Yes it does.
We found the solution by creating a rule that maps all the BSSID related
to some SSID and then we do a specific filter to LDAP, so we did it for
every SSID.
Thanks for the help!
Atenciosamente,
Gustavo Vieira Oliveira
GETIC - Gerência de Tecnologia da Informação
SUSERV - Super
You shouldn't have quotes around your username or domain. You should use
identity = "cn=user,ou=people,dc=domain,dc=it"
On 19/07/2013 7:05 PM, "Marco Aresu" wrote:
> Hi All,
> i am new about FreeRadius. I am moving from Cisco ACS Tacacs to
> FreeRadius. During LDAP configuration i am getting the
Hi All,
i am new about FreeRadius. I am moving from Cisco ACS Tacacs to FreeRadius.
During LDAP configuration i am getting the follow error :
[ldap] bind as cn="User",ou=people,dc="domain",dc=it/"Password" to
"ldapserver":636
[ldap] waiting for bind result ...
[ldap] cn="user",ou=people,dc="
On Fri, Jul 12, 2013 at 12:48:48PM -0300, Gustavo Vieira Oliveira wrote:
> The problem is that we have to do it manually (the Controller
> doesn't support it) in the AP, so when it reboots for some reason it
> cannot authenticate cause the RADIUS doesn't receive the SSID. So,
> we need an alternat
We got it working, the AP is sending the SSID with the calling station
ID but only setting "radius-server vsa send" in the Access-point.
The problem is that we have to do it manually (the Controller doesn't
support it) in the AP, so when it reboots for some reason it cannot
authenticate cause
Look at the requests coming from your AP in debug mode. You should see
information there that can be used eg called station id with SSID appended or a
VSA with the SSID name or number in it. Use that with your policy
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/u
Olivier,
You don't need to set "radius-server vsa send" in the AP so it sends the
SSID in the authentication request?
Atenciosamente,
Gustavo Vieira Oliveira
GETIC - Gerência de Tecnologia da Informação
SUSERV - Superintendência de Serviços Compartilhados
Sistema FIESC
Rod. Admar Gonzaga, 2
I forgot to say that we use H-REAP so we do not authenticate it in the WLC
Atenciosamente,
Gustavo Vieira Oliveira
GETIC - Gerência de Tecnologia da Informação
SUSERV - Superintendência de Serviços Compartilhados
Sistema FIESC
Rod. Admar Gonzaga, 2765 - Itacorubi - 88034-001 - Florianópolis -
On 12.07.2013 17:03, Gustavo Vieira Oliveira wrote:
> I need some help with RADIUS regarding Wireless authentication with
> RADIUS + LDAP.
Hello. which version of freeradius are you running ?
> I need to check if the user has permission to connect to a specific
> SSID, so we check a LDAP attribut
Hello!
I need some help with RADIUS regarding Wireless authentication with
RADIUS + LDAP.
I need to check if the user has permission to connect to a specific
SSID, so we check a LDAP attribute for that.
By that, we need to know from which SSID the authentication is being
requested so we us
Sigh. No. There are no packets in that debug. How do you expect people to read
a debug unless it contains an authentication attempt?
> ... adding new socket proxy address * port 51195
>Listening on authentication address * port 1812
>Listening on accounting address * port 1813
>Listening on comma
> Date: Fri, 28 Dec 2012 10:46:45 +0100
> From: oliv...@heliosnet.org
> To: freeradius-users@lists.freeradius.org
> Subject: Re: AP> FR> LDAP authentication reject
>
> On 28.12.2012 09:38, Thanakorn Rattanatikul wrote:
> > Still unable to connect.
> > Do
Thanakorn Rattanatikul wrote:
> In LDAP server , for user "sun" , store password in clear-text in this test.
No, it doesn't.
Or, it's not available.
Or the user isn't found.
