Thank you,
so is there a method to grant access
if a user fails the access-challenge request when using
mschap + peap
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
At present my setup uses peap/ms-chapV2 to authenticate users
is it possible to have an entry in the users file that will allow users
to connect regardless of the username/password combo they input
at the login box
.
I did try *DEFAULT Auth-Type := Accept*, but it didn't work
rad_recv:
I know, that's what baffling me, under my normal setup I get the TLS tunnel
established and authentication works fine, but here there is no TLS setup
just
an accept mesage that matches the default entry but the client doesn't
connect.
Do I need to do any other tweaking concerning the peap setup
-
Apologies, I didn't read all the MAN pages, found the answer I needed
My FR 2.1 is set to authenticate users via PEAP + EAP-TTLS, this works
fine but some users are being rejected
So it's being rejected. How do I get the inner identity which contains a
valid username to be processed instead
My FR 2.1 is set to authenticate users via PEAP + EAP-TTLS, this works fine
but some users are being rejected
because their wireless client allows the setting of an outer identity:
anonymous or something else, which is not a valid username.
So it's being rejected. How do I get the inner identity
[files] expand: %{User-Name} - john
[files] sql_set_user escaped user -- 'john'
rlm_sql (sql): Reserving sql socket id: 1
[files] expand: SELECT groupname FROM
radusergroup WHERE username = '%{SQL-User-Name}' ORDER
BY priority - SELECT groupname
At present I am using AD groups to assign roles to my users
and rejecting users who are not members of the defined groups.
This is being done via the users file which looks like this:
#If you are not in either group, no access is allowed
#FreeRADIUS 2.1
#These are the groups we are
I would like to say thanks to the forum, my problem was solved
for information this is what I had to configure to get it all working
my only bit of concern was a warning message:
[ldap] WARNING: Deprecated conditional expansion :-. See man unlang
for details
but I'll check
Thanks for that, can now see attributes being received by my NAS
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
I am using FR 2.1, at present I can authenticate users against AD and then
assign VLAN membership
based on user-name via a MySQL database. What I would now like to do is
assign vlan membership based
on the group membership of the user. When I do an ldapsearch of my AD for a
user I get the
10 matches
Mail list logo
