The message contains Unicode characters and has been sent as a binary attachment.
message.zip
Description: Binary data
DD Did you try changing the defined ldap attributetype to allow multiple
DD values?
DD attributetype
DD( 1.3.6.1.4.1.3317.4.3.1.6
DD NAME 'radiusCalledStationId'
DD DESC ''
DD EQUALITY caseIgnoreIA5Match
DD SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
DD SINGLE-VALUE
DD
Try mikrotik.(www.mikrotik.com) or hotspotd (www.mondru.com). They both have free versions.
Julius Igugu
SouthWork Co. LtdwEiRDo [EMAIL PROTECTED] wrote:
Norguhtar, thank you for the help. Sorry but I am just starting using freeRadius. I just want to know though do we need a hardware to implement
or better.. try ntradping... just google for the site... forgot it
eh. Good luck dude
At 07:03 PM 1/27/2004, you wrote:
Try mikrotik.
(www.mikrotik.com) or hotspotd
(www.mondru.com). They both
have free versions.
Julius Igugu
SouthWork Co. Ltd
wEiRDo [EMAIL PROTECTED] wrote:
Norguhtar,
About the Nas...
I need to use radius with a nomadix...
so the people that arrive to authenticate have different ip address and
port.
for example I was teting with a remot client... and I have got all
authentication ignored because it doesn't recognase
the ip as known...
How can I solve this
Lefteris St [EMAIL PROTECTED] wrote:
I think i have configured everything properly (openssl
certs and stuff) but i still can't get freeradius to
authenticate EAP users properly.
It succeeds, which means you've got it working right.
The problem is that it goes too far. I'm not sure why,
What client are you using, and how have you
configured it?
I am using a Cisco Aironet 1200.
I configured it to use Open Authentication with EAP,
set the radius server IP and shared secret.
I did all these through the AP's html interface.
On the user side were running window 2000 with SP4 and
the
I'm working on deploying a wireless environment with 802.1x (PEAP),
using FreeRadius CVS. For optimal network performance and scalability,
I'm planning on my access points running in routing mode instead of
bridged mode which will allow each antenna to have it's own subnet.
User's will be
George Heeres [EMAIL PROTECTED] wrote:
I'm planning on my access points running in routing mode instead of
bridged mode which will allow each antenna to have it's own subnet.
User's will be authenticated via 802.1x with FreeRadius against an LDAP
data source. Upon authentication, I'll use
Or to make it cleaner and simpler, let the user roam to the AP's freely, and get an ip
address. But do not allow them to do anything until they create a client vpn to the
firewall. At which time the firewall will know there ip address and will setup all
the rules for there acess through the
Craven, James [EMAIL PROTECTED] wrote:
I am trying to set up FreeRADIUS to authenticate to a Kerberos server
first and then failover to an LDAP server if Kerberos is unavailable.
Can this be done and how? or would PAM be a better option?
It can be done. See doc/configurable_failover
Lefteris St [EMAIL PROTECTED] wrote:
On the user side were running window 2000 with SP4 and
the authentication patch.
Ok... but the configuration is more than just use EAP-TLS. Please
describe *exactly* the configuration you used.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
I would use LDAP to authorize and Kerberos to authenticate and slave
Kerberos servers for failover. I would also use PAM with Kerberos
modules. FWIW I would use LDAP authentication if something doesn't do
Kerberos.
On Tue, 2004-01-27 at 09:55, Craven, James wrote:
I am trying to set up
Hi all gurus of the world.
Very Sorry for this HUGE Email but
I have a problem configuring EAP with TLS. EAP with no TLS works fine.
This is the message I see even tho all files under certs are there and the compilation
was errorless.
---cut text
Module: Loaded eap
eap:
Yes the problem is on the Snapshot. I just compiled 0.9.3 release and it works fine.
-Yiannis
*** REPLY SEPARATOR ***
On 27/1/2004 at 10:36 Yiannis Samouhos wrote:
Hi all gurus of the world.
Very Sorry for this HUGE Email but
I have a problem configuring EAP with TLS.
Yiannis Samouhos [EMAIL PROTECTED] wrote:
I have a problem configuring EAP with TLS. EAP with no TLS works fine.
This is the message I see even tho all files under certs are there and the
compilation was errorless.
That doesn't mean everything compiled. It meant that nothing had
*errors*
Yes indeed what I meant is that there were no crash brakes on the compilation.
/usr/local/lib/rlm_eap_tls.la
for 0.9.3 it looks like it's there, there's no mschapv2 and peap in the release
though. :(
I am recompiling the snapshot again to look it up a bit closer..
*** REPLY
I am trying to set the Realm attribute based on the Called-Station-Id.
Doesn't look to work in users (not done soon enough). Does the hints file
support regex comparisons? I am needing the realm set before radiusd
reaches the authentication / authorization modules.
thanks
-Mike
-
List
Ok, here's some more info about my configuration on
the user-side:
I have installed the client and CA certificates
(cert-clt.p12, root.der) which I created using the
script described in Ken Roser's How-To
(doc/EAP/TLS.pdf). They seem to be working fine (the
TLS handshake doesn't complain about
Lefteri,
Rule of thumb.
If you have a Cisco AP you should use AAA,
For a Cisco client you don't need AAA.
-Yiannis
*** REPLY SEPARATOR ***
On 27/1/2004 at 2:13 ìì Lefteris St wrote:
Ok, here's some more info about my configuration on
the user-side:
I have installed the
Yiannis Samouhos [EMAIL PROTECTED] wrote:
Funny, everything compiles except radeapclient.c and the installer brakes
there ..
Ok. I've fixed it in the latest CVS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mike Sturdee [EMAIL PROTECTED] wrote:
I am trying to set the Realm attribute based on the Called-Station-Id.
Doesn't look to work in users (not done soon enough).
The users file updates the reply, and the check items. The Realm
is usually a property of the request list, so the users file
Lefteris St [EMAIL PROTECTED] wrote:
Note that since i don't have winXP, i use my card's
software to detect and connect to my AP.
Hmm... I'm not sure if that software has been tested with
FreeRADIUS.
I have also tried using PEAP and TTLS(SecureW2) but
(as was expected) to no avail.
The
23 matches
Mail list logo
