Hi,
I'm about to change the CA of my radius server certificate. At the same
time I've installed a new wifi network and plan to change the SSID as
well (authentication is EAP-TTLS or EAP-PEAP).
In order to avoid a complete breakout when I change the certificate of
my radius server (because a
Hi Alan,
Thank you for your prompt answer.
Alan DeKok a écrit :
Yes. Others use multiple certs multiple EAP modules.
Thanks for this answer, this confirms that I'm on the right way.
A quick look at FR debug logs confirms, as far as I can read them, that
the client is refusing the
Hi All,
I just wanted to mark this thread as resolved.
Alan DeKok a écrit :
Yes. Others use multiple certs multiple EAP modules.
Thanks for this answer, this confirms that I'm on the right way.
Indeed it works now ;-)
I'll make more tests and will triple check my setup now I know
Is it possible to set up a new account on the wiki, or does that require an
administrator?
I wanted to mark the page http://wiki.freeradius.org/PopTop as obsolete and
applying only to the 1.x versions of freeradius. These are the instructions
I was originally folowing, and they distinctly do
freeradius-users@lists.freeradius.org
On Monday 19 April 2010 07:16:52 pm Thibault Le Meur wrote:
Please can you explain why you think it is obsolete ?
It addresses the configuration in single-file format rather than the
distributed file format that the current packaging (for Debian at least)
uses
Jonathan Hutchins a écrit :
On Tuesday 20 April 2010 01:00:42 pm John Dennis wrote:
[pap] WARNING! No known good password found for the user. Authentication
may fail because of this.
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
You have to either have a Cleartext
Le 11/05/2010 10:09, htt thanh a écrit :
Hi, I don't know why the user-password id encrypted, how can I make a
cleartext secret...;((
The pb is with your client shared secret: the secret you set in
/etc/raddb/clients.conf and in your NAS configuration.
It seems that you haven't set the same
Le 27/05/2010 10:46, Marco Jaraiz a écrit :
hello,
i want to use expiration module to validate user account, but i need check
the expirtation between two dates, init and finish date.
somebody help me.
As you already may know the expiration module only works for expiration
date.
When I
Hi,
hadi golestani a écrit :
Hi,
I wana use freeradius to dynamically assign ip to my vpn clients.
so I defined an ip pool with the range of 10.3.3.1 http://10.3.3.1
to 10.3.3.255 http://10.3.3.255,
with the radtest command , I'm getting the the ip in answer but while
trying to connect from
Alan DeKok a écrit :
What am I doing wrong? Below I've copypasted config files of pptpd
radius and their debug logs.
sigh Do NOT post the FreeRADIUS dictionaries to this list. There
is nothing wrong with the dictionaries.
DO configure pptpd to point to the RADIUS dictionaries it
Sascha Kiefer a écrit :
Hi,
Thanks to http://wiki.freeradius.org/PopTop i can authenticate my vpn
users
using an remote radius server using MS-CHAPv2
You're welcome ;-)
Passwords are stored in clear in the mysql database.
PopTop is responsible for the remoteip.
Everything works.
Now, is it
Sending Access-Accept of id 177 to 127.0.0.1 http://127.0.0.1
port 51289
Finished request 0
Going to the next request
Great, then you've been authenticated by the LDAP server and the RAdius
server is sending an Access-Accept message to you VPN server.
As far as FreeRadius
-Message d'origine-
De :
[EMAIL PROTECTED]
radius.org
[mailto:[EMAIL PROTECTED]
sts.freeradius.org] De la part de peppeska
Envoyé : mardi 20 mars 2007 10:34
À : FreeRadius users mailing list
Objet : freeradius, ldap error - HELP ME!
-BEGIN PGP SIGNED MESSAGE-
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as cn=admin,dc=example/root to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap:
Hi,
I'm using a system (openvpn) with 'radiusplugin' to let FR authenticate
users and manage IP Pools.
