On 03/01/2010 09:14 AM, Tong Anh Quan wrote:
Hi all,
Can someone give me a confirmation?
Details below:
- In modules/ldap, I configures:
- In modules/pap, I changed the auto_header option to yes.
- In eap.conf,
+ Set the default_eap_type = mschapv2 in peap section
No, sorry.
You cannot
On 03/03/2010 03:01 PM, omega bk wrote:
2) set the switch to use RADIUS return attributes for VLAN (and for
session time etc)
and set the fail VLAN and guest VLAN to Y = that's really what i want
to do so in my users file
myuser Cleartext-Password := user
Tunnel-type
On 10/03/10 15:52, Whitmarsh Mark (Leeds Teaching Hospitals NHS Trust)
wrote:
Hi,
I've included the ntlm_auth command line - is that what you meant by
can you cut and past your ntlm_auth line
ntlm_auth --request-nt-key --domain=XXX.local --username=XXX
password:
NT_STATUS_OK: Success (0x0)
On 11/03/10 14:35, Rosario Lumia wrote:
Hi to all.
I've this configuration:
- freeradius 2.x
- in mysql i have user rosario with attribute NT-Passwors and value
NTHash of my password
when i try to use radtest works greatlly.
But i have a web library the try to authenticate the same user
On 03/29/2010 02:25 PM, Ben Thompson wrote:
On Mon, Mar 29, 2010 at 01:02:09PM +0100, Leighton Man wrote:
Is there any way to make this work?
I have it working with:
update reply {
Tunnel-Type = VLAN
Tunnel-Medium-Type = IEEE-802
On 04/01/2010 05:39 PM, Marlon Duksa wrote:
Hi everyone -
Can anyone think of a reason why the NAS-IP and the scr-IP of the
access-req packet should not be the same?
If the NAS-IP is configurable in the NAS, then the NAS-IP can be set to
the IP address other than the src-ip of the NAS that is
On 04/06/2010 07:36 AM, Alan DeKok wrote:
Stefan Winter wrote:
That means pretty much every new RADIUS attribute will be hampered in
FreeRADIUS by their hijacking of more than half of the IETF's space!
Yes.
I
noticed that in other conflicting cases, the corresponding attributes
were put
On 08/04/10 14:27, Stefan Winter wrote:
Hello,
I wonder if anyone else has come across this already... Google is not
very helpful here.
We're setting up a VPN Server (strongswan) with Windows 7 in IKEv2 mode.
The client side is supposed to authenticate with PEAP(*) to FreeRADIUS.
That works
On 04/16/2010 10:37 PM, Difan Zhao wrote:
Users file:
host/neteng-sp1.gtcorp.com Auth-Type := Accept
That won't work I think. The hosts are expecting to do EAP/PEAP+MS-CHAP
(or EAP-TLS) and you'll need appropriate server-side auth mechanisms to
issue the correct challenge/response values.
On 24/06/10 16:23, Raymond Norton wrote:
Yes, but when I try to use -X , it says:
Usage: /etc/init.d/freeradius start|stop|restart|force-reload
That's the init script. Run the daemon directly:
/usr/sbin/radiusd -X
-
List info/subscribe/unsubscribe? See
On 24/06/10 16:32, Raymond Norton wrote:
That brings me back to my first post-no radiusd.
Well, maybe it's in a different location.
What OS are you using? Have you queried the package manager for your OS
to find the location of the binaries?
If you didn't use a package manager, and
rad_recv: Access-Request packet from host 127.0.0.1 port 50670, id=151,
length=57
User-Name = billy
User-Password = password
NAS-IP-Address = 127.0.1.1
NAS-Port = 1
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
On 24/06/10 17:33, John Dennis wrote:
On 06/24/2010 12:21 PM, Raymond Norton wrote:
[ldap] looking for reply items in directory...
WARNING: No known good password was found in LDAP. Are you sure that
the user is configured correctly?
You don't have the userPassword mapped in
On 25/06/10 14:21, Nathan McDavit-Van Fleet wrote:
Okay,
I’ve had a working config with the following for the past month.
TTLS-LDAP
PEAP-AD
PEAP-Local Users File
After a month running everything perfectly, 3 days ago the “PEAP-AD”
portion of the AAA failed. This is for wireless auth.
