Phil Mayers <[EMAIL PROTECTED]> wrote:
> Why would samba4 be any different that samba3 in that regard?
Because Samba4 will be a full-fledged AD domain member. Samba3 is a
second-class citizen of an AD domain, as it implements NT domains.
> I assume we are talking about the same thing (samba as
Hello,
I'm under FreeBSD 6.0 - Freeradius 1.0.5
I did an install from the port (/usr/ports/net/freeradius) with
rlm_sql_mysql enabled.
I set radiusd_enable="YES" in "rc.conf"
But when I reboot, radius doesn't start and I got this in my
"/var/log/radius.log":
Sat Jan 28 00:39:55 2006 : Error:
Alan DeKok wrote:
Phil Mayers <[EMAIL PROTECTED]> wrote:
I'm confused - I and many people are doing MS-CHAP to an AD domain with
samba3, winbind and the ntlm_auth helper - what are you referring to
that doesn't work that samba4 would change?
Yes, they're using the old-style NT4 logins. So
That is what I thought but wasn't sure, I don't think the original
poster realized this though. I was directing this mostly toward him.
Thanks!
Alan DeKok wrote:
Rich Marriner <[EMAIL PROTECTED]> wrote:
Would seperating the queries with a semicolon work, but keeping both
quer
Both of these are if the queuing of the request failed; assertion should
be true.no in log just "Wed Jan 25 02:05:16 2006 : Error: Assertion failed in request_list.c, line 1119
"and Freeradius is crash 'n down i'll try to gat some information by running in debug mode but in debug mode, everythink i
>
> For now, run the server with "radiusd -s", which means no threads.
> That should help.
what's the efect if running the server with "radiusd -s" ?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"CHui" <[EMAIL PROTECTED]> wrote:
> Although it seems to work for me, I am not sure about the use of attribute
> Class for tracking user ID would interfere with other operation (like the
> one attribute Class was originally designed for)?
It was designed for local sites to do whatever they wan
Phil Mayers <[EMAIL PROTECTED]> wrote:
> I'm confused - I and many people are doing MS-CHAP to an AD domain with
> samba3, winbind and the ntlm_auth helper - what are you referring to
> that doesn't work that samba4 would change?
Yes, they're using the old-style NT4 logins. So MS-CHAP works.
Alan DeKok wrote:
Patrick Bartkus <[EMAIL PROTECTED]> wrote:
Does this mean that if I setup Samba on this box, get it to be a member of
the domain exchanging Domain UIDs and passwords, I could then authenticate
to Samba from my MS-CHAP-speaking NAS?
Possible. If it's an NT domain.
If it'
Jérémy Cluzel wrote:
Hello,
I want to do machine auth with PEAP for my laptop before windows logon.
I managed to do it with "ntlm_auth" before, but this time, I've another
problem, there is no PDC.
If there is no PDC, there's no domain, so there *is* no machine account.
You could use a machi
Hi,
> I have seen this problems a few time. I setup a Fedora Core 4 - Freeradius
> server with apache and when I try to login to the webserver it hangs the
> webserver. Note in this case the web server and Freeradius are on the same
> server. But I have also seen it where the web server and fre
Hi
When I try to open up the repository using
TortoiseSVN Checkout I receive the following error messages:
Error PROFIND request failed on'/'
Error PROFIND of '/': 405 Method Not Allowed
(http://192.168.1.75)
What is causing the
Error Message? and how do I correct it?
Thank you,
Frank
I have been looking for a way to maintain accurate wireless access and usage
information for security auditing purposes. The problem I have is that
wireless network users may choose to provide an alternative identity by
providing an outer identity in the supplicant software. Although the user
stil
Hi,
I have seen this problems a few time. I setup a
Fedora Core 4 - Freeradius server with apache and when I try to login to the
webserver it hangs the webserver. Note in this case the web server and
Freeradius are on the same server. But I have also seen it where the web server
and freera
=?ISO-8859-1?Q?J=E9r=E9my_Cluzel?= <[EMAIL PROTECTED]> wrote:
> I want to do machine auth with PEAP for my laptop before windows logon.
> I managed to do it with "ntlm_auth" before, but this time, I've another
> problem, there is no PDC.
> So, is it possible to use the "users" file instead like th
Rich Marriner <[EMAIL PROTECTED]> wrote:
> Would seperating the queries with a semicolon work, but keeping both
> queries under postauth_query? SQL should distinguish it as a seperate
> query. I haven't tried this so I am not sure if it would work or not.
That's what I thought I suggested earl
Hello,
I want to do machine auth with PEAP for my laptop before windows logon.
I managed to do it with "ntlm_auth" before, but this time, I've another
problem, there is no PDC.
