of EAP peer with support for software-simulated
SIM/USIM authentication. hlr_auc_gw in hostapd (as a RADIUS/EAP server)
implements same for EAP-SIM/AKA/AKA' server.
- Jouni
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Looking for someone to test some new code (in master branch).
Someone [1] has claimed to of decompiled a SIM validation program to
figure out the algorithms for Comp128-2 and Comp128-3.
The reason why this is particularly useful, is because Comp128-1 is
horribly broken, and versions 2 and 3
Note: Comp128-4 (milenage) is still unknown (please contact one of the
developers
if you have access to it's specification), but just algorithms 1-3 are still
useful.
Actually it's not, it's published in the 3GGP standards, neat :)
Arran Cudbard-Bell a.cudba...@freeradius.org
On 24 Sep 2013, at 18:12, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
Note: Comp128-4 (milenage) is still unknown (please contact one of the
developers
if you have access to it's specification), but just algorithms 1-3 are still
useful.
Actually it's not, it's published in
Sample client that I wrote on Solaris using JRadius APIs is able to get
authenticated from a FreeRadius server running on Linux.
However, the password was passed as clear text?
What is the strongest encryption supported in JRadius for password encrypting /
hashing?
Is there a document that I
Hi,
Can i know the reason why SNMP support in Free Radius was broken.
Which is the last version of Free radius having SNMP support.
Also want to know which version of Free Radius has trigger.conf enabled.
Please help for the above information
Thanks amp; Regards
Manjunath-
List info
Am Donnerstag, 18. Juli 2013, 07:43:24 schrieb manjunath uthappa ponnachana:
Hi,
Can i know the reason why SNMP support in Free Radius was broken.
SMUX was a old interface between the ucd-snmp Master Agent. Since ucd-snmp
became net-snmp and the modern interface is AgentX, it seems
On 18 Jul 2013, at 08:43, manjunath uthappa ponnachana
pu_manjun...@rediffmail.com wrote:
Hi,
Can i know the reason why SNMP support in Free Radius was broken.
Kittens! They attacked the source code with their tiny claws and gnashing teeth.
Which is the last version of Free radius
...@rediffmail.com wrote:
Hi,
Can i know the reason why SNMP support in Free Radius was broken.
Kittens! They attacked the source code with their tiny claws and gnashing
teeth.
Which is the last version of Free radius having SNMP support.
There's a script in scripts to proxy between snmp and status
Am Donnerstag, 18. Juli 2013, 06:30:19 schrieb Bruce Nunn:
To get by the work of those kittens I set up a remote login to run radmin
commands and parse the output so it is suitable for mrtg. It has worked
well for me.
Ever tried the extend config option of the net-snmp agent?
It executes
Hi,
To get by the work of those kittens I set up a remote login to run radmin
commands and parse the output so it is suitable for mrtg. It has worked well
for me.
I use the munin plugin to graph auths/accts
alan
-
List info/subscribe/unsubscribe? See
I started working on DDDS support a while back and the code is to the
point where I can swallow my pride enough to let other people see it.
It is far from completely debugged/tested, and it is just the analogue to
rlm_realm for DDDS -- it does nothing but create some attributes and
will be moot
Hi,
Can i know the reason why SNMP support was broken in Free Radius version 2 and
later.
Thanks amp; Regards
ManjunathFrom: Alan DeKok lt;al...@deployingradius.comgt;Sent: Sat, 01 Jun
2013 04:13:03 To: pu_manjun...@rediffmail.com, FreeRadius users mailing list
lt;freeradius-users
Hello everyone,
Has anyone tried added BCrypt password hash support to Freeradius? We're trying
to move to a more secure way of storing passwords and BCrypt seems to be highly
recommended.
-Jason
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
R. Jason Adams wrote:
Has anyone tried added BCrypt password hash support to Freeradius? We're
trying to move to a more secure way of storing passwords and BCrypt seems to
be highly recommended.
