El mar, 17-05-2005 a las 10:19 -0400, Dustin Doris escribió:
Perhaps your ldap server might be running a little slow. Are you using
openldap? If so, what version? Also, do you have the attributes you are
searching with indexed? Finally, if you are using a BDB backend, what
does your
Hello,
I want put the Auth-Type in my perl script in the
mySQL radgroupcheck table. I tried with the following
data configuration, but it is not working
id GroupName Attribute op Value
4 sipExec-Program-Wait =/usr/au.pl
Here is my auth.pl script
Ok. RFC says exactly that
The Value field is four octets encoding an unsigned integer with
the number of seconds since January 1, 1970 00:00 UTC.
I did not think radiusd rewrites unix timestamp into date.
Just because previous radius i was using used to put the timestamp into
accounting as
Have no one a solution of this problem?
thanks for help
Alain
Hi,
I work with freeradius 1.0.2
If I configure in the TLS section of eap.conf (without this entries the
autentification process works fine)
CA_path = /path
check_crl = yes
crl_dir = /path
crl = file
Not any
I have FreeBSD 4.10 FreeRADIUS 1.0.2 with Postgres SQL 7.4.7.
The problem is following:
I wrote
DEFAULT Acct-Status-Type == Start, Huntgroup-Name == vpn
Exec-Program = /usr/local/4net/vpn_acct.pl start
DEFAULT Acct-Status-Type == Stop, Huntgroup-Name == vpn
Hi
I am currently doing some research into how I can make FreeRADIUS
support other token card methods. Novell eDirectory already provides
Alexander Serkin wrote:
Ok. RFC says exactly that
The Value field is four octets encoding an unsigned integer with
the number of seconds since January 1, 1970 00:00 UTC.
I did not think radiusd rewrites unix timestamp into date.
Just because previous radius i was using used to put the
How do I get freeradius to check both ldap servers for a user. I have
ldap configured already for redundency but I want it to look at the
first ldap server and if the user is not found then check the second
ldap server.
Matt Hunter
Network Analyst
Waukesha County Technical College
-
List
There are no crl_dir and crl configuration options recognized by the
server. You must have added those. The correct way to do this is to
add the PEM encoded CRL to the end of your PEM encoded CA certificate,
referenced by the CA_file configuation option, then set check_crl = yes.
--Mike
Hello, here is my question:
In theory, it is possible for a NAS to honore and send a lot of RADIUS
and VSA attributes, to permit precise per-user authorization tunning
(for exemple per-user ACL, with Filter-Id or VSA...). But in the case
where the NAS is an Access-Point, is it possible to
Hi,
This is entirely dependent upon the NAS. Some vendors' NASes provide
great flexibility in per-user authorization while others provide very
limited functionality beyond a simple permit/reject. IIRC, the Cisco
Aironet 1200 relies (or at least used to rely) on the SSID selected by
the user to
I have a Cisco VPN concentrator and am trying to get group authentication
working
with the FreeRadius server. User authentication works fine but the radius
server
doesn't seem to care what group the user logs in with.
Does anyone have a similar working setup?
If I configure the group on the
Just configure the group on the concetrator as external. Then on the
freeradius create a user with
the same name. IMPORTANT: Use the attribute VPN IPSec-Authentication == 1
if you like to
authenticate them through radius.
Here are the other possible values:
0=None
1=Radius
2=Ldap
3=NT Domain
authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
radius_xlat:
'/usr/local/var/log/radius/radacct/192.168.0.1/auth-detail-20050518'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius
Luis Daniel Lucio Quiroz wrote:
May do this with just a cat cacert.pem crl.pem ca.pem comand?
Yes. Then set CA_file = ca.pem
--Mike
---
Michael Griego
Wireless LAN Project Manager
The University of Texas at Dallas
-
List info/subscribe/unsubscribe? See
I would like to know if anyone has a work around to support PEAP (ms
chap v2) client access authenticate against a LDAP server with bind
operation. Currently, retrieving clear text password from LDAP is
not an option.
No this is not possible. Only way you can authenticate via LDAP
Alexander Serkin [EMAIL PROTECTED] wrote:
I did not think radiusd rewrites unix timestamp into date.
