I need to use
> hostnames to check on customer status.
> Anyone have ideas how freeradius can
Ive been using freeradius for years to authenticate pppoe users for my
WISP., Customers get dynamic IP addresses from an IP pool.
Im going to be implementing a new monitoring system, and I need to use
hostnames to check on customer status.
Anyone have ideas how freeradius can update a DNS server
> I have installed freeradius2.1.6 recently. Radius server was started
> successfully. But when i sent a packet using NTRadping its stored in file
> but not writing in oracle.
>
> when i run radiusd-X
...
> rlm_sql_oracle: execute query failed in sql_query: ORA-01400: cannot
> insert
> NULL into ("
08/21/2009 12:14 PM, shivashankar::
rlm_sql_oracle: execute query failed in sql_query: ORA-01400: cannot insert
NULL into ("RADIUSUSER"."RADACCT"."GROUPNAME")
> [...]
in radacct table we have GROUPNAME is not null..
Alow it (GROUPNAME) to be NULL?
--
Architecte Informatique chez Blue
)
rlm_sql_oracle: OCI_SERVER_NORMAL
[sql] Couldn't insert SQL accounting START record - ORA-01400: cannot insert
NULL into ("RADIUSUSER"."RADACCT"."GROUPNAME")
[sql] WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details
d 1 to 10.77.202.78 port 1495
Finished request 1.
Cleaning up request 1 ID 1 with timestamp +141
Going to the next request
Waking up in 8.9 seconds.
Polling for detail file
/usr/local/fnmt/freeradius2//var/log/radius/radacct/detail
Packets are not logged to db. sqltrace_sql shows nothing.
sql modules
Ok!!!
I will do all the changes
As soon as possible my new post.
Guaraldi
2009/8/18 Alan Buxey :
> Hi,
>
>> Hi ALL!!!
>
> Hi!
>
> ignore the tutorials. install latest version from source...ensure
> /usr/local/etc/raddb or /etc/raddb doesnt exist before 'make install'
hi,
the default server will call detail
the buffered-sql should call the actual SQL module to do the work.
this means default server spews packet data to detail file,
the buffered-sql then reads that data and chucks into SQL
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/
Does this configuration
correct? Please help.
Thanks,
Rams.
> Message: 2
>>>> Date: Tue, 18 Aug 2009 23:29:47 +0100
>>>> From: Alan Buxey
>>>> Subject: Re: accounting through detail module help
>>>> To: FreeRadius users mailing list
>
anks,
Rams.
>>
>>>
>>> --
>>>
>>> Message: 2
>>> Date: Tue, 18 Aug 2009 23:29:47 +0100
>>> From: Alan Buxey
>>> Subject: Re: accounting through detail module help
>>> To: FreeRadius users mailing list
>&
;
>> --
>>
>> Message: 2
>> Date: Tue, 18 Aug 2009 23:29:47 +0100
>> From: Alan Buxey
>> Subject: Re: accounting through detail module help
>> To: FreeRadius users mailing list
>>
>> Message-ID: <20090818
Hi,
> Thanks Alan.
> I enabled detail module in accounting. details files were created under
> radacct clients directories.
> Just wanted to check if any module already available in freeradius to scan
> these detail files, parse and put attributes in mysql db every 2-3 mins?
sites-available/buff
Hi,
> Hi ALL!!!
Hi!
ignore the tutorials. install latest version from source...ensure
/usr/local/etc/raddb or /etc/raddb doesnt exist before 'make install'
thenm run the radiusd server...the first time it will make test
certs. copy the CA.der server.der to the windows syste
Hilton Guaraldi wrote:
> Hi ALL!!!
>
> I did more then 20 openssl commands in order to issue a CA for tests...
> Howto in http://www.linuxjournal.com/node/8095/print and
> http://www.linuxjournal.com/node/8151/print. I DID ALL THE COMMANDS!!!
And you didn't use the examples
Did you check sites-available directory?
Best regards,
Denis Volkov
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi ALL!!!
I did more then 20 openssl commands in order to issue a CA for tests...
