James McOrmond wrote:
As per previous emails, since i'm using samba/ldap i'm able to pull the
nt/lmpassword fields directly out of the ldap. Should this method
negate the use of the ntlm_auth method?
Yes.
See ldap.attrmap. The LDAP module uses this to map LDAP attributes to
RADIUS
Hi all,
I know there already was this problem posted on the list, but I still
have problems adding a new dictionary file to freeradius;
Could anyone please state the steps I have to follow to manually attach
a new dictionary to my installed freeradius.
Thank you !
-
List
Cristian Novac wrote:
Hi all,
I know there already was this problem posted on the list, but I still
have problems adding a new dictionary file to freeradius;
Can you explain what the problems are?
Could anyone please state the steps I have to follow to manually attach
a new dictionary to
Alan DeKok wrote:
Oleg Kozheltsev wrote:
And for accounting Exec-Program don't work anymore... So I create exec
acc_call { program = } module too (with auth_call module).
Now I with freeradius 2.0.1 :)
If you list exec in the post-auth section, then Exec-Program and
Exec-Program-Wait will
Hi,
I've follow the instruction on the link to configure dialup admin. i've a
problem with the php3 scripts. when test the configuration in localhost the
home page appears and on the right top we have the scripts .php3 which appears.
i'm using redhat 9 with php 4.
please can you help me to
Is the password in the database encrypted? If it is:
http://deployingradius.com/documents/protocols/compatibility.html
If it isn't - post the radiusd -X debug.
Ivan Kalik
Kalik Informatika ISP
Dana 25/3/2008, srdjan mish [EMAIL PROTECTED] piše:
Hi, I have a problem while autorizing with chap
Hi, I have a problem while autorizing with chap password
Problem is next:
I have Allied Telesys NAS, it sends User-Name, CHAP Password and NAS IP, radius
does everything ok,
but when it comes to part where he compares password it says: Wrong
password...
I was debugging with -X -xx, and FR
Alan DeKok wrote:
Cristian Novac wrote:
Hi all,
I know there already was this problem posted on the list, but I still
have problems adding a new dictionary file to freeradius;
Can you explain what the problems are?
Could anyone please state the steps I have to follow to
Hi,
Hi all,
I know there already was this problem posted on the list, but I still have
problems adding a new dictionary file to freeradius;
Could anyone please state the steps I have to follow to manually attach a
new dictionary to my installed freeradius.
stick it into the dictionary
It's me againI solved the problem.
I apologize for bothering.
Thank you for your advices.
Cristian Novac wrote:
Alan DeKok wrote:
Cristian Novac wrote:
Hi all,
I know there already was this problem posted on the list, but I still
have problems adding a new dictionary file to freeradius;
I will be out of the office starting Tue 25/03/2008 and will not return
until Mon 31/03/2008.
I will respond to your message when I return.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dear all,
I have configured freeradius with ldap backed as given in
http://freeradius.org/radiusd/doc/ldap_howto.txt.
The user get authorized but the authentication failed.
The detail output is here:
Ready to process requests.
rad_recv: Access-Request packet from host a.b.c.d:3272, id=0,
Hi, i've got back to problem :
as i mentioned i have plain text stored passwords (atrib UserPassword) in
ldap, and i want to change it to crypt, or mda5. Mschap need NT-Password ,
which is the best way to solve it? I do not want to store NT-Password value
in LDAP, or there is no other choice? What
http://deployingradius.com/documents/protocols/compatibility.html
Have a look at the mschap row and you will see what can and what can't
work.
Ivan Kalik
Kalik Informatika ISP
Dana 25/3/2008, David Hláčik [EMAIL PROTECTED] piše:
Hi, i've got back to problem :
as i mentioned i have plain text
Heya,
i'm a bit stuck. My xp box should auth with ssl cert - works ok so
far. But how to assign vlan?
When doing this with user, i put my user + pass into users file -
works. But for ssl cert?
I want my xp box authentificated by ssl cert and after that, my user
should logon to his vlan.
So that i
David Hláčik wrote:
as i mentioned i have plain text stored passwords (atrib UserPassword)
in ldap, and i want to change it to crypt, or mda5.
Don't.
Mschap need
NT-Password , which is the best way to solve it?
Store passwords in clear-text. Anything else is a bad idea.
I do not want
amir shrestha wrote:
I have configured freeradius with ldap backed as given in
http://freeradius.org/radiusd/doc/ldap_howto.txt.
The user get authorized but the authentication failed.
...
rlm_ldap: bind as uid=abc,ou=users,ou=radius,dc=whitehouse,dc=edu/12345
to x.x.x.x:389
rlm_ldap:
if I understand you correctly you wanna do this
enable EAP on your Cisco switch; where all ports are in shutdown mode.
a user on your XP box has a User Cert which is passed through EAP to your
Freeradius box;
the freeradius authenticates the user with his certificate DN etc.
then instructes the
No, it is ClearText-Password...
I told, when I test with same attributes, but with RadiusTest software, it
works... I think it is something about NAS Type or something like
that...
I can post -X, but it only says Wrong password, nothing more...
radiusd -X:
Dear all,
I have installed FreeRadius in Windows XP Professional but I keep getting this
error ehen testing:
radclient:dict_init:couldn't open dictionary
freeradisu/etct/raddb/dictionary:No such file or directory.
Is there anyone who has an idea about this error?
Thanks in advance.
Kind
Moses Ndala wrote:
I have installed FreeRadius in Windows XP Professional
How? There is no official Windows binary available.
Maybe you're thinking of freeradius.net? That's based on
FreeRADIUS, but not part of the official distribution.
Alan DeKok.
