Makes sense. I'm doing EAP-TTLS with LDAP. I probably wouldn't need
to define 2 diff ldap instances, since they'd both point to the same
ldap server. However, I wonder if the ":=" operator would cause
freeradius to ignore any other auth methods (such as ldap)? Doesn't
that act as an "overri
Mike,
Sounds good, thanks for the info. Just curious: In the dual eap-tls
configuration that you mentioned in the second paragraph, how would
the radius server know which one to use for a given client?
thanks!
- Original Message -
From: Michael Griego <[EMAIL PROTECTED]>
Date: Friday
Oh...duh...that makes sense. Should have considered that. I have since
tested the behavior of the scenario I described, and Alan's on target.
Doesn't really seem to matter which interface I enter on, or which
common-name I use. Seems to work either way.
thanks for the help!
- Original Mes
- Original Message -
From: Alan DeKok <[EMAIL PROTECTED]>
Date: Friday, August 5, 2005 5:30 pm
Subject: Re: Multiple Password Prompts
> [EMAIL PROTECTED] wrote:
> > If the server get's an incomplete reply to it's challenge, or no
> reply,> will it resend it's challenge?
>
> No. RADIU
I'm running freeradius on a linux box with 2 nics, eth0 and eth1.
Let's say eth0 has an ip of 192.168.5.5, and eth1 has an ip of
192.168.6.6. And, eth0 is a member of vlan 5 and eth1 is a member of
vlan 6. I bind freeradius to "*", so it's listening on both
interfaces/ip's.
I generated free
Thanks for the response. See below:
- Original Message -
From: Alan DeKok <[EMAIL PROTECTED]>
Date: Friday, August 5, 2005 11:03 am
Subject: Re: Multiple Password Prompts
> [EMAIL PROTECTED] wrote:
> > As I'm troubleshooting this, I generated another question in my
> head.
> > This ti
As I'm troubleshooting this, I generated another question in my head.
This time I'll give some freeradius debug (see blocks
between "*"):
Here's an exerpt from first try (failure):
rlm_ldap: - authorize
rlm_ldap: performing user authorization for anonymous
radius_xlat: '(cn=anonymous)
Hi,
The Odyssey Client prompts at least twice for the password. Once
connected, clients can roam across different AP's within the same WLAN
with no problems. Has anyone else experienced this problem with a
similar configuration?
Running Environment:
-- Freeradius Server = Gentoo Linux runni
Ahh, I see. Based on the syntax you used it looks like I'd do this
using local users file. However, I'm using edirectory for the user
db. I have seen in the debug output where radius is checking for any
reply items in the directory. Maybe I could use radiusReplyItem as an
attribute in edir
- Original Message -
From: Alan DeKok <[EMAIL PROTECTED]>
Date: Saturday, June 18, 2005 11:46 am
Subject: Re: use_tunneled_reply
> [EMAIL PROTECTED] wrote:
> > This leads a dunce like me to believe that radius will send a
> reply
> > back to AP/NAS that has User-Name equaling "novelluser
Thanks for the reply. The supplicant indeed sends "anonymous" as
outer, but also sends "novelluser" as inner. So, I think I understand
that the AP/NAS can't see the inner as the request is on it's way to
the radiusso at that point, all it knows is "anonymous". However,
according to the c
Hi,
Using FreeRADIUS 1.0.2, Cisco/Airespace 4100 WLAN switch as NAS, and
Odyssey Client v4.01 as supplicant. Kept seeing the user
as "anonymous" in the WCS management software for the client. Wanted
to see the *real* username, meaning the username that was actually
authenticated to the backe
FYI --
I've seen alot of posts related to FreeRADIUS and Novell. I just found some
documentation on the Novell web site for integrating Novell eDirectory with
FreeRADIUS:
http://www.novell.com/documentation/edir_radius/index.html
Hope this helps someone!
later,
mack
-
List info/subscribe/
13 matches
Mail list logo