>>
>> Now I check this in 2.0.1.
>> This work right in 2.0.1, but not in 2.1.3.
>>
>>
Last version where this work is 2.0.5.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
gt; User-Name = "testgroup"
> User-Password = "test"
> NAS-IP-Address = 10.11.1.1
> +- entering group authorize {...}
> [preprocess]expand: %{NAS-IP-Address} -> 10.11.1.1
> ++[preprocess] returns ok
> [auth_log] expand:
>
>Now I want to implement a check, that verifies if a user authenticating with
>10...@realma.com is also in the group "realmA" and reject the request if this
>is not the case. This way I want to implement a "user X purchased product Y?"
>
>Already tried this: Adding in the radusergroup table:
>+--
>in my radiusd.conf file I've got 2 stanzas like this:
>
>ldap {
> server = ""
> port = ""
>}
>
>ldap2 {
> server = ""
> port = ""
>}
>
>I did copy/paste the lines you gave me just over the first server =
>"..." line but it doesn't seem to do anything.
>
>Any
* Alan DeKok [Thu, 05 Feb 2009 18:35:58 +0100]:
>
>> There is a concern that the UP is being stored in clear text in
>> Novell and we need to turn off that service and only use simple
>> password. Since I am no Novell admin I really do not have a clue if
>> we can encrypt the UP that is stored
Hi,
I've successfully set up freeradius and till now it is doing what I want -
checking realms and prefixes and uses a postgres database backend. ;)
Now I want to implement a check, that verifies if a user authenticating with
10...@realma.com is also in the group "realmA" and reject the request
* a.l.m.bu...@lboro.ac.uk [Thu, 5 Feb 2009 16:52:36
+]:
>
>> I had to ask, I have people telling me that this is a limitation of only
>> FreeRADIUS and not all RADIUS servers in general. There is a concern
>> that the UP is being stored in clear text in Novell and we need to turn
>> off t
Universal Password is encrypted. It's attribute name is
npsmDistributionPassword I believe. As a further protection it is only
readable by admin roles.
You'll have to set up freeradius to bind with such a login and get the
password and decrypt it. That function has been in freeradius for quite
a w
t...@kalik.net wrote:
if(User-Name =~ /\$$/ ) {
ldapmachine
}
else {
ldapuser
}
in my radiusd.conf file I've got 2 stanzas like this:
ldap {
server = ""
port = ""
}
ldap2 {
server = ""
port = ""
}
I did copy/paste the lines you gave me j
Jason C Brown wrote:
> I had to ask, I have people telling me that this is a limitation of only
> FreeRADIUS and not all RADIUS servers in general.
Novell's Border Manager likely doesn't need the UP, simply because it
uses secret Novell API's.
Everyone else uses Universal passwords. *Everyon
Hi,
> I had to ask, I have people telling me that this is a limitation of only
> FreeRADIUS and not all RADIUS servers in general. There is a concern
> that the UP is being stored in clear text in Novell and we need to turn
> off that service and only use simple password. Since I am no Novell
if(User-Name =~ /\$$/ ) {
ldapmachine
}
else {
ldapuser
}
Ivan Kalik
Kalik Informatika ISP
Dana 5/2/2009, "Laurent CARON" piše:
>t...@kalik.net wrote:
>> regex.
>
>
>Thanks Ivan,
>
>Can you please give me some hint about what to put in config's stanzas ?
>
>Thanks
>-
>List info/subscribe/
I had to ask, I have people telling me that this is a limitation of
only FreeRADIUS and not all RADIUS servers in general. There is a
concern that the UP is being stored in clear text in Novell and we
need to turn off that service and only use simple password. Since I
am no Novell admin I
t...@kalik.net wrote:
regex.
Thanks Ivan,
Can you please give me some hint about what to put in config's stanzas ?
Thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>> Make another ldap instance that has that basedn. Machine usernames have $
>> at the end - use unlang to test for that and switch ldap instance as
>> required.
>
>I see how to create another instance but really don't see where and how
>to use unlang to switch between the 2 instances depending on
t...@kalik.net wrote:
Make another ldap instance that has that basedn. Machine usernames have $
at the end - use unlang to test for that and switch ldap instance as
required.
I see how to create another instance but really don't see where and how
to use unlang to switch between the 2 instances
>It seems freeradius "tries" to authenticate the computer from the
>ou=People,dc=mydomain,dc=com.
>
>In radiusd.conf I have the following:
> ldap {
> server = "192.168.0.3"
> identity = "uid=dot1x_read_user,ou=People,dc=mydomain,dc=com"
> password = ldapreadpasswd
>
>Hi Ivan,I just not sure if the card broken because when I set it to use WPA
>then it's working perfectlybut why MSCHAPv2 & EAP-TLS didn't work?
WPA what? WPA-PSK? That doesn't use EAP or any other user authentication
method. EAP is broken.
Card is just radio. Instead of music it repalys data. T
Hi Ivan,I just not sure if the card broken because when I set it to use WPA
then it's working perfectlybut why MSCHAPv2 & EAP-TLS didn't work?Will that be
other reasons or missing some thing that cause the problem.should I send you
the execution log?From: ssa...@hotmail.comto:
freeradius-us...
Hi,
I managed to get authentication of users logged on Windows XP
workstation to the network.
The machine authentication (while booting) however fails thus preventing
the users from retrieving their roaming profiles.
Here is the relevant part of the log:
Thu Feb 5 14:39:16 2009 : Debug: r
;testgroup"
User-Password = "test"
NAS-IP-Address = 10.11.1.1
+- entering group authorize {...}
[preprocess]expand: %{NAS-IP-Address} -> 10.11.1.1
++[preprocess] returns ok
[auth_log] expand:
/usr/local/var/log/radius/radacct/detail/%{Client-IP-Address}/d
* Jason C Brown [Wed, 4 Feb 2009 17:41:49 -0500]:
>
> Is there a way to integrate FreeRADIUS without having to use the
> universal password in Novell?
>
You need to send the password in plaintext to the RADIUS server from the
connecting client, in the world of 802.1X this is typically done with
22 matches
Mail list logo
