Wow! No hassles! or Dr. Appointments

No Hassles or Embarrasment Order from us

Re: Max-All-Session-Time or Max-Seesion-Time for groups in a mysql database and freeradius

Hi, Documentation says: for sql make sure to have Max-All-Session entry under either radcheck or radgroup check table: > INSERT into radcheck VALUES ('','test0001','Max-All-Session','54000',':='); I hope this help you. - List info/subs

Max-All-Session-Time or Max-Seesion-Time for groups in a mysql database and freeradius

Is this possible??? Max-All-Session-Time or Max-Seesion-Time for groups in a mysql database and freeradius when i put this attribute in radcheck, all is ok... but i want use it like a group attribute in the radgroupcheck o radgroupreply but when i do this nothing happens. Roddy - List info

Sample PEAP or TTLS with LDAP

Hello, I would like, for testing, a sample configuration for freeradius with peap or EAP/TTLS with a openLDAP server backend. Thanks. Escuse my english -- GQS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Free RADIUS tutorials or manuals?

On Wed, 19 Nov 2003, ylei wrote: > > maybe you can't get what you want. > > i think the begin is reading RFC2865. > > and then you can download the freeradius' source code. > > reading src/README, FAQ. etc. > > doc/README, aaa.txt, configurable_failover, module_interf

Re: Free RADIUS tutorials or manuals?

t q+  - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Free RADIUS tutorials or manuals?

maybe you can't get what you want. i think the begin is reading RFC2865. and then you can download the freeradius' source code. reading src/README, FAQ. etc. doc/README, aaa.txt, configurable_failover, module_interface, processing_users_file. a

Free RADIUS tutorials or manuals?

local city. What a pity! I have searched http://www.freeradius.org/ and also FAQ of this site, but I can not find a complete manual on how to configuare RADIUS server (I have successfully installed the server on RH8.0). Where can I find some simple manuals or tutorials on how to setup, configure and t

rmp or binary...

...for Free Radius compatible with Mandrake? Anyone? Thanks LIp - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: creating users on RADIUS server thru script or thru HTTP interface

Shoujit Mitra <[EMAIL PROTECTED]> wrote: > I have a basic question regarding 'adding new users' to the RADIUS server > user list. I minimum knowledge about the functioanlity of RAS device & > RADIUS server interaction. Please guide me. I strongly suggest that you buy the RADIUS book. It goe

creating users on RADIUS server thru script or thru HTTP interface

g. TCH) executes to create a new user on the RADIUS server? 2. Does the RAS device use any script language interface with the RAS device to create new user, or any XML interface, or HTTP interface? 3. I guess, the RADIUS servers in commercially deployed uses, some kind of database to stor

RE: Anyone get FreeRadius + CIsco Aironet 1100 AP + Cisco client under WinXP or 2K to work with EAP-TTLS.

> Antonia Kujundzic wrote: > > There is a free Windows client for EAP-TTLS. > > www.alfa-arriss.com > > I've used it with Cisco client and it worked fine. > > hey, thanks, excellent! they really still produce freeware out there? :) Obviously :) > (small correction to the link, it is actually www

Re: Anyone get FreeRadius + CIsco Aironet 1100 AP + Cisco client under WinXP or 2K to work with EAP-TTLS.

hi Antonia Kujundzic wrote: There is a free Windows client for EAP-TTLS. www.alfa-arriss.com I've used it with Cisco client and it worked fine. hey, thanks, excellent! they really still produce freeware out there? :) (small correction to the link, it is actually www.alfa-ariss.com). ciao artur p

RE: Anyone get FreeRadius + CIsco Aironet 1100 AP + Cisco client under WinXP or 2K to work with EAP-TTLS.

> Francisco Javier Martinez Martinez <[EMAIL PROTECTED]> wrote: > > I want to know if it is possible to make work the following scenario: > > AP : Cisco Aironet 1100 or similar > > Client-supplicant: Windows 2K /XP and cisco client. > > EAP: TTLS > > Authent

Get A Bachelor's Degree, Master's, or PhD - No Classes Necessary............ lkwxidctawbd

Academic Qualifications available from prestigious NON–ACCREDITTED universities. Do you have the knowledge and the experience but lack the qualifications? Are you getting turned down time and time again for the job of your dreams because you just don't have the right letters after your name? G

Re: Anyone get FreeRadius + CIsco Aironet 1100 AP + Cisco client under WinXP or 2K to work with EAP-TTLS.

