Hi,
I have a question. I already read how to make this, but I'm not sur if it
works !
So, what do I want ? I have 2 SSID : students and an other staff. I want to
have to ldap instance for authenticating my users.
In the /module/ldap, I have set ldap students { some stuff } and ldap staff
{ some
On 05/16/2011 01:03 AM, Mark Jones wrote:
Hi Phil thanks for answering. I am trying to authenticate the
machines on bootup. I have an edir backend and am following this cool
solutions article which is fairly old:
http://www.novell.com/coolsolutions/feature/17044.html In it they
talk about
seb2020 girard@gmail.com wrote:
I have a question. I already read how to make this, but I'm not sur if
it works !
So, what do I want ? I have 2 SSID : students and an other staff. I
want to have to ldap instance for authenticating my users.
You really do *not* want to do this.
Thanks for your reply !
I will do what you say me ! I will make one SSID and chech with the group my
user with the OU of the user.
My user is by example : user.group.locality.tree
How I can retreive the group of my user ? And this verification, I need to
make in this file
Thanks for your reply !
I will do what you say me ! I will make one SSID and check with the group my
user with the OU of the user.
My user is by example : user.group.locality.tree
How I can retreive the numbers of letters in my loginname ?
And this verification, I need to make in this file
Hi,
I'am trying to make FR 2.1.10 on Squeeze work with my LDAP installation.
What I want to do is:
A host-based authentification for my workstations. All the names of the
workstations are in LDAP, the authentification itself should be done
with EAP-TLS. I would like to have a hint, how to
On 16/05/11 13:32, Alexandros Gougousoudis wrote:
Hi,
I'am trying to make FR 2.1.10 on Squeeze work with my LDAP installation.
What I want to do is:
A host-based authentification for my workstations. All the names of the
workstations are in LDAP, the authentification itself should be done
with
Alexandros Gougousoudis wrote:
A host-based authentification for my workstations. All the names of the
workstations are in LDAP, the authentification itself should be done
with EAP-TLS. I would like to have a hint, how to start EAP when the
LDAP-Query was successfull.
You don't.
Instead,
seb2020 girard@gmail.com wrote:
I will do what you say me ! I will make one SSID and check with the group my
user with the OU of the user.
My user is by example : user.group.locality.tree
How I can retreive the numbers of letters in my loginname ?
And this verification, I need to
Hi Phil,
Phil Mayers schrieb:
You've broken the default configs by adding in modules you don't need
and don't understand.
Go back to the default configs. Then *just* configure LDAP, and things
will work.
Thats what I did right now, EAP starts (Ubuntu 10.04, with working cert
on FR 1.1)
Alan,
I'm unable to build a 64-bit version of FreeRADIUS 2.1.10 on Solaris 10 9/10
s10x_u9wos_14a X86 owing to the following
problem. I'm using the latest software from the 2.1.x git repository and gcc
version 3.4.3.
I've noticed that the 'FNM_FILE_NAME' flag is not declared in the fnmatch.h
Hi chaps,
I'm slightly confused with the different V2 semantics. I'm trying to truncate
the Framed-IP-Address to the first three quads for a particular realm
(somerealm below) when a particular attribute contains particular text:
In pre V2, something like this would do the trick:
somerealm
Hi Alan,
Alan DeKok schrieb:
You're forcing Auth-Type, and using ntlm_auth for EAP-TLS. This is wrong.
Don't force Auth-Type.
I didn't want that, now after kicking out ntlm_auth things work, even
the cert has been accepted. I assume the problem I had was, that the
time of the
Hello...
This is probably a very silly issue. I have the following on my default
file:
update control {
Tmp-String-0 = %{sql:select a from paq where
CallingStationId='%{Calling-Station-Id}'
Tmp-String-5 = %{sql:select b from paq where
CallingStationId='%{Calling-Station-Id}'
Chris Howley wrote:
Alan,
I'm unable to build a 64-bit version of FreeRADIUS 2.1.10 on Solaris 10 9/10
s10x_u9wos_14a X86 owing to the following
problem. I'm using the latest software from the 2.1.x git repository and gcc
version 3.4.3.
I've noticed that the 'FNM_FILE_NAME' flag is not
Hello... This is probably a very silly issue. I have the following on my
default file:
update control {
Tmp-String-0 = %{sql:select a from paq where
CallingStationId='%{Calling-Station-Id}'
Tmp-String-5 = %{sql:select b from paq where
CallingStationId='%{Calling-Station-Id}'
}
if
Steve Brown wrote:
Hi chaps,
I'm slightly confused with the different V2 semantics. I'm trying to truncate
the Framed-IP-Address to the first three quads for a particular realm
(somerealm below) when a particular attribute contains particular text:
You can't really do that. IP addresses
Hi,
just one other question, how is it possible to have (or control) more
than one filter in the ldap module? I use our LDAP to have access via
PEAP or EAP-TLS, this works, thanks to this list.
The problem now is, that workstations are stored as WORKSTATIONNAME$
(with a $ ath the end,
On 05/16/2011 10:13 AM, Alexandros Gougousoudis wrote:
Phil, I also understand a lot of things and I can read, but the
documentation of FR is not ideal. I've googled around, looked examples
and had more questions than before. Where are all these features
documented, like the if then-things in
Thanks Phil. I am out of the office until Thursday but on my first message I
posted the debug from bootup where it fails..is there more output I need to
post later this week?
