On Fri, Jul 15, 2011 at 9:28 AM, Nick Kartsioukas
wrote:
> The LDAP queries are against the AD server, btw. I forgot to paste the
> mschap module config, but that's pretty basic...
>
> mschap mschap_cuesta {
> ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=CUESTA
> --user
The LDAP queries are against the AD server, btw. I forgot to paste the
mschap module config, but that's pretty basic...
mschap mschap_cuesta {
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=CUESTA
--username=%{%{Stripped-User-Name}:-%{User-Name:-None}}
--challen
On Fri, 15 Jul 2011 08:15 +0700, "Fajar A. Nugraha"
wrote:
> I'd look at these lines:
>
> [ldap_parrotfish] performing search in ou=CUESTA,dc=cuesta,dc=org,
> with filter (sAMAccountName=nicholas_kartsioukas)
> [ldap_parrotfish] No default NMAS login sequence
> [ldap_parrotfish] looking for chec
On Fri, Jul 15, 2011 at 7:13 AM, Nick Kartsioukas
wrote:
> Okay, I've gotten a bit further, but I'm still not grasping something in
> the process flow from authorization to authentication and EAP outer and
> inner methods.
>
> I'll paste relevant chunks of my authorize, authenticate, and eap confi
Estaré ausente de la oficina desde el 14/07/2011 y no volveré hasta el
01/08/2011.
Responderé a su mensaje cuando regrese. Si tiene alguna emergencia, puede
contactar con Accesos_SOR@telefonica (900 111 245 opción 2) o Jose Manuel
Gomez Perez (jmgo...@telefonica.es). ¡Felices fiestas y próspero
Serge van Namen wrote:
>
> I'm working on a proof-of-concept for 802.1x and dynamic vlan's on
> switches.
>
> All this works perfectly with user@realm, but now I want to read the
> vlan ID from a ldap attribute and then send the radius request with
> that value in "Tunnel-Private-Group-ID".
>
Phil,
It would seem I must have made a typo, Gareth has tried this again and
due to his golden touch the array is now being evaluated.
Sorry for the confusion.
Cheers,
Jezz.
-Original Message-
From: Ayres G.J.
Sent: 14 July 2011 17:02
To: Palmer J.D.F.
Subject: RE: SoH - FR 2.1.11
I
On 07/14/2011 06:11 PM, Arran Cudbard-Bell wrote:
How about what I've just put there?
Neat :) Looks good. Tweaked a few bits and pieces and converted it
back to RST. I wanted this to be bundled with general AD
Back to? There was just an empty page there when I visited, or am I
missing your
On 07/14/2011 06:09 PM, Arran Cudbard-Bell wrote:
1. HTML tags like '' will not be parsed by all renderers, just
because it works in Gollum, doesn't mean it will work with a proper
renderer for that markup format.
For markdown its 3 spaces or a tab in front of every line, for RST
it's double co
Further testing suggests that neither of the Perl or Realm modules is applying
the Stripped-User-Name in the right scope. Perl does that first thing, when a
request comes in, and my output says that as soon as perl is done, it's unset.
Similarly, as soon as the hokies realm module is done appl
On Jul 14, 2011, at 7:37 PM, Johan Meiring wrote:
> On 2011/07/14 07:09 PM, Arran Cudbard-Bell wrote:
>> Ok heres the deal.
>>
>> There are three formats we use on the wiki:
>>
>> 1. markdown
>> 2. restructuredtext
>> 3. mediawiki
>>
>
> I spent about 1/2 hour a while ago trying to get a basi
Johan Meiring wrote:
> I spent about 1/2 hour a while ago trying to get a basic "guide" to
> either markdown or restructuredtext.
>
> Google was unhelpful, are there any good tutorials?
restructuredtext cheat sheet
http://docutils.sourceforge.net/docs/user/rst/quickref.html
Alan DeKok.
-
List
On 2011/07/14 07:09 PM, Arran Cudbard-Bell wrote:
Ok heres the deal.
There are three formats we use on the wiki:
1. markdown
2. restructuredtext
3. mediawiki
I spent about 1/2 hour a while ago trying to get a basic "guide" to either
markdown or restructuredtext.
