I was just hoping someone here could explain to me how the radius server
process works.
My situation will be authorizing for DSL.
I think the process is: My DSL wholesaler gets requests for a logins
under my realm to their NAS, then sends it to me, then I send back a yes
or no answer.
My questio
"sumi thra" <[EMAIL PROTECTED]> wrote:
> What you are saying is correct. But, i want proxy the request for some users
> and for others i still want to use ldap .. in that case the users file will
> have the policy for using LDAP & the proxy.conf file will have the realms
> configured.
That's pre
Firstly, I am attempting to get XP/OSX clients to connect to a 802.1x
WLAN provided by a cisco wlan controller. This is currently backed by
ACS and works, but i'd like to use FreeRADIUS is possible, with half
my users in LDAP and half in MySQL.
The setup uses PEAP, however am I correct in thin
Dear FreeRADIUS users,
Firstly, I am attempting to get XP/OSX clients to connect to a 802.1x
WLAN provided by a cisco wlan controller. This is currently backed by
ACS and works, but i'd like to use FreeRADIUS is possible, with half my
users in LDAP and half in MySQL.
The setup uses PEAP, how
Hi Alan,
Thanks for your reply.
What you are saying is correct. But, i want proxy the request for some users and for others i still want to use ldap .. in that case the users file will have the policy for using LDAP & the proxy.conf file will have the realms configured.
When the server finds a
Nope, it's in my authorize section which is:
Sure it is since the password is read from the LDAP authorize backend ;-)
My authenticate section (notice LDAP is commented out):
authenticate {
# Auth-Type LDAP {
# ldap
# }
}
The first line in my users file for my
"Matt Ashfield" <[EMAIL PROTECTED]> wrote:
> My authenticate section (notice LDAP is commented out):
...
> The first line in my users file for my Access Point is:
> DEFAULT Auth-Type = ldap
You configured the server to NOT do LDAP authentication, and then
told it to do LDAP authentication.
It
"Matt Ashfield" <[EMAIL PROTECTED]> wrote:
> I guess the obvious question is why can't the Radius server simply perform a
> bind attempt to the LDAP server during authentication, as opposed to trying
> to compare the password received by the authenticator to the ssha-1 password
> stored in ldap?
Dave <[EMAIL PROTECTED]> wrote:
> types/rlm_eap_tls/rlm_eap_tls.c:SSL_set_ex_data(ssn->ssl, 0,
> (void *)handler);
> types/rlm_eap_tls/rlm_eap_tls.c:SSL_set_ex_data(ssn->ssl, 1,
> (void *)inst->conf);
>
> Found in the modules/rlm_eap
Please go back and read your earlier messages
Nope, it's in my authorize section which is:
authorize {
preprocess
chap
mschap
suffix
eap
ldap
}
My authenticate section (notice LDAP is commented out):
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP
That was it. Thanks!
Greg
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
us.org] On Behalf Of Alan DeKok
Sent: Wednesday, July 12, 2006 8:54 PM
To: FreeRadius users mailing list
Subject: Re: error unknown host, but it is configured in clients.conf
"Greg Hartung" <
> rad_check_password: Found Auth-Type ldap
> auth: type "LDAP"
> ERROR: Unknown value specified for Auth-Type. Cannot
Is the ldap module defined in your authenticate section ?
Regards,
Thibault
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I think I'm having similar problems. Trying to do EAP-TTLS against LDAP with
passwords stored in ssha-1 I get the following in my debug:
rlm_ldap: Added password {SSHA}sBKY63Qm0H8T/Rx25tveoZfGaYd9Rjk45TCrWA== in
check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for re
> I guess the obvious question is why can't the Radius server
> simply perform a bind attempt to the LDAP server during
> authentication, as opposed to trying to compare the password
> received by the authenticator to the ssha-1 password stored in ldap?
Because, in PEAP, the client doesn't sen
Hi,
> I guess the obvious question is why can't the Radius server simply perform
> a bind attempt to the LDAP server during authentication, as opposed to
> trying to compare the password received by the authenticator to the ssha-1
> password stored in ldap?
I guess the obvious answer is that it c
Hi,
I'm going to ask a follow-up questions here so I'll be better equipped to
answer the same question from others when I explain that we cannot do
802.1x-PEAP with ssha-1 passwords stored in ldap.
>From what I understand, the reason this won't work is because ssha-1
passwords are 1-way encrypte
Hi together,
I configured freeradius 1.1.2 with ip-pools. Everything works fine so far. But
now I want to use rlm_sqlippool module to change from flat files to mysql
database for my ip pools (to achive greater performance, hopefully)
So far I have compiled the rlm_sqlippool and the module libra
Hi,
> Hi all,
>
> My company use Cisco wireless AP (access point). When we use 802.11b radio
> AP, we can assign users vlan through Freeradius. But the same setting
> doesn't work on 802.11g radio AP. Can anybody help.
it sounds like you are only acting upon a certain type - if the RADIUS
attri
Thanks to...
Alan DeKok
Phil Mayers
Thibault Le Meur
Excellent pointers guys!
Thanks for your help
Rob
--
Rob Shepherd | Computer and Network Engineer | Technium CAST | LL57 4HJ
[EMAIL PROTECTED] | 01248 675024 | 07776 210516
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/
> My company use Cisco wireless AP (access point). When we use
> 802.11b radio
> AP, we can assign users vlan through Freeradius. But the same setting
> doesn't work on 802.11g radio AP. Can anybody help.
>
Check you new AP documentation for the Radius Reply Attribute format they
expect from
Hi all,
My company use Cisco wireless AP (access point). When we use 802.11b radio
AP, we can assign users vlan through Freeradius. But the same setting
doesn't work on 802.11g radio AP. Can anybody help.
Thanks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.h
21 matches
Mail list logo