Francisco Javier Martinez Martinez <[EMAIL PROTECTED]> wrote: > I want to know if it is possible to make work the following scenario: > AP : Cisco Aironet 1100 or similar > Client-supplicant: Windows 2K /XP and cisco client. > EAP: TTLS > Authentication server: FreeRadius.

Anyone get FreeRadius + CIsco Aironet 1100 AP + Cisco client under WinXP or 2K to work with EAP-TTLS.

Hello. My apologies if my question is redundant or had been make before (I had readed the list´s messages and didn`t found anything). I want to know if it is possible to make work the following scenario: AP : Cisco Aironet 1100 or similar Client-supplicant: Windows 2K /XP and cisco client. EAP

Re: large (?) radius server: LDAP or SQL

On Fri, 19 Sep 2003, Zoilo wrote: > I need to create a radius server with >100,000 users. > > Should I use LDAP or SQL? Both should work ok. LDAP is just more general and you can base other services on it along with radius. Check the list archives for detailed discussion on this t

large (?) radius server: LDAP or SQL

I need to create a radius server with >100,000 users. Should I use LDAP or SQL? Z. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Proxy based on NAS-IP-Address / Client-IP-Address or NAS-Identifier

Currently using freeradius-0.9.1 running over Freebsd v4.8.   Is it possible to do proxy authentication and accounting based on NAS-IP-Address / Client-IP-Address or  NAS-Identifier instead or realms?   Regards

ScanMail Message: To Sender virus found or matched file blocking setting.

ScanMail for Microsoft Exchange has taken action on the message, please refer to the contents of this message for further details. Sender = [EMAIL PROTECTED] Recipient(s) = [EMAIL PROTECTED]; Subject = Re: That movie Scanning Time = 09/04/2003 14:02:32 Engine/Pattern = 6.640-1001/626 Action on me

Re: Multiple instances under a same autztype or authtype

"Broussard Philippe" <[EMAIL PROTECTED]> wrote: > I have found this : ... > Can you explain the meaning of this syntax ? doc/configurable_failover Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Multiple instances under a same autztype or authtype

Hi, I have found this : authtype LDAP { group { ldap1 { fail = 1 notfound = 2 } ldap2 { fail =

Re: Which is Better LDAP or MySQL?

  Actually, the answer is a little more straightforward when Radius is involved.   No package including Radius should be reading from a flat file (cached or not).  In the case of Radius, the users file can quickly become a problem after a few thousand users.    With SQL, proper indexing can

Re: Which is Better LDAP or MySQL?

Thanks for the answer Tim. Michael - Original Message - From: "Tim McCracken" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, August 16, 2003 7:07 AM Subject: RE: Which is Better LDAP or MySQL? > Michael, > > IMHO, thats a little like aski

RE: Which is Better LDAP or MySQL?

Michael, IMHO, thats a little like asking which is better - a car or a motorcycle. It just depends on your needs. Sometimes you may need both, since LDAP doesn't have accounting abilities. (And there are other SQL databases, as well as lots of choices in LDAP servers.) The real question you

Re: Which is Better LDAP or MySQL?

I know I forgot the "t" :( sorry - Original Message - From: "Michael Milbrat" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, August 15, 2003 9:14 PM Subject: Which is Better LDAP or MySQL? > Does anyone know which is accually a better b

Which is Better LDAP or MySQL?

Does anyone know which is accually a better backend LDAP or MySQL? Michael Milbrat 12dollars.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

CISCO knowledge or Win2k knowledge required

e. in fact, if i use the Win2k supplicant for 802.1x and put in my username,password or an EAP certificate, the FreeRADIUS enables the connection (Port 1 fastethernet) however, if i just put the MAC info into the users file of FreeRADIUS eg Auth-Type := Accept, Password == "

Re: CISCO knowledge or Win2k knowledge required

[EMAIL PROTECTED] wrote: > however, if i just put the MAC info into the users file of FreeRADIUS > eg > > Auth-Type := Accept, Password == "" > > then i'm unable to get any authentication from the FreeRADIUS > server...heres the FreeRADIUS output: You don't want 'Auth-

Re: NAS or Radius adding extra character to password - bizarre

It then does the > proxying to IPASS just fine, but with the extra character in the password, > auth fails. That does sound familiar... but I don't recall any more than that. > Pointers to docs and/or code modules appreciated as well. I'm not entirely > sure where to star

radius_xlat or parsing bug?

