I am in the process of migrating from freeradius v1.4 to v2
I am running Debian Lenny, all installed from packages.
I am first trying to merge the configuration.
I use Postgresql behind.
In the v1:
###
# Authent
Hello All,
Is it possible to have freeradius integrated in a environment with two totally
different domains, one controlled by edirectory and the other by active
directory?
Thanks,
Sam
See the Web's breaking stories, chosen by people like you. Check out
Yahoo! Buzz. http://in.buzz.ya
Hi,
I have the choice of selecting between two servers for deploying 802.1x
authentication off a LDAP server. The max rate of authentication is around a couple
of thousand authentications per second.
The first choice is a 2 CPU, Quad Core Nehalem 2.53Ghz based server
with 8MB cache 12Gb DDR3
The docs do tend to gloss over the bits about how to get the needed password
into your LDAP store (besides just saying cleartext or LN/NT). First, check
that the user you have setup for ldap to use has auth (not read) access to the
userPassword attribute, which I think is true since you said rad
Eric Bourkland wrote:
> What would be the best solution since freeRadius currently can't get the
> password out of my openLDAP unless it is using PAP, it gets the password in
> the request via PEAP.
PEAP doesn't work that way. Blame Microsoft.
> I would like to avoid having to tell everyone
Thanks for the help,
What fields am I going to have to populate in the radius schema? I don't see a
password attribute in there?
where do I set that attribute in Radius, or is it automatic?
The additional schema will be problematic since the admin UI for my openLDAP
won't support it, but that is
> On Wed, 2009-07-22 at 10:27 +0100, Ivan Kalik wrote:
>> PS. I must appologize, it was not my intention to imply that if your
>> equipment generates large ids admin is insane by default. My comments
>> were
>> related to that specific case where admin shot himself in the foot by
>> appending text
What would be the best solution since freeRadius currently can't get the
password out of my openLDAP unless it is using PAP, it gets the password in the
request via PEAP. I would like to avoid having to tell everyone with a windows
client that they need to install SecureW2.
What would be nice i
> i've changed sites-enabled/default so that contains this authorize section
>
> authorize {
> preprocess
> chap
> mschap
> suffix
> eap {
> ok = return
> }
> # files
> redundant {
> ldap1
> ldap2
> }
>
> Ya, I'm using mysql. I'm not familiar enough with mysql to know if a
> "text" field is slower/faster/no different to varchar() field. Anyone
> here on the list know any better?
There will be no significant impact on performance. There might be
marginal advantage with varchar due to the way tex
Ivan Kalik wrote:
>
>
> List files after ldap (it's listed before by default).
>
>
i've changed sites-enabled/default so that contains this authorize section
authorize {
preprocess
chap
mschap
suffix
eap {
ok = return
}
#
On Wed, 2009-07-22 at 10:27 +0100, Ivan Kalik wrote:
> PS. I must appologize, it was not my intention to imply that if your
> equipment generates large ids admin is insane by default. My comments were
> related to that specific case where admin shot himself in the foot by
> appending text to basic
On Wed, 2009-07-22 at 11:20 +0100, Phil Mayers wrote:
> This may be true for other DBs, for it's not for postgres:
>
> http://www.nabble.com/Re%3A-Disadvantages-to-using-"text"-p17109220.html
>
> I'm only suggesting changing the postgres schema. I realise the OP may
> not have been using postgre
> I have implemented freeradius server in RHCL 4
> with mysql database.
> My problem is that radius log authenticate the
> user but modem shows error 691
> in windows XP OS.
...
> Login OK: [test/] (from client iacsras.com port 4)
> Sen
On Wed, Jul 22, 2009 at 10:15 PM, Alan DeKok wrote:
> Justin Steward wrote:
> > And with regard to my other question, can I just use plain ol' LDAP to
> > authenticate? A successful LDAP Bind is all I need for our purposes.
>
> That will work for PAP.
>
>
Ok, thanks for confirmation.
Kind Rega
Dear freeradiusus user,
I have implemented freeradius server in RHCL 4
with mysql database.
My problem is that radius log authenticate the
user but modem shows error 691
in windows XP OS.
debug_level = 0
proxy
> server configured with ldap. this works fine.
> we've got few users which would like to authorize via users file. but my
> radius always searches for the password in the ldap. is this behaviour
> normal? (these users have account in ldap and also in users file, but with
> different passwords)
>
>
Justin Steward wrote:
> And with regard to my other question, can I just use plain ol' LDAP to
> authenticate? A successful LDAP Bind is all I need for our purposes.
That will work for PAP.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi
i'm using
radiusd: FreeRADIUS Version 2.1.6, for host i386-portbld-freebsd7.2
server configured with ldap. this works fine.
we've got few users which would like to authorize via users file. but my
radius always searches for the password in the ldap. is this behaviour
normal? (these users ha
07/22/2009 02:03 PM, Hanno Schupp::
When replying, please edit your Subject line so it is more specific than
"Re: Contents of Freeradius-Users digest..."
--
Architecte Informatique:
Administration Systeme, Recherche & Developpement
Ivan Kalik wrote:
Nothing in freeradius. But on the database side? Radacct is a big chunk as
it is. Most people keep at least 3 months worth of data and than can be
quite a few GB. There is significant impact on database performance at the
time of daily backup. Proposed changes would increase ra
Cristina Miyata wrote:
> We are using Freeradius 2.1.1 and we send accounting RADIUS to 2 different
> servers called Server1 and Server2. In order to do so, we created two proxy
> servers and 3 detailed accouting logs: detail (stored in the server), detail1
> (processed by the proxy server that
> Phil Mayers wrote:
>> I must admit, I'd assumed someone had a specific reason for the field
>> sizes being what they are, and didn't want to pre-empt them. But if
>> there isn't such a reason, I'll knock one up.
>
> Nothing depends on the fields being specific sizes. If it's possible
> to make
Phil Mayers wrote:
> I must admit, I'd assumed someone had a specific reason for the field
> sizes being what they are, and didn't want to pre-empt them. But if
> there isn't such a reason, I'll knock one up.
Nothing depends on the fields being specific sizes. If it's possible
to make them "lar
On Wed, Jul 22, 2009 at 02:23:30AM +0100, Alan DeKok wrote:
Phil Mayers wrote:
After the 2nd outage this caused (we rely on near realtime accounting) I
looked into it, and found that postgresql suffers no performance benefit
from using "varchar(n)" and I simply altered all the "varchar" fields t
25 matches
Mail list logo