Read the debug log. Look for anything related to LDAP. It isn't hard:
[ldap] performing search in ou=guest,d
On 28.12.2012 09:38, Thanakorn Rattanatikul wrote:
> Still unable to connect.
> Do you have any configuration files for connecting with LDAP form AP>
> FR> LDAP ? I tried every way but nothing works.
Send a full output of freeradius -X
--
Olivier Beytrison
Network & Security Engineer, HES-
Still unable to connect.
Do you have any configuration files for connecting with LDAP form AP> FR> LDAP
? I tried every way but nothing works.
Thank you very much for your time and help.
thanakorn
-
List info/subscribe/unsubscribe? See http://www.f
On 28.12.2012 08:39, Thanakorn Rattanatikul wrote:
> In LDAP server , for user "sun" , store password in clear-text in this test
So if you have a clear-text password in the ldap, use the ldap
attribute-map to add it in the control list. Looking at the logs I guess
you are running version 2.x, then
In LDAP server , for user "sun" , store password in clear-text in this test.
Thank you very much for your time and help.
thanakorn
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ap] Failed in EAP select
> ++[eap] returns invalid
In the default LDAP configuration file, it's clearly stated that :
# However, LDAP can be used for authentication ONLY when the
# Access-Request packet contains a clear-text User-Password
# attribute. LDAP authentica
Hi,
Thanks for your response.
I'll throw on a fresh install and if that doesn't work, maybe there is a
problem with how I've built the RHEL6 rpm.
Thanks,
Dave
On 2012-07-06, at 11:50 AM, Alan DeKok wrote:
David Aldwinckle wrote:
> (0) WARNING: Empty pre-proxy section. Using default retu
David Aldwinckle wrote:
> (0) WARNING: Empty pre-proxy section. Using default return values.
> Proxying to virtual server captive_portal
> (0) # Executing section authorize from file /etc/raddb/sites-enabled/default
That doesn't make sense.
You've broken the configuration somehow. Don't
2
Id: 73
Length: 20
Vector: 69147ff0c996e2d6f56993d745fe3fca
Dave A.
On 2012-07-05, at 4:07 AM, Phil Mayers wrote:
On 07/05/2012 12:24 AM, David Aldwinckle wrote:
> Hello,
>
> I am having a problem getting LDAP authentication working on FreeRADIUS
> V
On 07/05/2012 12:24 AM, David Aldwinckle wrote:
Hello,
I am having a problem getting LDAP authentication working on FreeRADIUS
Version 3.0.0. The behaviour I am experiencing is that the server will
send an Access-Accept message without doing any checking of credentials.
I would expect to see an
Tobias Hachmer wrote:
> The Test MS AD Server has domain functional level "2008 R2" and quite
> default settings.
Active directory is not really an LDAP server. The reasons are
complicated. It's almost an LDAP server, but it's different in critical
ways.
> In radiusd -X output the ldap module
On 22.06.2012 10:18, Fajar A. Nugraha wrote:
But is this identity also needed for authentication only?
There are several ways you can use LDAP for authentication. For
"normal" LDAP servers which stores user password in an accessible
attribute with optional supported encrypted schema, you only n
On Fri, Jun 22, 2012 at 1:30 PM, Tobias Hachmer wrote:
> In LDAP module configuration I set an identity. For my understanding this is
> for the ldap bind user. With this identity FR will get access to the ldap
> database, to do groupmembership information or attributes and so on.
correct.
> But
Hello list,
I know this isn't a direct FR related issue, but I think the people
here have deep know how or some further links I can get my information I
need.
What I'm interested in is how the LDAP user/password authentication
works, especially how FR does it.
In LDAP module configuration I
Hello Alan,
Finally I got it. I had to change client settings and now everything is
fine.
