Add a secondary ldap server to radiusd.conf

Hello, how can I add a secondary ldap server to radiusd.conf for failover? Regards Boert - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius+AD integration

shrikant Bhat wrote: > Hi, > I am trying to integrate freeradius with ADS 2003. I reffred to > http://deployingradius.com/documents/configuration/active_directory.html > . > everything works perfectly fine till ( $ ntlm_auth

Re: EAP-TLS authentication

Hi Alan I am trying to implement EAP-SIM using freeradius. which versions of freeradius provide support for that. I am using Win XP sp2 as supplicant, castelnet AP and freeradius 1.1 on suse linux 10.1 what additional hardware and software do i require? is there any how to on net for implementing

Re: Add a secondary ldap server to radiusd.conf

O/H Hubert Kupper έγραψε: > Hello, > > how can I add a secondary ldap server to radiusd.conf for failover? > Just create a second ldap module instance with the secondary ldap server configuration and read doc/configurable_failover > Regards > Boert > - > List info/subscribe/unsubscribe? See h

[how] installing

any body can help me how to install and configure RADIUS on CentOS thanks before - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Problem with realm

Hi, I'm trying to configure freeradius for Authentication with username and pwd. It works if I enter the information directly, but if i configure the client to authenticate with username and password, it transmitts HOSTNAME\USERNAME. I discovered realms, but i can't get it work. I hope that you

RE: [how] installing

www.deployingradius.com or yum install freeradius vi /etc/raddb/* or wget ftp://ftp.freeradius.org:/pub/radius/freeradius-1.1.6.tar.bz2 tar -xjvf freeradius-1.1.6.tar.bz2 cd freeradius-1.1.6 ./configure make make install vi /etc/raddb/* seriously, your question is just SO open. alan - Li

RE: FreeRadius+AD integration

Hello Alan, I am trying to authenticate my cisco device login using freeradius, freeradius should look into my win2003 ad for user information. I agree I may have missed out something from the instruactions, I have attached my radius.conf and eap.conf file. why have you put the ntlm_auth line li

rlm_ldap: Attribute "User-Password" is required for authentication. HELP Please

My problem is the ldap password retrieved from the windows client is not being sent to the ldap server. So I get that error when trying to login. I have added checkItem userPassword User-Password but it still complains of the same error. The weird thing is It was working fine friday.

Re: Cannot run radiusd - error loading shared libraries

On Mon 23 Apr 2007, [EMAIL PROTECTED] wrote: > Platform Suse 9.0 Hi Eugene If you a really running SUSE 9.0 then I highly recommend you upgrade as 9.0, 9.1, 9.2 and 9.3 are all End-of-Life. (I recommend 10.2 as the best version to upgrade to). If you are actually running SUSE Linux Enterprise

override ldap reply attribute

Hi Guys, I have maybe a quite simple question: is there any way to override the default ldap-reply attribute with an other value than there is in ldap. i.e.: users-file: Default Called-Station-Id = "00-1A-30-2F-11-50:Test", Airespace-Interface-Name := 777 ldap.attrmap: replyItem Aire

Re: Add a secondary ldap server to radiusd.conf

Hubert would you mind showing me how you map the ldap password to the radius password. Ive Tried "checkItem userPassword User-Password" but the radius debug logs complain that it Needs User-Password still :| On 4/23/07, Hubert Kupper <[EMAIL PROTECTED]> wrote: > Hello, > > how can I add a seconda

Re: override ldap reply attribute

O/H [EMAIL PROTECTED] έγραψε: > Hi Guys, > > I have maybe a quite simple question: > > is there any way to override the default ldap-reply attribute with an other > value than there is in ldap. > > i.e.: > > users-file: > > Default Called-Station-Id = "00-1A-30-2F-11-50:Test", > Airespace-Interfa

Re: FreeRadius+AD integration

I tried with the following in the authenticate section Auth-Type ntlm_auth { mschap am not sure about the protocol i need to use here } I have attached the debug window output *

FR + LDAP + ADS 2003 password questions

here is a 57kb tar.gz of my /etc/raddb folder containing all configs. http://rapidshare.com/files/27470184/20070420_ldap_working.tar.gz.html -- Hello I have been reading everything I can get my hands on to resolve this problem Im having. The error message related to this problem: Attribute "User-

Re: FreeRadius+AD integration

shrikant Bhat wrote: > I tried with the following in the authenticate section > > Auth-Type ntlm_auth { >mschap am not sure about the > protocol i need to use here The web page says to just put "ntlm_auth" in the "authenticate" section. It doesn't say y

Re: rlm_ldap: Attribute "User-Password" is required for authentication. HELP Please