Howto in http://www.linuxjournal.com/node/8095/print and
http://www.linuxjournal.com/node/8151/print. I DID ALL THE COMMANDS!!!
XP client do not authenticate :-(
Do I need users file???
What the
.
> --
> Message: 7
> Date: Tue, 18 Aug 2009 15:33:09 +0100
> From: Alan Buxey
> Subject: Re: accounting through detail module help
> To: FreeRadius users mailing list
>
> Message-ID: <20090818143309.ga32...@lboro.ac.uk>
> Content-Type: text/plain; charset=us-a
Hi,
> At present our radius servers getting traffic of more than 3 million users.
> We have only two radius servers and one mysql server active. The server
> crashing whenever more traffic comes. Due to mysql overload and slow I'm
> planning to use detail module for accounting and then take these
Hi,
At present our radius servers getting traffic of more than 3 million users.
We have only two radius servers and one mysql server active. The server
crashing whenever more traffic comes. Due to mysql overload and slow I'm
planning to use detail module for accounting and then take these details
David Jansen wrote:
> Although passwords are filtered in radius log i do still see unencrypted
> passwords in auth-detail-%% files in /var/log/radius/radacct. How can I
> get rid of these passwords?
Read raddb/modules/detail
This is documented.
Alan DeKok.
-
List info/subscribe/unsubscribe
Hi,
Although passwords are filtered in radius log i do still see unencrypted
passwords in auth-detail-%% files in /var/log/radius/radacct. How can I get rid
of these passwords?
Kind regards
David Jansen
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi,
fromt he debug looks like its not doing any SQL thing at all -
ie you either havent configured the SQL stuff (uncomment
an 'include' statement in the cofngi to pull in sql.conf
or, because you arent using SQL for authentication/authorization
and only for logging you have to add 'sql' to the i
Hi All,
I have installed freeradius2.1.6 recently. Radius server was started
successfully. But when i sent a packet using NTRadping its stored in file
but not writing to mysql table.
Here is the debug output:
[r...@localhost radius]# /usr/local/fnmt/radius2/sbin/radiusd -X
FreeRADIUS Version 2.1.6
>
> Another question i have, When I spoke briefly to the folks at Network
> RADIUS, they told me that freeRadius includes the required db schema
> for mySQL. When I installed mySQL 5.1, there was a db in there that I
> didn't recognize, called information_schema, comprised of 28 tables.
> Is this
that will run on OS X?
Ah, then I have misunderstood you. Sorry that I could not help you.
Perhaps this answer can bring you further:
http://lists.freeradius.org/pipermail/freeradius-users/2009-January/msg00515.html
Another question i have, When I spoke briefly to the folks at Network
RADIUS,
lled MySQL 5.1 as well, no hitches. I have not, tho, found out
>> how to tell is freeRADIUS is actually running or not.
>
> If by "actually running or not", you mean that a user could check then use:
> ps ax
> If you mean that a program should check I am not sure. A shell s
If by "actually running or not", you mean that a user could check then
use: ps ax
If you mean that a program should check I am not sure. A shell script
could use ps, fgrep and co to do that.
Thanks in advance for all help.
-
List info/subscribe/unsubscribe? See http://www.free
> Don't be *too* helpful, my head may explode.
Try asking questions about freeradius not how to use a computer.
How to find out if a process is running: you type a command at the command
prompt and computer lists the running processes. Same on Windows, OS X,
Linux or any other operating system. W
Don't be *too* helpful, my head may explode.
On Mon, Aug 3, 2009 at 5:25 PM, Ivan Kalik wrote:
>> I am in the process of setting up freeRADIUS on Mac OSX. We're a small
>> group looking into becoming a WISP. Can anyone tell me if there is a
>> RAS that runs on OSX?
>>
>> The install of freeRADIUS
> I am in the process of setting up freeRADIUS on Mac OSX. We're a small
> group looking into becoming a WISP. Can anyone tell me if there is a
> RAS that runs on OSX?
>
> The install of freeRADIUS itself seems to have gone smoothly, and I
> installed MySQL 5.1 as well, no hitches. I have not, tho,
, tho, found out
how to tell is freeRADIUS is actually running or not.
