sgilmour wrote:
My Question is on my PC's Winows 7 and Windows XP clients. How do I get my
user to work in a domain environment with PEAP and EAP-TLS so that I don't
need to manually login with my client. This would be the preferred way for
us to authenticate to the network. This is how we
Hi all! I've found, that our NAS-server sometimes (when it restarts
and there are many auth. packets comes to the radius-server) re-uses
port and ID in a 1 second period. (information from tcpdump)
That causes conflicting packet from client. I think, that the NAS
works wrong (it must
On Wed, Jul 13, 2011 at 1:54 PM, Konstantin Chekushin ko...@inbox.lv wrote:
Hi all! I've found, that our NAS-server sometimes (when it restarts and
there are many auth. packets comes to the radius-server) re-uses port and ID
in a 1 second period. (information from tcpdump) That causes
Hi,
I had to uncheck validate certificates on the client. I also had to uncheck
use logon on username and password so it would ask me for the credentials.
The server does not like when the client sends domain info. On the server
side I had to change the users file so it doesn't include the
Konstantin Chekushin wrote:
Hi all! I've found, that our NAS-server sometimes (when it restarts and
there are many auth. packets comes to the radius-server) re-uses port
and ID in a 1 second period. (information from tcpdump) That causes
conflicting packet from client.
It's OK to re-use
Nick Kartsioukas lists.freerad...@change.nightwind.net wrote:
Thanks for the hints! I think I've got my eap.conf set up as I need it.
After some errors from freeradius and further document exploration, it
looks like what I need for the authorize section is this:
Yes, but we just have got the problem, so, the source of the problem
may be in other place...
I've look through the sniffer file and found, this strange sequence:
...
31:05 access-request (port 65025, id 229) (Authenticator1)
31:10 access-accept (port 65025, id 229)
31:10
On Wed, Jul 13, 2011 at 4:14 PM, Konstantin Chekushin ko...@inbox.lv wrote:
Yes, but we just have got the problem, so, the source of the problem may be
in other place...
There's an analogy I sometime use to explain things like this to my coworkers:
You're driving a new car. Not far from the
Dear Community,
I want to use SQL to send different Attributes of the same groupname
based on NAS-IP-Address.
for example
1024DL_512UL is the name of my group in sql. I want to send different
Attributes based on NAS IP 2.2.2.2 and Different attributes for same
group when NAS IP is 6.6.6.6
Any
I just want to make sure I understand this. The only way is to be able to
login to my PC with a Domain is to incorporate freeradius with an Active
Directory server. There isn't a way to do this without using Active
Directory and to have freeradius do this independantly?
--
View this message in
This looks to be very much like what you're after.
http://wiki.freeradius.org/SQL%20Huntgroup%20HOWTO
-Jacob
On 13 Jul 2011, at 06:56, Waqas Toor wrote:
Dear Community,
I want to use SQL to send different Attributes of the same groupname
based on NAS-IP-Address.
for example
1024DL_512UL
On Wed, 13 Jul 2011 09:33 +0100, Alexander Clouter
a...@digriz.org.uk wrote:
I would *strongly* recommend you run just one SSID and use VLAN
assignment in post-auth to
The huge advantage is that *every* user at your organisation can follow
the same instructions to connect to the wireless
On 07/13/2011 04:20 PM, sgilmour wrote:
I just want to make sure I understand this. The only way is to be able to
login to my PC with a Domain is to incorporate freeradius with an Active
Directory server. There isn't a way to do this without using Active
Directory and to have freeradius do
sgilmour wrote:
I just want to make sure I understand this. The only way is to be able to
login to my PC with a Domain is to incorporate freeradius with an Active
Directory server. There isn't a way to do this without using Active
Directory and to have freeradius do this independantly?
If
On Wed, 13 Jul 2011 08:20 -0700, sgilmour sgilm...@enterasys.com
wrote:
I just want to make sure I understand this. The only way is to be able to
login to my PC with a Domain is to incorporate freeradius with an Active
Directory server. There isn't a way to do this without using Active
On 2011/07/13 05:49 PM, Phil Mayers wrote:
To login with domain credentials, FreeRADIUS must be able to check domain
credentials.
To check domain credentials, FreeRADIUS must be able to talk to Samba as a
domain member.
-
Just for interest sake...
We use a lot of Samba Domain Controllers
Hi,
I have a little problem.
I have two devices within the same huntgroup, but i get in trouble with one of
them.
Both are Cisco Nexus, but there is one difference:
The working one has NXOS 5.x, the one that is not working as expected NXOS 4.x
Why is the right line in the users file found for
Nick,
I will take a look.
Thanks
Scott
From: Nick Kartsioukas [via FreeRadius]
[mailto:ml-node+4583281-225081943-107...@n5.nabble.com]
Sent: Wednesday, July 13, 2011 12:31 PM
To: Gilmour, Scott
Subject: Re: How to setup Freeradius in a Domain
On Wed, 13 Jul 2011 08:20 -0700, sgilmour [hidden
On 07/13/2011 05:40 PM, Johan Meiring wrote:
Just for interest sake...
We use a lot of Samba Domain Controllers (samba3, NT4 style domain)
I should have been more precise: my comments apply to Microsoft domain
controllers.
If you are using Samba as your domain controllers, then you have
On Jul 13, 2011, at 5:20 PM, sgilmour wrote:
I just want to make sure I understand this. The only way is to be able to
login to my PC with a Domain is to incorporate freeradius with an Active
Directory server.
No as the others have said, unless you're looking to qualify a username using
On Jul 13, 2011, at 5:12 PM, Jacob Dawson wrote:
This looks to be very much like what you're after.
http://wiki.freeradius.org/SQL%20Huntgroup%20HOWTO
Yes, there's even an example.
* Create multiple groups, each group mapping to a different set of reply
attributes.
* Add different
Hi
I'm currently setting up a radius server to authenticate EAP based requests
against Active Directory.
Using Alan Dekok's guide I've got this authenticating mschap based EAP requests
successfully.
I also want to authenticate ttls/pap requests and I've found two ways to do
this that seem to
On 07/13/2011 06:04 PM, Axford M.F. wrote:
Hi
I'm currently setting up a radius server to authenticate EAP based requests
against Active Directory.
Using Alan Dekok's guide I've got this authenticating mschap based EAP requests
successfully.
I also want to authenticate ttls/pap requests and
On 07/13/2011 05:40 PM, jan.gnep...@t-systems.com wrote:
Access Reject (3), id: 0x17, Authenticator: 436530c99d29615e3a35aa878275a97d
Is it possible that this causes my problem?
No, this is just due to checksum offload. Ignore it.
Jan
Huntgroups:
nexus
Thanks for everyones help. I will follow the
http://deployingradius.com/documents/configuration/active_directory.html
Looks like all I need to do is setup the samba, and the ntml_auth file and I
should be all set.
I should be able to setup the smb.conf file so it will work with both my
2003 and
So, one of my last things here is making sure I can get at the stripped
usernames for my domain users, as they're authorized by their stripped name,
not the name w/ which they're authenticating. Forex, if I'm using my AD
credentials to log in, User-Name = hokies\dawson, but I'm authorized for
Hello
I have three Linksys Wireless Routers:
WRT160N
WRT110
WRT360 - Now I'm not sure of the model
With them, users connect to my network using WIFI using a password exchange.
I would like to change this pattern, I wondered if configuration is
possible to perform Authentication,
27 matches
Mail list logo
