Hi
I'm trying to organize my net using 802.1x able switches with freeradius
2.1.1+Openldap2-2.4+OpenSuse11.1
The system is running, at least @ test level but not yet deployed, but I
reach a cross road and finally I've to choose.
Or having one ldap subtree per vlan, filled with all host that
Scott Miller wrote:
./configure --disable-libltdl-install --with-system-libtool
...
/home/scott/freeradius-server-2.1.10/src/main/modules.c:1372: undefined
reference to `lt_preloaded_symbols'
sigh The previous link line shows it's using the local libltdl,
which provides that symbol.
Ramon Escriba wrote:
Is that aproach, try the next vlan if exists @ ldap, possible, how?
You've tried a lot of different things and are lost in the complexity
of the solution.
The problem isn't that hard. Find a key which determines which VLAN
to use. This key can be switch IP, location,
*VSA: Vendor*-*Specific Attributes*
2010/9/29 Alan DeKok al...@deployingradius.com
Noura Kossentini wrote:
how can I add a VSA to freeRadius server??
What does that mean?
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List
Noura Kossentini kossentini.no...@gmail.com wrote:
*VSA: Vendor*-*Specific Attributes*
I think telling the core/solo developer and author of FreeRADIUS what
'VSA' stands for is unlikely to be quite the 'what' he was hoping you
would answer.
Your question is 'meaningless', I think it might
Hi
Thank you Alexander for clarification and I'm sorry to ask such questions;
So I want to install a radius server. The documentation maked me confused to
use free radius with Jradius. I want to connect to the radius server
(Jradius or freeradius or the two at the same time I don't know) using
Noura Kossentini wrote:
So I want to install a radius server. The documentation maked me
confused to use free radius with Jradius.
I don't know why. They are two independent projects, with different
web sites.
I want to connect to the
radius server (Jradius or freeradius or the two at the
Hi Alan,
Well, touche. We're also trying to use the ldap db to store dhcp info, so
using the same structure to keep all host related data, radius+dhcp+dns.
The problem is we've a big number of vlans, and multiple devices may connect
in some vlans. I'll try to simplify, I shall keep thinking on
David McPike wrote:
Excellent! Thanks, Alan. I have all my test cases working now except
for one. I still need to retain the original realm information in the
supplied User-Name. The old radius server needs it as part of the
username to know which child domain controller to contact for
Ramon Escriba wrote:
By the way, in some of the cases the switch-ip, even switch+port, is the
key, so huntgroups does the job but only partially.
This works (original huntgroups example):
#business NAS-IP-Address == 192.168.2.5, NAS-Port-Id == 1
But not this:
#business
I'm trying to get FreeRadius to authenticate against the local server's
usernames and passwords. I have a fresh installation and I've confirmed that
authentication is working with a test entry in the /etc/raddb/users file. I've
also tested authentication from another system and it works too.
= admin
User-Password = password
NAS-IP-Address = 192.168.1.1
NAS-Port = 0
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log]
expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
- /var/log/radius/radacct/127.0.0.1/auth-detail-20100930
James S. Smith wrote:
I'm trying to get FreeRadius to authenticate against the local server's
usernames and passwords. I have a fresh installation and I've confirmed that
authentication is working with a test entry in the /etc/raddb/users file.
I've also tested authentication from another
Hi Alan,
Then does it possible to do a general match rule in huntgroups to lets say
the 35 first ports belong to a vlan A and the rest 36 to 48 to vlan B,or
not?
business NAS-IP-Address == 192.168.2.5, NAS-Port-Id == 1-35
IT NAS-IP-Address == 192.168.2.5, NAS-Port-Id == 36-48
Do I
On 2010/09/30 05:05 PM, Ramon Escriba wrote:
Hi Alan,
Then does it possible to do a general match rule in huntgroups to lets say
the 35 first ports belong to a vlan A and the rest 36 to 48 to vlan B,or
not?
It sounds like you need some custom logic.
Have you looked at rlm_perl?
--
Johan
In other words, if I proxy to the old radius server, the username
needs to be realm\user again.
Set nostrip in the realm configuration.
I finally have a solution. I wanted to keep strip enabled because I
have to perform the LDAP query on the stripped username. So, I added
the following
Thanks
Hi
After multiple issues I found a partial solution, but not the best.
I unselect validate server certificate in the XP client.
After doing that, the client authenticates. I know that this is a very
dangerous practice.
Is mandatory for an XP machine to authenticate the server
17 matches
Mail list logo