Hi again,
I don't know why my FreeRADIUS server doesn't send session-timeout and
another attributes like radius-location-name or radius-location-id (all in
Mikrotik NAS). In FreeRADIUS older versions, I think that this attributes
were sent automatically with the dictionary activation.
Anybody
tonimanel wrote:
I don't know why my FreeRADIUS server doesn't send session-timeout and
another attributes like radius-location-name or radius-location-id (all in
Mikrotik NAS). In FreeRADIUS older versions, I think that this attributes
were sent automatically with the dictionary activation.
Hello all,
I'm trying to authenticate workstations with their MAC address.
Here my problem during authenticate :
rad_recv: Access-Request packet from host 192.168.64.5 port 5001, id=138,
length=136
User-Name = 00-15-c5-b2-d7-f1
User-Password = 00-15-c5-b2-d7-f1
Rodrigo Yoshioka wrote:
Does anyone have explanations about this error?? I couldn´t find
something understandable about it on the internet.
There are TONS of references to it on this list.
Error: Dropping conflicting packet from client PPPoE_FTTH:41882 - ID: 66
due to unfinished request
On 02/01/2012 09:57 PM, McNutt, Justin M. wrote:
Thoughts? Opinions? Better ways to accomplish any/all of this?
Briefly, there's probably not much you can do to improve this. If you
have such a complex domain environment, you're going to have to write
complex policies OR mandate your users
Hi Alan,
Thanks for your reply.
I wanted to say counter.conf. In that file we can define counters that
theorically sends attributes to the NAS, in my case Mikrotik. I have enabled
Mikrotik's dictionary. So, I should to add all attributes inside of
counter.conf file in all directives defined ,
Il 01/02/2012 22:57, McNutt, Justin M. ha scritto:
So I'm working on a way to Improve the User Experience. I've gotten a LONG
way, but now I'm stuck. Here's the short/long version (all details, without
undue explanation or discussion of what I tried that doesn't work):
Done nearly the same
tonimanel wrote:
I wanted to say counter.conf.
Which one?
In that file we can define counters that
theorically sends attributes to the NAS, in my case Mikrotik. I have enabled
Mikrotik's dictionary. So, I should to add all attributes inside of
counter.conf file in all directives defined ,
On 02/02/2012 12:35 PM, McNutt, Justin M. wrote:
We just finished a many-year span trying to get users to understand
and use DOM\user. They don't get it, at least not consistently. A
Not unreasonably. It's a failure of the IT Industry to solve
credentials. Most attention gets paid to
I find the solution.
In fact, I forgot to set Cleartext-Password in the users file...
Thanks.
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/MAC-auth-with-checkval-No-authenticate-method-Auth-Type-tp5450017p5450841.html
Sent from the FreeRadius - User mailing list
Hi,
I was able to figure out my clock skew issue. I had to go to regedit on my
2008 Server and goto:
HKEY_LOCAL_MACHINESYSTEMCurrent Control SetservicesW32Time Parameters
Then select NTP Server to change the server address ip and change the Type to
NTP
I was able to join the domain correctly
Gilmour, Scott wrote:
I was able to figure out my clock skew issue. I had to go to regedit on my
2008 Server and goto:
HKEY_LOCAL_MACHINESYSTEMCurrent Control SetservicesW32Time Parameters
Then select NTP Server to change the server address ip and change the Type to
NTP
That's good.
I
On 02/02/2012 02:45 PM, Gilmour, Scott wrote:
Hi,
I was able to figure out my clock skew issue. I had to go to regedit on my
2008 Server and goto:
HKEY_LOCAL_MACHINESYSTEMCurrent Control SetservicesW32Time Parameters
Then select NTP Server to change the server address ip and change the Type
Hi,
I have a 2008 Server Certificate Authority. I want to use my 2008 Server
Certificates with my FreeRadius Server.
I have been searching online but haven't found anything that fully explains how
to accomplish this.
