Re: xsupplicant vs. freeradius
hi why not? freeradius is doing TLS with dynamic keys since 0.5 or 0.6 release. what would be missing? ciao artur Gary McKinney wrote: artur, You may want to try the latest CVS Snapshot instead of the 0.9.3 version. The 0.9.3 version does not have all of the code to support what you are attempting to do (or at least it did not when I was working on getting the EAP/TTLS protocols working with a Linksys WRT45G Wireless router and WPC54G Wireless PCMCIA card using the Funk Software Supplicant - works like a charm)... Hope this helps... Gary N. McKinney Network Administrator Computer Services Dept. Brevard County Library System -- Original Message -- From: Artur Hecker [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 25 Mar 2004 09:34:17 +0100 hi list now it's a bit out of scope but i am sure some of you have some experiences with xsupplicant. i'm doing EAP/TLS over cisco 350 card and cisco 1200 or 350 APs to the 0.9.3 release of freeradius and it's actually a bit funny since (one of the latest) xsupplicant doesn't stop reauthenticating all the time although there is nothing in the Access-Accept message which would limit the session-time. so this is not about freeradius. now, i would have said that this has nothing to do with xsupplicant neither since, in the packet log, the AP is really sending an EAP Request/Identity. But curiously enough, with Windows XP's own 802.1X client with the _same_ card and the _same_ client certificate this does _not_ happen. basically, freeradius sends exactly the same Access packet in both cases: Access-Accept along with all the keys. now, xsupplicant says Authenticated. then it gets its keys, the broadcast _and_ the unicast keys, installs those two correctly and, hardly installed, it gets a new (re)authentication request!? the really funny thing is that the data pass through during all this reauthentication storm: i can bring up my wireless interface with DHCP and then even ping hosts while they keep on reauthentcating with about 0.5s delays between the last EAPOL key and the new EAP Request/ID... does somebody have _ANY_ idea what it could be about? ciao artur - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- [This E-mail scanned for viruses by Declude Ant-Virus Scanner] Sent via the KillerWebMail system at mail.brev.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
R: MySQL accounting and Cisco-AVPair
I've found an old patch to cisco_vsa_hack
http://lists.cistron.nl/pipermail/freeradius-devel/2001-August/001181.html
i don't know C language so i've applied the patch as it was...
it works!!
cisco_vsa_hack change
Cisco-AVPair = ip:source-ip=192.168.0.127
to
ip:source-ip=192.168.0.127
so i've modified sql.conf to store this info on db radacct
and now it's ok
i don't know if the cisco_vsa_hack now is ok but it seems to works fine
-Messaggio originale-
Da: Jérôme Warnier [mailto:[EMAIL PROTECTED]
Inviato: giovedì 25 marzo 2004 19:30
A: '[EMAIL PROTECTED]'
Oggetto: Re: MySQL accounting and Cisco-AVPair
Le lun 22/03/2004 à 11:47, Pugnaloni Federico a écrit :
Hi,
i'm using FreeRADIUS Version 0.9.3on FreeBSD 4.9
i'm using with a Cisco PIX to AAA internet access
it works fine, but i need to store the Cisco-AVPair info in
radacct SQL
table.
As i can see in the detail accounting freeradius store
Cisco-AVPair info
-snip-
Cisco-AVPair = ip:source-ip=192.168.0.127
Cisco-AVPair = ip:source-port=4051
Cisco-AVPair = ip:destination-ip=10.10.10.1
Cisco-AVPair = ip:destination-port=23
-snip
but i cannot store this info on sql
I've tried to modify sql.conf as is:
accounting_stop_query_alt = INSERT into ${acct_table2} (RadAcctId,
AcctSessionId... AcctStopDelay) values('', '%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}',
'%{NAS-IP-Address}', '%{NAS-Port}'... '%{Cisco-AVPair}',
'%{Cisco-AVPair}'..}')
but it returns only the first instance of Cisco-AVPair
(ip:source-ip=192.168.0.127)
how can i store all the values?
