Hi,
FreeRADIUS 1.1.6.
Use users file as user store. When I use username/password, It can work.
When I user username/password/domain, It not work.
I try to set preprocess module with_ntdomain_hack = yes. I get rlm_eap:
Identity does not match User-Name, setting from EAP Identity.
I
In pre2 an update reply works, when I have:
update reply {
...
Tunnel-Private-Group-ID =%{control:Huntgroup-Name}
...
}
Enterasys have a unusual syntax. They need for the same something like:
update reply {
Hello,
I use EAP-TLS to authenticate the computers on my wlan.
As the supplicants run on Windows XP, I had to store the certificates in the
'local computer' and 'user
account' stores and create the register key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EAPOL\Parameters\General\Global\AuthMode
with
Hi,
I want to do a command authorization from a Freeradius server...like
the way Tacacs+ have cmd-arg attribute specifies a specific commands the can be
executed by a user.
I am searching for the attribute in freeradius that can enable such kind
of behaviour...
Regards,
Ajay,
This is not possible with radius.
Cheers,
- Gaurav
on 12/14/2007 09:52 AM ajay raut said the following:
Hi,
I want to do a command authorization from a Freeradius
server...like the way Tacacs+ have cmd-arg attribute specifies a
specific commands the can be executed by a user.
Ajay,
This is not a feature of RADIUS but it can be implemented for some
vendors' kit using VSAs. So, it depends very much on the kit you're
using whether there is *no* way to do this or a non-standard way to do
this :-(
Rgds,
Guy
On 14/12/2007, Gaurav Sabharwal [EMAIL PROTECTED] wrote:
Hi,
My question deals with the username sent by the supplicant when the
authentication goes on. At boot
time, the username sent is : host/user_name. After the login, the username
sent is : user_name. So, I
have to create 2 users. I want to cut 'host/' to make this task easier. It is
No. But you can create a script that monitors accounting data and alerts
you when there are multiple CallingStationIds per username. You can then
ban those users (CRL) or discipline them in any way you see fit.
Ivan Kalik
Kalik Informatika ISP
Dana 14/12/2007, [EMAIL PROTECTED] [EMAIL
Hello,
It works, thanks. :)
Regards.
-Original Message-
From: [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Date: Fri, 14 Dec 2007 09:39:08 +
Subject: Re: EAP-TLS - About username sent by supplicant
Hi,
My question deals with the
/radius/radacct/10.2.51.192/auth-detail-20071214'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/10.2.51.192/auth-detail-20071214
modcall[authorize]: module auth_log returns ok for request 0
rlm_realm: No '@' in User-Name = delld420
Uncomment ntdomain in authorize section. And proxy ntdomain to LOCAL.
Ivan Kalik
Kalik Informatika ISP
Dana 14/12/2007, Hangjun He [EMAIL PROTECTED] piše:
Hi,
FreeRADIUS 1.1.6.
Use users file as user store. When I use username/password, It can work.
When I user username/password/domain,
i fixed the issue by building and installing my own windbind-package
from the debian unstable source for etch: winbind_3.0.28-1_i386.deb
now i've only left the problem, that freeradius converts
username: host/trelane.ka.foobar.de to
username: trelane$
domain: ka
i did a
Sorry to bother you guys again:
a couple of weeks ago, I asked
With a users file like
DEFAULT
User-Name = `%{User-Name}`
the server complains loudly about the missing Auth-Type when asking with
radtest
So how do I direct the server to use LDAP without setting Auth-Type?
Or
No. More. This goes on top of any encryption of user data.
Ivan Kalik
Kalik Informatika ISP
Dana 14/12/2007, Sergio Belkin [EMAIL PROTECTED] piše:
Fix me if I'm wrong: As you say, data between APs base and repeaters
are less protected?
Thanks.
2007/12/13, [EMAIL PROTECTED] [EMAIL PROTECTED]:
Fix me if I'm wrong: As you say, data between APs base and repeaters
are less protected?
Thanks.
2007/12/13, [EMAIL PROTECTED] [EMAIL PROTECTED]:
That's ment about the link between APs not between AP and the user.
Ivan Kalik
Kalik Informatika ISP
Dana 13/12/2007, Sergio Belkin [EMAIL
i found the topic about No logon workstation trust account
(0xc199).
i've the same problem using
freeradius-2.0.0-pre2
samba 3.0.24
on debian etch
is it required to update to samba 3.0.28 (debian unstable) to fix this
issue, or could it be anything else?
thx
michael
What client would that be? Windows will accept .p12 certificates.
Ivan Kalik
Kalik Informatika ISP
Dana 14/12/2007, Gaurav Bandekar [EMAIL PROTECTED]
piše:
Hi,
I followed the steps provided at
http://wiki.freeradius.org/WPA_HOWTO
The certificate files are .pem files but my client requires a
Norbert Wegener wrote:
In pre2 an update reply works, when I have:
..
Enterasys have a unusual syntax. They need for the
same something like:
..
Enterasys:version=1:mgmt=su:policy=%{control:Huntgroup-Name}
It's just a double-quoted string, like shell scripts or C. You
[EMAIL PROTECTED] wrote:
Hello,
The problem is when a computer tries to authenticate, the User-Name sent
is host//computername/, but in ldap we have entrie like
/computername/$. So we have some attr_rewrite that removes host/ and
adds the dollar sign.
Why? You can just create a *new*
Michael Patzer wrote:
i found the topic about No logon workstation trust account
(0xc199).
i've the same problem using
freeradius-2.0.0-pre2
samba 3.0.24
on debian etch
is it required to update to samba 3.0.28 (debian unstable) to fix this
issue, or could it be
Martin Pauly wrote:
Now I'm going for a new production host and thought I'd simply copy
the working radiusd.conf (with minor adjustments, of course).
But again freeradius is unable to determine the proper auth-type.
No. The problem is the WARNING message just before that. You haven't
told
21 matches
Mail list logo