Look at the linelog module and be thankful for having the ability to do such
things with Freeradius...what would you do if you only had eg NPS?
alan
--
This smartphone uses free WiFi around the world with eduroam, now that's what I
call smart.
-
List info/subscribe/unsubscribe? See http://www.
Hi,
> I'm deploying a WiFi proxy center with FreeRadius now, therefore I need
> detailed auth/acct log records for statistical purpose.
>
> While default format of detail log cannot satisfy my goal there, so is
> there any way to define my own customized format of auth/acct log file?
>
> for exa
Hi all,
I'm deploying a WiFi proxy center with FreeRadius now, therefore I need
detailed auth/acct log records for statistical purpose.
While default format of detail log cannot satisfy my goal there, so is there
any way to define my own customized format of auth/acct log file?
for example, for
On 11 October 2012 14:48, Phil Mayers wrote:
> On 11/10/12 12:55, Bryce Mackintosh wrote:
>
>
>> Okay, ignoring how I currently have things setup, how would other people
>> go about controlling the users and devices on a wifi network by means of
>> 802.1x, freeradius using AD for authentication a
On 11/10/12 16:23, Hocine M wrote:
Hi,
First apologize my english, j'm french.
No problem.
i don't use the default virtual server, i only use one
filel3_wifi_peap (where i use sql_auth for auth and sql_acct for
accounting)
Your config is broken:
+- entering group authorize {...}
++[p
On 11/10/12 15:13, Walter Huf wrote:
For a certain use-case of mine, I need to connect to the Active
Directory Global Catalog port of 3268 and do a search with a BaseDN of
"". What is the correct way to do this with FreeRADIUS?
Why doesn't it work if you just use an empty string? From the code,
For a certain use-case of mine, I need to connect to the Active
Directory Global Catalog port of 3268 and do a search with a BaseDN of
"". What is the correct way to do this with FreeRADIUS?
The solution I have come up with is to change the LDAP xlat function to
not escape any spaces, which allows
Alexandros Gougousoudis wrote:
> That's not clear. Why would that break EAP if the workstations are
> sending a different Login?
You said you wanted to add a string to hostname. Don't do that.
Editing it in FreeRADIUS will break things.
> It already does, depending on LAN or WLAN
> Logins. I d
On 11/10/12 12:43, Alexandros Gougousoudis wrote:
Hi,
we're using FR 2.0 for our machine authentication for XP to Win7 with
EAP-TLS. Everything is working so far, but I noticed a difference
between authenticating via WLAN and LAN, which starts to be a problem
for us now. If I make a auth via LAN
On 11/10/12 12:55, Bryce Mackintosh wrote:
Okay, ignoring how I currently have things setup, how would other people
go about controlling the users and devices on a wifi network by means of
802.1x, freeradius using AD for authentication and Win XP Pro SP3
We don't bother. It's not obvious why
I'm sorry, I don't have time right now to help you, but you are on the
right track. Windows has a feature "Machine Authentication" where the
station authenticates (using the $hostname and a secret credential
created at domain join) with a Domain controller before the user login.
On an hardw
Hi Alan,
thanks for your reply!
Alan DeKok schrieb:
"host/" as a realm for our Radsecproxy, I'd like to change the
behauviour for the authentication via LAN and add a string to the
Don't. You will break EAP.
That's not clear. Why would that break EAP if the workstations are
se
Ignore My stupidity.
I figured it out...
I'll make a wiki and make my script public
Med venlig hilsen | Best regards
Thomas Raabo
Senior Network Engineer CCIE #33466
_
t...@zitcom.dk | Direkte: +45 69 10 60 18 | Tlf.: +45 70 23 55 66
-Oprindel
Ups. The output was copy-pasted wrong.
Med venlig hilsen | Best regards
Thomas Raabo
Senior Network Engineer CCIE #33466
_
t...@zitcom.dk | Direkte: +45 69 10 60 18 | Tlf.: +45 70 23 55 66
-Oprindelig meddelelse-
Fra: freeradius-users-boun
Thomas Raabo - Zitcom A/S wrote:
> The only thing missing to getting this workin is getting the state number to
> the script.
...
> [ZOTP] expand: %{reply:State} ->
Are you sure it's in the reply?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks phil...
I´am close now.
The only thing missing to getting this workin is getting the state number to
the script.
On the second run after the challenge I don't get the state number passed..