On 25/06/10 15:44, David Peterson wrote:
I am having EAP issues with MSCHAPv2 packets. Does this output point to
misconfiguration of FR or a NAS issue or both?
Since you trimmed the debug output, it's impossible to be sure, but it
points to the password on the client and server not being the
On 02/07/10 12:26, loki wrote:
Hello all.
I need some kind of solution very urgent. My question was - is it
possible to set Framed-IP-Netmask, together with IPs through
sqlippool, somehow by default, via groupreply or something, or to
change sqlippool somewhow to achive this. Or is this only
On 02/07/10 15:18, loki wrote:
At 15:23 2.7.2010, you wrote:
On 02/07/10 12:26, loki wrote:
Hello all.
I need some kind of solution very urgent. My question was - is it
possible to set Framed-IP-Netmask, together with IPs through
sqlippool, somehow by default, via groupreply or something, or
On 09/07/10 15:17, Thiago Gonzaga B. Galvão wrote:
So, anyone have any ideas how to get the TGT to make de single sign-on
that I want?
This is not a Radius issue and not a FreeRadius question, and doesn't
belong on this mailing list.
Google mod_auth_kerb
-
List info/subscribe/unsubscribe?
snip lots of stuff about socket permissions, then...
Sending Access-Accept of id 225 to 10.4.1.2 port 2452
Reply-Message := Authorized Users Only
MS-CHAP2-Success =
0x01533d394446363039333941453431374638353841434436324439374137343844413541313936
On 07/14/2010 04:46 PM, Lovaas,Steven wrote:
Rather than deal with the never-ending tail-chasing between samba and
Microsoft, I've decided to move toward using FreeRadius as a proxy
for the Windows radius implementation (formerly IAS, now called NPS).
I haven't completed the change, so I'm sorry
On 07/14/2010 11:17 PM, SagiBarOr wrote:
Files posted.
No.
Post the output of radiusd -X to the list.
We don't need anything else; just that.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 07/14/2010 06:58 PM, freerad...@corwyn.net wrote:
At 11:47 AM 7/14/2010, you wrote:
Sending Access-Accept of id 225 to 10.4.1.2 port 2452
Reply-Message := Authorized Users Only
MS-CHAP2-Success =
0x01533d39444636303933394145343137463835384143443632443
On 07/20/2010 01:12 PM, Lionne Stangier wrote:
That disagrees with what you said earlier:
1) it doesn't need certs
2) the cert is on the phone
I mean you must not manually install the certificate.
And you can't change the way some things work. EAP-TLS methods
require certificates. Don't
On 07/22/2010 08:26 PM, newtownz wrote:
The password stored in eDirectory is valid.
My understanding of eDirectory is that it will never let you see the actual
password
of a user, it will hash it first. Is this behavior of freeradius normal?
There is eDirectory support in the rlm_ldap module
On 07/22/2010 11:50 PM, Tom Leach wrote:
I'm currently using Freeradius v2.1.9 and I'm trying to write a
condition in the authorize section to use a different module depending
on whether Mac-auth or someother auth is being called.
In reading the wiki (http://wiki.freeradius.org/Mac-Auth) it
On 07/23/2010 09:18 AM, Lionne Stangier wrote:
You have edited the default configuration files and broken them.
You deleted eap from the authorize section, and then sent the
server and EAP request. Don't do that.
It was only a try ;)
Sadly, many people take a hatchet to the
rad_recv: Access-Request packet from host 10.10.10.254 port 58798,
id=45, length=118
User-Name = aa7f9c90
NAS-Port = 119
EAP-Message = 0x021101616130303030376639633930
Message-Authenticator = 0x4ab3cccda64e92e76dfa2a97172cebca
Acct-Session-Id =
On 08/13/2010 08:14 AM, rrperez wrote:
I have configured my Freeradius2 server to authenticate in an LDAP server
that is used by Lotus Notes.
