In general there are three steps in processing of Access-Request:
- identify
- authenticate
- authorize
First you need to identify subscriber. In general you should consult
subscriber database (backend). To minimize number of round-trips with
subscriber database it will be better to return
Hi,
I'm a little bit confused, I configure radius with self signed cert,
peap+mschap, so if I tried to connect with an android or apple device I
get the question if I want to accept the server cert, thats ok, but with
windows or linux I get the error that there is no cert, but it still
works, why
Phil,
Thank you, I will test the configuration and I will make a try in
real world with that. Hope it work!
Regards,
Nataniel Klug
--
-Mensagem original-
De: freeradius-users-bounces+listas.nata=cnett.com...@lists.freeradius.org
[mailto:freeradius-users-
Andreas Rudat wrote:
I'm a little bit confused, I configure radius with self signed cert,
peap+mschap, so if I tried to connect with an android or apple device I
get the question if I want to accept the server cert, thats ok, but with
windows or linux I get the error that there is no cert, but
Jakub Pech wrote:
please can anybody give me a hint how to get vendor specific atributes
from LDAP and send it to the NAS? My freeradius version is 2.1.7-7.el5.
See the ldap.attrmap file. This is documented.
VSAs are just attributes. Use the name. Nothing else needs to be done.
When I
Mohd Khaldi wrote:
I have question how to find number of Access_Requests and
Accounting_R_equest _are actualy in the Radius queue.
You don't.
In the git master branch, most of those stats are exported.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Hi,
See the ldap.attrmap file. This is documented.
I sent the rows I've added to ldap.attrmap in my previous mail. Is there
anything wrong??
Well... where did you define it?
First in users file for testing purposes. Worked OK. Then in LDAP.
Thanks Jakub
Dne 24.11.11 13:08, Alan DeKok
On Thu, Nov 24, 2011 at 7:30 PM, Jakub Pech jakub.p...@spinoco.com wrote:
Hi,
See the ldap.attrmap file. This is documented.
I sent the rows I've added to ldap.attrmap in my previous mail. Is there
anything wrong??
Normally an ldap attribute will be translated as a radius check or
reply
Am 20.11.2011 13:05, schrieb Alan DeKok:
Andreas Rudat wrote:
thats what I tried, but I get no info from the other client, only if I
them ping each other. Encryption is wpa+aes and what I should see if it
is encrypted? tls infos?
This is a network connectivity problem. It isn't a RADIUS
Hi,
Normally an ldap attribute will be translated as a radius check or
reply item, not both (which is what you did).
First I had only radius check. I added radius reply later while testing.
I'm almost sure that that is not the cause of my problem.
Please can anybody send me the steps to get
Hi,
are there any and I don't see them, besides man pages/config files?
Thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Hi,
are there any and I don't see them, besides man pages/config files?
what is it that you are after? what do you define by 'technical' ?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Am 24.11.2011 16:04, schrieb Alan Buxey:
Hi,
Hi,
are there any and I don't see them, besides man pages/config files?
what is it that you are after? what do you define by 'technical' ?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
for example how
Andreas Rudat wrote:
for example how does exactly auth. works or the radius protocol works
We don't document RADIUS. See the RFCs for that.
As for how the server works, see the doc directory. There are a lot
of files there describing how the server works.
Alan DeKok.
-
List
In documentation of freeradius 1.x I found that I have to import
RADIUS-LDAPv3.schema to OpenLDAP. If I understand right radius server
need to know the LDAP structure to be able to get values from defined
attributes.
But in freeradius 2.x there is no RADIUS-LDAPv3.schema and I did not
find
Am 24.11.2011 16:33, schrieb Alan DeKok:
Andreas Rudat wrote:
for example how does exactly auth. works or the radius protocol works
We don't document RADIUS. See the RFCs for that.
As for how the server works, see the doc directory. There are a lot
of files there describing how the
Jakub Pech wrote:
But in freeradius 2.x there is no RADIUS-LDAPv3.schema and I did not
find any other schema file where I should add my LDAP attributes.
See doc/examples/
Do I have to import my OpenLDAP schema to freeradius to be able to get
Vendor Specific Attributes from it?
You'll
The rlm_perl Documentation (in the Wiki) lists the $type values for
radiusd::radlog($type, $message) as
0 - Debug
1 - Auth
2 - Proxy
3 - Info
4 - Error
while include/radiusd.h says
#define L_DBG 1
#define L_AUTH
- identify
- authenticate
- authorize
Ah, thanks! I understand the process much better now, replacing the section
names (authorize, authenticate, post-auth) with what you gave (identify,
authenticate, authorize).
Put your authorization policies in [the post-auth] section.
OK, now it all
Alan DeKok napsal(a):
See doc/examples/
I've edited openldap.schema and add new attributetype + add new
attribute to radiusprofile class. This schema I applied also to my
OpenLDAP server. Does freeradius get the LDAP schema from
docs/examples/openldap.schema file? The path docs/examples is
What are you going to send from authenticate? It should be simple, password
correct or password wrong. Everything else should be in post auth, authorize or
post proxy even
alan
--
Message may be brief as it has been sent from my mobile
-
List info/subscribe/unsubscribe? See
Hi,
See doc/examples/
I've edited openldap.schema and add new attributetype + add new
attribute to radiusprofile class. This schema I applied also to my
OpenLDAP server. Does freeradius get the LDAP schema from
docs/examples/openldap.schema file? The path docs/examples is confusing
On Thu, Nov 24, 2011 at 9:43 PM, Jakub Pech jakub.p...@spinoco.com wrote:
Hi,
Normally an ldap attribute will be translated as a radius check or reply
item, not both (which is what you did).
First I had only radius check. I added radius reply later while testing.
I'm almost sure that that is
On Thu, Nov 24, 2011 at 11:49 PM, Edgar Fuß e...@math.uni-bonn.de wrote:
- identify
- authenticate
- authorize
Ah, thanks! I understand the process much better now, replacing the section
names (authorize, authenticate, post-auth) with what you gave (identify,
authenticate, authorize).
24 matches
Mail list logo
