Hi,
On Fri, Feb 03, 2012 at 08:22:38AM +0100, NdK wrote:
Il 02/02/2012 21:59, Matthew Newton ha scritto:
/usr/bin/net ads search -P (mail=%{User-Name}) sAMAccountName|grep
sAMAccountName|sed s/^[^ ]* //
(maybe it's possible to do the same without using grep and sed, but it's
been just
Hi,
I'm having problems configuring authentication attributes which were send to
the NAS. I don't know why FreeRADIUS doesn't check attributes that NAS sends
- only check called-stattion-id (maybe I should to complete the
configuration... I don't know how).
I don't have clear what I should to
tonimanel wrote:
I'm having problems configuring authentication attributes which were send to
the NAS. I don't know why FreeRADIUS doesn't check attributes that NAS sends
- only check called-stattion-id (maybe I should to complete the
configuration... I don't know how).
Learn how to ask
Hi,
I'm having problems configuring authentication attributes which were send to
the NAS. I don't know why FreeRADIUS doesn't check attributes that NAS sends
- only check called-stattion-id (maybe I should to complete the
configuration... I don't know how).
FreeRADIUS will check whatever you
On 02/02/2012 05:33 PM, NdK wrote:
Il 02/02/2012 13:35, McNutt, Justin M. ha scritto:
Thoughts? Opinions? Better ways to accomplish any/all of this?
Briefly, there's probably not much you can do to improve this. If you
have such a complex domain environment, you're going to have to write
On 02/03/2012 12:27 AM, Dan Letkeman wrote:
This would be a nightmare to manage. We have 2000+ clients. I see
the advantage, if the certificate was compromised that this would be
important, but how in the world would you manage this?
Use the Microsoft CA, and use machine auto-enrollment.
I think that I have not explained very well.
I disagree Alan Dekok. Sorry if you think that I'm talking about my
implementation, but I think that is correct to explain (or at least try)
what happen in my case. I think that another users could have these
problems. Or if you configure some service
Hi,
Personally we (plan to) use PEAP/MS-CHAP, and check the machine account
against AD using ntlm_auth.
this is what we do for machine authentication (wired/wireless)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Fri, Feb 3, 2012 at 7:54 PM, tonimanel
antoniofernan...@fabergames.com wrote:
I think that I have not explained very well.
I disagree Alan Dekok. Sorry if you think that I'm talking about my
implementation, but I think that is correct to explain (or at least try)
what happen in my case. I
tonimanel wrote:
I disagree Alan Dekok. Sorry if you think that I'm talking about my
implementation,
I never said that.
I think that another users could have these
problems. Or if you configure some service and it works fine, but something
you don't know how works, what would you do?
I
Ok, so there are two problems with these scenarios in our environment.
We do not run AD, we run eEdirectory, and the computers are not
assgined to the users, they are all shared computer labs. This is why
having separate certs for each machine is impossible as we would have
to go around and
Sorry. I wouldn't like to be ban of list. Thanks for your help. I will read
again the configuration and then I will try to configure it.
I had copied an old configuration, for this reason appears this error in sql
query.
Thanks for your help and sorry again.
--
View this message in context:
On 02/03/2012 02:08 PM, Dan Letkeman wrote:
Ok, so there are two problems with these scenarios in our environment.
We do not run AD, we run eEdirectory, and the computers are not
assgined to the users, they are all shared computer labs. This is why
Ah.
This has come up on the list before. I
Dear List,
I have been using Freeradius for couple of years. Freeradius is installed on
FreeBSD with mpd. All is working fine with Mac based Calling-station. I have
problem with one username. With that particular user nothing works I mean he
can bypass password, expiration and
Fazal Ahmed Malik wrote:
I have been using Freeradius for couple of years. Freeradius is
installed on FreeBSD with mpd. All is working fine with Mac based
Calling-station. I have problem with one username. With that particular
user nothing works I mean he can bypass password, expiration and
Actually once I removed its MAC address from database. But now nothing works
for it. If I put expiration date MAC address as calling-station or change
password. User can login.
Fazal Ahmed Malik
-Original Message-
From: freeradius-users-bounces+fam=solacetel@lists.freeradius.org
Hi,
NAS' attibute. In my case, I have configured in Mikrotik a location name
that in radgroupcheck is WISPr-Location-Name, why these values were not
compared? And another problem that I'm having is that when user login seems
that NAS (Mikrotik in my case) does nor receive session time left
Il 03/02/2012 12:51, Matthew Newton ha scritto:
Apologies - I meant that finding the answer to your 'trick' is not
a FreeRADIUS thing. It's a directory lookup, or identity
management type issue.
There must be a misunderstanding. I'm not asking advice about the query
itself (that would be OT
On 02/03/2012 04:56 PM, NdK wrote:
There must be a misunderstanding. I'm not asking advice about the query
itself (that would be OT here).*Given* that the query should (and that
'should' is not FR-related) return a 4-rows answer that I must translate
to a single row, how do I translate it to a
Il 03/02/2012 13:48, Phil Mayers ha scritto:
This doesn't work, unless username == email local part.
*or* win uses the username to calculate the response. Since users *can*
actually log in to their accounts using their mail address... Maybe win
caches (or looks up) the real username?
Exactly.
On 02/03/2012 05:23 PM, NdK wrote:
*or* win uses the username to calculate the response. Since users *can*
actually log in to their accounts using their mail address... Maybe win
caches (or looks up) the real username?
Sure. If the client uses the right values as input to the crypto hash,
Il 03/02/2012 18:57, Phil Mayers ha scritto:
FreeRADIUS is a bit complex in this area, because of the age of the code
involved. But basically:
1. with_ntdomain_hack = yes on the mschap module strips leading DOMAIN\
So it's not an hack. It's follow_mschap_specs :)
2. Otherwise, you have to
When private key corresponding to digital certificate is stored on
computer's hard disk it is not stored securely. The only way to store
private key securely is using smart card.
Private key is stored on smart card in a way that it cannot be read.
Computer send data to the smart card and
23 matches
Mail list logo
