On Tue, Jul 17, 2012 at 2:55 PM, Kaya Saman kayasa...@gmail.com wrote:
[...]
# cat users | more
0015c5537baa Cleartext-Password := 0015c5537baa
Tunnel-Type:0 = VLAN,
Tunnel-Medium-Type:0 = IEEE-802,
Tunnel-Private-Group-Id:0 = 3,
Tunnel-Preference =
So now for my Cisco lines I have this:
radius-server dead-criteria time 30 tries 3
radius-server host 10.0.0.90 auth-port 1812 acct-port 1813 non-standard key
pass
radius-server retransmit 6
radius-server timeout 10
radius-server vsa send accounting
radius-server vsa send
Hi,
radius-server dead-criteria time 30 tries 3
radius-server host 10.0.0.90 auth-port 1812 acct-port 1813 non-standard key
pass
radius-server retransmit 6
radius-server timeout 10
radius-server vsa send accounting
radius-server vsa send authentication
interface GigabitEthernet0/13
On Thu, Jul 19, 2012 at 10:20 AM, alan buxey a.l.m.bu...@lboro.ac.uk wrote:
Hi,
radius-server dead-criteria time 30 tries 3
radius-server host 10.0.0.90 auth-port 1812 acct-port 1813 non-standard key
pass
radius-server retransmit 6
radius-server timeout 10
radius-server vsa send
Hi,
I am even considering an upgrade of IOS to version 15.0 (if my switch
will run it) as older IOS images tend to occassionally have issues
with certain things I have found??
havr been happily doing MAB and 802.1x on cisco switches running 12.1
and 12.2 as well as 15.
FreeRADIUS , from
On Thu, Jul 19, 2012 at 11:02 AM, alan buxey a.l.m.bu...@lboro.ac.uk wrote:
Hi,
I am even considering an upgrade of IOS to version 15.0 (if my switch
will run it) as older IOS images tend to occassionally have issues
with certain things I have found??
havr been happily doing MAB and 802.1x
On Thu, Jul 19, 2012 at 11:28 AM, Kaya Saman kayasa...@gmail.com wrote:
On Thu, Jul 19, 2012 at 11:02 AM, alan buxey a.l.m.bu...@lboro.ac.uk wrote:
Hi,
I am even considering an upgrade of IOS to version 15.0 (if my switch
will run it) as older IOS images tend to occassionally have issues
Hi Alan,
sorry for the mishaps yesterday..
On Mon, Jul 16, 2012 at 4:20 PM, alan buxey a.l.m.bu...@lboro.ac.uk wrote:
[...]
By placing the entry you suggested at the top of the /etc/raddb/users
file and restarting the server I got this:
well, no you didnt...or rather, if you did stick
[...]
# cat users | more
0015c5537baa Cleartext-Password := 0015c5537baa
Tunnel-Type:0 = VLAN,
Tunnel-Medium-Type:0 = IEEE-802,
Tunnel-Private-Group-Id:0 = 3,
Tunnel-Preference = 0x00
[...]
I managed to figure the issue of **authentication**
On Fri, Jul 13, 2012 at 8:09 PM, alan buxey a.l.m.bu...@lboro.ac.uk wrote:
Hi,
you have defined the usual bits eg
aaa new-model
!
!
aaa authentication dot1x default group radius
aaa accounting dot1x default start-stop group radius
aaa accounting dot1x system start-stop group radius
and
Hi,
Issuing 'radius -X' still isn't showing anything :-(
radiusd -X ?
please ensure you are trying to runt he right command
if you dont see anything on the output when client connection attempts are made,
then you have a problem elsewhere on the network or on the NAS you could
try
On Mon, Jul 16, 2012 at 9:20 AM, alan buxey a.l.m.bu...@lboro.ac.uk wrote:
Hi,
Issuing 'radius -X' still isn't showing anything :-(
radiusd -X ?
please ensure you are trying to runt he right command
Sorry that was a typo!!
