Hey Ivan,
On Thu, Jul 2, 2009 at 2:00 AM, Ivan Kalik wrote:
> >> To include information about the NAS in a listing of the radpostauth
> >> (which
> >> doesn't have an entry regarding the nas
> >> from which the request originated from) I am joining the tables based on
> >> the
> >> radacct.accts
Zemke, Kai wrote:
> just a question for my understanding. When using the modules rlm_ippool
> or rlm_sqlippool, IP Adressses from a pool get assigned to the remote
> device as framed-ip-address.
In RADIUS...
> What I’m wondering about is, in case that I start using this type of
> address distri
Ted Behling wrote:
> In case the admin(s) of the FreeRADIUS download servers is on this list,
> I thought I'd point out that I received an error just now when trying to
> download 2.1.6. Following the links at
> _http://freeradius.org/download.html_, the link to:
>
> _ftp://ftp.freeradius.org/p
>> To include information about the NAS in a listing of the radpostauth
>> (which
>> doesn't have an entry regarding the nas
>> from which the request originated from) I am joining the tables based on
>> the
>> radacct.acctstarttime = radpostauth.date
>> which works "part" of the time. Meaning, for
>> I'm trying to figure out the necessary steps and configs to make the
>> following happen. 2 groups of users, one residing in ldap with
>> samba/ntlm hashes and another in AD, need to authenticate through Radius
>> servers for 802.1x wireless. At this point, I have the Radius server
>> successfu
> It's a magic LDAP && Active directory issue.
:-)
Thanks!
On Wed, Jul 1, 2009 at 3:15 PM, Alan DeKok wrote:
> Alba wrote:
> > Thanks Alan, I'll try it.
> >
> > Do you know the cause of this message? Is it a bug or a configuration
> issue?
>
> It's a magic LDAP && Active directory issue.
>
>
Hi,
In case the admin(s) of the FreeRADIUS download servers is on this list,
I thought I'd point out that I received an error just now when trying to
download 2.1.6. Following the links at
http://freeradius.org/download.html, the link to:
ftp://ftp.freeradius.org/pub/freeradius/freeradius-serv
Hey,
To include information about the NAS in a listing of the radpostauth (which
doesn't have an entry regarding the nas
from which the request originated from) I am joining the tables based on the
radacct.acctstarttime = radpostauth.date
which works "part" of the time. Meaning, for most of my tes
Martin,
If you want to leverage the existing user profiles in the RADIUS
server for authentication, authorization, this Internet Draft TLS-EAP
Extension http://tools.ietf.org/html/draft-nir-tls-eap-06 might be
what you are looking for. Unfortunately, there is no implementation up
to date as far as
Alba wrote:
> Thanks Alan, I'll try it.
>
> Do you know the cause of this message? Is it a bug or a configuration issue?
It's a magic LDAP && Active directory issue.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Martin Schneider wrote:
> We need also authorization. So we want to
>
> 1.) check if the certificate is signed by a "trusted ca"
That is done by the normal certificate validation process.
> 2.) check if the username x in the certificate is "known"
What does that mean? If the CA signed the c
Hello,
I'm trying to figure out the necessary steps and configs to make the
following happen. 2 groups of users, one residing in ldap with
samba/ntlm hashes and another in AD, need to authenticate through Radius
servers for 802.1x wireless. At this point, I have the Radius server
successfully aut
Thanks Alan, I'll try it.
Do you know the cause of this message? Is it a bug or a configuration issue?
Thanks for your time.
Regards,
Alba
On Tue, Jun 30, 2009 at 8:45 PM, Alan DeKok wrote:
> Alba wrote:
> > I'm receiving this message:
> >
> > rlm_ldap: ldap_search() failed: Operations error
I think I need to clarify my question a little:
>> we're trying to setup a freeradius / apache installation that allows
>> us to authenticate and authorize users with *certificates* towards a
>> website.
We want to have *multiple* services, not only just one service. If we
would only have one ser
Hi Ivan
> Why use radius to check certificates when Apache can do it?
>
> http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html
Thanks for this reply.
