On 09-10-12 17:02, Alan DeKok wrote:
Koenraad Lelong wrote:
Is there a document that I consult so I know what to look for if I want
more than just authentication with radius ?
See the NAS vendor documentation.
Then I hope the vendor makes available that documentation. At the moment
I'm
Hello,
i have got a realy annoing authentification problem and i would be glad if
you could help me.
I use a Cisco Aironet 1130ag Access Point, the radius-server is a Debian
Squeeze (6.0.5) and i installed FreeRadius Version 2.1.10 from the packet
sources.
After i made some changes to the
Thank you very much Alan,
for the thorough and concise explanation (it's working!), as well as for
the great job you're doing.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I´am trying to create a php OTP script with challenge reponse.
echo Reply-Message += \Enter SMS\,\n;
echo State += \$random\,\n;
echo Response-Packet-Type = \Access-Challenge\,\n;
exit(4);
Reply and State gets sent to the client. But I can´t seem to get challenge
response to work.
Has anyone
1 there is no such word as authentification, its just 'authentication'
2 your client is trying to do EAP-TLS
3 check FreeRADIUS compatability matrix because when you do use eg PEAP (and
have the CA cert on the client, the MSCHAPv2 will only work with passwords from
LDAP in certain formats
On 10/11/2012 09:23 AM, Thomas Raabo - Zitcom A/S wrote:
I´am trying to create a php OTP script with challenge reponse.
echo Reply-Message += \Enter SMS\,\n;
echo State += \$random\,\n;
echo Response-Packet-Type = \Access-Challenge\,\n;
I think that needs to be a control item, not a reply
Thats seems like a way to go.
But your right... Its very hard to find documentation on this topic.
Changed it and now
It seems that update check I checket way before th script.
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing SHA-Password from hex
Hi,
I'm currently using FreeRadius to control access to our wifi network with
PEAP-TLS, and authenticating users against their AD accounts. I now need to
somehow additionally restrict the users wifi access to only the machines
that are joined to the Windows domain, and not phones, ipads, etc, and
On 11/10/12 10:57, Thomas Raabo - Zitcom A/S wrote:
Thats seems like a way to go.
But your right... Its very hard to find documentation on this topic.
Sure. The assumption is that Access-Challenge methods are generated by
auth method code in rlm. It's a testament to how flexible the server
On 11/10/12 11:03, Bryce Mackintosh wrote:
Hi,
I'm currently using FreeRadius to control access to our wifi network
with PEAP-TLS, and authenticating users against their AD accounts. I now
need to somehow additionally restrict the users wifi access to only the
machines that are joined to the
How do you change the order it phil?
Med venlig hilsen | Best regards
Thomas Raabo
Senior Network Engineer CCIE #33466
_
t...@zitcom.dk | Direkte: +45 69 10 60 18 | Tlf.: +45 70 23 55 66
-Oprindelig meddelelse-
Fra:
On 11/10/12 11:53, Thomas Raabo - Zitcom A/S wrote:
How do you change the order it phil?
You type things in the right order.
As per my original email, do this:
authorize {
...
YOUR_EXEC_MODULE
if (updated) {
...
}
...
}
-
List info/subscribe/unsubscribe? See
Hi,
we're using FR 2.0 for our machine authentication for XP to Win7 with
EAP-TLS. Everything is working so far, but I noticed a difference
between authenticating via WLAN and LAN, which starts to be a problem
for us now. If I make a auth via LAN the provided username ist
hostname, if I do
On 11 October 2012 11:45, Phil Mayers p.may...@imperial.ac.uk wrote:
On 11/10/12 11:03, Bryce Mackintosh wrote:
Hi,
I'm currently using FreeRadius to control access to our wifi network
with PEAP-TLS, and authenticating users against their AD accounts. I now
need to somehow additionally
Koenraad Lelong wrote:
Then I hope the vendor makes available that documentation.
Good luck. A lot of vendors are pretty bad with documentation.
Bottom line, I need to ask the vendor : I need this and this feature,
are those features supported by Freeradius ?
