Re: 802.1x with freeradius + PEAP + 3com Switch
t...@kalik.net wrote: That should be: ldap ldap1 { .. } ldap ldap2 { .. } What i wrote should go in the authorize section instead of ldap entry. Hi, Thanks a zillion times ;) Laurent - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
802.1x with freeradius + PEAP + 3com Switch
Hi, I managed to get authentication of users logged on Windows XP workstation to the network. The machine authentication (while booting) however fails thus preventing the users from retrieving their roaming profiles. Here is the relevant part of the log: Thu Feb 5 14:39:16 2009 : Debug: rlm_ldap: - authorize Thu Feb 5 14:39:16 2009 : Debug: rlm_ldap: performing user authorization for host/mycomputer Thu Feb 5 14:39:16 2009 : Debug: radius_xlat: Running registered xlat function of module mschap for string 'User-Name:None' Thu Feb 5 14:39:16 2009 : Debug: expand: (uid=%{mschap:User-Name:None}) - (uid=mycomputer$) Thu Feb 5 14:39:16 2009 : Debug: expand: ou=People,dc=mycompany,dc=com - ou=People,dc=mycompany,dc=com Thu Feb 5 14:39:16 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Thu Feb 5 14:39:16 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Thu Feb 5 14:39:16 2009 : Debug: rlm_ldap: attempting LDAP reconnection It seems freeradius tries to authenticate the computer from the ou=People,dc=mydomain,dc=com. In radiusd.conf I have the following: ldap { server = 192.168.0.3 identity = uid=dot1x_read_user,ou=People,dc=mydomain,dc=com password = ldapreadpasswd basedn = ou=People,dc=mydomain,dc=com filter = (uid=%{mschap:User-Name:None}) I now need to instruct the ldap to search in ou=Computers,dc=mydomain,dc=com for the computers authentication. How do I do this while preserving the working users auth ? Thanks Laurent - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 802.1x with freeradius + PEAP + 3com Switch
It seems freeradius tries to authenticate the computer from the ou=People,dc=mydomain,dc=com. In radiusd.conf I have the following: ldap { server = 192.168.0.3 identity = uid=dot1x_read_user,ou=People,dc=mydomain,dc=com password = ldapreadpasswd basedn = ou=People,dc=mydomain,dc=com filter = (uid=%{mschap:User-Name:None}) I now need to instruct the ldap to search in ou=Computers,dc=mydomain,dc=com for the computers authentication. How do I do this while preserving the working users auth ? Make another ldap instance that has that basedn. Machine usernames have $ at the end - use unlang to test for that and switch ldap instance as required. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 802.1x with freeradius + PEAP + 3com Switch
Make another ldap instance that has that basedn. Machine usernames have $ at the end - use unlang to test for that and switch ldap instance as required. I see how to create another instance but really don't see where and how to use unlang to switch between the 2 instances depending on the username. Any clue ? regex. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 802.1x with freeradius + PEAP + 3com Switch
t...@kalik.net wrote: regex. Thanks Ivan, Can you please give me some hint about what to put in config's stanzas ? Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 802.1x with freeradius + PEAP + 3com Switch
if(User-Name =~ /\$$/ ) { ldapmachine } else { ldapuser } Ivan Kalik Kalik Informatika ISP Dana 5/2/2009, Laurent CARON lca...@lncsa.com piše: t...@kalik.net wrote: regex. Thanks Ivan, Can you please give me some hint about what to put in config's stanzas ? Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 802.1x with freeradius + PEAP + 3com Switch
t...@kalik.net wrote: if(User-Name =~ /\$$/ ) { ldapmachine } else { ldapuser } in my radiusd.conf file I've got 2 stanzas like this: ldap { server = port = } ldap2 { server = port = } I did copy/paste the lines you gave me just over the first server = ... line but it doesn't seem to do anything. Any clue ? Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 802.1x with freeradius + PEAP + 3com Switch
in my radiusd.conf file I've got 2 stanzas like this: ldap { server = port = } ldap2 { server = port = } I did copy/paste the lines you gave me just over the first server = ... line but it doesn't seem to do anything. Any clue ? That should be: ldap ldap1 { .. } ldap ldap2 { .. } What i wrote should go in the authorize section instead of ldap entry. Ivan Kalik Kalik Informatika ISP Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html