Hi list,
I'm searching the best way to configure an authorization based on both Host +
Username ( mschapv2
+ /usr/bin/ntlm_auth) but not Host or Username.
Is it possible to verify host with mschapv2 and if the module return ok proceed
to username
verfication with the same module ?
Thanks
On 24/06/13 12:47, nicolas@ricoh-industrie.fr wrote:
Hi list,
I'm searching the best way to configure an authorization based on
both Host + Username ( mschapv2 + /usr/bin/ntlm_auth) but not Host
*or* Username.
Is it possible to verify host with mschapv2 and if the module
nicolas@ricoh-industrie.fr wrote:
Is it possible to verify host with mschapv2
That question has a number of unstated assumptions. Those assumptions
are wrong.
Does the *host* provide mschapv2 authentication data? No. Therefore,
the host can't be verified with mschapv2.
and if
Thanks for your help.
We want two authorization in the same times, for example, to ensure that user
not used his iPhone
with his DOMAIN/UserName account.
Mac Authorization is not a good way for us ( Too restrictive to keep up to date
)
Authorization by certificat too because we have a lot of
nicolas@ricoh-industrie.fr wrote:
We want two authorization in the same times, for example, to ensure that
user not used his iPhone with his DOMAIN/UserName account.
That is fairly vague. You're working with computers. Be specific.
WHAT is in an Access-Request when they login using a
On 24/06/13 14:09, nicolas@ricoh-industrie.fr wrote:
Thanks for your help.
We want two authorization in the same times, for example, to ensure that
user not used his iPhone with his DOMAIN/UserName account.
Sorry, but that's not currently possible. No EAP method supports it. In
theory
Ok thanks for the reply.
I'm now sure that the best way for us is MAC Address filtering.
Have a good day.
Nicolas CLO
---Original
mail---
nicolas@ricoh-industrie.fr wrote:
We
Hi,
I'm now sure that the best way for us is MAC Address filtering.
thats a way of doing the 'host' part. the user can then be authenticated
by an EAP method.
ie authorization stage can check the calling-station-id (MAC address) and,
if not known, just reject. then, if known carry on to
On 2013-06-22 at 01:23, Roberto Ortega Ramiro (roberto.ort...@esj.es) wrote:
Hi, You have 2 modules ldap, one is ldap and the other is including
configuration file /etc/freeradius/modules/ldap-orig
Put /etc/freeradius/modules/ldap-orig out of modules directory.
Done. As per the docs,
On 2013-06-22 at 01:20, Olivier Beytrison (oliv...@heliosnet.org) wrote:
On 21.06.2013 22:21, Julian Macassey wrote:
in your config you didn't configure any other client than 127.0.0.1
you're sending your request to 192.168.10.14 which mean it's over the
network. add a client for the
On 2013-06-22 at 16:41, Alan Buxey (a.l.m.bu...@lboro.ac.uk) wrote:
Always start simple. Run radtest on the RADIUS server box
using 127.0.0.1 ... THEN move to running against it from other
systems once you've verified all authentication etc is working
Works on localhost.
Hi,
I am creating attributes for the user using the scripts below but on
running the radtest i get the failure attributes ; which seems to have
changed. I am using Freeradius 2.1.0 .
user1test Auth-Type := Local, User-Password == testpassword
Hi,
Always start simple. Run radtest on the RADIUS server box
using 127.0.0.1 ... THEN move to running against it from other
systems once you've verified all authentication etc is working
Works on localhost.
Trying to get radius to authenticate against an ldap
serer.
On 06/24/2013 12:18 PM, Julian Macassey wrote:
I added in /etc/freeradius/clients.conf:
client plumgrid-ldap1 {
# # secret and password are mapped through the secrets
# file.
secret = MYSECRET
shortname = ldap
# # the following three fields are
On 2013-06-24 at 18:06, a.l.m.bu...@lboro.ac.uk (a.l.m.bu...@lboro.ac.uk) wrote:
Hi,
Always start simple. Run radtest on the RADIUS server box
using 127.0.0.1 ... THEN move to running against it from other
systems once you've verified all authentication etc is working
Works
Hi,
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/00.0.0.0/0tcp
dpt:1812
you see this - TCP
read a little about RADIUS it uses UDP
change your rule to allow UDP port 1812
# radtest
The configured user with the stated attributes:
steve Cleartext-Password := testing
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 192.168.1.2,
Framed-IP-Netmask = 255.255.255.0,
Alc-IPsec-Interface = private_ipsec,
Alc-IPsec-SA-Lifetime = 1200,
On 2013-06-24 at 13:24, John Dennis (jden...@redhat.com) wrote:
On 06/24/2013 12:18 PM, Julian Macassey wrote:
I added in /etc/freeradius/clients.conf:
client plumgrid-ldap1 {
# # secret and password are mapped through the secrets
# file.
secret = MYSECRET
On 2013-06-24 at 18:38, a.l.m.bu...@lboro.ac.uk (a.l.m.bu...@lboro.ac.uk) wrote:
Hi,
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/00.0.0.0/0tcp
dpt:1812
you see this - TCP
read a little about
On 06/24/2013 02:01 PM, Julian Macassey wrote:
I don't follow what you're doing. Is your radius server on
192.168.10.14, the same as your client?
My radius server is: 192.168.10.16
My ldap server is: 192.168.10.14
Because it looks like your
sending your access-request to
Hi,
But when i comment the attributes the radtest is successful
did you check my other statement:
3) ensure that these attributes that you are using are in a dictionary
file and that the dictionary file is being read by the server when it
starts
well?
alan
-
List
Hi,
I had it wide open. Someone suggested I add the tcp above.
who suggested that? standard basic old fashioned RADIUS uses
UDP ports 1812,1813 and 1814 - even older versions pre IANA adjustments
would have used UDP 1645 and 1646
I get that. What I want the RADIUS server to do is
On 06/24/2013 03:15 PM, Julian Macassey wrote:
On 2013-06-24 at 14:32, John Dennis (jden...@redhat.com) wrote:
You need to configure radius to work with ldap, but you haven't done
that. You have to uncomment the ldap module from
/etc/raddb/sites-enabled/default in the authorize section and
Hi There,
I am trying to build FreeRadius 2.2 on Solaris 10 by following the steps given
in below link.
http://coova.org/JRadius/FreeRADIUS
In that process, make is giving the following errors.
Can someone help fixing these? Is there a ready to execute binary for
FreeRadius for Solari 10
On Tue, Jun 25, 2013 at 6:20 AM, Rama Krishna rli...@zhone.com wrote:
**
Hi There,
I am trying to build FreeRadius 2.2 on Solaris 10 by following the steps
given in below link.
*http://coova.org/JRadius/FreeRADIUS*http://coova.org/JRadius/FreeRADIUS
Why not follow
25 matches
Mail list logo