It should be easy enough to do. Just poke rlm_pap to support it.
rlm_pap already does 5-10
On 31 May 2013, at 01:46, manjunath uthappa ponnachana
pu_manjun...@rediffmail.com wrote:
Hi,
As per freeradius website freeradius.org, Native SNMP support in FreeRADIUS
version 2 and later is broken.
I wanted to know whether in newer/latest versions of free radius SNMP support
manjunath uthappa ponnachana wrote:
As per freeradius website freeradius.org
Native SNMP support in FreeRADIUS version 2 and later is broken.
Version 2 does support SNMP via a Perl script. It's not perfect, but
it works.
I wanted to know whether in newer/latest versions of free radius SNMP
Hi,
As per freeradius website freeradius.org, Native SNMP support in FreeRADIUS
version 2 and later is broken.I wanted to know whether in newer/latest versions
of free radius SNMP support will be there. Also wanted to know whether using
free Radius traps can be send to NMS. If possible what
] On Behalf Of Phil Mayers
Sent: 20 May 2013 10:51
To: freeradius-users@lists.freeradius.org
Subject: Re: Does freeradius support EAP PEAP/TLS or EAP PEAP/EAP-TLS ?
On 20/05/13 09:02, Robert wrote:
Hi
I use freeradius v2.1.10 in Debian Squeeze 6.0.1.
I want to know if freeradius supports
@lists.freeradius.org
[mailto:freeradius-users-bounces+robert_chen=favite@lists.freeradius.org
] On Behalf Of Phil Mayers
Sent: Monday, May 20, 2013 5:51 PM
To: freeradius-users@lists.freeradius.org
Subject: Re: Does freeradius support EAP PEAP/TLS or EAP PEAP/EAP-TLS ?
On 20/05/13 09:02, Robert wrote
On Tue, May 21, 2013 at 08:03:48AM +0100, Franks Andy (RLZ) IT Systems Engineer
wrote:
Just confirming that I've tested this in the past and it works, but I
believe the poster of the article is dubious about a production
environment.
Not at all - we are running it in production.
The warning
On Tue, May 21, 2013 at 03:21:33PM +0800, Robert wrote:
Thank you! The configuration in the link works. The key is setting
fragment_size correctly.
Yes, that was the gotcha.
But I am confused about the two methods :
Is EAP PEAP/TLS = EAP PEAP/EAP-TLS ?
Or they are two different methods?
Hi
I use freeradius v2.1.10 in Debian Squeeze 6.0.1.
I want to know if freeradius supports the following methods :
l EAP PEAP/TLS
l EAP PEAP/EAP-TLS
?
The client I use is wpa_supplicant v0.6.9.
Regards,
Robert
-
List info/subscribe/unsubscribe? See
]
On Behalf Of Robert
Sent: 20 May 2013 09:03
To: freeradius-users@lists.freeradius.org
Subject: Does freeradius support EAP PEAP/TLS or EAP PEAP/EAP-TLS ?
Hi
I use freeradius v2.1.10 in Debian Squeeze 6.0.1.
I want to know if freeradius supports the following methods :
l EAP PEAP/TLS
l EAP
On 20/05/13 10:25, stefan.pae...@diamond.ac.uk wrote:
It supports EAP with TTLS, TLS and PEAP, yes. Look at EAP.conf – you can
configure all supported options in there.
Not sure you've understood what he's asking there; he wants to know if
you can to PEAP with EAP-TLS as an inner.
The main
On 20/05/13 09:02, Robert wrote:
Hi
I use freeradius v2.1.10 in Debian Squeeze 6.0.1.
I want to know if freeradius supports the following methods :
See here:
http://notes.asd.me.uk/2012/01/20/freeradius-with-peap-eap-tls-for-microsoft-soh/
-
List info/subscribe/unsubscribe? See
Ahhh.
According to this conversation:
http://freeradius.1045715.n5.nabble.com/PEAP-EAP-TLS-with-client-and-server-certificate-td2760634.html
- FR does support PEAP-EAP-TLS :-)
Stefan
-Original Message-
From: freeradius-users-bounces+stefan.paetow=diamond.ac...@lists.freeradius.org
On 20/05/13 10:59, stefan.pae...@diamond.ac.uk wrote:
Ahhh.
