On 10.07.2013 07:48, Olivier Beytrison wrote:
if ( ADSL-Agent-Remote-Id =~ /(.{0,31})$/ ) {
if ( ADSL-Agent-Remote-Id =~ /(.{1,32})$/ ) {
that's even better as it won't match an empty attribute (you never know ...)
--
Olivier Beytrison
Network Security Engineer, HES-SO Fribourg
Mail:
On 9 Jul 2013, at 18:01, Brian Julin bju...@clarku.edu wrote:
Arran Cudbard-Bell wrote:
Soon. We've gone into official feature freeze. Still finding bugs though,
it'd be helpful if people could test.
Just to make sure it was understood during the foreach fixup patch I sent
on github,
G'day list
I have been tinkering with some Netgear managed L2/L3 switching stuff and
got the
login working via freeradius (actually quite simple compared to EAP stuff
for wireless).
But when issuing enable after login, going into what they call
Privileged EXEC mode
it will - very similar to
Hi,
On Tue, Jul 09, 2013 at 10:58:15AM -0700, Julian Macassey wrote:
On 2013-07-09 at 10:18, Matthew Newton (m...@leicester.ac.uk) wrote:
Try adding the following to the *top* of your users file:
evergreen Cleartext-Password := pa55word, MS-CHAP-Use-NTLM-Auth := 0
When I use the users
Hi,
Currently we have 1000´s of users self-signed certificates (EAP-TLS),
and we´re planning to move our main authentication method to PEAP, but
keeping the certificates in use while valid.
To avoid the need of installing our CA certificate on every Windows
machine, we´ll buy the server
On 10 Jul 2013, at 12:46, Mathieu Simon mathieu@gmail.com wrote:
G'day list
I have been tinkering with some Netgear managed L2/L3 switching stuff and
got the
login working via freeradius (actually quite simple compared to EAP stuff for
wireless).
But when issuing enable after
Fernando Hammerli wrote:
To avoid the need of installing our CA certificate on every Windows
machine, we´ll buy the server certificate from a public CA.
Can Freeradius allow me to have both methods at the same time, ie, the
PEAP with the public CA and certificate users with our 'self-signed'
Julian Macassey wrote:
It does when it is all in the 'users' file, in fact, when
I put my username and password in the users file, my laptop and
smartphone authenticate and connect to the WiFi.
That's good.
But, I want to get that info from /etc/password. I note
from looking
On 10 Jul 2013, at 13:38, Alan DeKok al...@deployingradius.com wrote:
Fernando Hammerli wrote:
To avoid the need of installing our CA certificate on every Windows
machine, we´ll buy the server certificate from a public CA.
Can Freeradius allow me to have both methods at the same time, ie,
Hi,
Currently we have 1000´s of users self-signed certificates (EAP-TLS),
and we´re planning to move our main authentication method to PEAP, but
keeping the certificates in use while valid.
To avoid the need of installing our CA certificate on every Windows
machine, we´ll buy the server
G'day
2013/7/10 Arran Cudbard-Bell a.cudba...@freeradius.org
On 10 Jul 2013, at 12:46, Mathieu Simon mathieu@gmail.com wrote:
FreeRADIUS doesn't have a dictionnary for Netgear stuff yet, I don't
think Netgear
copied Cisco's own AVpair use, but in case they do have own AV pairs,
how
Hi
As a possible hint since your question sounds similar to an issue I had:
I was looking to provide a server-side certificate to my clients from a
public CA
but only allow clients to authenticate via EAP-TLS when presenting a cert
from our
internal CA which avoids the misconfiguration to trust
Hi,
Thank you Arran, that's what I suspected but hoped that there would be
another way to find out.
I'll see if Netgear is willing to approve existence of AV pairs (and if
theyre willing to share them).
on some kit you can run a command to see the VSA list/desc
most vendors will
Hello,
To avoid the need of installing our CA certificate on every Windows
machine, we´ll buy the server certificate from a public CA.
Having the CA cert installed only does half of the job; for EAP
configuration purposes, the CA must explicitly marked as trusted /for
this EAP identity/.
So
Hi, thanks for you reply (extensive to the others),
Just put both CAs in the directory pointed to by CA_path.
Curently my CA_path is where my users certificates are stored.
I thought I had to offer a different server certificate to the user. I
was able to make it work (PEAP only, not the TLS)
Update sections in 3.0 are considerably more powerful than 2.x.x
In addition to being able to override lists on an attribute by attribute basis,
e.g:
update {
request:foo = 'bar'
}
You can also perform full list copies:
update {
request: += reply:
}
Filtered list copies (all
On 10/07/13 15:43, Arran Cudbard-Bell wrote:
Update sections may now also return fail.
Can you clarify - AIUI, sql xlat can now also distinguish between empty
and fail, so if I do this:
update {
request:Tmp-String-0 := %{sql:...}
}
...and the SQL server is down, the xlat will fail and
User a deployment tool as then things like CN checks are done
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Mathieu, thanks for your reply.
It´s not clear to me what exactly has to be done.
So, I´ll place both server certificates inside the certificate_file,
correct? Do I declare it only under the 'tls' section (not on the peap)?
How does FR knows which certificate for each method?
How do I declare
Hello again,
I've successfully gotten to the point where local authentication is working
well for all modes, using multiple SSIDs through two virtual servers, so I felt
confident jumping into the less familiar world of proxying. Not that the
concept is hard to understand, it's just always
Got it now, as you said.
Using the public CA certs on certificate_file (and related private key),
and included the public CA chain on the CA_file (together with my own
CA). Still needs more testing (in more enviroments), but seems to be
working.
Thanks!
Check the difference of CA_file
On 10 Jul 2013, at 16:29, Phil Mayers p.may...@imperial.ac.uk wrote:
On 10/07/13 15:43, Arran Cudbard-Bell wrote:
Update sections may now also return fail.
Can you clarify - AIUI, sql xlat can now also distinguish between empty and
fail, so if I do this:
update {
On 10 Jul 2013, at 23:59, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
On 10 Jul 2013, at 16:29, Phil Mayers p.may...@imperial.ac.uk wrote:
On 10/07/13 15:43, Arran Cudbard-Bell wrote:
Update sections may now also return fail.
Can you clarify - AIUI, sql xlat can now also
23 matches
Mail list logo