I know I will need to use openssl to accomplish this. Does anybody know of a
First sorry for the inconvenience of my consultations.
I think that I have been clear. When a user wants access to my FreeRADIUS,
user tries login, and then FreeRADIUS service checks session time of
username, make some actions and lastly replies with attributes to the NAS
(in my case Mikrotik).
On 02/02/2012 04:19 PM, Gilmour, Scott wrote:
Hi,
I have a 2008 Server Certificate Authority. I want to use my 2008 Server
Certificates with my FreeRadius Server.
I have been searching online but haven't found anything that fully explains how
to accomplish this.
I know I will need to use
tonimanel wrote:
I think that I have been clear. When a user wants access to my FreeRADIUS,
user tries login, and then FreeRADIUS service checks session time of
username, make some actions and lastly replies with attributes to the NAS
(in my case Mikrotik). NAS, in my case, should receives
Il 02/02/2012 13:35, McNutt, Justin M. ha scritto:
Thoughts? Opinions? Better ways to accomplish any/all of this?
Briefly, there's probably not much you can do to improve this. If you
have such a complex domain environment, you're going to have to write
complex policies OR mandate your
Hi Alan,
Thanks again for your reply. I will check later.
I will report news here ...
Regards,
Toni.
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Problems-sending-session-timeout-tp5433107p5451438.html
Sent from the FreeRadius - User mailing list archive at
Thank you for the quick reply.
Would you recommend doing anything differently? Perhaps a different EAP type?
If I wanted redundancy should I just setup a secondary radius server
with the same settings and add it to the list of servers that are
available?
Thanks,
Dan.
On Thu, Feb 2, 2012 at
Il 02/02/2012 15:45, Gilmour, Scott ha scritto:
I was wondering if this is because we installed winbind4 rather than winbind?
DON'T! Samba4 is not yet ok for production.
Use samba-winbind-3.5.11 .
After basic config of smb.conf (I posted mine some days ago) you can do:
net ads join -U
On Thu, Feb 02, 2012 at 06:33:19PM +0100, NdK wrote:
I'm trying (with no luck :( ) to use
/usr/bin/net ads search -P (mail=%{User-Name}) sAMAccountName|grep
sAMAccountName|sed s/^[^ ]* //
(maybe it's possible to do the same without using grep and sed, but it's
been just a quick test --
Hi,
On Wed, Feb 01, 2012 at 10:25:29PM -0600, Dan Letkeman wrote:
We primarily use windows 7 on the machines that will authenticate, and
they are all connected to cisco switches and access points. If I
understand things correctly I have the option of authenticating based
on users,
On Thu, Feb 2, 2012 at 4:47 PM, Matthew Newton m...@leicester.ac.uk wrote:
Hi,
On Wed, Feb 01, 2012 at 10:25:29PM -0600, Dan Letkeman wrote:
We primarily use windows 7 on the machines that will authenticate, and
they are all connected to cisco switches and access points. If I
understand
On Thu, Feb 02, 2012 at 06:27:31PM -0600, Dan Letkeman wrote:
On Thu, Feb 2, 2012 at 4:47 PM, Matthew Newton m...@leicester.ac.uk wrote:
That will work, but you shouldn't. Create a different certificate
for each client, and for the radius server, all signed by the same
CA.
This would be
Il 02/02/2012 21:59, Matthew Newton ha scritto:
/usr/bin/net ads search -P (mail=%{User-Name}) sAMAccountName|grep
sAMAccountName|sed s/^[^ ]* //
(maybe it's possible to do the same without using grep and sed, but it's
been just a quick test -- suggestions welcome).
Have you tried
Il 03/02/2012 01:27, Dan Letkeman ha scritto:
That will work, but you shouldn't. Create a different certificate
for each client, and for the radius server, all signed by the same
CA.
This would be a nightmare to manage. We have 2000+ clients. I see
the advantage, if the certificate was
27 matches
Mail list logo