Let a user entry in raddb/users DEFAULT Auth-Type := Accept Reply-Message := `%{sql:SELECT 'before %{User-Name:-default value} after'}` Debug output: Sat Jul 26 22:43:12 2003 : Debug: Thread 1 handling request 0, (1 handled so far) User-Name = "[EMAIL PROTECTED]" User-Passw

NAS or Radius adding extra character to password - bizarre

II NASes, but for the life of me I can't seem to tell if it's the NAS's fault or radius' fault. (I'd suspect the NAS because radtest doesn't seem to fail, but why would it be all three different kinds of NAS?) Anyone heard of anything remotely like this? I wouldn&#x

Re: 0.9.0-pre1 : radpaths.h: No such file or directory

yikes. sorry for the waste of bandwidth. who knows how i missed that one. Alan DeKok wrote: "Eric C. Snowdeal III" <[EMAIL PROTECTED]> wrote: perhaps i'm missing something in the output that will be perfectly obvious to someone else? This has been discussed many times already today on

Re: 0.9.0-pre1 : radpaths.h: No such file or directory

"Eric C. Snowdeal III" <[EMAIL PROTECTED]> wrote: > perhaps i'm missing something in the output that will be perfectly > obvious to someone else? This has been discussed many times already today on the list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/

0.9.0-pre1 : radpaths.h: No such file or directory

-Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -I../../include -c rlm_acct_unique.c -o rlm_acct_unique.o In file included from rlm_acct_unique.c:27: ../../include/radiusd.h:11:22: radpaths.h: No such file or directory _ i can recompile an o

Re: May I assign two or more Auth-Type to a user in the file"users"?

What you need is to setup more than one DEFAULT entry in the users file. Setup each Auth-Type to each DEFAULT entry... On Wed, 2003-07-02 at 15:35, Alan DeKok wrote: > =?big5?B?wemofL/O?= <[EMAIL PROTECTED]> wrote: > > I try to assign more than one Auth-Type to the same user in the file > > "us

Re: May I assign two or more Auth-Type to a user in the file "users"?

=?big5?B?wemofL/O?= <[EMAIL PROTECTED]> wrote: > I try to assign more than one Auth-Type to the same user in the file > "users", You can't do that. It's nonsense. > but it's failed. Exactly. > I've tried ... > ex. > bob Auth-Type := Local, Auth-Type += EAP, User-Password == "1818" Wha

May I assign two or more Auth-Type to a user in the file "users"?

Dear All:   I try to assign more than one Auth-Type to the same user in the file "users", but it's failed. It's necessary when a user logins from NASes with different Auth-Type.    I've tried ... ex. bob Auth-Type := Local, Auth-Type += EAP,   User-Password ==

RE: All or any client access

> From: Mark Gaither > Sent: Friday, 20 June 2003 1:12 AM > client 0.0.0.0/24 { > secret = foo > shortname = bar > } I think you meant "client 0.0.0.0/0 {" which would match any IP address on the internet... Unless FreeRADIUS does weird stuff, what you've got would only match 0.0.0.0-

RE: All or any client access

= myhost } Rgrds, Alan > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Mark > Gaither > Sent: 19 June 2003 16:12 > To: Freeradius > Subject: All or any client access > > > I have a situation where I travel the country w

All or any client access

I have a situation where I travel the country with a demo computer and it's IP address changes every day. To use my external AAA Freeradius server, I must call my office and have someone add the new IP address to the clients.conf file. Is there any way to use a wildcard in defining a client? Is it

Operator to match if attribute does not exist or is not value?

