> I'm trying to use unlang to limit LDAP user's access to different
> network
> devices. Here is what I have so far in the site-enable/default:
>
> Auth-Type LDAP {
> ldap
>
> if(NAS-IP-Address == 10.1.1.1 && LDAP-Group ==
> 'RouterAdmin') {
>
hello,
I'm trying to use unlang to limit LDAP user's access to different network
devices. Here is what I have so far in the site-enable/default:
Auth-Type LDAP {
ldap
if(NAS-IP-Address == 10.1.1.1 && LDAP-Group ==
'RouterAdmin') {
ok
Hi all,
Could you please send the steps you followed to integrate Freeradius+Authentication.
thanks very much.
From: [EMAIL PROTECTED]Reply-To: freeradius-users@lists.freeradius.orgTo: freeradius-users@lists.freeradius.orgSubject: Freeradius-Users Digest, Vol 25, Issue 2Date: Tue, 01 M
Alan,
I try to understand I can only get answers from you guys when
available so yes I do go off and try random howtos (literally anything
I can find) I the hopes I learn a bit more.
But yes, I am now 100% clear on not setting Auth-Type.
Thanks again Alan.
On 4/24/07, Alan DeKok <[EMAIL PROTECTE
Jacob Jarick wrote:
> So the big question is, what Auth-Type do I use ?
You have been told that you should not set it. That means "You should
not set it". It does not mean "use another value".
> If LDAP is not permitted (still confuses me as I only need / want
> radius to authenticate against
Alan,
my test pc only supports PEAP over wireless and setup has to be wireless.
Removing "ldap" from the "authenticate" section causes an EAP error,
so I guess there is more configuration than simply removing /
commenting that section out.
I dont know how to not bind as a user when using FR + LD
So the big question is, what Auth-Type do I use ?
If LDAP is not permitted (still confuses me as I only need / want
radius to authenticate against LDAP) what Auth-Type do I set in the
users file so that Wireless users can authenticate using their ADS
username and passwords.
On 4/23/07, Jacob Jari
Forgive the newbie questions but I think its best to clear up confusion.
client -> cisco -> FR server = eap
FR -> ADS 2003 = pap
Is that correct or am I way off track.
On 4/23/07, Alan DeKok <[EMAIL PROTECTED]> wrote:
> Jacob Jarick wrote:
> > Thanks again Alan,
> > For reference the oriellys L
Jacob Jarick wrote:
> Thanks again Alan,
> For reference the oriellys LDAP book instructs you to set "Auth-Type
> := LDAP" so thats where I got the bad reference (perhaps other people
> to).
Yes. There is a LOT of documentation (web pages, etc.) that say to do
the wrong thing. It's unfortunate
Thanks again Alan,
For reference the oriellys LDAP book instructs you to set "Auth-Type
:= LDAP" so thats where I got the bad reference (perhaps other people
to).
Now lets see if I understood the tables correctly.
PAP is the only method that will support LDAP bind as user ?
I should comment out
Jacob Jarick wrote:
> My problem is the ldap password retrieved from the windows client is
> not being sent to the ldap server.
The problem is that you have configured "Auth-Type := LDAP", and then
sent the server an 802.1x authentication request. Do NOT set Auth-Type =
LDAP. This is repeated a
My problem is the ldap password retrieved from the windows client is
not being sent to the ldap server.
So I get that error when trying to login.
I have added
checkItem userPassword User-Password
but it still complains of the same error.
The weird thing is It was working fine friday.
Hi,
I'm a newbie for Freeradius.
I've implemented this type of structure:
APPLICATION --> PAM --> FREERADIUS --> SQL
I want substitute SQL with a LDAP backend; I don't need any type of
accounting; I just want that application check userid and password on my
LDAP server.
How ca
>
> delete from usergroup ;
> insert into usergroup (username,groupname)
values('fredf','ppp-unlimited');
> insert into usergroup (username,groupname) values('barneyr','ppp-static');
> insert into usergroup (username,groupname)
values('troll','ppp-unlimited');
> insert into usergroup (username,grou
Search the archives.
Just yesterday I sent another example of how to configure for sql, and
gave some sample
data.
Look for postgres, in the archives.
The same data works with MySQL and the only config change is to include
sql.conf
instead of postgresql.conf.
On the 20th I collected the most
it and hope it doesn't break.
Thanks for all your help.
Bob Ross
- Original Message -
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 21, 2004 2:20 PM
Subject: Re: Authentication Help
> "Bob Ross" <[EMAIL PRO
It tried to send everyone to the mySQL database. Doesn't check the local at
all.
- Original Message -
From: "Guy Fraser" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 21, 2004 3:05 PM
Subject: Re: Authentication Help
> Bob Ross w
I did. It doesn't work.
I commented out both lines on each one.