According to this conversation:
That's a really old conversation. See instead the link I posted in my
other email.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi all,
I am looking to augment my freeradius AAA server with EAP-AKA'
implementation [demo purposes only]. Can anyone help me with relevant key
generation code?
Thanks and regards,
Rajesh
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 04/10/2013 10:24 PM, Alan DeKok wrote:
Chris Taylor wrote:
How do I check that I have them installed I have the openldap rpm installed.
This is really a question for your OS vendor. How about man rpm?
Or google?
If you're working on a Fedora/RHEL/CentOS etc. type system then
What are options do I have to use to compile freeradius with ldap support
turned on? I tried ./configure -with-ldap but that didn't seem to work I still
get an error about not being able to find rlm_ldap. I checked the mail archives
but I couldn't find anything.
Thanks,
Chris
-
List info
On 10 Apr 2013, at 21:12, Chris Taylor chris.tay...@corp.eastlink.ca wrote:
What are options do I have to use to compile freeradius with ldap support
turned on? I tried ./configure –with-ldap but that didn’t seem to work I
still get an error about not being able to find rlm_ldap. I checked
-bounces+chris.taylor=corp.eastlink...@lists.freeradius.org]
On Behalf Of Arran Cudbard-Bell
Sent: Wednesday, April 10, 2013 10:07 PM
To: FreeRadius users mailing list
Subject: Re: compile with ldap support
On 10 Apr 2013, at 21:12, Chris Taylor chris.tay...@corp.eastlink.ca wrote:
What
Chris Taylor wrote:
How do I check that I have them installed I have the openldap rpm installed.
This is really a question for your OS vendor. How about man rpm?
Or google?
And you also want the libldap development headers. Just installing
the OpenLDAP server won't get those.
Alan
Srinu Bandari wrote:
Alan,
Thanks a lot for the fix..
Authenticator is now able to start MKA session now. We will get back to you.
If any other implementations are required.
Thanks. It's good to get *positive* feedback that it works.
Alan DeKok.
-
List info/subscribe/unsubscribe?
-users-bounces+sbandari=vitesse@lists.freeradius.org] On
Behalf Of Alan DeKok
Sent: 20 February 2013 19:11
To: FreeRadius users mailing list
Subject: Re: AVP EAP-KEY name support in FR
Srinu Bandari wrote:
Alan,
We had tried with latest build, now it sends Access-Challenge
Srinu Bandari wrote:
Alan,
We had tried with latest build, now it sends Access-Challenge and there is a
segmentation fault.
Please find debug log for the latest ones as below.
Whoops. Please do a git pull. It should work now.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
[mailto:freeradius-users-bounces+sbandari=vitesse@lists.freeradius.org] On
Behalf Of Alan DeKok
Sent: 18 February 2013 19:49
To: FreeRadius users mailing list
Subject: Re: AVP EAP-KEY name support in FR
Srinu Bandari wrote:
And New one: Here the tls state machine goes from Access-Request to
Access
Alan,
We have tried with patch provided.
Here is the Debug log form old (master 2.2.0) and new (latest 2.x.x branch
18/2/2013)
Old one: Here the tls state machine goes from Access-Request to
Access-Challenge and then to Access-Accepted
And New one: Here the tls state machine goes from
Srinu Bandari wrote:
And New one: Here the tls state machine goes from Access-Request to
Access-Rejected and then ends with segmentation fault
The debug log doesn't show a SEGV...
But there was an unrelated issue. Please do git pull for the
v2.x.x. branch, and try again. I've fixed the
Srinu Bandari wrote:
EAP key identifier must be sent as a part of Access-Accept message in EAP
Key-Name AVP (Radius Attribute Type 102).
Sure. But it's been hard to find out what is put *into* it. That
link has been missing.
