Great news!
We are using krb5-1.3.2 and samba-3.0.1. These 2 version support multiple
domains?
Can you give me some example about how to configure krb5.conf and smb.comf?
Thanks.
John
Joe Vieira [EMAIL PROTECTED] 写道:
But there are multiple domains in active-directory. How
It works. Thanks.
There is another question: How to delete a user from rlm_dbm?
I delete the user from the users file. and do rlm_dbm_parser -i users -o
xxx.db, But the deleted user does not disspear from xxx.db.
John.
[EMAIL PROTECTED] 写道:
Hi,
[EMAIL PROTECTED] raddb]#
Hi,
We are using freeRADIUS 1.1.6. and samba 3.0.1 talk to active-directory.
Followed by:
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
Now it can work.
But there are multiple domains in active-directory. How to configure
freeRADIUS or samba can let it
Hi,
I am using freeRADIUS 1.1.6. I can not let rlm_dbm work.
Result of rlm_dbm_cat:
[EMAIL PROTECTED] raddb]# pwd
/usr/local/etc/raddb
[EMAIL PROTECTED] raddb]# rlm_dbm_cat -f users.db
hhe4 Cleartext-Password := hhe123
Reply-Message = Hello
Hi,
I am using freeRADIUS 1.1.7. Notebook with odyssey client (peap
mschap-v2) can talk to freeRADUS well. But when I use Vocera client, which can
support peap + mschap-v2, It does not work.
debug message (see more debug message in attachment):
...
rad_recv: Access-Request
...
John
Alan DeKok [EMAIL PROTECTED] 写道:
Hangjun He wrote:
hi,
I am using Odyssey Client Manager and freeRADIUS 1.1.6.
When I set peap with inner eap-mschap-v2, It works well.When I change
inner eap type to eap-popt, seems can not work.
Why do you think FreeRADIUS supports EAP-POPT
hi,
I am using Odyssey Client Manager and freeRADIUS 1.1.6.
When I set peap with inner eap-mschap-v2, It works well.When I change inner
eap type to eap-popt, seems can not work.
eap.conf:
eap {
default_eap_type = md5
timer_expire = 60
ignore_unknown_eap_types = no
I use rlm_dbm_parser to add 2 users in file users_output.
Debug info shows added successfully. But why I can not find file
users_output? Where to find this file?
rlm_dbm_cat shows 2 users added, right?
[EMAIL PROTECTED] rlm_dbm]# ./rlm_dbm_parser -c -i users -o users_output -x
Use
Hi,
freeRADIUS version 1.1.6.
When I use DOMAIN\user format, Can work.
When I use [EMAIL PROTECTED] format, Can not work. Why?
Thanks!
John
-
雅虎邮箱传递新年祝福,个性贺卡送亲朋! -
List info/subscribe/unsubscribe? See
EAP-Message = 0x03090004
Message-Authenticator = 0x
User-Name = hhe
Finished request 9
Ranner, Frank MR [EMAIL PROTECTED] 写道:
From:
[EMAIL PROTECTED]
g
[mailto:[EMAIL PROTECTED]
adius.org] On Behalf Of Hangjun He
Sent: Monday, 17 December 2007
FreeRADIUS 1.1.6 + samba-tools + active-directory.
Can I get user's group-name by rlm_ldap? How?
Following is result of ldap-search.(Using ldap client)
# Paul Le, Users, test.com
dn: CN=Paul Le,CN=Users,DC=test,DC=com
objectClass: top
objectClass: person
objectClass:
Hi,
FreeRADIUS 1.1.6.
Use users file as user store. When I use username/password, It can work.
When I user username/password/domain, It not work.
I try to set preprocess module with_ntdomain_hack = yes. I get rlm_eap:
Identity does not match User-Name, setting from EAP Identity.
I
Yes. It sounds good.
Check common name in the certificate with databases(users or others).
John
[EMAIL PROTECTED] 写道:
Hangjun He wrote:
And I use EAP-TLS and with correct certs. Even if I set wrong
username in Odessey Client, freeRADIUS will return
success.(check_cert_cn not set
Hi,
I am using freeRADIUS 1.1.6.
And I use EAP-TLS and with correct certs. Even if I set wrong username
in Odessey Client, freeRADIUS will return success.(check_cert_cn not set).
Can I let freeRADIUS to check if username in the users file or other
database? If not, reject
I know freeRADIUS can't suport RFC3576 (Dynamic Authorization Extensions to
RADIUS).
Do you know which one can support it?
-
雅虎邮箱,终生伙伴! -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Eap-fast introduction from cisco said freeradius support eap-fast. Is it
right?
http://www.t11.org/ftp/t11/pub/fc/sp-2/07-595v0.pdf
John
-
雅虎邮箱,终生伙伴! -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. Nothing to do with freeradius/samba.
Ivan Kalik
Kalik Informatika ISP
Dana 6/11/2007, Hangjun He pi�e:
Hi,
I use freeRADIUS1.1.6 and samba3 to talk with Active-directory. It can work
well. Followed by wiki:
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
Now we want
SIGHUP works in 2.0.0?
Thanks.
John
-
雅虎邮箱,终生伙伴! -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I use freeRADIUS1.1.6 and samba3 to talk with Active-directory. It can
work well. Followed by wiki:
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
Now we want to set up 2 active-directory, One is primary, The other is
backup. If primary AD
I seems it need LDAP lib support.
Alan DeKok [EMAIL PROTECTED] 写道:
Hangjun He wrote:
I use freeradius 1.1.6 and Openldap 2.3.32. And now It can authenticate
success( freeRADIUS + Openldap with TLS TLS encrypt.)