Just because previous radius i was using used to put the timestamp into
accounting as an integer.
Which I, for one, have a hard time understanding.
Does it mean that %S takes the timestamp
Oleg M. Golovanov [EMAIL PROTECTED] wrote:
DEFAULT Acct-Status-Type == Start, Huntgroup-Name == vpn
Exec-Program = /usr/local/4net/vpn_acct.pl start
Huntgroups aren't used for accounting packets.
I believe this is fixed in the CVS head.
Alan DeKok.
-
List
Matthew Hunter [EMAIL PROTECTED] wrote:
How do I get freeradius to check both ldap servers for a user. I have
ldap configured already for redundency but I want it to look at the
first ldap server and if the user is not found then check the second
ldap server.
doc/configurable_failover
arun [EMAIL PROTECTED] wrote:
I have successfully used Freeradius1.0.1 to authenticate my clients
using EAP-MD5 and EAP-TLS.
But i am not able to get EAP -TTLS working.
The supplicant you're using is doing something bad:
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown
I was able to get both the group and user authenticated on
the Radius server now but there is no matching of the user
to the group.
This user can login using any group, not just the one I want
them to use.
How does the radius server match / check the user to the
group?
-
List
John Sorel wrote:
I was able to get both the group and user authenticated on
the Radius server now but there is no matching of the user
to the group.
This user can login using any group, not just the one I want
them to use.
How does the radius server match / check the user to the
group?
Sorry
On Wed, 18 May 2005, John Sorel wrote:
I was able to get both the group and user authenticated on
the Radius server now but there is no matching of the user
to the group.
This user can login using any group, not just the one I want
them to use.
How does the radius server match / check the
On Wed, 18 May 2005, Dustin Doris wrote:
On Wed, 18 May 2005, John Sorel wrote:
I was able to get both the group and user authenticated on
the Radius server now but there is no matching of the user
to the group.
This user can login using any group, not just the one I want
them to
On Wed, 2005-05-11 at 17:28 -0500, Douglas G. Phillips wrote:
The problem is this: If I pass the radtest client a clear-text password,
authentication is successful. If either I pass the client an encrypted
password (copied from the logs) or point the 5350 at the radius server,
it doesn't
Hi all,
This is not related to freeradius directly, but to Cisco. I thought
somebody could have had the same problem. I'm willing to send a
reply-message to Cisco ( which I'm allready sending using radius )
and, according to what string I'm sending along with reply-message,
I'm
Totally new to radius. I've installed freeradius 1.02 --with-edir on Suse 9.
Attempting to use 802.1X auth from wireless user behind HP 420 AP using WinXP
to an eDir tree via LDAP. When I use radtest the bind is successful. However
when using the 802.1X supplicant I get the output below.
Matt McFarlane [EMAIL PROTECTED] wrote:
Two things I've noticed are that the password appears to not be
received (via PEAP)
That's how PEAP works.
and that the bind password is being sent as aassword instead of
password no matter what I enter on the supplicant.
The aassword is what you
Hi folks,
I'm writing on a publication deadline and hoping to show how
FreeRADIUS can solve an intriguing problem. Unfortunately so far
I can't seem to get it to do the job.
My goal, ultimately, is to try to authorize users in both a local Samba PDC
(with an LDAP back end) and in another NT
Lucas Aimaretto wrote:
Hi all,
This is not related to freeradius directly, but to Cisco. I thought
somebody could have had the same problem. I'm willing to send a
reply-message to Cisco ( which I'm allready sending using radius )
and, according to what string I'm sending along with
Thomas Boutell [EMAIL PROTECTED] wrote:
My goal, ultimately, is to try to authorize users in both a local Samba PDC
(with an LDAP back end) and in another NT domain, WITHOUT forcing
the use of a domain name in the user name. For various reasons we (or
our readers) need to have two separate
Hi,
FreeRADIUS is trying to do LDAP authentication and not PEAP
authentication. This is probably because you have not configured the
peap module. Please read eap.conf on how to configure the peap module.
Rest of the comments inline.
On Wed, 2005-05-18 at 16:49 -0500, Matt McFarlane wrote:
32 matches
Mail list logo