Thanks a lot,
Alexander
On Wed, Apr 25, 2012 at 3:45 PM, Alan DeKok wrote:
> Alexander Kulbiy wrote:
> > Matthew, as I understood from link you've posted I have to use TTLS/GTC
> > to be able to use MD5 pa
Alexander Kulbiy wrote:
> Matthew, as I understood from link you've posted I have to use TTLS/GTC
> to be able to use MD5 passwords. Can you help me understand how can I do
> that?
Edit the configuration on the client PC, to set TTLS/GTC.
> I've tried to reset all configuration to default as Al
Hello all,
Thanks for your fast answers.
Matthew, as I understood from link you've posted I have to use TTLS/GTC to
be able to use MD5 passwords. Can you help me understand how can I do that?
I've tried to reset all configuration to default as Alan suggested but I
still see that MSCHAPv2 auth fai
Hi,
On Wed, Apr 25, 2012 at 01:47:09PM +0300, Alexander Kulbiy wrote:
> Hello all,
>
> I'm trying to configure RADIUS server that would be used for authentication
> of users in Wi-Fi network with WPA-enterprise encryption. To do this I'm
> trying to use EAP + LDAP inside of freeradius.
You're us
Alexander Kulbiy wrote:
> I'm trying to configure RADIUS server that would be used for
> authentication of users in Wi-Fi network with WPA-enterprise encryption.
> To do this I'm trying to use EAP + LDAP inside of freeradius.
> The problem is that I see in log:
You edited the default configurat
ext:
http://freeradius.1045715.n5.nabble.com/AP-FR-LDAP-authentication-tp5572785p5578081.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
igure out how to change this configuration now.
My backend is LDAP. Maybe I should change the backend system to AD.
Thank you all for your time and help.
Best,
Julie Chen
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/AP-FR-LDAP-authentication-tp5572785p5577782.ht
Hi,
> I'm new to FreeRadius and trying to setup the server to authenticate using
> LDAP. I'm having some problem and hope to get some help from the list.
if your clients are doing EAP-TTLS/PAP then this will work - the PAP
module can deal the requirements.
if, as i suspect, you are using PEAP (
Julie Chen wrote:
> Yes, I understand that.
Apparently you don't.
> But I'm having little problem figure out right configuration.
What part of "impossible" is unclear?
> Would someone please advice on the configuration file?
There is no configuration to change.
You need to store the
Fajar A. Nugraha wrote:
> I'd start with reading this:
> http://wiki.freeradius.org/Protocol%20Compatibility
> (or the original page in deplyingradius.com).
Please don't copy my content into the Wiki. The deployingradius.com
link has been around for years. It's the authoritative source. Copy
On Sat, Mar 17, 2012 at 11:54 AM, Julie Chen wrote:
>
> Yes, I understand that. But I'm having little problem figure out right
> configuration. Would someone please advice on the configuration file?
I'd start with reading this: http://wiki.freeradius.org/Protocol%20Compatibility
(or the original
f of
Alan DeKok [al...@deployingradius.com]
Sent: Friday, March 16, 2012 8:02 PM
To: FreeRadius users mailing list
Subject: Re: AP->FR->LDAP authentication
Julie wrote:
> The problem is when I try to authenticate through AP. The debug log shows
> Failed to authenticate the user
Julie wrote:
> The problem is when I try to authenticate through AP. The debug log shows
> Failed to authenticate the user. here is the log file.
...
> [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
...
> [ldap] userPassword -> Password-With-Header ==
> "{crypt}$1$svVH/H.V$S02t
ct
[eap] Handler failed in EAP/ttls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
Thank you very much for your time and help.
B
Hi, I have an application that requires ldap authentication, but would like it
to proxy the authentication to a radius/otp server given the user is part of a
specific group. Is this a possibility within freeradius?
Thx jason
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
/LDAP-Authentication-bind-as-user-issue-tp4786621p4794846.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 12 Sep 2011, at 02:26, DaveA wrote:
> I've tried a few more things and still no luck...
>
Yes you need run the ldap module's authenticate method. There's a configuration
option in LDAP which allows it to set Auth-Type LDAP, that needs to be set to
yes.