I'm having a problem even though it bind successfully because there is no
password attribute in the LDAP server of Lotus Notes. Does it mean that
Lotus
On 08/17/2010 09:20 PM, Paul Dugas wrote:
On Tue, Aug 17, 2010 at 4:02 PM, Alan DeKokal...@deployingradius.com wrote:
If you do not have clear-text or NT hashed passwords in your LDAP
database, then *no* tool will magically make MS-CHAP work. The problem
is the method used to store the
On 24/08/10 15:19, alois blasbichler wrote:
Hello list
We use freeradius with opendlap and machine-authentification
(samba-pcs) for years with success.
Windows xp and vista clients works fine.
Now i wanted to authenticate a Windows 7 laptop and i get the
following errors :
[suffix] No such
On 08/25/2010 09:51 PM, mack ragan wrote:
Hi,
I have freeradius v2.0.5. I modified the log{} section of radiusd.conf
to send logs to syslog-ng. In syslog-ng, I filter them out to a log
collector. This seems to be working well. Now, I would like to get
detail and auth to the log collector.
On 27/08/10 13:38, Jean-Yves Avenard wrote:
You seem to miss the point that the issue occurs *only* with Win 7
clients. All other clients are fine.
Please post the debug output of freeradius, obtained by running:
radiusd -X
...for a working and failing case.
-
List
On 08/31/2010 10:23 AM, mat...@crs4.it wrote:
Hello all,
I'm trying to use Freeradius 21.1.9 EAP-TTLS with MSCHAPv2 as inner
authentication against an OpenLDAP server with crypt password
encryption scheme.
That is not possible I'm afraid. MS-CHAP requires access to the NT/LM
hashes (or
On 09/06/2010 03:00 PM, Chidanand Gangur wrote:
At present I have removed Proxy from my set up and have directly
connected my host to AD (IIS server)
This isn't a FreeRadius question. Ask on an NPS/IAS server mailing list.
But...
From distant memory, MD5 password support requires reversible
On 09/09/2010 12:59 PM, Бисер Миланов wrote:
Hello!
We have a problem with a FreeRADIUS and Active Directory (Samba4)
installation. After following:
I seems that FreeRADIUS is sending an Access-Challenge but does not
get a reply. What can be the source of the problem?
The client stops
On 09/09/2010 01:42 PM, Alan DeKok wrote:
Alan Buxey wrote:
Hi,
I seems that FreeRADIUS is sending an Access-Challenge but does not get a
reply. What can be the source of the problem?
..as per the list archives - this is a client problem. ensure that client
has the CA for the RADIUS server
On 09/11/2010 09:20 PM, Ali Majdzadeh wrote:
Edvin,
Hi
Thanks for your response. FreeRADIUS is running on Debian Lenny and
PopTop Server is running on a RedHat-based distribution.
By the way, in pptpd's logs, I mentioned the following:
/etc/radiusclient/radiusclient.conf: line 16: unrecognized
On 09/13/2010 01:44 PM, Michael Bathe wrote:
Hallo Liste,
is there any how_to or solution to interpret the ldap checkItem and
change the replyItem (I think in inner-tunnel)?
f.e.: If the checkItem match one of 'sec11', 'Sec11', 'SEC11'... the
replyItem should be set to '111'.
ldap.attrmap:
On 14/09/10 16:30, mat...@crs4.it wrote:
Hello,
I'm using Freeradius 2.1.8 on Fedora 13 with EAP-TTL and PAP with
inner authentication with OpenLDAP as backend. Everything is working
fine, but the problem is that I haven't an OpenLDAP Radius oriented,
that is there is no VLAN info in my LDIFs.
On 15/09/10 10:02, Fabien COMBERNOUS wrote:
Hi,
We use the freeradius to assigne users in the vlan. The default settings
rejects users in case of a request from an unidentified user. Instead of
this we would like assign him to a specific vlan. I don't find
information about how to do this.
On 15/09/10 12:30, Fabien COMBERNOUS wrote:
Thank you Phil for your answer.
On 15/09/2010 11:09, Phil Mayers wrote:
Are you using 802.1x or macauth?