My question is how to set private-key password in radiusd.conf
= demand
# default_profile = cn=radprofile,ou=dialup,o=My Org,c=UA
# profile_attribute = radiusProfileDn
access_attr = dialupAccess
[EMAIL PROTECTED] 写道:
You already have. eap.conf is a part of radiusd.conf.
Ivan Kalik
Kalik Informatika ISP
Dana 29/10/2007, Hangjun He pi�e:
Hi,
I use
Thanks.
So key-file-password do not set in radiusd.conf/rlm_ldap section.
I still donot know how to configure key-password in Openldap, Where I can get
any document or Wiki ? Thanks.
John.
Ranner, Frank MR [EMAIL PROTECTED] 写道:
Yes. eap.conf is part of radiusd.conf.
But I
Hi,
I have configured ntlm_auth in freeRADIUS talk to AD(user store). And It
works well.
Now I want to use ldap to get attribute from AD, It failed.
It seems ldapsearch will search user's display name. And ntlm_auth will
search user's user logon name.
If I set display
Hi,
I use freeradius 1.1.6 and Openldap 2.3.32. And now It can authenticate
success( freeRADIUS + Openldap with TLS TLS encrypt.)
My question is how to set private-key password in radiusd.conf? Is there a
related variable to set, just like private_key_password in eap.conf .
Hi,
Eap/peap + Switch + freeRADIUS(1.1.6) + Lutos LDAP server.
Can this architecture work well? Can anyone give me some advice? Thanks a
lot.
John.
-
雅虎邮箱,以安全著称,是值得信赖的邮箱专家! -
List info/subscribe/unsubscribe? See
freeRADIUS version is 1.1.6..
I saw same question in mail-list(freeRADIUS 0.8), Did this problem fix??
Thanks.
Nothing to do. Sleeping until we see a request.
Reloading configuration files.
reread_config: reading radiusd.conf
Config: including file:
; do the
same for every VLAN.
Ivan Kalik
Kalik Informatika ISP
Dana 2/8/2007, Hangjun He pi�e:
Hi,
We use peap + AP + fr + AD to authenticate user. Now It can work. But I
need to get VLAN from freeradius for different user or group.
How should I do?? Please give me some advice, Thanks.
I saw
Hi,
We use peap + AP + fr + AD to authenticate user. Now It can work. But I
need to get VLAN from freeradius for different user or group.
How should I do?? Please give me some advice, Thanks.
I saw below debug info from maillist, from these info I guess
freeradius
Just follow this
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
inelec communication [EMAIL PROTECTED] 写道:
I am trying to setup a Fedora Linux server to authenticate wireless users.
I would like to use my AD server to get user information and use the RADIUS
question. Create a (vlan) group; add users/groups to the
group; create Remote Access Policy; apply policy to this group; edit the
policy to include those Tunnel attributes in dial-in profile; do the
same for every VLAN.
Ivan Kalik
Kalik Informatika ISP
Dana 2/8/2007, Hangjun He pi�e:
Hi,
We use peap
Hi,
I would like to know if I can use FreeRADIUS for:
PEAP, switch, FR and MS-Active Directory as user profile and vlan storage
If so, can someone please shed some light/pointers ?
Any info is highly appreciated.
Thank you.
-
抢注雅虎免费邮箱3.5G容量,20M附件! -
MESSAGE-
Hash: SHA1
Hangjun He wrote:
Hi,
I would like to know if I can use FreeRADIUS for:
PEAP, switch, FR and MS-Active Directory as user profile and vlan storage
PEAP: Yes
MS-AD: Yes
See several post in this mailing list, and the FreeRadius Wiki: it is
all in there.
http
Hi, list
I have no samba installed in my linux.
1.freeradius + AD :
When I user radtest tool to test user/password on Win2k3/AD, I can get
correct answer when I set authenticate type to ldap too.
2.eap/peap + 8021x + freeradius + openldap:
Success.
Thanks Alan DeKok.
But there are no enough memory on my linux system to install samba.
What should I do?
John
Alan DeKok [EMAIL PROTECTED] 写道:
Hangjun He wrote:
* I have no samba installed in my linux.*
Then you won't get PEAP to work with AD. There's a reason the howto's
Can I start ldap-auth after eap authenticate failed..just like radclient.
Hangjun He [EMAIL PROTECTED] 写道:
Thanks Alan DeKok.
But there are no enough memory on my linux system to install samba.
What should I do?
John
Alan DeKok [EMAIL PROTECTED] 写道:
Hangjun He
hi,
freeradis with openldap is OK when use cleartext communication.
Now I want to use tls.
openssl s_client -connect 127.0.0.1:636 -showcerts -state -CAfile
/usr/local/etc/openldap/ssl/cacert.pem show the cacert /cert/key is correct.
But when I use freeradis
freeradius version 1.1.6
openldap version 2.3.23
opensll verson 0.9.7g
Hangjun He [EMAIL PROTECTED] 写道:
hi,
freeradis with openldap is OK when use cleartext communication.
Now I want to use tls.
openssl s_client -connect 127.0.0.1:636 -showcerts -state -CAfile
do_unbind
connection_resched: attempting closing conn=11 sd=11
connection_close: conn=11 sd=11
TLS trace: SSL3 alert write:warning:close notify
Hangjun He [EMAIL PROTECTED] 写道:
freeradius version 1.1.6
openldap version 2.3.23
opensll verson 0.9.7g
Hangjun He [EMAIL PROTECTED
38 matches
Mail list logo