Ok, I've gotten a little bit further with setting up my multiple SSID
stuff. I'm still working with just the test SSID, trying to get
PEAP/MSCHAP working, but running into problems with the inner virtual
server and would appreciate any further help. It's failing on the inner
tunnel with an error
It's failing on the inner tunnel with an error that
it has no value specified for the auth type,
but shouldn't that be set by the eap module?
It didn't say no value, it said unknown value. The
debug output showed the value of Auth-Type as
eap_cuesta:
Found Auth-Type = eap_cuesta
WARNING:
On Fri, Jul 15, 2011 at 7:13 AM, Nick Kartsioukas
lists.freerad...@change.nightwind.net wrote:
Okay, I've gotten a bit further, but I'm still not grasping something in
the process flow from authorization to authentication and EAP outer and
inner methods.
I'll paste relevant chunks of my
On Fri, 15 Jul 2011 08:15 +0700, Fajar A. Nugraha l...@fajar.net
wrote:
I'd look at these lines:
[ldap_parrotfish] performing search in ou=CUESTA,dc=cuesta,dc=org,
with filter (sAMAccountName=nicholas_kartsioukas)
[ldap_parrotfish] No default NMAS login sequence
[ldap_parrotfish] looking
The LDAP queries are against the AD server, btw. I forgot to paste the
mschap module config, but that's pretty basic...
mschap mschap_cuesta {
ntlm_auth = /usr/bin/ntlm_auth --request-nt-key --domain=CUESTA
--username=%{%{Stripped-User-Name}:-%{User-Name:-None}}
On Fri, Jul 15, 2011 at 9:28 AM, Nick Kartsioukas
lists.freerad...@change.nightwind.net wrote:
The LDAP queries are against the AD server, btw. I forgot to paste the
mschap module config, but that's pretty basic...
mschap mschap_cuesta {
ntlm_auth = /usr/bin/ntlm_auth --request-nt-key
Nick Kartsioukas lists.freerad...@change.nightwind.net wrote:
Thanks for the hints! I think I've got my eap.conf set up as I need it.
After some errors from freeradius and further document exploration, it
looks like what I need for the authorize section is this:
On Wed, 13 Jul 2011 09:33 +0100, Alexander Clouter
a...@digriz.org.uk wrote:
I would *strongly* recommend you run just one SSID and use VLAN
assignment in post-auth to
The huge advantage is that *every* user at your organisation can follow
the same instructions to connect to the wireless
Nick Kartsioukas lists.freerad...@change.nightwind.net wrote:
Okay...let's say I have an SSID for students and an SSID for staff.
Students authenticate against LDAP, which stores passwords as salted
SHA1 hashes. Staff authenticate against Windows ActiveDirectory.
I've found where the WLC
On 12/07/2011 02:50, Nick Kartsioukas wrote:
I've been looking through the wiki and staring at the config files and
I'm...confused.
I've successfully gotten our Cisco WLC to authenticate against
ActiveDirectory as well as a Sun LDAP server (just one at a time) via
FreeRADIUS for a single test
from my mobile
- Reply message -
From: James J J Hooper jjj.hoo...@bristol.ac.uk
Date: Tue, Jul 12, 2011 08:19
Subject: Yet another multiple SSID setup question
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
On 12/07/2011 02:50, Nick Kartsioukas wrote:
I've been
Maybe your setup is different, but when we get fac/staff logging in to wireless
with their Domain credentials, those have the domain prepended on the username,
which makes it easy to parse those with unlang and proxy those requests to the
AD servers (in our case, since our AD servers are set up
On Tue, 12 Jul 2011 07:17 +0100, Alexander Clouter
a...@digriz.org.uk wrote:
authorize {
...
if (Airespace-Wlan-Id == student_ssid) {
EAP_student
}
else {
EAP_staff
}
...
}
Thanks for the hints! I think I've got my eap.conf set up as I need it.
After some
I've been looking through the wiki and staring at the config files and
I'm...confused.
I've successfully gotten our Cisco WLC to authenticate against
ActiveDirectory as well as a Sun LDAP server (just one at a time) via
FreeRADIUS for a single test SSID, but now I'm trying to figure out how
to
14 matches
Mail list logo
