Re: 802.1x with freeradius + PEAP + 3com Switch
t...@kalik.net wrote:
That should be:
ldap ldap1 {
..
}
ldap ldap2 {
..
}
What i wrote should go in the authorize section instead of ldap entry.
Hi,
Thanks a zillion times ;)
Laurent
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
802.1x with freeradius + PEAP + 3com Switch
Hi,
I managed to get authentication of users logged on Windows XP
workstation to the network.
The machine authentication (while booting) however fails thus preventing
the users from retrieving their roaming profiles.
Here is the relevant part of the log:
Thu Feb 5 14:39:16 2009 : Debug: rlm_ldap: - authorize
Thu Feb 5 14:39:16 2009 : Debug: rlm_ldap: performing user
authorization for host/mycomputer
Thu Feb 5 14:39:16 2009 : Debug: radius_xlat: Running registered xlat
function of module mschap for string 'User-Name:None'
Thu Feb 5 14:39:16 2009 : Debug: expand:
(uid=%{mschap:User-Name:None}) - (uid=mycomputer$)
Thu Feb 5 14:39:16 2009 : Debug: expand:
ou=People,dc=mycompany,dc=com - ou=People,dc=mycompany,dc=com
Thu Feb 5 14:39:16 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Thu Feb 5 14:39:16 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Thu Feb 5 14:39:16 2009 : Debug: rlm_ldap: attempting LDAP reconnection
It seems freeradius tries to authenticate the computer from the
ou=People,dc=mydomain,dc=com.
In radiusd.conf I have the following:
ldap {
server = 192.168.0.3
identity = uid=dot1x_read_user,ou=People,dc=mydomain,dc=com
password = ldapreadpasswd
basedn = ou=People,dc=mydomain,dc=com
filter = (uid=%{mschap:User-Name:None})
I now need to instruct the ldap to search in
ou=Computers,dc=mydomain,dc=com for the computers authentication.
How do I do this while preserving the working users auth ?
Thanks
Laurent
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 802.1x with freeradius + PEAP + 3com Switch
It seems freeradius tries to authenticate the computer from the
ou=People,dc=mydomain,dc=com.
In radiusd.conf I have the following:
ldap {
server = 192.168.0.3
identity = uid=dot1x_read_user,ou=People,dc=mydomain,dc=com
password = ldapreadpasswd
basedn = ou=People,dc=mydomain,dc=com
filter = (uid=%{mschap:User-Name:None})
I now need to instruct the ldap to search in
ou=Computers,dc=mydomain,dc=com for the computers authentication.
How do I do this while preserving the working users auth ?
Make another ldap instance that has that basedn. Machine usernames have $
at the end - use unlang to test for that and switch ldap instance as
required.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 802.1x with freeradius + PEAP + 3com Switch
Make another ldap instance that has that basedn. Machine usernames have $ at the end - use unlang to test for that and switch ldap instance as required. I see how to create another instance but really don't see where and how to use unlang to switch between the 2 instances depending on the username. Any clue ? regex. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 802.1x with freeradius + PEAP + 3com Switch
t...@kalik.net wrote: regex. Thanks Ivan, Can you please give me some hint about what to put in config's stanzas ? Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 802.1x with freeradius + PEAP + 3com Switch
if(User-Name =~ /\$$/ ) {
ldapmachine
}
else {
ldapuser
}
Ivan Kalik
Kalik Informatika ISP
Dana 5/2/2009, Laurent CARON lca...@lncsa.com piše:
t...@kalik.net wrote:
regex.
Thanks Ivan,
Can you please give me some hint about what to put in config's stanzas ?
Thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 802.1x with freeradius + PEAP + 3com Switch
t...@kalik.net wrote:
if(User-Name =~ /\$$/ ) {
ldapmachine
}
else {
ldapuser
}
in my radiusd.conf file I've got 2 stanzas like this:
ldap {
server =
port =
}
ldap2 {
server =
port =
}
I did copy/paste the lines you gave me just over the first server =
... line but it doesn't seem to do anything.
Any clue ?
Thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 802.1x with freeradius + PEAP + 3com Switch
in my radiusd.conf file I've got 2 stanzas like this:
ldap {
server =
port =
}
ldap2 {
server =
port =
}
I did copy/paste the lines you gave me just over the first server =
... line but it doesn't seem to do anything.
Any clue ?
That should be:
ldap ldap1 {
..
}
ldap ldap2 {
..
}
What i wrote should go in the authorize section instead of ldap entry.
Ivan Kalik
Kalik Informatika ISP
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
