Re: how to disable a particular EAP type in freeradius2 for a particular ESSID ?

2012-02-11 Thread Riccardo Veraldi
On 2/10/12 6:54 PM, Alan Buxey wrote: Yes. Perfectly possible...just need to make copies of the 'files' module file, then give it is name (as per docs), then out a different users file in the second copy. In the virtual server you can then call the copy of the files module that uses that

Re: Freeradius GUI admin tool for SQL user entries?

2012-02-11 Thread Fajar A. Nugraha
On Fri, Feb 10, 2012 at 10:53 PM, Peter Moreton peter.more...@cbi.org.uk wrote: Having got a working FREERADIUS + MySQL setup working, with usernames and MD5 password hashes being held in the radcheck SQL table. Now, I’m wondering if there is any neat, GUI admin tool to allow our sysadmins to

Re: Source for freeradius-server-2.0.4

2012-02-11 Thread Fajar A. Nugraha
On Sat, Feb 11, 2012 at 1:14 PM, Stefan Winter stefan.win...@restena.lu wrote: ftp://ftp.freeradius.org/pub/freeradius/old/ ... or https://github.com/alandekok/freeradius-server/tags , although the archive name is different. -- Fajar On 11.02.12 03:32, Charles H. Fisher wrote: Do you know

Re: Source for freeradius-server-2.0.4

2012-02-11 Thread Alan DeKok
Charles H. Fisher wrote: I have heavily patched version of freeradius-server-2.0.4 That I would like to migrate forward to the current version. This requires that I know what changes were made to the standard 2.0.4. I have not been able to find a copy of it on the internet, and the archives

Re: how to disable a particular EAP type in freeradius2 for a particular ESSID ?

2012-02-11 Thread Alan DeKok
Riccardo Veraldi wrote: Yes I wanted to use this solution but the problem is that when my Cisco 1200 access points contact freeradius, there is no SSID like attribute in the communication, in the request there is no SSID.. See the Called-Station-Id attribute. The SSID should be buried

Re: Another LDAP/MSCHAPv2 problem

2012-02-11 Thread Phil Mayers
On 02/10/2012 05:46 PM, Alan Buxey wrote: Hmmm. Don't update user-name. Set or update stripped-user-name instead and use that in the mschap auth The mschap module doesn't honour Stripped-User-Name anywhere. The only place it would work would be in the ntlm_auth command line xlat, and he's

Re: Optimizing ldap queries to AD using users file on freeradius 2.1.12

2012-02-11 Thread Phil Mayers
On 02/10/2012 05:53 PM, Luis Písco wrote: But the My-Group==2 is not evaluated. It is not possible to assign a value to an item and use it later on the users file? No. The example you show sets My-Group on the *reply*. The users file can match on request items only. It is possible get

Re: LDAP Binding

2012-02-11 Thread Phil Mayers
On 02/10/2012 09:09 PM, NdK wrote: Can't create users in AD. Just machine accounts. Maybe it's possible to use the (or a dedicated) *machine* account credentials? rlm_ldap just needs a bind DN. Any ldap DN with permissions to bind to the directory and execute the searches you need will

Freeradius rlm_pam

2012-02-11 Thread Mark
Hello, While my eventual goal is GTC + PAM, I'm struggling to get the innner-tunnel request to successfully authenticate my user through PAM. I've made the following configuration changes from a clean installation of 2.1.12 on a Gentoo Linux system: 1. Added wap to the clients file 2. Put certs

Re: Freeradius rlm_pam

2012-02-11 Thread Matthew Newton
On Sat, Feb 11, 2012 at 11:07:36AM -0800, Mark wrote: Reading the Wiki and previous help responses on this list, I see that Auth-Type shouldn't have to be forced. Normally, yes - looks like PAM is an exception. http://freeradius.org/radiusd/doc/rlm_pam It only has an authenticate method, so

Re: Freeradius rlm_pam

2012-02-11 Thread Mark
On Sat, Feb 11, 2012 at 3:23 PM, Matthew Newton m...@leicester.ac.uk wrote: update control {  Auth-Type := 'pam' } Thanks! When I run rad-test it successfully returns Access-Accept. I'm not able to authenticate my client. I'm trying to use EAP-GTC on the inner-tunnel. I realize this isn't

RE: Cetificates to Use with Ubuntu Server

2012-02-11 Thread Gilmour, Scott
Hi, I have Ubuntu Server installed and I have a Windows 2008 Server Certificate Authority When I type the openssl command I keep on getting this error: CA certificate and CA private key do not match Any help or suggestions would be appreciated. Thanks Scott Ps. I was able to get Samba to