This is the output I get when command run:
radiusd:
Hi,
i tried this, I used 'debug radius verbose' but the log doesn't come
up with anything at all; just:
debug mab all
debug dot1x all
however, you are just doing MAB IIRC - and thats just like PAP - very basic and
simple and I'm sure you also have to add 'mab' to your interface config eg
On Mon, Jul 16, 2012 at 11:03 AM, alan buxey a.l.m.bu...@lboro.ac.uk wrote:
Hi,
i tried this, I used 'debug radius verbose' but the log doesn't come
up with anything at all; just:
debug mab all
debug dot1x all
however, you are just doing MAB IIRC - and thats just like PAP - very basic
On Mon, Jul 16, 2012 at 11:47 AM, Kaya Saman kayasa...@gmail.com wrote:
On Mon, Jul 16, 2012 at 11:03 AM, alan buxey a.l.m.bu...@lboro.ac.uk wrote:
Hi,
i tried this, I used 'debug radius verbose' but the log doesn't come
up with anything at all; just:
debug mab all
debug dot1x all
Hi,
rad_recv: Access-Request packet from host 10.0.0.1 port 1645, id=3,
length=162
User-Name = 0015c5537baa
User-Password = 0015c5537baa
note those 2 lines - the USer-Name is the MAC address in that format. the
passwors is
the same.
[eap] No EAP-Message, not doing
On Mon, Jul 16, 2012 at 2:33 PM, alan buxey a.l.m.bu...@lboro.ac.uk wrote:
Hi,
rad_recv: Access-Request packet from host 10.0.0.1 port 1645, id=3,
length=162
User-Name = 0015c5537baa
User-Password = 0015c5537baa
note those 2 lines - the USer-Name is the MAC address in
Hi,
Poking around in the radiusd.conf file I checked the section modules
which looks like this:
yes...thats just for the module config - you then need
to call that module - ensure that sql is not commented out in
sites-enabled/default
The modules look like so:
raddb]# ls modules/
Kaya Saman wrote:
On Mon, Jul 16, 2012 at 2:33 PM, alan buxey a.l.m.bu...@lboro.ac.uk wrote:
...
put this at the top of the 'users' file and restart the server
...
Poking around in the radiusd.conf file I checked the section modules
Follow instructions or you will be unsubscribed and banned
Hi Alan,
I really do apologize for things not working and thank you for your
patience so far!
On 07/16/2012 05:31 PM, Alan DeKok wrote:
Kaya Saman wrote:
On Mon, Jul 16, 2012 at 2:33 PM, alan buxey a.l.m.bu...@lboro.ac.uk wrote:
...
put this at the top of the 'users' file and restart
Kaya Saman wrote:
There is a file in the raddb directory named users.
I **DID** do this... !!
You didn't SAY that. You were told to edit the users file.
Instead, you went on a long round-about adventure, looking at other files.
There's no need to be so severe as the ban me!
Hi,
I've created a server running CentOS 6.2 and FreeRADIUS 2.1.10-5. I
also have installed the latest DaloRADIUS on the system to provide a
web UI since ultimately that is where people will be provisioning
systems from of which I believe it is installed correctly.
I also have a Cisco 3560G
radiusd -X
...will print all output to the terminal it wad run in. That will show you the
workings
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Fri, Jul 13, 2012 at 5:35 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
radiusd -X
...will print all output to the terminal it wad run in. That will show you
the workings
alan
Yep, I did suggest this previously that I used this.
