You might want to do an LDAP lookup first on your UPN to find the
samAccountName, then use that with ntlm_auth.
Stefan
From: freeradius-users-bounces+stefan.paetow=diamond.ac...@lists.freeradius.org
[mailto:freeradius-users-bounces+stefan.paetow=diamond.ac...@lists.freeradius.org]
On Behalf O
Angelica Delgado wrote:
> We have our freeradius setup to authenticate with Active Directory for
> EAP. Currently, it uses the samaccountname but we want to use UPN
> instead. We get "NT_STATUS_NO_SUCH_USER" when testing with ntlm through
> command line.
>
> ntlm_auth --request-nt-key --domain=te
We have our freeradius setup to authenticate with Active Directory for
EAP. Currently, it uses the samaccountname but we want to use UPN instead.
We get "NT_STATUS_NO_SUCH_USER" when testing with ntlm through command line.
ntlm_auth --request-nt-key --domain=test.local --username=tu...@pub.com
On 14/10/13 17:15, Phil Mayers wrote:
On 14/10/13 16:18, Phil Mayers wrote:
i.e. the "noop" from the files module is ignored. This is a change from
2.x where the most recent module return code can be checked.
Have I missed the change, or is this not intentional?
Looks like this happened in
On 14/10/13 16:18, Phil Mayers wrote:
i.e. the "noop" from the files module is ignored. This is a change from
2.x where the most recent module return code can be checked.
Have I missed the change, or is this not intentional?
Looks like this happened in the modcall.c rewrite (d0aa96709cea) a
On 14 Oct 2013, at 16:27, Volker Lieder wrote:
> Hi,
> we tried to calculate it via expr.
>
> How would you calculate it?
Pretty sure the expiration module does exactly this.
Arran Cudbard-Bell
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/lis
Hi,
we tried to calculate it via expr.
How would you calculate it?
Regards,
Volker
Am 14.10.2013 um 17:03 schrieb Arran Cudbard-Bell:
>
> On 14 Oct 2013, at 15:52, Volker Lieder wrote:
>
>> Hi list,
>>
>> we use freeradius for our dsl user authentication.
>>
>> We want to disconnect some
On 14/10/13 16:01, Jonathan Gazeley wrote:
On 10/10/13 15:03, a.l.m.bu...@lboro.ac.uk wrote:
>Samba 4 is lurvely... apparently 100% compatible with existing AD
installations, although, as always, it's a bit finicky and info is a
bit thin on the ground (and I've not written up a guide when I set
All,
Seems that the return code priority is behaving different in 3.0 -
specifically the following config:
authorize {
updated
files
if (noop) {
...
}
}
...gives:
(0) authorize {
(0) [updated] = updated
(0) [files] = noop
(0) ? if (noop)
(0) ? if (noop) -> FALSE
i.e.
On 14 Oct 2013, at 15:52, Volker Lieder wrote:
> Hi list,
>
> we use freeradius for our dsl user authentication.
>
> We want to disconnect some users via radius at fixed times, e.g. 04:00 am.
>
> Which attribute and value should / can i use?
>
> Session-Timeout doesnt do the job.
Calculate
On 10/10/13 15:03, a.l.m.bu...@lboro.ac.uk wrote:
>Samba 4 is lurvely... apparently 100% compatible with existing AD
installations, although, as always, it's a bit finicky and info is a bit thin on
the ground (and I've not written up a guide when I set my test environment up that
uses an S4 se
Hi list,
we use freeradius for our dsl user authentication.
We want to disconnect some users via radius at fixed times, e.g. 04:00 am.
Which attribute and value should / can i use?
Session-Timeout doesnt do the job.
Regards,
Volker Lieder
-
List info/subscribe/unsubscribe? See http://www.free
Franks Andy (RLZ) IT Systems Engineer wrote:
> Hi again,
> Sorry to bang on about this, but I'm struggling still.
> Brand new machine, Ubuntu 13.04 server, never had freeradius installed
> on it. Pulled from git, - (FreeRADIUS Version 3.1.0 (git #209982d),
I didn't see the 3.1.0... At this po
Hi,
>Does FreeRADIUS give a fig about what the username is? If it were all
>numeric, say 123456789 I guess it is happy with that? It's just a string
>to FreeRADIUS?
FreeRADIUS is just a RADIUS serverand hence any decisions made by it are
all down to defined policies. so if you hav
On Mon, Oct 14, 2013 at 10:40:19AM +0100, Matthew Newton wrote:
> On Fri, Oct 11, 2013 at 05:41:07PM +0100, Fabrizio Vecchi wrote:
> > As you can see, the device wasn't listed in the file, the authentication
> > went fine, saying that the tunnel that I should get has ID 40, but that
> > wasn't over
On Fri, Oct 11, 2013 at 05:41:07PM +0100, Fabrizio Vecchi wrote:
> As you can see, the device wasn't listed in the file, the authentication
> went fine, saying that the tunnel that I should get has ID 40, but that
> wasn't overwritten by the authorized_macs check...
Add
DEFAULT Auth-Type := Rejec
Thank both, that's great news.
I really need to teach myself some C..
Cheers
Andy
-Original Message-
From:
freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org
[mailto:freeradius-users-bounces+andy.franks=sath.nhs.uk@lists.freeradiu
s.org] On Behalf Of a.l.m.bu...@lboro.ac
I think I know the answer to this question but I wanted to check with the Gurus!
Does FreeRADIUS give a fig about what the username is? If it were all numeric,
say 123456789 I guess it is happy with that? It's just a string to FreeRADIUS?
If there was to be an issue, it would be the back end aut
18 matches
Mail list logo