reading from http://deployingradius.com/documents/protocols/compatibility.html
you can achive that there's no problem to make ldap work with
EAP-PEAP, the only thing you must take care is the hashing algorithm
for the password.
Reading carefully from
Understand that it is not possible to authenticate using EAP-PEAP
against OpenLDAP due to encrypted password. Can someone advise on how
exactly OpenLDAP needs be configured so that it can be used in
EAP-PEAP?
Don't use encrypted password. Or use nt hash and NT-Password. There is
nothing to add -
Hi,
[EMAIL PROTECTED] raddb]# rlm_dbm_cat -f users.db
hhe4 Cleartext-Password := hhe123
Reply-Message = Hello
hhe123Cleartext-Password := hhe123
Reply-Message = Hello
i have a theory of the entries -
Hi,
We have a freeradius server for accounting of AS5300 dial users. there is a
problem:
Some users stay in accounting list when AS is restarted, and they not go to
stop then can't dial after that until admin makes them out of list .
why this happen?
-
List info/subscribe/unsubscribe? See
Hi,
Does any body has idea whether the below parameters are mandatory in
radiusd.conf file ldap section.
groupname_attribute = cn
groupmembership_filter =
(|((objectClass=group)(member=%{Ldap-UserDn}))((objectClass=GroupOfUniqueNames)(uniquemember==%{Ldap-UserDn})))
groupmembership_attribute =
Zahra Bahar wrote:
We have a freeradius server for accounting of AS5300 dial users. there is a
problem:
Some users stay in accounting list when AS is restarted, and they not go to
stop then can't dial after that until admin makes them out of list .
why this happen?
Because the NAS is
2008/2/25, Ryan [EMAIL PROTECTED]:
Hi All,
Understand that it is not possible to authenticate using EAP-PEAP
against OpenLDAP due to encrypted password. Can someone advise on how
exactly OpenLDAP needs be configured so that it can be used in
EAP-PEAP?
I found out from
Hello,
I use FreeRadius with OpenLDAP to authenticate device using EAP-PEAP and it
works fine. The only problem I had was the encrypted password in my LDAP
database.
I by-passed this problem using clear-text Password in LDAP Database and it
works fine.
You can also have a look at this :
Hi,
I am writing an external script to be run based upon an authentication.
When the script returns output I am unsure as to what the assignment
operators do,
for example when should I use += vs := vs =
If I look at the exec-program-wait sample script I see:
echo Reply-Message += \Hello, %u\,
I'm attempting to use Expiration to expire user accounts after a set
time period. What format does the Date/Time (Value field) have to be?
From what I can see it's in the format of Monthname Day Year
Hour:Min:Sec. So for example March 24 2008 00:00:00. But it appears
that in this format you
Hello,
I use FreeRadius with OpenLDAP to authenticate device using EAP-PEAP and it
works fine. The only problem I had was the encrypted password in my LDAP
database.
I by-passed this problem using clear-text Password in LDAP Database and it
works fine.
You can also have a look at this :
http://wiki.freeradius.org/Operators
Ivan Kalik
Kalik Informatika ISP
Dana 25/2/2008, niall el-assaad [EMAIL PROTECTED] piše:
Hi,
I am writing an external script to be run based upon an authentication.
When the script returns output I am unsure as to what the assignment
operators do,
for
So you maintain to instances of this value?
Once in radcheck, and once in an external table? The first instance, in
radcheck, what format do you have that in?
Thanks
Tim
Ivan Kalik wrote:
We don't do these checks on radius database at all. We have a billing
database with users details
We don't do these checks on radius database at all. We have a billing
database with users details which has value of this attribute in
datetime format and checks are done there.
Ivan Kalik
Kalik Informatika ISP
Dana 25/2/2008, Tim White [EMAIL PROTECTED] piše:
I'm attempting to use Expiration
The one you have there in the text.
Ivan Kalik
Kalik Informatika ISP
Dana 25/2/2008, Tim White [EMAIL PROTECTED] piše:
So you maintain to instances of this value?
