Matthias Klosowski
http://www.pucllanalodge.com/lndex.html _ Hotmail: posta elettronica con funzioni avanzate e gratuita, con la protezione Microsoft. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Active/Inactive record in MySQL
On Tue, 23 Mar 2010, Alan DeKok wrote: Is there somewhere in the mysql database (default schema) record saying that your account is active or inactive which freeradius will understand? No. But you can always extend the schema. FWIW, our [postgresql] backend serves the standard schema as a view, which only includes rows for users which are active. [We also implement different services being active as being a member of a group in the 'usergroup' view.] - Bob -- Bob Franklin +44 1223 748479 Network Division, University of Cambridge Computing Service - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Active/Inactive record in MySQL
Paweł Pogorzelski wrote: > Is there somewhere in the mysql database (default schema) record > saying that your account is active or inactive which freeradius will > understand? No. But you can always extend the schema. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: configuring multiple ldap servers
Sorry, I think I misunderstood. So you have (let's say) 2 LDAP servers with a different user base on each. You want an internal access point to look at one server and an external firewall to look at another I'm not sure, but you might be able to use HuntGroups to discover which client device is "calling" and then use unlang IF statement in the authorize section. This will probably take a little testing on your side. If you get it working I would love to see the end config. Bob On Tue, Mar 23, 2010 at 1:36 PM, V Jyothi-B22245 wrote: > Hi, > > I think it will solve the problem to some extent. > > If I have to use a specific ldap server for a specific radius client, > like I have two radius clients and two ldap servers and I want to use ldap1 > for rad-cl1 and ldap2 for rad-cl2. > How to map?? > > Thank you for much your information, I could understand on how to > load-balance. > > Thanks > Jyothi > > -- > *From:* > freeradius-users-bounces+b22245=freescale@lists.freeradius.org[mailto: > freeradius-users-bounces+b22245 = > freescale@lists.freeradius.org] *On Behalf Of *Bob Brandt > *Sent:* Tuesday, March 23, 2010 2:23 PM > *To:* FreeRadius users mailing list > *Subject:* Re: configuring multiple ldap servers > > How about you use something like: > > authorize { >redundant { >redundant-load-balance { >ldap1 >ldap2 >} >ldap3 >} > } > > Where the load will be shared evenly between ldap 1 and 2 and only use 3 if > 1 and 2 are not available. > > Bob > > On Tue, Mar 23, 2010 at 6:53 AM, V Jyothi-B22245 wrote: > >> >> Hi, >> >> I want to understand in freeradius with rlm_ldap, >> Is it possible to configure multiple LDAP servers in Freeradius and the >> freeradius uses different LDAP server for different requests. >> >> Is it possible to add some kind of id in radius requests, so that >> freeradius makes use of that ID to choose which LDAP server can be used for >> that request. >> I am new to this freeradius. >> Please help me to get some understanding ?? >> >> We can configure one LDAP server in freeradius radiusd.conf ldap section?? >> but how to configure multiple LDAP servers and what is the purpose of filter >> id attribute in freeradius?? >> >> Thanks >> Jyothi >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > > > -- > The problem with socialism is that you eventually run out of other people's > money. - Margaret Thatcher > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- The problem with socialism is that you eventually run out of other people's money. - Margaret Thatcher - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: configuring multiple ldap servers
Hi, I think it will solve the problem to some extent. If I have to use a specific ldap server for a specific radius client, like I have two radius clients and two ldap servers and I want to use ldap1 for rad-cl1 and ldap2 for rad-cl2. How to map?? Thank you for much your information, I could understand on how to load-balance. Thanks Jyothi From: freeradius-users-bounces+b22245=freescale@lists.freeradius.org [mailto:freeradius-users-bounces+b22245=freescale@lists.freeradius.o rg] On Behalf Of Bob Brandt Sent: Tuesday, March 23, 2010 2:23 PM To: FreeRadius users mailing list Subject: Re: configuring multiple ldap servers How about you use something like: authorize { redundant { redundant-load-balance { ldap1 ldap2 } ldap3 } } Where the load will be shared evenly between ldap 1 and 2 and only use 3 if 1 and 2 are not available. Bob On Tue, Mar 23, 2010 at 6:53 AM, V