On Tue, Mar 5, 2013 at 9:17 PM, Arran Cudbard-Bell
a.cudba...@freeradius.org wrote:
On 5 Mar 2013, at 18:03, Matt Zagrabelny mzagr...@d.umn.edu wrote:
On Mon, Mar 4, 2013 at 4:28 PM, Arran Cudbard-Bell
a.cudba...@freeradius.org wrote:
You know SQL supports groups right? and that a group
On Mon, Mar 4, 2013 at 4:28 PM, Arran Cudbard-Bell
a.cudba...@freeradius.org wrote:
You know SQL supports groups right? and that a group matching can be
conditional on attributes in the request? and that you can add aditional
config items to client definitions to mark them as a special
On 5 Mar 2013, at 18:03, Matt Zagrabelny mzagr...@d.umn.edu wrote:
On Mon, Mar 4, 2013 at 4:28 PM, Arran Cudbard-Bell
a.cudba...@freeradius.org wrote:
You know SQL supports groups right? and that a group matching can be
conditional on attributes in the request? and that you can add
Greetings,
I am configuring a general purpose RADIUS server that any number of
clients can connect to for authn - it uses a PostgreSQL DB as the
backend datastore. I would also like to setup a secondary RADIUS
server listening on a different port (ie. 1814) and use the same Pg DB
as a backend,
On 04.03.2013 21:56, Matt Zagrabelny wrote:
Greetings,
I am configuring a general purpose RADIUS server that any number of
clients can connect to for authn - it uses a PostgreSQL DB as the
backend datastore. I would also like to setup a secondary RADIUS
server listening on a different port (ie.
On 04.03.2013 22:17, Olivier Beytrison wrote:
On 04.03.2013 21:56, Matt Zagrabelny wrote:
Greetings,
I am configuring a general purpose RADIUS server that any number of
clients can connect to for authn - it uses a PostgreSQL DB as the
backend datastore. I would also like to setup a secondary
On Mon, Mar 4, 2013 at 3:27 PM, Olivier Beytrison oliv...@heliosnet.org wrote:
On 04.03.2013 22:17, Olivier Beytrison wrote:
On 04.03.2013 21:56, Matt Zagrabelny wrote:
Greetings,
I am configuring a general purpose RADIUS server that any number of
clients can connect to for authn - it uses
On 4 Mar 2013, at 15:56, Matt Zagrabelny mzagr...@d.umn.edu wrote:
Greetings,
I am configuring a general purpose RADIUS server that any number of
clients can connect to for authn - it uses a PostgreSQL DB as the
backend datastore. I would also like to setup a secondary RADIUS
server
Hi,
I'm looking for some input from the experts to help validate a solution
approach that I've come up with. The problem I'm trying to solve is that
allow NAS equipment and other RADIUS clients to authenticate users against
a proprietary authentication service that uses REST APIs over HTTP.
The
Walter Goulet wrote:
I'm looking for some input from the experts to help validate a solution
approach that I've come up with. The problem I'm trying to solve is that
allow NAS equipment and other RADIUS clients to authenticate users
against a proprietary authentication service that uses REST
Hi,
The question to the list, are there other solution approaches that might
be better? Any significant disadvantages to using rlm_perl as I've
described? Would it be better to write a custom module instead, hoping
that by doing so there may be some performance improvements?
PERL
Oh wow; that's even cooler! I'll give that module a shot.
Thanks!
On Sun, Feb 17, 2013 at 4:12 PM, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
The question to the list, are there other solution approaches that
might
be better? Any significant disadvantages to using rlm_perl as I've
On Sun, Feb 17, 2013 at 11:05 PM, Walter Goulet wgou...@gmail.com wrote:
I'm looking for some input from the experts to help validate a solution
approach that I've come up with. The problem I'm trying to solve is that
allow NAS equipment and other RADIUS clients to authenticate users against a
Thanks for your input; your descriptions of limitations you ran into is
helpful. I think I will stick with using rlm_perl for now; I definitely
don't want to tackle writing my own stripped down RADIUS server. If
performance or scale become problems I will investigate other options at
that time.
On 17 Feb 2013, at 18:38, Walter Goulet wgou...@gmail.com wrote:
Thanks for your input; your descriptions of limitations you ran into is
helpful. I think I will stick with using rlm_perl for now; I definitely don't
want to tackle writing my own stripped down RADIUS server. If performance or
On 02/03/2012 12:27 AM, Dan Letkeman wrote:
This would be a nightmare to manage. We have 2000+ clients. I see
the advantage, if the certificate was compromised that this would be
important, but how in the world would you manage this?
