Re: xsupplicant vs. freeradius
hi why not? freeradius is doing TLS with dynamic keys since 0.5 or 0.6 release. what would be missing? ciao artur Gary McKinney wrote: artur, You may want to try the latest CVS Snapshot instead of the 0.9.3 version. The 0.9.3 version does not have all of the code to support what you are attempting to do (or at least it did not when I was working on getting the EAP/TTLS protocols working with a Linksys WRT45G Wireless router and WPC54G Wireless PCMCIA card using the Funk Software Supplicant - works like a charm)... Hope this helps... Gary N. McKinney Network Administrator Computer Services Dept. Brevard County Library System -- Original Message -- From: Artur Hecker [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 25 Mar 2004 09:34:17 +0100 hi list now it's a bit out of scope but i am sure some of you have some experiences with xsupplicant. i'm doing EAP/TLS over cisco 350 card and cisco 1200 or 350 APs to the 0.9.3 release of freeradius and it's actually a bit funny since (one of the latest) xsupplicant doesn't stop reauthenticating all the time although there is nothing in the Access-Accept message which would limit the session-time. so this is not about freeradius. now, i would have said that this has nothing to do with xsupplicant neither since, in the packet log, the AP is really sending an EAP Request/Identity. But curiously enough, with Windows XP's own 802.1X client with the _same_ card and the _same_ client certificate this does _not_ happen. basically, freeradius sends exactly the same Access packet in both cases: Access-Accept along with all the keys. now, xsupplicant says Authenticated. then it gets its keys, the broadcast _and_ the unicast keys, installs those two correctly and, hardly installed, it gets a new (re)authentication request!? the really funny thing is that the data pass through during all this reauthentication storm: i can bring up my wireless interface with DHCP and then even ping hosts while they keep on reauthentcating with about 0.5s delays between the last EAPOL key and the new EAP Request/ID... does somebody have _ANY_ idea what it could be about? ciao artur - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- [This E-mail scanned for viruses by Declude Ant-Virus Scanner] Sent via the KillerWebMail system at mail.brev.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
R: MySQL accounting and Cisco-AVPair
I've found an old patch to cisco_vsa_hack http://lists.cistron.nl/pipermail/freeradius-devel/2001-August/001181.html i don't know C language so i've applied the patch as it was... it works!! cisco_vsa_hack change Cisco-AVPair = ip:source-ip=192.168.0.127 to ip:source-ip=192.168.0.127 so i've modified sql.conf to store this info on db radacct and now it's ok i don't know if the cisco_vsa_hack now is ok but it seems to works fine -Messaggio originale- Da: Jérôme Warnier [mailto:[EMAIL PROTECTED] Inviato: giovedì 25 marzo 2004 19:30 A: '[EMAIL PROTECTED]' Oggetto: Re: MySQL accounting and Cisco-AVPair Le lun 22/03/2004 à 11:47, Pugnaloni Federico a écrit : Hi, i'm using FreeRADIUS Version 0.9.3on FreeBSD 4.9 i'm using with a Cisco PIX to AAA internet access it works fine, but i need to store the Cisco-AVPair info in radacct SQL table. As i can see in the detail accounting freeradius store Cisco-AVPair info -snip- Cisco-AVPair = ip:source-ip=192.168.0.127 Cisco-AVPair = ip:source-port=4051 Cisco-AVPair = ip:destination-ip=10.10.10.1 Cisco-AVPair = ip:destination-port=23 -snip but i cannot store this info on sql I've tried to modify sql.conf as is: accounting_stop_query_alt = INSERT into ${acct_table2} (RadAcctId, AcctSessionId... AcctStopDelay) values('', '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}'... '%{Cisco-AVPair}', '%{Cisco-AVPair}'..}') but it returns only the first instance of Cisco-AVPair (ip:source-ip=192.168.0.127) how can i store all the values? Does the following help you? http://www.freeradius.org/cgi-bin/cvsweb.cgi/~checkout~/radius d/src/billing/README?rev=1.5content-type=text/plain -- Federico Pugnaloni -- Jérôme Warnier Consultant BeezNest http://beeznest.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help me out, waiting 4 response