Jacob Jarick wrote: > My problem is the ldap password retrieved from the windows client is > not being sent to the ldap server. The problem is that you have configured "Auth-Type := LDAP", and then sent the server an 802.1x authentication request. Do NOT set Auth-Type = LDAP. This is repeated a

Re: Problem with realm

Christian Hohmann wrote: > Hi, > > I'm trying to configure freeradius for Authentication with username and pwd. > It works if I enter the information directly, but if i configure the client > to authenticate with username and password, it transmitts HOSTNAME\USERNAME. > I discovered realms, but

Re: FR + LDAP + ADS 2003 password questions

Jacob Jarick wrote: > Is it true that the only way to authenticate against active directory > is using ntlm_auth ? For ms-chap, yes. > I have been specifically asked not to use the ntlm_auth method against > AD out of security cocerns from having samba installed. I cant see the > risk of having

Re: rlm_ldap: Attribute "User-Password" is required for authentication. HELP Please

Thanks again Alan, For reference the oriellys LDAP book instructs you to set "Auth-Type := LDAP" so thats where I got the bad reference (perhaps other people to). Now lets see if I understood the tables correctly. PAP is the only method that will support LDAP bind as user ? I should comment out

Re: FreeRadius+AD integration

My apologies for that mistake.. I have the following lines in modules section exec ntlm_auth { wait = no program = "/usr/bin/ntlm_auth --request-nt-key --domain=MYDOMAIN.COM --username=%{mschap:User-Name} --password=%{User-Password}" and I have ntlm_auth listed

Re: rlm_ldap: Attribute "User-Password" is required for authentication. HELP Please

Jacob Jarick wrote: > Thanks again Alan, > For reference the oriellys LDAP book instructs you to set "Auth-Type > := LDAP" so thats where I got the bad reference (perhaps other people > to). Yes. There is a LOT of documentation (web pages, etc.) that say to do the wrong thing. It's unfortunate

Re: FR + LDAP + ADS 2003 password questions

Sorry to pester u Alan :P Does mschapv2 also support ntlm_auth ? and now that I understand your tables (well I think) I should be able to persuade my employer to use ntlm and firewall the the samba ports. On 4/23/07, Alan DeKok <[EMAIL PROTECTED]> wrote: > Jacob Jarick wrote: > > Is it true that

Re: FreeRadius+AD integration

shrikant Bhat wrote: > My apologies for that mistake.. > > I have the following lines in modules section > exec ntlm_auth { > wait = no > program = "/usr/bin/ntlm_auth --request-nt-key > --domain=MYDOMAIN.COM > --username=%{mschap:User-Name} --password=%{User-Pas

Re: override ldap reply attribute

Kostas Kalevras wrote: > O/H [EMAIL PROTECTED] έγραψε: > > Hi Guys, > > > > I have maybe a quite simple question: > > > > is there any way to override the default ldap-reply attribute with an > other value than there is in ldap. > > > > i.e.: > > > > users-file: > > > > Default Called-Station-Id =

Re: rlm_ldap: Attribute "User-Password" is required for authentication. HELP Please

Forgive the newbie questions but I think its best to clear up confusion. client -> cisco -> FR server = eap FR -> ADS 2003 = pap Is that correct or am I way off track. On 4/23/07, Alan DeKok <[EMAIL PROTECTED]> wrote: > Jacob Jarick wrote: > > Thanks again Alan, > > For reference the oriellys L

Radisus and OTP inetegration

Hi all, I have to find a solution that integrates the use of OTP (One Time Password ) as a second factor authentication in addition to the first factor authentication (witch is generally username and password) to an existing authentication System. This solution should be integrated easily to th

Re: override ldap reply attribute

O/H Chaos Commander έγραψε: > Kostas Kalevras wrote: > > >> O/H [EMAIL PROTECTED] έγραψε: >> >>> Hi Guys, >>> >>> I have maybe a quite simple question: >>> >>> is there any way to override the default ldap-reply attribute with an >>> >> other value than there is in ldap. >> >>>

Re: FR + LDAP + ADS 2003 password questions

Jacob Jarick wrote: > Sorry to pester u Alan :P > > Does mschapv2 also support ntlm_auth ? Yes. The mschap module does both mschapv1 and mschapv2. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscrib

Autotools related problems in freeradius 1.1.6

Greetings to all in the list. I'd like to report an issue in the build scripts of freeradius. I tried to build version 1.1.6 but the problem exists in earlier versions too. If I do ./configure --prefix=/opt/freeradius the build scripts presume that --enable-developer is true. This has the eff

Re: FR + LDAP + ADS 2003 password questions

Thanks On 4/23/07, Alan DeKok <[EMAIL PROTECTED]> wrote: > Jacob Jarick wrote: > > Sorry to pester u Alan :P > > > > Does mschapv2 also support ntlm_auth ? > > Yes. The mschap module does both mschapv1 and mschapv2. > > Alan DeKok. > -- > http://deployingradius.com - The web site of t

