lol!!
sometimes, peeps use to turn the questions and the answers... to be sure!! but
what a shame!! i don't have hand on the dhcp server!!
thank you guys!!
MBA OYONE Joël
Lot. El Firdaous
Bât GH20, Porte A 204, Appt 8
2 Oulfa
Casablanca - Maroc
Tél. : +212 69 25 85 70
- Message
Thanx a lot guy!
I tried to create my own certificate (that i didn't verify), but i still
encounter a problem generating the client certificate: the key file and and the
.912 file are empty and i don't know why. (size 0 kb), and it gives no error
message!!
i will try the scripts you gave me...
so the HOW_TO about active diretory/freeradius seem to be enough. I asked cause
i noticed that most of the tips on www.freeradius.org point to 1.1x and i use
2.0.x
thanx for the answer
MBA OYONE Joël
Lot. El Firdaous
Bât GH20, Porte A 204, Appt 8
2 Oulfa
Casablanca - Maroc
Tél. : +212 6
Um... i think i just sent an empty response, sorry about that and thank you for
this clear explanation. i just will change my NAS!
(but i will call d-link before ).
see ya!
Joel MBA OYONE wrote:
> We all agree that assocation is made before authentication process, in
> order to RADIUS
Re: Re : Re : Dynamic VLAN and FreeRadius
Joel MBA OYONE wrote:
> We all agree that assocation is made before authentication process, in
> order to RADIUS to be able to do its stuffs. but the fact is that it
> doesn't work,
Then your NAS is broken. Buy a real NAS that supports VLAN
t you'll never be able
to force a user to switch SSID's because that is client controlled.
AP's map VLAN's to SSID's internally some allow n to 1 and 1 to n
relationships, others like your d-links only allow a direct mapping.
Basically it sounds like you are limited b
gards
Joel MBA OYONE wrote:
>> No. VLAN assignment is after SSID association, and after 802.1x
>> authentication.
>
> OK, is it possible to associate in SSID_1 and be assigned to a different
> VLAN than the we are associated in ?
That doesn't make sense. SSID
Alan DeKok. wrote:
> No. VLAN assignment is after SSID association, and after 802.1x
> authentication.
OK, is it possible to associate in SSID_1 and be assigned to a different VLAN
than the we are associated in ? (exemple, when i am associated to SSID_1, which
belongs to VLAN100, RADIUS s
> for example, a Cisco device would want the tunnel medium type, type and
> private group id
Tunnel-Medium-Type = "IEEE-802"
Tunnel-Type = "VLAN"
Tunnel-Private-Group-Id = "100"
> this would tell the NAS to put the user onto VLAN 100
So if SSID "friend" is assigned to VLAN 100, the end
> You'll also need a raddb/sites-enabled/inner-tunnel file. It's not
> installed in 2.0.3. This was fixed in 2.0.4.
what is "inner-tunnel file intend for ??
__
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection p
So i really wonder where is the problem !!!
maybe it is due to the hardware i use...
my switch is wireless controller -all AP rceive their config (RF, SSID,
channels, Power Radio, security styuffs, etc..) from the switch. so when RADIUS
authentication is set-up, every AP have to be authenticate
Ok, we assume my certificates are corrects.
So i have some more questions:
- Certificate should be import for user accounts or for computer account ?
- i use the file "users" as database for my accounts; when using eap-tls
when trying eap-peap my accounts looks like that:
>> johndoe Auth-T
Yes! it is in the personal store!
- so problem is not with certificate ?? in this case, wht should be checked?
- config?
- hardware?
i'd like to use eap-tls and/or eap-peap
MBA OYONE Joël
Lot. El Firdaous
Bât GH20, Porte A 204, Appt 8
2 Oulfa
Casablanca - Maroc
Tél. : +212 69 25 85 70
s with the user certificate.
http://www.procurve.com/NR/rdonlyres/06538B80-6DB0-4AC6-893E-8E8E12A180C6/0/ConfiguringFreeRADIUSwithIDMbyExample_Dec_07_WW_Eng_Ltr.pdf
On page 52 you have a picture of the Details tab list with Enhanced Key
Usage filed containing client OID. Does your client certificate have
that field and that value?
ok <[EMAIL PROTECTED]>
À : FreeRadius users mailing list
Envoyé le : Lundi, 5 Mai 2008, 17h18mn 10s
Objet : Re: Re : howto EAP-TLS on freeradius 2.0.2-3 ??
