Hi,
radius.conf as per the instructions, but radtest fails with Access-Reject .I
have attached the debug window output for reference.
no you havent. you've attached a tiny snippet of the debug output.
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting
Hello,
how can I add a secondary ldap server to radiusd.conf for failover?
Regards
Boert
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
shrikant Bhat wrote:
Hi,
I am trying to integrate freeradius with ADS 2003. I reffred to
http://deployingradius.com/documents/configuration/active_directory.html
http://deployingradius.com/documents/configuration/active_directory.html.
everything works perfectly fine till ( $ ntlm_auth
O/H Hubert Kupper έγραψε:
Hello,
how can I add a secondary ldap server to radiusd.conf for failover?
Just create a second ldap module instance with the secondary ldap server
configuration and read doc/configurable_failover
Regards
Boert
-
List info/subscribe/unsubscribe? See
any body can help me how to install and configure RADIUS on CentOS
thanks before
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I'm trying to configure freeradius for Authentication with username and pwd. It
works if I enter the information directly, but if i configure the client to
authenticate with username and password, it transmitts HOSTNAME\USERNAME. I
discovered realms, but i can't get it work. I hope that
www.deployingradius.com
or
yum install freeradius
vi /etc/raddb/*
or
wget ftp://ftp.freeradius.org:/pub/radius/freeradius-1.1.6.tar.bz2
tar -xjvf freeradius-1.1.6.tar.bz2
cd freeradius-1.1.6
./configure
make
make install
vi /etc/raddb/*
seriously, your question is just SO open.
alan
-
Hubert would you mind showing me how you map the ldap password to the
radius password.
Ive Tried checkItem userPassword User-Password but the radius debug
logs complain that it Needs User-Password still :|
On 4/23/07, Hubert Kupper [EMAIL PROTECTED] wrote:
Hello,
how can I add a secondary
O/H [EMAIL PROTECTED] έγραψε:
Hi Guys,
I have maybe a quite simple question:
is there any way to override the default ldap-reply attribute with an other
value than there is in ldap.
i.e.:
users-file:
Default Called-Station-Id = 00-1A-30-2F-11-50:Test,
Airespace-Interface-Name := 777
I tried with the following in the authenticate section
Auth-Type ntlm_auth {
mschap am not sure about the
protocol i need to use here
}
I have attached the debug window output
here is a 57kb tar.gz of my /etc/raddb folder containing all configs.
http://rapidshare.com/files/27470184/20070420_ldap_working.tar.gz.html
--
Hello I have been reading everything I can get my hands on to resolve
this problem Im having. The error message related to this problem:
Attribute
shrikant Bhat wrote:
I tried with the following in the authenticate section
Auth-Type ntlm_auth {
mschap am not sure about the
protocol i need to use here
The web page says to just put ntlm_auth in the authenticate
section. It doesn't say you need
Jacob Jarick wrote:
My problem is the ldap password retrieved from the windows client is
not being sent to the ldap server.
The problem is that you have configured Auth-Type := LDAP, and then
sent the server an 802.1x authentication request. Do NOT set Auth-Type =
LDAP. This is repeated all
Christian Hohmann wrote:
Hi,
I'm trying to configure freeradius for Authentication with username and pwd.
It works if I enter the information directly, but if i configure the client
to authenticate with username and password, it transmitts HOSTNAME\USERNAME.
I discovered realms, but i
Jacob Jarick wrote:
Is it true that the only way to authenticate against active directory
is using ntlm_auth ?
For ms-chap, yes.
I have been specifically asked not to use the ntlm_auth method against
AD out of security cocerns from having samba installed. I cant see the
risk of having
My apologies for that mistake..
I have the following lines in modules section
exec ntlm_auth {
wait = no
program = /usr/bin/ntlm_auth --request-nt-key
--domain=MYDOMAIN.COM
--username=%{mschap:User-Name} --password=%{User-Password}
and I have ntlm_auth listed
Jacob Jarick wrote:
Thanks again Alan,
For reference the oriellys LDAP book instructs you to set Auth-Type
:= LDAP so thats where I got the bad reference (perhaps other people
to).
Yes. There is a LOT of documentation (web pages, etc.) that say to do
the wrong thing. It's unfortunate that
Sorry to pester u Alan :P
Does mschapv2 also support ntlm_auth ?
and now that I understand your tables (well I think) I should be able
to persuade my employer to use ntlm and firewall the the samba ports.
On 4/23/07, Alan DeKok [EMAIL PROTECTED] wrote:
Jacob Jarick wrote:
Is it true that the
shrikant Bhat wrote:
My apologies for that mistake..
I have the following lines in modules section
exec ntlm_auth {
wait = no
program = /usr/bin/ntlm_auth --request-nt-key
--domain=MYDOMAIN.COM
--username=%{mschap:User-Name} --password=%{User-Password}
Kostas Kalevras wrote:
O/H [EMAIL PROTECTED] έγραψε:
Hi Guys,
I have maybe a quite simple question:
is there any way to override the default ldap-reply attribute with an
other value than there is in ldap.
i.e.:
users-file:
Default Called-Station-Id =
Forgive the newbie questions but I think its best to clear up confusion.
client - cisco - FR server = eap
FR - ADS 2003 = pap
Is that correct or am I way off track.
