Hi Alan,
Thanks for the reply. Pardon my ignorance but as you mentioned I did not
find raddb/sites-available/coa.
In 2.1.8, there's an example CoA server in raddb/sites-available/coa
I only see,
# ls -lart sites-available/
total 124
-rw-r- 1 root root 2538 May 14 15:37 vmps
-rw-r-
Eric Martell wrote:
Hi Alan,
Thanks for the reply. Pardon my ignorance but as you mentioned I did
not find raddb/sites-available/coa.
In 2.1.8, there's an example CoA server in raddb/sites-available/coa
Ah... it's in 2.1.9, then.
See http://git.freeradius.org/pre/ for a pre-release
whatever the first result.
rlm_ldap: performing search in dc=eng,dc=com, with
filter ((uid=test1)(phone=1231313128))
rlm_ldap: object not found or got ambiguous search
result
rlm_ldap: search failed
Please help.
Thanks and Regards,
Eric.
--- Eric Martell [EMAIL PROTECTED] wrote:
Thanks so
missing something.
Thanks and Regards,
Eric.
--- Eric Martell [EMAIL PROTECTED] wrote:
Thanks so much Phil. I am using freeradius-1.0.4
I am going to install the latest version and will
try
your suggestion.
Thanks and Regards.
Eric.
--- Phil Mayers [EMAIL PROTECTED] wrote
PROTECTED] wrote:
Eric Martell wrote:
Hi Phil,
I installed the latest freeradius-1.1.7. I put
the
line
set_auth_type = no in ldap module
to ignore the authentication. But for some reason
I
get the following error in the log.
rlm_ldap: user test1 authorized to use remote
Hi Phil,
Here is the detail configs and logs. Please let me
know.
Thanks and Regards.
modules {
ldap {
server = ldap://x:1389;
identity =
uid=appuser,ou=appadm,o=entitlement
password = **
basedn =
Hi Phil,
Please let me know if you need more info. I am
still
stuck with the problem.
Thanks and Regards,
Eric.
--- Phil Mayers [EMAIL PROTECTED] wrote:
rlm_ldap: user test1 authorized to use remote
access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap
Hi Alan,
Can you please help me out with the LDAP query? I
am still stuck with the issue.
Your response will be greatly appreciated.
Thanks and Regards,
Eric.
--- Alan DeKok [EMAIL PROTECTED] wrote:
Phil Mayers wrote:
Slightly confusing, there are two ways to do this:
This should be
:
Eric Martell wrote:
Hi Alan,
Can you please help me out with the LDAP query?
I
am still stuck with the issue.
What problem is left to solve?
i.e. I read and answer a *lot* of email. I don't
recall much past
what's on my screen right now...
Alan DeKok.
-
List info
PROTECTED] wrote:
OK, so password is not in LDAP. Where is it then?
Are you trying to
accept users without passwords? Consider using a
perl script to
implement that logic and forget about LDAP module in
Freeradius.
Ivan Kalik
Kalik Informatika ISP
Dana 4/1/2008, Eric Martell
[EMAIL
Please let me know if this topic is already discussed
or has doc/wiki. If yes please guide me to the right
thread. Thanks.
We are going to use MACaddress as silent
authentication. When the users tries to connect to the
WIFI Access point, Aptilo Networks is going to send
MacAddress as User-Name
authentication mac address is used as
username. So you will have
to create entries that have (only) username equal to
mac address and
radiusAuthType Accept.
Ivan Kalik
Kalik Informatika ISP
Dana 19/3/2008, Eric Martell
[EMAIL PROTECTED] pi¹e:
Please let me know if this topic is already
make entries as users.
Ivan Kalik
Kalik Informatika ISP
Dana 20/3/2008, Eric Martell
[EMAIL PROTECTED] pi¹e:
Hi Ivan,
Thanks for the response. I am newbie for
freeradius.
Not sure which file I should configure this? I have
ldap module configured in radiusd.conf.