Then you need to create an Auth-Type
I've tried a few more things and still no luck...
Please help!
Best,
Dave
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/LDAP-Authentication-bind-as-user-issue-tp4786621p4792772.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List
Thank you for the response, but I'd rather not do it that way.
The documentation suggests that what I want is possible, and it would be
ideal for this situation.
Any more ideas?
Many thanks,
Dave
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/LDAP-Authentic
: LDAP Authentication bind as user issue
> This way it binds anonymously, and then fails to do an ldapsearch
> because of insufficient privs. Giving * read to all seems silly, and I
> would rather not go that route.
>
> If anyone has suggestions or comments they would be grea
> This way it binds anonymously, and then fails to do an ldapsearch because of
> insufficient privs. Giving * read to all seems silly, and I would rather not
> go that route.
>
> If anyone has suggestions or comments they would be greatly appreciated.
>
How I did it (assuming your using AD as
host port 10 via TLS tunnel)
This way it binds anonymously, and then fails to do an ldapsearch because of
insufficient privs. Giving * read to all seems silly, and I would rather not
go that route.
If anyone has suggestions or comments they would be greatly appreciated.
Dave
--
View this message
> Here're the logs:
>
> First authentication
...
> rad_recv: Access-Request packet from host 10.0.0.1port 32770, id=29,
> length=95
> User-Name = "0019B976CC36"
> User-Password = "0019B976CC36"
...
> SECOND AUTHENTICATION --
...
> rad_recv: Access-
Ramon Escriba wrote:
> Alan, please do not get angry ok?,
> The line in my answer about the "sarcastical reply" was for Alexander, not
> for you.
His answer is largely what mine would have been.
> Here're the logs:
>
> First authentication
...
> rad_recv: Access-Request packet from host 10.0.0
Alan, please do not get angry ok?,
The line in my answer about the "sarcastical reply" was for Alexander, not
for you.
Note: WIFIDATA & WIFIVOIP do 802.1x EAP+mschapv2 ok.
Here're the logs:
First authentication
--
(...)
Listening on authentication interface eth0 address
Ramon Escriba wrote:
> Thank you very much for the sarcastical reply, it was really usefull &
> instructive indeed.
It got you to follow the instructions in the documentation.
Why didn't you follow them for your first message? Or for this one?
> It's normal that the first authentication goe
x27;ve uid=,ou=VLAN-Xn,ou=Radius,dc=machine,dc=com
1.- first I'm tring to check if the client mac address exists in
ldap subtree.
2.- second ldap "authentication", match user+pass, in our
case ¿Is macX == macX? via ldap.
DEFAULT Calling-Station-Id ==
"%{
Ramon Escriba wrote:
> Hi,
> I've multiple rules in users file, all of them with Auth-Type = instace name>, one "rule/ldap instance" per vlan.
>
> With radius -X I see a correct first authentication, but the others fail.
Is the debug log a secret?
Or, will you post it as suggested in the F
Ramon Escriba wrote:
>
> Has any one a clue of what I did wrong?
>
Actually, forget it...
http://wiki.freeradius.org/index.php/FAQ#It_still_doesn.27t_work.21
Regards
--
Alexander Clouter
.sigmonster says: Conscience is what hurts when everything else feels so good.
-
List info/subscribe
Hi,
I've a freeradius-server-2.1.9-1.7.x86_64 running in opensuse 11.3.
My authentication frontend is an openldap2-2.4.21-9.1.x86_64.
I have correct mac address authentication, but *ONLY* the first try,
the later always fail. I'm using 3 devices, the first one that connects
logs in fine, but the
wow. hey now it's working with both OS ;-) . thx for your hint, nt_hack was
missing.
