On Tue, 2007-07-10 at 10:34 +0100, [EMAIL PROTECTED] wrote:
Im currently trying to setup FR to authenticate a user / machine
regardless of password
..
In the end I hope to have the ldap check if dialup access is allowed,
if it is then check if user / pass is correct via ntlm.
This makes no
we a trying to add mac authentication to our wireless aps radius request
comes in like so.
rad_recv: Access-Request packet from host 10.250.100.3:1038, id=119,
length=95
Service-Type = Framed-User
NAS-Port-Id = wlan1
User-Name = 00:0B:6B:56:1D:48
User-Password =
for me.
Hope it helps..
Mart
Alan Walters wrote:
we a trying to add mac authentication to our wireless aps radius request
comes in like so.
rad_recv: Access-Request packet from host 10.250.100.3:1038, id=119,
length=95
Service-Type = Framed-User
NAS-Port-Id = wlan1
Where is the ldif of the client file
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dusty Doris
Sent: 01 July 2005 13:42
To: FreeRadius users mailing list
Subject: Re: radiusprofile entry don't work
I have tryed both solution but don't work!!! :'(
Below is a snip from my radius group search. And below this
is the group portion of my radiusd.conf can someone
let me know where I am going wrong???
I would like to know how to stop it doing the second search
on my ldap for the objectclass
= *
I dont mind the first one because it has
Radius
does not seem to be searching or adding my reply items for my user-profiles
from ldap. It does not even look for them??
Does
someone have a wonderful solution for how to remedy this
DEFAULT
Huntgroup-Name == internet, Ldap-Group
== ballyvaughan, User-Profile :=
The output is debug.
Radiusd -xx
It does not seem to be even looking for it
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan
DeKok
Sent: 28 June 2005 16:06
To: FreeRadius users mailing list
Subject: Re: user-profiles
alan walters [EMAIL PROTECTED
Yes this is my experience as well. Running v 1.0.2 there was nothing in the
change log for 1.0.3 to say this was fixed either.
Just as a note when I posted these findings nothing came back.
I was using an ldap backend as well. It would be great to have a detailed
explaination of this one and
I have a configuration similar to your no one option.
From readinr the huntgroups how to and the users how to, this seems to
be the most correct method to use.
I have a second issue with this in that the users file has a defulat
reject if the group is not matched. This also is not being used
Dustin I get matchs in my users files. But the huntgroup seems to just be
bypassed.
Could you PM me with a users file and huntgroups file incase it is a syntax
issue.
thenks
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dustin Doris
Sent: 13 June
Cant use crypt with chap and ldap
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Phillips
Sent: 08 June 2005 18:19
To: freeradius-users@lists.freeradius.org
Subject: MSChap/LDAP Question
I'm trying to authenticate MSChap with LDAP (LDAP has
Continuing with huntgroups and groups. I followed the most recent
instructions below.
The client uses the default group below.
I see the reply message come through in the request
But the request gets access accept instead of access reject?
So I have groups working fine now if the client is in a
group all is ok.
as per the example
below the client is not in a group. At the bottom is the users file.
Is there a reason why the client does not get a accept-reject
rlm_ldap: Entering ldap_groupcmp()
rlm_ldap:
I am attempting to work this out. I have the following set in my modules in
ldap of the radiusd.conf
groupname_attribute = cn
groupmembership_attribute = radiusGroupName
I have this in my users file.
DEFAULT Ldap-Group == lisdoonvarna
Huntgroup-Name == internet,
User-Profile :=
Please post radiusd -X output. Specifically the part on ldap searches and
where the USERS file is matched.
Relevant part of radius -X
(auth is successful and group correct)
rad_recv: Access-Request packet from host 10.250.3.1:56020, id=246, length=188
NAS-Identifier =
of free radius
users I would think.
Would love to here some more information on this from others to see how we
should progress on this
Regards
Alan walters
I've already done some work to get this working, its pretty much
finished, but I'll try to do finish it off in the next couple of week
I agree entirely with the huntgroups ordering.
I was considering simplifying the idea a little.
(1) Have a limited number of hunt groups and have more
Groups in the users file.
(2) for example order your ldapgroup entries my NAS.
And add the priority feature to here.(the only reason that I
I am trying to get free radius working with huntgroups and ldap.
A couple of problems are occurring?
(1) modcall[authorize]: module files returns notfound for request 1
But the user can still login how can I stop this?
(2) rlm_ldap::groupcmp: Group disabled not found or user not a
If the member is part of a group it is working now.
But when the user is not in a valid group this happens.
rlm_ldap::groupcmp: Group default not found or user not a member
ldap_release_conn: Release Id: 0
users: Matched DEFAULT at 28
this group is as follows
DEFAULT Auth-Type
I have groups configured in the preprocess section.
If the user is in a valid group all is fine the user logs on.
But if the user is a valid user and not in a group they get logged in as well.
Is this the way freeradius should work???
Snip from users file
DEFAULT Huntgroup-Name =3D=3D
Just thought I would run an idea by the insightful list members.
This seems to work but I was looking for ideas or improvements
Huntgroups:
Huntgroup1 NAS-IP-Address == 192.168.1.1,
Group = vpn,
Group = internet-access
Users:
DEFAULT Huntgroup-Name ==
I thought there where plans to be able to store NAS information in an ldap
database can anyone give me a heads up on this.
(1) is it really planned?
(2) is there any info on how it is planned to implement it. I would like to try
to plan for it now if at all possible
Regards
alan
--
No
the radius fell over onto another ldap. Is this possible
Regards
Alan walters
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.8.2 - Release Date: 28/01/2005
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
23 matches
Mail list logo