Hi, Documentation says:
for sql make sure to have Max-All-Session entry under either radcheck or
radgroup check table:
> INSERT into radcheck VALUES ('','test0001','Max-All-Session','54000',':=');
I hope this help you.
-
List info/subs
Is this possible???
Max-All-Session-Time or Max-Seesion-Time for groups in a mysql database and
freeradius
when i put this attribute in radcheck, all is ok... but i want use it like a
group attribute in the radgroupcheck o radgroupreply but when i do this
nothing happens.
Roddy
-
List info
Hello,
I would like, for testing, a sample configuration for freeradius with
peap or EAP/TTLS with a openLDAP server backend.
Thanks.
Escuse my english
--
GQS
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Wed, 19 Nov 2003, ylei wrote:
>
> maybe you can't get what you want.
>
> i think the begin is reading RFC2865.
>
> and then you can download the freeradius' source code.
>
> reading src/README, FAQ. etc.
>
> doc/README, aaa.txt, configurable_failover, module_interf
t
q+
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
maybe you can't get what you want.
i think the begin is reading RFC2865.
and then you can download the freeradius' source code.
reading src/README, FAQ. etc.
doc/README, aaa.txt, configurable_failover, module_interface,
processing_users_file.
a
local
city. What a pity! I have searched http://www.freeradius.org/ and also FAQ of this
site, but I can not find a complete manual on how to configuare RADIUS server (I
have successfully installed the server on RH8.0).
Where can I find some simple manuals or tutorials on how to setup, configure and
t
...for Free Radius compatible with Mandrake?
Anyone?
Thanks
LIp
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Shoujit Mitra <[EMAIL PROTECTED]> wrote:
> I have a basic question regarding 'adding new users' to the RADIUS server
> user list. I minimum knowledge about the functioanlity of RAS device &
> RADIUS server interaction. Please guide me.
I strongly suggest that you buy the RADIUS book. It goe
g. TCH) executes to create a new
user on the RADIUS server?
2. Does the RAS device use any script language interface with the RAS
device to create new user, or any XML interface, or HTTP interface?
3. I guess, the RADIUS servers in commercially deployed uses, some kind
of
database to stor
> Antonia Kujundzic wrote:
> > There is a free Windows client for EAP-TTLS.
> > www.alfa-arriss.com
> > I've used it with Cisco client and it worked fine.
>
> hey, thanks, excellent! they really still produce freeware out there? :)
Obviously :)
> (small correction to the link, it is actually www
hi
Antonia Kujundzic wrote:
There is a free Windows client for EAP-TTLS.
www.alfa-arriss.com
I've used it with Cisco client and it worked fine.
hey, thanks, excellent! they really still produce freeware out there? :)
(small correction to the link, it is actually www.alfa-ariss.com).
ciao
artur
p
> Francisco Javier Martinez Martinez <[EMAIL PROTECTED]> wrote:
> > I want to know if it is possible to make work the following scenario:
> > AP : Cisco Aironet 1100 or similar
> > Client-supplicant: Windows 2K /XP and cisco client.
> > EAP: TTLS
> > Authent
Academic Qualifications available from prestigious NONACCREDITTED universities.
Do you have the knowledge and the experience but lack the qualifications?
Are you getting turned down time and time again for the job of your dreams because you
just don't have the right letters
after your name?
G
Francisco Javier Martinez Martinez <[EMAIL PROTECTED]> wrote:
> I want to know if it is possible to make work the following scenario:
> AP : Cisco Aironet 1100 or similar
> Client-supplicant: Windows 2K /XP and cisco client.
> EAP: TTLS
> Authentication server: FreeRadius.
Hello.
My apologies if my question is redundant or had been make before (I had
readed the list´s messages and didn`t found anything).
I want to know if it is possible to make work the following scenario:
AP : Cisco Aironet 1100 or similar
Client-supplicant: Windows 2K /XP and cisco client.
EAP
On Fri, 19 Sep 2003, Zoilo wrote:
> I need to create a radius server with >100,000 users.
>
> Should I use LDAP or SQL?
Both should work ok. LDAP is just more general and you can base other
services on it along with radius. Check the list archives for detailed
discussion on this t
I need to create a radius server with >100,000 users.
Should I use LDAP or SQL?
