On 11/10/2011 10:06 PM, Alan Buxey wrote:
Hi,
As per the docs. This config item should not be used, and is causing
things to break.
umm, wasnt there a discussion recently in which
with_ntdomain_hack = yes
was going to be set by default in FR 3.x ?
That was the option on the mschap module.
On Fri, Nov 11, 2011 at 8:29 AM, Gary Gatten wrote:
> I agree with Jake, in that I *think* it would be possible to have a plugin or
> whatever interface with LDAP/AD in the same manner ntlm_auth does. I don't
> think one *needs* a cleartext password, but does need some way to compare
> apples-
I agree with Jake, in that I *think* it would be possible to have a plugin or
whatever interface with LDAP/AD in the same manner ntlm_auth does. I don't
think one *needs* a cleartext password, but does need some way to compare
apples-to-apples. That said, I don't know the inner workings of all
"Sallee, Stephen (Jake)" wrote:
> Please forgive the interjection, but does anyone know of a helper
> module like ntlm_auth that would work with LDAP, seems like such a
> tool would make questions like this a non-issue.
No, will not work. You can't transform the normally used hashes back
into a
Please forgive the interjection, but does anyone know of a helper module like
ntlm_auth that would work with LDAP, seems like such a tool would make
questions like this a non-issue.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
Whitlow, Michael wrote:
> I am really close to a successful Freeradius implementation for 802.1X
> wireless using LDAP authentication on the back end.
Nope, you are not very close.
You _cannot_ use any LDAP authentication (via binding with a DN to the
LDAP server) with any CHAP authentication.
Hi,
>[mschap] No Cleartext-Password configured. Cannot create LM-Password.
>[mschap] No Cleartext-Password configured. Cannot create NT-Password.
store your passwords in the LDAP as NT-Password or LM-Password
hashes. this then allows the PEAP/MSCHAPv2 method of EAP to work.
alan
-
Lis
All,
I am really close to a successful Freeradius implementation for 802.1X
wireless using LDAP authentication on the back end.
Here is what I have:
- RADTEST / clear text Freeradius password from "users" file /
WORKS GREAT
- Windows XP 802.1X PEAP/MS-CHAPv2 wi
Hi,
> As per the docs. This config item should not be used, and is causing
> things to break.
umm, wasnt there a discussion recently in which
with_ntdomain_hack = yes
was going to be set by default in FR 3.x ?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.h
On 10/11/11 16:53, Alejandro Gandara wrote:
# This configuration entry SHOULD NOT be used.
# See the "realms" module for a better way to handle
# NT domains.
with_ntdomain_hack = yes
^^^
As per the docs. This config item should not be used, and is causing
things to break.
Set this back to
2011/11/10 Phil Mayers
> Ok, your debug says:
>
> rad_recv: Access-Request packet from host 172.20.40.11 port 1025, id=21,
> length=218
>Framed-MTU = 1480
>NAS-IP-Address = 172.20.40.11
>NAS-Identifier = "SW-Priv-1-1"
>
>User-Name = "OPTARE\\brouco"
>
> # Executin
Ok, your debug says:
rad_recv: Access-Request packet from host 172.20.40.11 port 1025, id=21,
length=218
Framed-MTU = 1480
NAS-IP-Address = 172.20.40.11
NAS-Identifier = "SW-Priv-1-1"
User-Name = "OPTARE\\brouco"
# Executing section authorize from file
/etc/fre
Hi,
I downloaded current stable freeradius version 2.1.12 and import
configuration from old server (rewrite etc/raddb).
Everything seems to be OK, but I must now add another two trusted CAs
into ca.pem and also enable checking against CRL files as for other.
Lets say that eap.conf is setup by def
2011/11/10 Alan Buxey
> Hi,
>
> > rad_recv: Access-Request packet from host 172.20.40.11 port 1025, id=21,
> length=218
>
>
> > User-Name = "OPTARE\\brouco"
>
> I know this, thats why i need try to remove this prefix. At first i
thought i could do with module/realm. But I didnt get good re
Hi,
> rad_recv: Access-Request packet from host 172.20.40.11 port 1025, id=21,
> length=218
> User-Name = "OPTARE\\brouco"
all okaybut then:
> # Executing section authorize from file /etc/freeradius/sites-enabled/default
> +- entering group authorize {...}
> ++[preprocess] returns
That would be greatly appreciated, thanks!
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Authorising-Clients-by-Calling-Station-ID-Not-IP-tp4883866p4981135.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.-
List info/subscribe/unsubscribe? See ht
Hi, not had much chance to do much recently. The aim's to take a peek this
afternoon.
Will report back after
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Authorising-Clients-by-Calling-Station-ID-Not-IP-tp4883866p4981123.html
Sent from the FreeRadius - User mailing li
JennyBlunt wrote:
>
> Cool, thanks I'll download now and take a look
>
> J
>
Hi JennyBlunt,
How did you go with Johan Meiring's solution for authenticating NAS clients
based on their MAC address? I am in a similar situation to you with AP's on
dynamic IP's and am interested to hear if you we
address 172.20.52.206 port 1812
Listening on accounting address * port 1813
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address 172.20.52.206 port 1814
Ready to process requests.
rad_recv: Accounting-Request packet from host 172.20.40.11 port 102
On 10/11/11 08:15, Alejandro Gandara wrote:
Hi Alan,
Thanks for your answers and excuse me for my english fill of mistakes.
2011/11/10 Alan DeKok mailto:al...@deployingradius.com>>
Alejandro Gandara wrote:
> I'm authenticating users in RADIUS against LDAP, if I login from
> compu
Thanks for your answer. I think I've changed the following things to try to
remove DOMAIN:
./modules/preprocess: with_ntdomain_hack = yes
./modules/mschap:with_ntdomain_hack = yes
./eap.conf: with_ntdomain_hack = yes
I hope this could help, If you know more information I cou
Alejandro Gandara wrote:
> This is my debug output:
Well... you deleted a lot of the default configuration. It now
doesn't work. I'm not sure why.
Use the default configuration. It works. Change as little as possible.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freer
symlink it to the actual file .
On Thu, Nov 10, 2011 at 2:11 PM, Harshavardhan chillakuru <
harshac...@gmail.com> wrote:
> 1. when i run the radius for debugging mode using *radusd -X*command i
> got error like
> *bash: radiusd: command not found*
>
> 2. ./radiusd: error while loading
1. when i run the radius for debugging mode using *radusd -X* command
i got error like *bash: radiusd: command not found*
2. ./radiusd: error while loading shared libraries:
libfreeradius-radius-2.1.12.so: cannot open shared object file: No such
file or directory
-
List info/subscribe/un
Hi Alan,
Thanks for your answers and excuse me for my english fill of mistakes.
2011/11/10 Alan DeKok
> Alejandro Gandara wrote:
> > I'm authenticating users in RADIUS against LDAP, if I login from
> > computer with 802.1x configured and users and password taken from domain
> > automatic. Im ge
25 matches
Mail list logo