Openvpn sometimes needs to renegotiate the connections and thus sends
authentication requests while the connection is still active (with an
already assigned IP address): this causes FR to
Thanks for your reply,
Thibault Le Meur wrote:
Openvpn sometimes needs to renegotiate the connections and
thus sends
authentication requests while the connection is still
active (with an
already assigned IP address): this causes FR to assign a new IP
address from the pool (which
But the output now is:
rad_recv: Access-Request packet from host 127.0.0.1:1030,
id=65, length=54
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = peppeska
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
authentication ?
If your pppoe server is a linux box, have you checked that the radiusclient
library contains the microsoft dictionnary as I described in my previous
email ?
Regards,
Thibault Le Meur
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Very strange I didn't get this email ?
See my comments below:
Thibault Le Meur ha scritto:
But the output now is:
rad_recv: Access-Request packet from host
127.0.0.1:1030, id=65,
length=54
Service-Type = Framed-User
Framed-Protocol = PPP
Hi Alan,
I'd like to patch the openvpn-radiusplugin so that an extra
attribute
is sent in the Access-Accept packets so that FR will be able to
differentiate Initial and Renegociation Access-Accept
requests and
only assign new IP address from the pool on Initial Access-Accept
and in the dictonary file:
$INCLUDE /etc/radiusclient/dictionary.microsoft
$INCLUDE /etc/radiusclient/dictionary.ascend
$INCLUDE /etc/radiusclient/dictionary.compat
$INCLUDE /etc/radiusclient/dictionary.merit
$INCLUDE /usr/share/freeradius/dictionary
Don't write $INCLUDE but
Thibault Le Meur wrote:
I've patched the radiusplugin to add Framed-IP-Address to
the re-auth
request but rlm_ippool still allocates a new IP Address
(I'm using FR
1.1.4).
Ok. It seems like rlm_ippool should be updated to look for
Framed-IP-Address in the request
MMM damn! why freeradius don't want work with me?
It's not a Freeradius issue, but a ppp/radiusclient issue ;-)
P.S.
without the Deafult Auth-Type in the users file...it's the
same... If I put $INCLUDE instead INCLUDE... work like before...
Very strange I've got several
quote
I've been using OpenVPN + Ralf's Radiusplugin for several months and
recently moved away from server-side IP assignment. However, while I did use
it, I found that in my configuration FreeRADIUS only assigned new IPs when
the accounting for that user had stopped (ie, if it recieved a STOP
-Message d'origine-
De :
[EMAIL PROTECTED]
radius.org
[mailto:[EMAIL PROTECTED]
sts.freeradius.org] De la part de peppeska
Envoyé : mercredi 21 mars 2007 18:36
À : FreeRadius users mailing list
Objet : Re: RE : RE : RE : freeradius, ldap error - HELP ME!
-BEGIN PGP
but plog:
[EMAIL PROTECTED]:/home/peppeska# plog
Mar 21 19:21:18 applejack pppd[18527]: Plugin rp-pppoe.so loaded.
Mar 21 19:21:18 applejack pppd[18529]: pppd 2.4.4 started by root, uid 0
Mar 21 19:21:19 applejack pppd[18529]: PPP session is 6
Mar 21 19:21:19 applejack pppd[18529]: Using
Thibault Le Meur wrote:
I've patched the radiusplugin to add Framed-IP-Address to
the re-auth
request but rlm_ippool still allocates a new IP Address
(I'm using FR
1.1.4).
Ok. It seems like rlm_ippool should be updated to look for
Framed-IP-Address in the request
Thibault Le Meur wrote:
I've patched the radiusplugin to add Framed-IP-Address to
the re-auth
request but rlm_ippool still allocates a new IP Address
(I'm using FR
1.1.4).
Ok. It seems like rlm_ippool should be updated to look for
Framed-IP-Address in the request
Whats the output of 'ps auxf' on your box?
Netstat will tell you what's using which port.
