Hi
First, thanx to all who replied to my earlier emails on EAP/TLS + WEP key
generation.I seem to have this working now.
Now I have some new questions :
1. I have read that I can have freeradius run a script via Exec-Program-Wait
at authentication time. I was just wondering would it be p
"Chris Bshaw" <[EMAIL PROTECTED]> wrote:
> 1. I have read that I can have freeradius run a script via Exec-Program-Wait
> at authentication time. I was just wondering would it be possible to use
> this to perform a query over IP on the client station (eg: snmp or
> something)?
Scripts can do
Hi Alan...
Thanx for the info.
Basically, you can't do these checks until after the RADIUS
authentication has succeeded, which means that you can't use the
checks to change the RADIUS response.
Is there any post-authentication mechanism I could use in FreeRadius to
revoke the authenticationi
"Chris Bshaw" <[EMAIL PROTECTED]> wrote:
> Is there any post-authentication mechanism I could use in FreeRadius to
> revoke the authenticationi.e. allow the user to authenticate long enough
> to make the checks over IP via an Exec-Program-Wait and if they fail the
> checks, freeradius 'tells
EMAIL PROTECTED] On Behalf Of Alan DeKok
> Sent: Wednesday, May 26, 2004 1:56 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Q]: Assigning VLANs and restricting logins?
>
> "Chris Bshaw" <[EMAIL PROTECTED]> wrote:
> > Is there any post-authentication mechanism I could u
> Would it be right to say that a RADIUS server in 802.1X authentication
> allows a client to be authenticated but can not unauthenticate a
> authenticated client and let the AP(Nas) know about this
> unauthentication. I guess it comes down to RADIUS server responds to
> clients but does not initia
> Well if the admin, instructs the NAS equipment to log-off all the
users
> your laptop should know immediately that its disassociated from the
wifi
> AP. When your laptop ties to log-on again, and makes that request to
the
> AP, the AP will contact the radius server again.
>
Admin can/would log
> Admin can/would log off the logged in clients on the domain that the
> RADIUS server resides. That's not a problem.
> But how does one tell NAS
> equipment about it? In my case, What would be the protocol to do ask
> NAS equipment to disassociate certain clients?
Obviously that depends from
> btw, if you don't tell the NAS equipment that a user should be
> logged-off you've done nothing by "Admin can/would log off the logged
in
> clients on the domain that the RADIUS server resides". What would that
> accomplish (I dont even understand how do you think that will work?!?)
>
Thanks.
"Htin Hlaing" <[EMAIL PROTECTED]> wrote:
> Would it be right to say that a RADIUS server in 802.1X authentication
> allows a client to be authenticated but can not unauthenticate a
> authenticated client and let the AP(Nas) know about this
> unauthentication.
Yes. This is in the FAQ. The RADIU
hi
strictly spoken, the server-to-client communication is not defined
within RADIUS protocol which follows the client-server comm. model.
this possibility does exist in DIAMETER (if you find an NAS which
understands it, please shout!)
practically, cisco does something like that in RADIUS (but i
Hi Alan
> 3. Is it possible using EAP/TLS to restrict how many times a station
with a
> particular certificate connects to the wireless net.i.e. if someone
> takes their certificate and installs it on 10 wireless machines, can I
> configure freeradius (and/or my access point) so that only
12 matches
Mail list logo