We need also authorization. So we want to
1.) check if the certificate is signed by a "trusted ca"
2.) check if the username x in the certificate
> we're trying to setup a freeradius / apache installation that allows
> us to authenticate and authorize users with *certificates* towards a
> website.
>
> Is there a good tutorial out there somewhere? We did only finde
> partial information that seems to be quite old unfortunately. Or could
> som
Thanks a lot- works perfectly
Jörg
Alan DeKok wrote:
> Joerg Spatschil wrote:
>> I run FreeRADIUS Version 2.0.5, for host i686-pc-linux-gnu and testing
>> FreeRADIUS Version 2.1.3 both on gentoo systems, I want to peap
>> authenticate, authorize and set VLANs on a Cisco Cat 4500 according to a
>>
> just a question for my understanding. When using the modules rlm_ippool or
> rlm_sqlippool, IP Adressses from a pool get assigned to the remote device
> as framed-ip-address.
> What I'm wondering about is, in case that I start using this type of
> address distribution, how can I pass for example
Hello all,
we're trying to setup a freeradius / apache installation that allows
us to authenticate and authorize users with *certificates* towards a
website.
Is there a good tutorial out there somewhere? We did only finde
partial information that seems to be quite old unfortunately. Or could
some
Hi everyone,
just a question for my understanding. When using the modules rlm_ippool or
rlm_sqlippool, IP Adressses from a pool get assigned to the remote device as
framed-ip-address.
What I'm wondering about is, in case that I start using this type of address
distribution, how can I pass for e
Am 01.07.2009 um 14:10 schrieb Rakotomandimby Mihamina:
07/01/2009 02:53 PM, Rakotomandimby Mihamina::
[...]
rlm_pap: login attempt with password "mihamina"
rlm_pap: Using CRYPT encryption.
rlm_pap: Passwords don't match
++[pap] returns reject
[...]
The question:
What Have I got to put in th
> - Freeradius 2.0.4, packaged by Ubuntu 9.04 Jaunty, on "radius20" host.
>
> In users:
> [...]
> mihamina Cleartext-Password := "{clear}mihamina"
That's wrong. Remove {clear} header from the password.
> Service-Type = Framed-User,
> Framed-Protocol
07/01/2009 02:53 PM, Rakotomandimby Mihamina::
[...]
rlm_pap: login attempt with password "mihamina"
rlm_pap: Using CRYPT encryption.
rlm_pap: Passwords don't match
++[pap] returns reject
[...]
The question:
What Have I got to put in the "Cleartext-Password" attribute in "users"
in order to hav
Hi,
I think that you have two different ways. firstly you can use the IP
as User-Name and you can configure free radius to accept that user.
Secondly, you can develop your own module to make that kind of
authentication,
"Mauro Iorio - Smart Soft s.r.l." escribió:
Is it possible to send
> Is it possible to send an Access Accept Packet every time an Access
> Request
> is sent from a specified source ip only???
>
> Is there an example configuration I can read?
DEFAULT Packet-Src-IP-Address == whatever, Auth-Type := Accept
But that won't work with EAP.
Ivan Kalik
Kalik Informa
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
I don't see anything wrong with that debug. It all looks as expected.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Is it possible to send an Access Accept Packet every time an Access Request
is sent from a specified source ip only???
Is there an example configuration I can read?
Thanks,
Mauro Iorio
Smart Soft s.r.l.
BEGIN:VCARD
VERSION:2.1
N:Iorio;Mauro;;Ing.
FN:Ing. Mauro Iorio (m.io...@smartsoft
--- Begin Message ---
Ivan Kalik a écrit :
>> Ivan Kalik a écrit :
>>
I am having an issue with the groups again.
WIFINAS-Identifier == "accessPoint-Manager"
Ldap-Group == wireless,
Ldap-Group == wireless2,
David Hobley wrote:
> Here is an updated dictionary.nortel file, it contains the Radius
> attributes to be able to authenticate against their BCM platform. I
> wasn't certain how to submit it formally, so thought I would send it here.
Added, thanks.
Alan DeKok.
-
List info/subscribe/unsubscri
29 matches
Mail list logo