Hi Dear, is there any one other who like to help me, i have complied already freeradius on linux 8.0. I have installed mysql and i want to connect my Freeradius 0.9.3 with mysql database. But when i run my radius by the command /usr/local/sbin/radiud -x then it shows the following error message (during loading sql) rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. Initially i took help from the material on the site that is http://www.frontios.com/freeradius.html I have read the help file but couldn't get and i am standing on the same position . So please help me out of this as soon as possible. Thanx regards Arshad Shah _ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: lower_pass = after problems
Alan DeKok wrote: Federico Giannici [EMAIL PROTECTED] wrote: I have noticed that the lower_pass = after configuration command is implemented simply executing a second time the entire sequence of authorization/authentication operations. Yes. The feature is a hack, and should be removed from the server. Similarly, the lower_user feature should also be deleted. Hummm... Do you want to remove only the after option (the real hack) or the entire command? I'd like to know this so, in the latter case, I'll have to implement this functionality in our custom module I'm writing... Thanks. -- ___ __ |- [EMAIL PROTECTED] |ederico Giannici http://www.neomedia.it ___ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Order of attributes when using LDAP
On Thu, 25 Mar 2004, Wolfgang Hottgenroth wrote: Hi, I've a question concerning the rlm_ldap module. The order of radius attributes, especially of multiple values for one attribute, in the access-accept reply sent to the NAS is sometimes crucially. For instance for the ascend-data-filter attribute. Is there a way to guarantee this order when the attributes are read from an LDAP server, since an LDAP server does not guarantee the order in which multiple values of a single attribute are returned? I think there's no absolute guarantee right now. Although ldap will send back the attributes in the order in which you 've stored them. Thank you, Wolfgang - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
R: Help me out, waiting 4 response
You have to compile freeradius with mysql support on my freebsd machine it's non enable by default try make clean make WITH_MYSQL make install or make -DWITH_MYSQL install -Messaggio originale- Da: arshad shah [mailto:[EMAIL PROTECTED] Inviato: venerdi 26 marzo 2004 13:29 A: [EMAIL PROTECTED] Oggetto: Help me out, waiting 4 response Hi Dear, is there any one other who like to help me, i have complied already freeradius on linux 8.0. I have installed mysql and i want to connect my Freeradius 0.9.3 with mysql database. But when i run my radius by the command /usr/local/sbin/radiud -x then it shows the following error message (during loading sql) rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. Initially i took help from the material on the site that is http://www.frontios.com/freeradius.html I have read the help file but couldn't get and i am standing on the same position . So please help me out of this as soon as possible. Thanx regards Arshad Shah _ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: working with another sql table in freeRadius
Yes it can. Since all the queries are configurable, you can modify them how ever you want. John Que wrote: Hello, I work with freeRadius and mysql. Now , I know and succeed to read attributes from the radreply sql table in the authorize request. (see below an example) My problem is this : I want to create a table which has 2 columns : user country code (integer), and price for that country code (also integer). Theses 2 attributes can be added as VSA attributes. Now in the authorize request, I want to pass , besides userName and password,the country code as a VSA attribute ,and get back from the radius server (which will read the proper sql table) the country price for that country code. As I understand this is not the usual way of working with mysql in radius, since in the usual way we read attributes from a radreply table which correspond to a specific USER NAME and not to something else. can this be done ? Any help will be appreciated. (I do receive bak from authorize the values of attributes I set for a specific user in the radreply sql table; thus , if my radreply table is : mysql select * from radreply; ++--+---+--++ | id | UserName | Attribute | op | Value | ++--+---+--++ | 1 | | Framed-IP-Address | := | 164.131.0.1 | ++--+---+--+-+ I do get the value of 164.131.0.1 for Framed-IP-Address attribute. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: R: Help me out, waiting 4 response