Z.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Currently using freeradius-0.9.1 running over Freebsd
v4.8.
Is it possible to do proxy authentication and
accounting based on NAS-IP-Address / Client-IP-Address or NAS-Identifier
instead or realms?
Regards
ScanMail for Microsoft Exchange has taken action on the message, please
refer to the contents of this message for further details.
Sender = [EMAIL PROTECTED]
Recipient(s) = [EMAIL PROTECTED];
Subject = Re: That movie
Scanning Time = 09/04/2003 14:02:32
Engine/Pattern = 6.640-1001/626
Action on me
"Broussard Philippe" <[EMAIL PROTECTED]> wrote:
> I have found this :
...
> Can you explain the meaning of this syntax ?
doc/configurable_failover
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I have found this :
authtype LDAP {
group {
ldap1 {
fail = 1
notfound = 2
}
ldap2 {
fail =
Actually, the answer is a little more
straightforward when Radius is involved. No package including Radius
should be reading from a flat file (cached or not). In the case of Radius,
the users file can quickly become a problem after a few thousand
users. With SQL, proper indexing can
Thanks for the answer Tim.
Michael
- Original Message -
From: "Tim McCracken" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, August 16, 2003 7:07 AM
Subject: RE: Which is Better LDAP or MySQL?
> Michael,
>
> IMHO, thats a little like aski
Michael,
IMHO, thats a little like asking which is better - a car or a motorcycle. It
just depends on your needs. Sometimes you may need both, since LDAP doesn't
have accounting abilities. (And there are other SQL databases, as well as
lots of choices in LDAP servers.)
The real question you
I know I forgot the "t" :( sorry
- Original Message -
From: "Michael Milbrat" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, August 15, 2003 9:14 PM
Subject: Which is Better LDAP or MySQL?
> Does anyone know which is accually a better b
Does anyone know which is accually a better backend LDAP or MySQL?
Michael Milbrat
12dollars.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
e. in fact, if i use
the Win2k supplicant for 802.1x and put in my username,password
or an EAP certificate, the FreeRADIUS enables the connection (Port 1
fastethernet)
however, if i just put the MAC info into the users file of FreeRADIUS
eg
Auth-Type := Accept, Password == "
[EMAIL PROTECTED] wrote:
> however, if i just put the MAC info into the users file of FreeRADIUS
> eg
>
> Auth-Type := Accept, Password == ""
>
> then i'm unable to get any authentication from the FreeRADIUS
> server...heres the FreeRADIUS output:
You don't want 'Auth-
It then does the
> proxying to IPASS just fine, but with the extra character in the password,
> auth fails.
That does sound familiar... but I don't recall any more than that.
> Pointers to docs and/or code modules appreciated as well. I'm not entirely
> sure where to star
Let a user entry in raddb/users
DEFAULT Auth-Type := Accept
Reply-Message := `%{sql:SELECT 'before %{User-Name:-default value} after'}`
Debug output:
Sat Jul 26 22:43:12 2003 : Debug: Thread 1 handling request 0, (1 handled so far)
User-Name = "[EMAIL PROTECTED]"
User-Passw
II NASes, but
for the life of me I can't seem to tell if it's the NAS's fault or radius'
fault. (I'd suspect the NAS because radtest doesn't seem to fail, but why
would it be all three different kinds of NAS?)
Anyone heard of anything remotely like this? I wouldn
yikes. sorry for the waste of bandwidth. who knows how i missed that one.
Alan DeKok wrote:
"Eric C. Snowdeal III" <[EMAIL PROTECTED]> wrote:
perhaps i'm missing something in the output that will be perfectly
obvious to someone else?
This has been discussed many times already today on
"Eric C. Snowdeal III" <[EMAIL PROTECTED]> wrote:
> perhaps i'm missing something in the output that will be perfectly
> obvious to someone else?
This has been discussed many times already today on the list.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
-Wwrite-strings
-Wstrict-prototypes
-Wmissing-prototypes -Wmissing-declarations -Wnested-externs
-I../../include
-c rlm_acct_unique.c -o rlm_acct_unique.o
In file included from rlm_acct_unique.c:27:
../../include/radiusd.h:11:22: radpaths.h: No such file or directory
_
i can recompile an o
What you need is to setup more than one DEFAULT entry in the users file.