FR + LDAP + PAM + encryption question

>From my recent thread with Alan, I have gathered that ldap only supports PAP. PAP sends the password in plain text. Is it possible to encasuplate PAP inside another protocol say EAP to prevent from packet sniffers etc. Failing that is it possible to asign vlans bases on ldap primary group via t

Re: Autotools related problems in freeradius 1.1.6

Kostas Zorbadelos wrote: > If I do > > ./configure --prefix=/opt/freeradius > > the build scripts presume that --enable-developer is true. That may be an issue only in 1.1.6. You should be able to change it by doing --disable-developer. > This has > the effect that -DNDEBUG is not defined i

Re: FreeRadius+AD integration

shrikant Bhat wrote: > 1.The document says adding exec ... to the modules section and then > listing ntlm_auth in the authenticate section. when I have exec > ntlm_auth in modules section and ntlm_auth listed in authenticate > section I get 'Unknown Auth-Type "exec" in authenticate section' > erro

Re: FR + LDAP + PAM + encryption question

Jacob Jarick wrote: > Is it possible to encasuplate PAP inside another protocol say EAP to > prevent from packet sniffers etc. Please stop worrying about how RADIUS works. It's fine. Packet sniffers can't grab the PAP passwords. > Failing that is it possible to asign vlans bases on ldap pri

Re: FR + LDAP + PAM + encryption question

lol, I admit I am a stress case :P One more question before crashing out tonight, which would u say is a more secure method ntlm_auth -> win2k3 ADS or ldap -> win2k3 ADS considering the encryption / encapsulation methods available. Or is this another instance where Im over thinking the isssue.

Re: FreeRadius+AD integration

nifty, this will be next on my list to figure out :P On 4/23/07, Alan DeKok <[EMAIL PROTECTED]> wrote: > shrikant Bhat wrote: > > 1.The document says adding exec ... to the modules section and then > > listing ntlm_auth in the authenticate section. when I have exec > > ntlm_auth in modules sectio

SCRIPT to convert the radacct details log files into mysql or csv file.

hi all, I have an sql.conf as below and for almost three weeks now, its not logging my calls as successful calls again except some few ones but the detailed log files shows that they are successful calls. am using freeradius-1.1.4, mysql-5.0.18 on fedora core 5. my sql.conf is as below. 1. I wil

NAS not accepting the Access-Accept?

HI, I have a network switch that I'm trying to configure to allow Console port authentication via RADIUS. In the documentation of the switch it says: "To provide each user with appropriate levels of access to the switch, set the following username attributes on your RADIUS server: - R/W access --

Re: NAS not accepting the Access-Accept?

Hi, > In the documentation of the switch it says: > "To provide each user with appropriate levels of access to the switch, set > the following username attributes on your RADIUS server: > - R/W access -- Set the Service-Type field value to Administrative > - Read-Only -- set the Service-Type field

PEAP/EAP-TLS with client and server certificate

Hi, I´m trying to configure freeradius with PEAP + EAP-TLS, but I´m making some confusion to configure the radiusd.conf (sections authorize and authentication) and eap.conf. Have someone implemented this configuration? In the eap.conf file the default e

Re: rlm_ldap: Attribute "User-Password" is required for authentication. HELP Please

So the big question is, what Auth-Type do I use ? If LDAP is not permitted (still confuses me as I only need / want radius to authenticate against LDAP) what Auth-Type do I set in the users file so that Wireless users can authenticate using their ADS username and passwords. On 4/23/07, Jacob Jari

Requesting Decent Freeradius + ADS 2003 + LDAP howto

Ok, I have read them all - the wiki's the unrelated novell howtos for edirectory bought a Oriellys book on ldap (their FR + LDAP howto is incorrect apparently) and googled countless times. The articles on http://wiki.freeradius.org/LDAP arent much help they just re-itterate whats in the config fil

Fwd: Requesting Decent Freeradius + ADS 2003 + LDAP howto

These examples here look a bit more promising. http://vuksan.com/linux/dot1x/802-1x-LDAP.html -- Forwarded message -- From: Jacob Jarick <[EMAIL PROTECTED]> Date: Apr 24, 2007 9:01 AM Subject: Requesting Decent Freeradius + ADS 2003 + LDAP howto To: FreeRadius users mailing list

Fwd: Requesting Decent Freeradius + ADS 2003 + LDAP howto

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch31_:_Centralized_Logins_Using_LDAP_and_RADIUS#Configuring_The_.2Fetc.2Fraddb.2Fradiusd.conf_File Another howto that instructs you to set "DEFAULT Auth-Type := LDAP" -- Forwarded message -- From: Jacob Jarick <[EMAIL

Re: rlm_ldap: Attribute "User-Password" is required for authentication. HELP Please