Does the following help you?
http://www.freeradius.org/cgi-bin/cvsweb.cgi/~checkout~/radius
d/src/billing/README?rev=1.5content-type=text/plain
--
Federico Pugnaloni
--
Jérôme Warnier
Consultant
BeezNest
http://beeznest.net
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help me out, waiting 4 response
Hi Dear, is there any one other who like to help me, i have complied already freeradius on linux 8.0. I have installed mysql and i want to connect my Freeradius 0.9.3 with mysql database. But when i run my radius by the command /usr/local/sbin/radiud -x then it shows the following error message (during loading sql) rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. Initially i took help from the material on the site that is http://www.frontios.com/freeradius.html I have read the help file but couldn't get and i am standing on the same position . So please help me out of this as soon as possible. Thanx regards Arshad Shah _ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: lower_pass = after problems
Alan DeKok wrote: Federico Giannici [EMAIL PROTECTED] wrote: I have noticed that the lower_pass = after configuration command is implemented simply executing a second time the entire sequence of authorization/authentication operations. Yes. The feature is a hack, and should be removed from the server. Similarly, the lower_user feature should also be deleted. Hummm... Do you want to remove only the after option (the real hack) or the entire command? I'd like to know this so, in the latter case, I'll have to implement this functionality in our custom module I'm writing... Thanks. -- ___ __ |- [EMAIL PROTECTED] |ederico Giannici http://www.neomedia.it ___ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Order of attributes when using LDAP
On Thu, 25 Mar 2004, Wolfgang Hottgenroth wrote: Hi, I've a question concerning the rlm_ldap module. The order of radius attributes, especially of multiple values for one attribute, in the access-accept reply sent to the NAS is sometimes crucially. For instance for the ascend-data-filter attribute. Is there a way to guarantee this order when the attributes are read from an LDAP server, since an LDAP server does not guarantee the order in which multiple values of a single attribute are returned? I think there's no absolute guarantee right now. Although ldap will send back the attributes in the order in which you 've stored them. Thank you, Wolfgang - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
R: Help me out, waiting 4 response
You have to compile freeradius with mysql support on my freebsd machine it's non enable by default try make clean make WITH_MYSQL make install or make -DWITH_MYSQL install -Messaggio originale- Da: arshad shah [mailto:[EMAIL PROTECTED] Inviato: venerdi 26 marzo 2004 13:29 A: [EMAIL PROTECTED] Oggetto: Help me out, waiting 4 response Hi Dear, is there any one other who like to help me, i have complied already freeradius on linux 8.0. I have installed mysql and i want to connect my Freeradius 0.9.3 with mysql database. But when i run my radius by the command /usr/local/sbin/radiud -x then it shows the following error message (during loading sql) rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. Initially i took help from the material on the site that is http://www.frontios.com/freeradius.html I have read the help file but couldn't get and i am standing on the same position . So please help me out of this as soon as possible. Thanx regards Arshad Shah _ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: working with another sql table in freeRadius
Yes it can. Since all the queries are configurable, you can modify them how ever you want. John Que wrote: Hello, I work with freeRadius and mysql. Now , I know and succeed to read attributes from the radreply sql table in the authorize request. (see below an example) My problem is this : I want to create a table which has 2 columns : user country code (integer), and price for that country code (also integer). Theses 2 attributes can be added as VSA attributes. Now in the authorize request, I want to pass , besides userName and password,the country code as a VSA attribute ,and get back from the radius server (which will read the proper sql table) the country price for that country code. As I understand this is not the usual way of working with mysql in radius, since in the usual way we read attributes from a radreply table which correspond to a specific USER NAME and not to something else. can this be done ? Any help will be appreciated. (I do receive bak from authorize the values of attributes I set for a specific user in the radreply sql table; thus , if my radreply table is : mysql select * from radreply; ++--+---+--++ | id | UserName | Attribute | op | Value | ++--+---+--++ | 1 | | Framed-IP-Address | := | 164.131.0.1 | ++--+---+--+-+ I do get the value of 164.131.0.1 for Framed-IP-Address attribute. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: R: Help me out, waiting 4 response
Pugnaloni Federico [EMAIL PROTECTED] wrote: You have to compile freeradius with mysql support on my freebsd machine it's non enable by default That's what configuration files are for. Edit them. make clean make WITH_MYSQL Nothing in the documentation leads you to believe that WITH_MYSQL does anything. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help with LDAP authorization using groupOfNames and huntgroups
Hello,
I'm having a lot of trouble getting my freeradius (CVS snap 20040323)
to Allow/Deny access based on membership in LDAP groups (where the
group names are associated with huntgroups). rlm_ldap docs and the mailing
list archive didn't help me much..