Pugnaloni Federico [EMAIL PROTECTED] wrote: You have to compile freeradius with mysql support on my freebsd machine it's non enable by default That's what configuration files are for. Edit them. make clean make WITH_MYSQL Nothing in the documentation leads you to believe that WITH_MYSQL does anything. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help with LDAP authorization using groupOfNames and huntgroups
Hello, I'm having a lot of trouble getting my freeradius (CVS snap 20040323) to Allow/Deny access based on membership in LDAP groups (where the group names are associated with huntgroups). rlm_ldap docs and the mailing list archive didn't help me much.. I'd like to do something like this: huntgroups: . dialup NAS-IP-Address == 172.16.0.12 wirelessNAS-IP-Address == 172.16.0.13 users: . DEFAULT Huntgroup-Name == dialup, Ldap-Group == cn=Dialup,ou=Remote Access,dc=kensfoods,dc=com Fall-Through = yes DEFAULT Huntgroup-Name == wireless, Ldap-Group == cn=Wireless,ou=Remote Access,dc=kensfoods,dc=com Fall-Through = yes ldif: . dn: cn=Dialup,ou=Remote Access, dc=kensfoods,dc=com objectClass: groupOfUniqueNames objectClass: top uniqueMember: cn=John Smith,ou=Users,dc=kensfoods,dc=com cn: Dialup dn: cn=Wireless,ou=Remote Access, dc=kensfoods,dc=com objectClass: groupOfUniqueNames objectClass: top uniqueMember: cn=Robert Kelley,ou=Users,dc=kensfoods,dc=com cn: Wireless radiusd.conf . modules { ... ldap { server = ldap.kensfoods.com identity = cn=FreeRADIUS,ou=Daemon,dc=kensfoods,dc=com password = ** basedn = ou=Users,dc=kensfoods,dc=com filter = (uid=%u) start_tls = no ldap_connections_number = 5 dictionary_mapping = ${raddbdir}/ldap.attrmap password_header = {SHA} password_attribute = userPassword groupname_attribute = cn groupmembership_filter = ((objectClass=groupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))) timeout = 4 timelimit = 3 net_timeout = 1 compare_check_items = no } } authorize { preprocess chap mschap suffix eap files ldap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } Auth-Type LDAP { ldap } eap } With the above configuration, no group checks are happening radiusd -X . rad_recv: Access-Request packet from host 127.0.0.1:40092, id=100, length=59 User-Name = cforbes User-Password = NAS-IP-Address = 255.255.255.255 NAS-Port = 1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: No '@' in User-Name = cforbes, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 modcall[authorize]: module files returns notfound for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for cforbes radius_xlat: '(uid=cforbes)' radius_xlat: 'ou=Users,dc=kensfoods,dc=com' ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldap.kensfoods.com:389, authentication 0 rlm_ldap: bind as cn=FreeRADIUS,ou=Daemon,dc=kensfoods,dc=com to ldap.kensfoods.com:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=Users,dc=kensfoods,dc=com, with filter (uid=cforbes) rlm_ldap: looking for check items in directory... rlm_ldap: Adding acctFlags as SMB-Account-CTRL-TEXT rlm_ldap: Adding ntPassword as NT-Password rlm_ldap: Adding lmPassword as LM-Password rlm_ldap: looking for reply items in directory... rlm_ldap: user cforbes authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type LDAP auth: type LDAP Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 0 rlm_ldap: - authenticate rlm_ldap: login attempt by cforbes with password rlm_ldap: user DN: cn=Casey Forbes,ou=Users,dc=kensfoods,dc=com rlm_ldap: (re)connect to ldap.kensfoods.com:389, authentication 1 rlm_ldap: bind as cn=Casey Forbes,ou=Users,dc=kensfoods,dc=com to ldap.kensfoods.com:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: user cforbes authenticated succesfully modcall[authenticate]: module ldap returns ok for request 0 modcall: group Auth-Type returns ok for request 0 Login OK: [cforbes] (from client localhost port 1) Sending Access-Accept of id 100 to 127.0.0.1:40092 Finished request 0 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting_update_query
Hi, we are using Freeradius together with mysql. Now we ativated the interim accounting on an Cisco LNS. In the "accounting_update_query" is nothing regarding session time and acctOctets in both directions. Is there any reason for this? In the "Interim" specification the accounting update should be similar to a stop record, without termination_cause and stop time. Thanks for any suggestions, best regards, Andreas Müller
