You defined the huntgroup. You didn't *use* it to limit sessions.
In the users file:
DEFAULT Huntgroup-Name == maxxer, Max-Daily-Session := 60
Can I use SQL to define HG properties?
I.e. setting Max-Daily-Session in radgroupcheck? Or should it be radcheck?
thanks!
--
Lorenzo
Le 24/01/2013 16:17, a.l.m.bu...@lboro.ac.uk a écrit :
Hi,
A little question, when i run freeradius in debug mode ( freeradius -XX),
ii can't see the User-Password!
what method are you using? looks like EAP - in which case , depending on the
phase2 method used, you might not see a
Hi,
I’m trying to deploy FreeRadius as an accounting solution in my network. my
scenario is like this:
[image attached]
Fortigate Firewall is already integrated with Active Directory and may send
authenticated requests to FreeRadius, which is as well integrated with Active
Directory.
The work
Hi,
Well, RFC 3579 2.6.5 says : If EAP-Message, then there MUST not be a
Reply-Message. I understand the point on this based on the RFC.
check RFC 5080 - which updates that RFC. however, your reply message is
not going on as part of the EAP conversationyou are sending the reply
message to
On 01/25/2013 06:56 AM, Olivier Beytrison wrote:
Would this still be illegal and would I end in jail ? ;)
We do it; it works fine. I'll be honest, I have no idea if it's illegal
per spec, but don't really care - denying Reply-Message in
Access-Reject/Accept containing EAP-Message doesn't
Thanks for your answer; I've been testing FreerRadius authentication against
Active Directory with Microsoft RRAS setting FreeRadius as the RADIUS server
for it and the authentication worked and as for the next step I'll go on
configuring my Fortigate firewall to use FreeRadius as a RADIUS
Hello All,
Could someone tell me if it is possible to terminate PEAP on a freeradius
server then proxy the request to an NPS server using MSCHAPv2?
Thenk you and best regards,
Bertalan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
You will post a question ONCE, and only once. Replying to other
threads with your question is rude.
Don't do it.
Your configuration is possible.
1) FreeRADIUS stores all accounting data in the detail file. Or, in
SQL. See the raddb/sql/.../dialup.conf file. They're text for a
reason.
Lorenzo Milesi wrote:
You defined the huntgroup. You didn't *use* it to limit sessions.
In the users file:
DEFAULT Huntgroup-Name == maxxer, Max-Daily-Session := 60
Can I use SQL to define HG properties?
No. Huntgroups are defined in the huntgroup file. You use the
SQL-Group
On 01/25/2013 01:19 PM, Bertalan Voros wrote:
Hello All,
Could someone tell me if it is possible to terminate PEAP on a
freeradius server then proxy the request to an NPS server using MSCHAPv2?
Yes. Simply set Proxy-To-Realm in inner-tunnel/authorize, and
FreeRADIUS will proxy the packets.
Hi Phil,
Thanks a lot for the quick response.
The reason I was attempting this is because I have to provide a service for
roaming users and I was having issues with obtaining a certificate for the
NPS server.
Does this mean that I could use a self signed certificate for the NPS that
is
Hi,
Could someone tell me if it is possible to terminate PEAP on a
freeradius server then proxy the request to an NPS server using MSCHAPv2?
Yes. Simply set Proxy-To-Realm in inner-tunnel/authorize, and
FreeRADIUS will proxy the packets.
..and be aware that any clients that have strict
The clients are employees of a fairly loose network of companies, each on
their own AD, some doesn't even have ad.
A frustrating mixture of Windows and OSX.
We maintain a central AD with all the user accounts in it but there are no
machines associated with that AD.
The self signed certificate
Hi,
We maintain a central AD with all the user accounts in it but there are no
machines associated with that AD.
any reasons for proxying to the NPS rather than binding the FR system into the
AD
and authenticating locally?
The self signed certificate works but people get prompted
Hi,
The reason I was attempting this is because I have to provide a service
for roaming users and I was having issues with obtaining a certificate for
the NPS server.
whats wrong with just using your current FR certificate on the NPS box?
Does this mean that I could use a self
Bertalan Voros wrote:
The self signed certificate works but people get prompted to accept it
and we were asked if it was possible for that to not happen.
So give them the CA used to sign that certificate. The message will
go away.
You can fix a problem so that it never happens again. Or,
Hi Alan,
Thanks for your insight, you are absolutely correct regarding the issues.
I will have to find a compromise that is acceptable by everyone.
We maintain a central AD with all the user accounts in it but there
are no
machines associated with that AD.
any reasons for proxying
Am 25.01.2013 16:25, schrieb Bertalan Voros:
Hi Alan,
Thanks for your insight, you are absolutely correct regarding the issues.
I will have to find a compromise that is acceptable by everyone.
Post somewhere, e.g. possibly on a captive portal, a link to the CA
certificate with instruction on
18 matches
Mail list logo
