RE: Grant access for all users before login
snowman5840 wrote: Garber, Neal-2 wrote: Use machine authentication (if wireless, use automatic connect). - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Ok that means i must install the certificate (ca.der) on the client. And what else i have to do that the client perform an machine authentication before the user logins? is it neccessary to change some freeradius configuration parameters? Ok machine authentication works now with computer name from samba. i can assign vlans also. The switch port appears as up, BUT i can't ping the machine und i can't login with new users that never before use this machine (no local user account). Why i doesn't get network access after successful machine authentification!? -- View this message in context: http://freeradius.1045715.n5.nabble.com/Grant-access-for-all-users-before-login-tp3285753p3287309.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Grant access for all users before login
Ok machine authentication works now with computer name from samba. i can assign vlans also. The switch port appears as up, BUT i can't ping the machine und i can't login with new users that never before use this machine (no local useraccount). Why i doesn't get network access after successful machine authentification!? If your authentication is successful and you're sure the port is being put in the correct VLAN, then you should use standard network troubleshooting techniques. Not that it's in scope for this list, but here are some thought starters: - Does the device have an IP address? - If so, is it in the VLAN you expected? - Are the network mask and default gateway correct? - Can you ping the switch to which you are connected? - When you ping the switch, do you get an ARP response? - Are there ACL's or firewalls that might be blocking traffic to other networks? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Grant access for all users before login
When a user gets his login prompt, no access to the network is allowed because they first get access when they login and freeradius can perform an ldap check with the username. But when a new user wants to login or the user uses an different computer, the user dosen't exist on this machine - so they can't login - no network connection -can't load profile - no local user. Use machine authentication (if wireless, use automatic connect). - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Grant access for all users before login
Garber, Neal-2 wrote: When a user gets his login prompt, no access to the network is allowed because they first get access when they login and freeradius can perform an ldap check with the username. But when a new user wants to login or the user uses an different computer, the user dosen't exist on this machine - so they can't login - no network connection -can't load profile - no local user. Use machine authentication (if wireless, use automatic connect). - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Ok that means i must install the certificate (ca.der) on the client. And what else i have to do that the client perform an machine authentication before the user logins? is it neccessary to change some freeradius configuration parameters? -- View this message in context: http://freeradius.1045715.n5.nabble.com/Grant-access-for-all-users-before-login-tp3285753p3286631.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html