-
List info/subscribe/unsubscribe?
srdjan mish wrote:
No, it is ClearText-Password...
I told, when I test with same attributes, but with RadiusTest software,
it works... I think it is something about NAS Type or something like
that...
I can post -X, but it only says Wrong password, nothing more...
Then the password
hi,
you wouldnt be able to have the post in shutdown mode - or EAP
would never be undertaken.
you need to configure the cisco switch so that it does 802.1x
authentication (see cisco docs on how to configure the
switch for 802.1x and for RADIUS) then you simply
configure FreeRADIUS to send back
Hi,
thanks for replys!
i'm very sorry, there is a little missunderstanding :(
Switch works ok so far, so nothing needs to be done there.
My client is xp box with logon client which can do maschine auth and
prompt the user for his name and pass...
So i use ssl to auth the maschine (has a general
alan,
thank, was trying to follow mr hot pants' grammar.
On Tue, Mar 25, 2008 at 10:18 AM, [EMAIL PROTECTED] wrote:
hi,
you wouldnt be able to have the post in shutdown mode - or EAP
would never be undertaken.
you need to configure the cisco switch so that it does 802.1x
authentication
Hi,
i'm very sorry, there is a little missunderstanding :(
Switch works ok so far, so nothing needs to be done there.
My client is xp box with logon client which can do maschine auth and
prompt the user for his name and pass...
So i use ssl to auth the maschine (has a general cert like
Hi Ivan,
Sorry to get back to you early as I did not had ldap access :(
After adding radiusAuthType on ONE uid it is working fine now.
But now the issue is, I have some cases where the MAC address are stored
multiple times in Ldap. Thus the ldap query is failing.
Please check the log below.
Alan DeKok wrote:
James McOrmond wrote:
As per previous emails, since i'm using samba/ldap i'm able to pull the
nt/lmpassword fields directly out of the ldap. Should this method
negate the use of the ntlm_auth method?
Yes.
See ldap.attrmap. The LDAP module uses this to map
Is it possible/appropriate to have some test accounts in the users
file, along with an Auth-Type set to which auth type this account can be
used for?
We're testing a client that we're building (based on wpa_supplicant on
linux), so would like to confirm the different auth methods are
Hi,
How do I configure Radius server to work with DHCP server, so the client
will authenticate with Radius first
before DHCP will assign it an IP?
Kevin SZ
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi, in my working solution, i have pptp (vpn) configured with radius using
LDAP.
Each user has a value Framed IP Adress which will assign him exact IP
adress.
Currently i am rebuilding ldap structure to groups. And i want the users
which will be members of group foo , to have dynamically
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi there,
we use Freeradius (1.1.0 from sles10) to provide 802.1x on all wired
switches in the company. As backend we have Novell eDir where all users
are stored. We also use per user vlans, which are stored in the eDir.
This setup is working so far.
Hi,
Beside that, i noticed that when using a wrong ssl cert and user+pw
(to get vlan300) freeradius *first* checks the edirectory, and THEN
the eap/ttls stuff - shouldn't this be exactly the other way around?
err, no, because you have told it to behave like this. change
the order of the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
[EMAIL PROTECTED] wrote:
Beside that, i noticed that when using a wrong ssl cert and user+pw
(to get vlan300) freeradius *first* checks the edirectory, and THEN
the eap/ttls stuff - shouldn't this be exactly the other way around?
err, no,
Pool-Name. Have a look at ippool section of radiusd.conf.
Ivan Kalik
Kalik Informatika ISP
Dana 25/3/2008, David Hláčik [EMAIL PROTECTED] piše:
Hi, in my working solution, i have pptp (vpn) configured with radius using
LDAP.
Each user has a value Framed IP Adress which will assign him exact
After adding radiusAuthType on ONE uid it is working fine now.
But now the issue is, I have some cases where the MAC address are stored
multiple times in Ldap. Thus the ldap query is failing.
Please check the log below. Can you please suggest me any workaround? Will
really appreciate.
Only the
There is nothing to configure. It works that way.
Ivan Kalik
Kalik Informatika ISP
Dana 25/3/2008, Kevin Zhang [EMAIL PROTECTED] piše:
Hi,
How do I configure Radius server to work with DHCP server, so the client
will authenticate with Radius first
before DHCP will assign it an IP?
Hi Ivan,
Thanks for your reply. But how do DHCP know NOT to give the IP to the client
When the authentication fail on RADIUS?
Kevin SZ
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ivan Kalik
Sent: Tuesday, March 25, 2008 4:51 PM
To: FreeRadius users
Because it will never be asked for one. PPP negotaiation will not reach
that stage.
Ivan Kalik
Kalik Informatika ISP
Dana 25/3/2008, Kevin Zhang [EMAIL PROTECTED] piše:
Hi Ivan,
Thanks for your reply. But how do DHCP know NOT to give the IP to the client
When the authentication fail on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Kevin Zhang wrote:
Hi Ivan,
Thanks for your reply. But how do DHCP know NOT to give the IP to the client
When the authentication fail on RADIUS?
When you configure your switch, you can tell him what to do when auth
fails. You can shutdown
Hi Ivan,
Thanks again for the reply. Actually my scenario is like this:
I have a box needs to be installed via PXE. The box will send out its mac
address to get the ip of tftp server and the location of pxelinux.0.
Without Radius, the box will talk to DHCP server directly for all
The information
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
if you don't mind i answer ;)
Kevin Zhang wrote:
Hi Ivan,
Thanks again for the reply. Actually my scenario is like this:
I have a box needs to be installed via PXE. The box will send out its mac
address to get the ip of tftp server and the
42 matches
Mail list logo