It doesn't show anything at all apart from
Hi,
The very last line of startup output will say
Ready to process requests
If you get NOTHING else then the server is not getting any packets through to
it...which is either something simple such as the built in firewall of cents
(edit the firewall using your favourite method to allow UDP
On Fri, Jul 13, 2012 at 5:43 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
Hi,
The very last line of startup output will say
Ready to process requests
If you get NOTHING else then the server is not getting any packets through
to it...which is either something simple such as the built in
On 13/07/12 18:26, Kaya Saman wrote:
On Fri, Jul 13, 2012 at 5:43 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
Hi,
The very last line of startup output will say
Ready to process requests
If you get NOTHING else then the server is not getting any packets through
to it...which is either
If you get no output to screen then it doesn't matter if the RADIUS server
config is wrong as you've got problem elsewhere. Ha e you checked your firewall
on the server, I don't give answers to be randomly skipped over. To verify you
can send radius requests from another computer..eg using
On Fri, Jul 13, 2012 at 6:43 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
If you get no output to screen then it doesn't matter if the RADIUS server
config is wrong as you've got problem elsewhere. Ha e you checked your
firewall on the server, I don't give answers to be randomly skipped over.
Hi,
you have defined the usual bits eg
aaa new-model
!
Hi,
I know this subject have been brought up but I'm kind of stuck and I hope
I can get a little help.
I am trying to assign vlans from freeradius to a cisco 3550 switch but its
not working.
I keep getting the following in the debug in the switch:
3w6d: RADIUS: Tunnel
/25/12 10:36 AM, alan buxey a.l.m.bu...@lboro.ac.uk wrote:
Hi,
I know this subject have been brought up but I'm kind of stuck and I
hope
I can get a little help.
I am trying to assign vlans from freeradius to a cisco 3550 switch
but its
not working.
I keep getting the following
On 04/25/2012 08:52 AM, Wassim Zaarour wrote:
Hi Alan and thanks for your reply,
I changed it as you suggested and I still got the same behavior:
You're sending the right replies; the problem is with the NAS. Suggest
you consult the Cisco docs.
The 3550 is an older switch; are you sure it
Hi Phil,
Look at this
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg40162.
html
The user says that it worked, I tried the attributes he used and still got
the same error.
On 4/25/12 11:10 AM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 04/25/2012 08:52 AM,
@lists.freeradius.org
[mailto:freeradius-users-bounces+davidp=wirelessconnections.net@lists.freera
dius.org] On Behalf Of Wassim Zaarour
Sent: Wednesday, April 25, 2012 1:56 AM
To: FreeRadius users mailing list
Subject: Assign VLAN from freeradius to Cisco 3550 switch.
Hi all,
I know this subject have been
On 25/04/12 09:28, Wassim Zaarour wrote:
Hi Phil,
Look at this
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg40162.
html
The user says that it worked, I tried the attributes he used and still got
the same error.
Then logically, the problem is at your end. Check the
: Wednesday, April 25, 2012 1:50 PM
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Subject: RE: Assign VLAN from freeradius to Cisco 3550 switch.
I am seeing EAP in the messages. Have you enabled EAP in your inner-tunnel
or at all in your config?
Either way this seems pretty
Wassim Zaarour wrote:
Look at this
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg40162.html
The user says that it worked, I tried the attributes he used and still got
the same error.
I don't even know how this was ever working for that user. On my wired switch
Hi Brian,
Thanks for your reply, where do I exactly need to put this configuration?
In the users file?
Do you have any experience with the 2960 switches?
Wassim
On 4/25/12 4:07 PM, Brian Julin bju...@clarku.edu wrote:
Wassim Zaarour wrote:
Look at this
Hi,
Thanks for your reply, where do I exactly need to put this configuration?
In the users file?
I can tell you right now that you dont need that hack to assign VLANs on cisco
switches (well, not if you are running reasonably up to date firmware on the
cisco devices anyway - ie something less
Alan Buxley wrote
I can tell you right now that you dont need that hack to assign VLANs on cisco
switches (well, not if you are running reasonably up to date firmware on the
cisco devices anyway - ie something less than 2 years old)
The latest public firmware for the 3550 is 3+ years old,
Hi,
I use freeradius with cisco access point and vlans assignment, work fine
but now I try to use Cisco Wireless Controller and the vlan assignment dont
work.
Can you help me?
I send the logs:
Many thanks!