So, is it possible to use the "users" file instead like this:
"computer_name" User-Password == ""
(As far as I rememb
Would seperating the queries with a semicolon work, but keeping both
queries under postauth_query? SQL should distinguish it as a seperate
query. I haven't tried this so I am not sure if it would work or not.
How about something like this?
postauth_query = "INSERT into ${postauth_table} (id, u
Murat Mığdısoğlu wrote:
Hi all,
I’m using freeradius with sybase using freetds and unixodbc. For some
purposes, i had to use stored procedures and changed sql statements in
sql.con to procedure calls like “EXEC -“.
I have to question at this point
1) has anyone used this method befo
"Seferovic Edvin" <[EMAIL PROTECTED]> wrote:
> but what if I "only" have session data in SQL?
Write a shell script that runs SQL queries and builds the packets to
send to radclient.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Stephen Walsh <[EMAIL PROTECTED]> wrote:
> Thanks for the reply. We ended up reverting the production box to FC3 and
> 1.01, only to have it fail with the same error!
I'm not surprised. I don't think it *ever* worked in 1.0.1.
> I also found an entry on a forum that referred to having to chang
Priscilla B <[EMAIL PROTECTED]> wrote:
> Do we have to make our own file for this Exec-Program
Yes. It's a program, like a shell script.
> Or if not, can someone give me an example of this
> file?
scripts/exec-program-wait
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.fr
"Carlo Prestopino" <[EMAIL PROTECTED]> wrote:
> The problem is that it seems that freeRADIUS does not recognize the new
> defined query (postauth_mac_query) in fact, looking at debug output, we
> can
> see calls to all other queries but not to the new one.
The source code to the module contains
Patrick Bartkus <[EMAIL PROTECTED]> wrote:
> Does this mean that if I setup Samba on this box, get it to be a member of
> the domain exchanging Domain UIDs and passwords, I could then authenticate
> to Samba from my MS-CHAP-speaking NAS?
Possible. If it's an NT domain.
If it's an Active Dire
Patrick Bartkus wrote:
Phil,
Thanks.
In another thread I read, you wrote:
---
The MS-CHAP module requires either the MD4-based NT password hash, the
plaintext password from which it can derive the NT has, or callout to
Samba & domain membership.
---
Does this mean that if I setup Samba on thi
Patrick Bartkus <[EMAIL PROTECTED]> wrote:
> I'm trying to authenticate an Ascend MAX dial-up server back to Windows
> Active Directory.
If the Access-Request contains CHAP, it's impossible.
CHAP requires a clear-text password, which AD doesn't supply.
Alan DeKok.
-
List info/subscribe/un
Phil, Thanks.In another thread I read, you wrote:---The MS-CHAP module requires either the MD4-based NT password hash, theplaintext password from which it can derive the NT has, or
callout toSamba & domain membership.---Does this mean that if I setup Samba on this box, get it to be a member of th
Hi all,
I’m using freeradius with sybase
using freetds and unixodbc. For some purposes, i had to use stored procedures
and changed sql statements in sql.con to procedure calls like “EXEC -“.
I have to question at this point
1) has anyone used this method before?
2) Examining
Thank you Alan for your reply.
As written by Paolo, we simply added a query (postauth_mac_query) to sql.conf file that gives back user’s MAC
address:
...
...
postauth_query
= "INSERT into ${postauth_table} (id, user, pass,
reply, date) values ('', '%{User
masetio wrote:
I used FS freeradius-snapshot-20060119 in Debian Sarge,
if FS running on daemon mode have error like :
Wed Jan 25 00:51:34 2006 : Info: Ready to process requests.
Wed Jan 25 02:05:16 2006 : Error: Assertion failed in request_list.c,
line 1119
'n crash
but if running in Debu
Patrick Bartkus wrote:
Please tell me someone has fixed this problem.
I'm trying to authenticate an Ascend MAX dial-up server back to Windows
Active Directory.
I am using a local unix group for authorization.
I have Pam set up on my system and it uses Kerberos 5 to authenticate to
AD just f
Torkel Mathisen wrote:
"Min Qiu" <[EMAIL PROTECTED]> wrote:
However, cut and past the crypted password from /etc/shadow to
the entry failed:
mqiuAuth-Type := Local, User-Password ==
"$1$CWOjXm2v$dzjrc385t1iQXMN0"
UseL Crypt-Password := "$1$CWOjXm...
I'm using PEAP/MS-CHAPv2 for au
George Chelidze wrote:
versions. Can I make some tests to narrow down the problem, or some
other actions.
Best Regards,
George
I suppose you could add some debug code to where you believe the calls
to waitpid should be/are
The way I read it, without threads it should be in
src/main/
http://www.freeradius.org/mod_auth_radius/
Frank Reiss wrote:
> Hi
>
> I would like to setup subversion and tortoiseSVN to use freeradius and am
> wondering ho to do this.
