Hi,
How do I assign vlan base on authentication method.
Say if user is authenticated from ldap1 assign vlan1,
if user is authenticated from ldap2 assign vlan2. How
do I configure radius to do this?
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has
[EMAIL PROTECTED] wrote:
hi,
it doesnt work. What you are trying to do will work with the full
config in place
So it does. Thanks for the info.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-Matthew
-
List info/subscribe/unsubscribe? See http://ww
So, how can I configure radius to authenticate off
ldap2 once ldap1 rejects the user because of a bad
password.
I want to radius to:
Lookup in ldap1 : If rejected because of a bad
password
then do
Lookup in ldap2
Basically I want radius to go through a sequence of
lookup if ldap1 fails(ldap re
hi,
1) I would suggest that at this stage you upgrade to 1.1.2 rather
than starting out with an old version
2) I would also suggest that you start with the main full config
and then strip out stanzas one-by-one UNTIL it breaks. then you'll
know why its broken rather than strip everything out and
Message: 6
Date: Fri, 16 Jun 2006 09:44:29 -0700 (PDT)
From: fvt3 <[EMAIL PROTECTED]>
Subject: Re: Two Ldaps Authentication
To: FreeRadius users mailing list
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=iso-8859-1
Alan,
This is what I have in my radius.conf
Autz-
hi,
the guide you are following - using ntlm_auth against AD, binding into
AD etc is really geared up for doing EAP (PEAP MSCHAPv2 in particular)
what _you_ are attempting to do with RADIUS for login authentication
of the cisco switches/routers involves plaintext passwords...int his
case you'd wan
Hello all,
I am trying to get a basic freeradius 1.0.4 server configured to
authenticate users from the local unix password/group databases on a
FreeBSD 6.1 box. The end result is to get ipsec-tools to do user
authentication for some development and testing. I have pared down my
radius.c
Thanks, this is a start.
Dylan
Dylan Haines - IT Support Specialist
[EMAIL PROTECTED]
CNA, A+, Network+, ACDT
South Shore Regional School Board
Nova Scotia
902-624-2127
>>> [EMAIL PROTECTED] 6/16/2006 12:54 pm >>>
"Dylan Haines" <[EMAIL PROTECTED]> wrote:
> Is there any step-by-step intro availa
I'll do that, however unless the fail-over has something to do with
freeradius, we already do it (with our access servers)... the problem
is... freradius is sending a reject packet back when it doesn't get a
responce from the database
EXAMPLE:
Database server gets restarted (for whatever reas
Alan,
This is what I have in my radius.conf
Autz-Type LDAP1{
ldap_ldap1{
invalid=return
}
ldap_ldap2
}
Auth-Type LDAP1 {
redundant{
ldap_ldap1{
"Doug White" <[EMAIL PROTECTED]> wrote:
> Here is the output of the Radiusd -X and the attempted telnet login to
> the switch:
...
You've sent it an authentication request with a clear-text password,
and told it to use /etc/passwd for authentication. The user isn't in
/etc/passwd, so authentica
Geoffroy Arnoud <[EMAIL PROTECTED]> wrote:
> I have question for those who use rlm_detail module. I saw in source
>code that this module is thread unsafe. My understanding is that will
>not avoid FreeRADIUS to run multi-thread, but that only one thread
>will be able to log details at a time. Am I r
On Fri, 2006-06-16 at 09:16 -0400, Alan DeKok wrote:
> John Horne <[EMAIL PROTECTED]> wrote:
> > A minor question really. I have just upgraded a server from Fedora Core
> > 3 (freeradius 1.0.1) to FC5 (freeradius 1.0.5). I notice that when I
> > start freeradius on FC5 (using 'service radiusd start
"Dylan Haines" <[EMAIL PROTECTED]> wrote:
> Is there any step-by-step intro available on the web, we are getting
> bogged down in a mass of details and conf files.
Install the server. Test it with a simple user in the "users" file,
as suggested in the FAQ.
Once that works, see http://www.fre
fvt3 <[EMAIL PROTECTED]> wrote:
> Hi, I am trying to setup Freedius to have multiple
> ldap authentication. I want to authenticate off
> ldap1, then ldap2 then mysql.
No, you don't. For one, MySQL doesn't do authentication. Neither
does LDAP, really.
What you probably mean is that you want
John Horne <[EMAIL PROTECTED]> wrote:
> Ah. Any ideas of what to look at? I've checked the radiusd.conf and the
> syslog.conf file but cannot really see anything wrong. I'll grab the RPM
> source and see if I can see what happens.
There's nothing wrong in the config, put it down to a bug in the
Hello,I am trying to walk through the following
document:http://homepages.lu/charlesschwartz/radius/freeRadius_AD_tutorial.pdfin
order to authenticate Cisco router and switch logins
againstFreeRadius/Active Directory. Using the HowTo, I have
successfullyjoined a FC2 box to our Windows 2003 AD
Hi, I am trying to setup Freedius to have multiple
ldap authentication. I want to authenticate off
ldap1, then ldap2 then mysql. If authentication fail
in ldap1, then go to ldap2. Ldap1(ldap) and
ldap2(AD). Here is my configuration
Modules {
ldap ldap1 {
}
ldap ldap2{
}
}
instantiate{
ldap1
ld
Hi all,
I have question for those who use rlm_detail module. I saw in source code that
this module is thread unsafe. My understanding is that will not avoid
FreeRADIUS to run multi-thread, but that only one thread will be able to log
details at a time. Am I right?