Do instead:
# netstat -tnp | grep 1812
example output:
tcp0 0 192.168.30.107:49182192.168.30.1:5222
ESTABLISHED 5938/gaim
And better if you have the lsof binary installed,
# netstat -tunelup Aktive
Internetverbindungen (Nur Server) Proto Recv-Q Send-Q Local
Address Foreign Address
State Benutzer Inode PID/Program name
[...]
udp 0 0 192.168.100.207:1812 0.0.0.0:*
0
Hello everyone,
FreeRadius 1.0.1 from RHEL 4.
I get the following error (only shown in debug mode) after
1-2 weeks of
server working fine, without any issues:
rlm_ippool: Searching for an entry for nas/port:
172.25.254.218/9931392
rlm_ippool: No available ip addresses in pool.
Hi Danny,
Let me correct just some things... can you confirm ?
After a lot of help from Thibault I was able to connect from xp client.
the causes for the problem was :
1.missing raddattr plug-in to option.pptpd
raddattr.so # after radius.so
2.un update dictionary (Microsoft
Basically trying to
figure out
what I need to add to these lines: groupname_attribute,
groupmembership_filter, and groupmembership_attribute. Also
not sure if
I need to add something to users file like: DEFAULT LDAP-Group ==
wireless. Can anyone provide input on what I need to
Hi,
Hi,
i would make this architecture:
- authentication EAP/PEAP with MS-CHAPv2 with users in LDAP
database. Better with encrypted password, but not necessary.
Either:
* use Clear-text passwords in the userpassword attribute
* OR add an Ldap attribute that will hold the NTML hash
Hi,
I currently have a IPSEC/L2TP setup that uses FreeRadis (for
Active Directory auth). Radius is handing out the IP
addresses to the clients. Is there a way to have it update my
DNS server so it can create reverse-dns entries for them?
Yes it is.
In acct_users make a rule that run
Terry Pelley a écrit :
FreeRADIUS Version 1.1.7 on Novell SLES10
The question is simple but I can't seem to find the answer to it so I
will apologize in advance.
Can some one tell me the format for entering the date in the
Expiration attribute?
I'm using the users file to authenticate
Hi Gurus,
I've just (auto)updated my FR from 2.0.5 to 2.1.1 and some
authentications stop working.
For these specific authentications the ldap module is used to retrieve
the password from LDAP (hashed with MD5 or CRYPT, ...), and then PAP is
used to compare the passwords (auto_header is
Thanks a lot for your answer,
[EMAIL PROTECTED] a écrit :
I've just (auto)updated my FR from 2.0.5 to 2.1.1 and some
authentications stop working.
For these specific authentications the ldap module is used to retrieve
the password from LDAP (hashed with MD5 or CRYPT, ...), and then PAP is
used
Hi John,
Nice to meet you ;-)
John Dennis a écrit :
John Dennis wrote:
Thibault Le Meur wrote:
T
I've searched and finally found out what occured. I'm using Fedora
Core 9 and after the FR package update here is what occured: a lot
of files including module files from the new RPM package
Michael Poser a écrit :
Hello,
native wired xp 802.1X client with PEAP (mschapv2) tries to authenticate via
freeradius against openldap with an md4 encoded utf-16e password hash.
This is just not possible.
PEAP (mschapv2) requires you can read the user password either as a
cleartext password
Alexandros Gougousoudis a écrit :
Hi Ivan,
Try signing client certificates with the ca certificate. I have included
modified Makefile for 2.1.3. I have added make caclient.pem to
produce client certificates and cleanca to remove them. Try
importing caclient.p12 created this way onto the user
Peter Param a écrit :
Hi all,
I'm trying to authenticate to a LDAPS backend but failing. Any suggestions?