I'd like to do something like this:
huntgroups:
.
dialup NAS-IP-Address == 172.16.0.12
wirelessNAS-IP-Address == 172.16.0.13
users:
.
DEFAULT Huntgroup-Name == dialup,
Ldap-Group == cn=Dialup,ou=Remote Access,dc=kensfoods,dc=com
Fall-Through = yes
DEFAULT Huntgroup-Name == wireless,
Ldap-Group == cn=Wireless,ou=Remote Access,dc=kensfoods,dc=com
Fall-Through = yes
ldif:
.
dn: cn=Dialup,ou=Remote Access, dc=kensfoods,dc=com
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: cn=John Smith,ou=Users,dc=kensfoods,dc=com
cn: Dialup
dn: cn=Wireless,ou=Remote Access, dc=kensfoods,dc=com
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: cn=Robert Kelley,ou=Users,dc=kensfoods,dc=com
cn: Wireless
radiusd.conf
.
modules {
...
ldap {
server = ldap.kensfoods.com
identity = cn=FreeRADIUS,ou=Daemon,dc=kensfoods,dc=com
password = **
basedn = ou=Users,dc=kensfoods,dc=com
filter = (uid=%u)
start_tls = no
ldap_connections_number = 5
dictionary_mapping = ${raddbdir}/ldap.attrmap
password_header = {SHA}
password_attribute = userPassword
groupname_attribute = cn
groupmembership_filter =
((objectClass=groupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
timeout = 4
timelimit = 3
net_timeout = 1
compare_check_items = no
}
}
authorize {
preprocess
chap
mschap
suffix
eap
files
ldap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
Auth-Type LDAP {
ldap
}
eap
}
With the above configuration, no group checks are happening
radiusd -X
.
rad_recv: Access-Request packet from host 127.0.0.1:40092, id=100,
length=59
User-Name = cforbes
User-Password =
NAS-IP-Address = 255.255.255.255
NAS-Port = 1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
modcall[authorize]: module chap returns noop for request 0
modcall[authorize]: module mschap returns noop for request 0
rlm_realm: No '@' in User-Name = cforbes, looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module eap returns noop for request 0
modcall[authorize]: module files returns notfound for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cforbes
radius_xlat: '(uid=cforbes)'
radius_xlat: 'ou=Users,dc=kensfoods,dc=com'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap.kensfoods.com:389, authentication 0
rlm_ldap: bind as cn=FreeRADIUS,ou=Daemon,dc=kensfoods,dc=com
to ldap.kensfoods.com:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=Users,dc=kensfoods,dc=com, with filter
(uid=cforbes)
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding acctFlags as SMB-Account-CTRL-TEXT
rlm_ldap: Adding ntPassword as NT-Password
rlm_ldap: Adding lmPassword as LM-Password
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cforbes authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type LDAP
auth: type LDAP
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_ldap: - authenticate
rlm_ldap: login attempt by cforbes with password
rlm_ldap: user DN: cn=Casey Forbes,ou=Users,dc=kensfoods,dc=com
rlm_ldap: (re)connect to ldap.kensfoods.com:389, authentication 1
rlm_ldap: bind as cn=Casey Forbes,ou=Users,dc=kensfoods,dc=com to
ldap.kensfoods.com:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: user cforbes authenticated succesfully
modcall[authenticate]: module ldap returns ok for request 0
modcall: group Auth-Type returns ok for request 0
Login OK: [cforbes] (from client localhost port 1)
Sending Access-Accept of id 100 to 127.0.0.1:40092
Finished request 0
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting_update_query
Hi, we are using Freeradius together with mysql. Now we ativated the interim accounting on an Cisco LNS. In the "accounting_update_query" is nothing regarding session time and acctOctets in both directions. Is there any reason for this? In the "Interim" specification the accounting update should be similar to a stop record, without termination_cause and stop time. Thanks for any suggestions, best regards, Andreas Müller
Re: Help with LDAP authorization using groupOfNames and huntgroups
Hm. That doesn't work either.
