Re: [Help] Is there a way to differentiate devices using Radius?
Is that means we have to manually added the client MAC into radius one by one? -Danny On Fri, Mar 8, 2013 at 11:00 PM, Alan DeKok wrote: > Danny Kurniawan wrote: > > We have successfully deploy Meraki Wireless with Radius 2.1.1 connect to > > eDir LDAP. Everything works just fine. Now my company want to explore > > whether we are able to restrict a devices, that only company devices can > > connect to our wifi ssid. Is that possible using Radius? Like using cert > > etc? Or it has to be done from the AP end? > > The simplest way is via MAC address filtering. Allow known MACs, > disallow all others. See "man rlm_passwd" for examples. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Best Regards, Danny - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Old message abou LDAP
On 2013-03-11, at 1:38 PM, Andres Septer wrote: > > I'm always amazed when people search google and click on random pages, > instead of going to the FreeRADIUS documentation. Is it really that > novel to look at a Wiki? > > I found that too. It's quite brief actually. I was searching for something > more detailed. Like what? You're trying hard to *not* give any useful information. Stop it. Learn how to ask good questions. What are you trying to do? What information are you looking for? What do you expect to see? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Old message abou LDAP
I'm always amazed when people search google and click on random pages, > instead of going to the FreeRADIUS documentation. Is it really that > novel to look at a Wiki? I found that too. It's quite brief actually. I was searching for something more detailed. A. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Old message abou LDAP
Andres Septer wrote: > When one searches google for freeradius and ldap groups there is a LOT > of messages that all point to this message. Freeradius and LDAP groups > how to make it work: ... > Unfortunately this old archive is unavailable. 404 > Is there any other good howto about freeradius + LDAP + groups -- ho to > make them wor together? The server comes with documentation. What's the issue? http://wiki.freeradius.org Type "ldap group" into the search page. There's one link. Click on it. Read it. There's a subsection entitled "Group Support" I'm always amazed when people search google and click on random pages, instead of going to the FreeRADIUS documentation. Is it really that novel to look at a Wiki? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Old message abou LDAP
On 11.03.2013 17:14, Andres Septer wrote: > When one searches google for freeradius and ldap groups there is a LOT > of messages that all point to this message. Freeradius and LDAP groups > how to make it work: > > http://lists.freeradius.org/mailman/htdig/freeradius-users/2009-November/msg1.html > > Unfortunately this old archive is unavailable. 404 > Is there any other good howto about freeradius + LDAP + groups -- ho to > make them wor together? everything is in the wiki http://wiki.freeradius.org/modules/Rlm_ldap#Group-Support -- Olivier Beytrison Network & Security Engineer, HES-SO Fribourg Mail: oliv...@heliosnet.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Old message abou LDAP
When one searches google for freeradius and ldap groups there is a LOT of messages that all point to this message. Freeradius and LDAP groups how to make it work: http://lists.freeradius.org/mailman/htdig/freeradius-users/2009-November/msg1.html Unfortunately this old archive is unavailable. 404 Is there any other good howto about freeradius + LDAP + groups -- ho to make them wor together? Andres - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: troubles with eap-peap mschapv2
Hi, why not use the same certs from your old server? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: troubles with eap-peap mschapv2
