On Wed, 29 Jun 2005, Schuster Christian wrote:
Hi @ all,
I'm a freeradius newbie and try to authenticate a user against a active
directory . My freeradius has version 1.0.2
I googled a lot and found differend hints how to implement this. (ntlm,
pam-module), but no configuration example.
See I am trying to authenticate against the AD, but in my case the RADIUS
server is running on a Windows Server and my client is a Linux box. But
the problem I am having is that when I try to authenticate against the AD
from my Linux box I get error message in /var/log/messages
my radius server is running on a MS windows 2000
server?
I thought only thing I had to do is setup pam_radius_auth to talk to my
radius server.
___
Puneet Talwar
-Original Message-
From: Dusty Doris [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 29, 2005 4:15
on a machine.
-Dusty Doris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I have tryed both solution but don't work!!! :'(
this is the output:
#ldapadd -x -D cn=Manager,dc=unime,dc=it -W -f example.ldif
Enter LDAP Password:
adding new entry ou=radius, dc=unime,dc=it
adding new entry ou=profiles, ou=radius,dc=unime,dc=it
adding new entry ou=users,
I have tryed both solution but don't work!!! :'(
this is the output:
#ldapadd -x -D cn=Manager,dc=unime,dc=it -W -f example.ldif
Enter LDAP Password:
adding new entry ou=radius, dc=unime,dc=it
adding new entry ou=profiles, ou=radius,dc=unime,dc=it
adding new entry ou=users,
On Thu, 30 Jun 2005, Felice Pizzurro wrote:
Dusty Doris ha scritto:
I have tryed both solution but don't work!!! :'(
this is the output:
#ldapadd -x -D cn=Manager,dc=unime,dc=it -W -f example.ldif
Enter LDAP Password:
adding new entry ou=radius, dc=unime,dc=it
adding new entry ou
dn: cn=WLAN, ou=profiles,ou=radius,dc=unime,dc=it
objectClass: radiusProfile
cn: WLAN
radiusServiceType: Framed-User
radiusFramedProtocol: PPP
radiusFramedIPNetmask: 255.255.255.0
radiusFramedRouting: None
I think I know what's wrong. If you are using the most recent version of
that file,
The only part the does not work is the chap authentication all other
authentication works as it should. Our wholesale provider says we are
doing PAP just fine but no chap. They had very old instructions for
Freeradius but decided to start out with a totally clean install.
This user below is
DEFAULTSuffix == .ppp, Strip-User-Name = Yes
Hint = PPP,
Service-Type = Framed-User,
Framed-Protocol = PPP
DEFAULTSuffix == .slip, Strip-User-Name = Yes
Hint = SLIP,
Service-Type = Framed-User,
Framed-Protocol = SLIP
DEFAULTSuffix == .cslip, Strip-User-Name
On Thu, 7 Jul 2005, Radius wrote:
OK, so there is nothing you can see why it's not working?
The PAP authenticates work fine. it's CHAP that is failing.
Any other ideas?
Thanks
Bob
Well, the debug output you sent didn't contain a CHAP passwd. It failed
because you had set Auth-Type ==
you.
Dusty Doris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rad_recv: Access-Accept packet from host 63.174.xxx.xx:1645, id=1,
length=218
Proxy-State = 0x3735
Service-Type = Framed-User
Framed-Protocol = PPP
Ascend-Data-Filter = ip in forward tcp est
Ascend-Data-Filter = ip in forward dstip 63.174.xxx.x/24 0
The names are IRRELEVANT. The dictionaries matter only to the
RADIUS server and it's configuration files. I could rename all of the
attributes valuess to random words from the dictionary, and it would
make *no* difference to the clients.
To expand on what Alan was saying, for the
local websites, etc...).
-Dusty Doris
On Mon, 11 Jul 2005, Michael Fisher wrote:
Unfortunatly this solution must be able to scale up. We have already
assesed other technologies but they are not to our liking. Since there
will be many APs in a certain area so they must be abble to grab account
authorize {
redundant {
svr1
svr3
svr2
notfound = return
}
files
}
authenticate {
Auth-Type LDAP {
redundant { # wasn't sure if this was necessary
svr1
svr3
svr2
}
}
On Wed, 13 Jul 2005, Zawacki Jason D Ctr AFRL/IFOS wrote:
Hey folks,
Has anyone gotten redundancy working when using LDAP to perform
authentication and authorization?