Alan, my test pc only supports PEAP over wireless and setup has to be wireless. Removing "ldap" from the "authenticate" section causes an EAP error, so I guess there is more configuration than simply removing / commenting that section out. I dont know how to not bind as a user when using FR + LD

FR + ADS 2003 + ntlm_auth

radius -X -f: http://pastebin.ca/455389 config files: Hello All, I have gone back to ntlm_auth for the time being instead of ldap due to the incredibly frustrating lack of good documentation (if there are good docs, link it or shutup). None of the howtos/ tutorials I have followed end in success

FR + ADS 2003 + ntlm_auth (including config files)

radius -X -f: http://pastebin.ca/455389 config files: http://rapidshare.com/files/27607850/config.tgz.html Hello All, I have gone back to ntlm_auth for the time being instead of ldap due to the incredibly frustrating lack of good documentation (if there are good docs, link it or shutup). None of

Re: Add a secondary ldap server to radiusd.conf

On 23 Apr 2007 at 11:18, Kostas Kalevras wrote: > O/H Hubert Kupper : > > Hello, > > > > how can I add a secondary ldap server to radiusd.conf for failover? > > > Just create a second ldap module instance with the secondary ldap server > configuration and read doc/configurable_failover > Than

Re: Fwd: Requesting Decent Freeradius + ADS 2003 + LDAP howto

Hi, > http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch31_:_Centralized_Logins_Using_LDAP_and_RADIUS#Configuring_The_.2Fetc.2Fraddb.2Fradiusd.conf_File > > Another howto that instructs you to set "DEFAULT Auth-Type := LDAP" which is wrong. in the past it worked - and it still doe

Re: Add a secondary ldap server to radiusd.conf

On 23 Apr 2007 at 18:00, Jacob Jarick wrote: > Hubert would you mind showing me how you map the ldap password to the > radius password. > > Ive Tried "checkItem userPassword User-Password" but the radius debug > logs complain that it Needs User-Password still :| > > On 4/23/07, Hubert Kupper <[E

Re: FR + ADS 2003 + ntlm_auth

Hi, > good docs, link it or shutup). I will now no longer be replying to you alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FR + ADS 2003 + ntlm_auth (including config files)

Jacob Jarick wrote: > I have gone back to ntlm_auth for the time being instead of ldap due > to the incredibly frustrating lack of good documentation (if there are > good docs, link it or shutup). A large part of the problem is that you seem to be making random changes, and following various bit

Re: rlm_ldap: Attribute "User-Password" is required for authentication. HELP Please

Jacob Jarick wrote: > So the big question is, what Auth-Type do I use ? You have been told that you should not set it. That means "You should not set it". It does not mean "use another value". > If LDAP is not permitted (still confuses me as I only need / want > radius to authenticate against

Re: Add a secondary ldap server to radiusd.conf

Sigh, I should just tell my employers to buy novell edirectory, it does look very nice. On 4/24/07, Hubert Kupper <[EMAIL PROTECTED]> wrote: > On 23 Apr 2007 at 18:00, Jacob Jarick wrote: > > > Hubert would you mind showing me how you map the ldap password to the > > radius password. > > > > Ive T

Re: FR + ADS 2003 + ntlm_auth

Sorry to offend, But I have been seeing alot of "Docs warn u of this etc" but seeing as there are so many conflicting documents seeing the generic reply when I have read / googled high and low is quite frustrating. On 4/24/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Hi, > > > good docs, lin

Re: NAS not accepting the Access-Accept?

Matt Ashfield wrote: > HI, > > I have a network switch that I'm trying to configure to allow Console port > authentication via RADIUS. > > In the documentation of the switch it says: > "To provide each user with appropriate levels of access to the switch, set > the following username attributes o

Re: PEAP/EAP-TLS with client and server certificate

Marcelo Augusto Rodrigues Pimentel wrote: > I´m trying to configure freeradius with PEAP + EAP-TLS, but > I´m making some confusion to configure the radiusd.conf (sections > authorize and authentication) and eap.conf. > > Have someone implemented this configuration? Yes

Re: FR + ADS 2003 + ntlm_auth

Jacob Jarick wrote: > Sorry to offend, > But I have been seeing alot of "Docs warn u of this etc" but seeing as > there are so many conflicting documents seeing the generic reply when > I have read / googled high and low is quite frustrating. The authors of the program you're using have told you

Re: rlm_ldap: Attribute "User-Password" is required for authentication. HELP Please

Alan, I try to understand I can only get answers from you guys when available so yes I do go off and try random howtos (literally anything I can find) I the hopes I learn a bit more. But yes, I am now 100% clear on not setting Auth-Type. Thanks again Alan. On 4/24/07, Alan DeKok <[EMAIL PROTECTE