Log without acces points and wireless controller:
server inner-tunnel
On 18/04/12 16:24, Martin Silvero wrote:
Hi,
I use freeradius with cisco access point and vlans assignment, work fine
but now I try to use Cisco Wireless Controller and the vlan assignment
dont work.
Can you help me?
If you are sending the VLAN attributes, then FreeRADIUS is working.
Check
Those logs don't show anything useful. Cisco wireless controllers work fine
with freeradius, we've been using them since day 1 with our FR through the
years.
What attributes are you sending and is the WLAN configured for vlan override if
you are assigning vlan by FR?
alan
--
This smartphone
On Wed, Apr 18, 2012 at 12:24:46PM -0300, Martin Silvero wrote:
I use freeradius with cisco access point and vlans assignment, work fine
but now I try to use Cisco Wireless Controller and the vlan assignment dont
work.
Make sure your Access-Accept packet has the following AV pairs:
Tunnel
hi all,
how to setup url-redirect with cisco 3550? I tried it with:
EAP-MD5,cisco 3550,freeradius 2.1.11, but failed;
my users:
testuser Cleartext-Password := testuser
cisco-avpair = url-redirect=http://10.32.9.41;,
cisco-avpair += url-redirect-acl=redirect_acl
Erisan Nyamutenha wrote:
... In the failed attempts logs on the ACS it says bad
username or password. i'm pretty sure im using the correct password. Is
there any reason why this should not work? I've posted my logs below:-
See the logs from ACS. Looking at the logs from FreeRADIUS is
Erisan Nyamutenha erisan.nyamute...@uct.ac.za wrote:
I am setting up an Eduroam authentication server using FreeRadius 2.1.1
on Suse Linux 12.
Do you mean 2.1.10? If not, upgrade to 2.1.10.
I am proxying authentication requests to a Cisco ACS. When testing
using radtest from the
Hi,
as per message previously sent, 'eduroam' SSID must be all lowercase.
and thats a MUST. SSID are case sensitive...if you have Eduroam then all
visiting clients
will need to be reconfigured to use it.
Suse Linux 12. I am proxying authentication requests to a Cisco ACS. When
testing
Hello All,
I am setting up an Eduroam authentication server using FreeRadius 2.1.1
on Suse Linux 12. I am proxying authentication requests to a Cisco ACS.
When testing using radtest from the FreeRadius box authentication is
proxyed to ACS fine and i get an access-accept back. However when i try
Hi,
During a rebuild of our Radius servers from an old freeradius 1.x install to
2.1.10, we've lost ability to push multiple usergroups to our Cisco LNS:
MySQL:
radcheck:
id UserNameAttribute op Value
9791t...@realm Password:= {clear}somepass
SQL log attached:
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 't...@realm' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM
Jevos, Peter wrote:
Hi Alan, , thanks , I’ve read it but it’s too complicated and I’m
missing more examples of configurations
The raddb directory *does* come with examples.
If anybody help me with the syntax and code location with this issue:
Sorry, but:
1) the unlang documentation
Thank you phill, that's great help, but it still doesn't work as it
should.
Now I don't know how should I adjust the users file : )
I used
if ((NAS-IP-Address == 1.1.1.1) %{mschap:NT-Domain} =
vipdomainuser)) {
update control {
Auth-Type := ntlm_auth_vip
Jevos, Peter wrote:
Thank you phill, that's great help, but it still doesn't work as it
should.
Now I don't know how should I adjust the users file : )
You don't. The messages on this list should make it *very* clear that
updating the authorize section is all that is necessary.
With this
As a hint, if you don't implement a rule for a different NT-Domain,
then the rules for that different NT-Domain won't be applied. Because
they don't exist.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thank you Alan , it makes sense. But it
Jevos, Peter wrote:
Thank you Alan , it makes sense. But it doesn't solve my problem
(1) Edit your responses. It shows consideration for other people
(2) pick one problem at a time. Changing the problem midway in a
conversation makes it look like you don't care about the solution to the
Jevos, Peter wrote:
Fall-through attribute doesn’t work in this case, cause it is “falling”
all the time ( even though it matches the condition )
You're not getting what I'm saying. The users file does *not* run
during the authenticate phase. So it makes no sense to ask about
modifying the
Jevos, Peter wrote:
First, edit your posts to delete unneeded text. Repeating all of the
message you're replying to is unfriendly.