Yep, its working for me in the lab.
I've been trying to get this to work, but it appears, to me, that the
redundancy is
You're using the LDAP-Group attribute, which is set to use svr1,
which is down. There's currently no fail-over for the LDAP-Group
attribute.
I dig, that's kind of what I thought (even if I didn't word it correctly).
Thanks for your help!
You can simulate redundancy for the
On Thu, 14 Jul 2005 [EMAIL PROTECTED] wrote:
You're right, sorry
Here's what I get in my radius.log
Error: WARNING: Malformed RADIUS packet from host 172.17.: Vendor
specific attributes do not exactly fill Vendor-Specific
That's the only error I get.
Please run radius under debug
On Thu, 14 Jul 2005, Shelbyville.Unwired wrote:
I would like to check group membership before authenticating user
login requests.
I currently have radiusd.conf setup such that all users can login.
However after spending several days reading man pages, and searching
these archives I haven't
Hi guys,
I use freeradius with poptop, just a question that im trying to figure
out, My radius server sees the NAS-Port-Type as Async whenever a vpn
connectio is made, is there anyway to change this to let radius see for
example as a vpn nas-port-type .Must this port-type come from my vpn
Hi,
I have made a system of authorization with freeradius 1.0.4 based on
LDAP attribute radiusGroupName and it works perfectly!
Now I have this problem:
I have on my access points two VLAN named data and students. I want to
create different group for the authorization to access to this
On Wed, 20 Jul 2005, Rohaizam Abu Bakar wrote:
Hi all,
Using Freeradius 1.0.4 (FB 4.11)
I want to grouping between dialup adsl... refer to users file below by
if if Ldap-Group ==ADSL is found, should authenticate/authorize by
ldapadsl and if not found, assuming dialup user and should
When clients vpn into my server this is what part of the access-request
comes to my radius server:
What you listed below is accounting, not access-request. Please post the
access-request, along with your reply.
rad_recv: Accounting-Request packet from host 192.168.2.254:32955,
id=89,
On Wed, 20 Jul 2005 [EMAIL PROTECTED] wrote:
My fault...members of that group are DENIED access. Now I get.
So, that leads me to another question. How do I change the syntax so that
users
are ALLOWED access if they are a member of the specified group? I tried
changing the line in the
I've tried using Autz-Tye but I can't seem to quite make it work. I'm
getting this erro: No authenticate method (Auth-Type) configuration
found for the request. I'm not sure where this should be set.
And I've inserted this int he users file:
DEFAULT Realm == domain.com
Autz-Type
On Wed, 20 Jul 2005, sean wagoner wrote:
Can the actual Filter ID be store in and retreived by the radius
server. By this I mean not just the name of the filter but it's actual
contents? If so how?
Sure. The file ldap.attrmap maps radius attributes to ldap attributes.
By default there is
[EMAIL PROTECTED] radiusd -l syslog
Didn't know freeradius did syslog, cool. Anyway, just tried it out on
freebsd 5.4. In man radiusd, it shows that when using -l syslog, there is
also -g to specify the facility, where it also shows the default is
daemon.
You will need to edit
On Fri, 22 Jul 2005, Mark Litchfield wrote:
Using:
FreeRadius 1.0.4
OpenLDAP 2.2.27
FreeBSD 5.4
We are trying to get FreeBSD to allow a user to be a member in multiple
groups. Here's roughly the way we have the tree laid out.
dc: treeroot
|_ou: accounts
| |_ou: domain1
|
Hi
I am running FreeRadius 1.0.4 with Postgres.
I have noticed that the sessiontime is sometimes calculated incorrectly
in the radacct table.
If you compare the acctsessionstart and the acctsessionend with the
acctsessiontime it does not match.