Google was unhelpful, are
So I played with my copy of the code to change what nostrip being unset means
(now, it writes the Stripped-User-Name attribute, but no longer rewrites the
User-Name attribute with the stripped username), and I'm still running into
problems:
(0) HOKIES : Looking up realm "hokies" for User-Name =
On Jul 14, 2011, at 6:29 PM, Phil Mayers wrote:
> On 14/07/11 16:34, Arran Cudbard-Bell wrote:
>
>> http://wiki.freeradius.org/NTLM+Auth+with+PAP+HOWTO
>
> How about what I've just put there?
Neat :) Looks good. Tweaked a few bits and pieces and converted it back to RST.
I wanted this to be b
Ok heres the deal.
There are three formats we use on the wiki:
1. markdown
2. restructuredtext
3. mediawiki
Mediawiki pages contain content from our old mediawiki instance. Feel free to
convert these to RST or Markdown, the wiki cloth renderer sucks so they
probably won't render quite right in
On Jul 14, 2011, at 6:03 PM, Gary Gatten wrote:
> Not sure if that was intended for OP or myself, but I went to check it out
> and it wants me to login. I did with my fb, but then it wanted “access” to
> stuff I don’t want to share – so I can’t read it.
No matter what FB says, all omnigollum
On 14/07/11 16:34, Arran Cudbard-Bell wrote:
http://wiki.freeradius.org/NTLM+Auth+with+PAP+HOWTO
How about what I've just put there?
Needs testing, but it should work.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Where do you have the ntlm_auth "command" specified? You "can" put it in
numerous/various FR conf files; I think mine is in radiusd.conf, but I forget.
And, what IS that command? It should be essentially the same command you
execute to test SAMBA with outside the FR environment.
I can help m
Thanks for the quick reply Gary
I changed the /usr/local/etc/raddb/sites-enabled/default file to
# MSCHAP authentication.
Auth-Type MS-CHAP {
mschap
}
# ntlm authentication.
ntlm_auth
#
I also changed the /usr/local/etc
Not sure if that was intended for OP or myself, but I went to check it out and
it wants me to login. I did with my fb, but then it wanted "access" to stuff I
don't want to share - so I can't read it.
In my case I use (currently) ntlm_auth exclusively, so setting the default to
that doesn't bot
On Jul 14, 2011, at 5:18 PM, Gary Gatten wrote:
> I don’t think you need braces and such, this is not as much an auth type as a
> method
>
> Try just a single line that reads: ntlm_auth
>
> Also, I actually had to set my default auth-type to ntlm_auth. You know the
> part where it says “…f
On 14/07/11 16:14, Phil Mayers wrote:
On 14/07/11 15:59, Palmer J.D.F. wrote:
Thanks Phil& Arran,
I keep starting reply emails and another arrives before I get to send
them.
Hehe.
I've tried array hack, that fails even with 'firewall' as the condition.
if ("%{SoH-MS-Windows-Health-Status[*
On 14/07/11 15:59, Palmer J.D.F. wrote:
Thanks Phil& Arran,
I keep starting reply emails and another arrives before I get to send
them.
Hehe.
I've tried array hack, that fails even with 'firewall' as the condition.
if ("%{SoH-MS-Windows-Health-Status[*]}" =~ /firewall/), where as if
(SoH-M
On 14/07/11 16:04, Edge wrote:
My /sites-enabled/default file - I have just copied the authentication
section as everything else in the file is at default settings
Not necessary or helpful. Full debug (which you didn't provide; you
trimmed the start) is what's needed.
rad_recv: Access-Req
Im following the AD config guide over at deployingradius.com and think I
have an error in one of the config files, I suspect Im not using the right
syntax, or another really simple error .
Fresh install of the latest freeradius version on ubuntu - not the packaged
version, built from source
PA
Thanks Phil & Arran,
I keep starting reply emails and another arrives before I get to send
them.
I've tried array hack, that fails even with 'firewall' as the condition.
if ("%{SoH-MS-Windows-Health-Status[*]}" =~ /firewall/), where as if
(SoH-MS-Windows-Health-Status =~ /firewall/) is satisfied.
On Jul 14, 2011, at 4:44 PM, Phil Mayers wrote:
> On 14/07/11 15:24, Phil Mayers wrote:
>
>> I thought that the =~ regexp operator tried all attributes on the
>> left-hand side; that is, I thought it looped through until it got
>> first-match.
