Re: Help: How to set VLAN by Tunnel-Private-Group-Id for user or group?
I just follow the steps. Create group, add users to the group. and create Remote Access Policy in IAS(Internet Authenticate Service).Does it in right place??? ,edit policy and apply policy to this group. But freeradius can not get the VLAN information from AD. Thanks. [EMAIL PROTECTED] 写道: Since you are using AD to store user profile this is an AD, not freeradius question. Create a (vlan) group; add users/groups to the group; create Remote Access Policy; apply policy to this group; edit the policy to include those Tunnel attributes in dial-in profile; do the same for every VLAN. Ivan Kalik Kalik Informatika ISP Dana 2/8/2007, Hangjun He pi�e: Hi, We use peap + AP + fr + AD to authenticate user. Now It can work. But I need to get VLAN from freeradius for different user or group. How should I do?? Please give me some advice, Thanks. I saw below debug info from maillist, from these info I guess freeradius can set VLAN for user or group. Ready to process requests. rad_recv: Access-Request packet from host 192.168.1.1:1645, id=38, length=149 User-Name = DOMAIN\\testuser Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = 00-19-AA-2C-8F-03 Calling-Station-Id = 00-08-74-46-2A-A5 EAP-Message = 0x0202001601434f5250524f4f545c7467646f72686531 Message-Authenticator = 0x9bc11b6f6182f53f6428ad12c48d8f10 NAS-Port = 50001 NAS-Port-Type = Ethernet NAS-IP-Address = 192.168.1.1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 rlm_eap: EAP packet type response id 2 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 0 users: Matched entry DEFAULT at line 1 modcall[authorize]: module files returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module eap returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 38 to 192.168.1.1 port 1645 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = vlanX EAP-Message = 0x010300061920 Message-Authenticator = 0x State = 0x67c75e29c6b4d8d32c662ce2d154d277 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... - 雅虎免费邮箱3.5G容量,20M附件! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - 雅虎免费邮箱3.5G容量,20M附件!- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
New to Linux
Hi I am using Red hat 9, I am pretty new to Linux field. Can someone suggest me how show I be proceeding so that I can use EAP authentication, for the user connected to my switch. I am very much familiar with the configuration on the switch. It would be helpful if some one can send me a link or doc that could help me to proceed further. Warm Regards Chaitanya Nortel Certified Support Specialist GNTS-Nortel E:mail::[EMAIL PROTECTED] Working Hours :: 8 - 5 EST Phone :: 800 4NORTEL (667 835) option 1 # ERC then Case number - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re : Linux RADIUS and Active Directory
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO == Benjamin K. Eshun - Message d'origine De : inelec communication [EMAIL PROTECTED] À : freeradius-users@lists.freeradius.org Envoyé le : Jeudi, 2 Août 2007, 13h34mn 03s Objet : Linux RADIUS and Active Directory I am trying to setup a Fedora Linux server to authenticate wireless users. I would like to use my AD server to get user information and use the RADIUS just for authentication on the wireless part of our network. Any suggestions or any documment that guide me to do that? best regards Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail _ Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to use LDAP for authorization and authentication while using EAPmethod!!!!!!
[EMAIL PROTECTED] writes: If I understand you well, passwords in LDAP are encrypted, so PEAP won't work. And you want to keep them that way. Your only option is to use SecureW2 and EAP-TTLS-PAP. Or do as I managed to get it working yesterday - put a Samba server in between. RADIUS - Samba - LDAP This means that RADIUS uses LDAP directly for _authorization_, but MSCHAP (ntlm_auth from samba) for _authentication_. Works great now that I managed to get Samba configured correctly (had some unstability problems). Dana 2/8/2007, shantanu choudhary [EMAIL PROTECTED] piše: hello all, i have ldap server installed, i am using it to cross check user-name and password provided by the client!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Nas Type
Peter Nixon wrote: On Fri 27 Jul 2007, Roberto Greiner wrote: Hi, I was starting to look at checkrad, and found (based on http://www.freeradius.org/radiusd/doc/Simultaneous-Use) that using other as the NAS-type will actually check only radutmp instead of looking at the actual NAS. Now, Could someone point me what would be the proper NAS type to use for each of the devices below(or the proper reference document to use)? I'm using the following NASes in my network: Monowall pfSense (3Com) Total Control PopTop (in Linux) What I want to do is to use checkrad as one of the steps to make sure that whoever appears as logged is really logged in, because I'm trying to use Simultaneous-use check, and some of the above (notably monowall) doesn't seem to be clearing properly sometimes. As you have already found the docs you know the answer. The 3Com is obviously type tc. If its not on the list it's other. However, if you write a patch to support the devices you mention, we would be happy to include it in FreeRADIUS. Cheers I've re-checked the available options, and found that there is one nas type for the Total Control, besides 'tc': usrhiper. But there are a few errors in the documentation speaking about it (http://www.freeradius.org/radiusd/doc/Simultaneous-Use). The first is the name itself. The page says usrhyper, when the correct is usrhiper, with i instead of y. The second is that it says that for that option, the naspasswd file is not used, which is partially correct. It can use naspasswd, and in that case the login name declared must be SNMP, or it will fail. For the other two devices (monowall and poptop), I don't know how to proceed yet, since neither of them returns connected user information through SNMP :-( Thanks, Roberto -- - Marcos Roberto Greiner Os otimistas acham que estamos no melhor dos mundos Os pessimistas tem medo de que isto seja verdade Murphy - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: New to Linux