Joel MBA OYONE wrote:
...
> The VLAN attributes defined in RFC3580 are as follows:
> • Tunnel-Type=VLAN (13)
> • Tunnel-Med
ers mailing list
Envoyé le : Lundi, 5 Mai 2008, 17h18mn 10s
Objet : Re: Re : howto EAP-TLS on freeradius 2.0.2-3 ??
Joel MBA OYONE wrote:
...
> The VLAN attributes defined in RFC3580 are as follows:
> • Tunnel-Type=VLAN (13)
> • Tunnel-Medium-Type=802
> • Tunnel-Private-Gr
Ok, before radiusd -X lets see the scenario and config files:
step 1:
- the network use wireless grid technologie, all the AP are managed by one
switch controler (dws-3024 - d-link)
- the AP should be authenticated by the RADIUS Server before they could be
authorised to be managed by the switch
I had exactly the same message cause i was running radiusd -X via putty on
another computer and forgot it. (2.0.2-3). i stop it on putty, then restart
radiusd -X on server and everything was ok.
maybe you are in the same case.
MBA OYONE Joël
Lot. El Firdaous
Bât GH20, Porte A 204, Appt 8
2
OK,
radiusd -X and /etc/raddb/certs/bootstrap generated some files in
/etc/raddb/certs like
ca.pem
ca.key
01.pem
dh
index.txt
index.txt.attr
random
serial server.crt
srver.key
server.p12
server.pem
server.csr
xpxtensions
etc...
eap.conf point to the right paths.
i intend to authenticate wireless
OK,
radiusd -X and /etc/raddb/certs/bootstrap generated some files in
/etc/raddb/certs like
ca.pem
ca.key
01.pem
dh
index.txt
index.txt.attr
random
serial server.crt
srver.key
server.p12
server.pem
server.csr
xpxtensions
etc...
eap.conf point to the right paths.
i intend to authenticate wireless
thank you guy!
It works, with only the @MAC ("00-1c-f0-07-d6-90") instead of
"00-1c-f0-07-d6-90\000".
I wonder why the Radius server receive that "\000" information.
MBA OYONE Joël
Lot. El Firdaous
Bât GH20, Porte A 204, Appt 8
2 Oulfa
Casablanca - Maroc
Tél. : +212 69 25 85 70
- M
Hello
I need some explanation with what is going wrong in my config!
i have :
- freeradius 2.0.2-3 AS RADIUS SERVER
- DWS3024 as authenticator (set up for transmit request to radius server
correctly)
- (this step) DWL-8500AP as Access point (my spplicant)
i had not that problem using that con
9mn 36s
Objet : Re: Re : EAP-TLS/PEAP problem
http://www.freeradius.org/download.html
Find the OS version that you have and download the latest freeradius
version rpm.
Ivan Kalik
Kalik Informatika ISP
Dana 30/4/2008, "Joel MBA OYONE" <[EMAIL PROTECTED]> piše:
>Well, as i a
rpm.
Ivan Kalik
Kalik Informatika ISP
Dana 30/4/2008, "Joel MBA OYONE" <[EMAIL PROTECTED]> piše:
>Well, as i am very very newbie on Linux. iuse to work on win2000/2003 before.
>Â i chose the easyway to install freeradius; the "yum" commaand gave me that
>
hy not the latest version. It will create and install the certificates
for you. Even if you don't want to install it you can download it and
use it to create certificates.
Ivan Kalik
Kalik Informatika ISP
Dana 30/4/2008, "Joel MBA OYONE" <[EMAIL PROTECTED]> piše:
>Hel
Hello list.
I am sorry about my poor english skills but hope i could be understood anyway.
I use freeradius 1.1-7 on fedora 8 (installed with yum command). right now, my
users in the "/etc/raddb/users" file are able to authenticate without no
problem.
i intend to use eap-tls and eap-peap to authe
26 matches
Mail list logo