Is it an LDAP server answering on LDAPS connections (LDAP+SSL on port
636) or an LDAP server answering on LDAP connections that are then
secured by Start-TLS (LDAP on port 389 +
Peter Param a écrit :
it is an LDAP server answering on LDAPS connections (LDAP+SSL on port 636)
...but it also supports the latter even tho an acl is set to not allow port 389
use start_tls=no fails also,
Maybe but keep it to no
it seems to have a problem with the cert and/or cert
Jack D. Martin Jr. a écrit :
I wasn't questioning your skills - trust me. I have read many of your
responses on the list, you helped me deploy my server without ever talking
to me. I am just looking for a solution. Basically what I have is a
billing solution that automatically suspends
Hegedus Gabor a écrit :
HI!
Can you help me,
I don't know how can i send back the client ip address to the openvpn
client.
The cisco vpn 3000 works correctly with cvpn3000 directory.
Are there any directory for openvpn?
or which return attrib name I can use?
This is a little off-topic for
Hi,
I recently came up with a small issue concerning modules instances name
(especially when they set Auth-Type).
* I defined my own pap module with the name 'pap-myorg' and expected it
to set Auth-Type to PAP-MYORG, but in fact it wasn't setting the
Auth-Type at all (moreover I saw no
Fall-Through = no
This way, a unique rule will match 3 different groups having the same cn,
but in different subtrees.
Am I missing something or is this setup impossible with Ldap-Groups ?
Thanks in advance for your answer.
Regards,
Thibault Le Meur
-
List info/subscribe/unsubscribe? See http
... but is ldap xlat yet available in the users file ? As stated in
doc/rlm_ldap I thought it was only hopefully shortly available ?
Thanks a lot for your answer.
Regards,
Thibault Le Meur
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
for example, if, on the current ACS server, i set the host where
'radtest' lives to...
authenticate using - RADIUS (Cisco aironet),
...I get back the correct wireless vlan info. If I then set it to
authenticate using RADIUS (VPN 3000), I don't get back the
vlan info
but the
Maybe... but is ldap xlat yet available in the users file ? As
stated in doc/rlm_ldap I thought it was only hopefully shortly
available ?
The issue is more that the LDAP module ignores the
operator, and does a simple string compare. The server core
needs to expose an API that
Could I do EAP-TTLS using the securew2 client instead?
Yes, that's an option. And since EAP-TTLS is a standard you'll be able
to have it work on a variety of clients (MAC OS, Pocket PC + SecureW2,
Palm-OS, linux).
Or am I
better off creating a 2nd password attribute on the LDAP directory
My company use Cisco wireless AP (access point). When we use
802.11b radio
AP, we can assign users vlan through Freeradius. But the same setting
doesn't work on 802.11g radio AP. Can anybody help.
Check you new AP documentation for the Radius Reply Attribute format they
expect from the
I guess the obvious question is why can't the Radius server
simply perform a bind attempt to the LDAP server during
authentication, as opposed to trying to compare the password
received by the authenticator to the ssha-1 password stored in ldap?
Because, in PEAP, the client doesn't send
rad_check_password: Found Auth-Type ldap
auth: type LDAP
ERROR: Unknown value specified for Auth-Type. Cannot
Is the ldap module defined in your authenticate section ?
Regards,
Thibault
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Firstly, I am attempting to get XP/OSX clients to connect to a 802.1x
WLAN provided by a cisco wlan controller. This is currently backed by
ACS and works, but i'd like to use FreeRADIUS is possible, with half
my users in LDAP and half in MySQL.
The setup uses PEAP, however am I correct in
i'm facing a little problem.
in some times my mysql DB server is down the radius can't insert
records into it of-course, so the users can't login as the radius
doesn't authenticate them unless he can record them.
Is there any solution to make the radius authenticate the
users without
Even though the secret is incorrect the authentication can be
correct. The server returns an Access-Accept. Why? The server trusts the
client (it's in the accepted NAS list) and performs the authentication.
I might have missed something here, sorry in advance ;-)
Since the secret is
I am running FreeRADIUS version 1.1.2 on Debian Linux (Stable x86).
I am trying to map an LDAP attribute to a RADIUS attribute.