> I currently have Subversion setup with apache for authentication.
>
> Thank You,
> Frank Reiss
>
>
>
> ---
Hi
I would like to setup subversion and
tortoiseSVN to use freeradius and am wondering ho to do this.
I currently have Subversion setup with apache for
authentication.
Thank You,
Frank Reiss
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi,
the interesting part of the log posted is:
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 22
rlm_mschap: No User-Password configu
> "Min Qiu" <[EMAIL PROTECTED]> wrote:
> > However, cut and past the crypted password from /etc/shadow to
> > the entry failed:
> >
> > mqiuAuth-Type := Local, User-Password ==
"$1$CWOjXm2v$dzjrc385t1iQXMN0"
>
> UseL Crypt-Password := "$1$CWOjXm...
I'm using PEAP/MS-CHAPv2 for authenti
Hy all
I am going to install the rlm_ldap module in order to
make some easy and simple tests.
I am using:
FreeRadius 1.0.5
Solaris 9
** Which version of openldap do you recommend me to
install?
** Is it necessary to install OpenSSL in order to do
simple tests (not SSL connections)?
** And Cyru
Hi,
Hope someone can help me to give me a more detailed
explanation about Exec-Program.
I see this in the acct_users file.
DEFAULT Acct-Status-Type == Start
Exec-Program = "/path/to/exec/acct/start"
Do we have to make our own file for this Exec-Program
or is there already one provided
>1. How to configure the freeradius1.0.5
version, to support Active
>directory service for user authentication.
> For ldap .. we have rlm_ldap module to configure it.
Same kind of
>configuration is there for ADS also ??
Sumithra;
that part is quite easy. Here's what I've just done;
ldap {
Thanks
Guy, it was my mistake.
I
update the dictionary and i see the correct parameters.
Romao.
-Mensagem original-De:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]Em
nome de Guy DaviesEnviada em: quinta-feira, 26 de janeiro de
2006 17:59Para: FreeRadius users mailing
Please tell me someone has fixed this problem.I'm trying to authenticate an Ascend MAX dial-up server back to Windows Active Directory. I am using a local unix group for authorization.I have Pam set up on my system and it uses Kerberos 5 to authenticate to AD just fine.
But I'm getting:auth: type
> I have no idea. I've looked, and can't see anything that would
>affect that.
>
> Alan DeKok.
Hi Alan
Thanks for the reply. We ended up reverting the production box to FC3 and
1.01, only to have it fail with the same error!
I've since written a ldap module for each student campus/ou spec
Hi Alan,
thanks a lot for the input.
I already have the book now.
Santy
--- Alan DeKok <[EMAIL PROTECTED]> wrote:
> San <[EMAIL PROTECTED]> wrote:
> > How can we measure the users usage. Where should I
> put
> > the attribute session start and how i use the
> session
> > stop. (what are the comm
Min,
I have instaled FreeRadius from a RPM. I amd running FreeRadius as user
radiusd and group root.
Att,
Nataniel Klug
- Original Message -
From: "Min Qiu" <[EMAIL PROTECTED]>
To: "FreeRadius users mailing list"
Sent: Thursday, January 26, 2006 7:16 PM
Subject: RE: Problems System Au
Alan,
The server is running as user radiusd and group root.
Att,
Nataniel Klug
- Original Message -
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: "FreeRadius users mailing list"
Sent: Thursday, January 26, 2006 8:26 PM
Subject: Re: Problems System Auth with FreeRadius (/etc/shadow)
> "
hello,
I'm working with Cisco 3745 router, and I'm trying to move local AAA to
radius.
Local username database looks like this:
username user_a nopassword noescape
username user_a autocommand connect hostname..
In radius I did this:
user_a Auth-Type = Accept
cisco-avpair = "shell:
> "Torkel Mathisen" <[EMAIL PROTECTED]> wrote:
> > I read about the radkill program in the FAQ. However the link
doesn't
> > work so I was wondering if anyone had a new link to that program?
>
> google?
Tried that. No luck. None of the links I found worked. Not the link in
FAQ, not freshmeat.ne
I have append the query to the existing ones, but without it turns out to
you.
postauth_mac_query = "INSERT into ${authcheck_table} (UserName,
Attribute, op, Value) VALUES ('%{SQL-User-Name}'', 'Calling-Station-Id',
':=', '%{Calling-Station-Id}')"
postauth_query = "INSERT into ${postau
Dear All,
I want to set NAS-Port=100
to proxy request packet.
In my test, if the receive
packet has not NAS-Port attribute,
It will successful. If it
have, it will fail. The value will not modify.
Can anyone told me how to
modify attribute by rlm_exec module?
Regards,
Roger
50 matches
Mail list logo