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/LDAP-authentication-failed-tp3217861p3232899.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List
users-bounces+jake.sallee=umhb@lists.freeradius.o
rg] On Behalf Of snowman5840
Sent: Friday, October 22, 2010 11:58 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: LDAP authentication failed
ok I found my problem. I have forgotten to add my domain in the
proxy.conf, after I have done
one initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Had sent TLV failure. User was rejected earlier in this session.
[eap] Handler failed in EAP/peap
[eap] Faile
ix
delimiter = "\\"
}
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/LDAP-authentication-failed-tp3217861p3219086.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi,
you need to use the ntdomain module and ensure that the \\ method is enabled.
(check the realm module section)
this will then populate stripped-user-name with just the username
and not also have the hostname or domain name lurking around.
alan
-
List info/subscribe/unsubscribe? See http://ww
Hi
i have some problems with LDAP authentication. If I login on my windows xp
sp3 client i want to check die login credentials against my LDAP service.
But the xp client uses doubleslashs in the username!! I think this will be
the problem!? If I test with radtest it works. What can i do to
Following on from my previous post on Centralised LDAP Auth post:
http://lists.freeradius.org/pipermail/freeradius-users/2010-September/msg00393.html
I've found that using dynamic-clients gives me a few advantages over using
huntgroups.
1) Dynamic Clients allows you to have per-NAS shared secrets
Peter Lambrechtsen wrote:
>
> Then create two OU's under Radius. Elements and Roles
> OU=Elements,OU=Radius,DC=ACME,DC=COM Elements will hold a record of
> every NAS in your Network. You will create Group objects based on the
> IP Address of the NAS and set the "Location" or "l" attribute to
DOWNLOAD THE LATEST VERSION OF FREERADIUS, TAKE THE DEFAULT CONFIGURATION
AND ONLY MODIFY THE SETTINGS IN THE CONFIGURATION YOU NEED TO **
With that in mind I will go through the files I have modified to make the
LDAP Authentication work:
FILE:/etc/raddb/modules/ldap
This is the main LDAP Modu
In article you wrote:
>
> I'm a new subcriber of this list. I'm trying to setup a radius server
> with LDAP authentication; I've managed to authenticate a user (from a
> Cisco Device), but my fellows from Security Department think that we
> should have a two-s
Hi everybody!
I'm a new subcriber of this list. I'm trying to setup a radius server with LDAP
authentication; I've managed to authenticate a user (from a Cisco Device),
but my fellows from Security Department think that we should have a two-step
authentication:
1. User/password
so this is what i have in my users file. how can i make it so that the admin
account is only used if AD is inaccessible?
admin Huntgroup-Name == "network-admin", Cleartext-Password :=
"x"
Service-Type := NAS-Prompt-User,
cisco-avpair := "shell:priv
Am 10.08.2010 um 16:54 schrieb Aqdas Muneer:
Hello,
We recently had a event during which our radius server lost
connectivity to our Active Directory server. all the network gear
could contact radius so none fell back to the backup authentication
method (local), but because AD was down we
Hello,
We recently had a event during which our radius server lost connectivity to
our Active Directory server. all the network gear could contact radius so
none fell back to the backup authentication method (local), but because AD
was down we couldn't get into our devices. is there a way to use s
On 07/29/2010 01:08 PM, Sallee, Stephen (Jake) wrote:
I have correctly configured the LDAP module (I think...) but when I try
to authenticate a user I get an error saying the user cannot be found.
I have attached the debug output. I have tried turning the "follow
referrals" and "rebind" vars on
I have correctly configured the LDAP module (I think...) but when I try
to authenticate a user I get an error saying the user cannot be found.
I have attached the debug output. I have tried turning the "follow
referrals" and "rebind" vars on and off but I get the same outcome. At
first, I was get
On Tue, Sep 29, 2009 at 12:45 AM, Ryaz Khan wrote:
> I googled it lot but did not come to any comprehensive solution.
You'll probably learn this the hard way anyway, but don't try to
google for freeradius. Most of those hits will be outdated, even if it
is on the topic you're searching for.
