Is there a way of getting radius to authenicate on the username before
the @ sign and ignore the realm?
Yes, but you have to edit the users file to get rid of the
@realm portion, and configure the realms as LOCAL ones.
The object is to not to have to configure any realms as local.
So that
sumi thra [EMAIL PROTECTED] wrote:
Please find my users file configuration error message below
...
/var/etc/raddb/users[2]: Unexpected trailing comma in check item list for
entry DEFAULT
Ok...
DEFAULT ldap_primary-Ldap-Group == group1,Wlan-Index =~
\_rad\_test1\{,Login-Time :=
On 4/25/06, Alan DeKok [EMAIL PROTECTED] wrote:
sumi thra [EMAIL PROTECTED] wrote: Please find my users file configuration error message below... /var/etc/raddb/users[2]: Unexpected trailing comma in check item list for
entry DEFAULTOk... DEFAULT ldap_primary-Ldap-Group == group1,Wlan-Index =~
Hello,
I'm working on a project.
I'm searching how to make freeradius (when receiving a request
from a radius client) request itself a dynamic IP address to a
dhcp server and write it in the attribute Framed-IP-Address.
Any advice is welcome.
Philippe B.
Accédez au courrier électronique de
My problem with the configuration above described is my RADIUS proxy doesn't
active fallover. It means the first entry falis, freeradius doesn't verify
the following entry of domain1. I test putting the label:
ldflag = fail_over
in the description os a realm entry. Whay can I
I have a freeradius 1.1.0 and a DB with all my users. I have two kinds of
users:
* users who can connect to all hotspots
* user who can only connect to one or some hotspots.
Actually I can use a script in Exec-Program-Wait property to differenciate,
but I don't seem a very clean method.
On 4/25/06, sumi thra [EMAIL PROTECTED] wrote:
On 4/25/06, Alan DeKok
[EMAIL PROTECTED] wrote:
sumi thra [EMAIL PROTECTED] wrote: Please find my users file configuration error message below
... /var/etc/raddb/users[2]: Unexpected trailing comma in check item list for
entry DEFAULTOk... DEFAULT
Hi list,
I'm using freeradius 1.1.1 (debian Sarge) that has all user stored in a
MySQL database.
Let's say I have 10 LNS, but I can only push 2 at a time using
Tunnel-Server-Endpoint. Does anyone know of an easy way of dynamically
assigning the Tunnel-Server-Endpoint ? (just the way ippool
Hi Freeradius friends!
I am programming a proxyRadius (FreeRadius v1.88.2.3 in Debian) in order to
write a Session-Tiemout attribute with a value =3600 if the attribute
doesn't exist yet.
I have defined an instance of attr_rewirte called setSessionTimeout3600
with append=no, new_attribute=no,
hi
i have tested eap-tls authentication method and it works
i have tested peap authentication method and ot works
but i would like to FORCE the supplicant to send the certificate in the
peap authentication
i have added
DEFAULT
Hello, I've installed freeradius and I've configured it to comunicate with
mysql...all work fine, but I don't understand the meaning of the mysql
database structure and all the possible values I can put in the database...if
someone could illuminate me.
Thanks in advance
-
List
hiMy authentifacation, with the users freeradius files, start and run perfectly. But now I would like to use Ldap.What is the configuration for it? PleaseThanks a lot for your help.
Faites de Yahoo! votre page d'accueil sur le web pour retrouver directement vos services
Mario Casola [EMAIL PROTECTED] wrote:
Hello, I've installed freeradius and I've configured it to comunicate with
mysql...all work fine, but I don't understand the meaning of the mysql
database structure and all the possible values I can put in the database...if
someone could illuminate me.
Philippe Bacquaert [EMAIL PROTECTED] wrote:
I'm searching how to make freeradius (when receiving a request
from a radius client) request itself a dynamic IP address to a
dhcp server and write it in the attribute Framed-IP-Address.
You write a scipt around dhclient, which might work. Or, use
=?iso-8859-1?B?U2FudGlhZ28gQmFsYWd1ZXIgR2FyY+1h?=
[EMAIL PROTECTED] wrote:
I have a freeradius 1.1.0 and a DB with all my users. I have two kinds of
users:
* users who can connect to all hotspots
* user who can only connect to one or some hotspots.
Actually I can use a script
Francois-Xavier GAILLARD [EMAIL PROTECTED]wrote:
Let's say I have 10 LNS, but I can only push 2 at a time using
Tunnel-Server-Endpoint. Does anyone know of an easy way of dynamically
assigning the Tunnel-Server-Endpoint ? (just the way ippool does for the
Framed-IP-address)
Use an external
[EMAIL PROTECTED] wrote:
i have added
DEFAULT EAP-TLS-Require-Client-Cert := Yes
in the users file
but the supplicant (windows XP) do not send the certificate ...
That configuration tells the server to reject the clinet UNLESS it
sends the certificate. It
quick, very short and uncomplete answer :)
*check tables:information which have to be checked from freeRADIUS, like
user password
*reply tables:information which freeRADIUS sends back to your NAS (e.g.
IP-pool, data rate etc.)
*acct tables: here are the accounting information stored by
TS [EMAIL PROTECTED] wrote:
The object is to not to have to configure any realms as local.
That conflicts directly with your requirement to allow users to log
in as user or [EMAIL PROTECTED].
If I have a user whose username is [EMAIL PROTECTED] I can easily specify
arealm.com as local. But
Hi All,
In eap.conf under the tls section the comments for CA_file
= says its a list. Can someone tell me what the separator is? Im
assuming its a space, I have looked around but have not found any reference.
Also, are the private_key_file and certificate_file
parameters list too?
Santiago Balaguer García wrote:
I have a freeradius 1.1.0 and a DB with all my users. I have two kinds
of users:
* users who can connect to all hotspots
* user who can only connect to one or some hotspots.
Actually I can use a script in Exec-Program-Wait property to
differenciate, but I
We are trying to setup a hotspot-type system on campus for easy
wireless access since we are planning to go all laptops in the near
future.
Right now, we are trying to get a braindead WPA setup working (couple
hundred students + wep key or passkey + 2 IT people = pain).
Basically, we want ANYONE
These aren't lists to my knowledge. Each takes a single filename. If
you need multiple CA certificates, you can concatenate each of the PEM
files into a single file and use that as your CA_file.
--Mike
Sochacki, Kevin wrote:
Hi All,
In eap.conf under the tls section the comments for
Mark D. Montgomery II [EMAIL PROTECTED] wrote:
Basically, we want ANYONE to be able to hit connect on the access point
and get a WPA connection (with minimal tweaking to windows settings to
make it work and without them having to enter their username and pass).
They still need a username
Okay, i want radius to look at two trees in ldap, one tree for dial-up
one tree for dsl (so a user with a static ip in dsl gets a dynamic ip in
dial-up).
my huntgroup is like this:
dialip1
dialip2
dialip on local box for testing
dsl ip3
dsl ip4
dsl ip on local box for
Try this in your radiusd.conf:
basedn = ou=%{Huntgroup-Name},ou=radius,dc=mtaonline,dc=net
You will need to either rename your dial huntgroup to people to
match your ldap structure or you can change the profile OU to be dial.
Either way, this setup is working for me.
Ben
this works!
On Tuesday 25 April 2006 01:43, TS wrote:
What does debugging mode say?
Exactly what you'd expect it to say if the realm isn't in proxy.conf:
#
rad_recv: Access-Request packet from host 127.0.0.1:33499, id=115,
length=68 User-Name = [EMAIL PROTECTED]
User-Password = acc355
27 matches
Mail list logo