According to man 5 users there is no operator that will match as a check item if the attribute plain does not exist in the radius request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Handling crypt OR clear text encryption schemes for the "pap" module

"Patrick McShane" <[EMAIL PROTECTED]> wrote: > Does anybody know of a way to get FreeRadius to handle either crypt OR > clear text encryption schemes for the "pap" module? It doesn't do it that well. The module SHOULD do clear-text authentication by d

Handling crypt OR clear text encryption schemes for the "pap" module

Does anybody know of a way to get FreeRadius to handle either crypt OR clear text encryption schemes for the "pap" module? For example in radiusd.conf: pap { encryption_scheme = clear encryption_scheme = crypt } We have some passwords stored in the LDAP password at

Re: stale logins/sessions or Simultaneous-Use behavior

"Josh Kleensang" <[EMAIL PROTECTED]> wrote: > Is there any way (don't you love it when emails start > out that way...) to have freeradius arbitrarily kill a > session (record a session stop time and forget about it) > when another session is started with the same username? Write an external scri

stale logins/sessions or Simultaneous-Use behavior

login wont actually happen because all of an upstream radius server/proxy. I know that checkrad is supposed to verify if the session is there or not but I don't have access to the NAS servers and cannot directly verify the login. It may be useful to add an option to Simultaneous-Use where t

RE: Dialup_admin (...or smth else) not working properly

Hello, It still doesn't work. Those php scripts wont talk to mysql database. I guess there should smth wrong with my apache server, or php support, probably I will have to reinstall itthat's a big headache. Anyway, thanks a lot for your help Redi Redi Tela Systems Administrator M

RE: Dialup_admin (...or smth else) not working properly

> > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Kostas > Kalevras > Sent: Monday, March 10, 2003 3:55 PM > To: [EMAIL PROTECTED] > Subject: RE: Dialup_admin (...or smth else) not working properly > > > On Mon,

RE: Dialup_admin (...or smth else) not working properly

alup_admin (...or smth else) not working properly On Mon, 10 Mar 2003, Redi Tela wrote: > Hello, > > I'm using v0.81. Here is what I changed under ../conf/admin.conf > > general_base_dir: /path/to/www/radius > general_radiusd_base_dir: /usr/local/sbin/radiusd &g

RE: Dialup_admin (...or smth else) not working properly

001 > Fax: +355-4-256-002 > Mob: +355-69-20-80-710 > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Evren > Yurtesen > Sent: Monday, March 10, 2003 11:41 AM > To: [EMAIL PROTECTED] > Subject: Re: Dialup_admin (..

RE: Dialup_admin (...or smth else) not working properly

inistrator Mail [EMAIL PROTECTED] Phone: +355-4-256-001 Fax: +355-4-256-002 Mob: +355-69-20-80-710 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evren Yurtesen Sent: Monday, March 10, 2003 11:41 AM To: [EMAIL PROTECTED] Subject: Re: Dialup_admin (...or

Re: Dialup_admin (...or smth else) not working properly

p_admin doesn't interact properly with freeradius and mysql, ex. > When I try to add a new group, it doesn't show anything, or when I try > to add a new user, it doesn't add anything to the mysql database. In the > archive I read somewhere to use the latest CVS, but when I clic

Dialup_admin (...or smth else) not working properly

Hello, I just installed freeradius 0.81 with mysql on a Redhat 7.1 machine. Everything seems to be working properly except for the web interface. Dialup_admin doesn't interact properly with freeradius and mysql, ex. When I try to add a new group, it doesn't show anything, or when I tr

Re: CISTRON vs. FreeRADIUS :: Extra Bit and/or Case Sensitivity

In article <[EMAIL PROTECTED]>, Ryan Beisner <[EMAIL PROTECTED]> wrote: >In FreeRADIUS there is an option to alter the user name's case Before or >After authentication (failure). I have many users who (even though you >say to use lower case), continue to use a capi

Re: CISTRON vs. FreeRADIUS :: Extra Bit and/or Case Sensitivity

I *am* reading the freeradius-users list. Was there any need to send an extra copy of the message to me, in addition to the list? Ryan Beisner <[EMAIL PROTECTED]> wrote: > I've been using FreeRADIUS for a few weeks on a USR Hiper Access 96 bank > dialup rack, authenticating with PAP. Randomly,

CISTRON vs. FreeRADIUS :: Extra Bit and/or Case Sensitivity

DIUSD. Guess what? No more /### at the end of passwords. Ok, so I don't have people saying "sometimes it accepts my password, and sometimes it doesn't ... what's going on?" Good deal. Yeah. But... In FreeRADIUS there is an option to alter the user name's

Re: Upgraded to RADIUS 0.8.1 and receiving The 'op' field for attribute xxxx is NULL, or non-existent