Setup each Auth-Type to each DEFAULT entry...
On Wed, 2003-07-02 at 15:35, Alan DeKok wrote:
> =?big5?B?wemofL/O?= <[EMAIL PROTECTED]> wrote:
> > I try to assign more than one Auth-Type to the same user in the file
> > "us
=?big5?B?wemofL/O?= <[EMAIL PROTECTED]> wrote:
> I try to assign more than one Auth-Type to the same user in the file
> "users",
You can't do that. It's nonsense.
> but it's failed.
Exactly.
> I've tried ...
> ex.
> bob Auth-Type := Local, Auth-Type += EAP, User-Password == "1818"
Wha
Dear All:
I try to assign more than one Auth-Type to the same user in
the file "users", but it's failed.
It's necessary when a user logins
from NASes with different Auth-Type.
I've tried ...
ex.
bob Auth-Type := Local, Auth-Type +=
EAP, User-Password ==
> From: Mark Gaither
> Sent: Friday, 20 June 2003 1:12 AM
> client 0.0.0.0/24 {
> secret = foo
> shortname = bar
> }
I think you meant
"client 0.0.0.0/0 {"
which would match any IP address on the internet...
Unless FreeRADIUS does weird stuff, what you've got
would only match 0.0.0.0-
= myhost
}
Rgrds,
Alan
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Mark
> Gaither
> Sent: 19 June 2003 16:12
> To: Freeradius
> Subject: All or any client access
>
>
> I have a situation where I travel the country w
I have a situation where I travel the country with a demo computer and
it's IP address changes every day. To use my external AAA Freeradius
server, I must call my office and have someone add the new IP address to
the clients.conf file. Is there any way to use a wildcard in defining a
client? Is it
According to man 5 users there is no operator that will match as a check
item if the attribute plain does not exist in the radius request.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"Patrick McShane" <[EMAIL PROTECTED]> wrote:
> Does anybody know of a way to get FreeRadius to handle either crypt OR
> clear text encryption schemes for the "pap" module?
It doesn't do it that well.
The module SHOULD do clear-text authentication by d
Does anybody know of a way to get FreeRadius to handle either crypt OR
clear text encryption schemes for the "pap" module?
For example in radiusd.conf:
pap {
encryption_scheme = clear
encryption_scheme = crypt
}
We have some passwords stored in the LDAP password at
"Josh Kleensang" <[EMAIL PROTECTED]> wrote:
> Is there any way (don't you love it when emails start
> out that way...) to have freeradius arbitrarily kill a
> session (record a session stop time and forget about it)
> when another session is started with the same username?
Write an external scri
login wont actually happen because all of
an upstream radius server/proxy. I know that checkrad is
supposed to verify if the session is there or not but I
don't have access to the NAS servers and cannot directly
verify the login.
It may be useful to add an option to Simultaneous-Use where
t
Hello,
It still doesn't work. Those php scripts wont talk to mysql database. I
guess there should smth wrong with my apache server, or php support,
probably I will have to reinstall itthat's a big headache.
Anyway, thanks a lot for your help
Redi
Redi Tela
Systems Administrator
M
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Kostas
> Kalevras
> Sent: Monday, March 10, 2003 3:55 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Dialup_admin (...or smth else) not working properly
>
>
> On Mon,
alup_admin (...or smth else) not working properly
On Mon, 10 Mar 2003, Redi Tela wrote:
> Hello,
>
> I'm using v0.81. Here is what I changed under ../conf/admin.conf
>
> general_base_dir: /path/to/www/radius
> general_radiusd_base_dir: /usr/local/sbin/radiusd
&g
001
> Fax: +355-4-256-002
> Mob: +355-69-20-80-710
>
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Evren
> Yurtesen
> Sent: Monday, March 10, 2003 11:41 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Dialup_admin (..
inistrator
Mail [EMAIL PROTECTED]
Phone: +355-4-256-001
Fax: +355-4-256-002
Mob: +355-69-20-80-710
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Evren
Yurtesen
Sent: Monday, March 10, 2003 11:41 AM
To: [EMAIL PROTECTED]
Subject: Re: Dialup_admin (...or
p_admin doesn't interact properly with freeradius and mysql, ex.
