On 28.08.2013 9:48, Olivier Beytrison wrote:
On 28.08.2013 00:20, Martin Kraus wrote:
Hi. I'm using groups to authorize users and pull radius profiles for the users.
My config is similar to what the default freeradius configuration offers.
Why not just call rlm_ldap from inner-tunnel
On Wed, Aug 28, 2013 at 10:10:32AM +0400, Iliya Peregoudov wrote:
On 28.08.2013 9:48, Olivier Beytrison wrote:
On 28.08.2013 00:20, Martin Kraus wrote:
Hi. I'm using groups to authorize users and pull radius profiles for the
users.
My config is similar to what the default freeradius
On Wed, Aug 28, 2013 at 12:20:12AM +0200, Martin Kraus wrote:
I'm stuck with 2.1.10 on ubuntu:-(
Without trying to come across as if I'm a stuck record... this is
easy to solve.
https://lists.freeradius.org/pipermail/freeradius-users/2013-August/067939.html
Cheers,
Matthew
--
Matthew
On Wed, Aug 28, 2013 at 07:48:38AM +0200, Olivier Beytrison wrote:
server inner-tunnel {
authorize {
eap
# stop processing authorize on eap identity or mschap success/fail
if ((EAP-Type == 1) || (EAP-Message[0] =~ /^0x02..00061a..$/)) {
noop
}
else {
#
On 28 Aug 2013, at 14:35, Martin Kraus lists...@wujiman.net wrote:
On Wed, Aug 28, 2013 at 07:48:38AM +0200, Olivier Beytrison wrote:
server inner-tunnel {
authorize {
eap
# stop processing authorize on eap identity or mschap success/fail
if ((EAP-Type == 1) || (EAP-Message[0]
On 28/08/13 14:49, Arran Cudbard-Bell wrote:
Does anyone have a configuration which gets it down to a single LDAP query for
PEAP?
What inner?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 28 Aug 2013, at 15:01, Phil Mayers p.may...@imperial.ac.uk wrote:
On 28/08/13 14:49, Arran Cudbard-Bell wrote:
Does anyone have a configuration which gets it down to a single LDAP query
for PEAP?
What inner?
MSHCAPv2 - I thought PEAPv0 was only MSCHAPv2?
Arran Cudbard-Bell
On Wed, Aug 28, 2013 at 03:11:04PM +0100, Arran Cudbard-Bell wrote:
On 28 Aug 2013, at 15:01, Phil Mayers p.may...@imperial.ac.uk wrote:
On 28/08/13 14:49, Arran Cudbard-Bell wrote:
Does anyone have a configuration which gets it down to a single LDAP query
for PEAP?
What inner?
On 28/08/13 15:11, Arran Cudbard-Bell wrote:
On 28 Aug 2013, at 15:01, Phil Mayers p.may...@imperial.ac.uk wrote:
On 28/08/13 14:49, Arran Cudbard-Bell wrote:
Does anyone have a configuration which gets it down to a single LDAP query for
PEAP?
What inner?
MSHCAPv2 - I thought PEAPv0
On 28 Aug 2013, at 15:26, Matthew Newton m...@leicester.ac.uk wrote:
On Wed, Aug 28, 2013 at 03:11:04PM +0100, Arran Cudbard-Bell wrote:
On 28 Aug 2013, at 15:01, Phil Mayers p.may...@imperial.ac.uk wrote:
On 28/08/13 14:49, Arran Cudbard-Bell wrote:
Does anyone have a configuration
Yes, Alan B had some comments about that IIRC...
I think Apple these days expect administrators to use the Apple iPhone
Configuration Utility to create a network profile and import that into your
802.1X settings.
Bizarre, but there you are.
Stefan
-Original Message-
Fine, yes,
On Wed, Aug 28, 2013 at 03:42:08PM +0100, Arran Cudbard-Bell wrote:
Fine, yes, also TLS. But in the wonderful world of Microsoft supplicants PEAP
usually specifies PEAP with and MSCHAPv2 inner?
Windows 7 supports PEAP+TLS. Unline Network Manager on linux distributions.
and wow did they get
On 28 Aug 2013, at 15:38, Phil Mayers p.may...@imperial.ac.uk wrote:
On 28/08/13 15:11, Arran Cudbard-Bell wrote:
On 28 Aug 2013, at 15:01, Phil Mayers p.may...@imperial.ac.uk wrote:
On 28/08/13 14:49, Arran Cudbard-Bell wrote:
Does anyone have a configuration which gets it down to a
Arran wrote:
and wow did they get rid of the 802.1X profile configuration GUI interface in
OSX 10.8? That sucks.
If you think that sucks, wait till you see the horrible things you have to do
to generate a .mobileconfig without access to an OSX server license.
--
Brian S. Julin
-
List
On Wed, Aug 28, 2013 at 02:49:32PM +0100, Arran Cudbard-Bell wrote:
Does anyone have a configuration which gets it down to a single LDAP query
for PEAP?