Bertrand Poulet wrote: > i try to migrate from FreeRADIUS 1.1.6 (Mandrake) > to FreeRADIUS 2.2.0 (from source) on ubuntu12.04. That should be easy. > The same supplicant and same AP with old FR is ok, > but not with new FR 2.2.0. > > What i've done : > > I've installed with ./configure; make; make install > root@myhost:/usr/local/etc/raddb/certs# make > openssl dhparam -out dh 1024 Well... that's the problem. You didn't copy the old certificates over. Instead, you created new ones. Don't do that. Use the old certs. It will work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
troubles with eap-peap mschapv2
Hi all , i try to migrate from FreeRADIUS 1.1.6 (Mandrake) to FreeRADIUS 2.2.0 (from source) on ubuntu12.04. The same supplicant and same AP with old FR is ok, but not with new FR 2.2.0. What i've done : I've installed with ./configure; make; make install root@myhost:/usr/local/etc/raddb/certs# make openssl dhparam -out dh 1024 Generating DH parameters, 1024 bit long safe prime, generator 2 This is going to take a long time ...+.+++...+.+...+...+...++*++*++* openssl req -new -out server.csr -keyout server.key -config ./server.cnf Generating a 2048 bit RSA private key ..+++ ..+++ writing new private key to 'server.key' - openssl req -new -x509 -keyout ca.key -out ca.pem \ -days `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'` -config ./ca.cnf Generating a 2048 bit RSA private key .+++ .+++ writing new private key to 'ca.key' - openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf Using configuration from ./server.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Mar 11 13:18:05 2013 GMT Not After : Mar 11 13:18:05 2014 GMT Subject: countryName = FR stateOrProvinceName = Radius organizationName = Example Inc. commonName= Example Server Certificate emailAddress = ad...@example.com X509v3 extensions: X509v3 Extended Key Usage: TLS Web Server Authentication Certificate is to be certified until Mar 11 13:18:05 2014 GMT (365 days) Write out database with 1 new entries Data Base Updated openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` openssl pkcs12 -in server.p12 -out server.pem -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` MAC verified OK openssl verify -CAfile ca.pem server.pem server.pem: OK openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der root@myhost:/usr/local/etc/raddb/certs# ll -tr total 116 drwxr-xr-x 8 root root 4096 mars 11 14:10 ../ -rwxr-x--- 1 root root 2693 mars 11 14:10 bootstrap* -rw-r- 1 root root 4287 mars 11 14:10 Makefile -rw-r- 1 root root 7847 mars 11 14:10 README -rw-r- 1 root root 578 mars 11 14:10 xpextensions -rw-r- 1 root root 1289 mars 11 14:10 ca.cnf -rw-r- 1 root root 1124 mars 11 14:10 server.cnf -rw-r- 1 root root 1102 mars 11 14:10 client.cnf -rw-r--r-- 1 root root3 mars 11 14:18 serial.old -rw-r--r-- 1 root root0 mars 11 14:18 index.txt.old -rw-r--r-- 1 root root 245 mars 11 14:18 dh -rw-r--r-- 1 root root 5120 mars 11 14:18 random -rw-r--r-- 1 root root 1834 mars 11 14:18 server.key -rw-r--r-- 1 root root 1062 mars 11 14:18 server.csr -rw-r--r-- 1 root root 1675 mars 11 14:18 ca.pem -rw-r--r-- 1 root root 1834 mars 11 14:18 ca.key -rw-r--r-- 1 root root 4212 mars 11 14:18 server.crt -rw-r--r-- 1 root root3 mars 11 14:18 serial -rw-r--r-- 1 root root 21 mars 11 14:18 index.txt.attr -rw-r--r-- 1 root root 120 mars 11 14:18 index.txt -rw-r--r-- 1 root root 4212 mars 11 14:18 01.pem -rw-r--r-- 1 root root 2533 mars 11 14:18 server.p12 -rw-r--r-- 1 root root 3586 mars 11 14:18 server.pem -rw-r--r-- 1 root root 1195 mars 11 14:18 ca.der drwxr-x--- 2 root root 4096 mars 11 14:18 ./ i got this known problem of certificates (default). freeradius -XXX Mon Mar 11 16:35:47 2013 : Debug: Module: Instantiating eap-tls Mon Mar 11 16:35:47 2013 : Debug:tls { Mon Mar 11 16:35:47 2013 : Debug: rsa_key_exchange = no Mon Mar 11 16:35:47 2013 : Debug: dh_key_exchange = yes Mon Mar 11 16:35:47 2013 : Debug: rsa_key_length = 512 Mon Mar 11 16:35:47 2013 : Debug: dh_key_length = 512 Mon Mar 11 16:35:47 2013 : Debug: verify_depth = 0 Mon Mar 11 16:35:47 2013 : Debug: CA_path = "/usr/local/etc/raddb/certs" Mon Mar 11 16:35:47 2013 : Debug: pem_file_type = yes Mon Mar 11 16:35:47 2013 : Debug: private_key_file = "/u