on?
I can't search the archive right now, but I think it would be useful to
know the Samba version.
Hello Alberto
#smbd -V
Version 3.4.0
** **
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Alberto Martínez Setién
Servicio
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Alberto Martínez
o/
Our FR is doing EAP most of the time, and it's working fine.
However, we would want our NAS to see the inner true User-Name, not the
outer one. I know this can be set in the inner-tunnel post-auth section
uncommenting the update outer.reply lines, but that exposes our users'
inner User-Name to
I guess I could just use NAS-Identifier plus NAS-IP-Address and carry
on, because I can't see anywhere that Packet-Src-Ip-Address from our NASes.
We have just 2 NASes, so I'll skip the huntgroups.
Thanks for your answers!
2012/6/15 alan buxey a.l.m.bu...@lboro.ac.uk
Hi,
Or, you can use EAP-TLS.
--
Alberto Martínez Setién
Servicio Informático
Universidad de Deusto
Avda. de las Universidades, 24
48007 - Bilbao (SPAIN)
Phone: +34 - 94 413 90 00 Ext 2684
Fax:+34 - 94 413 91 01
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
It works for me too.
http://www.downforeveryoneorjustme.com/http://wiki.freeradius.org/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
As soon as I delete Sub2 CA (that is, the CA certificate of the certificate
authority which issued client's certificate) I am able to connect
successfully.
Does FR know this Sub2 CA? i.e: is CA certificate chain file referenced in
eap.conf?
If not, try to concatenate certificate authority
Well, yes, there is. What I meant to say is, you need to set CA to a file
which has all the certificates of the chain: ROOT_CA, Sub1_CA and Sub2_CA.
When speaking to certificate files, I call the concatenated one
certificate chain file, but it's another concept:
2012/4/25 jinx_20 gabriel_skup...@o2.pl
Ok, to be sure that we understand each other...
My Sub2_CA_entire_chain.pem looks like this:
-BEGIN CERTIFICATE-
XX
-END CERTIFICATE-
-BEGIN CERTIFICATE-
Y
-END
if(%{User-Name} =~ /?([^@]+)@?([-[:alnum:]._]*)?$/) {
I'm not that good with POSIX regex, but shouldn't it be
if(%{User-Name} =~ /?([^@]+)@?([-[:alnum:]\._]*)?$/) {
AFAIK the dot . means any char so I think it needs to be escaped.
-
List info/subscribe/unsubscribe? See
Within POSIX bracket expressions, the dot character matches a literal
dot. For example, a.c matches *abc*, etc., but [a.c] matches only *a*,
*.*, or *c*.
My bad.
2012/2/29 Alberto Martínez alberto_marti...@deusto.es
if(%{User-Name} =~ /?([^@]+)@?([-[:alnum:]._]*)?$/) {
I'm
the
problem, since the configuration is almost identical to the working one.
I would appreciate any indication about the issue.
Thank you in advance.
freeradius -XC http://pastebin.com/p6FKumjm
--
Alberto Martínez Setién
Servicio Informático
Universidad de Deusto
Avda. de las Universidades, 24
.
So it never establishes an EAP-TLS to begin with.
CA certificates script: http://pastebin.com/tP1cH2Zx
2012/1/17 Alan DeKok al...@deployingradius.com
Alberto Martínez wrote:
Now I'm stuck with this known error:
WARNING
any firewalls inbetween.
Yes, it shows a conversation, so no dropped packets inbetween.
--
Alberto Martínez Setién
Servicio Informático
Universidad de Deusto
Avda. de las Universidades, 24
48007 - Bilbao (SPAIN)
Phone: +34 - 94 413 90 00 Ext 2684
Fax:+34 - 94 413 91 01
-
List info/subscribe
Of course not. Give me some credit. BUT, in case I did, the debug would
show an ugly TLS error instead of an error referencing a whole other issue.
Thanks for your replies anyway.
2012/1/17 Fajar A. Nugraha l...@fajar.net
On Tue, Jan 17, 2012 at 7:18 PM, Alberto Martínez
alberto_marti
Hi. Yet another MSCHAPv2 thread.
It's related to this one:
http://lists.cistron.nl/pipermail/freeradius-users/2008-July/msg00156.html
(I will post my output if needed, but I believe is almost the same)
Ivan Kalik states That's because it's doing EAP mschapv2 not plain
mschap. It's normal
to get
16 matches
Mail list logo