>>
>> If it doesn't, then the idea of squeezing all
On Jul 14, 2011, at 4:39 PM, Phil Mayers wrote:
> On 14/07/11 15:31, Arran Cudbard-Bell wrote:
>>>
>>>
Example condition...
if (SoH-MS-Windows-Health-Status =~ /antivirus (warn|error) /) {
>>
>> I'm not sure alternate submatches are supported.
>
> I'm fairly sure they are; we
On 14/07/11 15:24, Phil Mayers wrote:
I thought that the =~ regexp operator tried all attributes on the
left-hand side; that is, I thought it looped through until it got
first-match.
If it doesn't, then the idea of squeezing all the SoH data into a
multiple instances of a single text attribute
On 14/07/11 15:31, Arran Cudbard-Bell wrote:
Example condition...
if (SoH-MS-Windows-Health-Status =~ /antivirus (warn|error) /) {
I'm not sure alternate submatches are supported.
I'm fairly sure they are; we use them locally.
-
List info/subscribe/unsubscribe? See http://www.freeradius.o
>
>
>>
>> Example condition...
>> if (SoH-MS-Windows-Health-Status =~ /antivirus (warn|error) /) {
I'm not sure alternate submatches are supported.
Could you try:
if ((SoH-MS-Windows-Health-Status =~ /antivirus warn/) ||
(SoH-MS-Windows-Health-Status =~ /antivirus error/))
Just to make sure
On 14/07/11 14:30, Palmer J.D.F. wrote:
Hi,
We've started to look at SoH with the intention to implement it for the
new academic session in September, but are having an issue.
Cool (I wrote it)
The server is setup using the example soh-server, but find that the
condition in the example (bel
Hi,
We've started to look at SoH with the intention to implement it for the
new academic session in September, but are having an issue.
The server is setup using the example soh-server, but find that the
condition in the example (below) isn't being satisfied when a client
with no AV returns it's
On 14 Jul 2011, at 03:42, Alexander Clouter wrote:
> In article <795d5ee4-7536-431e-926a-98e70efa1...@vt.edu> you wrote:
> Although to prevent down the road severe levels of pain when enabling
> eduroam you should be using something like 'daw...@hokies.vt.edu', could
> you not just use 'ntdomain'
On 14/07/11 13:34, Phil Brown wrote:
As far as I can tell, from the reply-detail log below& wirehark, Radius
is returning the values. But the support guy is not seeing them on his
wireless server. The first packets he sees are the MS-MPPE- packets.
Can anyone advise as to to get this working.
We are trying to use vendor specific attributes to provide different
services to users authenticating to our local radius system, rather
than users authenticating via proxy'd eduraom systems.
we are using freeradius version 2.1.10
and have added the below to the users file
DEFAULT Suffix == "@p
On 14/07/11 13:09, Serge van Namen wrote:
Hi,
I'm working on a proof-of-concept for 802.1x and dynamic vlan's on switches.
All this works perfectly with user@realm, but now I want to read the vlan ID from a ldap
attribute and then send the radius request with that value in
"Tunnel-Private-Gro
Hi,
I'm working on a proof-of-concept for 802.1x and dynamic vlan's on switches.
All this works perfectly with user@realm, but now I want to read the vlan ID
from a ldap attribute and then send the radius request with that value in
"Tunnel-Private-Group-ID".
Can anyone give me a bump in the ri
On 14/07/11 08:45, Johan Meiring wrote:
On 2011/07/13 06:51 PM, Phil Mayers wrote:
If you are using Samba as your domain controllers, then you have
access to
the SAM and can extract the LM/NT hash from whatever backend you use.
So you can just feed that info straight to FreeRADIUS. No need to
Hi,
> With them, users connect to my network using WIFI using a password exchange.
>
> I would like to change this pattern, I wondered if configuration is
> possible to perform Authentication, Authorization and Accounting with
> Freeradius and if I can provide any documentation that details t
In article <795d5ee4-7536-431e-926a-98e70efa1...@vt.edu> you wrote:
>
> So, one of my last things here is making sure I can get at the
> stripped usernames for my domain users, as they're authorized by their
> stripped name, not the name w/ which they're authenticating. Forex,
> if I'm using my AD
On 2011/07/13 06:51 PM, Phil Mayers wrote:
If you are using Samba as your domain controllers, then you have access to
the SAM and can extract the LM/NT hash from whatever backend you use.
So you can just feed that info straight to FreeRADIUS. No need to use
ntlm_auth / samba membership - just d
43 matches
Mail list logo