Re: 802.1x with freeradius + PEAP + 3com Switch

2009-02-06 Thread Laurent CARON
t...@kalik.net wrote: That should be: ldap ldap1 { .. } ldap ldap2 { .. } What i wrote should go in the authorize section instead of ldap entry. Hi, Thanks a zillion times ;) Laurent - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

802.1x with freeradius + PEAP + 3com Switch

2009-02-05 Thread Laurent CARON
Hi, I managed to get authentication of users logged on Windows XP workstation to the network. The machine authentication (while booting) however fails thus preventing the users from retrieving their roaming profiles. Here is the relevant part of the log: Thu Feb 5 14:39:16 2009 : Debug:

Re: 802.1x with freeradius + PEAP + 3com Switch

2009-02-05 Thread tnt
It seems freeradius tries to authenticate the computer from the ou=People,dc=mydomain,dc=com. In radiusd.conf I have the following: ldap { server = 192.168.0.3 identity = uid=dot1x_read_user,ou=People,dc=mydomain,dc=com password = ldapreadpasswd basedn =

Re: 802.1x with freeradius + PEAP + 3com Switch

2009-02-05 Thread tnt
Make another ldap instance that has that basedn. Machine usernames have $ at the end - use unlang to test for that and switch ldap instance as required. I see how to create another instance but really don't see where and how to use unlang to switch between the 2 instances depending on the

Re: 802.1x with freeradius + PEAP + 3com Switch

2009-02-05 Thread Laurent CARON
t...@kalik.net wrote: regex. Thanks Ivan, Can you please give me some hint about what to put in config's stanzas ? Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 802.1x with freeradius + PEAP + 3com Switch

2009-02-05 Thread tnt
if(User-Name =~ /\$$/ ) { ldapmachine } else { ldapuser } Ivan Kalik Kalik Informatika ISP Dana 5/2/2009, Laurent CARON lca...@lncsa.com piše: t...@kalik.net wrote: regex. Thanks Ivan, Can you please give me some hint about what to put in config's stanzas ? Thanks - List

Re: 802.1x with freeradius + PEAP + 3com Switch

2009-02-05 Thread Laurent CARON
t...@kalik.net wrote: if(User-Name =~ /\$$/ ) { ldapmachine } else { ldapuser } in my radiusd.conf file I've got 2 stanzas like this: ldap { server = port = } ldap2 { server = port = } I did copy/paste the lines you gave me just

Re: 802.1x with freeradius + PEAP + 3com Switch

2009-02-05 Thread tnt
in my radiusd.conf file I've got 2 stanzas like this: ldap { server = port = } ldap2 { server = port = } I did copy/paste the lines you gave me just over the first server = ... line but it doesn't seem to do anything. Any clue ? That should be: