thanks for all the help guys, Im no longer using freeradius at work.
Big thanks to every1 (excluding Alan Dekok, sorry we had our diff).
Take it easy.
unsubscribe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Vilvoorde
[EMAIL PROTECTED]
Tel. +32 (0)2 2552551
The question of whether a computer can think is no more interesting than
the question of whether a submarine can swim. -- E. W. Dijkstra
*Jacob Jarick [EMAIL PROTECTED]*
Sent by: freeradius-users-bounces+stieven.struyf=
[EMAIL PROTECTED]
13-07-07 06:35
On 7/11/07, Alan Walters [EMAIL PROTECTED] wrote:
On Tue, 2007-07-10 at 10:34 +0100, [EMAIL PROTECTED] wrote:
Im currently trying to setup FR to authenticate a user / machine
regardless of password
..
In the end I hope to have the ldap check if dialup access is allowed,
if it is then
PROTECTED] wrote:
Jacob Jarick wrote:
Not everything comment / criticism about free radius is a vieled
insult at you or your work Alan (rolls eyes).
saying the radiusd.conf is touchy is a fail call, since it is and most
people offering help warn / suggest about changing 1 line at a time.
Saying
, though I have seen you been very helpful on other
threads. The last thing a frustrated user who has been making an
honest attempt needs to hear is your an idiot, rtfm, upgrade, etc -
paraphrasing of course.
On 7/9/07, Alan DeKok [EMAIL PROTECTED] wrote:
Jacob Jarick wrote:
If you wish to split
my 2n comment was referring to my current project (ntlm auth +
conditional auth if ldap Field dialupaccess =1
On 7/9/07, Jacob Jarick [EMAIL PROTECTED] wrote:
On 7/9/07, Alan DeKok [EMAIL PROTECTED] wrote:
Jacob Jarick wrote:
Fussy config file = petty criticism ?
When it's clear
Hello,
Im currently trying to setup FR to authenticate a user / machine
regardless of password, provided that the account exists and that
DialupAccess = 1. Im a bit stuck atm because I do not know how to
ignore the passwd failing the ldap check.
In the end I hope to have the ldap check if
Forgot to paste the radiusd.conf url - http://pastebin.ca/611795
On 7/10/07, Jacob Jarick [EMAIL PROTECTED] wrote:
Hello,
Im currently trying to setup FR to authenticate a user / machine
regardless of password, provided that the account exists and that
DialupAccess = 1. Im a bit stuck atm
DeKok [EMAIL PROTECTED] wrote:
Jacob Jarick wrote:
This url here looks like what I need
http://support.novell.com/docs/Tids/Solutions/10100693.html but their
instructions are pretty lousy For machine-based authentication or
user based authentication, modify the RADIUSD.CONF file by adding
Phil A.L
Thanks alot for this new information I have to rebuild my network
again (big shift around at work) and test again.
On 7/7/07, Phil Mayers [EMAIL PROTECTED] wrote:
As per my previous emails, you can see the rlm_mschap is doing the
expansion correctly without Novells hack:
modcall:
to AD for the groups, but using
ntlm for the password authentication. This seems counterproductive, unless
you are using a backside encryption where you need to do it that way, which
is what I ended up having to do.
On 4/30/07, Jacob Jarick [EMAIL PROTECTED] wrote:
Thanks for the Tip ryan
Im after some documentation on setting up host authentication on
freeradius (or an example config).
This url here looks like what I need
http://support.novell.com/docs/Tids/Solutions/10100693.html but their
instructions are pretty lousy For machine-based authentication or
user based
236 with timestamp 468de237
Cleaning up request 7 ID 237 with timestamp 468de237
Cleaning up request 8 ID 238 with timestamp 468de237
Nothing to do. Sleeping until we see a request.
--
On 7/6/07, Jacob Jarick [EMAIL PROTECTED] wrote
config on client follows exactly what the howto reccomends with the 1
change of checking authenticate as computer when computer information
is available. Which as you can see does attempt to auth.
The cert options are set as in this picture:
quick question,
should machine authentication work if I follow the howto on a base
system or will I need to add attr_rewrite's as suggested in the novell
howto.
On 7/6/07, Jacob Jarick [EMAIL PROTECTED] wrote:
config on client follows exactly what the howto reccomends with the 1
change
Christan,
You may be able to overcome / work around the problem by specifying a
2nd ldap module. Have one that appends the $ and checks and one that
doesnt.
On 5/9/07, Phil Mayers [EMAIL PROTECTED] wrote:
Christian Hohmann wrote:
Hi members,
I have a problem with the name of hosts. Here is
It will be postauth that you need. Unfortunately Im still learning
that part myself (when I have spare time).
On 5/8/07, Eric Martell [EMAIL PROTECTED] wrote:
I will be really appreciated if someone points me to
the right direction or archive of the thread.
Thanks in advance.
Regards.
for the password authentication. This seems counterproductive, unless
you are using a backside encryption where you need to do it that way, which
is what I ended up having to do.
On 4/30/07, Jacob Jarick [EMAIL PROTECTED] wrote:
Thanks for the Tip ryan but I have been down that road and 2 reasons
Salutations all,
I will be attempting VLAN assignment tomorrow via FR + ADS + cisco wap.
1st Question: Is it possible to assign VLAN based solely on what ldap
server authorized it. (The sites we are looking @ have 1 domain server
for staff and 1 for students).
2: Ive been looking @ Mat
The deploying freeradius + AD is an excellent guide for the ntlm_auth method.
Im guessing it is because your ntlm_auth command is commented out in
the mschap part
On 5/2/07, Danner, Mearl [EMAIL PROTECTED] wrote:
Why not try this? Worked for us.
] On
Behalf Of Jacob Jarick
Sent: Wednesday, 2 May 2007 18:28
To: FreeRadius users mailing list
Subject: VLAN Queries
Salutations all,
I will be attempting VLAN assignment tomorrow via FR + ADS +
cisco wap.
1st Question: Is it possible to assign VLAN based solely on
what ldap
Thanks very much everyone, specially Phil, Alan and the rest who
helped me but I cant recall just now. I Have fiiinally got it going
(properly this time to).
Here is a quick outline of my setup, I may write a detailed howto later on.
Windows XP home client - cisco wap - freeradius on Fedora -
PROTECTED] wrote:
depending on the wifi auth method, you may want to also investigate a
NTLM_AUTH method instead of straight ldap. This requires the freeradius
machine to be a member of the domain, but once you do that it works great.
On 4/29/07, Jacob Jarick [EMAIL PROTECTED] wrote:
OK
Thanks for the very detailed instructions.
I will attempt this shortly (bought rad ad servers home for weekend study).
Quite possible the biggest learning curve for me is the ldap fields
but I am finally starting to get familar with them.
Cheers again, will post back once Ive run the radtest.
/raddb/ldap.attrmap
-rw-r- 1 root root 2424 Apr 19 16:32 /etc/raddb/ldap.attrmap
I assume the permissions are correct, as it was installed by rpm. Im
building the 1.1.4 rpm now, will report back once done.
On 4/29/07, Jacob Jarick [EMAIL PROTECTED] wrote:
Thanks for the very detailed
thanks to the info you provided.
My challenge for monday will be setting up the cisco and wireless clients now :)
On 4/29/07, Jacob Jarick [EMAIL PROTECTED] wrote:
radiusd.conf: http://pastebin.ca/464133
radius -X ouput: http://pastebin.ca/464138
Tried with 1.1.6 and fails with this error
as this has made things alot easier.
On 4/30/07, Ranner, Frank MR [EMAIL PROTECTED] wrote:
-Original Message-
From:
[EMAIL PROTECTED]
eradius.org [mailto:freeradius-users-
[EMAIL PROTECTED] On
Behalf Of Jacob Jarick
Sent: Sunday, 29 April 2007 20:48
To: FreeRadius users
radiusd.conf: http://pastebin.ca/465399
radius -X output: http://pastebin.ca/465404
After following phils guide on the weekend I successfully got both
radtest and radping to return auth-accept packets. The default windows
client wouldnt auth but they dont do PAP as I undertstand. I am
currently
Well after some more googling I have come to the conclusion I need to
setup EAP-TTLS which If I understand correctly supports tunneling of
PAP through ssl. So my current goal is to enable EAP-TTLS test then
report.
On 4/30/07, Jacob Jarick [EMAIL PROTECTED] wrote:
radiusd.conf: http
to pricing issues it will be left until
the last option. I would like to say though Novell generally has
excellent support.
On 4/27/07, Jacob Jarick [EMAIL PROTECTED] wrote:
I have been at this for awhile now, so I thought I would share a
summary of what I have figured out so far for anyone else
[mailto:freeradius-users-
[EMAIL PROTECTED] On
Behalf Of Jacob Jarick
Sent: Thursday, 26 April 2007 12:38
To: FreeRadius users mailing list
Subject: FR + LDAP + ADS - rlm_ldap: ldap_search() failed:
Operations error
radiusd.conf:
radiusd -X -f: http://pastebin.ca/458790
Hello again,
I have
[authorize]: module mschap returns noop for request 0
rlm_realm: No '@' in User-Name = jacob, looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop for request 0
On 4/27/07, Jacob Jarick [EMAIL PROTECTED] wrote:
Thank you for the suggestions
there is a script that comes with the freeradius source (perhaps bins
aswell) that generates you new certs.
for me the script is @
/usr/src/freeradius-1.1.6/scripts/CA.all
iirc that will generate you all the certs u need and read default
options from your openssl config file. You will have to
OK, Ive setup SFU and indeed it has populated my ldap feilds some more.
I have enabled the user Jacob Jarick as a unix user, created a unix
group added myself to it then reset my password so the unix password
would be set.
Search command:
ldapsearch -h 10.1.1.11 -x -b dc=tfxschool,dc=internal -x
I have been at this for awhile now, so I thought I would share a
summary of what I have figured out so far for anyone else that decides
to try this.
1 - Documentation for this particular configuration is either out of
date / incomplete / both. There are no howtos that will get from start
to end
radiusd.conf:
radiusd -X -f: http://pastebin.ca/458790
Hello again,
I have configured the ldap module according to the rlm_ldap wiki
(minus TLS, just trying one thing at a time).I have supplied:
identity = cn=admin,o=tfxschool,c=AU
password = pass
As I have been told anonymous binding is not the
Sigh, I should just tell my employers to buy novell edirectory, it
does look very nice.
On 4/24/07, Hubert Kupper [EMAIL PROTECTED] wrote:
On 23 Apr 2007 at 18:00, Jacob Jarick wrote:
Hubert would you mind showing me how you map the ldap password to the
radius password.
Ive Tried
Sorry to offend,
But I have been seeing alot of Docs warn u of this etc but seeing as
there are so many conflicting documents seeing the generic reply when
I have read / googled high and low is quite frustrating.
On 4/24/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi,
good docs, link it or
PROTECTED] wrote:
Jacob Jarick wrote:
So the big question is, what Auth-Type do I use ?
You have been told that you should not set it. That means You should
not set it. It does not mean use another value.
If LDAP is not permitted (still confuses me as I only need / want
radius to authenticate
modcall[authenticate]: module mschap returns reject for request 6
modcall: leaving group MS-CHAP (returns reject) for request 6
Looking at resolving that issue right now.
On 4/24/07, Alan DeKok [EMAIL PROTECTED] wrote:
Jacob Jarick wrote:
Sorry to offend,
But I have been seeing alot
everything :P before resuming ldap.
On 4/24/07, Jacob Jarick [EMAIL PROTECTED] wrote:
radiusd -X -f: http://pastebin.ca/455497
Alan, I have been trying todo my groundwork / homework is all, ie
research before asking.
Its simply a case of taking whatever support is available and not
always
Hubert would you mind showing me how you map the ldap password to the
radius password.
Ive Tried checkItem userPassword User-Password but the radius debug
logs complain that it Needs User-Password still :|
On 4/23/07, Hubert Kupper [EMAIL PROTECTED] wrote:
Hello,
how can I add a secondary
here is a 57kb tar.gz of my /etc/raddb folder containing all configs.
http://rapidshare.com/files/27470184/20070420_ldap_working.tar.gz.html
--
Hello I have been reading everything I can get my hands on to resolve
this problem Im having. The error message related to this problem:
Attribute
Sorry to pester u Alan :P
Does mschapv2 also support ntlm_auth ?
and now that I understand your tables (well I think) I should be able
to persuade my employer to use ntlm and firewall the the samba ports.
On 4/23/07, Alan DeKok [EMAIL PROTECTED] wrote:
Jacob Jarick wrote:
Is it true
Forgive the newbie questions but I think its best to clear up confusion.
client - cisco - FR server = eap
FR - ADS 2003 = pap
Is that correct or am I way off track.
On 4/23/07, Alan DeKok [EMAIL PROTECTED] wrote:
Jacob Jarick wrote:
Thanks again Alan,
For reference the oriellys LDAP book
Thanks
On 4/23/07, Alan DeKok [EMAIL PROTECTED] wrote:
Jacob Jarick wrote:
Sorry to pester u Alan :P
Does mschapv2 also support ntlm_auth ?
Yes. The mschap module does both mschapv1 and mschapv2.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
From my recent thread with Alan, I have gathered that ldap only supports PAP.
PAP sends the password in plain text.
Is it possible to encasuplate PAP inside another protocol say EAP to
prevent from packet sniffers etc.
Failing that is it possible to asign vlans bases on ldap primary group
via
Jarick [EMAIL PROTECTED] wrote:
Forgive the newbie questions but I think its best to clear up confusion.
client - cisco - FR server = eap
FR - ADS 2003 = pap
Is that correct or am I way off track.
On 4/23/07, Alan DeKok [EMAIL PROTECTED] wrote:
Jacob Jarick wrote:
Thanks again Alan
Ok, I have read them all - the wiki's the unrelated novell howtos for
edirectory bought a Oriellys book on ldap (their FR + LDAP howto is
incorrect apparently) and googled countless times.
The articles on http://wiki.freeradius.org/LDAP arent much help they
just re-itterate whats in the config
These examples here look a bit more promising.
http://vuksan.com/linux/dot1x/802-1x-LDAP.html
-- Forwarded message --
From: Jacob Jarick [EMAIL PROTECTED]
Date: Apr 24, 2007 9:01 AM
Subject: Requesting Decent Freeradius + ADS 2003 + LDAP howto
To: FreeRadius users mailing list
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch31_:_Centralized_Logins_Using_LDAP_and_RADIUS#Configuring_The_.2Fetc.2Fraddb.2Fradiusd.conf_File
Another howto that instructs you to set DEFAULT Auth-Type := LDAP
-- Forwarded message --
From: Jacob Jarick [EMAIL
, no
document I have seen so far seems to cover it.
What encryption do you use for the ldap password in radius.conf ? so
that anonymous searches are not needed.
On 4/24/07, Jacob Jarick [EMAIL PROTECTED] wrote:
So the big question is, what Auth-Type do I use ?
If LDAP is not permitted (still
radius -X -f: http://pastebin.ca/455389
config files:
Hello All,
I have gone back to ntlm_auth for the time being instead of ldap due
to the incredibly frustrating lack of good documentation (if there are
good docs, link it or shutup).
None of the howtos/ tutorials I have followed end in success
radius -X -f: http://pastebin.ca/455389
config files: http://rapidshare.com/files/27607850/config.tgz.html
Hello All,
I have gone back to ntlm_auth for the time being instead of ldap due
to the incredibly frustrating lack of good documentation (if there are
good docs, link it or shutup).
None of
hahaha sorry alan.
Big mistake of mine, I am dsylexic and yer well there u go.
I was reading suse as fedors (dont ask why).
Sorry for the false alarm, I did check and double check but sometimes
I never see the words right once I have mis-read them until some1 else
points it out.
So I should be
Thanks again for the reply.
Yes it was a mistake on my behalf no1 elses (Im dsylexic and misread
the suse as fedora).
Thanks for catching me on that,
Keep up the good work guys.
On 4/19/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi,
Notes:
* The wiki glosses over a little and gives u
Here is my updated Install (now the same as the wikis) and yes works
the way I expected. Swapping to 1.1.6 now, then back to figuring out
LDAP :)
# cd /usr/src
# tar zxvf /root/Desktop/freeradius-1.1.6.tar.gz
# cp /root/Desktop/freeradius-1.1.6.tar.gz
/usr/src/redhat/SOURCES/
# cp
Freeradius 1.1.3 installed via YUM on Fedora (not suse :P)
radiusd.conf: http://pastebin.ca/447690
radiusd -X -A output: http://pastebin.ca/447693
domain: tfxschool.internal
ADS: tfxschoolfs01.tfxschool.internal
Hi again people,
I have been pouring through the oreillys LDAP book (quite
request asking about FR + win2k3 Allowing
Anonymous Searches in Active Directory.
Gentoo howto:
http://gentoo-wiki.com/HOWTO_Adding_a_Samba_Server_into_an_existing_AD_Domain
On 4/19/07, Alan DeKok [EMAIL PROTECTED] wrote:
Jacob Jarick wrote:
I have been pouring through the oreillys LDAP book
Unless I did something wrong mate it def doesnt build (dependancies
have diff names).
On the topic though. 1.1.6 built fine from the redhat spec file, I am
going to trial it once Im done with testing this ldap search problem.
On 4/19/07, Peter Nixon [EMAIL PROTECTED] wrote:
On Thu 19 Apr 2007,
On the topic of password encryption.
Kevin would you know how to encode a password for windows 2003 active
directory server. I need a user with permission to do active directory
searchs, it tries atm but fails because the password is not encrypted.
Even if you know what the encryption they use is
I just tried building 1.1.6 as an rpm on suse, it fails with this error.
[EMAIL PROTECTED] src]# rpmbuild -ba /usr/src/packages/SPECS/freeradius.spec
error: File /usr/src/redhat/SOURCES/freeradius-1.1.5.tar.gz: No such
file or directory
This is corrected instructions
Notes:
* The wiki glosses
for 1.1.6 or compile the
source but for now I will go back to using 1.1.3 that is provided with
fedora (it installs without dep errors).
-- Forwarded message --
From: Jacob Jarick [EMAIL PROTECTED]
Date: Apr 19, 2007 10:18 AM
Subject: 1.1.6 rpm build errors
To: FreeRadius users
Thanks again alan.
ntlm_auth error fixed, just working on the next 1 now :)
On 4/17/07, Alan DeKok [EMAIL PROTECTED] wrote:
Jacob Jarick wrote:
Im currently trying to configure freeradius to authenticate via a
win2k3 server, check the users group and then return a confirmation/
denial
radiusd -X -A output: http://pastebin.ca/444131
radius.conf: http://pastebin.ca/444132
OK Ive sorted that pesky ntlm_auth error, but I have encountered a
new 1 (at least its something new :D ).
The specific part of the error is below.
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap:
to confirm the user/passwd
against the ADS.
rlm_ldap: LDAP login failed: check identity, password settings in
ldap section of radiusd.conf
On 4/17/07, Alan DeKok [EMAIL PROTECTED] wrote:
Jacob Jarick wrote:
Im currently trying to configure freeradius to authenticate via a
win2k3 server, check
password = frpass
after:
identity = cn=freeradius,ou=admins,ou=radius,dc=tfxschool
password = frpass
It didnt seem to make any difference unfortunately.
On 4/17/07, Alan DeKok [EMAIL PROTECTED] wrote:
Jacob Jarick wrote:
Im currently trying to configure freeradius to authenticate via a
win2k3
radiusd -X -A output: http://pastebin.ca/444201
radiusd.conf: http://pastebin.ca/444205
I am slowly setting up FR to work with ADS, I had ntlm_auth working
fine but have been requested to swap to ldap
my current freeradius user is \admins\radius\freeradius
admins being an orgnisational unit,
when auth'ing against ADS what is the
command so I might test it.
Id really appreciate any info at all,
Thanks guys.
-- Forwarded message --
From: Jacob Jarick [EMAIL PROTECTED]
Date: Apr 17, 2007 4:55 PM
Subject: Help stuck on error: rlm_ldap: LDAP login failed: check
identity
Hello, Im looking for a company that can provide professional level of
technical support.
If any one here can reccomend one I would appreciate it.
I am after technical support, due to lack of good documentation on the
freeradius project. Most the stuff I need done has only incomplete
docs.
-
] wrote:
What's your location?
-Original Message-
From:
[EMAIL PROTECTED]
.org
[mailto:[EMAIL PROTECTED]
eeradius.org] On Behalf Of Jacob Jarick
Sent: Tuesday, April 17, 2007 10:25 PM
To: FreeRadius users mailing list
Subject: Technical support
Hello, Im looking for a company
Fedora 6, openldap rpms installed via smart package manager.
slapd.conf: http://pastebin.ca/445851
tfxschool.internal.lidf: http://pastebin.ca/445852
root.ldif: http://pastebin.ca/445854
ldapusers.ldif: http://pastebin.ca/445855
I decided to try setting up openldap in hopes of learning more
if that is
supported. I would assume your NAS should be listening for some custom
attribute to assign vlan tag to specific user group.
-Original Message-
From:
[EMAIL PROTECTED]
.org
[mailto:[EMAIL PROTECTED]
eeradius.org] On Behalf Of Jacob Jarick
Sent: Tuesday, April 17, 2007 10:52
Just added debug output to help.
Fedora 6, openldap rpms installed via smart package manager.
slapd.conf: http://pastebin.ca/445851
tfxschool.internal.lidf: http://pastebin.ca/445852
root.ldif: http://pastebin.ca/445854
ldapusers.ldif: http://pastebin.ca/445855
ldapadd -d9 -x -D
good
docs/ howtos that cover what I need in detail. All the howtos assume
ldap communication works flawlessly 1st got but unfortunately its
definitely not the situation.
Thanks again Alan, going to make a call about the ldap book.
On 4/18/07, Alan DeKok [EMAIL PROTECTED] wrote:
Jacob Jarick wrote
Hi, here is the current scenario:
* school with wireless access
* allready uses radius (soon to be freeradius)
* freeradius auth's via a win2k3 Active Directory Server
* teachers need to be able to log into WAP's a,b,c etc and be
automatically assigned to the teachers vlan
* priv students need to
I personally hate rpms and will compile all apps so no, I try rpms as
a last resort and Im not surprised when they fail with a big list of
dependancies.
I will look into it though and test on the next machine and report back.
On 4/16/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi,
Thanks
I should be more specific, I will compile all specially needed apps
after doing a norm installation.
Generic stuff like X etc, I dont care about unless it doesnt work.
On 4/16/07, Jacob Jarick [EMAIL PROTECTED] wrote:
I personally hate rpms and will compile all apps so no, I try rpms as
a last
Hi, Im just getting started with freeradius (trying to nut out dynamic
vlans atm) and I was wondering if this book would be a worth while
purchase.
I had a great experience with O'reillys bind and perl cookbook books.
Have any FR users used this book and if so your comments would be
appreciated.
It wasnt a random rpm and at the time I was unaware that the wiki had
been updated to list the latest rpms etc. So binarys are fairly well
supported by freeradius I take it.
On 4/16/07, Nicolas Baradakis [EMAIL PROTECTED] wrote:
Jacob Jarick wrote:
I personally hate rpms and will compile all
I will put it on order as reference is better than nothing :) I have
used radius before but not for ages (2000) I will be using it alot at
this new job so I will need all the good references I can get.
On 4/16/07, Alan DeKok [EMAIL PROTECTED] wrote:
Arran Cudbard-Bell wrote:
What put me off
I will start reading it all ASAP, thanks alot guys :)
On 4/16/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi,
Hi, Im just getting started with freeradius (trying to nut out dynamic
vlans atm) and I was wondering if this book would be a worth while
purchase.
I had a great experience
No probs guys, will check for bins 1st in future.
On 4/16/07, Alan DeKok [EMAIL PROTECTED] wrote:
Peter Nixon wrote:
Yep. The general plan is that we spend the time once building an rpm, and
then have much less questions on random build problems on various OS'
Ideally, we should have
Hello,
Im currently trying to configure freeradius to authenticate via a
win2k3 server, check the users group and then return a confirmation/
denial + vlan id for the cisco WAP to process.
Questions:
1: Is ldap the only way of retreiving the users group/s
2 - Can I talk directly to the ADS
Thanks to the people who helped me figure this out (big thanks to
Alan), this works perfectly on a fresh Fedora system.
Download, compile and install openssl
download freeradius 1.1.6
unpack in usr/src
cd freeradius-1.1.6
./configure --prefix=/usr
--with-openssl-includes=/usr/local/ssl/include
Jerry,
I hate to be a pain but what you have implemented atm is my next task
with freeradius.
Would you mind linking any howtos you use, thanks.
Also how do u get freeradius to find a users group then report it back
to the cisco / ap so it can decide what vlan the client belongs on.
Many thanks
not need to configure the users file.
I read the users.txt man page but it wasnt any help.
My krb5.conf is properly configured, running ntlm_auth from the
command line works perfectly.
Is there any howto that actually covers this properly.
On 4/13/07, Alan DeKok [EMAIL PROTECTED] wrote:
Jacob
ok will try another user, thanks again for the tips allan.
On 4/13/07, Alan DeKok [EMAIL PROTECTED] wrote:
Jacob Jarick wrote:
I start the wireless connection on XP, enter in user and password,
freeradius runs the ntlm_auth command but then it spits out this
hge message. Its so big
there could be some libs lurking around, but for the moment I will
stick with 1.1.3 until I resolve these authentication issues. My Job
depends on it.
On 4/13/07, Alan DeKok [EMAIL PROTECTED] wrote:
Jacob Jarick wrote:
*** glibc detected *** ./sbin/radiusd: double free or corruption
...
Its
://deployingradius.com/documents/configuration/active_directory.html
It covers Configuring FreeRADIUS to use ntlm_auth in a bit more detail
than the last one.
On 4/13/07, Jacob Jarick [EMAIL PROTECTED] wrote:
Freeradius 1.1.3
smb.conf http://pastebin.ca/437671
radius.conf http://pastebin.ca/437670
clients.conf
/EduRoam/Workshop+about+eduroam+implementation/freeRadius_AD_tutorial.pdf
5: Follow this guide, particulary the part about Configuring
FreeRADIUS to use ntlm_auth
http://deployingradius.com/documents/configuration/active_directory.html
On 4/13/07, Alan DeKok [EMAIL PROTECTED] wrote:
Jacob Jarick
I downloaded the latest FR, compiled but didnt install then used the
script to generate the needed certs, worked fine.
On 4/13/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi
I have just install the package of freeradius using yum which is
available for fedora 6. However, I found that the
have u tried this which was suggested by Nicolas Baradakis [EMAIL PROTECTED]
You could try to use the libltdl from Fedora instead of the one
from the FreeRADIUS sources.
$ ./configure --with-system-libtool
On 4/13/07, Alan DeKok [EMAIL PROTECTED] wrote:
Roberto Greiner wrote:
I've
Thanks for your prompt reply Alan,
My 1st post so forgive the omission, I will clear the logs then post
radtest and the log info tomorrow once at work.
On 4/12/07, Alan DeKok [EMAIL PROTECTED] wrote:
Jacob Jarick wrote:
Hi I have recently setup freeradius on fedora 6 and I need
@ the config files (I can only read
the attached ones atm).
Thanks again for the help :)
On 4/12/07, Jacob Jarick [EMAIL PROTECTED] wrote:
Thanks for your prompt reply Alan,
My 1st post so forgive the omission, I will clear the logs then post
radtest and the log info tomorrow once at work
for a temp fix I would make your perl script ping said ip before
checking for idle (perhaps a sleep timer) or you could simply have
each supposed active ip pinged every 1 - 2 minutes by a seperate perl
script.
Would you mind posting your checkrad.pl script, Im a perl hacker myself :)
On 4/12/07,
Hello, I am researching my current problem with freeradius not authenticating.
The user is rejected because the name is not found, our AD (w2k3)
sends usernames to freeradius in this format domainname\\username.
I have tried enabling the nt hack under the ldap section with no luck.
reading
I had the same issue on fedora 6, the temporary solution is to roll
back to FreeRADIUS Version 1.1.3. There is an rpm availble if you
google.
It compiles fine on gentoo though.
On 4/12/07, BOQUET Stephanie [EMAIL PROTECTED] wrote:
Hi,
when I execute radiusd, it ends with Abandon : a
How would I then tell radius to remove the domain\\ from domain\\user
On 4/13/07, Alan DeKok [EMAIL PROTECTED] wrote:
Jacob Jarick wrote:
Hello, I am researching my current problem with freeradius not
authenticating.
The user is rejected because the name is not found, our AD (w2k3
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file:
1 - 100 of 103 matches
Mail list logo