On 07/04/2013 04:35 AM, Patrick Gawthorne wrote:
update request {
Class = “%{Ldap-Group}”
}
You can't do that, because Ldap-Group is not a real attribute with a
value; it's a virtual attribute, which you compare against (think about
it - you can be in 1 group)
You would
On 4 Jul 2013, at 08:22, Phil Mayers p.may...@imperial.ac.uk wrote:
On 07/04/2013 04:35 AM, Patrick Gawthorne wrote:
update request {
Class = “%{Ldap-Group}”
}
You can't do that, because Ldap-Group is not a real attribute with a value;
You can do:
update reply {
Hi,
I'm experimenting with a system involving an access-challenge to a
NAS. It works fine with FR so far on, say, the cisco ipsec vpn client,
which waits a long time until timing out waiting for user input. I'd
like to also discover how other NAS's behave using this and have found
the timeout on
On 04/07/13 11:00, Franks Andy (RLZ) IT Systems Engineer wrote:
Hi,
I’m experimenting with a system involving an access-challenge to a
NAS. It works fine with FR so far on, say, the cisco ipsec vpn client,
which waits a long time until timing out waiting for user input. I’d
like to also
Hi,
waits a long time until timing out waiting for user input. I'd like to
also discover how other NAS's behave using this and have found the timeout
on a particular cisco 1131 access point to be quite short.
most NAS devices have configurable options for their RADIUS/EAP timers.
Hello!
We have a Cisco Wireless Controller 5508 with Aironet 1041 APs.
To make the AP authenticate with RADIUS we need to set the following
command manually in the AP:
- radius-server vsa send
Which as explained by cisco does the following:
Command
Purpose
Router(config)#
Gustavo Vieira Oliveira wrote:
We have a Cisco Wireless Controller 5508 with Aironet 1041 APs.
To make the AP authenticate with RADIUS we need to set the following
command manually in the AP:
This isn't a Cisco support list.
The thing is, the APs can only authenticate if this command is
On 4 Jul 2013, at 13:12, Gustavo Vieira Oliveira gusta...@sc.senai.br wrote:
Hello!
We have a Cisco Wireless Controller 5508 with Aironet 1041 APs.
To make the AP authenticate with RADIUS we need to set the following command
manually in the AP:
- radius-server vsa send
Which as
Hi,
This isn't a FreeRADIUS issue, and shouldn't really be on this
list.
However -
On Thu, Jul 04, 2013 at 09:12:40AM -0300, Gustavo Vieira Oliveira wrote:
We have a Cisco Wireless Controller 5508 with Aironet 1041 APs.
We have the same, authenticating against FreeRADIUS.
To make the AP
Yeah, i'm not saying it's a problem with RADIUS.
I'm just asking trying to understand why it's happening and if there may
be any workaround for this.
Matthew, we have some remote places that we chose to authenticate
locally with Radius.
I'm guessing the configuration (radius-server vsa
Quoting Phil Mayers p.may...@imperial.ac.uk:
On 04/07/13 11:00, Franks Andy (RLZ) IT Systems Engineer wrote:
Hi,
Session-timeout and Idle-timeout are attributes mentioned by the cisco
docs but neither of these seem to be what I'm after.
Neither are relevant; they're for established
Those are VSA that you are getting from the NAS. You're WiFi kit is centrally
managed so config is pushed from the controller
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 04/07/13 14:34, David Mitton wrote:
Quoting Phil Mayers p.may...@imperial.ac.uk:
On 04/07/13 11:00, Franks Andy (RLZ) IT Systems Engineer wrote:
Hi,
Session-timeout and Idle-timeout are attributes mentioned by the cisco
docs but neither of these seem to be what I'm after.
I'll give it a go. Thanks for the information guys. The cisco attribute
list says
Session-Timeout : Sets the maximum number of seconds of service to be
provided to the user before the session terminates. This attribute value
becomes the per-user absolute timeout.
Not that helpful, and why I
Hi.
I'd like to give users an option to specify which network to connect to
using something like
helpdesk\username@realm
admins\username@realm
I was thinking of stripping the network part in hints and saving it in a
variable say Preferred-Network and then match on it in users
DEFAULT
Oh for sure...
I used Cisco 1200s @ RSA and the Windows EAP interfaces
I was always fighting with the system timing out the authentication
before a user would time in a token code. This frequently takes a
minute or more, because people have to get their token, often they
wait for the code
On 4 Jul 2013, at 22:32, David Mitton da...@mitton.com wrote:
Oh for sure...
I used Cisco 1200s @ RSA and the Windows EAP interfaces
I was always fighting with the system timing out the authentication before a
user would time in a token code. This frequently takes a minute or more,
17 matches
Mail list logo