This is particularly true for connections
In the authorize stage it looks in both AD and ldap. In the
authenticate stage it queries both AD and ldap. The problem
is that in the authenticate stage it uses the basedn of the
server that returns the first ok in the authorize stage. So
if the username is in both AD and ldap, openldap
On Wed, 3 Aug 2005, Hamid Salim wrote:
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
You need to
The above problem line should be:
rlm_ldap: bind as uid=username, ou=People,
dc=university,dc=edu,c=us/test123 to
openldap.university.edu:1744
However, it is taking the userdn from the ad server which
gave the first authorize ok. What I need is for it to
attempt to authenticate with the
server (running on another machine). I have the vpn talking successfully to
freeradius, but I cannot get the onward connection to the LDAP to work. I
have validated that the server running freeradius is able to talk to the
ldap by using ldapsearch.
rlm_ldap: ldap_get_conn: Got Id: 0
Hi
How can I return multiple ldap attributes which have a same name?
For example, I want to get the 'Filter-ID' list from ldap.
Any idea?
Kevin
I believe you have to put them in ldap with the += value in it.
For example,
radiusFilterId: += something
radiusFilterId: += somethingelse
I
I think so, let me see if I can find a test machine around here and try
it. I might need that some day too.
On Tue, 9 Aug 2005, kevin wrote:
What? So, should I change the ldap attribute values with += ???
Any other way?
kevin
Dusty Doris wrote:
Hi
How can I return multiple ldap
On Tue, 9 Aug 2005, kevin wrote:
What? So, should I change the ldap attribute values with += ???
Any other way?
Yep, it works.
I did a test, with this DN only one filter-id was returned.
dn: uid=dustytest,ou=users,ou=radius,dc=test,dc=com
objectClass: radiusprofile
userPassword::
We have a customer oriented wireless network and we are trying to build a
central authentication system for it, so that we can add and easily control
customer radios from one location. What types of authentication should we be
using? What should be avoided? Any experiences to share?
I would use
Hi,
I was wondering if there's a way to look for users in differents LDAP trees
and/or servers depending of the suffix (@something) in the login. If it's
possible could someone show me the config ?
Thanks in advance.
Sure. First you need to define two ldap configs in radiusd.conf.
I just installed freeradius 1.0.5 on freebsd 5.4 and I am not having
problems with rlm_sql_mysql. I just started it up and used it for testing
an accounting packet. I haven't tried authentication, but I don't think
that should matter.
How did you build it? Since the port is still on 1.0.4,
works without problem for
me.
- - Original Message -
From: Dusty Doris [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Tuesday, September 27, 2005 12:44 PM
Subject: Re: Bus error - core dumped on freeradius 1.0.5
I just installed freeradius
-
From: Dusty Doris [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Tuesday, September 27, 2005 12:44 PM
Subject: Re: Bus error - core dumped on freeradius 1.0.5
I just installed freeradius 1.0.5 on freebsd 5.4 and I am not having
problems
Could someone show me how to process an access-accept via rlm_perl? The
example in the script example.pl still causes an access-reject nomater
what I try.
That isn't enough information, except to tell you to return a proper
value such as RLM_MODULE_OK. Please post debug output.
-
On Wed, 28 Sep 2005, Linda Pagillo wrote:
Hi everyone:
I have been using Freeradius v.0.9.3 for over a year and i wish to
upgrade to the latest version. Can anyone give me detailed instructions
on how to do this? I use Freeradius in a prodcution enviroment and i
can't afford to mess it up.
You consider that much work? I wish I had your job!
:)
On Wed, 28 Sep 2005, Linda Pagillo wrote:
Thanks for your reply. Is it really this much work to do a simple upgrade?
Is there a shortcut?
- Original Message -
From: Dusty Doris [EMAIL PROTECTED]
To: FreeRadius users mailing list
freeradius
0.9.3 on a different system and then upgrade it as a test and if everything
goes well i should do it on my production system?
- Original Message -
From: Dusty Doris [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Wednesday, September 28
freeradius
0.9.3 on a different system and then upgrade it as a test and if everything
goes well i should do it on my production system?
- Original Message - From: Dusty Doris [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Wednesday, September
It sounds strange because the unmodified radiusd.conf does not have
authentication, authorization or accounting enabled for sql. I followed your
instructions, and rlm_sql_mysql is not started because it has not enabled in
radiusd.conf.