I agree with you , regarding the logic when the packet looks like X, choose
A. When it looks like Y, choose B
I sit possible to apply it ? Which files should
See man unlang. Put the logic into raddb/sites-available/default,
the authorize section.
Uh... read the debug output, and look at the files in the raddb
directory. The directory has more than *one* file. This should be a
hint that the users file doesn't solve everything.
Alan
On 11/11/10 15:49, Jevos, Peter wrote:
See man unlang. Put the logic into raddb/sites-available/default,
the authorize section.
Uh... read the debug output, and look at the files in the raddb
directory. The directory has more than *one* file. This should be a
hint that the users file
Jevos, Peter wrote:
How can I skip to the second DEFAULT if the first DEFAULT doesn’t pass ?
Use the Fall-Through attribute. See comments in the default users
file.
So if request comes from the 10.1.1.2 and user doesn’t pass through
authentication, it should be forwarded to another DEFAULT
Jevos, Peter wrote:
How can I skip to the second DEFAULT if the first DEFAULT doesn’t pass ?
Use the Fall-Through attribute. See comments in the default users
file.
So if request comes from the 10.1.1.2 and user doesn’t pass through
authentication, it should be forwarded to
Jevos, Peter wrote:
Fall-through attribute doesn’t work in this case, cause it is “falling”
all the time ( even though it matches the condition )
You're not getting what I'm saying. The users file does *not* run
during the authenticate phase. So it makes no sense to ask about
modifying the
Hi
How can I skip to the second DEFAULT if the first DEFAULT doesn't pass ?
So if request comes from the 10.1.1.2 and user doesn't pass through
authentication, it should be forwarded to another DEFAULT ( with the
vpn_auth_name authentication).
Now it stops at the first DEFAULT
DEFAULT
Hi , I tried to setup configuration from different sources from the
web, but it's not easy
I have cisco vpn access server where are more IPSEC proflles ( groups ).
They should be authenticated against Freeradius.
One profile called Group1 should be authenticated against ntlm_auth_vpn
(
On 04/11/10 10:41, Jevos, Peter wrote:
However this config doesn’t work, debug lokks strange ( takes only first
Cisco Avpair attribute ), probably something wrong In the config
Send the full debug output, as asked frequently on this list.
-
List info/subscribe/unsubscribe? See
On 04/11/10 10:41, Jevos, Peter wrote:
DEFAULT Auth-Type := ntlm_auth_vpn, NAS-IP-Address == 10.1.1.252
Tunnel-Type = ESP,
Tunnel-Private-Group-ID = Group1,
Tunnel-Password = cisco,
Cisco-Avpair=ipsec:dns-servers=10.1.1.6 10.1.1.7,
Cisco-Avpair=ipsec:addr-pool=vpn_pool,
This wrong; you want:
On 04/11/10 10:41, Jevos, Peter wrote:
DEFAULT Auth-Type := ntlm_auth_vpn, NAS-IP-Address == 10.1.1.252
Tunnel-Type = ESP,
Tunnel-Private-Group-ID = Group1,
Tunnel-Password = cisco,
Cisco-Avpair=ipsec:dns-servers=10.1.1.6 10.1.1.7,
Cisco-Avpair=ipsec:addr-pool=vpn_pool,
This wrong; you
On 04/11/10 15:25, Jevos, Peter wrote:
On 04/11/10 10:41, Jevos, Peter wrote:
DEFAULT Auth-Type := ntlm_auth_vpn, NAS-IP-Address == 10.1.1.252
Tunnel-Type = ESP,
Tunnel-Private-Group-ID = Group1,
Tunnel-Password = cisco,
Cisco-Avpair=ipsec:dns-servers=10.1.1.6 10.1.1.7,
Cisco-AVpair += 2nd:attribute
This is documented in the manpage and docs.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Thank you, it helped but it still doesn't work as I wished:
All I need is:
When request comes from 10.1.1.252 and
On 04/11/10 15:52, Jevos, Peter wrote:
Dear Phil , thank you ,
I removed Fall through parameter, it works partially, when user comes
from the address 10.1.1.252 and Tunnel-Private-Group-ID is not Group1,
it takes the Auth-Type := ntlm_auth_vpn ( which is wrong ), and not
Auth-Type :=
On 04/11/10 15:52, Jevos, Peter wrote:
Dear Phil , thank you ,
I removed Fall through parameter, it works partially, when user
comes
from the address 10.1.1.252 and Tunnel-Private-Group-ID is not Group1,
it takes the Auth-Type := ntlm_auth_vpn ( which is wrong ), and not
Auth-Type :=
On 04/11/10 16:15, Jevos, Peter wrote:
Thank fo your reply, hoever as you can see from my previous posts, I did
it:
Frankly I find your posts confusing; your email client doesn't quote
properly and mangles the text wrapping, so I had no way to be sure.
