Hi,
I have an exec script that I want to run when authenticating a user.
The script takes in the username.
I want to run the script both for PEAP authentications and PAP authentications.
The problem I have is that if I put the exec in the inner-tunnel
post-auth section it will work fine for the
On 07/03/11 10:10, paul smith wrote:
Is there some way I can tell the server not to run things in the
default post-auth, if the request has been through the inner-tunnel?
I'm thinking putting something like the following in the default
post-auth section
if (!proxy-reply:Packet-Type ==
Thanks Phil, thats great works really well.
It has set me thinking about a variation though, using EAP-Message
would mean that it wouldn't run if it had been through the default
only, such as EAP-TLS.
Is there something else I could use which would indicate if
inner-tunnel had been used?
thanks,
Dear All ,
I am upgrading from 1.1.7 To 2.1.10
I am using Exec-Program-Wait to run a script
In the old ver, I can find the out put of my script in reply-detail log ,
But in the new ver. I Only find the attribute
Exec-Program-Wait = /usr/bin/php /var/www/html/check.php testuser 1
but i need all
On 07/03/11 12:18, paul smith wrote:
Thanks Phil, thats great works really well.
It has set me thinking about a variation though, using EAP-Message
would mean that it wouldn't run if it had been through the default
only, such as EAP-TLS.
Is there something else I could use which would indicate
Hello list,just another guy with the duplicate client problem.I got a service running, allowing customers to add their DSL-linesand use my freeradius to authenticate.It works fine, so far, but there is one problem :When a user adds his hardware using a dynamic IP from a special dyndns-service, it
Hi,
i'd like to specify my auth-policies using the rlm_policy module (since i like
it's obvious flexibility and the cleanness of it's policy syntax and because i
wasn't able to solve some particular problems with rlm_files) but there's one
big problem left:
until now i've been using the
On 07/03/11 16:25, Thomas Wunder wrote:
Hi, i'd like to specify my auth-policies using the rlm_policy module
(since i like it's obvious flexibility and the cleanness of it's
policy syntax and because i wasn't able to solve some particular
problems with rlm_files) but there's one big problem
Yes I understand and agree..
However in this environment I think we'll be ok.
Thanks
--Guy
On 6 Mar 2011, at 19:22, Alan Buxey wrote:
Hi,
I changed default_eap_type=md5 to default_eap_type=ttls and now the
Macs are able to authenticate without Certs or any configuration on their
Hi all,
I now have FreeRadius granting access and using LDAP for username and password
information.
My next challenge, using the same Radius and LDAP server I would like to grant
different users access via different NAS clients.
eg in LDAP I would have:
uid=guy
services: VPN
services: WiFi
I changed default_eap_type=md5 to default_eap_type=ttls and now the
Macs are able to authenticate without Certs or any configuration on their
side!!
...remember though that working != secure [necessarily]. Clients defaulting
to accept any radius server cert, or those that default to prompt the
Hi,
1) It validates the server cert to assure it's signed by a CA it trusts
(possibly via a cert chain).
2) It then validates the certificate subject to make sure the server it
thought it was connecting to appears in the certificate (either as the
certificate subject or one of the
On Mar 7, 2011, at 3:57 PM, Alan Buxey wrote:
Hi,
1) It validates the server cert to assure it's signed by a CA it trusts
(possibly via a cert chain).
2) It then validates the certificate subject to make sure the server it
thought it was connecting to appears in the certificate
On 07/03/2011 21:42, John Dennis wrote:
I changed default_eap_type=md5 to default_eap_type=ttls and now the
Macs are able to authenticate without Certs or any configuration on their
side!!
...remember though that working != secure [necessarily]. Clients defaulting
to accept any radius server
On Mar 7, 2011, at 4:03 PM, Arran Cudbard-Bell wrote:
On Mar 7, 2011, at 3:57 PM, Alan Buxey wrote:
Hi,
1) It validates the server cert to assure it's signed by a CA it trusts
(possibly via a cert chain).
2) It then validates the certificate subject to make sure the server it
On Mar 7, 2011, at 4:05 PM, James J J Hooper wrote:
On 07/03/2011 21:42, John Dennis wrote:
I changed default_eap_type=md5 to default_eap_type=ttls and now the
Macs are able to authenticate without Certs or any configuration on their
side!!
...remember though that working != secure
On 07/03/2011 22:18, Arran Cudbard-Bell wrote:
On Mar 7, 2011, at 4:05 PM, James J J Hooper wrote:
On 07/03/2011 21:42, John Dennis wrote:
I changed default_eap_type=md5 to default_eap_type=ttls and now the
Macs are able to authenticate without Certs or any configuration on their
side!!
Guy g...@britewhite.net wrote:
I now have FreeRadius granting access and using LDAP for username and
password information.
My next challenge, using the same Radius and LDAP server I would like
to grant different users access via different NAS clients.
eg in LDAP I would have:
So
Still not sure what file is tweaking this. I ended up copying the entire
/raddb dir from ServerB to ServerA to get the same exact behavior. Prior to
that I tried.
Replicating (copying the file via ftp): radiusd.conf, users, default,
inner-tunnel, radiusd, ... maybe more.
I also
Thats perfect, thanks phil, many thanks for the help.
On Mon, Mar 7, 2011 at 1:19 PM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 07/03/11 12:18, paul smith wrote:
Thanks Phil, thats great works really well.
It has set me thinking about a variation though, using EAP-Message
would mean
John Dennis jden...@redhat.com writes:
So why does this group think PKI doesn't work?
PKI works. gnupg is an example of that.
SSL doesn't work. Faulty design: Single trust anchor, black or white
trust only, and large commercial interests are all reasons for that.
Bjørn
-
List
21 matches
Mail list logo