> When I try to add a new group, it doesn't show anything, or when I try
> to add a new user, it doesn't add anything to the mysql database. In the
> archive I read somewhere to use the latest CVS, but when I clic
Hello,
I just installed freeradius 0.81 with mysql on a Redhat 7.1 machine.
Everything seems to be working properly except for the web interface.
Dialup_admin doesn't interact properly with freeradius and mysql, ex.
When I try to add a new group, it doesn't show anything, or when I tr
In article <[EMAIL PROTECTED]>,
Ryan Beisner <[EMAIL PROTECTED]> wrote:
>In FreeRADIUS there is an option to alter the user name's case Before or
>After authentication (failure). I have many users who (even though you
>say to use lower case), continue to use a capi
I *am* reading the freeradius-users list. Was there any need to
send an extra copy of the message to me, in addition to the list?
Ryan Beisner <[EMAIL PROTECTED]> wrote:
> I've been using FreeRADIUS for a few weeks on a USR Hiper Access 96 bank
> dialup rack, authenticating with PAP. Randomly,
DIUSD.
Guess what?
No more /### at the end of passwords. Ok, so I don't have people saying
"sometimes it accepts my password, and sometimes it doesn't ... what's
going on?" Good deal. Yeah.
But...
In FreeRADIUS there is an option to alter the user name's
I have found the problem. I had data in radgroupreply which contain
NULL for the op field. I just added = to the op field and voila. The
problem is now solved. Thanks for your assistance and hopefully this
may address someone else's problem.
Best Regards,
Dan Bell
LondonLink Networks
-
Lis
On Wednesday 12 February 2003 17:12, Dan Bell wrote:
> I have just upgraded to 0.8.1 from 0.4 and everything is working fine,
> however, my log files state The 'op' field for attribute xxxx is NULL,
> or non-existent etc. etc. I deliver all settings from the users file.
> T
I have just upgraded to 0.8.1 from 0.4 and everything is working fine,
however, my log files state The 'op' field for attribute is NULL,
or non-existent etc. etc. I deliver all settings from the users file.
This server only blocks banned users via callcheck. I authenticate any
us
nd
« counter-intuitive » that groups would either disappear (in our custom
Web interface) when there weren't any more attributes in them, or either
refuse to drop the last item. So, since they're customers, and I didn't
want to take the time to explain them the problem, I just throwed t
Without repeating what Alan and Chris said:
On Thu, 6 Feb 2003, Jacques Caruso wrote:
> The proxy.conf has only one realm :
>
> alien {
> type= radius
Shouldn't that be:
realm alien {
type= radius
just wondrin',
Jim
-
List info/subscribe/unsubscribe?
Jacques Caruso <[EMAIL PROTECTED]> wrote:
> OK. I still haven't managed to get the damn solution working, even with
> the helpful hints from Chris and Alan, and even after trying very hard I
> still get proxy calls (and subsequent Access-Reject) for people who
> shouldn't trigger them. Here is what
At 08:25 PM 2/6/2003 +0100, Jacques Caruso wrote:
OK. I still haven't managed to get the damn solution working, even with
the helpful hints from Chris and Alan, and even after trying very hard I
still get proxy calls (and subsequent Access-Reject) for people who
shouldn't trigger them. Here is wha
OK. I still haven't managed to get the damn solution working, even with
the helpful hints from Chris and Alan, and even after trying very hard I
still get proxy calls (and subsequent Access-Reject) for people who
shouldn't trigger them. Here is what I finally put in radgroupcheck :
mysql> SELECT *
"B.I." <[EMAIL PROTECTED]> wrote:
> Is it possible to use logical OR in check items, returned by
> authorize_check_query?
For now, regular expressions.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. wrote:
Hi list,
Is it possible to use logical OR in check items, returned by
authorize_check_query?
For example I whant to restrict user by Calling-Station-ID to be allowed to
use one of 2 or more phone numbers.
Maybe it should be something like += with many Calling-Station-ID check items
Hi list,
Is it possible to use logical OR in check items, returned by
authorize_check_query?
For example I whant to restrict user by Calling-Station-ID to be allowed to
use one of 2 or more phone numbers.
Maybe it should be something like += with many Calling-Station-ID check items?
Thanks in
Hi,
I am trying to implement MAC based authentication with the
(Lucent)Orinoco's wireless access point AP-1000 and the FreeRadius
here. Now if you own an AP-1000 you might be aware that there you can
do either MAC filtering and/or Radius based authentication on that AP.
