Re: Freeradius + AD + Cisco authetication
Jevos, Peter wrote: > Thank you alan, > yes i can check the man page ( to be honest, that was i afraid of : ),but i > was looking for the examples Please also edit your replies. There is no need to leave the original message at the top of your reply. > As i wrote in my first email, cisco is configured and working well with the > IAS radius server. > I was solving the freeradius againts the cisco. To be honest, i still cannot > understand what should contain users file, and other files. > One example how to configure the users file and other files would be enough The "users" file contains documentation and *many* examples. There's no need to me to cut & paste those examples on this list. You already have them in front of you. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + AD + Cisco authetication
Jevos, Peter wrote: > However I was not able to find in these links anything about the > --require-membership-of See the "man" page for ntlm_auth. It is just a Unix command that can be run, like anything else. > and the vpn cisco client example > (also find on these pages found nothing :) That's a Cisco issue, for Cisco documentation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius + AD + Cisco authetication
Jevos, Peter wrote: > However I was not able to find in these links anything about the > --require-membership-of See the "man" page for ntlm_auth. It is just a Unix command that can be run, like anything else. > and the vpn cisco client example > (also find on these pages found nothing :) That's a Cisco issue, for Cisco documentation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Thank you alan, yes i can check the man page ( to be honest, that was i afraid of : ),but i was looking for the examples As i wrote in my first email, cisco is configured and working well with the IAS radius server. I was solving the freeradius againts the cisco. To be honest, i still cannot understand what should contain users file, and other files. One example how to configure the users file and other files would be enough <>- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius + AD + Cisco authetication
Jevos, Peter wrote: > How should look like the ntlm_auth file ? How should look like mschap module ? > How should look like parameter --require-membership-of in these files ? > > How should look like users file ? > These answers I was not able to find in any documentation Read the URLs from the previous message. This *is* documented. If you can't find it, read the documentation again. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Thank you for your answer Alan However I was not able to find in these links anything about the --require-membership-of and the vpn cisco client example (also find on these pages found nothing :) Anyway I will follow your advice and read the documentation on these links again Thank you - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + AD + Cisco authetication
Jevos, Peter wrote: > How should look like the ntlm_auth file ? How should look like mschap module > ? > How should look like parameter --require-membership-of in these files ? > > How should look like users file ? > These answers I was not able to find in any documentation Read the URLs from the previous message. This *is* documented. If you can't find it, read the documentation again. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius + AD + Cisco authetication
Hi thank you for your email. So as I said before , I have working ntlm_auth in the form of: Linux#/usr/bin/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=MYNAME --require-membership-of='DOMAIN+DOMAIN_GROUP' That works from the command line.It returns OK status So now, I have about 60 domains. Users are authenticated through VPN Cisco client with the domain\username and password. How should look like the ntlm_auth file ? How should look like mschap module ? How should look like parameter --require-membership-of in these files ? How should look like users file ? These answers I was not able to find in any documentation I'm using freeradius2-2.1.7-7.el5 ( RED HAT ) Thanks On Fri, Jul 2, 2010 at 6:43 PM, Jevos, Peter wrote: > Actually I'm not really clever, because main tutorial on the main pages is > connected with the older version , and there are more version of the > Freradius 2.0, a bit different: > > http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO > > http://deployingradius.com/documents/configuration/active_directory.html That page has updated tutorials for 2.x > Can somebody please help me how to finish the freeradius configuration ( the > NAS server will be cisco ) > > I know that there should be the entries in users file, eap file, mschap or > ntlm_aut modules. > > But what should be the proper syntax I really don't know Which part did you find not clear from http://deployingradius.com/documents/configuration/active_directory.html? It clearly says which file(s) to edit/create. One note though, when it says "Create a file raddb/modules/ntlm_auth", the actual location can vary on how you got freeradius installed. For example, with RHEL/Centos/Fedora and their bundled freradius2, the file location would be "/etc/raddb/modules/ntlm_auth". On the other hand, if you installed manually from source, the file might be on "/usr/local/etc/raddb/modules/ntlm_auth" -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + AD + Cisco authetication
On Fri, Jul 2, 2010 at 6:43 PM, Jevos, Peter wrote: > Actually I’m not really clever, because main tutorial on the main pages is > connected with the older version , and there are more version of the > Freradius 2.0, a bit different: > > http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO > > http://deployingradius.com/documents/configuration/active_directory.html That page has updated tutorials for 2.x > Can somebody please help me how to finish the freeradius configuration ( the > NAS server will be cisco ) > > I know that there should be the entries in users file, eap file, mschap or > ntlm_aut modules. > > But what should be the proper syntax I really don’t know Which part did you find not clear from http://deployingradius.com/documents/configuration/active_directory.html? It clearly says which file(s) to edit/create. One note though, when it says "Create a file raddb/modules/ntlm_auth", the actual location can vary on how you got freeradius installed. For example, with RHEL/Centos/Fedora and their bundled freradius2, the file location would be "/etc/raddb/modules/ntlm_auth". On the other hand, if you installed manually from source, the file might be on "/usr/local/etc/raddb/modules/ntlm_auth" -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