The following is for EAP-TTLS/EAP-TLS and PEAP/EAP-TLS on my setup.
# When EAP-TLS runs in EAP-TTLS tunnel the id starts at 0x00 and we
On 28/08/13 15:46, Arran Cudbard-Bell wrote:
OK. Just wondering if you could really get it down to a single
lookup, IIRC you needed the 'known good' NT-Password data for a
couple of rounds of MSCHAPv2?
Nope, just one. The MSCHAP challenge response arrive at you, you
validate them and in turn
On 28/08/13 16:00, Martin Kraus wrote:
I found that if I nest ifs then default = return won't skip the authorize
section and putting the tests on multiple lines doesn't work so it is this
ugly:-)
Yeah, that's an annoyance of the configurable failover stuff.
However this really isn't
On Wed, Aug 28, 2013 at 03:46:53PM +0100, Arran Cudbard-Bell wrote:
Apparently not; you can apparently run EAP-TLS inside PEAP,
which is a new one on me.
Has been running fine here for months. Only real benefit - SoH with
EAP-TLS.
For PEAP/MSCHAP, under 2.x the link someone posted to my
On Wed, Aug 28, 2013 at 03:13:12PM +, Brian Julin wrote:
Arran wrote:
and wow did they get rid of the 802.1X profile configuration GUI interface
in
OSX 10.8? That sucks.
If you think that sucks, wait till you see the horrible things you have to do
to generate a .mobileconfig
On Wed, Aug 28, 2013 at 03:46:53PM +0100, Arran Cudbard-Bell wrote:
OK. Just wondering if you could really get it down to a single lookup, IIRC
you needed the 'known good' NT-Password data for a couple of rounds of
MSCHAPv2?
with
if ( (EAP-Type == Identity) || (EAP-Type == NAK) ||
On Wed, Aug 28, 2013 at 04:49:42PM +0100, Matthew Newton wrote:
See the sites-available/check-eap-tls file in v3, and the
mods-available/eap file, option virtual_server in the tls
section.
I backported the patch I wrote to do this to v2 (which is what we
are running); I'm not sure if it
Its been a while since I'Ve used it, but doesn't the iPhone Config Utility
generate mobileconfigs that work on OS X?
http://support.apple.com/kb/DL1465
Dave Aldwinckle
On 2013-08-28 11:13 AM, Brian Julin bju...@clarku.edu wrote:
Arran wrote:
and wow did they get rid of the 802.1X profile
Hi,
If you think that sucks, wait till you see the horrible things you have to do
to generate a .mobileconfig without access to an OSX server license.
what, download the iPhone Configuration Utility? yes, quite horrible ;-)
alan
-
List info/subscribe/unsubscribe? See
Aldwinckle
Sent: Wednesday, August 28, 2013 2:32 PM
To: FreeRadius users mailing list
Subject: Re: (was) RE: how to limit the repeating ldap lookups
Its been a while since I'Ve used it, but doesn't the iPhone Config Utility
generate mobileconfigs that work on OS X?
http://support.apple.com/kb
Martin Kraus wrote:
I'm using TTLS+TLS.
Then what are you looking up in ldap?
I can see that the eap { ok = return } automagically skips to the
authentication section but the first two access-requests in the session cause
it to return updated status so the ldap lookups are executed.
I
On Tue, Aug 27, 2013 at 05:20:32PM -0400, Alan DeKok wrote:
Again, look at the debug log to see what's happening. *WHY* are you
doing LDAP lookups at all? Can you not delay them?
Hi. I'm using groups to authorize users and pull radius profiles for the users.
My config is similar to what the
On 28.08.2013 00:20, Martin Kraus wrote:
On Tue, Aug 27, 2013 at 05:20:32PM -0400, Alan DeKok wrote:
Again, look at the debug log to see what's happening. *WHY* are you
doing LDAP lookups at all? Can you not delay them?
Hi. I'm using groups to authorize users and pull radius profiles for
Hi.
Is it possible to limit the repeating ldap lookups that happen during mschap
and tls negotiations? Like having an attribute that I could test for which
would tell me that the negotiation is completed?
thanks
martin
-
List info/subscribe/unsubscribe? See
On 26 Aug 2013, at 14:33, Martin Kraus lists...@wujiman.net wrote:
Hi.
Is it possible to limit the repeating ldap lookups that happen during mschap
and tls negotiations? Like having an attribute that I could test for which
would tell me that the negotiation is completed?
If you list the
On Mon, Aug 26, 2013 at 02:45:29PM +0100, Arran Cudbard-Bell wrote:
Is it possible to limit the repeating ldap lookups that happen during mschap
and tls negotiations? Like having an attribute that I could test for which
would tell me that the negotiation is completed?
If you list the ldap
30 matches
Mail list logo