Mark
Sent from my Blackberry® wireless device
-Original Message-
From: Phil Mayers p.may...@imperial.ac.uk
On 16/05/11 15:37, d...@hotmail.com wrote:
Hello... This is probably a very silly issue. I have the following on my
default file:
update control {
Tmp-String-0 = %{sql:select a from paq where
CallingStationId='%{Calling-Station-Id}'
Tmp-String-5 = %{sql:select b from paq where
Hi Alan,
Thanks for the details.
On 16/05/11 16:03, Alan DeKok wrote:
the Framed-IP-Address to the first three quads for a particular realm
You can't really do that. IP addresses have 4 octets...
Yes I know, this is a proxy only and the home server has specifically requested
we do
How about (|(uid=%{user-name})(uid=%{user-name}$))
You may need to escape the $
On 16/05/2011, at 5:06 PM, Alexandros Gougousoudis
gougousoudis-l...@servicecenter-khs.de wrote:
Hi,
just one other question, how is it possible to have (or control) more than
one filter in the ldap module?
To help others (like us) who hit this issue...
R. Marc posted:
Yeah, figured that; just trying to figure out why.
and yes, it's sshd:
# strings /usr/sbin/sshd | grep INC
INCORRECT
As a suggestion, if there are 5-6 pieces of software involved in
authentication, don't immediately jump
I found out after checking other posts that the correct syntax of the IF
should be as follows:
if (%{control:Tmp-String-0} %{control:Tmp-String-5} ) { }
this is working now for me.
--
View this message in context:
Hi John,
Just to chime in, I find all of the comments in radiusd.conf, etc.
distracting overwhelming. I strip out the comments from the files I'm
using - usually to find out how simple the configuration really is.
When I'm missing something, I refer back to the original files look up
the
John,
I believe Alan started a project to try and improve documentation in May last
year. A few documents were converted RST format, but I don't think it was ever
completed.
I'm going to suggest the same thing I did back then. Add RST support to the
Wiki, setup a well defined documentation
On 05/16/2011 02:20 PM, Arran Cudbard-Bell wrote:
John,
I believe Alan started a project to try and improve documentation in
May last year. A few documents were converted RST format, but I don't
think it was ever completed.
I'm going to suggest the same thing I did back then. Add RST support
If I knew more about it I would take my time to write some ... examples, use
cases, case studies, whatever. But, I can barely get by - each time I think I
understand something it turns out I really don't. I don't want to spread bad
info so I say nothing - usually :)
IMHO a good starting
Steve Brown wrote:
Sure, but I actually _want_ to send only the first 3 octets... Is that even
possible?
No. IP addresses have 4 octets.
You can set the fourth octet to zero. *Nothing* else is possible.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Arran Cudbard-Bell wrote:
I believe Alan started a project to try and improve documentation in May last
year. A few documents were converted RST format, but I don't think it was
ever completed.
I received a number of patches from one person, a few from another one
or two, and nothing else.
John Dennis wrote:
Sounds like a fine plan to me. I do recall the documentation effort from
last year. But the various promises of documentation seem to wither on
the vine, the effort you cite is a perfect example. Maybe Alan's book is
the answer, but that's been promised for a long time too.
Gary Gatten wrote:
I will step up to the plate and offer up a standard format for a Recipe. I
will pick an easy deployment scenario - such as: How do I configure FR to
authenticate VTY access to my Cisco gear using AD on the backend, and users
must be a member of GroupX
That's
John Center wrote:
Just to chime in, I find all of the comments in radiusd.conf, etc.
distracting overwhelming. I strip out the comments from the files I'm
using - usually to find out how simple the configuration really is. When
I'm missing something, I refer back to the original files look
John Dennis wrote:
But all these positive attributes are sometimes negated by the
difficulty of understanding the system. Many justifiably feel
configuring FreeRADIUS is a black art. It's often been pointed out that
config files, doc directory and the wiki contains all you need to know.
There
/192.168.103.10/auth-detail-20110516
[auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.103.10/auth-detail-20110516
[auth_log] expand: %t - Mon May 16 15:28:41 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns
Good point about configuring multiple things at once - but that is a recipe -
right? Several ingredients that make a tasty cake?
I think it would be a pretty common deployment scenario: lots of people have
Cisco and AD, and want to auth their Cisco admins / VTY access against AD. We
used this
On 05/16/2011 03:41 PM, Alan DeKok wrote:
organization / people / roles:
code: Alan
mgmt: Alan
docs: Alan
web site: Alan
releases: Alan
bug fixes: Alan
Wiki: Peter Nixon
Sense a theme?
I do see a theme but I also see a problem.
John Dennis wrote:
I do see a theme but I also see a problem. FreeRADIUS has gotten big
enough that 1 person, even one as amazing as you are, can't do it all. I
humbly suggest you try to offload some of the work by running this as a
project and having a team.
Sure. Volunteers?
It was
Hi all,
I am looking to replace a string, before sending the query off to sql...
right now, it is %{SQL-User-Name} (sql_user_name = %{User-Name}
), but the value is going to be like:
mppp%sstap...@domain.com
and i want to remove the mppp% (which will always be prefixed, or not
exist) so that
40 matches
Mail list logo