Re: Help with LDAP authorization using groupOfNames and huntgroups
Hm. That doesn't work either. rad_recv: Access-Request packet from host 127.0.0.1:40210, id=122, length=59 User-Name = cforbes User-Password = NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module preprocess returns ok for request 2 modcall[authorize]: module chap returns noop for request 2 modcall[authorize]: module mschap returns noop for request 2 rlm_realm: No '@' in User-Name = cforbes, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 2 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 2 users: Matched DEFAULT at 67 modcall[authorize]: module files returns ok for request 2 rlm_ldap: - authorize rlm_ldap: performing user authorization for cforbes radius_xlat: '(uid=cforbes)' radius_xlat: 'ou=Users,dc=kensfoods,dc=com' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Users,dc=kensfoods,dc=com, with filter (uid=cforbes) rlm_ldap: looking for check items in directory... rlm_ldap: Adding acctFlags as SMB-Account-CTRL-TEXT, value [U op=21 rlm_ldap: Adding ntPassword as NT-Password, value rlm_ldap: Adding lmPassword as LM-Password, value rlm_ldap: looking for reply items in directory... rlm_ldap: user cforbes authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns ok for request 2 modcall: group authorize returns ok for request 2 rad_check_password: Found Auth-Type Reject rad_check_password: Auth-Type = Reject, rejecting user auth: Failed to validate the user. Login incorrect: [cforbes] (from client localhost port 0) Delaying request 2 for 1 seconds Finished request 2 Going to the next request On Fri, 26 Mar 2004, Dustin Doris wrote: Try setting Fall-Through to no and putting a reject at the bottom of the file. DEFAULT Huntgroup-Name == dialup, Ldap-Group == cn=Dialup,ou=Remote Access,dc=kensfoods,dc=com Fall-Through = no DEFAULT Huntgroup-Name == wireless, Ldap-Group == cn=Wireless,ou=Remote Access,dc=kensfoods,dc=com Fall-Through = no DEFAULT Auth-Type := Reject On Fri, 26 Mar 2004, Casey Forbes wrote: Hello, I'm having a lot of trouble getting my freeradius (CVS snap 20040323) to Allow/Deny access based on membership in LDAP groups (where the group names are associated with huntgroups). rlm_ldap docs and the mailing list archive didn't help me much.. I'd like to do something like this: huntgroups: . dialup NAS-IP-Address == 172.16.0.12 wirelessNAS-IP-Address == 172.16.0.13 users: . DEFAULT Huntgroup-Name == dialup, Ldap-Group == cn=Dialup,ou=Remote Access,dc=kensfoods,dc=com Fall-Through = yes DEFAULT Huntgroup-Name == wireless, Ldap-Group == cn=Wireless,ou=Remote Access,dc=kensfoods,dc=com Fall-Through = yes ldif: . dn: cn=Dialup,ou=Remote Access, dc=kensfoods,dc=com objectClass: groupOfUniqueNames objectClass: top uniqueMember: cn=John Smith,ou=Users,dc=kensfoods,dc=com cn: Dialup dn: cn=Wireless,ou=Remote Access, dc=kensfoods,dc=com objectClass: groupOfUniqueNames objectClass: top uniqueMember: cn=Robert Kelley,ou=Users,dc=kensfoods,dc=com cn: Wireless radiusd.conf . modules { ... ldap { server = ldap.kensfoods.com identity = cn=FreeRADIUS,ou=Daemon,dc=kensfoods,dc=com password = ** basedn = ou=Users,dc=kensfoods,dc=com filter = (uid=%u) start_tls = no ldap_connections_number = 5 dictionary_mapping = ${raddbdir}/ldap.attrmap password_header = {SHA} password_attribute = userPassword groupname_attribute = cn groupmembership_filter = ((objectClass=groupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))) timeout = 4 timelimit = 3 net_timeout = 1 compare_check_items = no } } authorize { preprocess chap mschap suffix eap files ldap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } Auth-Type LDAP { ldap } eap } With the above configuration, no group checks are happening radiusd -X . rad_recv: Access-Request packet from host 127.0.0.1:40092, id=100, length=59 User-Name = cforbes User-Password = NAS-IP-Address = 255.255.255.255 NAS-Port = 1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0
Re: LDAP LEAP and Freeradius
Is it possible to use LDAP to authenticate LEAP clients? If so does anyone have the particulars? TIA, Steve - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with LDAP authorization using groupOfNames and huntgroups