If you are sending an access-reject, you can't assign a vlan. Reject
means give no service. You either need to send an accept with a
vlan
On 15/09/10 16:13, Fabien COMBERNOUS wrote:
We use a sql backend. Just after my sql module (in the authorise
section) i added the following bloc.
if (notfound) {
update reply {
Tunnel-Type := 13
Tunnel-Medium-Type := 6
Tunnel-Private-Group-ID := 42
}
}
When a user is unknown, the sql
On 15/09/10 16:20, Mike Diggins wrote:
Our students have returned this week, and I've noticed a couple new
messages logged to my FreeRadius 2.1.3 server. When it happens, my
controllers fail over to the secondary Radius server. This has happened
a few times. My Radius servers are only lightly
On 15/09/10 16:49, Fabien COMBERNOUS wrote:
On 15/09/2010 17:29, Phil Mayers wrote:
Please post the full debugging output.
Sigh. This is not the full debugging output. You're making it hard to
help you.
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth
[ldap] expand: dc=int-evry,dc=fr - dc=int-evry,dc=fr
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] attempting LDAP reconnection
[ldap] (re)connect to ldapdev.int-evry.fr:389, authentication 0
[ldap] bind as cn=admin,dc=int-evry,dc=fr/admldap
On 16/09/10 10:16, Eric Doutreleau wrote:
thanks for your replay
here what i did
in the ldap.attrmap i put
checkItem User-Category eduPersonPrimaryAffiliation
checkItem means put the attribute into the check/config items list.
Looking at the source code, I see that rlm_ldap can't
On 16/09/10 14:35, Klaus Laus wrote:
ok, this is the debug output:
FreeRADIUS Version 2.1.6, for host i686-pc-linux-gnu, built on Oct 27 2009 at
17:05:49
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
On 16/09/10 15:27, Mike Diggins wrote:
I am running NTLM_AUTH for mschap authentication with an MS AD at the back
end. I suppose that could be the culprit. If so, is upgrading FreeRadius
likely to resolve that (not knowing exactly what the problem is). Anything
I could configure at the
On 09/20/2010 03:44 PM, Leander S. wrote:
If your using SQL then I would simply modify the SQL querry to INSERT
everything in lower case only PLUS to SELECT everything in lowercase
only. You can simply modify those querries afaik. I just figured that as
That is not what is being asked.
The OP
On 09/20/2010 08:45 PM, Schwartz, Curtis H. (GSFC-443.0)[SGT, INC] wrote:
Edit the users file, and add the following line of text at the top,
before anything else:
testing Cleartext-Password := password
You say this, but then:
++[files] returns noop
Are you sure you edited the right
On 09/20/2010 05:29 PM, Neil Prockter wrote:
Would the KEY changing every few minutes be expected? (under
samba3.0/ad2003 it remained the same) By key I mean the output of
/usr/local/samba/bin/ntlm_auth --request-nt-key --username=bob
--challenge=deadshortbeef --nt-response=deadlongerbeef
On 22/09/10 14:15, Alan DeKok wrote:
I've put some preliminary tar files on:
http://git.freeradius.org/pre/
If there are any issues, let me know now. Otherwise we'll release
2.1.10 on Monday.
Can we squeeze one quick VSA update into dictionary.extreme:
ATTRIBUTE
On 22/09/10 15:14, Phil Mayers wrote:
On 22/09/10 14:15, Alan DeKok wrote:
I've put some preliminary tar files on:
http://git.freeradius.org/pre/
If there are any issues, let me know now. Otherwise we'll release
2.1.10 on Monday.
Can we squeeze one quick VSA update
On 09/22/2010 09:58 PM, Ziggy Bopster wrote:
Hello All.
Please help.. Any suggestions on where I should start? Thank you very
much for your help!!
You have two options:
First, create 1 instance of the ldap module. Use conditional statements
in the authorize section to do your ldap
On 23/09/10 08:23, Cameron Wood wrote:
In the clients.conf file is it possible to make custom variables and
then test for those/match them in the users file?
Yes; this came up on the list recently:
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg62699.html
-
List
On 23/09/10 15:08, Ziggy Bopster wrote:
Hi Phil,
Thank you so much for responding with your recommendations.. The Ldap
config varies only by Server IP, Base DN and password.. If I use option
If the bind DN passwords are different, you probably can't use this
option. You'll probably need 1
On 23/09/10 16:21, Ziggy Bopster wrote:
Hi Phil,
Let me look into the docs and see if I can get something setup..
