Op 15 jul 2011, om 23:25 heeft Alexander Clouter het volgende geschreven:
> Serge van Namen wrote:
>>
>> I accomplished to strip the username, it authenticates successfully against
>> LDAP.
>> But eventually it fails on EAP I think, because the username isn't the
>> original from the request.
Serge van Namen wrote:
>
> I accomplished to strip the username, it authenticates successfully against
> LDAP.
> But eventually it fails on EAP I think, because the username isn't the
> original from the request.
>
> [snipped]
>users: Matched entry DEFAULT at line 7
> modcall[authorize]:
Op 15 jul 2011, om 14:34 heeft Alexander Clouter het volgende geschreven:
> Serge van Namen wrote:
>>
>>> 'un-registered' (user bootstrapped) workstations go into VLAN
>>> 'users-unmanaged' whilst our equipment goes into 'users-staff'.
>>> Hope that makes sense...? :)
>>
>> Do you mean: unaut
Serge van Namen wrote:
>
>> 'un-registered' (user bootstrapped) workstations go into VLAN
>> 'users-unmanaged' whilst our equipment goes into 'users-staff'.
>> Hope that makes sense...? :)
>
> Do you mean: unauthorized, user be put in default (jailed) vlan?
>
I work for a university so we have
Op 15 jul 2011, om 11:26 heeft Alexander Clouter het volgende geschreven:
> Serge van Namen wrote:
>>
>> In our situation the user is bound to a VLAN, so on every workstation
>> in the building the user authenticates and the switchport becomes a
>> member of the correct VLAN.
>>
> I *strongl
Serge van Namen wrote:
>
> In our situation the user is bound to a VLAN, so on every workstation
> in the building the user authenticates and the switchport becomes a
> member of the correct VLAN.
>
I *strongly* recommend not mixing host and user authentication, it's
just too much of a brain .
Op 14 jul 2011, om 21:30 heeft Alexander Clouter het volgende geschreven:
> Serge van Namen wrote:
>>
>> I'm working on a proof-of-concept for 802.1x and dynamic vlan's on
>> switches.
>>
>> All this works perfectly with user@realm, but now I want to read the
>> vlan ID from a ldap attribute
Serge van Namen wrote:
>
> I'm working on a proof-of-concept for 802.1x and dynamic vlan's on
> switches.
>
> All this works perfectly with user@realm, but now I want to read the
> vlan ID from a ldap attribute and then send the radius request with
> that value in "Tunnel-Private-Group-ID".
>
On 14/07/11 13:09, Serge van Namen wrote:
Hi,
I'm working on a proof-of-concept for 802.1x and dynamic vlan's on switches.
All this works perfectly with user@realm, but now I want to read the vlan ID from a ldap
attribute and then send the radius request with that value in
"Tunnel-Private-Gro
Hi,
I'm working on a proof-of-concept for 802.1x and dynamic vlan's on switches.
All this works perfectly with user@realm, but now I want to read the vlan ID
from a ldap attribute and then send the radius request with that value in
"Tunnel-Private-Group-ID".
Can anyone give me a bump in the ri
REMY Lionel <[EMAIL PROTECTED]> wrote:
> In fact, "use_tunneled_reply" works with PEAP when I put the same
> User-Name inside and outside the tunnel but create an error if I put
> different User-Name :
That's nice to know. Why couldn't you say that in your first message?
> But using the option
Alan DeKok a écrit :
REMY Lionel <[EMAIL PROTECTED]> wrote:
I use freeradius 1.0.1 to authenticate wireless users with EAP-TTLS or
PEAP against an LDAP backend.
No. LDAP is a database, not an authentication server. LDAP
supplies a clear-text password, and FreeRADIUS does EAP
authenticat
REMY Lionel <[EMAIL PROTECTED]> wrote:
> I use freeradius 1.0.1 to authenticate wireless users with EAP-TTLS or
> PEAP against an LDAP backend.
No. LDAP is a database, not an authentication server. LDAP
supplies a clear-text password, and FreeRADIUS does EAP
authentication.
> It works... but
Hi all,
I use freeradius 1.0.1 to authenticate wireless users with EAP-TTLS or
PEAP against an LDAP backend.
Now, I want to switch the users into a vlan by using an LDAP attribute
named here 'title'.
I put in the ldap.attrmap file :
replyItem Tunnel-Private-Group-Id title
And in th
14 matches
Mail list logo