Then new version will do ttls/mschapv2
Ron.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, July 14, 2004 2:28 AM
To: [EMAIL PROTECTED]
Subject: question EAP-TTLS/MSCHAPv2
Hello , I have two questions...
Does SecureW2
I would like to configure the server to ignore all realm
delimiters and process
All requests as the same realm. Which would be the better
option ?
Option 1:
If I remove the realm lines in radiusd.conf
Will all requests go to the default realm ?
realm suffix {
format =
If there are multiple users in an LDAP database with the
same login name what is
The default behavior of the ldap module, will it stop at the
first login name that
Matches and compare the password ? I assume so. If I wanted
it
To keep comparing all the users it finds in the database
there may be duplicates.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kostas
Kalevras
Sent: Sunday, October 31, 2004 9:54 AM
To: [EMAIL PROTECTED]
Subject: Re: ldap searching
On Sun, 31 Oct 2004, Ron Wahler wrote:
If there are multiple users
If there are multiple users in an LDAP database with the same login
name
what is
The default behavior of the ldap module, will it stop at the first
login
name that
Matches and compare the password ? I assume so. If I wanted it
To keep comparing all the users it finds in the database
Alan,
When a radius reply come back from a proxy server
Can/does FreeRadius know if it was a bad password/bad login
or
A timeout of the proxy server ? is there an error code or ID
that
Is set ? or an attribute that says why the reply was
rejected ?
Ron.
When a radius reply come back from a proxy server
Can/does FreeRadius know if it was a bad password/bad login or
A timeout of the proxy server ? is there an error code or ID that
Is set ? or an attribute that says why the reply was rejected ?
There's nothing in the server right now to do
There's nothing in the server right now to do something different if
the home server returned Access-Reject, or simply failed to respond.
If the home server sends a Reply-Message along, then there's a
difference
So the Reply-Message is how a client can determine why the request was
Is there a way for me to set the Reply-Message to Timeout or something
If the proxy times out?
Ron.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxy to IAS will work too.
Ron.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, January 05, 2005 10:24 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: Confirmation of LDAP/CHAP and AD
Okay. Thanks.
Now my
You could still encrypt the passwords in the ldap database it just has
to be
A two way hash so you can get the password in the clear.
Ron.
Ron Wahler
http://www.postive-logic.net
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Christopher Price
Sent
You could still encrypt the passwords in the ldap database it just has
to be A two way hash so you can get the password in the clear.
Ron.
Ron Wahler
http://www.positive-logic.net
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Christopher Price
Sent
.
If in LDAP (openldap) we provide the ntpassword (with samba), it will
work for authenticate Windows XP users with PEAP + mschapv2 ??
Thanks.
Ron Wahler wrote:
You could still encrypt the passwords in the ldap database it just has
to be A two way hash so you can get the password in the clear
: RE: LDAP, PEAP, Active Directory issue
AD
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ron
Wahler
Sent: Thursday, January 13, 2005 4:13 PM
To: freeradius-users@lists.freeradius.org
Subject: RE: LDAP, PEAP, Active Directory issue
Are you storing
Did you try just
--username=%{Stripped-User-Name:-None}
Ron.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, January 20, 2005 9:39 AM
To: freeradius-users@lists.freeradius.org
Subject: 802.1x, PEAP, and AD
Hi all,
I'm
have you tried a non
mschapv2 authentication? try a basic authentication with NTradping to make
sure
The password is read
correctly when you are not doing mschapv2.
I think you set the password
incorrectly in the users file.
Ron.
http://www.positive-logic.net
While attempting to do an ldap bind FreeRadius seg faulted.
Can anyone help ? Has anyone else seen this ?
Thanks,
Ron.
modcall[authorize]: module backslash returns
noop for request 5
rlm_realm: Request already proxied.
Ignoring.
modcall[authorize]: module realmpercent
Looks like its a problem when FR
tries to talk on port 636 SSL to an ldap server.
-Original Message-
From: Ron Wahler
Sent: Friday, March 05, 2004 11:50
AM
To:
[EMAIL PROTECTED]
Subject: Snapshot 226 of
FreeRadius - Segmentation fault on ldap bind
While attempting
Having a problem with the ldap search with Active
Directory. The query does not come back with a basedn of dc=rp,dc=com,
it
Does come back with a query basedn cn=User, dc=rp,dc=com.
I did a query with ldapsearch and it came back both ways, and fast.
So it is something with FreeRadius not
basedn = cn=Users,dc=rp-eng,dc=com
filter =
(SamAccountName=%{Stripped-User-Name:-%{User-Name}})
start_tls = no
tls_mode = no
timeout = 20
net_timeout = 10
timelimit = 20
}
[Ron Wahler]
rlm_ldap
/password and verify the user password.
-Original Message-
From: Kostas Kalevras [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 01, 2004 1:34 AM
To: [EMAIL PROTECTED]
Subject: Re: ldap section
On Wed, 31 Mar 2004, Ron Wahler wrote:
Can you authenticate
21 matches
Mail list logo