Can you please
Hi Ivan,
Sorry to get back to you early as I did not had ldap access :(
After adding radiusAuthType on ONE uid it is working fine now.
But now the issue is, I have some cases where the MAC address are stored
multiple times in Ldap. Thus the ldap query is failing.
Please check the log below.
Hi Ivan,
We have scenarios when one PC gets transfered to other user, we don't
delete the registered MAC address of the previous PC. The other new user still
able to register with the previous user's existing PC MAC address one more
time. Thus the scenario of duplicate entries in LDAP.
of sending reject.
Please let me know if this is doable.
Thanks and Regards.
Ivan Kalik [EMAIL PROTECTED] wrote: Your did needs to be a distinguished name.
Ivan Kalik
Kalik Informatika ISP
Dana 26/3/2008, Eric Martell pi¹e:
Hi Ivan,
We have scenarios when one PC gets transfered to other
instead of sending reject.
Please let me know if this is doable.
Thanks and Regards.
Ivan Kalik wrote: Your did needs to be a distinguished name.
Ivan Kalik
Kalik Informatika ISP
Dana 26/3/2008, Eric Martell pi¹e:
Hi Ivan,
We have scenarios when one PC gets transfered to other user
Hi,
I mapped my ldap attribute in the ldap.attrmap file as
replyItem rCidx roleid
And in the dictionary file I mapped it as
ATTRIBUTE rCidx 3000string
I am using NTRadPing to test the authorization.
I see in the log, radius
-Type Accept
rad_check_password: Auth-Type = Accept, accepting the user
Login OK: [0014F846C199/via Auth-Type = Accept] (from client samir port 0)
Sending Access-Accept of id 21 to 216.2.193.1 port 20070
rEntitlements = test1
rCidx = 11
Alan DeKok [EMAIL PROTECTED] wrote: Eric
[EMAIL PROTECTED] wrote: Eric Martell wrote:
I am using NTRadPing to test the authorization.
I see in the log, radius attribute is mapped to ldap attribute and
returning valid value
rlm_ldap: LDAP attribute roleid as RADIUS attribute rCidx = 11
but I did not see it in the Sending Access
as ldap tree is structured with roleid as dn and uid/did
is an attribute. Also changing ldap tree is not possible.
Please let me know.
Thanks in advance.
Alan DeKok [EMAIL PROTECTED] wrote: Eric Martell wrote:
Can you please reply me about LDAP multiple attributes in the radius
reply response
Hi,
We have radius server which is inhouse which does the LDAP authentication.
We got a new request from third party to do authentication for their users
using POP3.
So the request comes to radiusA (our inhouse radius).
If the user has realm as @xyz.net ..then we forward the request to
Hi,
We are trying to use LDAP group for authentication
and authorization.
Ldap1 = baseDN = dc=user,dc=net,o=internet
This Ldap1 will have users and passwords store in it
along with profile.
Ldap2 = baseDN = dc=role,dc=system,o=internet
This Ldap2 will have only users and associated roles.
No
I will be really appreciated if someone points me to
the right direction or archive of the thread.
Thanks in advance.
Regards.
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
-
List
I am little bit confused as how to configure
radiusd.conf in the authorize and/or authenticate
section. So password is going to act like ldap
attribute.
We are going to pass, username and ldap attribute
(home phone #) as input for each user.
The way it is configured now is in the modules,
ldap
we don't have.
I also tried in users file
Ldap-UserDN := `cn=Manager,dc=eng,dc=com/answer2`
But for some reason it is not working.
Please help.
Let me know if you need more information or please
guide me to any documentation.
Thanks and Regards,
Eric.
--- Eric Martell [EMAIL PROTECTED
Thanks so much Phil. I am using freeradius-1.0.4
I am going to install the latest version and will try
your suggestion.
Thanks and Regards.
Eric.
--- Phil Mayers [EMAIL PROTECTED] wrote:
Eric Martell wrote:
Hi,
Is it possible to altogether avoid authenticate
section and just do ldap
Kalik Informatika ISP
Dana 25/8/2008, Eric Martell [EMAIL PROTECTED] piše:
Hi,
We have radius server which is inhouse which does the LDAP
authentication We got a new request from third party to do authentication for
their users using POP3.