This what Cisco Documentation states:
The switch has no
On 14/02/13 14:01, Alan DeKok wrote:
Srinu Bandari wrote:
EAP key identifier must be sent as a part of Access-Accept message in EAP
Key-Name AVP (Radius Attribute Type 102).
Sure. But it's been hard to find out what is put *into* it. That
link has been missing.
This what Cisco
Phil Mayers wrote:
Does anyone know if there's known-good test data we can compare against,
or a client/application that validates it? Does eapol_test
implement/check it?
It doesn't seem to.
If someone has a packet trace from ACS, that should be enough.
Alan DeKok.
-
List
Srinu Bandari wrote:
EAP key identifier must be sent as a part of Access-Accept message in EAP
Key-Name AVP (Radius Attribute Type 102).
OK. Please try the v2.x.x branch from git. Read
raddb/sites-available/default. Look for EAP-Key-Name.
The key is generated by default. For security
Hi,
We are trying to bring up MACsec with Cisco and FR, and we are stuck because of
Radius unable to send EAP-Key-Name AVP. Below is what is expected as per RFC4072
RFC4072 says A home Diameter server receiving a
Diameter-EAP-Request with a Key-Name AVP with non-empty data MUST
silently
On 02/13/2013 09:59 AM, Srinu Bandari wrote:
Hi,
We are trying to bring up MACsec with Cisco and FR, and we are stuck
because of Radius unable to send EAP-Key-Name AVP.
That's not supported in FreeRADIUS, I believe. It's been a while since I
looked at it, but the whole extended EAP key
Srinu Bandari wrote:
We are trying to bring up MACsec with Cisco and FR, and we are stuck
because of Radius unable to send EAP-Key-Name AVP. Below is what is
expected as per RFC4072
Which, as you'll note, is a Diameter spec. FreeRADIUS doesn't
implement Diameter.
If you can get us a spec
+sbandari=vitesse@lists.freeradius.org] On
Behalf Of Alan DeKok
Sent: 13 February 2013 19:27
To: FreeRadius users mailing list
Subject: Re: AVP EAP-KEY name support in FR
Srinu Bandari wrote:
We are trying to bring up MACsec with Cisco and FR, and we are stuck
because of Radius unable to send
Hi,
Now that I have my packages, i've started deploying FR3 for our eduroam
federation.
And I just saw that the eDir support is gone. now my question is :
1. is it abandoned ?
2. is it not yet ported to the new rlm_ldap code ?
Olivier
--
Olivier Beytrison
Network Security Engineer, HES-SO
On 06/12/12 16:45, Olivier Beytrison wrote:
Hi,
Now that I have my packages, i've started deploying FR3 for our eduroam
federation.
And I just saw that the eDir support is gone. now my question is :
1. is it abandoned ?
2. is it not yet ported to the new rlm_ldap code ?
No-one who has eDir
On 06.12.2012 17:45, Olivier Beytrison wrote:
Hi,
Now that I have my packages, i've started deploying FR3 for our eduroam
federation.
And I just saw that the eDir support is gone. now my question is :
1. is it abandoned ?
2. is it not yet ported to the new rlm_ldap code ?
Nevermind my
build the freeradius package with unixodbc support
On Fri, Nov 23, 2012 at 3:33 AM, Dominick Rivard driv...@datavalet.com
wrote:
I also want to let you know that it has been replaced by
libiodbc2-dev but
No, it hasn't.
http://packages.debian.org/wheezy/unixodbc-dev
http
support
On Wed, Nov 14, 2012 at 4:22 AM, Dominick Rivard driv...@datavalet.com
wrote:
Here is what I am trying to achieve, we want to install freeradius
using a Microsoft SQL backend. I read on the internet that we need to
achieve this goal using the unixodbc driver.
That's not the only way
On Fri, Nov 23, 2012 at 3:33 AM, Dominick Rivard driv...@datavalet.com wrote:
I also want to let you know that it has been replaced by libiodbc2-dev but
No, it hasn't.
http://packages.debian.org/wheezy/unixodbc-dev
http://packages.ubuntu.com/raring/unixodbc-dev
iodbc is another different
Hi,
Here is what I am trying to achieve, we want to install freeradius using a
Microsoft SQL backend. I read on the internet that we need to achieve this
goal using the unixodbc driver.