rad_recv: Access-Request packet from host 127.0.0.1:40210, id=122, length=59
User-Name = cforbes
User-Password =
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module preprocess returns ok for request 2
modcall[authorize]: module chap returns noop for request 2
modcall[authorize]: module mschap returns noop for request 2
rlm_realm: No '@' in User-Name = cforbes, looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop for request 2
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module eap returns noop for request 2
users: Matched DEFAULT at 67
modcall[authorize]: module files returns ok for request 2
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cforbes
radius_xlat: '(uid=cforbes)'
radius_xlat: 'ou=Users,dc=kensfoods,dc=com'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=Users,dc=kensfoods,dc=com, with filter
(uid=cforbes)
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding acctFlags as SMB-Account-CTRL-TEXT, value [U op=21
rlm_ldap: Adding ntPassword as NT-Password, value
rlm_ldap: Adding lmPassword as LM-Password, value
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cforbes authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap returns ok for request 2
modcall: group authorize returns ok for request 2
rad_check_password: Found Auth-Type Reject
rad_check_password: Auth-Type = Reject, rejecting user
auth: Failed to validate the user.
Login incorrect: [cforbes] (from client localhost port 0)
Delaying request 2 for 1 seconds
Finished request 2
Going to the next request
On Fri, 26 Mar 2004, Dustin Doris wrote:
Try setting Fall-Through to no and putting a reject at the bottom of the
file.
DEFAULT Huntgroup-Name == dialup,
Ldap-Group == cn=Dialup,ou=Remote Access,dc=kensfoods,dc=com
Fall-Through = no
DEFAULT Huntgroup-Name == wireless,
Ldap-Group == cn=Wireless,ou=Remote Access,dc=kensfoods,dc=com
Fall-Through = no
DEFAULT Auth-Type := Reject
On Fri, 26 Mar 2004, Casey Forbes wrote:
Hello,
I'm having a lot of trouble getting my freeradius (CVS snap 20040323)
to Allow/Deny access based on membership in LDAP groups (where the
group names are associated with huntgroups). rlm_ldap docs and the mailing
list archive didn't help me much..
I'd like to do something like this:
huntgroups:
.
dialup NAS-IP-Address == 172.16.0.12
wirelessNAS-IP-Address == 172.16.0.13
users:
.
DEFAULT Huntgroup-Name == dialup,
Ldap-Group == cn=Dialup,ou=Remote Access,dc=kensfoods,dc=com
Fall-Through = yes
DEFAULT Huntgroup-Name == wireless,
Ldap-Group == cn=Wireless,ou=Remote Access,dc=kensfoods,dc=com
Fall-Through = yes
ldif:
.
dn: cn=Dialup,ou=Remote Access, dc=kensfoods,dc=com
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: cn=John Smith,ou=Users,dc=kensfoods,dc=com
cn: Dialup
dn: cn=Wireless,ou=Remote Access, dc=kensfoods,dc=com
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: cn=Robert Kelley,ou=Users,dc=kensfoods,dc=com
cn: Wireless
radiusd.conf
.
modules {
...
ldap {
server = ldap.kensfoods.com
identity = cn=FreeRADIUS,ou=Daemon,dc=kensfoods,dc=com
password = **
basedn = ou=Users,dc=kensfoods,dc=com
filter = (uid=%u)
start_tls = no
ldap_connections_number = 5
dictionary_mapping = ${raddbdir}/ldap.attrmap
password_header = {SHA}
password_attribute = userPassword
groupname_attribute = cn
groupmembership_filter =
((objectClass=groupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
timeout = 4
timelimit = 3
net_timeout = 1
compare_check_items = no
}
}
authorize {
preprocess
chap
mschap
suffix
eap
files
ldap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
Auth-Type LDAP {
ldap
}
eap
}
With the above configuration, no group checks are happening
radiusd -X
.
rad_recv: Access-Request packet from host 127.0.0.1:40092, id=100,
length=59
User-Name = cforbes
User-Password =
NAS-IP-Address = 255.255.255.255
NAS-Port = 1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
modcall[authorize]: module chap returns noop for request 0
Re: LDAP LEAP and Freeradius
Is it possible to use LDAP to authenticate LEAP clients? If so does anyone have the particulars? TIA, Steve - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with LDAP authorization using groupOfNames and huntgroups
Yup - they are on the same line. Sorry about that misleading wrapping
DEFAULT Huntgroup-Name == dialup, Ldap-Group == cn=Dialup,ou=Remote
Access,dc=kensfoods,dc=com
Fall-Through = yes
DEFAULT Huntgroup-Name == wireless, Ldap-Group == cn=Wireless,ou=Remote
Access,dc=kensfoods,dc=com
Fall-Through = yes
On Fri, 26 Mar 2004, Dustin Doris wrote:
Hmm, is your Ldap-Group statement on the same line as DEFAULT? If not,
try it without a line break.