I have found the problem. I had data in radgroupreply which contain NULL for the op field. I just added = to the op field and voila. The problem is now solved. Thanks for your assistance and hopefully this may address someone else's problem. Best Regards, Dan Bell LondonLink Networks - Lis

Re: Upgraded to RADIUS 0.8.1 and receiving The 'op' field for attribute xxxx is NULL, or non-existent

On Wednesday 12 February 2003 17:12, Dan Bell wrote: > I have just upgraded to 0.8.1 from 0.4 and everything is working fine, > however, my log files state The 'op' field for attribute xxxx is NULL, > or non-existent etc. etc. I deliver all settings from the users file. > T

Upgraded to RADIUS 0.8.1 and receiving The 'op' field for attribute xxxx is NULL, or non-existent

I have just upgraded to 0.8.1 from 0.4 and everything is working fine, however, my log files state The 'op' field for attribute is NULL, or non-existent etc. etc. I deliver all settings from the users file. This server only blocks banned users via callcheck. I authenticate any us

Re: Proxying problems (or utter stupidity ?) again...

nd « counter-intuitive » that groups would either disappear (in our custom Web interface) when there weren't any more attributes in them, or either refuse to drop the last item. So, since they're customers, and I didn't want to take the time to explain them the problem, I just throwed t

Re: Proxying problems (or utter stupidity ?) again...

Without repeating what Alan and Chris said: On Thu, 6 Feb 2003, Jacques Caruso wrote: > The proxy.conf has only one realm : > > alien { > type= radius Shouldn't that be: realm alien { type= radius just wondrin', Jim - List info/subscribe/unsubscribe?

Re: Proxying problems (or utter stupidity ?) again...

Jacques Caruso <[EMAIL PROTECTED]> wrote: > OK. I still haven't managed to get the damn solution working, even with > the helpful hints from Chris and Alan, and even after trying very hard I > still get proxy calls (and subsequent Access-Reject) for people who > shouldn't trigger them. Here is what

Re: Proxying problems (or utter stupidity ?) again...

At 08:25 PM 2/6/2003 +0100, Jacques Caruso wrote: OK. I still haven't managed to get the damn solution working, even with the helpful hints from Chris and Alan, and even after trying very hard I still get proxy calls (and subsequent Access-Reject) for people who shouldn't trigger them. Here is wha

Proxying problems (or utter stupidity ?) again...

OK. I still haven't managed to get the damn solution working, even with the helpful hints from Chris and Alan, and even after trying very hard I still get proxy calls (and subsequent Access-Reject) for people who shouldn't trigger them. Here is what I finally put in radgroupcheck : mysql> SELECT *

Re: OR checks in check authorize_check_query

"B.I." <[EMAIL PROTECTED]> wrote: > Is it possible to use logical OR in check items, returned by > authorize_check_query? For now, regular expressions. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: OR checks in check authorize_check_query

. wrote: Hi list, Is it possible to use logical OR in check items, returned by authorize_check_query? For example I whant to restrict user by Calling-Station-ID to be allowed to use one of 2 or more phone numbers. Maybe it should be something like += with many Calling-Station-ID check items

OR checks in check authorize_check_query

Hi list, Is it possible to use logical OR in check items, returned by authorize_check_query? For example I whant to restrict user by Calling-Station-ID to be allowed to use one of 2 or more phone numbers. Maybe it should be something like += with many Calling-Station-ID check items? Thanks in

Which takes priority? MAC ACL or Radius on Orinoco AP-1000

Hi, I am trying to implement MAC based authentication with the (Lucent)Orinoco's wireless access point AP-1000 and the FreeRadius here. Now if you own an AP-1000 you might be aware that there you can do either MAC filtering and/or Radius based authentication on that AP. So my question is

control (or garbage) characters in username

Hi all, It occassionally (sometimes frequently) happens that the NAS sends some control characters as username and password. Could it be line noise or DOS? I'm not quite sure. Here is a debug output (from the Home Server FRv0.8.1): rad_recv: Access-Request packet from host x.x.x.100

Rejecting users: authcheck_table or authreply_table ?