If I had one SSID and wanted multiple LDAP servers search bases behind
it, should I use Option#1.. (i.e. User selects SSID Secure.. If user is
not found in LDAP search base #1,
On 24/09/10 17:18, sekchel lee wrote:
I want Multiple databases
group1 == databases1
group2 == databases 2
..
..
Please Help me
Have you read any docs? Or tried anything?
People don't like it when you ask questions but aren't willing to do any
of the work.
You will need something like
On 09/26/2010 03:08 AM, Cameron Wood wrote:
Thank you Alan B Alan D for your comments, and I'll make sure to
include the full, complete debug output log in future.
I don't think the logic of my example has changed since my earlier post,
but I admittedly have tried encasing it in %{...} and
On 09/26/2010 11:47 AM, Cameron Wood wrote:
I'm still completely stumped though why I can't get any joy from my
comparisons using the following IF statement
if (Group-Name == 'net_su') {
update control {
Tmp-String-2 := 'net_su'
On 09/27/2010 01:09 AM, Cameron Wood wrote:
Are we talking about Group-Name (which is implemented by the unix
module and comes from /etc/group) or Ldap-Group (which is
implemented by the ldap module and comes from ldap lookups)?
Both implement their own == hooks so the same
On 27/09/10 11:44, Cameron Wood wrote:
groupname_attribute = cn
groupmembership_filter =
(|((objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))((objectClass=posixGroup)(memberUid=%{control:Ldap-UserDN}))
groupmembership_attribute = radiusGroupName
Attached is a debug
On 10/02/2010 10:07 AM, Brian Candler wrote:
Hello, I'm using freeradius 2.1.7.
I would like to know if there's a simple way, within a users file, to
*replace* the entire set of reply attributes with some others. For example,
I don't think so.
My current solution is very messy, using two
On 10/02/2010 11:05 AM, Brian Candler wrote:
Why don't you just do whatever if() logic before adding the attributes?
It's complicated :-)
Partly it's policy. We configure as much of this logic in users files as
possible, because they can be updated without needing to restart radiusd.
The
This:
WARNING: Found User-Password ==
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See man rlm_pap for more information.
[files] users: Matched entry DEFAULT at line 2
++[files] returns ok
Causes this:
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No
On 08/10/10 10:36, Klaus Ethgen wrote:
Hello newsgroup, hello Alan DeKok,
I tried to solve my problem with Daniel Bertolo from Switch but was not
success, so he told me to ask here.
I want to configure a virtual server that always return ok to be used as
probe for a load balancer (Cisco ACE).
On 08/10/10 11:28, Johan Meiring wrote:
Hi,
I have a freeradius setup generating COA successfully (when neccesary) after
receiving accounting packets.
This works well.
Now I want to also make Freeradius generate a COA by some other means.
e.g. a tech support guy clicking disconnect on a web
On 08/10/10 14:24, Mark Holmes wrote:
and I see the server returns Access-Accept.
Firstly, don't set Auth-Type. It's almost always the wrong thing to do.
Secondly, this is just testing PAP i.e. plain username/password auth.
Wireless typically uses 802.1x via EAP.
I then configure
On 08/10/10 16:03, Tim Sylvester wrote:
Now I want to also make Freeradius generate a COA by some other
means.
e.g. a tech support guy clicking disconnect on a web page.
I.e. I want to somehow trigger a coa that is not caused by an
update coa
{} block, but by some external trigger.
Is
On 11/10/10 11:22, c.schw...@funknetz.at wrote:
Hi,
I would like to achieve some kind of a tracking system for 802.11
wireless clients, therefore every login attempt should be accepted and
the necessary information (e.g. nas-ip-address, calling-station-id)
should be stored in an extra database
On 09/10/10 15:01, Garber, Neal wrote:
Thanks to a lot of work by Phil Mayers, the server now has support for
Microsoft SoH in PEAP, normal RADIUS (MS VPN gateway), and in DHCP.
Wow! That *must* have been a lot of work! Thank you Phil.
Does this mean FreeRADIUS can now act as a Health
On 11/10/10 13:24, Alan DeKok wrote:
Phil Mayers wrote:
I've tested it with WinXP SP3, Vista and Win7. There is one compile fix
needed which must have snuck through (attached)
I deleted all references to the REQUEST structure from src/lib/soh.c.
