From: Alan Buxey a.l.m.bu...@lboro.ac.uk
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Sun, January 31, 2010 12:16:17 PM
Subject: Re: Allowing Access via 'users' when LDAP fails
Hi,
what switches? with Cisco you can use
From: Fajar A. Nugraha fa...@fajar.net
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Sun, January 31, 2010 11:43:20 AM
Subject: Re: Allowing Access via 'users' when LDAP fails
On Sun, Jan 31, 2010 at 10:16 PM, Amaru Netapshaak
Hi,
I'm using Cisco 3560G switches. If a client currently doesnt send EAPOL
packets
to the switch, the 'guest vlan' works perfectly.
However, my clients ARE dot1x capable, and DO send EAPOL packets to the switch
and that makes the switchport stay unavailable for too long while the switch
From: Alan Buxey a.l.m.bu...@lboro.ac.uk
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Mon, February 1, 2010 9:51:42 AM
Subject: Re: Allowing Access via 'users' when LDAP fails
Hi,
I'm using Cisco 3560G switches. If a client
list freeradius-users@lists.freeradius.org
Sent: Mon, February 1, 2010 9:51:42 AM
Subject: Re: Allowing Access via 'users' when LDAP fails
Hi,
I'm using Cisco 3560G switches. If a client currently doesnt send EAPOL
packets
to the switch, the 'guest vlan' works perfectly.
However, my clients
On Mon, Feb 1, 2010 at 10:50 PM, Amaru Netapshaak
postfix_am...@yahoo.com wrote:
Anyway, if you still need accept all, Alan's example should work.
Put something like this on authorize section
ldap
if (notfound) {
update control {
On Thu, Jan 28, 2010 at 4:12 AM, Amaru Netapshaak
postfix_am...@yahoo.com wrote:
Hello,
I've got FreeRADIUS querying an OpenLDAP server successfully. Users can login
and
their appropriate VLAN information is returned and everythings great. Right
now, if a user
isnt found in the LDAP
From: Fajar A. Nugraha fa...@fajar.net
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Sun, January 31, 2010 7:20:15 AM
Subject: Re: Allowing Access via 'users' when LDAP fails
On Thu, Jan 28, 2010 at 4:12 AM, Amaru Netapshaak
On Sun, Jan 31, 2010 at 10:16 PM, Amaru Netapshaak
postfix_am...@yahoo.com wrote:
I need a port to come up IMMEDIATELY on the restricted-vlan,
providing my clients with
a DHCP-assigned address, and then once they log in, their appropriate VLAN
info is found in LDAP via
FreeRADIUS and then the
Hi,
what switches? with Cisco you can use various fallthroughs - and you can
ensure that even the non 802.1X clients are catered for MAB will allow
you to send request to RADIUS server and then its your policy that matters..
eg
eg any MAC address, returns an ACCEPT but with a VLAN attribute.
From: Alan DeKok al...@deployingradius.com
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Thu, January 28, 2010 1:00:47 AM
Subject: Re: Allowing Access via 'users' when LDAP fails
Amaru Netapshaak wrote:
Right now, if a user
Hello,
I've got FreeRADIUS querying an OpenLDAP server successfully. Users can login
and
their appropriate VLAN information is returned and everythings great. Right
now, if a user
isnt found in the LDAP database, a reject is returned to the switch and the
port goes
offline. What I'd rather
Amaru Netapshaak wrote:
Right now, if a user
isnt found in the LDAP database, a reject is returned to the switch and
the port goes
offline. What I'd rather have,is RADIUS reply with a standard response
(if the LDAP
auth fails).
See doc/configurable_failover for over-riding return codes.
13 matches
Mail list logo