++[logintime] returns noop
[pap] Normalizing SHA-Password from hex encoding
[pap] WARNING: Auth-Ty
Bryce Mackintosh wrote:
> I'm currently using FreeRadius to control access to our wifi network
> with PEAP-TLS, and authenticating users against their AD accounts. I now
> need to somehow additionally restrict the users wifi access to only the
> machines that are joined to the Windows domain, and n
Alexandros Gougousoudis wrote:
> we're using FR 2.0 for our machine authentication for XP to Win7 with
> EAP-TLS. Everything is working so far, but I noticed a difference
> between authenticating via WLAN and LAN, which starts to be a problem
> for us now. If I make a auth via LAN the provided user
Koenraad Lelong wrote:
> Then I hope the vendor makes available that documentation.
Good luck. A lot of vendors are pretty bad with documentation.
> Bottom line, I need to ask the vendor : I need this and this feature,
> are those features supported by Freeradius ?
FreeRADIUS supports every
On 11 October 2012 11:45, Phil Mayers wrote:
> On 11/10/12 11:03, Bryce Mackintosh wrote:
>
>> Hi,
>>
>> I'm currently using FreeRadius to control access to our wifi network
>> with PEAP-TLS, and authenticating users against their AD accounts. I now
>> need to somehow additionally restrict the us
Hi,
we're using FR 2.0 for our machine authentication for XP to Win7 with
EAP-TLS. Everything is working so far, but I noticed a difference
between authenticating via WLAN and LAN, which starts to be a problem
for us now. If I make a auth via LAN the provided username ist
, if I do it via WLA
On 11/10/12 11:53, Thomas Raabo - Zitcom A/S wrote:
How do you change the order it phil?
You type things in the right order.
As per my original email, do this:
authorize {
...
YOUR_EXEC_MODULE
if (updated) {
...
}
...
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/
How do you change the order it phil?
Med venlig hilsen | Best regards
Thomas Raabo
Senior Network Engineer CCIE #33466
_
t...@zitcom.dk | Direkte: +45 69 10 60 18 | Tlf.: +45 70 23 55 66
-Oprindelig meddelelse-
Fra: freeradius-users-bounce
On 11/10/12 11:03, Bryce Mackintosh wrote:
Hi,
I'm currently using FreeRadius to control access to our wifi network
with PEAP-TLS, and authenticating users against their AD accounts. I now
need to somehow additionally restrict the users wifi access to only the
machines that are joined to the Win
On 11/10/12 10:57, Thomas Raabo - Zitcom A/S wrote:
Thats seems like a way to go.
But your right... Its very hard to find documentation on this topic.
Sure. The assumption is that Access-Challenge methods are generated by
auth method code in "rlm". It's a testament to how flexible the server
Hi,
I'm currently using FreeRadius to control access to our wifi network with
PEAP-TLS, and authenticating users against their AD accounts. I now need to
somehow additionally restrict the users wifi access to only the machines
that are joined to the Windows domain, and not phones, ipads, etc, and
Thats seems like a way to go.
But your right... Its very hard to find documentation on this topic.
Changed it and now
It seems that update check I checket way before th script.
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing SHA-Password from hex e
On 10/11/2012 09:23 AM, Thomas Raabo - Zitcom A/S wrote:
I´am trying to create a php OTP script with challenge reponse.
echo "Reply-Message += \"Enter SMS\",\n";
echo "State += \"$random\",\n";
echo "Response-Packet-Type = \"Access-Challenge\",\n";
I think that needs to be a control item, no
1 there is no such word as authentification, its just 'authentication'
2 your client is trying to do EAP-TLS
3 check FreeRADIUS compatability matrix because when you do use eg PEAP (and
have the CA cert on the client, the MSCHAPv2 will only work with passwords from
LDAP in certain formats
ala
I´am trying to create a php OTP script with challenge reponse.
echo "Reply-Message += \"Enter SMS\",\n";
echo "State += \"$random\",\n";
echo "Response-Packet-Type = \"Access-Challenge\",\n";
exit(4);
Reply and State gets sent to the client. But I can´t seem to get challenge
response to work.
H
Thank you very much Alan,
for the thorough and concise explanation (it's working!), as well as for
the great job you're doing.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
i have got a realy annoing authentification problem and i would be glad if
you could help me.
I use a Cisco Aironet 1130ag Access Point, the radius-server is a Debian
Squeeze (6.0.5) and i installed FreeRadius Version 2.1.10 from the packet
sources.
After i made some changes to the /etc/
On 09-10-12 17:02, Alan DeKok wrote:
Koenraad Lelong wrote:
Is there a document that I consult so I know what to look for if I want
more than just authentication with radius ?
See the NAS vendor documentation.
Then I hope the vendor makes available that documentation. At the moment
I'm
33 matches
Mail list logo