- Original Message -
From: "Guy Fraser" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 21, 2004 3:05 PM
Subject: Re: Authentication Help
> Bob Ross wrote:
>
> >Wh
Bob Ross wrote:
What is funny, whit checking the diffs on the files, the only thing
different is in the users file and used the prozy.conf this time also.
I was trying := System or := Local, or == Local. == System, or local on
first,
But they were always the same also on the Fall-Through either bo
usa1,usa2, etc...
Thanks
- Original Message -
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 21, 2004 2:20 PM
Subject: Re: Authentication Help
> "Bob Ross" <[EMAIL PROTECTED]> wrote:
> > Meaning, PA
Local
Fall-Through = 1
- Original Message -
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 21, 2004 2:20 PM
Subject: Re: Authentication Help
> "Bob Ross" <[EMAIL PROTECTED]> wrote:
> > Meaning, PAP wit
"Bob Ross" <[EMAIL PROTECTED]> wrote:
> Meaning, PAP with /passwd/shadow files and CHAP with the mySQL files?
I don't recall the details in 0.9.3, but in the latest CVS snapshot
this should work with minimal changes. Once you add the SQL
configuration, the server should do this automatically.
k" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 21, 2004 1:55 PM
Subject: Re: Authentication Help
> "Bob Ross" <[EMAIL PROTECTED]> wrote:
> > I deleted everything to start over again so it's a clean install. It's
about
> >
"Bob Ross" <[EMAIL PROTECTED]> wrote:
> I deleted everything to start over again so it's a clean install. It's about
> the third time.
That's part of your problem. There's no need to delete &
re-install. It's not Windows.
> Is there any docs or example raddb files that show what I'm trying to
s
Bob Ross
- Original Message -
From: "Milver S. Nisay" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 21, 2004 9:31 AM
Subject: Re: Authentication Help
> > Since I have only started working with FreeRadius, and have not touched
a
> > r
DeKok" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 21, 2004 10:47 AM
Subject: Re: Authentication Help
> "Bob Ross" <[EMAIL PROTECTED]> wrote:
> > I'm told I should be able to do PAP - CHAP on the same server, but have
been
"Bob Ross" <[EMAIL PROTECTED]> wrote:
> I'm told I should be able to do PAP - CHAP on the same server, but have been
> having one hard time doing so.
The server does this out of the box.
The larger problem is I don't think you're clear on WHY some
requests do PAP, and others do CHAP. If you
> Since I have only started working with FreeRadius, and have not touched a
> radius file for 7 years, I have to say No, because I have no idea what
your
> asking.
google helps both technical and non-technical on planet earth a REALLY lot.
you might want to share us your radiusd.conf and sql.conf
Since I have only started working with FreeRadius, and have not touched a
radius file for 7 years, I have to say No, because I have no idea what your
asking.
I did do what it said to about getting rid of the old files no longer used
and enabling the /etc/passwd - /etc/shadow - /etc/group files.
I
> I'm told I should be able to do PAP - CHAP on the same server, but have
been
> having one hard time doing so.
>
> Anyone have any examples or instruction to get this done. Right now we can
> only get it to do either one, not both.
have you tried combining or enabling both configuration with the
I'm told I should be able to do PAP - CHAP on the same server, but have been
having one hard time doing so.
Anyone have any examples or instruction to get this done. Right now we can
only get it to do either one, not both.
Meaning, PAP with /passwd/shadow files and CHAP with the mySQL files?
Any
OK, I enabled EAP in the authenticate and authorize section. Radius is
sending an EAP-MD5 Challenge but never receiving a response. Is this an
issue with the AP?
thanks
rick...
Rom.5:8
>>> [EMAIL PROTECTED] 01/25/04 9:32 AM >>>
Apparently I don't understand EAP and APs. Its not that the message i
Apparently I don't understand EAP and APs. Its not that the message is
unclear, the unclear part is why the User-Password is missing. I will
enable the eap module and see what happens.
thanks
rick...
Rom.5:8
>>> [EMAIL PROTECTED] 01/25/04 8:32 AM >>>
"Rick Whitley" <[EMAIL PROTECTED]> wrote:
> He
"Rick Whitley" <[EMAIL PROTECTED]> wrote:
> Here is another example of the debug output. If this is not enough
> information please let me know what I can send. Also we are using Cisco
> 350 APs.
Ok...
> rad_recv: Access-Request packet from host 10.5.10.2:1645, id=185,
> length=119
> Us
Here is another example of the debug output. If this is not enough
information please let me know what I can send. Also we are using Cisco
350 APs.
thanks
rad_recv: Access-Request packet from host 10.5.10.2:1645, id=185,
length=119
User-Name = "leec1779"
Framed-MTU = 1400
I am running freeradius 0.9.3 on RH 9. I am trying to get ldap
authorization and authentication. The debug output show the following:
rad_recv: Access-Request packet from host 10.5.10.24:2810, id=111,
length=147
User-Name = "ctd3"
Cisco-AVPair = "ssid=DBUACAD"
NAS-IP-Addres
36 matches
Mail list logo