From: Muhammad Nadeem
To: FreeRadius users mailing list
Sent: Thursday, July 11, 2013 2:08 PM
Subject: Dictionary type problem
hi everybody
I am adding some new attributes to dictionary.motorola. but when i run
freeradius , it gives the follwoing error.
hi everybody
I am adding some new attributes to dictionary.motorola. but when i run
freeradius , it gives the follwoing error.
including dictionary file /usr/local/etc/raddb/dictionary
Errors reading dictionary: dict_init:
/usr/local/share/freeradius/dictionary.motorola[78]: invalid type
"hexdeci
On 10 Jul 2013, at 23:59, Arran Cudbard-Bell wrote:
>
> On 10 Jul 2013, at 16:29, Phil Mayers wrote:
>
>> On 10/07/13 15:43, Arran Cudbard-Bell wrote:
>>
>>> Update sections may now also return fail.
>>
>> Can you clarify - AIUI, sql xlat can now also distinguish between empty and
>> fail,
On 10 Jul 2013, at 16:29, Phil Mayers wrote:
> On 10/07/13 15:43, Arran Cudbard-Bell wrote:
>
>> Update sections may now also return fail.
>
> Can you clarify - AIUI, sql xlat can now also distinguish between empty and
> fail, so if I do this:
>
> update {
> request:Tmp-String-0 := "%{sql:.
Got it now, as you said.
Using the public CA certs on certificate_file (and related private key),
and included the public CA chain on the CA_file (together with my own
CA). Still needs more testing (in more enviroments), but seems to be
working.
Thanks!
>
> Check the difference of CA_file (conta
Hello again,
I've successfully gotten to the point where local authentication is working
well for all modes, using multiple SSIDs through two virtual servers, so I felt
confident jumping into the less familiar world of proxying. Not that the
concept is hard to understand, it's just always seeme
Hi Mathieu, thanks for your reply.
It´s not clear to me what exactly has to be done.
So, I´ll place both server certificates inside the certificate_file,
correct? Do I declare it only under the 'tls' section (not on the peap)?
How does FR knows which certificate for each method?
How do I declare
User a deployment tool as then things like CN checks are done
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 10/07/13 15:43, Arran Cudbard-Bell wrote:
Update sections may now also return fail.
Can you clarify - AIUI, sql xlat can now also distinguish between empty
and fail, so if I do this:
update {
request:Tmp-String-0 := "%{sql:...}"
}
...and the SQL server is down, the xlat will fail and
Update sections in 3.0 are considerably more powerful than 2.x.x
In addition to being able to override lists on an attribute by attribute basis,
e.g:
update {
request:foo = 'bar'
}
You can also perform full list copies:
update {
request: += &reply:
}
Filtered list copies (all
Hi, thanks for you reply (extensive to the others),
> Just put both CAs in the directory pointed to by CA_path.
Curently my CA_path is where my users certificates are stored.
I thought I had to offer a different server certificate to the user. I
was able to make it work (PEAP only, not the TLS)
Hello,
>>> To avoid the need of installing our CA certificate on every Windows
>>> machine, we´ll buy the server certificate from a public CA.
Having the CA cert installed only does half of the job; for EAP
configuration purposes, the CA must explicitly marked as trusted /for
this EAP identity/.
Hi,
>Thank you Arran, that's what I suspected but hoped that there would be
>another way to find out.
>I'll see if Netgear is willing to approve existence of AV pairs (and if
>theyre willing to share them).
on some kit you can run a command to see the VSA list/desc
most vendors w
Hi
As a possible hint since your question sounds similar to an issue I had:
I was looking to provide a server-side certificate to my clients from a
public CA
but only allow clients to authenticate via EAP-TLS when presenting a cert
from our
internal CA which avoids the misconfiguration to trust a
G'day
2013/7/10 Arran Cudbard-Bell
>
> On 10 Jul 2013, at 12:46, Mathieu Simon wrote:
>
> > FreeRADIUS doesn't have a dictionnary for Netgear stuff yet, I don't
> think Netgear
> > copied Cisco's own AVpair use, but in case they do have own AV pairs,
> how do
> > you guys generally identify the
Hi,
> Currently we have 1000´s of users self-signed certificates (EAP-TLS),
> and we´re planning to move our main authentication method to PEAP, but
> keeping the certificates in use while valid.
>
> To avoid the need of installing our CA certificate on every Windows
> machine, we´ll buy the serv
On 10 Jul 2013, at 13:38, Alan DeKok wrote:
> Fernando Hammerli wrote:
>> To avoid the need of installing our CA certificate on every Windows
>> machine, we´ll buy the server certificate from a public CA.
>> Can Freeradius allow me to have both methods at the same time, ie, the
>> PEAP with the
Julian Macassey wrote:
> It does when it is all in the 'users' file, in fact, when
> I put my username and password in the users file, my laptop and
> smartphone authenticate and connect to the WiFi.
That's good.
> But, I want to get that info from /etc/password. I note
> from look
Fernando Hammerli wrote:
> To avoid the need of installing our CA certificate on every Windows
> machine, we´ll buy the server certificate from a public CA.
> Can Freeradius allow me to have both methods at the same time, ie, the
> PEAP with the public CA and certificate users with our 'self-signed
On 10 Jul 2013, at 12:46, Mathieu Simon wrote:
> G'day list
>
>
> I have been tinkering with some Netgear managed L2/L3 switching stuff and
> got the
> login working via freeradius (actually quite simple compared to EAP stuff for
> wireless).
>
> But when issuing "enable" after login, goin
Hi,
Currently we have 1000´s of users self-signed certificates (EAP-TLS),
and we´re planning to move our main authentication method to PEAP, but
keeping the certificates in use while valid.
To avoid the need of installing our CA certificate on every Windows
machine, we´ll buy the server certifica
Hi,
On Tue, Jul 09, 2013 at 10:58:15AM -0700, Julian Macassey wrote:
> On 2013-07-09 at 10:18, Matthew Newton (m...@leicester.ac.uk) wrote:
> > Try adding the following to the *top* of your users file:
> >
> > evergreen Cleartext-Password := "pa55word", MS-CHAP-Use-NTLM-Auth := 0
>
> When I use
G'day list
I have been tinkering with some Netgear managed L2/L3 switching stuff and
got the
login working via freeradius (actually quite simple compared to EAP stuff
for wireless).
But when issuing "enable" after login, going into what they call
"Privileged EXEC" mode
it will - very similar to
On 9 Jul 2013, at 18:01, Brian Julin wrote:
>
> Arran Cudbard-Bell wrote:
>>
>> Soon. We've gone into official feature freeze. Still finding bugs though,
>> it'd be helpful if people could test.
>
> Just to make sure it was understood during the "foreach" fixup patch I sent
> on github, I me
24 matches
Mail list logo