Thanks in advance for all help.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> I have freeradius installed on my ubuntu, and novel eDirectory on SLES 10.
> Is it possible to integrating freeradius with eDir? I've been searching on
> google and stil can not find any documentation.
> so I try to configure it using documentation for freeradius (on sles), and
> it's failed.
Yo
I have freeradius installed on my ubuntu, and novel eDirectory on SLES 10.
Is it possible to integrating freeradius with eDir? I've been searching on
google and stil can not find any documentation.
so I try to configure it using documentation for freeradius (on sles), and
it's failed.
]
Enviado el: Thursday, July 23, 2009 8:16 AM
Para: jvill...@comware.com.ec; FreeRadius users mailing list
Asunto: RE: Help About Peap
> Hi I have a problem with PEAP-RADIUS-AD. I follow the configuration that
> find in this link
> http://wiki.freer
> Hi I have a problem with PEAP-RADIUS-AD. I follow the configuration that
> find in this link
> http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
>
> Samba configuration ok and test (wbinfo u)
>
> Kerberos ok and test (kinit user)
>
> Radius radtest ok
>
> When the XP try l
Hi I have a problem with PEAP-RADIUS-AD. I follow the configuration that
find in this link
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
Samba configuration ok and test (wbinfo u)
Kerberos ok and test (kinit user)
Radius install and configuration in Solaris SPARC
veat
for XP3 clients would be REALLY HELPFUL to have on the wiki. It
doesn't look like just anyone can edit it so would one of you be
willing to add something?
Thanks again to all for the help!
John
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Guys,
I think this is an excellent tutorial for what he is trying to achieve.
http://www.howtoforge.com/wifi-authentication-accounting-with-freeradius-on-centos5
I've used this along with assistance from Ivan and have gotten everything I
wanted to work successfully.
Nik
Quoting Nicolas Boull
Hi,
DISCLAIMER: I'm no Windows specialist.
john wrote:
>
> I am having a hard time figuring out how to make this work. Where/how
> does the cert get imported. Do I need to make a registry change in
> KEY_LOCAL_MACHINE\Software\Microsoft\EAPOL\Parameters\General\Global
> to make this work? I hope
Hi John thanks for taking the time to reply,
>
> Ask the question "Who are you authenticating?" or "What has permission to
> use the network?" Am I trying to restrict access to a specific set of users
> or am I trying to restrict access to a specific set of machines? If it's the
> later does that
On 07/15/2009 01:08 PM, john wrote:
So are the following correct?:
(1) I can create a single cert for a computer and distribute it to all
users who may use that computer
(2) I can create a cert for every user and distribute it to every
computer that a user logs into.
(3) I cannot create a gen
>
>> (3) I cannot create a generic "computer cert" that authenticates the
>> computer and opens the port?
>
> Yes, you can. But as soon as some user logs onto that computer ...
>
> Ivan Kalik
> Kalik Informatika ISP
Thanks for the reply Ivan. I am fine with folks logging in and having
access from
> So are the following correct?:
>
> (1) I can create a single cert for a computer and distribute it to all
> users who may use that computer
You can give same user certificate to any user using the computer - you
can place it on the desktop with installatioon instructions. But don't you
hear a vo
On Wed, Jul 15, 2009 at 1:52 AM, Ivan Kalik wrote:
>> Can I create a client cert for a computer so that any user that logs
>> in may use it automatically under Windows XP? I have successfully
>> created a client.p12 with the FQDN of the workstation I am using,
>> installed it and been authenticated
Ila Palanisamy wrote:
> Can someone help me in defining new string Attribute in freeradius.
Edit the dictionaries that the server is using.
> I have added a new attribute Foundry-INM-Role-AOR-List as string in
> dictionary and I’m trying to set this attribute for a user. With th
> Can I create a client cert for a computer so that any user that logs
> in may use it automatically under Windows XP? I have successfully
> created a client.p12 with the FQDN of the workstation I am using,
> installed it and been authenticated by Freeradius. However when I log
> in to the computer
701 - 800 of 2651 matches
Mail list logo