Hmmm, maybe I didn't copy the right files over. I'll do
It sounds strange because the unmodified radiusd.conf does not have
authentication, authorization or accounting enabled for sql. I followed your
instructions, and rlm_sql_mysql is not started because it has not enabled in
radiusd.conf.
You're correct. I copied files I thought were an original,
and I still get segfaults. ( I have built freeradius 1.0.5 from source /
FreeBSD 5.4-RELEASE-p6 )
Just in case this helps at all, here is my pkg_info and uname -a.
# pkg_info
bash-3.0.16_1 The GNU Project's Bourne Again SHell
cvsup-without-gui-16.1h_2 General network file distribution
radiusd -v
check the radiusd manpage for more info on startup flags
On Thu, 29 Sep 2005, Linda Pagillo wrote:
Linda Pagillo
Director of Technical Services
N2 The Net, LLC
[EMAIL PROTECTED]
931-372-9179
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
with these machines. I will be setting up another instance of it in our
lab next week to mirror production, so if I run into any problems I'll let
you all know and maybe I can get Alan or whomever temporary access to that
machine to check it out. But so far, I just haven't seen any problems.
-Dusty
a few thing would be nice to know to maybe localize the problem further:
Are you running FreeBSD 5.4-Release or 5.4-Stable?
Which MySQL version are you running and do you have compiled it with native
threads or with linuxthreads?
I installed freebsd 5.4-release and then updated the source
Good morning Mr. DeKok:
Thank you for your reply. Could you please tell me what i need to do to
correct this issue? Which file do i have to fix?
clients.conf is where you put the shared secret for the client to use.
So, either fix the shared secret there to match your client, or change the
Building my FR server, I have the choice of a number of operating system for
my FreeRADIUS server.
Anybody with a suggestion which operating system is best suited for FR?
I like to run FR on a VPS (virtual private server) using one of the
following OS:
- FreeBSD 4.9 (jail)
- FreeBSD 5.2 (jail)
-
Just wondering if you've had any luck? I just installed freeradius 1.0.5
from the ports tree (it was finally updated) on a freebsd 5.4 jail and its
starting up for me. I've got to run to a meeting now, but I will be
testing it later with actual data.
-Dusty
-
List
Hi,
Anyone ever tried building current snapshot from cvs on freebsd 5.4-
release? Tried searching from the archive and seems like this wasn't
resolved yet.
Anyone?
I did it successfully a few weeks ago. I'll give it a shot again next
week if I have time.
-
List
All,
Please help with instructions on how to download the CVS ver of freeradius
mentioned below. I'm new to Linux. I know how to tar, configure, and make.
Don't know how to CVS.
$ cvs -d :pserver:[EMAIL PROTECTED]:/source login
type in anoncvs as password
$ cvs -d :pserver:[EMAIL
On Thu, 13 Oct 2005, jean wrote:
Hi All,
I am running freeradius 1.0.5, it seems to start with no errors and
listens on the default ports 1812 1813, should I be able to telnet to
these ports to check if it accepts connections on them?
No, telnet uses tcp.
-
List
Thanks. Went to http://www.freeradius.org/development.html#cvs. Made
assumption I need to download CVS. Went there and downloaded it. Came back
and executed the command listed on
http://www.freeradius.org/development.html#cvs:
cvs -d :pserver:[EMAIL PROTECTED]:/source login
I entered the
probably still see it commented out in /etc/services)
-Dusty Doris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Infusino, Michael - ADP Dataphile wrote:
I am using radius to authenticate access from VPN.
Would anyone now how to record the IP address the user is assigned after
they log in.
Michael
How does a little dynamic dns strike you? Make sure to actualy read below and
attached scripts and
need realms and probably never will, that config
entry will do exactly you need.
-Dusty Doris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
there will be
a way to do it, you could always call an external program or use rlm_perl
to build some login into it to do this for you.
-Dusty Doris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
,
performance wise, that they could share with me to help my decision?
I am using rlm_perl in production right now. Its been working flawlessly
for me. I'm using it with freeradius 1.0.2.
-Dusty Doris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
DSL modems that get a dynamic IP out of a pool and about 8,000 that
get a static IP. We get about 1-2 radius requests per second.