Hi, I'm using FreeRADIUS 0.7 and MySQL 3.23.53 together. What do I have to do to reject a user in the "Suspended" group in the usergroup_table ? I tried to put a record in the authreply_table with Auth-Type = Reject for that group but it didn't work out because radiusd would still send an

Re: := or ==

Ray <[EMAIL PROTECTED]> wrote: > both are right, but they have there place (assuming i'm reading the docs > right, and assuming my other assumtions about it are correct) > > := in the replies and == in the checks unless your doing something that the > check needs to be something else. > > i agree

Re: := or ==

> >:= - Set ( used to ensure a specific a/v is present ) > > > >== - Equal ( exact ) > >=* - Always Equal ( will allow all values for attribute ) > > !* - Always Not Equal ( will block all values for

Re: := or ==

ays Equal ( will allow all values for attribute ) >!* - Always Not Equal ( will block all values for attribute ) > != - Not equal >>= - Greater than or equal to ><= - Less than or equal to >>- Greater than >

Re: := or ==

is present ) == - Equal ( exact ) =* - Always Equal ( will allow all values for attribute ) !* - Always Not Equal ( will block all values for attribute ) != - Not equal >= - Greater than or equal to <= - Less

:= or ==

s just an accounting table, radtest normally doesn't cause anything > to show up here, nor do you normally manually add anything to it. > > > > mysql> select * from usergroup; > > ++--+---+ > > | id | UserName | GroupName | > > | 1 | bob | dynamic

Why my FreeRadius can not run correctly except with option -s or -X?

freeradius-users£¬ I have already compiled and installed FreeRadius 0.7 in Solaris 8. My FreeRadius can only run with -s or -X correctly. But when I run it with other options, it failed. What's the matter? The following is my console log when I run with command "radiusd -x&quo

Support for WPA or 802.11i ??

Hi all, I was wondering if there was any interface for freeradius to support AP's with WPA ? Any thing in the works for 802.11i ? I see that Linksys will have WPA on there 802.11g AP's, that will be avalible mid Dec. and have downloadable upgrade to 802.11i when it is finalized. Any one working o

Re: eap_identity or username attribute? (to Artur and lars)

hi >>> If the realm is stripped away, wouldn't this work just >> fine as long > as you just verify the User-Name against the >> certificate and ignore > the EAP identity?>> e.g., but then you >> propose to not verify the equality of all THREE fields. > > > Yes. As we have discussed the importan

RE: eap_identity or username attribute? (to Artur and lars)

> From: Artur Hecker [mailto:[EMAIL PROTECTED]] > Sent: den 20 november 2002 19:16 > To: [EMAIL PROTECTED] > Subject: Re: eap_identity or username attribute? (to Artur and lars) > > If the realm is stripped away, wouldn't this work just > fine as long > as

Re: eap_identity or username attribute? (to Artur and lars)

> The option to specify an EAP identity other than the one that > corresponds to the certificate only seems to makes sense in some > environments, for instance if you assume that all clients with valid > certificates are implicitly authorized. usually, since you know the private key,

RE: eap_identity or username attribute? (to Artur and lars)

> From: Artur Hecker [mailto:[EMAIL PROTECTED]] > Sent: den 20 november 2002 17:15 > To: [EMAIL PROTECTED] > Subject: Re: eap_identity or username attribute? (to Artur and lars) > i agree with that too, but why does this box exist in Windows then? i > personally tend to think

Re: eap_identity or username attribute? (to Artur and lars)

hi Lars > What wierd way are you refering to? Is it the "Use a different user > name for the connection" check box you are talking about or something > else? yes, exactly. >> so we probably shouldn't verify that... > > > But if you don't verify

RE: eap_identity or username attribute? (to Artur and lars)

> From: Artur Hecker [mailto:[EMAIL PROTECTED]] > Sent: den 20 november 2002 14:51 > To: [EMAIL PROTECTED] > Subject: Re: eap_identity or username attribute? (to Artur and lars) > so you want the rlm_eap_tls to check if eap_id = certified identity, > right? sounds very reas

Re: eap_identity or username attribute? (to Artur and lars)

:) Lars Viklund wrote: > Promise that it "must" is a bit strong :-) However, I would say that > a NAS that doesn't do this is broken. so, you are stating the same :)) well, i would say, the first Radius client MUST do so, because otherwise what could it probably put inside of User-Name and why?