1) S
Hi,
> I googled it lot but did not come to any comprehensive solution.
http://wiki.freeradius.org/Rlm_ldap
you need to ensure that the FreeRADIUS LDAP module can talk to your
LDAP server - check the LDAP configuration in FreeRADIUS to ensure that
the configuration, password etc etc is fine (mo
2.1.7*, I was able to configure it but very
basic like I am using users file for user names and passwords etc.
Now I am trying to setup freeradius for ldap authentication so I dont have
to add separate users in users file but can use ldap users instead, for
Free-radius authentication
I am a
> Guys
> just a quick question. Can I use freeradius to authenticate my LDAP users
> and
> instead of using OpenSSL for certificates I use a Microsoft Certificate
> Authority?
Yes, you can generate certificates that way too.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
Guys
just a quick question. Can I use freeradius to authenticate my LDAP users and
instead of using OpenSSL for certificates I use a Microsoft Certificate
Authority?
Thanks
Nik
Nik
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
9 14:47:36 -0400
From: Nik Alleyne
Subject: FreeRadius 2.1 + LDAP Authentication
To: freeradius-users@lists.freeradius.org
Message-ID: <20090605144736.cpa0ghg1wk4ok...@mail.brontecollege.ca>
Content-Type: text/plain; charset=ISO-8859-1
Hi Guys,
I'm hoping someone can help me
Hi Guys,
I'm hoping someone can help me, because I have been fighting with this issue for
days now.
Environment:
FC10 + FreeRadius 2.1 + OpenLdap 2.4.
I've successfully setup Certificate Based authentication on my FreeRadius server
and that works well. My problem is I have some users I want to au
Thanks Ivan,
I researched your suggestion and was able to correct the situation.
To setup the redundancy to work with ntlm_auth I needed to add the other
server to the following line in the smb.conf file:
Line Before:
password server = ldap1.domain.org
Line with Redundancy:
>I have two freeradius v2.1.3-1 servers setup to run with redundant load
>balancing with two Windows Active Directory LDAP servers for authentication.
>When the LDAP servers are running the radius will load-balance between them
>and authenticate fine. If I shut the primary LDAP server down rad
Hello,
I have two freeradius v2.1.3-1 servers setup to run with redundant load
balancing with two Windows Active Directory LDAP servers for authentication.
When the LDAP servers are running the radius will load-balance between them and
authenticate fine. If I shut the primary LDAP server down
Alan DeKok wrote:
Frank Bonnet wrote:
freeradius is used by chillispot on the machine, does your answer means
chillispot is sending a CHAP request ?
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
For information the problem is located
Alan DeKok wrote:
Frank Bonnet wrote:
freeradius is used by chillispot on the machine, does your answer means
chillispot is sending a CHAP request ?
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
OK thanks for your (constructive ;-)) a
Frank Bonnet wrote:
> freeradius is used by chillispot on the machine, does your answer means
> chillispot is sending a CHAP request ?
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok wrote:
Frank Bonnet wrote:
Believe me ... if I knew how not to send I would do it
Fix the NAS. You bought it, you know what make/model it is, so you
can find documentation for it. Maybe try asking the vendor for
documentation?
My question is how to instruct freeradius et use /
Frank Bonnet wrote:
> Believe me ... if I knew how not to send I would do it
Fix the NAS. You bought it, you know what make/model it is, so you
can find documentation for it. Maybe try asking the vendor for
documentation?
> My question is how to instruct freeradius et use /etc/passwd
> in the
t...@kalik.net wrote:
rad_recv: Access-Request packet from host 127.0.0.1:32817, id=0, length=214
User-Name = "bonj"
CHAP-Challenge = 0xbba7f4f69dfb6cf2342f1cbba4e7e482
CHAP-Password = 0x00f7fbe0aa077445403b77c55ab120f811
You send a chap request!!!