Jyothi-B22245 wrote: Hi, I want to understand in freeradius with rlm_ldap, Is it possible to configure multiple LDAP servers in Freeradius and the freeradius uses different LDAP server for different requests. Is it possible to add some kind of id in radius requests, so that freeradius makes use of that ID to choose which LDAP server can be used for that request. I am new to this freeradius. Please help me to get some understanding ?? We can configure one LDAP server in freeradius radiusd.conf ldap section?? but how to configure multiple LDAP servers and what is the purpose of filter id attribute in freeradius?? Thanks Jyothi - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- The problem with socialism is that you eventually run out of other people's money. - Margaret Thatcher - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP (PEAP)+ntlm_auth doesn't send password by it self
Hi, > > you still havent fixed that basic thing - check out the default config from > > the 2.1.8 tarball > > Today I tried unsuccessful to figure out how solve the ":-" issue. I read > "man unlang" but I could not find anything... just read your version and compare it to the supplied default config in 2.1.8 - its quite easy - its the addition of some more curly brackets > I have been thinking it could be by a wrong configuration of the Cisco AP > 1100. I will follow the instructions described at > http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c40b6.shtml#NetEAP you need 'open' with with EAP methods...on a 'fat' AP this is something like dot11 ssid real-wifi vlan 666 authentication open eap eap_methods authentication network-eap eap_methods authentication key-management wpa accounting accounting-method-list mbssid guest-mode dtim-period 3 information-element ssidl advertisement wps admit-traffic > However, I just want to do transparent authentications using PEAP with > Microsoft Challenge Authentication Protocol (MS-CHAP) Version 2 without > certificates (have you a > recipe?)(http://cisco.com/en/US/prod/collateral/wireless/ps5678/ps430/prod_qas0900aecd801764f1_ps4570_Products_Q_and_A_Item.html) you need certificates - how do you think the EAP is done? the PEAP tunnel is created by the client talking to the (RADIUS) server. you dont need client certsthats EAP-TLS. if you dont want to trust the certificate (ie install the CA that signs the RADIUS server) then thats you (very very bad) choice. you've just weakened massively one of the protection methods of 802.1X alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Active/Inactive record in MySQL
Hi! Is there somewhere in the mysql database (default schema) record saying that your account is active or inactive which freeradius will understand? best regards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: configuring multiple ldap servers
How about you use something like: authorize { redundant { redundant-load-balance { ldap1 ldap2 } ldap3 } } Where the load will be shared evenly between ldap 1 and 2 and only use 3 if 1 and 2 are not available. Bob On Tue, Mar 23, 2010 at 6:53 AM, V Jyothi-B22245 wrote: > > Hi, > > I want to understand in freeradius with rlm_ldap, > Is it possible to configure multiple LDAP servers in Freeradius and the > freeradius uses different LDAP server for different requests. > > Is it possible to add some kind of id in radius requests, so that > freeradius makes use of that ID to choose which LDAP server can be used for > that request. > I am new to this freeradius. > Please help me to get some understanding ?? > > We can configure one LDAP server in freeradius radiusd.conf ldap section?? > but how to configure multiple LDAP servers and what is the purpose of filter > id attribute in freeradius?? > > Thanks > Jyothi > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- The problem with socialism is that you eventually run out of other people's money. - Margaret Thatcher - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
configuring multiple ldap servers
Hi, I want to understand in freeradius with rlm_ldap, Is it possible to configure multiple LDAP servers in Freeradius and the freeradius uses different LDAP server for different requests. Is it possible to add some kind of id in radius requests, so that freeradius makes use of that ID to choose which LDAP server can be used for that request. I am new to this freeradius. Please help me to get some understanding ?? We can configure one LDAP server in freeradius radiusd.conf ldap section?? but how to configure multiple LDAP servers and what is the purpose of filter id attribute in freeradius?? Thanks Jyothi - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html