reject_delay setting effecting Access-Accept responses
Has anyone seen the reject_delay setting in radiusd.conf effect the response time to subsequent access-accept responses? I haven't seen anything on this in the mailing list, but I wanted to check before I look into the code. Thanks, --Roy // /* Roy Hockett * Telephone: (734) 763-7325*/ /* Network Engineer, * FAX: (734) 615-1727*/ /* ITCom, *Internet: [EMAIL PROTECTED] */ /* University of Michigan **/ // - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
multiple realm proxying based on huntgroup.
I appoligize if this question is covered somewhere, in docuementation, but I haven't found it. If you can point me to I would greatly appreciate it. I am trying to figure out a way to have different groups of realm proxies for different NAS/huntgroups. For example, for a VPN resouces I don't want realms, but for wireless/wired 802.1x I want to be able to forward to other realms. I would like to do this without running multiple instances of radiusd. I have been able to do this with Merit's AAA server for a long time, but it doesn't support kerberos v5 authentication, nor 802.1x currently. Thanks, -Roy -- // /* Roy Hockett * Telephone: (734) 763-7325*/ /* Network Engineer, * FAX: (734) 615-1727*/ /* ITCom, *Internet: [EMAIL PROTECTED] */ /* University of Michigan **/ // - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius kerberos preauth
I ahve looked on the web and haven't found anything afirming that freeradius will support or not support preauth with kerberos v5. Is anyone using preauth with kerberos v5 and freeradius? If there is documentation on this please point me in the right direction. Thanks, -Roy -- // /* Roy Hockett * Telephone: (734) 763-7325*/ /* Network Engineer, * FAX: (734) 615-1727*/ /* ITCom, *Internet: [EMAIL PROTECTED] */ /* University of Michigan **/ // - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius kerberos preauth
Alan, In kerberos v4 a client would request a Ticket Granting Ticket (TGT) from the Kerberos KDC, and the KDC would comply and send it. In kerberos v5 you can require what is referred to as preauth, and this means that the KDC doesn return a TGT until the client has authenticated. So I am asking if anyone have freeradius with the kerberos module working with a Kerberos KDC that requires preauthentication. Thanks, -Roy // /* Roy Hockett * Telephone: (734) 763-7325*/ /* Network Engineer, * FAX: (734) 615-1727*/ /* ITCom, *Internet: [EMAIL PROTECTED] */ /* University of Michigan **/ // On Fri, 1 Jul 2005, Alan DeKok wrote: Roy D. Hockett [EMAIL PROTECTED] wrote: I ahve looked on the web and haven't found anything afirming that freeradius will support or not support preauth with kerberos v5. preauth? There's an rlm_krb5 module, if that's what you're looking for. Alan DekOk. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html