A little
background, we have a RADIUS client that needs to make decisions
based on an LDAP attribute (we'll call it User-Category). Based on
the value
Most authentication methods don't use the secret as part of
the password
encoding and use independent information for encoding.
PAP is the only authentication method that depends on the secret.
For example CHAP uses the password, two random numbers and
MD5 to encode
the password.
Well, after some changes in OpenLDAP config, this is the result:
So your first issue was openldap related...
Fri Jul 21 11:15:51 2006 : Debug: rlm_ldap: bind as
cn=Manager,dc=,dc=it/PASSWORD to 192.168.1.221:389
Fri Jul 21 11:15:51 2006 : Debug: rlm_ldap: waiting for bind result ...
Fri
Thibault Le Meur wrote:
rad_recv: Access-Request packet from host 127.0.0.1:32801,
id=0, length=217
User-Name = misterc
CHAP-Challenge = 0xa26932d73791f27d1314426f740ab34e
CHAP-Password = 0x002e07a2cc1f27e7fbd22e7bb3721a3986
That means that your client
I'm trying to add a user to a vlan based on an ldap attribute. I've checked
out: http://vuksan.com/linux/dot1x/802-1x-LDAP.html annd saw the following
would have to be added to the user's ldap record:
radiusTunnelMediumType: IEEE-802
radiusTunnelType: VLAN
radiusTunnelPrivateGroupId: 2
Yes
One way to do that is to use LDAP groups. If your users are in
dedicated LDAP groups, then a rule like the following in your users
file will do the trick:
DEFAULT Huntgroup-Name == myAP, Ldap-Group == Engineering
User-Name=`%{User-Name}`,
radiusTunnelMediumType: IEEE-802
This puts it into the access-request and the radius server sees it
rad_recv: Access-Request packet from host 127.0.0.1:32770, id=106,
length=79
User-Name = joe
User-Password = testing
incoming-req-uri = http://www.blibble.net/path_to;
Processing the authorize
Hm, thats bad. Is it on the roadmap? I have seen a Howto, generating
certs and switching eap-type to tls on freeradius?
Yes Windows hosts can be authenticated with EAP-TLS by choosing
something like SmartCard or certificate under the Authentication Tab
of the adapter properties.
How can
Hello Alan,
Alan DeKok schrieb:
No. It means that there is NO client cert. The authentication
process continues, so it's obviously not a catastrophic problem.
Is it simply not sent, or somehow not available? Because I know for
sure that there is a cert on the client. And I did nothing
Hi All,
Just an email to say that I had difficulties in finding on the web the
pgp key used to make the release signature: maybe I have bad eyes...
anyway, I think such an important information should be obvious to
retrieve.
Should it be possible to have a quick link in the web site home
I don't know if my chiming in will make a difference or not.
But windows can authenticate with a machine certificate or a user
certificate
If you're doing the machine certificates, please say so, I'm a little
confused as to what exactly you are doing now.
I don't now if you're asking
Hi,
it works now. Thanks Thibault, you saved my day, again! :-)
You're welcome
- the extension SubjectAltName must contain the Netbios name of the
PC (I think)
This had no meaning in my tests. Anyway, there must be chosen a type
of that field. Did you take DNS-Name, Email or Raw?
I use
Hi,
This is just a comment on the default radiusd.conf provided information.
In the authenticate section of the default radiusd.conf I can read
about Auth-Type LDAP:
quote
# Note that this means check plain-text password against
# the ldap database, which means that EAP won't
ine doc/rlm_ldap I've read:
quote
# identity: DN under which LDAP searches are done password: pasword
# which authenticate this DN default: anonymous bind, no password
# required NOTE: searches are done now over unencrypted connection!
/quote
I'm especially concerned about the
While usually true, this assumption is a little confusing sometimes.
Indeed, when EAP-TTLS uses PAP (not an EAP protocol I know) as its
inside authentication protocol, a cleartext password is provided to
Freeradius which is then able to use a simple ldap bind exchange to
authenticate the user.