I'll document it one of these days and then post it to the list. I just
haven't had time yet to do it.
-Dusty Doris
-
List info/subscribe/unsubscribe? See http
I want to make an option not to proxy accounting but log locally.
What option can I take? Should I make a preproxy code for this function?
In proxy.conf, you define where to send the accounting packets.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Tue, 25 Oct 2005, Miguel wrote:
Hi, im having problems implementing simultaneous-use on a cisco AS5400, is
the same problem addresses in this thread
http://lists.cistron.nl/pipermail/freeradius-users/2005-March/041894.html
Ok, i know what the problem is, but how can i instruct the cisco
On Wed, 26 Oct 2005, hannibal wrote:
hi, everyone, i got these logs:
--
modcall: group authorize returns reject for request 37
Delaying request 37 for 1 seconds
Finished request 37
// why finished
On Tue, 1 Nov 2005, Daniel Torres wrote:
Hi,
First of all excuse my englis it is not very well, i wanted to know if
somebody has been able to set a freeradius server to assign static IP or
if it is possible to assign static IP with freeradius1.0.5.
Thanks for the information.
Yes, I do
from source before the ports tree was updated.
Anyway, I'm on the list and read it often, so if you've got freebsd
specific questions, feel free to ask.
-Dusty Doris
BTW this is fun to look at.
Below is the last of our old systems, that I haven't replaced yet. Will
be doing so in the next few
I have a case where I use Freeradius for proxy auth/acct to home servers.
Before the answer goes back to the Nas I need to add some attributes and now
looking for the best way of doing this.
You can do this with the rlm_attr_filter. Read the attrs file and man
rlm_attr_filter.
-
List
Hi Dusty,
Now, I'm running freeradius 1.0.5 on freebsd 5.4. We handle about 75,000
logins per day between 3 servers and are using openldap as a backend, which
stores about 400,000 users. We use radrelay to push all the accounting
into a mysql db.
Can you comment on the accounting record
Thanks for the advice.
Didn't get a change to get good numbers for you today, but here is at
least something.
I took a look at our records for today and we have about 70,000
entries, with only 1500 of them without a stop yet. I can't get a good
estimate at packets right now because I'm
experienced.
I'm in the same boat as you, and trying to give back by occassionally
responding to threads here and sending in some documentation whenever I
get the time to write some up.
-Dusty Doris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
when a radius client ask my freeradius, if the Realm is I want to
autorize him with the first SQL server and if the Realm is with
the second one.
I already have two diferent sql configuration files, sql1.conf and
sql2.conf, with instance name SQL1 and SQL2.
I had been trying to do
what do you think if we try to use a Perl module inside of the autorize
section?!?!. I want the Perl module to decide between my two sql servers
depending of the incoming realm, I think this can be a possible way to
take. If you have any idea please let me know. Thanks!!
That should work too.
Following the docs, I have the files db.ipindex and db.ippol set up,
and the main_pool is configured in radiusd.conf. user 'gerret' is the
gunea pig with the following radcheck table entries:
| 1354 | gerret | User-Password | == | testpw |
| 1491 | gerret | Pool-Name | == | main_pool |
On Thu, 17 Nov 2005, Jean Gaudreau wrote:
I'm looking for a script in php that can produce some stats from MySQL.
Anyone ?
What kind of stats?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
it is.
-Dusty Doris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. The performance hit
you will take for indexing that attribute is probably not even close to
the performance gain you will get having cn indexed for searches.
This is especially true with the newest versions of openldap (2.3).
Dusty Doris
-
List info/subscribe/unsubscribe? See http
Radiusd.conf:
filter =
((sAMAccountName=%{Stripped-User-Name:-%{User-Name}})(memberOf=CN=rptp
cps,OU=Datawave Users,DC=corp,DC=van,DC=dwave))
This works fine. However I can't get it to return any replyItems. Has
anyone gotten this to work with Active Directory? All the docs I see
Norbert Wegener [EMAIL PROTECTED] wrote:
authenticate {
#ldap1
group {
ldap1 {
You can't use anonymous groups in the authenticate section. You
have to explicitely use Auth-Type, and give it a name. This is
because only ONE auth-type is run from that section. So if you had an
On Wed, 30 Nov 2005, Alhagie Puye wrote:
Ok, So I played around some more with the settings.