Yup - they are on the same line. Sorry about that misleading wrapping DEFAULT Huntgroup-Name == dialup, Ldap-Group == cn=Dialup,ou=Remote Access,dc=kensfoods,dc=com Fall-Through = yes DEFAULT Huntgroup-Name == wireless, Ldap-Group == cn=Wireless,ou=Remote Access,dc=kensfoods,dc=com Fall-Through = yes On Fri, 26 Mar 2004, Dustin Doris wrote: Hmm, is your Ldap-Group statement on the same line as DEFAULT? If not, try it without a line break. DEFAULT Huntgroup-Name == dialup, Ldap-Group == cn=Dialup,ou=Remote Access,dc=kensfoods,dc=com Fall-Through = no On Fri, 26 Mar 2004, Casey Forbes wrote: Hm. That doesn't work either. rad_recv: Access-Request packet from host 127.0.0.1:40210, id=122, length=59 User-Name = cforbes User-Password = NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module preprocess returns ok for request 2 modcall[authorize]: module chap returns noop for request 2 modcall[authorize]: module mschap returns noop for request 2 rlm_realm: No '@' in User-Name = cforbes, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 2 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 2 users: Matched DEFAULT at 67 modcall[authorize]: module files returns ok for request 2 rlm_ldap: - authorize rlm_ldap: performing user authorization for cforbes radius_xlat: '(uid=cforbes)' radius_xlat: 'ou=Users,dc=kensfoods,dc=com' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Users,dc=kensfoods,dc=com, with filter (uid=cforbes) rlm_ldap: looking for check items in directory... rlm_ldap: Adding acctFlags as SMB-Account-CTRL-TEXT, value [U op=21 rlm_ldap: Adding ntPassword as NT-Password, value rlm_ldap: Adding lmPassword as LM-Password, value rlm_ldap: looking for reply items in directory... rlm_ldap: user cforbes authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns ok for request 2 modcall: group authorize returns ok for request 2 rad_check_password: Found Auth-Type Reject rad_check_password: Auth-Type = Reject, rejecting user auth: Failed to validate the user. Login incorrect: [cforbes] (from client localhost port 0) Delaying request 2 for 1 seconds Finished request 2 Going to the next request On Fri, 26 Mar 2004, Dustin Doris wrote: Try setting Fall-Through to no and putting a reject at the bottom of the file. DEFAULT Huntgroup-Name == dialup, Ldap-Group == cn=Dialup,ou=Remote Access,dc=kensfoods,dc=com Fall-Through = no DEFAULT Huntgroup-Name == wireless, Ldap-Group == cn=Wireless,ou=Remote Access,dc=kensfoods,dc=com Fall-Through = no DEFAULT Auth-Type := Reject On Fri, 26 Mar 2004, Casey Forbes wrote: Hello, I'm having a lot of trouble getting my freeradius (CVS snap 20040323) to Allow/Deny access based on membership in LDAP groups (where the group names are associated with huntgroups). rlm_ldap docs and the mailing list archive didn't help me much.. I'd like to do something like this: huntgroups: . dialup NAS-IP-Address == 172.16.0.12 wirelessNAS-IP-Address == 172.16.0.13 users: . DEFAULT Huntgroup-Name == dialup, Ldap-Group == cn=Dialup,ou=Remote Access,dc=kensfoods,dc=com Fall-Through = yes DEFAULT Huntgroup-Name == wireless, Ldap-Group == cn=Wireless,ou=Remote Access,dc=kensfoods,dc=com Fall-Through = yes ldif: . dn: cn=Dialup,ou=Remote Access, dc=kensfoods,dc=com objectClass: groupOfUniqueNames objectClass: top uniqueMember: cn=John Smith,ou=Users,dc=kensfoods,dc=com cn: Dialup dn: cn=Wireless,ou=Remote Access, dc=kensfoods,dc=com objectClass: groupOfUniqueNames objectClass: top uniqueMember: cn=Robert Kelley,ou=Users,dc=kensfoods,dc=com cn: Wireless radiusd.conf . modules { ... ldap { server = ldap.kensfoods.com identity = cn=FreeRADIUS,ou=Daemon,dc=kensfoods,dc=com password = ** basedn = ou=Users,dc=kensfoods,dc=com filter = (uid=%u) start_tls = no ldap_connections_number = 5 dictionary_mapping = ${raddbdir}/ldap.attrmap password_header = {SHA} password_attribute = userPassword groupname_attribute = cn groupmembership_filter = ((objectClass=groupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))) timeout = 4 timelimit = 3 net_timeout = 1
Re: SMC 2804WBR PEAP not working
On Wed, 2004-03-24 at 09:53, Ionut Nistor wrote: Probably - thanks. I already written to SMC support - hopefully I'll get a response. cheers, i Dont hold your breath. I logged a support call via their website. Took a month for them to reply, and all they said was: I'm sorry for the delay... I'm looking for a radius dictionary in our material but I haven't find anything. John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html