Believe me ... if I kn
> rad_recv: Access-Request packet from host 127.0.0.1:32817, id=0,
> length=214
> User-Name = "bonj"
> CHAP-Challenge = 0xbba7f4f69dfb6cf2342f1cbba4e7e482
> CHAP-Password = 0x00f7fbe0aa077445403b77c55ab120f811
>>
>> You send a chap request!!!
>
>Believe me ... if I knew h
t...@kalik.net wrote:
I KNOW we cannot use /etc/passwd for chap authentication
my question is HOW to use /etc/passwd with freeradius ?
Great. So, you are aware it's not going to work with chap. And what do
you do:
rad_recv: Access-Request packet from host 127.0.0.1:32817, id=0, length=214
>I KNOW we cannot use /etc/passwd for chap authentication
>my question is HOW to use /etc/passwd with freeradius ?
>
Great. So, you are aware it's not going to work with chap. And what do
you do:
>>> rad_recv: Access-Request packet from host 127.0.0.1:32817, id=0, length=214
>>> User-Name = "
t...@kalik.net wrote:
OK now I'm still in trouble ... even after removing LDAP statements
here is the log of the session, how to setup the User-password to
the right value to use /etc/passwd file ?
thanks
rad_recv: Access-Request packet from host 127.0.0.1:32817, id=0, length=214
User-
>OK now I'm still in trouble ... even after removing LDAP statements
>here is the log of the session, how to setup the User-password to
>the right value to use /etc/passwd file ?
>thanks
>
>
>
>rad_recv: Access-Request packet from host 127.0.0.1:32817, id=0, length=214
> User-Name = "bonj"
>
Frank Bonnet wrote:
Alan DeKok wrote:
Frank Bonnet wrote:
is it possible to use freeradius with NIS instead of LDAP ?
thanks
Yes. NIS is just a different way of getting users to "seem" to be in
/etc/passwd. So there shouldn't be anything to do. Just install the
server, and it should work.
>>> is it possible to use freeradius with NIS instead of LDAP ?
>>> thanks
>>
>> Yes. NIS is just a different way of getting users to "seem" to be in
>> /etc/passwd. So there shouldn't be anything to do. Just install the
>> server, and it should work.
>>
>> Alan DeKok.
>
>you mean uncomment
Alan DeKok wrote:
> Frank Bonnet wrote:
>> is it possible to use freeradius with NIS instead of LDAP ?
>> thanks
>
> Yes. NIS is just a different way of getting users to "seem" to be in
> /etc/passwd. So there shouldn't be anything to do. Just install the
> server, and it should work.
>
>
Alan DeKok wrote:
> Frank Bonnet wrote:
>> is it possible to use freeradius with NIS instead of LDAP ?
>> thanks
>
> Yes. NIS is just a different way of getting users to "seem" to be in
> /etc/passwd. So there shouldn't be anything to do. Just install the
> server, and it should work.
>
>
Alan DeKok wrote:
>
> Augusto G. Andreollo wrote:
>> Hmm.. thing is, the post-auth sql query is already being processed, to
>> log the Access-Reject..
>
> Yes.. I know. But the return code from the LDAP module in the
> *authorize* section is lost by then.
>
>> Is there any other way I could e
Frank Bonnet wrote:
> is it possible to use freeradius with NIS instead of LDAP ?
> thanks
Yes. NIS is just a different way of getting users to "seem" to be in
/etc/passwd. So there shouldn't be anything to do. Just install the
server, and it should work.
Alan DeKok.
-
List info/subscribe/
Alan DeKok wrote:
Frank Bonnet wrote:
OK here is the debug of one failed session
...
rlm_ldap: performing search in dc=esiee,dc=fr, with filter (uid=xxx)
rlm_ldap: object not found or got ambiguous search result
Well, that's relatively clear.
There's no such user, OR it got multiple
1 - 100 of 243 matches
Mail list logo
