Hi Alan~
You already said you are now running 2.1.12. Why are you repeating
yourself? Do you think we're stupid, and we don't understand your messages?
What version WERE you using before this? I asked, and you didn't say that.
Current: radiusd: FreeRADIUS Version 2.1.12, for host
Hi Phil~
You are aware how Group-Name works, and which groups it is referring to,
right? Specifically, it is not a real attribute, and doesn't exist in a
concrete form. Rather, when you perform a comparison, a real-time search is
done against the relevant database using the value on the
Hi Klaus~
DEFAULT Group-Name == testgroup
Tunnel-Type = 13,
Tunnel-Medium-Type = 6,
Tunnel-Private-Group-Id = 101,
Fall-Through = no
You do realize that format is incorrect, right? The extra blank line is
wrong.
Do to email pasting mistake.
Greetings~
Previously using radius, we were able to assign VLAN based upon group
membership using the following syntax in /etc/raddb/users :
DEFAULT Group-Name == testgroup
Tunnel-Type = 13,
Tunnel-Medium-Type = 6,
Tunnel-Private-Group-Id = 100,
Fall-Through =
Fri Aug 13 14:46:50 2010 : Auth: rlm_opendirectory: User
ahu is authorized.
Fri Aug 13 14:46:59 2010 : Error: rlm_eap: No EAP session matching the State
variable.
Greetings~
Did you turn EAP on for the network connection on the computer/laptop with the
wifi card? Perhaps you need to
Greetings Alan~
Possible solutions:
---
Solution 1) Edit the opendir.c module to simple detect error status -14161
and
-14162... and simply set the status to 0 instead.
Absolutely not. Expired passwords are *not* OK.
Solution 2) Try and rig up something
If you want to change all REJECTs to ACCEPT so that
authentication always succeeds, then you are effectively
eliminating the requirement for 802.1x authentication for
network connectivity. If it's not required, why not just turn
off port security on your switches?
If it is required,
users mailing list freeradius-users@lists.freeradius.org
Sent: Thu, August 12, 2010 2:52:43 PM
Subject: Re: Password Policy - Expired Password - mschap
Theparanoidone Theparanoidone wrote:
We have successfully implemented a test patch. This test patch moves away
from
implementing mschapv2
Greetings~
We are using FreeRadius 2.1.3 (on snow leopard server).
All users are authenticating with vlan assignments correctly; however, if you
enable the ldap/(opendirectory) option to require user to change password on
next login the client is unable to connect. The client login screen
Greetings~
We are working on a patch.
We're of the opinion that Apple's version rlm_mschap / opendir included
with freeradius is missing something.
It appears they were only considering someone entering a failed
login/password combo... not a user with a password reset or an expired
password.
10 matches
Mail list logo