DEFAULT Huntgroup-Name == dialup, Ldap-Group == cn=Dialup,ou=Remote
Access,dc=kensfoods,dc=com
Fall-Through = no
On Fri, 26 Mar 2004, Casey Forbes wrote:
Hm. That doesn't work either.
rad_recv: Access-Request packet from host 127.0.0.1:40210, id=122, length=59
User-Name = cforbes
User-Password =
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module preprocess returns ok for request 2
modcall[authorize]: module chap returns noop for request 2
modcall[authorize]: module mschap returns noop for request 2
rlm_realm: No '@' in User-Name = cforbes, looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop for request 2
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module eap returns noop for request 2
users: Matched DEFAULT at 67
modcall[authorize]: module files returns ok for request 2
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cforbes
radius_xlat: '(uid=cforbes)'
radius_xlat: 'ou=Users,dc=kensfoods,dc=com'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=Users,dc=kensfoods,dc=com, with filter
(uid=cforbes)
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding acctFlags as SMB-Account-CTRL-TEXT, value [U op=21
rlm_ldap: Adding ntPassword as NT-Password, value
rlm_ldap: Adding lmPassword as LM-Password, value
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cforbes authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap returns ok for request 2
modcall: group authorize returns ok for request 2
rad_check_password: Found Auth-Type Reject
rad_check_password: Auth-Type = Reject, rejecting user
auth: Failed to validate the user.
Login incorrect: [cforbes] (from client localhost port 0)
Delaying request 2 for 1 seconds
Finished request 2
Going to the next request
On Fri, 26 Mar 2004, Dustin Doris wrote:
Try setting Fall-Through to no and putting a reject at the bottom of the
file.
DEFAULT Huntgroup-Name == dialup,
Ldap-Group == cn=Dialup,ou=Remote Access,dc=kensfoods,dc=com
Fall-Through = no
DEFAULT Huntgroup-Name == wireless,
Ldap-Group == cn=Wireless,ou=Remote Access,dc=kensfoods,dc=com
Fall-Through = no
DEFAULT Auth-Type := Reject
On Fri, 26 Mar 2004, Casey Forbes wrote:
Hello,
I'm having a lot of trouble getting my freeradius (CVS snap 20040323)
to Allow/Deny access based on membership in LDAP groups (where the
group names are associated with huntgroups). rlm_ldap docs and the mailing
list archive didn't help me much..
I'd like to do something like this:
huntgroups:
.
dialup NAS-IP-Address == 172.16.0.12
wirelessNAS-IP-Address == 172.16.0.13
users:
.
DEFAULT Huntgroup-Name == dialup,
Ldap-Group == cn=Dialup,ou=Remote Access,dc=kensfoods,dc=com
Fall-Through = yes
DEFAULT Huntgroup-Name == wireless,
Ldap-Group == cn=Wireless,ou=Remote Access,dc=kensfoods,dc=com
Fall-Through = yes
ldif:
.
dn: cn=Dialup,ou=Remote Access, dc=kensfoods,dc=com
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: cn=John Smith,ou=Users,dc=kensfoods,dc=com
cn: Dialup
dn: cn=Wireless,ou=Remote Access, dc=kensfoods,dc=com
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: cn=Robert Kelley,ou=Users,dc=kensfoods,dc=com
cn: Wireless
radiusd.conf
.
modules {
...
ldap {
server = ldap.kensfoods.com
identity = cn=FreeRADIUS,ou=Daemon,dc=kensfoods,dc=com
password = **
basedn = ou=Users,dc=kensfoods,dc=com
filter = (uid=%u)
start_tls = no
ldap_connections_number = 5
dictionary_mapping = ${raddbdir}/ldap.attrmap
password_header = {SHA}
password_attribute = userPassword
groupname_attribute = cn
groupmembership_filter =
((objectClass=groupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
timeout = 4
timelimit = 3
net_timeout = 1
Re: SMC 2804WBR PEAP not working
On Wed, 2004-03-24 at 09:53, Ionut Nistor wrote: Probably - thanks. I already written to SMC support - hopefully I'll get a response. cheers, i Dont hold your breath. I logged a support call via their website. Took a month for them to reply, and all they said was: I'm sorry for the delay... I'm looking for a radius dictionary in our material but I haven't find anything. John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
