Ian Truelsen wrote:
The major stumbling block is that we have clients with equipment that
cannot deal with WPA encryption,
Wireless cards that support WPA are cheap.
and so, I think, I am forced to use WEP
key. Now, the main concern is access control, as in the past there have
been those
Doc. Caliban wrote:
All of our public workstations are on this interface so the machines are
verified at the proxy. Now I just need to get the RADIUS piece in place
to validate the users. IPCop can require RADIUS authentication on top
of the MAC filter.
So... how does it do that? EAP?
Ryan Melendez wrote:
recvfrom() blocks on datagram sockets just like any other type of socket
unless it gets a S0_RCVTIMEO or the O_NONBLOCK is set (in which case you
would receive an error).
Hmm... I guess I hadn't run into that before, because select() never
lied about data being
Hey Michael,
On 10/31/07, Hawkins, Michael [EMAIL PROTECTED] wrote:
Why would I pick ldap over mysql? Is it because ldap is geared around
user entities as well as an organizational hierarchy? Does phpLDAPadmin
Well in general, LDAP is considered as a more enterprise-environment because
of
On 10/31/07, Doc. Caliban [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED]
IPCop is actually pretty good for this as it uses one of it's
interfaces for wireless access based on granting each node specific
access by MAC, but it can be any network node, it doesn't have to be a
wireless device.
,
groupmembership_filter =
((memberUid=%{Stripped-User-Name:-%{User-Name}})(objectClass=posixGrou
p))
Regards,
Frank Ranner
-- next part --
An HTML attachment was scrubbed...
URL:
https://lists.freeradius.org/pipermail/freeradius-users/attachments/20071031/258fde31
Try editing the Makefiles so that rlm_sqlippool links to rlm_sql.
Maybe that will solve the problem.
I tried to do this, but I'm not a good coder so I filed a bug against
the debian package.
Alan DeKok.
Thanks,
Francesco.
-
List info/subscribe/unsubscribe? See
Update: assigned bug number #448699 .
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448699
Greetings,
Francesco.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I'm new to RADIUS, too...and I'm trying do get this work the same way. I set
up a WLAN and a RADIUS Server with a MySQL Database and a user
authentication by username and password. I want to use PEAP (MSCHAPv2) and I
read about a server certificate to install on my client computer to get it
work?
Hi Alan,
First time I tried with IP address only, and got the following error.
Oct 25 19:58:20 ada-delegate1 login: [ID 801593 auth.error] pam_radius_auth:
Failed looking up IP address for RADIUS server 10.213.31.186 (errcode=12)
Oct 25 19:58:20 ada-delegate1 login: [ID 801593 auth.error]
Alan DeKok wrote:
Doc. Caliban wrote:
All of our public workstations are on this interface so the machines are
verified at the proxy.
So... how does it do that?
IPCop, the network router, is the NAS in this case.
It has 3 interfaces, the WAN, LAN, and WiFi Access. (Known in
[EMAIL PROTECTED] wrote:
PS. Time to go to bed.
I know the feeling!
Thanks for all the info on doing this properly. You've no doubt saved
me a bunch of time and frustration.
-Doc
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jon Reynolds wrote:
Also, uncheck the Authenticate as computer when information is
available and Enable Fast Reconnect, the latter will drive you
crazy because it will keep resetting your settings back to default.
Jon
Perfect, thank you!
-Doc
-
List info/subscribe/unsubscribe? See
YvesDM wrote:
Alternativley you could install the copspot plugin on ipcop (
http://www.ban-solms.de/t/IPCop-copspot.html )
It implements chillispot and gives you a captive portal which can
talk to you radius for AAA.
Kind regards
Yves
That's a great suggestion,
Bernd wrote:
snip
when I just do this:
Simplest thing for your users with Win XP/Vista would be PEAP. Setup is the
same for wired and wireless. Connection/Properties/click on Authentication
tab/tick enable 802.1x box/select PEAP from the box/click on Properties
button/ and use MSCHAPv2 on
button/ and use MSCHAPv2 on configure button it does not work.
So I tried to create a certificate and import it - still doesn't work -
think the cause is me and my missing experience with Radius. ;)
What do you think?
On 10/31/07, Doc. Caliban [EMAIL PROTECTED] wrote:
YvesDM wrote:
Alternativley you could install the copspot plugin on ipcop (
http://www.ban-solms.de/t/IPCop-copspot.html )
It implements chillispot and gives you a captive portal which can talk
to you radius for AAA.
Kind regards
You will need to buy a server certificate then. Those will have root CA
already installed on Windows. If you make your own users will need to
import it.
