Sven 'Darkman' Michels wrote:
> ...The
> only problem i had was "where to force the client cert when using
> eap/tls"
EAP-TLS *always* uses a client cert.
> which seems to work except that the cisco client simply don't offer a
> cert when using ttls. As far as i know, this requirement is not of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Alan DeKok wrote:
> Sven 'Darkman' Michels wrote:
>> But this works only on freeradius 2.x, doesn't it? Actually i have 1.1.0
>> from SLES10...
>
> Download the binary Suse packages: http://freeradius.org/download.html
>
> 1.1.0 is *very* ol
Sven 'Darkman' Michels wrote:
> But this works only on freeradius 2.x, doesn't it? Actually i have 1.1.0
> from SLES10...
Download the binary Suse packages: http://freeradius.org/download.html
1.1.0 is *very* old.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Alan,
Alan DeKok wrote:
> It all depends on how you set up your configuration.
Hehe, yeah, figured that out... ;)
> You can configure the LDAP queries to be run *only* after the TLS
> tunnel has been set up. See raddb/sites-available/inner-t
Sven 'Darkman' Michels wrote:
> Ok, i'll doublecheck that. But just a note: if i use the wrong cert and
> see a NACK message in the log - then my ttls failed and i shouldn't see
> a ldap query at all...?
It all depends on how you set up your configuration.
> Or do i missunderstand something her
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Alan DeKok wrote:
> Sven 'Darkman' Michels wrote:
>>> here we can CLEARLY see that EAP is done before LDAP
>> exactly, yeah, but the log says the other way around. I get a ldap
>> request, which succeeds and after that a tls NACK (due to no cert).
Sven 'Darkman' Michels wrote:
>> here we can CLEARLY see that EAP is done before LDAP
>
> exactly, yeah, but the log says the other way around. I get a ldap
> request, which succeeds and after that a tls NACK (due to no cert).
> I would expect its the other way around, shouldn't it?
Post the de
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
[EMAIL PROTECTED] wrote:
> no, IGNORE the modules seciton - that just configures the modules.
> LOOK at your config
>
> authorize {
> preprocess
> eap
> ldap
> }
> authenticate {
> eap
> Auth-Type LDAP {
>
Hi,
> erm? so, the sections are used from down to top? *scratches head*
no, IGNORE the modules seciton - that just configures the modules.
LOOK at your config
authorize {
preprocess
eap
ldap
}
authenticate {
eap
Auth-Type LDAP {
ldap
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
[EMAIL PROTECTED] wrote:
>> Beside that, i noticed that when using a wrong ssl cert and user+pw
>> (to get vlan300) freeradius *first* checks the edirectory, and THEN
>> the eap/ttls stuff - shouldn't this be exactly the other way around?
>
> err
Hi,
> Beside that, i noticed that when using a wrong ssl cert and user+pw
> (to get vlan300) freeradius *first* checks the edirectory, and THEN
> the eap/ttls stuff - shouldn't this be exactly the other way around?
err, no, because you have told it to behave like this. change
the order of the mo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi there,
we use Freeradius (1.1.0 from sles10) to provide 802.1x on all wired
switches in the company. As backend we have Novell eDir where all users
are stored. We also use per user vlans, which are stored in the eDir.
This setup is working so far.
12 matches
Mail list logo