Second question: does anybody
Sorry, I messed up the subject, corrected above.
We have now found the correct templates folders but are still a bit in the dark
as to where to start.
/etc/e-smith/templates-custom/etc/raddb and radiusclient (copied from the
templates folder)
Dylan
Dylan Haines - IT Support Specialist
[EMAIL
On Jun 16, 2006, at 1:39 AM, [EMAIL PROTECTED] wrote:
Hi,
The above ONLY works when the username supplied by the Openvpn
client is found in the passwd file on the Openvpn server. Yes
it does use the radius server to authenticate.
As you can imagine this is not the behavior I want.
seems f
On Fri, 2006-06-16 at 09:16 -0400, Alan DeKok wrote:
> John Horne <[EMAIL PROTECTED]> wrote:
> > A minor question really. I have just upgraded a server from Fedora Core
> > 3 (freeradius 1.0.1) to FC5 (freeradius 1.0.5). I notice that when I
> > start freeradius on FC5 (using 'service radiusd start
I think that authenticating everyone if the database went down would be
called 'foolsafe' :) If your database is down you're out of business.
There are much better 'failsafe' methods - search for fail-over in the
FreeRadius documentation.
Matt wrote:
Ok,
Well with no answer to this question
Hi, we are looking at setting up FreeRadius on a test SME 7 box for the first
time - we are using an AOpen AP as a test AP.
Is there any step-by-step intro available on the web, we are getting bogged
down in a mass of details and conf files.
Thanks for any pointers.
Dylan
Dylan Haines - IT S
Ok,
Well with no answer to this question let me ask it another way...
In the event of database (via ODBC) failure... is there a way I can
make the radius server go into "failsafe" mode, and just authenticate
anything?
On 6/15/06, Matt <[EMAIL PROTECTED]> wrote:
Hi,
We use FreeRadius with unixOD
John Horne <[EMAIL PROTECTED]> wrote:
> A minor question really. I have just upgraded a server from Fedora Core
> 3 (freeradius 1.0.1) to FC5 (freeradius 1.0.5). I notice that when I
> start freeradius on FC5 (using 'service radiusd start') a message is
> sent to stdout:
>
> Fri Jun 16 12:06:59
Stefan Winter ha scritto:
Hi!
It is incredible! I have just installed SecureW2 and all is ok now!
Have you any idea why XP SP2 didn't work? For my user will be more
comfortable use XP interface instead install and use SecureW2.
I guess that is because Windows XP requires the TLS Server Certif
Hi!
> It is incredible! I have just installed SecureW2 and all is ok now!
> Have you any idea why XP SP2 didn't work? For my user will be more
> comfortable use XP interface instead install and use SecureW2.
I guess that is because Windows XP requires the TLS Server Certificate
Extension to be p
Hello,
A minor question really. I have just upgraded a server from Fedora Core
3 (freeradius 1.0.1) to FC5 (freeradius 1.0.5). I notice that when I
start freeradius on FC5 (using 'service radiusd start') a message is
sent to stdout:
Fri Jun 16 12:06:59 2006 : Info: Starting - reading configurat
Matt wrote:
> "There are no DB handles available" instead of reconnecting... the
> only way I've found to reconnect, is to restart...
>
> Any comments or thoughts on this problem?
Please upgrade FreeRADIUS to version 1.1.2.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http:
Michael Chernyakhovsky wrote:
> we need close outfd right before "return RLM_MODULE_FAIL;" at line 236.
... or get the fixes from CVS head which solve many other problems
in rlm_detail. (for example file renamed or unlinked by another
program)
Everyone will save a considerable amount of time if
Thanks for the reply!
> [EMAIL PROTECTED] wrote:
> > By itself, this works and no zombies are left behind, as expected.
However,
> > when used with FreeRadius, zombies are left behind.
> FreeRADIUS has a wrapper around fork() that modules are expected to
> use. The reason is that the server is
"Alan DeKok" <[EMAIL PROTECTED]> writes:
> So don't get picky about RFC violations. Blind adherence to a
> specification is counter-productive.
Absolutely. I do acknowledge that RADIUS is one of many protocols
where real-life experience and common practice is much more important
than the actu
hello, everybody.
my radius use a rlm_perl module, wich open and write some
informations to files. also it use rlm_detail but without locking.
2 days ago i add second rlm_detail to config with option
"locking = yes".
since i got 2 files with corrupted datas which accessed by rlm_perl.
i think
Hi,
> The above ONLY works when the username supplied by the Openvpn
> client is found in the passwd file on the Openvpn server. Yes
> it does use the radius server to authenticate.
>
> As you can imagine this is not the behavior I want.
seems fine to me - but as you don't say what bahaviour yo
35 matches
Mail list logo