Ivan Kalik
Kalik Informatika ISP
Dana 31/10/2007, Doc. Caliban [EMAIL PROTECTED] piše:
Bernd wrote:
snip
when I just do this:
Simplest
I'm trying to do it with openSSL - so no certificates to buy
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von
[EMAIL PROTECTED]
Gesendet: Mittwoch, 31. Oktober 2007 13:35
An: FreeRadius users mailing list
Betreff: Re: AW: Basic usage: What do I do
I have FreeRadius 1.1.7 installed and talking to our eDirectory servers
via LDAP to authenticate users to our wireless network. It works great,
but our eDirectory servers get hit with 11 requests each time a single
client authenticates. Running FreeRadius in debug mode, I see 10
requests of the
YvesDM wrote:
Strange, according to the copspot link I've sent you it uses https.
(on non-standard port)
I never used ipcop myself though.
Kind regards
Yves
Oh, weird. It must be in the details somewhere. That's the page I'd
looked at and this line had caught my eye:
Currently the
On Wed, 2007-10-31 at 08:59 -0400, Nathan Hay wrote:
I have FreeRadius 1.1.7 installed and talking to our eDirectory
servers via LDAP to authenticate users to our wireless network. It
works great, but our eDirectory servers get hit with 11 requests each
time a single client authenticates.
I think we do.
Lately I tried to get PEAP MSCHAPv2 to work.
All settings in conf.s and laptop are made like described in tutorial for
AD integration. And I get a response in Debug Mode when I try to connect to
my WLAN.
It says this:
rad_recv: Access-Request packet from host
On Wed, 2007-10-31 at 08:13 +0100, Alan DeKok wrote:
Ryan Melendez wrote:
recvfrom() blocks on datagram sockets just like any other type of socket
unless it gets a S0_RCVTIMEO or the O_NONBLOCK is set (in which case you
would receive an error).
Hmm... I guess I hadn't run into that
I would like to log to radpostauth table inside the mysql server not
only the Access-Accept
replies but the Access-deny replies too. How to?
thanks for helping
Arjuna
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
All settings in conf.s and laptop are made like described in tutorial for
AD integration.
The output is much longer - many attempts, I think
So
I belief this is the problem, but I dont know how to solve it.
Warning: Found 2 auth-types on request for user 'bnickaes' ?
There is
Hi there !
Could someone please assisst me in configuring FreeRADIUS? I'm quite new to
FR and migrated a server from 0.6 on Solaris 8/SPARC to 1.1.7 on Solaris
10/x64.
On the old server, the users were authenticated by regular /etc/passwd
means. I got this working on the new server. As there
Hi,
I'm trying to sign a certificate using OpenSSL.
I got cacert.pem and a password from a 3rd patry.
1. Is it sufficient to sign certificates?
2. Shouldn't I have the cakey.pem as well?
2. Where should I put those files?
Thanks,
Eyal Zolotov.
Hello,
Has anybody set up FreeRadius with Network Admission Control. I have a
trouble to set up FreeRadius as an authentication server in Clean Access
Manager.
It works perfectly with ACS.
Thanks for a help
Dorota
-
List info/subscribe/unsubscribe? See
Has anybody set up FreeRadius with Network Admission Control.
I have a trouble to set up FreeRadius as an authentication
server in Clean Access Manager.
FreeRADIUS does not support Cisco NAC.
It works perfectly with ACS.
This is because it is a Cisco proprietary protocol.
josh.
Hello,
Has anybody set up FreeRadius with Network Admission Control. I have a
trouble to set up FreeRadius as an authentication server in Clean Access
Manager.
It works perfectly with ACS.
Thanks for a help
Dorota
-
List info/subscribe/unsubscribe? See
Hello Josh,
Actually I give another try just after I wrote to the group and I
succeeded. I don't talk about TACACS+ here.
Cisco Clean Access can have several authentication servers defined. I do
confirm it works with FreeRadius as well.
Dorota
-Original Message-
From: [EMAIL PROTECTED]
On 10/31/07, Doc. Caliban [EMAIL PROTECTED] wrote:
YvesDM wrote:
Strange, according to the copspot link I've sent you it uses https. (on
non-standard port)
I never used ipcop myself though.
Kind regards
Yves
Oh, weird. It must be in the details somewhere. That's the page I'd
But you are just using FreeRADIUS for authentication. I didn't realise
it was possible to separate posture assessment from authentication in
Cisco NAC. Interesting to hear that you can.
josh.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Dorota
Hi,
But you are just using FreeRADIUS for authentication. I didn't realise
it was possible to separate posture assessment from authentication in
Cisco NAC. Interesting to hear that you can.
..i guess we are all looking at development of EAP-TNC with interest..
alan
-
List
Hi,
But you are just using FreeRADIUS for authentication. I
didn't realise
it was possible to separate posture assessment from
authentication in
Cisco NAC. Interesting to hear that you can.
..i guess we are all looking at development of EAP-TNC with interest..
You betcha!
josh.
36 matches
Mail list logo