John Dennis writes:
> So why does this group think PKI doesn't work?
PKI works. gnupg is an example of that.
SSL doesn't work. Faulty design: Single trust anchor, black or white
trust only, and large commercial interests are all reasons for that.
Bjørn
-
List info/subscribe/unsubscribe? S
Thats perfect, thanks phil, many thanks for the help.
On Mon, Mar 7, 2011 at 1:19 PM, Phil Mayers wrote:
> On 07/03/11 12:18, paul smith wrote:
>>
>> Thanks Phil, thats great works really well.
>>
>> It has set me thinking about a variation though, using EAP-Message
>> would mean that it wouldn't
So
Still not sure what file is tweaking this. I ended up copying the entire
/raddb dir from ServerB to ServerA to get the same exact behavior. Prior to
that I tried.
Replicating (copying the file via ftp): radiusd.conf, users, default,
inner-tunnel, radiusd, ... maybe more.
I also manua
Guy wrote:
>
> I now have FreeRadius granting access and using LDAP for username and
> password information.
>
> My next challenge, using the same Radius and LDAP server I would like
> to grant different users access via different NAS clients.
>
> eg in LDAP I would have:
>
> uid=guy
> servi
On 07/03/2011 22:18, Arran Cudbard-Bell wrote:
On Mar 7, 2011, at 4:05 PM, James J J Hooper wrote:
On 07/03/2011 21:42, John Dennis wrote:
I changed "default_eap_type=md5" to "default_eap_type=ttls" and now the
Macs are able to authenticate without Certs or any configuration on their
side!!
On Mar 7, 2011, at 4:05 PM, James J J Hooper wrote:
> On 07/03/2011 21:42, John Dennis wrote:
I changed "default_eap_type=md5" to "default_eap_type=ttls" and now the
Macs are able to authenticate without Certs or any configuration on their
side!!
>>>
>>> ...remember though that wo
On Mar 7, 2011, at 4:03 PM, Arran Cudbard-Bell wrote:
>
> On Mar 7, 2011, at 3:57 PM, Alan Buxey wrote:
>
>> Hi,
>>
>>> 1) It validates the server cert to assure it's signed by a CA it trusts
>>> (possibly via a cert chain).
>>>
>>> 2) It then validates the certificate subject to make sure t
On 07/03/2011 21:42, John Dennis wrote:
I changed "default_eap_type=md5" to "default_eap_type=ttls" and now the
Macs are able to authenticate without Certs or any configuration on their
side!!
...remember though that working != secure [necessarily]. Clients defaulting
to accept any radius serve
On Mar 7, 2011, at 3:57 PM, Alan Buxey wrote:
> Hi,
>
>> 1) It validates the server cert to assure it's signed by a CA it trusts
>> (possibly via a cert chain).
>>
>> 2) It then validates the certificate subject to make sure the server it
>> thought it was connecting to appears in the certifi
Hi,
> 1) It validates the server cert to assure it's signed by a CA it trusts
> (possibly via a cert chain).
>
> 2) It then validates the certificate subject to make sure the server it
> thought it was connecting to appears in the certificate (either as the
> certificate subject or one of the
I changed "default_eap_type=md5" to "default_eap_type=ttls" and now the
Macs are able to authenticate without Certs or any configuration on their
side!!
...remember though that working != secure [necessarily]. Clients defaulting
to accept any radius server cert, or those that default to prompt
Hi all,
I now have FreeRadius granting access and using LDAP for username and password
information.
My next challenge, using the same Radius and LDAP server I would like to grant
different users access via different NAS clients.
eg in LDAP I would have:
uid=guy
services: VPN
services: WiFi
I
Yes I understand and agree..
However in this environment I think we'll be ok.
Thanks
--Guy
On 6 Mar 2011, at 19:22, Alan Buxey wrote:
> Hi,
>
>>> I changed "default_eap_type=md5" to "default_eap_type=ttls" and now the
>>> Macs are able to authenticate without Certs or any configuration on t
On 07/03/11 16:25, Thomas Wunder wrote:
Hi, i'd like to specify my auth-policies using the rlm_policy module
(since i like it's obvious flexibility and the cleanness of it's
policy syntax and because i wasn't able to solve some particular
problems with rlm_files) but there's one big problem left:
Hi,
i'd like to specify my auth-policies using the rlm_policy module (since i like
it's obvious flexibility and the cleanness of it's policy syntax and because i
wasn't able to solve some particular problems with rlm_files) but there's one
big problem left:
until now i've been using the Ldap-Gro
Hello list,just another guy with the duplicate client problem.I got a service running, allowing customers to add their DSL-linesand use my freeradius to authenticate.It works fine, so far, but there is one problem :When a user adds his hardware using a dynamic IP from a special dyndns-service, it
On 07/03/11 12:18, paul smith wrote:
Thanks Phil, thats great works really well.
It has set me thinking about a variation though, using EAP-Message
would mean that it wouldn't run if it had been through the default
only, such as EAP-TLS.
Is there something else I could use which would indicate i
Dear All ,
I am upgrading from 1.1.7 To 2.1.10
I am using Exec-Program-Wait to run a script
In the old ver, I can find the out put of my script in reply-detail log ,
But in the new ver. I Only find the attribute
Exec-Program-Wait = "/usr/bin/php /var/www/html/check.php testuser 1"
but i need all
Thanks Phil, thats great works really well.
It has set me thinking about a variation though, using EAP-Message
would mean that it wouldn't run if it had been through the default
only, such as EAP-TLS.
Is there something else I could use which would indicate if
inner-tunnel had been used?
thanks,
On 07/03/11 10:10, paul smith wrote:
Is there some way I can tell the server not to run things in the
default post-auth, if the request has been through the inner-tunnel?
I'm thinking putting something like the following in the default
post-auth section
if (!proxy-reply:Packet-Type ==
Hi,
I have an exec script that I want to run when authenticating a user.
The script takes in the username.
I want to run the script both for PEAP authentications and PAP authentications.
The problem I have is that if I put the exec in the inner-tunnel
post-auth section it will work fine for the
21 matches
Mail list logo