>Now I just have to figure out the authorization piece of the puzzle and I'll
>be golden.
>
Service-Type you should use and priv level avpairs should be described in
switch documentation. There is also a common Cisco configuration
described on freeradius wiki:
http://wiki.freeradius.org/index.ph
ilto:[EMAIL PROTECTED]
> eeradius.org] On Behalf Of [EMAIL PROTECTED]
> Sent: Thursday, December 04, 2008 10:35 AM
> To: FreeRadius users mailing list
> Subject: RE: Beating a dead horse, or freeradius 2.1.1 and
> active directory
>
> >Here is the first line in the users
>Here is the first line in the users file
>
>(quotes removed)
>rtest Auth-Type := ntlm_auth
>
>And here is the error that generates:
>
>/etc/raddb/users[1]: Parse error (check) for entry rtest: Unknown value
>ntlm_auth for attribute Auth-Type
>Errors reading /etc/raddb/users
>/etc/raddb/modules/
"ntlm_auth"
Radiusd starts normally.
> -Original Message-
> From:
> [EMAIL PROTECTED]
> .org
> [mailto:[EMAIL PROTECTED]
> eeradius.org] On Behalf Of [EMAIL PROTECTED]
> Sent: Thursday, December 04, 2008 2:14 AM
> To: freeradius-users@lists.freeradius.
PS. What is the error that you get when you remove quote around
ntlm_auth. For users file entry as is in the howto.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>There is an entry in the users file that states (according to the how to this
>can be used for testing)
>rtest Auth-type := "ntlm_auth"
>
But not on the first line. The debug you posted suggests that the first
line is:
rtest Auth-Type := Local
>>[files] users: Matched entry rtest at line 1
Ben Little wrote:
> Yeah, I'm not sure I want to use LDAP (clear text) for authentication.
LDAP is a database, not a password management system.
If the incoming Access-Requests contain clear-text passwords, then
there is no additional security problem when you check them against LDAP.
> I'
<[EMAIL PROTECTED]>
To: FreeRadius users mailing list
Sent: Wed Dec 03 18:10:09 2008
Subject: RE: Beating a dead horse, or freeradius 2.1.1 and active directory
>Rupert had mentioned in this thread that the switch is sending a PAP request
>and that it isn't being forwarded to the ntl
>Rupert had mentioned in this thread that the switch is sending a PAP request
>and that it isn't being forwarded to the ntlm_auth module because of that,
>which makes sense I suppose. I am wondering though is there a way to
>configure the radius server to forward (or proxy) authentication reque
iguration, and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules instead.
No "known good" password was configured for the user.
As a result, we cannot authenticate the user.
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
>Just so you know I'm *NOT* trying to configure 802.1x suplicant authentication
>here, I'm trying to configure radius authentication for administrative access
>to the vty lines of the cisco equipment in question. I've followed the
>"how-to" twice now, to the letter of the how-to and it's not wo
er 03, 2008 3:03 PM
To: FreeRadius users mailing list
Subject: Re: Beating a dead horse, or freeradius 2.1.1 and active
directory
Following on from this, I've just had a read of my radiusd.conf file.
I'd start by having a look at
freeradius-users-bounces+blittle=skylight.com@
>> lists.freeradius.org
>> [mailto:freeradius-users-bounces+blittle
>> [EMAIL PROTECTED] *On Behalf Of *Rupert Finnigan
>> *Sent:* Wednesday, December 03, 2008 2:04 PM
>> *To:* FreeRadius users mailing list
>> *Subjec
+blittle
> [EMAIL PROTECTED] *On Behalf Of *Rupert Finnigan
> *Sent:* Wednesday, December 03, 2008 2:04 PM
> *To:* FreeRadius users mailing list
> *Subject:* Re: Beating a dead horse, or freeradius 2.1.1 and active
> directory
>
> Hi,
>
> I'm not sure if what you&#x
Well that's certainly news to me...
# net ads testjoin
Join is OK
:-)
Just so you know I'm *NOT* trying to configure 802.1x suplicant authentication
here, I'm trying to configure radius authentication for administrative access
to the vty lines of the cisco equipment in question. I've followed
>[wbinfo -a test%test output]
>plaintext password authentication failed
>Could not authenticate user test%test with plaintext password
>challenge/response password authentication succeeded
>
>I'm not sure what I am missing here? Why isn't the login attempt on the switch
>being forwarded to active
Radius users mailing list
Subject: Re: Beating a dead horse, or freeradius 2.1.1 and active
directory
Hi,
I'm not sure if what you're doing is going to work.. You're trying to
use MS-CHAP to handle terminal session logins, I think.. Most o
Hi,
I'm not sure if what you're doing is going to work.. You're trying to use
MS-CHAP to handle terminal session logins, I think.. Most of the MS-CHAP
advise given so far is to get EAP working from a client, say a XP laptop
doing 802.1X to gain access to a switchport.
Someone will definitely corr
PAP is working:
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "secretz"
[pap] Using clear text password "secretz"
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending
>I'm attempting to configure freeradius to be used as a AAA mechanism for
>a bunch of cisco routers and switches, I have freeradius working
>correctly with local users however it appears that it is completely
>ignoring the mschap configuration that I've applied, I'm not sure why...
>
Because you h
Maybe that impression stems from reading on multiple sites (other than yours)
that the radiusd.conf shouldn't be modified and that the how-to says to add the
exec ntlm_auth and some other variables to the radiusd.conf, instead of to the
/modules subdir. Maybe I should just ignore the other info
Ben Little wrote:
> I'm attempting to configure freeradius to be used as a AAA mechanism for
> a bunch of cisco routers and switches, I have freeradius working
> correctly with local users however it appears that it is completely
> ignoring the mschap configuration that I've applied, I'm not sure w
22 matches
Mail list logo