I am able to set up the unixodbc driver from apt-get and if I configure
Freetds to use it. After the
first), but it's MUCH easier to just use
whatever the distro provide and support. Debian and Ubuntu has 2.1.12
with backported security patches, and 2.2.0 is available from my ppa:
https://launchpad.net/~freeradius/+archive/stable.
--
Fajar
-
List info/subscribe/unsubscribe? See http
Dear,
I need clearification on freeradius and NAS (Coovachilli) with GGSN.
It is possible to connect the NAS and FR to GGSN,
NAS contact the FR through GGSN and NAS in between the internet and GGSN.
I have some doubt especially on whether GGSN supports Coovachilli or not..?
Please clearifiy
associated with Request
Tracker.
Every post to the list results in a new ticket being opened. The new
ticket notification is getting sent to the list admins. For every
single message to the list.
However, the support...@support.gandi.net account is NOT subscribed.
There seems to be an additional
or a captive portal/ hotspot software which
supports changing password via mschapv2?
I know FRv3 will support this, but that's only the server side. Is
there any software which supports password changes via mschapv2 like
a
Windows OS does with PEAP/MSCHAPv2?
For example a captive portal which tells the user
Tobias Hachmer wrote:
Is there a RADIUS Client or a captive portal/ hotspot software which
supports changing password via mschapv2?
Likely not. This requires someone to implement it. Only commercial
providers have done this to my knowledge.
I know FRv3 will support this, but that's only
Thanks Alan for your respone!
Am 01.08.2012 18:04, schrieb Alan DeKok:
Tobias Hachmer wrote:
Is there a RADIUS Client or a captive portal/ hotspot software
which
supports changing password via mschapv2?
Likely not. This requires someone to implement it. Only
commercial
providers have
Tobias Hachmer wrote:
Can you tell me which commercial providers do you mean, please?
People selling products? Microsoft, Cisco, ...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello list,
I know it isn't an directly FR issue but I hope that anybody on this
list have had the questions I have now.
Is there a RADIUS Client or a captive portal/ hotspot software which
supports changing password via mschapv2?
I know FRv3 will support this, but that's only the server
Tobias Hachmer wrote:
is there a way to gather statistics for an IPv6 Socket with the status
server?
No. Use radmin for that.
1. How can I gather statistics for the IPv6 sockets, I didn't find any
IPv6 attributes like FreeRADIUS-Stats-Server-IPv6-Address.
Send a patch.
2. Is there a
Hello list,
is there a way to gather statistics for an IPv6 Socket with the status
server?
For example my radius server has the following listen sections:
udp0 0 127.0.0.1:18120 0.0.0.0:*
2355/radiusd
udp0 0 0.0.0.0:1645
Hello,
how can i configure my freeradius server as a proxy to the master radius
server in my network, but the freeradius server have to use SoH for
Packetfence.
Thank you!
Tobi
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 10/05/12 10:20, Tobias Berndes wrote:
Hello,
how can i configure my freeradius server as a proxy to the master radius
server in my network, but the freeradius server have to use SoH for
Packetfence.
I assume you mean MS-SoH, inside PEAP?
If so, you can proxy the PEAP inner auth to a remote
Hi all,
Does Free Radius client library support the challenge/response used in EAP
authentication?
Thank you in advance ...
--
Ronaldo Afonso
www.vexcorp.com
+55 11 4932-5971
ronaldo.afo...@vexcorp.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ronaldo Afonso wrote:
Does Free Radius client library support the challenge/response used in
EAP authentication?