FreeRADIUS supports
Alexandros Gougousoudis wrote:
we're using FR 2.0 for our machine authentication for XP to Win7 with
EAP-TLS. Everything is working so far, but I noticed a difference
between authenticating via WLAN and LAN, which starts to be a problem
for us now. If I make a auth via LAN the provided
Bryce Mackintosh wrote:
I'm currently using FreeRadius to control access to our wifi network
with PEAP-TLS, and authenticating users against their AD accounts. I now
need to somehow additionally restrict the users wifi access to only the
machines that are joined to the Windows domain, and not
Thanks phil...
I´am close now.
The only thing missing to getting this workin is getting the state number to
the script.
On the second run after the challenge I don't get the state number passed..
++[logintime] returns noop
[pap] Normalizing SHA-Password from hex encoding
[pap] WARNING:
Thomas Raabo - Zitcom A/S wrote:
The only thing missing to getting this workin is getting the state number to
the script.
...
[ZOTP] expand: %{reply:State} -
Are you sure it's in the reply?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ups. The output was copy-pasted wrong.
Med venlig hilsen | Best regards
Thomas Raabo
Senior Network Engineer CCIE #33466
_
t...@zitcom.dk | Direkte: +45 69 10 60 18 | Tlf.: +45 70 23 55 66
-Oprindelig meddelelse-
Fra:
Ignore My stupidity.
I figured it out...
I'll make a wiki and make my script public
Med venlig hilsen | Best regards
Thomas Raabo
Senior Network Engineer CCIE #33466
_
t...@zitcom.dk | Direkte: +45 69 10 60 18 | Tlf.: +45 70 23 55 66
Hi Alan,
thanks for your reply!
Alan DeKok schrieb:
host/ as a realm for our Radsecproxy, I'd like to change the
behauviour for the authentication via LAN and add a string to the
hostname
Don't. You will break EAP.
That's not clear. Why would that break EAP if the workstations
I'm sorry, I don't have time right now to help you, but you are on the
right track. Windows has a feature Machine Authentication where the
station authenticates (using the $hostname and a secret credential
created at domain join) with a Domain controller before the user login.
On an
On 11/10/12 12:55, Bryce Mackintosh wrote:
Okay, ignoring how I currently have things setup, how would other people
go about controlling the users and devices on a wifi network by means of
802.1x, freeradius using AD for authentication and Win XP Pro SP3
We don't bother. It's not obvious why
On 11/10/12 12:43, Alexandros Gougousoudis wrote:
Hi,
we're using FR 2.0 for our machine authentication for XP to Win7 with
EAP-TLS. Everything is working so far, but I noticed a difference
between authenticating via WLAN and LAN, which starts to be a problem
for us now. If I make a auth via
Alexandros Gougousoudis wrote:
That's not clear. Why would that break EAP if the workstations are
sending a different Login?
You said you wanted to add a string to hostname. Don't do that.
Editing it in FreeRADIUS will break things.
It already does, depending on LAN or WLAN
Logins. I
For a certain use-case of mine, I need to connect to the Active
Directory Global Catalog port of 3268 and do a search with a BaseDN of
. What is the correct way to do this with FreeRADIUS?
The solution I have come up with is to change the LDAP xlat function to
not escape any spaces, which allows
On 11/10/12 15:13, Walter Huf wrote:
For a certain use-case of mine, I need to connect to the Active
Directory Global Catalog port of 3268 and do a search with a BaseDN of
. What is the correct way to do this with FreeRADIUS?
Why doesn't it work if you just use an empty string? From the code,
On 11/10/12 16:23, Hocine M wrote:
Hi,
First apologize my english, j'm french.
No problem.
i don't use the default virtual server, i only use one
filel3_wifi_peap (where i use sql_auth for auth and sql_acct for
accounting)
Your config is broken:
+- entering group authorize {...}
On 11 October 2012 14:48, Phil Mayers p.may...@imperial.ac.uk wrote:
On 11/10/12 12:55, Bryce Mackintosh wrote:
Okay, ignoring how I currently have things setup, how would other people
go about controlling the users and devices on a wifi network by means of
802.1x, freeradius using AD for
Hi all,
I'm deploying a WiFi proxy center with FreeRadius now, therefore I need
detailed auth/acct log records for statistical purpose.
While default format of detail log cannot satisfy my goal there, so is there
any way to define my own customized format of auth/acct log file?
for example, for
31 matches
Mail list logo