Thibault Le Meur [EMAIL PROTECTED] wrote:
* the inner PAP authentication is processed by the ldap module in
which I don't need to define which password hashing method is used (I
use at least CRYPT _and_ MD5 in the same directory for historical
reasons)
Version 2.0 has fixes that make
On Fri 22 Sep 2006 10:52, Thibault Le Meur wrote:
Thibault Le Meur [EMAIL PROTECTED] wrote:
* the inner PAP authentication is processed by the ldap module in
which I don't need to define which password hashing method is used (I
use at least CRYPT _and_ MD5 in the same directory
Thanks, in fact I know that by using the developpment version I could
have a test at the 2.0 branch, but I'm a little frightened
to test it
in my production environment...
I just want to correct my words because I don't want users on the list to
misunderstand my meaning: I think the CVS
I have noticed in my log's this error and do not know what it
means, or
where to look to start fixing it..
rlm_eap_tls: Length Included
Mon Sep 25 08:58:16 2006 : Error: TLS_accept:error in SSLv3 read
client cert ificate A
I suppose you are using the EAP-TLS module to proceed
I'm a bit confused on this one.
I want my users vlan'd based on their affiliation (ie, staff,
student) In my radiusd.conf file, under ldap, I've put:
groupmembership_attribute = eduPersonPrimaryAffiliation
That's a good start, but sending the whole ldap configuration section would
My ldap section from radiusd.conf looks like:
ldap {
server = ldapserver.net.org
identity = uid=name,dc=net,dc=org
password = password
basedn = ou=stuffdc=net,dc=org
filter =
I think part of my problem is that I do not have the vlans defined in the
Access Point. I incorrectly assumed that the AP would receive the vlan info
from the Radius server, and tag all outgoing packets from the wireless
client with that tag. However, I'm starting to think that that is
My actual problem relates to the following errors, pulled
from radiusd -X:
[/etc/raddb/users]:214 WARNING! Check item Pool-Name ?found
in reply item list for user DEFAULT. ?This attribute MUST
go on the first line with the other check items
The offending rules are in users:
As you
freeRadius than calls accounting_stop_query located in
sql.conf and UPDATES the radacct table and its attributes
with all these new values.
What I'd like to do now is to execute a personalised sql
query right after this default accounting_stop_query so that
I could save/modify all
However you can instantiate a new sql module in sql.conf:
sql my-sql-acct {
...
Accounting_stop_query = MY Customized SQL query
}
Then in you radiusd.conf accounting section:
accounting {
sql
my-sql-acct
}
I tried this and freeRadius hangs at startup and says my-sql-acct: Unknown
Module.
Why the command radiusd -A work fine and not
/etc/init.d/raduisd start ???
When you run 'radiusd -A' (I suppose you're root), you are running the
radius Server as Root.
When you run /etc/init.d/radiusd start, it switches to the 'radiusd' user
identity (in FC5).
So it is possible that you
The inner request will magically show up after the tunnel has
been decoded. It
is a new request, and will have its own User-Name attribute.
Could you be mores specific as:
* when did this feature appear ?
* how does this differ from previous versions ?
Indeed, I found out that with the
into an Access Accept reply? Why on earth would I want
this? Well, I
would like to i.e. give a guest-net Vlan back to users that actually
fail authentication, so that when they try to access the web
they will
instead get connected to a redirected guest-information webpage.
I haven't
Thibault Le Meur [EMAIL PROTECTED] wrote:
Indeed, I found out that with the latest release of FR, the debug
isn't the
same: previously (FR 1.0.1), I was able to read the
Tunneled inner-request
and attributes (with inner user name and password...) and
the complete
process
And, lastly, did you set copy_request_to_tunnel in eap.conf?
Don't, because
then your real inner user name gets overwritten by the outer one.
Strange... I've set copy_request_to_tunnel and I haven't seen my inner
User-Name be overwritten !