So my question is
Hi all,
It occassionally (sometimes frequently) happens that the NAS sends some control
characters as username and password. Could it be line noise or DOS? I'm not
quite sure. Here is a debug output (from the Home Server FRv0.8.1):
rad_recv: Access-Request packet from host x.x.x.100
Hi,
I'm using FreeRADIUS 0.7 and MySQL 3.23.53 together. What
do I have to do to reject a user in the "Suspended" group
in the usergroup_table ? I tried to put a record in the
authreply_table with Auth-Type = Reject for that group
but it didn't work out because radiusd would still send
an
Ray <[EMAIL PROTECTED]> wrote:
> both are right, but they have there place (assuming i'm reading the docs
> right, and assuming my other assumtions about it are correct)
>
> := in the replies and == in the checks unless your doing something that the
> check needs to be something else.
>
> i agree
> >:= - Set ( used to ensure a specific a/v is present )
> >
> >== - Equal ( exact )
> >=* - Always Equal ( will allow all values for attribute )
> > !* - Always Not Equal ( will block all values for
ays Equal ( will allow all values for attribute )
>!* - Always Not Equal ( will block all values for attribute )
> != - Not equal
>>= - Greater than or equal to
><= - Less than or equal to
>>- Greater than
>
is present )
== - Equal ( exact )
=* - Always Equal ( will allow all values for attribute )
!* - Always Not Equal ( will block all values for attribute )
!= - Not equal
>= - Greater than or equal to
<= - Less
s just an accounting table, radtest normally doesn't cause anything
> to show up here, nor do you normally manually add anything to it.
>
>
> > mysql> select * from usergroup;
> > ++--+---+
> > | id | UserName | GroupName |
> > | 1 | bob | dynamic
freeradius-users£¬
I have already compiled and installed FreeRadius 0.7 in Solaris 8. My FreeRadius
can only run with -s or -X correctly. But when I run it with other options, it failed.
What's the matter? The following is my console log when I run with command "radiusd
-x&quo
Hi all,
I was wondering if there was any interface for
freeradius to support AP's with WPA ?
Any thing in the works for 802.11i ?
I see that Linksys will have WPA on there
802.11g AP's, that will be avalible mid Dec.
and have downloadable upgrade to 802.11i
when it is finalized.
Any one working o
hi
>>> If the realm is stripped away, wouldn't this work just
>> fine as long > as you just verify the User-Name against the
>> certificate and ignore > the EAP identity?>> e.g., but then you
>> propose to not verify the equality of all THREE fields.
>
>
> Yes. As we have discussed the importan
> From: Artur Hecker [mailto:[EMAIL PROTECTED]]
> Sent: den 20 november 2002 19:16
> To: [EMAIL PROTECTED]
> Subject: Re: eap_identity or username attribute? (to Artur and lars)
> > If the realm is stripped away, wouldn't this work just
> fine as long > as
> The option to specify an EAP identity other than the one that
> corresponds to the certificate only seems to makes sense in some
> environments, for instance if you assume that all clients with valid
> certificates are implicitly authorized.
usually, since you know the private key,
> From: Artur Hecker [mailto:[EMAIL PROTECTED]]
> Sent: den 20 november 2002 17:15
> To: [EMAIL PROTECTED]
> Subject: Re: eap_identity or username attribute? (to Artur and lars)
> i agree with that too, but why does this box exist in Windows then? i
> personally tend to think
hi Lars
> What wierd way are you refering to? Is it the "Use a different user
> name for the connection" check box you are talking about or something
> else?
yes, exactly.
>> so we probably shouldn't verify that...
>
>
> But if you don't verify
> From: Artur Hecker [mailto:[EMAIL PROTECTED]]
> Sent: den 20 november 2002 14:51
> To: [EMAIL PROTECTED]
> Subject: Re: eap_identity or username attribute? (to Artur and lars)
> so you want the rlm_eap_tls to check if eap_id = certified identity,
> right? sounds very reas
:)
Lars Viklund wrote:
> Promise that it "must" is a bit strong :-) However, I would say that
> a NAS that doesn't do this is broken.
so, you are stating the same :)) well, i would say, the first Radius
client MUST do so, because otherwise what could it probably put inside
of User-Name and why?
