Nick Kartsioukas lists.freerad...@change.nightwind.net wrote:
Okay...let's say I have an SSID for students and an SSID for staff.
Students authenticate against LDAP, which stores passwords as salted
SHA1 hashes. Staff authenticate against Windows ActiveDirectory.
I've found where the WLC
On 12/07/2011 02:50, Nick Kartsioukas wrote:
I've been looking through the wiki and staring at the config files and
I'm...confused.
I've successfully gotten our Cisco WLC to authenticate against
ActiveDirectory as well as a Sun LDAP server (just one at a time) via
FreeRADIUS for a single test
Nick, the joy of frees is that you can do this is umpteen different ways.
I would recommend that you use unsung unlang to check the ssid in the request
and then proxy that request to a different virtual server to deal with in the
way you want
Alan
--
Message may be brief as it has been sent
On 07/11/2011 10:59 PM, Jacob Dawson wrote:
We're trying to get FreeRADIUS to get at the user info in our Oracle
DB, and it does not appear to be respecting the read_groups = yes
setting in sql.conf.
Are you setting Fall-Through = Yes in radreply?
You need to.
-
List
On Tue, Jul 12, 2011 at 2:59 PM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 07/11/2011 10:59 PM, Jacob Dawson wrote:
We're trying to get FreeRADIUS to get at the user info in our Oracle
DB, and it does not appear to be respecting the read_groups = yes
setting in sql.conf.
Are you setting
Hi ,
Thank you very much for the example. its working.
Regards
Champika
On Mon, 11 July, 2011 4:24 pm, Alexander Clouter wrote:
d.thembiliyag...@lancaster.ac.uk wrote:
I am using EAP-TTLS and MSCHAPv2 to authenticate with FreeRadius
server.How can I get the tunnelled User-Name (User-Name
On 07/12/2011 09:21 AM, Fajar A. Nugraha wrote:
On Tue, Jul 12, 2011 at 2:59 PM, Phil Mayersp.may...@imperial.ac.uk wrote:
On 07/11/2011 10:59 PM, Jacob Dawson wrote:
We're trying to get FreeRADIUS to get at the user info in our Oracle
DB, and it does not appear to be respecting the
I'll have the time to test it today, but according to this comment in sql.conf,
I shouldn't have to set that, and I'd prefer not to have to set it on every
user in production.
# If set to 'yes' (default) we read the group tables
# If set to 'no' the user MUST have Fall-Through =
Maybe your setup is different, but when we get fac/staff logging in to wireless
with their Domain credentials, those have the domain prepended on the username,
which makes it easy to parse those with unlang and proxy those requests to the
AD servers (in our case, since our AD servers are set up
On 12/07/11 13:34, Jacob Dawson wrote:
I'll have the time to test it today, but according to this comment in sql.conf,
I shouldn't have to set that, and I'd prefer not to have to set it on every
user in production.
# If set to 'yes' (default) we read the group tables
# If set
That doesn't make a lot of sense from my quick skim of the config and the code,
as I don't see anywhere that group_membership_query is referenced, but it
definitely triggered FR to respect the read_groups setting.
- Jacob
On 12 Jul 2011, at 08:59, Phil Mayers wrote:
On 12/07/11 13:34, Jacob
On 12/07/11 14:29, Jacob Dawson wrote:
That doesn't make a lot of sense from my quick skim of the config and
the code, as I don't see anywhere that group_membership_query is
group_membership_query is defined in the default configs; or is that not
what you mean?
The call graph is as follows:
Did my last mail made it?
- Last Mail: -
Phil, you got it working!
All of what you wrote was right:
- added Cleartext-Password2 to
/usr/share/freeradius/dictionary.freeradius.internal
- created user file like this:
user Cleartext-Password := 1, Cleartext-Password2 += 2
- updated
Didn't look for abbreviated forms of the name, so I didn't see that.
And I'd say that 'working' is too strong a term, but I haven't determined
what's causing the latest failure, as yet. At least it's querying the groups
tables, so we're on to new errors, and those are like progress.
- Jacob
Found the source of my problem, thanks to your pointer. While it doesn't seem
to matter if FreeRADIUS gets any results from the authorize_group_reply_query,
sql.conf requires that it be configured and run in order to be happy. Since we
have, in this case, no reply attributes to set (those are
Also, if there's interest, I can submit the oracle-ized version of the schema
that we created. The one included in the source users non-oracle variable
types and a few incorrect restrictions (Several items are set unique when,
logically, they should not be).
Thanks much,
Sure, could you
I spent about an hour on it, and while I seem to be pretty close, instructions
on the wiki would be handy, particularly as it relates to generating the patch
and the best way to submit it.
- Jacob
On 12 Jul 2011, at 10:17, Arran Cudbard-Bell wrote:
Also, if there's interest, I can submit the
Thanks for fixing that :-)
Another 'broken link' I've picked up.
The FAQ link on:
http://freeradius.org/ http://freeradius.org/
points to this page:
http://wiki.freeradius.org/index.php/FAQ
http://wiki.freeradius.org/index.php/FAQ
instead of:
http://wiki.freeradius.org/FAQ
On Jul 12, 2011, at 7:59 PM, Dirk van der Walt wrote:
Thanks for fixing that :-)
Another 'broken link' I've picked up.
Fixed, Thanks :)
-Arran
Arran Cudbard-Bell
a.cudba...@freeradius.org
RADIUS - Half the complexity of Diameter
-
List info/subscribe/unsubscribe? See
RADIUS - Half the complexity of Diameter
Good one!
-Original Message-
From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org
[mailto:freeradius-users-bounces+ggatten=waddell@lists.freeradius.org] On
Behalf Of Arran Cudbard-Bell
Sent: Tuesday, July 12, 2011 2:35
Gary Gatten ggat...@waddell.com wrote:
RADIUS - Half the complexity of Diameter
Don't encourage him...
Cheers
--
Alexander Clouter
.sigmonster says: Life is NP-hard, and then you die.
-- Dave Cock
-
List info/subscribe/unsubscribe? See
Bug 166 has a patch for this.
Noticed it didn't seem to be failing if the user was found, but wasn't in any
groups, even though I instructed it to check for groups. That's incorrect
behavior in my case (plenty of users who were authorized at one time, but are
no longer) and it seems to stem
On Jul 12, 2011, at 7:33 PM, Jacob Dawson wrote:
I spent about an hour on it, and while I seem to be pretty close,
instructions on the wiki would be handy, particularly as it relates to
generating the patch and the best way to submit it.
Ok, its up here http://wiki.freeradius.org/github,
I had to uncheck validate certificates on the client. I also had to uncheck
use logon on username and password so it would ask me for the credentials.
The server does not like when the client sends domain info. On the server
side I had to change the users file so it doesn't include the Auth-Type
On Tue, 12 Jul 2011 07:17 +0100, Alexander Clouter
a...@digriz.org.uk wrote:
authorize {
...
if (Airespace-Wlan-Id == student_ssid) {
EAP_student
}
else {
EAP_staff
}
...
}
Thanks for the hints! I think I've got my eap.conf set up as I need it.
After some
25 matches
Mail list logo