RE: eap_identity or username attribute? (to Artur and lars)

> From: Artur Hecker [mailto:[EMAIL PROTECTED]] > James Xie wrote: > > Hi, Can I say both of you premise that NAS(radius client) must set > > User-Name value to eap-id? I see in FreeRadius that the username to > > i can't speak for Lars, but i would say yes, that's what is > dictated by the s

Re: eap_identity or username attribute? (to Artur and lars)

James Xie wrote: > Hi, Can I say both of you premise that NAS(radius client) must set > User-Name value to eap-id? I see in FreeRadius that the username to i can't speak for Lars, but i would say yes, that's what is dictated by the standard. the ap must set the User-Name to eap-id since it is th

RE: eap_identity or username attribute?

> From: Artur Hecker [mailto:[EMAIL PROTECTED]] > Sent: den 19 november 2002 20:27 > To: [EMAIL PROTECTED] > Subject: Re: eap_identity or username attribute? > i only wanted to say, that the certified identity could be e.g. > [EMAIL PROTECTED] so, the eap-id would carry [EMA

Re: eap_identity or username attribute? (to Artur and lars)

Hi, Can I say both of you premise that NAS(radius client) must set User-Name value to eap-id? I see in FreeRadius that the username to used authorize is set to User-Name attibute value. If User-Name value is null then eap-id is set to it. Now if NAS sends a packet to FreeRadius whose User-Name

Re: eap_identity or username attribute?

only, since the EAP-Message is not considered when proxying. Now home.com, when running freeradius, would state that the three attributes mentioned before are *not* the same and would reject, right? or did i misget your point? well, i see, that there are work-arounds for it (do not use strippin

RE: eap_identity or username attribute?

> From: Artur Hecker [mailto:[EMAIL PROTECTED]] > Sent: den 19 november 2002 18:49 > To: [EMAIL PROTECTED] > Subject: Re: eap_identity or username attribute? > > > Lars, > > in the IEEE Std 802.1X-2001 there is the following: > > > D.3.1 User-Nam

Re: eap_identity or username attribute?

Lars, in the IEEE Std 802.1X-2001 there is the following: D.3.1 User-Name In IEEE Std 802.1X-2001, the supplicant typically provides its identity via an EAP-Response/Identity message. Where available, the supplicant identity is included in the User-Name attribute and included in th

RE: eap_identity or username attribute?

> From: Artur Hecker [mailto:[EMAIL PROTECTED]] > Sent: den 19 november 2002 16:37 > To: [EMAIL PROTECTED] > Subject: Re: eap_identity or username attribute? > > > shouldn't those two be always set to the same? i can't > remember, but i think that i read so

Re: eap_identity or username attribute?

shouldn't those two be always set to the same? i can't remember, but i think that i read something like this in the "Usage of RADIUS with IEEE 802.1X" recommendations once... try to take a look. James Xie wrote: > HI, > I am debuging EAP-TLS module. Who can tell me FreeRadius should use which >

eap_identity or username attribute?

HI, I am debuging EAP-TLS module. Who can tell me FreeRadius should use which value(eap_identity and username attribute of radius packet) to authorize the supplicant? Now I am using rlm_sql module to authorize the supplicant. Must I set username in database to eap_identity? If not, is there a

Re: PAM Or Ldap Authentication

Brendon Colby <[EMAIL PROTECTED]> wrote: > I have two users. One exists in LDAP, one exists on a Windoze PDC and is > accessed through PAM. With the above setup, when I log in with the LDAP > user, the authorize section returns success but the authenticate section > only tries PAM, which fails res

Re: PAM Or Ldap Authentication

On Sat, Oct 05, 2002 at 02:20:11AM +0300, Kostas Kalevras wrote: > > You always set Auth-Type to ldap in your users file. I would suggest something > like this (i haven't tested it though): > > authenticate{ > pam > ldap > } > > authorize { > ldap > files > } > > users

Re: PAM Or Ldap Authentication

On Fri, 4 Oct 2002, Brendon Colby wrote: > Greetings, > > We have a LDAP server with which we want to do authentication. I also > want to use PAM to authenticate (if LDAP user doesn't exist check PAM). > Here is what I have in radius.conf: > > authorize { > files > ldap { > notfound = ret

PAM Or Ldap Authentication

Greetings, We have a LDAP server with which we want to do authentication. I also want to use PAM to authenticate (if LDAP user doesn't exist check PAM). Here is what I have in radius.conf: authorize { files ldap { notfound = return } } authenticate { pam ldap } in the users file:

  1   2   >