Once in radcheck, and once in an external table? The first instance, in
radcheck, what format do you have that in?
Thanks
Tim
I need to configurate freeradius to allow NULL realms only from one or
two NAS, and all the other must have a realm in the login. What would be
the best way to do this?
(using freeradius 2.0.2, in a Debian etch platform.)
I tried to add the following in the Users file:
DEFAULT
Ivan Kalik wrote:
The one you have there in the text.
Bummer. Does anyone know how to get a format that doesn't use Words
(month Name)?
Thanks
Tim
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ok been fiddling some more.
What I need to now do is work out which group a user belongs to based on
LDAP users and groups.
I am assuming this is in the radius.conf @ the section about groups.
For Example,
This LDAP user.
# belld, people, dxi.net
dn: uid=belld,ou=people,dc=dxi,dc=net
cn:
Passwords are currently encrypted in LDAP. In this case, am I correct
to say that I will need to add both nt hash and NT-Password to LDAP
using smb-ldap related tools for it to work with PEAP? Will samba be
required to be configured on my LDAP server?
Thanks/Regards,
Ryan
-
List
DEFAULT Ldap-Group == Engineering, and then list of reply attributes.
Ivan Kalik
Kalik Informatika ISP
Dana 25/2/2008, David W Bell [EMAIL PROTECTED] piše:
Ok been fiddling some more.
What I need to now do is work out which group a user belongs to based on
LDAP users and groups.
I am
Ryan wrote:
Passwords are currently encrypted in LDAP. In this case, am I correct
to say that I will need to add both nt hash and NT-Password to LDAP
using smb-ldap related tools for it to work with PEAP?
You will need to *create* the NT hash or clear-text password on your
LDAP server. This
Hello all,
I am relatively new to the RADIUS world, FreeRADIUS is my first RADIUS
server, I am looking forward to learning as much as I can about it.
So far, I have configured FreeRADIUS successfully to authenticate
users against a Windows 2003 Active Directory server for 802.1x PEAP
Hey,
Before I get neck-deep in testing out configs and debugging, I would
like to ask if this is a feasible goal.
yes totally do able.
If it is, I would appreciate
any relevant references you know of so that I may start researching
the proper configuration changes needed to achieve this.
I tried with classic format -MM-DD but it doesn't work.
Tim White wrote:
Ivan Kalik wrote:
The one you have there in the text.
Bummer. Does anyone know how to get a format that doesn't use Words
(month Name)?
Thanks
Tim
-
List info/subscribe/unsubscribe? See
I've been experimenting with machine auth without using a cert, but I seem
to be stuck on the fact that FreeRadius will not authenticate a local user.
I see the request come across through debugging with a username of
host/mymachine.mydomain.com, and no password, and in my users file I have
Hi Ryan,
What you're trying to do is impossible. MS-CHAPv2 is a mutual
authentication protocol, meaning that FreeRADIUS needs to demonstrate
knowledge of the password to the machine.
josh.
-Original Message-
From:
[EMAIL PROTECTED]
org
[mailto:[EMAIL PROTECTED]
eradius.org] On
hi,
you cant do this - the request must go through a full EAP
validation cycle - otherwise the client will just barf.
you dont 'need' certs if you want to be insecure on the
client (but thats foolish) but you do need to take the
incoming request and then do a challenge response against
the
many thanks, thats perfect.
2008/2/25 Ivan Kalik [EMAIL PROTECTED]:
http://wiki.freeradius.org/Operators
Ivan Kalik
Kalik Informatika ISP
Dana 25/2/2008, niall el-assaad [EMAIL PROTECTED] piše:
Hi,
I am writing an external script to be run based upon an authentication.
When the
I'm not sure we use the users file (I have the radius.conf pointed to
sql.conf).
This is what I thought might have to happen but I'm not sure if it makes
sense.
Create 2 Groups in radgroupreply like this:
Telco_LAC_Group - with all the tunnel attributes
LNS_Group - which all the users would be
29 matches
Mail list logo