I have been at this for awhile now, so I thought I would share a
summary of what I have figured out so far for anyone else that decides
to try this.
1 - Documentation for this particular configuration is either out of
date / incomplete / both. There are no howtos that will get from start
to end (i
OK, Ive setup SFU and indeed it has populated my ldap feilds some more.
I have enabled the user "Jacob Jarick" as a unix user, created a unix
group added myself to it then reset my password so the unix password
would be set.
Search command:
ldapsearch -h 10.1.1.11 -x -b "dc=tfxschool,dc=internal"
there is a script that comes with the freeradius source (perhaps bins
aswell) that generates you new certs.
for me the script is @
/usr/src/freeradius-1.1.6/scripts/CA.all
iirc that will generate you all the certs u need and read default
options from your openssl config file. You will have to copy
OK, some more progress, found 1 setting that rejected any user if they
did not have dialup access attribute which I have commented. Now I get
the following results when using the radping program.
It looks to me like it searchs fine "rlm_ldap: user jacob authorized
to use remote access" but Im gues
Thank you for the suggestions / tips Frank..
Here is the results from the command you gave me:
[EMAIL PROTECTED] ~]# ldapsearch -x -h 10.1.1.11 -D
"CN=admin,OU=People,DC=tfxschool,DC=internal" -w pass -b
"o=tfxschool,c=AU" 'objectclass=*'
# extended LDIF
#
# LDAPv3
# base with scope subtree
# fi
Is there a way to set FreeRADIUS to authenticate against specific group
of users for certain devices. For example,
DEFAULT Auth-Type = System
Fall-Through = Yes,
cisco-avpair = "shell:priv-lvl=1",
Service-Type = NAS-Prompt-User
DEFAULT Group == router-rw
cisco-avp
Norman Zhang wrote:
> Thanks. I edited users with the following entries
>
> DEFAULT Auth-Type = System
> Fall-Through = 1,
> cisco-avpair = "shell:priv-lvl=1",
> Service-Type = Administrative-User
>
> DEFAULT Group == user-ro
> cisco-avpair := "shell:priv-lvl=7"
>
>
Hello,
I have made numerous attempts to Compile Freeradius on my OSX 10.4.9
machine with no avail.
I found that V-1.1.1 was included in Darwin Ports, but it gives me Library
errors when I try Installing it.
I see lots of posts of people trying to get FreeRadius working on a mac,
some have do
Hello, list.
I'm having some problems implementing freeradius on opensuse box.
I've followed the toturial at novell and as a test i've used the default CA
and certs that camed with the freeradius rpm.
This worked very good the server started and every thing seamed nice.
Then i made my own CA a
Ranner, Frank MR wrote:
> Put your users into groups and add extra entries:
>
> DEFAULT Group == numpties
> cisco-avpair := "shell:priv-lvl=1"
>
> DEFAULT Group == supernumpties
> cisco-avpair := "shell:priv-lvl=10"
>
> Notes:
> These lines use := to over-rule the cisco-avpair previo
> Date: Thu, 26 Apr 2007 10:53:51 +0200
> From: Jean Frontin <[EMAIL PROTECTED]>
> Subject: mysql ms-chap
> To: freeradius-users@lists.freeradius.org
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset="iso-8859-1"; format=flowed
>
> Hello,
>
> I'm using 802.1X protocol and user
On 4/25/07, Ouahiba MACHANI <[EMAIL PROTECTED]> wrote:
> Thanks Nick for replaying.
>
> can you give me exemples of such systems?
>
If you are looking for a software-based two-factor authentication system:
http://www.wikidsystems.com - our commercial server supports radius
and will work with freera
http://www.navicat.com/
Ivan Kalik
Kalik Informatika ISP
Dana 26/4/2007, "satish patel" <[EMAIL PROTECTED]> piše:
>Dear
>
> I have running freeradius + mssql but now i wann put all databases in
> mysql so i am gonn use mysql with freeradius so is there any tool which
> convert MSSQL
Dear
I have running freeradius + mssql but now i wann put all databases in
mysql so i am gonn use mysql with freeradius so is there any tool which convert
MSSQL databases in MYSQL database so i just pull data from mssql and put it in
mysql so it is possible ??? or which tool is there
It worked fine, thank you.
Is it possible to reject users except when they have a valid NAS-IP-Address?
For example if a user is not member of a group, or if they are only member of
groups which doesnt contain the NAS-IP-Address?
I found the 'notfound-reject' for request that doesnt contain NAS-I
Does anybody have import passwords into a mysql table. Is it possible or is
it a bullshit ?
yes it is possible
==
Benjamin K. Eshun
- Message d'origine
De : Jean Frontin <[EMAIL PROTECTED]>
À : freeradius-users@lists.freeradius.org
Envo
Milan Holub wrote:
> Nothing to do. Sleeping until we see a request.
> Ignoring request from unknown client port 43508
>
> Server does not react on HUPs and stops responding to NASes defined
> correctly in NAS table. Is there something wrong with request cleanup
> for unknown client?
OK. It'
Hi Alan,
I'm back with my bug reports:)
In latest cvs head:
When sending following packet:
`cat ./admin_reset_acct.txt`:
NAS-Port = 5282
NAS-IP-Address =
Acct-Status-Type = Accounting-On
Acct-Terminate-Cause = Admin-Reset
... but it looks like it behaves the same for all accounting packets!
I'
> I'm using 802.1X protocol and user passwords are stored in "smbpasswd"
> file. When I want to add a user I must restart radius.
>
> Does anybody have import passwords into a mysql table. Is it possible or is
> it a bullshit ?
This should work, I'm trying the same thing. I have one issue I couldn
Hello,
I'm using 802.1X protocol and user passwords are stored in "smbpasswd"
file. When I want to add a user I must restart radius.
Does anybody have import passwords into a mysql table. Is it possible or is
it a bullshit ?
Regards
Jean Frontin
System team
I R I T
Université Paul-Sabatier
1
Hi Guys,
can someone tell me how i can get the DES key from the .tok files? While
searching i found numerous references to a utility from bugtrack, but the
utility itself is nowhere to be found. If someone on the list still has it i
would really appreciate a copy ;-)
Is there any other way to
Hi Alan,
with latest cvs head:
* NASes in database
* when sending 1 access request from NAS not defined in NAS table I get
following repeating error message (-X) flooding my screen:
Nothing to do. Sleeping until we see a request.
Ignoring request from unknown client port 43508
Server does not
Hi Alan
I have downloaded freeradius 1.1.6 and configured for EAP-SIM and run
successfully.
but when i send a request using radeapclient to radius server i get this
error " ./radiusd: symbol lookup error: /usr/local/lib/rlm_sim_files-
1.1.6.so: undefined symbol: rad_assert"
I have set LD_LIBRARY_P
Milan Holub wrote:
> ==> yet another small syntax error(redundant bracket) in cvs head:
Fixed, thanks.
Now that the default install has better SSL support, it's much easier
to add a full test suite that should catch all of these issues.
Alan DeKok.
--
http://deployingradius.com - T
Hi Alan,
On Wed, Apr 25, 2007 at 04:19:41PM +0200, Alan DeKok wrote:
> Whoops. I thought I had committed that. It's added now, thanks.
==> yet another small syntax error(redundant bracket) in cvs head:
Index: src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
===
25 matches
Mail list logo