On 4/23/07, Alan DeKok [EMAIL PROTECTED] wrote:
Jacob Jarick wrote:
Thanks again Alan,
For reference the oriellys LDAP book
Hi all,
I have to find a solution that integrates the use of OTP (One Time Password
) as a second factor authentication in addition to the first factor
authentication (witch is generally username and password) to an existing
authentication System.
This solution should be integrated easily to
O/H Chaos Commander έγραψε:
Kostas Kalevras wrote:
O/H [EMAIL PROTECTED] έγραψε:
Hi Guys,
I have maybe a quite simple question:
is there any way to override the default ldap-reply attribute with an
other value than there is in ldap.
i.e.:
users-file:
Default
Jacob Jarick wrote:
Sorry to pester u Alan :P
Does mschapv2 also support ntlm_auth ?
Yes. The mschap module does both mschapv1 and mschapv2.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List
Greetings to all in the list.
I'd like to report an issue in the build scripts of freeradius. I
tried to build version 1.1.6 but the problem exists in earlier
versions too.
If I do
./configure --prefix=/opt/freeradius
the build scripts presume that --enable-developer is true. This has
the
Thanks
On 4/23/07, Alan DeKok [EMAIL PROTECTED] wrote:
Jacob Jarick wrote:
Sorry to pester u Alan :P
Does mschapv2 also support ntlm_auth ?
Yes. The mschap module does both mschapv1 and mschapv2.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
From my recent thread with Alan, I have gathered that ldap only supports PAP.
PAP sends the password in plain text.
Is it possible to encasuplate PAP inside another protocol say EAP to
prevent from packet sniffers etc.
Failing that is it possible to asign vlans bases on ldap primary group
via
Kostas Zorbadelos wrote:
If I do
./configure --prefix=/opt/freeradius
the build scripts presume that --enable-developer is true.
That may be an issue only in 1.1.6. You should be able to change it
by doing --disable-developer.
This has
the effect that -DNDEBUG is not defined in
Hi,
In the documentation of the switch it says:
To provide each user with appropriate levels of access to the switch, set
the following username attributes on your RADIUS server:
- R/W access -- Set the Service-Type field value to Administrative
- Read-Only -- set the Service-Type field
Hi,
I´m trying to configure freeradius with PEAP + EAP-TLS, but I´m
making some confusion to configure the radiusd.conf (sections authorize and
authentication) and eap.conf.
Have someone implemented this configuration?
In the eap.conf file the default
So the big question is, what Auth-Type do I use ?
If LDAP is not permitted (still confuses me as I only need / want
radius to authenticate against LDAP) what Auth-Type do I set in the
users file so that Wireless users can authenticate using their ADS
username and passwords.
On 4/23/07, Jacob
Ok, I have read them all - the wiki's the unrelated novell howtos for
edirectory bought a Oriellys book on ldap (their FR + LDAP howto is
incorrect apparently) and googled countless times.
The articles on http://wiki.freeradius.org/LDAP arent much help they
just re-itterate whats in the config
These examples here look a bit more promising.
http://vuksan.com/linux/dot1x/802-1x-LDAP.html
-- Forwarded message --
From: Jacob Jarick [EMAIL PROTECTED]
Date: Apr 24, 2007 9:01 AM
Subject: Requesting Decent Freeradius + ADS 2003 + LDAP howto
To: FreeRadius users mailing list
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch31_:_Centralized_Logins_Using_LDAP_and_RADIUS#Configuring_The_.2Fetc.2Fraddb.2Fradiusd.conf_File
Another howto that instructs you to set DEFAULT Auth-Type := LDAP
-- Forwarded message --
From: Jacob Jarick [EMAIL
Alan,
my test pc only supports PEAP over wireless and setup has to be wireless.
Removing ldap from the authenticate section causes an EAP error,
so I guess there is more configuration than simply removing /
commenting that section out.
I dont know how to not bind as a user when using FR + LDAP,
radius -X -f: http://pastebin.ca/455389
config files:
Hello All,
I have gone back to ntlm_auth for the time being instead of ldap due
to the incredibly frustrating lack of good documentation (if there are
good docs, link it or shutup).
None of the howtos/ tutorials I have followed end in success
radius -X -f: http://pastebin.ca/455389
config files: http://rapidshare.com/files/27607850/config.tgz.html
Hello All,
I have gone back to ntlm_auth for the time being instead of ldap due
to the incredibly frustrating lack of good documentation (if there are
good docs, link it or shutup).
None of
On 23 Apr 2007 at 11:18, Kostas Kalevras wrote:
O/H Hubert Kupper :
Hello,
how can I add a secondary ldap server to radiusd.conf for failover?
Just create a second ldap module instance with the secondary ldap server
configuration and read doc/configurable_failover
Thanks!
I have
38 matches
Mail list logo