No.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Thu, Mar 15, 2012 at 6:14 PM, Alan DeKok al...@deployingradius.comwrote:
Altaf Husain wrote:
We are using FreeRadius ver 2.1.12, I had query regarding
EAP-AKA support in eap2 module, its mentioned in FreeRadius website
that This module is experimental, and may
On 03/15/2012 12:36 PM, Altaf Husain wrote:
Hi,
We are using FreeRadius ver 2.1.12, I had query regarding EAP-AKA
support in eap2 module, its mentioned in FreeRadius website that
This module is experimental, and may not be ready for use in a
production environment
Thanks Phil this information was helpful
On Fri, Mar 16, 2012 at 2:58 PM, Phil Mayers p.may...@imperial.ac.ukwrote:
On 03/15/2012 12:36 PM, Altaf Husain wrote:
Hi,
We are using FreeRadius ver 2.1.12, I had query regarding EAP-AKA
support in eap2 module, its mentioned in FreeRadius
Altaf Husain wrote:
What do u mean by native code hasn't been written, we do have EAP
AKA support in eap 2 module in free radius??
No. See Phil's response for details.
Regarding code submission and pay to someone, we already have code
to support EAP AKA, but wanted
Hello,
I believe some work have been done on this topic lately with external
log modules to populate an IF-MAP database, correct?
I am wandering if there is a working
-as-PoC piece of code available somewhere? We are interested in
testing and add the support for IF-MAP in PacketFence (long
the support for IF-MAP in PacketFence (long term project).
I haven't seen code.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I believe some work have been done on this topic lately with external
log modules to populate an IF-MAP database, correct?
I am wandering if there is a working
-as-PoC piece of code available somewhere? We are interested in
testing and add the support for IF-MAP in PacketFence (long
Hi,
we wrote a perl script to log into an IF-MAP instance - since that code was
written the IF-MAP stuff has been updated to latest specand since we wrote
the code the IF-MAP instance we used has been turned off and we have no current
plans to use IF-MAP presently (for what it was used for
Hi,
We are using FreeRadius ver 2.1.12, I had query regarding EAP-AKA
support in eap2 module, its mentioned in FreeRadius website that This
module is experimental, and may not be ready for use in a production
environment, Is it still in experimental state, can't it be used as
EAP-SIM
Altaf Husain wrote:
We are using FreeRadius ver 2.1.12, I had query regarding
EAP-AKA support in eap2 module, its mentioned in FreeRadius website
that This module is experimental, and may not be ready for use in a
production environment, Is it still in experimental state
as I can tell, do SoH.
Correct.
Is it actually possible to do SoH with certificate-based
authentication, or do I have to look towards DHCP for this?
SoH is a PEAP TLV. If the PEAP module is running, it should support SoH
regardless of the type of inner-auth.
-
List info/subscribe/unsubscribe
, Matthew Newton wrote:
Is it actually possible to do SoH with certificate-based
authentication, or do I have to look towards DHCP for this?
SoH is a PEAP TLV. If the PEAP module is running, it should support
SoH regardless of the type of inner-auth.
Yes, thanks - it's working fine. So I now
to support a few additional
options in their built-in supplicant, rather than just the couple
of odd combinations that they want.)
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United
Matthew Newton wrote:
Does anyone know if FreeRADIUS now supports Microsoft
PEAP/EAP-TLS, i.e. when you select PEAP with Certificates in
Windows (not plain EAP-TLS, or PEAP/MS-CHAPv2, which both work
fine)? This post from 2007 (and FR 1.0.1) indicates that it didn't
work then, wondered if
Phil Mayers wrote:
Isn't there a problem with that approach though? Namely, that the TLS-*
attributes aren't available in the authorize section (because the eap
module, and all the EAP methods, do their with in authenticate).
Yes.
But
in post-auth, turning an accept into a reject is
Hi all,
When using client certificates in EAP-TLS, the check_cert_cn option exists that
allows you to check that the username matches the CN. Is there a corresponding
option somewhere that will allow you to verify the User-Name against the
subjectAltName instead?
Regards,
Graham
--
Graham Leggett wrote:
When using client certificates in EAP-TLS, the check_cert_cn option exists
that allows you to check that the username matches the CN. Is there a
corresponding option somewhere that will allow you to verify the User-Name
against the subjectAltName instead?
