but this kind of termination make he unable to login... but a day later, he
can login again... have you met such situation>?
On Sat, Jul 3, 2010 at 6:43 PM, Alan Buxey wrote:
> Hi,
>
> > but what does lost-carrier means? I can't find in freeradius's wiki, but
> I saw this status in Daloradius
>
I installed samba 3..4.8 and it produces the same errors as the previous
version.
Should the only workaround really be downgrading back to samba/winbind 3.0.30.
as suggested in https://bugzilla.samba.org/show_bug.cgi?id=6563 ?
It is hard to believe that the only way to use peap/mschap in this c
For starting it should be enough but what I am not able to do is to set
up the correct sequence.
First I need to extract the CN field (which can be done and I Already
did and I can set up
a list of allowed CN in hte users file), and after I need to do an LDAP
query to check for authorization.
Fabio Dive wrote:
> I am looking for a way to TLS encrypt accounting messages between
> Freeswitch and remote Freeradius,
> actually I can do only clear text accounting with simple shared key auth.
Install a VPN.
> Is there a way using configurations files to setup TLS accounting?
No.
> Do
Edgar Fuß wrote:
> I don't understand. rlm_eap's check_cert_cn must be able to extract the CN
> from the user certificate in order to check it against User-Name (or
> whatever).
Yes...
> Or at least, with check_cert_cn = %{User-Name}, you can substitute User-Name
> for an extracted CN for wh
RV> but if I wanted to extract the emailAddress or CN field from the
RV> X509 certificate and authorize it against my LDAP tree
AdK> The limitation isn't the users file.
AdK> It's that extracting the fields from the certificate is hard.
I don't understand. rlm_eap's check_cert_cn must be able to
Hello,
yesterday I successful installed freeswitch 1.0.6 with mod_radius_cdr
accounting on a remote freeradius 2.1.9 server,
freeswitch use freeradius-client 1.1.6 library.
I am looking for a way to TLS encrypt accounting messages between
Freeswitch and remote Freeradius,
actually I can do onl
Jevos, Peter wrote:
> Thank you alan,
> yes i can check the man page ( to be honest, that was i afraid of : ),but i
> was looking for the examples
Please also edit your replies. There is no need to leave the original
message at the top of your reply.
> As i wrote in my first email, cisco is c
Matthew P wrote:
> I forgot to mention that I need the "user" portion of "u...@mydomain.com" for
> sql too.
> "u...@mydomain.com" only needs to be sent to the home server (in case the
> user doesn't have "@mydomain.com" or "@mydomain2.com"). In another words,
> both AD and DB contain usernames,
Thanks for your help Alan, it really makes a difference when learning about
Freeradius configuration.
> So... decode the user-name using a regex. You can then use that in
> the LDAP configuration. The LDAP user search is configurable for a
> *reason*.
I forgot to mention that I need the "user"
Hi,
> Using the users file it works. So samba can be blamed even in the current
> version 3.4.7 :-(
I've had several reports that 3.4.8 works - which isnt even the latest version
(thats 3.5.4!)
3.4.x is old but I personally have no experience of whether any 3.5.x works
alan
-
List info/subscri
Hi,
> but what does lost-carrier means? I can't find in freeradius's wiki, but I
> saw this status in Daloradius
> and when will the termination be Lost-Carrier? and the user whose termination
> is Lost-Carrier can't login the next day, the the next next day, he can login
> again, I don't know
Jevos, Peter wrote:
> However I was not able to find in these links anything about the
> --require-membership-of
See the "man" page for ntlm_auth. It is just a Unix command that can
be run, like anything else.
> and the vpn cisco client example
> (also find on these pages found nothing :)
T
Jevos, Peter wrote:
> However I was not able to find in these links anything about the
> --require-membership-of
See the "man" page for ntlm_auth. It is just a Unix command that can
be run, like anything else.
> and the vpn cisco client example
> (also find on these pages found nothing :)
Jevos, Peter wrote:
> How should look like the ntlm_auth file ? How should look like mschap
module ?
> How should look like parameter --require-membership-of in these files
?
>
> How should look like users file ?
> These answers I was not able to find in any documentation
Read the URLs from th
Riccardo Veraldi wrote:
> Hello,
> is it possible in some way to use EAP-TLS X509 authentication together
> with LDAP authorization in freeradius2 ?
Yes. You can look the username up in LDAP, and reject the request if
the user doesn't exist.
> Actually freeradius2 allows EAP-TLS authenticatio
16 matches
Mail list logo