Actually group and groupofnames are not correct attributes for user.
It is supposed to be memberof. So I changed line in ldap.attrmap to
look like:
replyItem Class
I did configure one radius server (A) to proxy incoming requests to an other
radius server (B, this later one using pam).
First question:
I don't find a way to add a NAS-Identifier value inside the proxied
request, so that B server could check it...
preproxy_users will do this for you.
How
Well, most of our email accounts are in a different organizational unit,
and they use posixAccount (so based off of uid). However, our radius
organizational unit is separate ... and I'm now using type account with
cn's. You're saying this is ok?
Its probably fine.
The only reason I was
AFAIK - NO - it is way to simple to work like that. Squid is only a
cache. You could redirect an user to a login site with your firewall script,
after he logs in, you could redirect him to squid ( at least his http
traffic ). But again AFAIK there is no radius client module for squid. Nor
I'm running it fine right now on freebsd 5.4. I installed everything from
ports. I first installed mysql server from ports.
I'm runnning mysql-server-4.1.14
cd /usr/ports/databases/mysql41-server/
make install clean (I didn't specifiy any unique make options)_
cd /usr/ports/net/freeradius
From reading debug logs, am I correct in concluding that rlm_ldap's
behavior:
- when processing authorize{ } is to bind to the LDAP as the provided
administrative DN and search for the DN of the user in the Access-Request
packet
- when processing authenticate{ } is to, if successful during
Maybe my last question was unclear this morning.
Therefore I would like to rephrase it:
Checkitems may be defined via ldap.attrmap e.g. like:
checkItem User-Category primaryGroupID
Those items, retrieved from an ldapserver and thus not part of the request:
Are they
I changed the users file as you recommended, the ldap.attrmap contains the
additional line:
checkItem User-Category primaryGroupID
Unfortunately also in this case only the Reject entry matches, although the
primaryGroupID seems to passed to User-Category:
radiusd -AX
Thank you, I got it and already tried that attribute. The behaviour is a bit
better, but does not really lead to the desired result, as the client gets
an:
Incoming RADIUS packet did not have correct Message-Authenticator - dropped
Well, at least you've got the ldap part working. The
On Fri, 16 Dec 2005, David Bickle wrote:
Does anyone know how to configure a proxy for the forwarding of no reply
accounting requests? In particular I am interested in accounting start/stop
packets.
Thanks,
What does forwarding of no reply accounting requests mean?
-
List
although I have not yet found the culprit, it is calming to know the reason
behind. I have read this and that documentation about freeradius during the
past time, but this one I think, did never cross my way. Is there a document,
where this behaviour is described?
I believe its your users
rlm_ldap: login attempt by mike with password mike123
radius_xlat: '(SamAccountName=mike)'
radius_xlat: 'CN=Person,DC=chikka,DC=ph'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 192.168.1.1:389,
You want to allow any client that matches what is in the clients.conf file
in, correct?
The secret in your clients.conf file is used to encrypt and sign packets
between the clients and the server. It is not used for authentication.
Have you tried adding the IPs to some type of backend?
For
Let's say I have 2 groups: students and faculty.
I want to authorize authenticated members of the LDAP group
cn=students,ou=Groups IFF their Access-Request Called-Station-ID =~
/:StudentWLAN$/
I want to authorize authenticated members of the LDAP group
cn=faculty,ou=Groups IFF their
On Mon, 19 Dec 2005, Stefan Adams wrote:
Hey, guys! Thanks for the great replies!! I like what you suggested
better than what I've come up with in the mean time. I think what I
came up with will work, it just seems messy/wrong/inefficient. What
do you think?
modules {
ldap {
The secret in your clients.conf file is used to encrypt and sign packets
between the clients and the server. It is not used for authentication.
Based on what you mention here and what someone else on the list mentioned
earlier, I think the reason the secret is ignored is because it is used to
Again, I did want to mention that only CHAP request fail, others go through
fine with an Accept.
#
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet
1 - 100 of 127 matches
Mail list logo