Are you sure it would overwrite the inner User-Name
Thibault Le Meur [EMAIL PROTECTED] wrote:
Strange... I've set copy_request_to_tunnel and I haven't seen my inner
User-Name be overwritten !
Doing that would be wrong. FreeRADIUS doesn't do that.
I know, It would have broken my setup ;-)
And, lastly, did you set
I'm replying to myself because I found a very ugly solution to cope with my
needs: Have an account not available before a given date.
I post this here in case this could be useful to someone, and to get
feedback if others have found better way to achieve this.
At least the following checks
-Message d'origine-
De :
[EMAIL PROTECTED]
radius.org
[mailto:[EMAIL PROTECTED]
sts.freeradius.org] De la part de Sean
Envoyé : mardi 28 novembre 2006 13:22
À : freeradius-users@lists.freeradius.org
Objet : Expiration
Hi,
Just a quick question. Is expiration := Never
I have a question with regard to expiration. I'd like to update the
expiration to a new date once a user logs in for the first
time. I've tried to add a query to the sql conf file where
the radacct table
gets updated when a user logs in, but I can't seem to add a
new query that is
Is there some standard way of telling the
client that this user belongs to this group.If so how
do i set this on the radius server.
Several NASes support the Login-LAT-Group reply attribute for this purpose:
check with your NAS doc.
HTH,
Thibault
-
List info/subscribe/unsubscribe? See
-Message d'origine-
De : ganesh subramonian [mailto:[EMAIL PROTECTED]
Envoyé : vendredi 1 décembre 2006 05:41
À : FreeRadius users mailing list
Cc : [EMAIL PROTECTED]
Objet : Re: RE : return user group information to radius client
hi
does that mean that sending/receiving of
-Message d'origine-
De :
[EMAIL PROTECTED]
radius.org
[mailto:[EMAIL PROTECTED]
sts.freeradius.org] De la part de Sundaram Divya-QDIVYA1
Envoyé : jeudi 30 novembre 2006 23:51
À : freeradius-users@lists.freeradius.org
Objet : FreeRadius and LDAP
We don't use openldap or
-Message d'origine-
De :
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
.org] De la part de [EMAIL PROTECTED]
Envoyé : vendredi 1 décembre 2006 17:16
À : freeradius-users@lists.freeradius.org
Objet : differentiating radius attribute
Hi everybody,
I'm using freeradius to authenticate
Also, I am under the understanding that EAP-TLS does NOT
require a client side cert, and EAP-TTLS DOES require a
EAP-TLS requires both server-side and client-side certs.
EAP-TTLS requires only a server-side cert. The client-side authentication is
performed through an inner TLS tunnel and is
-Message d'origine-
De :
[EMAIL PROTECTED]
radius.org
[mailto:[EMAIL PROTECTED]
sts.freeradius.org] De la part de Rafa³ Kamiñski
Envoyé : lundi 4 décembre 2006 13:28
À : freeradius-users@lists.freeradius.org
Objet : FreeRadius + Ldap + TLS/SSL
When i saw that error, i
-Message d'origine-
De :
[EMAIL PROTECTED]
radius.org
[mailto:[EMAIL PROTECTED]
sts.freeradius.org] De la part de Erling Paulsen
Envoyé : lundi 4 décembre 2006 15:11
À : FreeRadius users mailing list
Objet : Problem cheking multivalued attributes in LDAP schemas.
I try to
I post here a cleaner solution to my need, and propose the opportunity to
have an even better way to code this (but requires a patch).
The Goal
I wanted to be able to manage temporary accounts for guests:
* these accounts are created in advance, but mustn't be valid before a given
date
proposal
Thibault Le Meur wrote:
Enhancement proposal
Why not implement the NotBefore part in the FR server code as it is
already done for Expiration ?
Or, add a Date attribute, that will compare against the
current date. You can then use configurations
1 - 100 of 124 matches
Mail list logo