Post full debug output of a failing
On 04/11/10 16:15, Jevos, Peter wrote:
Thank fo your reply, hoever as you can see from my previous posts, I
did
it:
Frankly I find your posts confusing; your email client doesn't quote
properly and mangles the text wrapping, so I had no way to be sure.
Post full debug output of a failing
Hi.
Valid CA is the one that issued radius server certificate. Just import it to
trusted CAs list.
Bye,
M.
Is mandatory for an XP machine to authenticate the server certificate to a
valid CA?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks
I have to import root CA certificate or server certificate to XP CA trusted
lists?
On Fri, Oct 1, 2010 at 9:22 AM, Matija Levec matija.le...@astec.si wrote:
Hi.
Valid CA is the one that issued radius server certificate. Just import it
to trusted CAs list.
Bye,
M.
Is mandatory
Thanks
Hi
After multiple issues I found a partial solution, but not the best.
I unselect validate server certificate in the XP client.
After doing that, the client authenticates. I know that this is a very
dangerous practice.
Is mandatory for an XP machine to authenticate the server
You say you are trying to setup eap-tls and you have client certs - so you
probably also want to set client to eap-tls (smart card or other certificate in
windows world).
Check you installed proper CA certs on both client and server if you are
checking them (which I guess you should). 'PEAP or
I still can't find solution to my problem in documentation.
The microsoft documentation refers to a XP SP2 issue, but I'm testing with
XP SP3.
I made my own CA certificate, I don't know if this is the problem.
Someone can help me?
Thanks
On Fri, Sep 24, 2010 at 5:38 AM, Alan DeKok
I tried to apply the hotfix but it was included in SP3. The laptop has
Windows XP SP3.
xpextensions is added to the certificate.
What's mean [tls] eaptls_process returned 13?
default_eap_type = peapmust be set tp peap or tls?
Thanks
On Tue, Sep 28, 2010 at 8:30 AM, Esteban TALAVERA
Esteban TALAVERA wrote:
I configured a freeradius server with EAP_TLS to authenticate clients
that connects to Cisco AP.
When I run freeradius -X I got a lot of activity output but the client
is still trying to authenticate
Which says:
Sending Access-Challenge of id 51 to 192.168.X.X
Hi
I configured a freeradius server with EAP_TLS to authenticate clients that
connects to Cisco AP.
When I run freeradius -X I got a lot of activity output but the client is
still trying to authenticate
I post last lines from the server's output
I see the port of Access-request es 1645 but I
Jevos, Peter wrote:
How should look like the ntlm_auth file ? How should look like mschap
module ?
How should look like parameter --require-membership-of in these files
?
How should look like users file ?
These answers I was not able to find in any documentation
Read the URLs from the
is configured and working well with the IAS
radius server.
I was solving the freeradius againts the cisco. To be honest, i still cannot
understand what should contain users file, and other files.