The library functions are for clients
On 11/10/10 16:23, Alan DeKok wrote:
Phil Mayers wrote:
Ok, the attached should be more sane
Debug messages shouldn't have \n. The log function adds the \n
itself.
Yeah - that's in 0004-*.patch (I noticed it when using the excellent
raddebug to test that the SoH stuff appeared)
-
List
On 10/11/2010 10:14 PM, James J J Hooper wrote:
Hi Phil, Alan,
http://msdn.microsoft.com/en-us/library/cc251376%28v=PROT.10%29.aspx
- Independent of the above states, the last bit of the third byte of the
AU ClientStatusCode can take the value of 1 if the AU settings on the
client are
On 12/10/10 11:11, Alan DeKok wrote:
Phil Mayers wrote:
Yeah - that's in 0004-*.patch (I noticed it when using the excellent
raddebug to test that the SoH stuff appeared)
OK... the patch doesn't apply, and adding/deleting the \n is
Rats. Sorry about that.
awkward. I'll make a few
On 12/10/10 16:31, Mathew Rowley wrote:
Ah, I was misunderstanding the proxy functionality. I thought it was
only used for proxying radius requests to other radius servers.
I was having a problem with configuring the users file. Why will this
set Auth-Type:
DEFAULT Realm == realm, Auth-Type :=
On 12/10/10 16:06, Mark Holmes wrote:
Hi all,
Currently when users connect to our WLAN they enter their username thus:-
firstname.lastn...@mydomain.ox.ac.uk
Is there a way I can strip everything after the @ out (ie the domain) - so they
are forced to authenticate against the domain I
.
(Is there an equivalent of debug_pair_list outputting via
request-radlog?)
If you can redo the debug patches, I'll put them in. Or maybe I
should just give you direct git access...
Gulp!
From 43dd97600c5bb3f497e7948e404d7f0147e4f435 Mon Sep 17 00:00:00 2001
From: Phil Mayers p.may
On 13/10/10 11:55, Mark Holmes wrote:
Thanks Phil.
Final question: At the moment, I can authenticate with username, but not with
usern...@mydomain.ox.ac.uk
How do I tell freeradius to accept usern...@mydomain.ox.ac.uk (I don't mind if
authenticating with just username without the domain
On 13/10/10 13:27, Alexander Clouter wrote:
Phil Mayersp.may...@imperial.ac.uk wrote:
Anyway, as always - if it's failing, please post the full debug output i.e.:
radiusd -X | tee log
...I am pretty sure that is meant to be:
radiusd -X 21 | tee log
I thought freeradius printed to STDERR?
On 13/10/10 14:40, Harry Hoffman wrote:
Hi Alan,
Thanks for the help! This works well and lessens the confusion on my
part.
I do have one question. When using ldap as the authorization module the
Auth-Type gets set properly to siteone_ldap. But if I try using
That's a feature of the ldap
On 13/10/10 15:17, Harry Hoffman wrote:
Hi Phil,
Thanks for the pointers. I was attempting to use ntlm_auth to ensure the
account actually existed for the authorization section. And then again
in the authentication section to ensure the user name and password
match.
But that's not what you're
On 10/15/2010 08:06 AM, Langen Mike wrote:
Hi there.
I’ve got the problem that I want to combine active directory
authentication with mac address verification. So only user can log in
which hardware is listed in a text file or similar.
In the whole world wide web I didn’t find a hint how to
On 15/10/10 10:13, Langen Mike wrote:
Hi Phil.
Thank you for your quick answer. That's exactly, what I need. Where
do you get this information? It's really hard to retrieve usable
information from wiki.freeradius.org...
Mainly accumulated knowledge.
Is there a good resource for this kind
On 10/18/2010 05:05 PM, Zietz, Marco wrote:
I am curious if somebody could share information how to get FR as DHCP
with option 82 authentication up and running. Couldn't find much
information in provided sample files and on the net. My own experiments
with auth configs were not particularly
On 10/18/2010 06:07 PM, Stephane MAGAND wrote:
but when the user connect, that's don't work ...
See the FAQ for it doesn't work.