Use the Microsoft CA, and use machine auto-enrollment.
Hi,
Personally we (plan to) use PEAP/MS-CHAP, and check the machine account
against AD using ntlm_auth.
this is what we do for machine authentication (wired/wireless)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ok, so there are two problems with these scenarios in our environment.
We do not run AD, we run eEdirectory, and the computers are not
assgined to the users, they are all shared computer labs. This is why
having separate certs for each machine is impossible as we would have
to go around and
On 02/03/2012 02:08 PM, Dan Letkeman wrote:
Ok, so there are two problems with these scenarios in our environment.
We do not run AD, we run eEdirectory, and the computers are not
assgined to the users, they are all shared computer labs. This is why
Ah.
This has come up on the list before. I
When private key corresponding to digital certificate is stored on
computer's hard disk it is not stored securely. The only way to store
private key securely is using smart card.
Private key is stored on smart card in a way that it cannot be read.
Computer send data to the smart card and
Thank you for the quick reply.
Would you recommend doing anything differently? Perhaps a different EAP type?
If I wanted redundancy should I just setup a secondary radius server
with the same settings and add it to the list of servers that are
available?
Thanks,
Dan.
On Thu, Feb 2, 2012 at
Hi,
On Wed, Feb 01, 2012 at 10:25:29PM -0600, Dan Letkeman wrote:
We primarily use windows 7 on the machines that will authenticate, and
they are all connected to cisco switches and access points. If I
understand things correctly I have the option of authenticating based
on users,
On Thu, Feb 2, 2012 at 4:47 PM, Matthew Newton m...@leicester.ac.uk wrote:
Hi,
On Wed, Feb 01, 2012 at 10:25:29PM -0600, Dan Letkeman wrote:
We primarily use windows 7 on the machines that will authenticate, and
they are all connected to cisco switches and access points. If I
understand
On Thu, Feb 02, 2012 at 06:27:31PM -0600, Dan Letkeman wrote:
On Thu, Feb 2, 2012 at 4:47 PM, Matthew Newton m...@leicester.ac.uk wrote:
That will work, but you shouldn't. Create a different certificate
for each client, and for the radius server, all signed by the same
CA.
This would be
Il 03/02/2012 01:27, Dan Letkeman ha scritto:
That will work, but you shouldn't. Create a different certificate
for each client, and for the radius server, all signed by the same
CA.
This would be a nightmare to manage. We have 2000+ clients. I see
the advantage, if the certificate was
Hello,
I'm new to using radius servers and I have a few questions on best
practices and design.
We primarily use windows 7 on the machines that will authenticate, and
they are all connected to cisco switches and access points. If I
understand things correctly I have the option of authenticating
Dan Letkeman wrote:
From what I understand I need to create myself a certificate and
install that certificate into the freeradius server and into each of
my client computers.
Yes.
Then I need to configure my switches to connect
use the freeradius server to allow the traffic through when
Alan DeKok wrote:
- Is there any downloadable Freeradius + LDAP virtual machine for testing ??
No. Download a virtual machine, and install FreeRADIUS on it.
Actually; there is: http://www.vmware.com/appliances/directory/69328
Having said that; I haven't tested it myself, I don't know which
Ramm-Ericson, Johannes wrote:
Having said that; I haven't tested it myself, I don't know which version of
FreeRadius is installed, I can't see much in the way of documentation, etc.
So, if you test this be aware that there are limitations and all things
considered it may be better to start
Ric2009 wrote:
Requirements :
- 802.1x Authentication for wired and wireless clients ( Windows XP with
Novell Client )
FreeRADIUS does that...
- Single sign on login to Novell eDirectory and Active Directory
That isn't a RADIUS thing.
- Radius Authentication should run over
) for multiplaform 802.1x login. But I don't
know if it's possible to do the same without it.
- Is there any downloadable Freeradius + LDAP virtual machine for testing ??
Thanks a lot !
Ric2009
--
View this message in context:
http://old.nabble.com/Design-question-considering-802.1x-%2B-edirectory-%2B
Hi
We have a very simple freeradius setup today. We use freeradius 1.0.5
with PEAP/MS-CHAPv2 and users file.
My boss has asked be about making this configuration a bit more flexible
and easier to admin.
He also wants some new features.
The keywords are hotspot, web-frontend and possibly
Perhaps a simpler method of doing 'smartcards' like you're referring
to is to make single-use username/passwords printed on small cards
(which can be done within chillispot I believe), which the consultants
just pick up from reception, enter in the details, and get a prepaid
hour or whatever.
33 matches
Mail list logo