One example how to configure the users file and other files would be enough
winmail.dat-
List info
Jevos, Peter wrote:
However I was not able to find in these links anything about the
--require-membership-of
See the man page for ntlm_auth. It is just a Unix command that can
be run, like anything else.
and the vpn cisco client example
(also find on these pages found nothing :)
That's
is configured and working well with the
IAS radius server.
I was solving the freeradius againts the cisco. To be honest, i still cannot
understand what should contain users file, and other files.
One example how to configure the users file and other files would be enough
The users file contains
Hello friends
I was reading few tutorials regarding the Cisco authetication against
Freeradius and Windows AD.
Actually I'm not really clever, because main tutorial on the main pages
is connected with the older version , and there are more version of the
Freradius 2.0, a bit different:
http
On Fri, Jul 2, 2010 at 6:43 PM, Jevos, Peter peter.je...@oriflame.com wrote:
Actually I’m not really clever, because main tutorial on the main pages is
connected with the older version , and there are more version of the
Freradius 2.0, a bit different:
Hi thank you for your email.
So as I said before , I have working ntlm_auth in the form of:
Linux#/usr/bin/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=MYNAME
--require-membership-of='DOMAIN+DOMAIN_GROUP'
That works from the command line.It returns OK status
So now, I have about 60
Jevos, Peter wrote:
How should look like the ntlm_auth file ? How should look like mschap module
?
How should look like parameter --require-membership-of in these files ?
How should look like users file ?
These answers I was not able to find in any documentation
Read the URLs from the
Hi All. This is my attempt at giving back to the freeradius community.
Maybe others will find my configuration useful in their efforts.
I'm a network guy, and I do quite a bit of consulting work for various
companies. I have a customer in particular who (prior to this) was
using a very out-of-date
Ugh. Please ignore my previous post to the list, gmail 'plain text' mode ate
most of the message.
All, this is my attempt at giving back to the freeradius community. Maybe
others will find my configuration useful in their efforts.
I'm a network guy, and I do quite a bit of consulting work for
freeradius-users@lists.freeradius.org
Sent: Thursday, August 20, 2009 9:44:38 AM GMT -05:00 US/Canada Eastern
Subject: Freeradius and Cisco
HelloI
I have been testing with my freeradius and cisco devices, such as
switches, firewalls, acces points, ...
Now, I´m able to configure users validation
: Freeradius and Cisco
HelloI
I have been testing with my freeradius and cisco devices, such as
switches, firewalls, acces points, ...
Now, I´m able to configure users validation through freeradius with
Access Points and Peap.
Get shell acces to cisco devices and establish the level privilege
HelloI
I have been testing with my freeradius and cisco devices, such as
switches, firewalls, acces points, ...
Now, I´m able to configure users validation through freeradius with
Access Points and Peap.
Get shell acces to cisco devices and establish the level privilege of
them with freeradius
. ;)
--Nick
- Original Message -
From: Rokkhan rokk...@gmail.com
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Thursday, August 20, 2009 9:44:38 AM GMT -05:00 US/Canada Eastern
Subject: Freeradius and Cisco
HelloI
I have been testing with my freeradius
, Cisco NAS, freeradius and ldap. The
freeradius server is installed and configured, it can process requests from
command line.
The problem is that the Cisco VPN client uses a group name+password pair.
The username is given to the NAS with the password cisco, and the
username/password pair should
Hi
I use FreeRadius for authenticate my IPSEC VPN User on a Cisco ASA.
I search to know if it's possible:
- Get Accounting for know:
Login connection Start
Login stop and time connected
and if possible the number of Ko used
- Use FreeRadius for IP Pool:
I use FreeRadius for authenticate my IPSEC VPN User on a Cisco ASA.
I search to know if it's possible:
- Get Accounting for know:
Login connection Start
Login stop and time connected
and if possible the number of Ko used
Yes. You have example configuration on
1 - 100 of 156 matches
Mail list logo