Second question: I use sqlippool for dynamic IP, if i want specify a IP
to a username (static) what is the process ? create a specific group ?
You can assign
On 10/18/2010 06:51 PM, Stephane MAGAND wrote:
2010/10/18 Phil Mayersp.may...@imperial.ac.uk:
On 10/18/2010 06:07 PM, Stephane MAGAND wrote:
but when the user connect, that's don't work ...
See the FAQ for it doesn't work.
I meant literally the FAQ item It still doesn't work, which
On 10/19/2010 10:37 PM, Cannady, Mike wrote:
Our AD (2003) setup has the domain name as htc.com. The pre-windows
2000 domain name is HORRY.
Uh oh. Then I think you're going to have problems. ntlm_auth when it
expands %{mschap:NT-Domain} assumes that the username will be of the form:
On 20/10/10 12:22, Chidanand Gangur wrote:
Hi,
I have following setup
where windows host is connected to Cisco 2960 which is connected to
Microsoft AD via RADIUS proxy
Windows host (XP SP3) - Cisco 2960 - freeRADIUS proxy (2.1.10) -
Microsoft AD (2003)
In the above setup user
On 10/21/2010 03:34 AM, ichiro tanaka wrote:
Hi.
i have a problem proxy.
Proxying to auth-server, and NAS-IP-Address was automatically added by proxy.
can I stop it?
It was probably added by the preprocess module, if memory serves.
Why would you want to stop it?
If you do, just remove the
On 10/20/2010 10:59 PM, Rowley, Mathew wrote:
I was able to configure FreeRadius/AD differently than most tutorials
– just using Kerberos as an authentication mechanism (sorry for any
weird formatting, coming from a wiki):
(For the archives)
The reason it's different than most tutorials, to
On 10/21/2010 08:55 AM, Chidanand Gangur wrote:
I have collected logs for full session of host authentication, log is
pasted below.
As mentioned in my previous mail I just want to proxy the host
authentication request to the home server, is it possible?
You didn't mention that in your
On 21/10/10 10:54, Chidanand Gangur wrote:
Thanks Phil, thanks a lot
It worked. I have multiple home servers configured so I am using your
logic like this
Excellent, glad to hear you solved it.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 21/10/10 15:50, Rowley, Mathew wrote:
Ah, that is true. I never though that deeply into it, and only did a POC.
Is the downfall of doing things this way that passwords must be sent in
the clear?
Not really. The User-Password radius field is encrypted with the
shared secret, which is
On 10/21/2010 06:40 PM, Rowley, Mathew wrote:
I am kind of confused - one of our use cases is having our wireless
infrastructure authenticating through freeradius and in the end AD. Why
would it matter that freeradius uses rlm_krb5? Wouldn¹t it look something
like:
On 10/21/2010 08:52 PM, mark.le...@stfc.ac.uk wrote:
I don't know whether the problem lies with me (for allowing a backslash
in the password in the first place) the NAS for appearing to 'escape'
the backslash (with a backslash)
rlm_ldap accesses the raw string value of the request-password
On 10/21/2010 10:27 PM, Phil Mayers wrote:
On 10/21/2010 08:52 PM, mark.le...@stfc.ac.uk wrote:
I don't know whether the problem lies with me (for allowing a backslash
in the password in the first place) the NAS for appearing to 'escape'
the backslash (with a backslash)
rlm_ldap accesses
On 10/21/2010 10:40 PM, Ramzi Abdallah wrote:
I have configured freeradius version 2.1.9 with mySQL backend and Active
Directory integration (NTLM) for the purpose of using it to authenticate
users against firewall protected policies.
So far it’s all working. When a user hits a firewall
On 10/22/2010 07:12 AM, Ramzi Abdallah wrote:
exactly right the firewall is prompting the user to authenticate using
its internal captive portal page.
... requires authentication. now instead of authenticating via the
firewall captive portal I want to use NTLM to check is the user is
already
On 25/10/10 04:06, Xiaochen wrote:
Hi all,
I am using Fedora 12 and Freeradius 1.2.9 to do some COA test.
When AAA sends Disconnect-request to my AGW, the AGW reply with a
Disconnect-ACK, and my MS disconnects.
But the rad_verify says:
1 - 100 of 1979 matches
Mail list logo