In the
On 08 Jan 2012, at 5:01 PM, Alan DeKok wrote:
When using client certificates in EAP-TLS, the check_cert_cn option exists
that allows you to check that the username matches the CN. Is there a
corresponding option somewhere that will allow you to verify the User-Name
against the
Graham Leggett wrote:
That wasn't quite what I was after, but rather a generic way to ensure the
User-Name matches either dnsName or rfc822Name in the subjectAltName,
depending on whether the peer was a host or a person.
Turned out the patch to implement this was simple, for
On 01/08/2012 08:28 PM, Alan DeKok wrote:
Turned out the patch to implement this was simple, for freeradius-server-master:
I'd prefer a patch which creates an attribute, just like the
TLS-Cert-* attributes. The reason is that policies can be created by
the administrator. A hard-coded
Hi,
I tried to compile FreeRADIUS with LDAP support however, rlm_ldap has
not been compiled.
Are libldap-2.4-2 libldap-dev not sufficent? Do I need to install OpenLDAP?
if you read the output of ./configure
eg
./confogure | grep WARN
you will see what LDAP stuff is required - openldap
On Thu, Dec 8, 2011 at 9:51 AM, Nick Khamis sym...@gmail.com wrote:
Hello Everyone,
I tried to compile FreeRADIUS with LDAP support however, rlm_ldap has
not been compiled.
Are libldap-2.4-2 libldap-dev not sufficent? Do I need to install OpenLDAP?
Try libldap2-dev. That's what on Build
,
I tried to compile FreeRADIUS with LDAP support however, rlm_ldap has
not been compiled.
Are libldap-2.4-2 libldap-dev not sufficent? Do I need to install OpenLDAP?
Try libldap2-dev. That's what on Build-Depends section on debian/control.
--
Fajar
-
List info/subscribe/unsubscribe? See
On 12/08/2011 01:11 PM, Nick Khamis wrote:
Hello Everyone,
I do have libldap2-dev installed however, it seems like openldap in all it's
totality is needed?
What is needed will be listed in the output of configure. Also listed
will be where configure looked for the dependency. You should read
Hello Everyone,
I tried to compile FreeRADIUS with LDAP support however, rlm_ldap has
not been compiled.
Are libldap-2.4-2 libldap-dev not sufficent? Do I need to install OpenLDAP?
Thanks in Advance,
Nick.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Attached is a minor patch to include support for BASE64_MD5 encoded
passwords in a LDAP directory (or anywhere else it may be, as the pap
module does the authenticate).
In ldap the record would look like:
userPassword: {BASE64_MD5}/F4DjTilcDIIVEHn/nAQsA==
If the password was helloworld
We've rolled out FreeRADIUS as the authentication and authorization
server for our University-wide WLAN with 30,000+ users. Our help desk
(general IT, not wireless-specific) support staff is made up of student
workers, with full-time second-level support and us sysadmins/wireless
engineers
hi,
firstly, deployment tool - such as CloudPath xpressconnect or sux1 to ensure
that the user is doing the least amount possible to mess things up (also ensures
that all the right things such as validate server, RADIUS name etc are all
properly
defined).
secondly, capture the output of the
Thanks for the quick reply!
Alan Buxey wrote:
hi,
firstly, deployment tool - such as CloudPath xpressconnect or sux1 to ensure
that the user is doing the least amount possible to mess things up (also
ensures
that all the right things such as validate server, RADIUS name etc are all
1) How do other people - specifically organizations with a help desk
large enough that they're distinctly separate from anyone with enough
privs to tail a log file - handle user support of authentication failures?
In a former life I worked at a largish UK university. Whilst I was there I
if(!control:NT-Password !control:Cleartext-Password){
update control {
Reject-Reason := 'AttributeMissing'
}
}
oops...
-
Arran Cudbard-Bell
a.cudba...@freeradius.org
Betelwiki, Betelwiki, Betelwiki http://wiki.freeradius.org/ !
-
List
1 - 100 of 787 matches
Mail list logo