Mudigonda Chaitanya wrote: ... Nortel Certified Support Specialist A Nortel support specialist is asking for support? Is this for a Nortel customer? It's not for Nortel's internal network... I know those people, and they have no problems getting EAP to work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: New to Linux
Thanks for your reply but this is for me, This is for testing Nortel switches on EAP and one of the internal engineers have suggested me to use Freeradius rather than Microsoft, I am a Switch engineer so I have no idea about Linux, It would be helpful if you could help me. Warm Regards Chaitanya Nortel Certified Support Specialist GNTS-Nortel E:mail::[EMAIL PROTECTED] Working Hours :: 8 - 5 EST Phone :: 800 4NORTEL (667 835) option 1 # ERC then Case number -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Friday, August 03, 2007 1:43 PM To: FreeRadius users mailing list Subject: Re: New to Linux Mudigonda Chaitanya wrote: ... Nortel Certified Support Specialist A Nortel support specialist is asking for support? Is this for a Nortel customer? It's not for Nortel's internal network... I know those people, and they have no problems getting EAP to work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: New to Linux
Mudigonda Chaitanya wrote: Thanks for your reply but this is for me, This is for testing Nortel switches on EAP and one of the internal engineers have suggested me to use Freeradius rather than Microsoft, I am a Switch engineer so I have no idea about Linux, It would be helpful if you could help me. The Wiki has a lot of text on getting EAP to work. I suggest starting there. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
challenge-response
Is there any way to implement challenge-response when using the rlm_perl module for authentication? I can't find much information on it. I've tried setting the reply-message and returning 11; but it doesn't seem to do much. Thanks, Ben Confidentiality Notice: This message, and any attachments, may contain information that is confidential, privileged, and/or protected from disclosure under state and federal laws that deal with the privacy and security of medical information. If you received this message in error or through inappropriate means, please reply to this message to notify the Sender that the message was received by you in error, and then permanently delete this message from all storage media, without forwarding or retaining a copy. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and mysql
I send the error in my email. this error is: ERROR 1064(42000) at line 1:you have an error in your sql syntax,.. [EMAIL PROTECTED] wrote: And the error is? Ivan Kalik Kalik Informatika ISP Dana 1/8/2007, zahra bahar pi¹e: Hi I am new in radius, I want to use sql for accounting in freeradius. for creating tables of radius I use # mysql -u root -p mysql.sql after entering password there is this error: ERROR 1064(42000) at line 1:you have an error in your sql syntax,... use the ql.sal rlm_sql Freeradius sql module. I don't know the reason of this error. - Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Shape Yahoo! in your own image. Join our Network Research Panel today!- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius and mysql
USE : # mysql -u root -p mysql.sql NOT : # mysql -u root -p mysql.sql By; -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de zahra bahar Envoyé : samedi 4 août 2007 06:05 À : FreeRadius users mailing list Objet : Re: freeradius and mysql I send the error in my email. this error is: ERROR 1064(42000) at line 1:you have an error in your sql syntax,.. [EMAIL PROTECTED] wrote: And the error is? Ivan Kalik Kalik Informatika ISP Dana 1/8/2007, zahra bahar pi¹e: Hi I am new in radius, I want to use sql for accounting in freeradius. for creating tables of radius I use # mysql -u root -p mysql.sql after entering password there is this error: ERROR 1064(42000) at line 1:you have an error in your sql syntax,... use the ql.sal rlm_sql Freeradius sql module. I don't know the reason of this error. - Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Shape Yahoo! in your own image. Join our Network Research Panel today! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius and mysql
Sorry, USE : # mysql -u root -p radius mysql.sql and not : # mysql -u root -p mysql.sql -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de zahra bahar Envoyé : samedi 4 août 2007 06:05 À : FreeRadius users mailing list Objet : Re: freeradius and mysql I send the error in my email. this error is: ERROR 1064(42000) at line 1:you have an error in your sql syntax,.. [EMAIL PROTECTED] wrote: And the error is? Ivan Kalik Kalik Informatika ISP Dana 1/8/2007, zahra bahar pi¹e: Hi I am new in radius, I want to use sql for accounting in freeradius. for creating tables of radius I use # mysql -u root -p mysql.sql after entering password there is this error: ERROR 1064(42000) at line 1:you have an error in your sql syntax,... use the ql.sal rlm_sql Freeradius sql module. I don't know the reason of this error. - Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Shape Yahoo! in your own image. Join our Network Research Panel today! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html