So the request comes to radiusA (our inhouse radius
@lists.freeradius.org
Date: Tuesday, August 26, 2008, 11:13 AM
Eric Martell wrote:
I am sending request thru radclient on radiusa. But for some reason the
request does not get proxied to radiusb.
This is the radius -X log.
You've edited it so that most of it is missing.
i.e. the part where
-users@lists.freeradius.org
Date: Tuesday, August 26, 2008, 12:00 PM
Eric Martell wrote:
Here is the entire log.
...
rlm_ldap: performing search in dc=test1,dc=net,o=internet, with filter
(uid=testaccount)
If you're proxying the request, why have you configured the server to
do lookups in LDAP
Hi,
We are defining custom VSA's for our company. We have ldap configured in
freeradius which returns back the VSA's.
I defined custom VSA in
$freeradius/share/freeradius/dictionary.abc
ATTRIBUTE rEntitlements 113 string
entitlements is multivalue attribute
://wiki.freeradius.org/Operators
Ivan Kalik
Kalik Informatika ISP
Dana 8/10/2008, Eric Martell [EMAIL PROTECTED] piše:
Hi,
We are defining custom VSA's for our company. We have ldap
configured in freeradius which returns back the VSA's.
I defined custom VSA in
$freeradius/share/freeradius/dictionary.abc
Hi Ivan,
I agree with you. But I am reading those attributes from LDAP. In LDAP
entitlements attribute is defined as Multivalue (array). I can't not change
the existing LDAP structure.
I am mapping entitlements attribute from LDAP with the radius attribute
rEntitlements in the ldap.attrmap
Ivan,
I told the management but looks like no go.
is there any way I can change the rlm_ldap.c?
I am not proficient in c, so might need additional help.
Or there are any other options.
Let me know.
Thanks in advance.
--- On Thu, 10/9/08, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
From:
Thanks Ivan.
Not sure which file should I add the update reply? Getting familiar with unlang
so pardon my dumb questions.
I added in ldap.attrmap.
update reply {
rEntitlements -= entitlements
}
replyItem rEntitlements entitlements +=
is that right? Also you
Hi..
I searched thru the forums but not getting the right username after using
regex.
The request I am getting is : [EMAIL PROTECTED] and I need to strip everything
after @ and pass the username as test.
I am using ldap for auth. This is the config I have in ldap.
if
Alex French wrote:
2008/10/10 Eric Martell [EMAIL PROTECTED]:
Hi..
I searched thru the forums but not getting the right username after
using
regex.
The request I am getting is : [EMAIL PROTECTED] and I need to strip
everything
after @ and pass the username as test.
Is there some reason
Hi,
I am searching through the forum and did not got a right suggestion.
I am doing LDAP authentication and getting macaddress as User-Name in the
following format.
User-Name = 001e.5283.34aa
I want to convert that to 001E528334AA = convert to uppercase.and remove
the dots.
Is there any
Hi...
I need to do multiple ldap lookups (2).. The
purpose of both the ldaps are different so it does not
abide with configurable_failover scenario in a way.
ldap1.
This ldap is solely used for authentication for
given user.
ldap2.
This ldap is solely used for checking ldap attribute
Thanks so much Neal. You got it 95% right. The problem
is FreeRadius always authorize first (no matter what
the order in radiusd.conf) and then authenticate.
authorize {
.
.
.
ldap2
}
authenticate {
.
.
.
ldap1
}
So if the user fails in
Thanks Alan.
I figured it out. It should be
ldap2 {
notfound = reject
}
as ldap2 is returning notfound status.
Thanks so much again.
--- Alan DeKok [EMAIL PROTECTED] wrote:
Eric Martell [EMAIL PROTECTED] wrote:
Thanks so much Neal. You got it 95% right. The
problem
is FreeRadius
41 matches
Mail list logo