> From: Artur Hecker [mailto:[EMAIL PROTECTED]]
> James Xie wrote:
> > Hi, Can I say both of you premise that NAS(radius client) must set
> > User-Name value to eap-id? I see in FreeRadius that the username to
>
> i can't speak for Lars, but i would say yes, that's what is
> dictated by the s
James Xie wrote:
> Hi, Can I say both of you premise that NAS(radius client) must set
> User-Name value to eap-id? I see in FreeRadius that the username to
i can't speak for Lars, but i would say yes, that's what is dictated by
the standard. the ap must set the User-Name to eap-id since it is th
> From: Artur Hecker [mailto:[EMAIL PROTECTED]]
> Sent: den 19 november 2002 20:27
> To: [EMAIL PROTECTED]
> Subject: Re: eap_identity or username attribute?
> i only wanted to say, that the certified identity could be e.g.
> [EMAIL PROTECTED] so, the eap-id would carry [EMA
Hi,
Can I say both of you premise that NAS(radius client) must set User-Name value to
eap-id? I see in FreeRadius that the username to used authorize is set to User-Name
attibute value. If User-Name value is null then eap-id is set to it. Now if NAS sends
a packet to FreeRadius whose User-Name
only, since the EAP-Message is not
considered when proxying. Now home.com, when running freeradius, would
state that the three attributes mentioned before are *not* the same and
would reject, right? or did i misget your point?
well, i see, that there are work-arounds for it (do not use strippin
> From: Artur Hecker [mailto:[EMAIL PROTECTED]]
> Sent: den 19 november 2002 18:49
> To: [EMAIL PROTECTED]
> Subject: Re: eap_identity or username attribute?
>
>
> Lars,
>
> in the IEEE Std 802.1X-2001 there is the following:
>
>
> D.3.1 User-Nam
Lars,
in the IEEE Std 802.1X-2001 there is the following:
D.3.1 User-Name
In IEEE Std 802.1X-2001, the supplicant typically provides its
identity via an EAP-Response/Identity message. Where available, the
supplicant identity is included in the User-Name attribute and included
in th
> From: Artur Hecker [mailto:[EMAIL PROTECTED]]
> Sent: den 19 november 2002 16:37
> To: [EMAIL PROTECTED]
> Subject: Re: eap_identity or username attribute?
>
>
> shouldn't those two be always set to the same? i can't
> remember, but i think that i read so
shouldn't those two be always set to the same? i can't remember, but i
think that i read something like this in the "Usage of RADIUS with IEEE
802.1X" recommendations once...
try to take a look.
James Xie wrote:
> HI,
> I am debuging EAP-TLS module. Who can tell me FreeRadius should use which
>
HI,
I am debuging EAP-TLS module. Who can tell me FreeRadius should use which
value(eap_identity and username attribute of radius packet) to authorize the
supplicant? Now I am
using rlm_sql module to authorize the supplicant. Must I set username in database to
eap_identity? If not, is there a
Brendon Colby <[EMAIL PROTECTED]> wrote:
> I have two users. One exists in LDAP, one exists on a Windoze PDC and is
> accessed through PAM. With the above setup, when I log in with the LDAP
> user, the authorize section returns success but the authenticate section
> only tries PAM, which fails res
On Sat, Oct 05, 2002 at 02:20:11AM +0300, Kostas Kalevras wrote:
>
> You always set Auth-Type to ldap in your users file. I would suggest something
> like this (i haven't tested it though):
>
> authenticate{
> pam
> ldap
> }
>
> authorize {
> ldap
> files
> }
>
> users
On Fri, 4 Oct 2002, Brendon Colby wrote:
> Greetings,
>
> We have a LDAP server with which we want to do authentication. I also
> want to use PAM to authenticate (if LDAP user doesn't exist check PAM).
> Here is what I have in radius.conf:
>
> authorize {
> files
> ldap {
> notfound = ret
Greetings,
We have a LDAP server with which we want to do authentication. I also
want to use PAM to authenticate (if LDAP user doesn't exist check PAM).
Here is what I have in radius.conf:
authorize {
files
ldap {
notfound = return
}
}
authenticate {
pam
ldap
}
in the users file:
1 - 100 of 168 matches
Mail list logo