On 24/8/2013 12:00 μμ, Nikolaos Milas wrote:
...and then I could simply use my *exact current configuration* by
simply changing the ldap filter to:
filter =
((macAddress=%{Calling-Station-Id})(radiusNASIpAddress=%{NAS-IP-Address})(radiusHint=%{NAS-Port}))
I tested this and it works. (Yet,
from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -gt;
/var/log/freeradius/radacct/127.0.0.1/auth-detail-20130826
[auth_log]
/var/log/freeradius
Hi Matthew
2013/8/22 Matthew Ceroni matthewcer...@gmail.com
I read that for FreeRadius just combine the cert with the intermediate
cert into one file and then reference that in eap.conf:certificate_file.
I have done that but clients are still failing certificate validation.
Honestly I
On 24 Aug 2013, at 10:00, Nikolaos Milas nmi...@noa.gr wrote:
On 23/8/2013 9:19 μμ, Arran Cudbard-Bell wrote:
It'll either be in NAS-Port or NAS-Port-ID if the NAS is providing that
information.
Thanks Arran,
It was NAS-Port indeed. Strangely enough, this is not included either in
...where the three ldap instances above are identical except the filter which
is:
ldap_macauth:
filter =
((macAddress=%{Calling-Station-Id})(radiusNASIpAddress=%{NAS-IP-Address})(radiusHint=%{NAS-Port}))
ldap_macauth_NAS_only:
filter =
On 26/8/2013 12:15 μμ, Arran Cudbard-Bell wrote:
No. It's a really inefficient way of doing this.
Thanks Arran,
Yet, would it be logically/technically correct?
Use generic attribute maps or an update ldap schema to pull the necessary
values into control attributes,
and then do the
On 08/26/2013 12:10 AM, mdeche...@comcast.net wrote:
Dear Users --
This is my first posting to the FreeRADIUS users list, so please be patient :)
You're already doing pretty well - you actually posted a full debug,
which hardly anyone does first time!
Ok, so for the SQL case the server
On 08/26/2013 09:04 AM, Atomikramp wrote:
but it's not giving the same result, the check against sql is ignored
and the user is authed successfully.
Because:
[sql] User sogo1 not found
++[sql] returns notfound
-
List info/subscribe/unsubscribe? See
On 25.08.2013 15:03, ken.farrington wrote:
Module: Linked to sub-module rlm_eap_sim
Module: Instantiating eap-sim
rlm_eap_sim is compiled in.
/usr/local/etc/raddb/modules/sim_files[1]: Failed to link to module
'rlm_sim_files': rlm_sim_files.so: cannot open shared object file: No
such file or
On 26 Aug 2013, at 11:39, Nikolaos Milas nmi...@noa.gr wrote:
On 26/8/2013 12:15 μμ, Arran Cudbard-Bell wrote:
No. It's a really inefficient way of doing this.
Thanks Arran,
Yet, would it be logically/technically correct?
Sure.
Use generic attribute maps or an update ldap schema
On 08/26/2013 12:11 PM, Iliya Peregoudov wrote:
On 25.08.2013 15:03, ken.farrington wrote:
Module: Linked to sub-module rlm_eap_sim
Module: Instantiating eap-sim
rlm_eap_sim is compiled in.
/usr/local/etc/raddb/modules/sim_files[1]: Failed to link to module
'rlm_sim_files':
mistercupido.com
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=12899d=20130826
--
Caselle da 1GB, trasmetti allegati fino a 3GB e in piu' IMAP, POP3 e SMTP
autenticato? GRATIS solo con Email.it http://www.email.it/f
Sponsor:
BARBAPAPA': Acquista i Peluche Originali su mistercupido.com
On 26/8/2013 2:15 μμ, Arran Cudbard-Bell wrote:
Unless you are querying different DNs for the different Mac-Auth types then
doing this is the wrong way to approach this.
the presence of the attributes in the LDAP object to dictate what type of
authorisation you're doing.
Thanks Arran,
I
Hi.
Is it possible to limit the repeating ldap lookups that happen during mschap
and tls negotiations? Like having an attribute that I could test for which
would tell me that the negotiation is completed?
thanks
martin
-
List info/subscribe/unsubscribe? See
On 26 Aug 2013, at 14:33, Martin Kraus lists...@wujiman.net wrote:
Hi.
Is it possible to limit the repeating ldap lookups that happen during mschap
and tls negotiations? Like having an attribute that I could test for which
would tell me that the negotiation is completed?
If you list the
On Mon, Aug 26, 2013 at 02:45:29PM +0100, Arran Cudbard-Bell wrote:
Is it possible to limit the repeating ldap lookups that happen during mschap
and tls negotiations? Like having an attribute that I could test for which
would tell me that the negotiation is completed?
If you list the ldap
16 matches
Mail list logo