On Mon, Oct 14, 2013 at 10:40:19AM +0100, Matthew Newton wrote:
> On Fri, Oct 11, 2013 at 05:41:07PM +0100, Fabrizio Vecchi wrote:
> > As you can see, the device wasn't listed in the file, the authentication
> > went fine, saying that the tunnel that I should get has ID 40, but that
> > wasn't over
On Fri, Oct 11, 2013 at 05:41:07PM +0100, Fabrizio Vecchi wrote:
> As you can see, the device wasn't listed in the file, the authentication
> went fine, saying that the tunnel that I should get has ID 40, but that
> wasn't overwritten by the authorized_macs check...
Add
DEFAULT Auth-Type := Rejec
Fabrizio Vecchi wrote:
> I guess at the end of the day my question boils down to the following:
> where should I put the MAC check, so that the user gets assigned to the
> right VLAN?
In post-auth.
> If I put it in the authorize part of sites-enabled/default, the VLAN
> update request will get
Hi Alan and thanks for the reply.
On 12 October 2013 13:42, Alan DeKok wrote:
> > So far, I managed to do the dynamic VLAN assignment, but cannot seem to
> > get it to work together with the MAC checking.
>
Get them working independently. Then, put the pieces together.
I
Fabrizio Vecchi wrote:
> First of all, sorry if my email is very long, I am just trying not to
> leave any important details out. :)
That's good.
> So far, I managed to do the dynamic VLAN assignment, but cannot seem to
> get it to work together with the MAC checking.
servers.
This is basically to take care of users who connect to our network with
their own devices, on which we don't have control and that could spread all
sorts of malware in the internal network.
So far, I managed to do the dynamic VLAN assignment, but cannot seem to get
it to work together
servers.
This is basically to take care of users who connect to our network with
their own devices, on which we don't have control and that could spread all
sorts of malware in the internal network.
So far, I managed to do the dynamic VLAN assignment, but cannot seem to get
it to work together
On 3 Oct 2013, at 10:57, matthew pideil wrote:
> Hello,
>
> I want to perform dynamic VLAN assignment by username through wifi
> access. I set up this configuration few time ago but didn't works.
>
> I want to know which WiFi APs are compatible and/or what is the
Hello,
I want to perform dynamic VLAN assignment by username through wifi
access. I set up this configuration few time ago but didn't works.
I want to know which WiFi APs are compatible and/or what is the term to
search for in devices specifications ...
Regards,
--
Matthew Pideil
-
List
>
> You could move "files" above "eap" but IMO it's better (cleaner, more
> obvious) to run this in post-auth like so:
>
> authorize {
>...
>eap {
> ok = return
>}
>...
> }
> post-auth {
>...
>files
>...
> }
>
> Note that you'll need to set the "postauth_usersfile"
el virtual server to return VLAN
assignment attributes in Access-Accept.
smime.p7s
Description: S/MIME Cryptographic Signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 08/08/13 16:16, Shaw, Colin M. wrote:
Thanks for the reply Phil.
difference. Lastly, for testing purposes, if I insert the required
attributes into the default post-auth then it all works and the wired
client is assigned the correct vlan, so again the switch side must be
ok and I also theref
On 08/08/13 11:07, Shaw, Colin M. wrote:
difference. Lastly, for testing purposes, if I insert the required
attributes into the default post-auth then it all works and the wired
client is assigned the correct vlan, so again the switch side must be ok
and I also therefore presume all the dictiona
d the different vlans that
I want them to be assigned. So the authentication, AD interaction & vlan
assignment are all working as should be there.
However, we also use wired 802.1x on some of our HP 5406 switches. This
currently works fine with the existing old freeRADIUS server, so the actua
On Fri, Jul 19, 2013 at 06:03:31PM +0200, Dario Palmisano wrote:
> RADIUS-assigned VLANs are not supported when you enable multiple BSSIDs."
>
> So it seems not to be related to the IOS version, is it?
>
> Is there any way to overcome this somehow, if not...
Do you actually need multiple bssids
I'm sure there was some late in the day ios updates for 1130 series AP this
stuff works with capwap/lwapp 1131 anyway, if MBSSID is not supported with
dynamic vlan assignment so don't use mbssid, use guest mode instead.
alan
-
List info/subscribe/unsubscribe
At the end, thanks to the list suggestions I found in the cisco docs the
sentence:
"Keep these guidelines in mind when configuring multiple BSSIDs:
RADIUS-assigned VLANs are not supported when you enable multiple BSSIDs."
So it seems not to be related to the IOS version, is it?
Is there any w
On Fri, Jul 19, 2013 at 04:20:51PM +0200, Dario Palmisano wrote:
> > is this a 'fat/autonomous' AP? if so, then only latest firmware can handle
> > multiple VLANS per 802.1X SSID with multiple BSSIDs present.
>
> This could be the problem, I found something in the Cisco documentation but
> was u
On Friday 19 July 2013 16:54:13 a.l.m.bu...@lboro.ac.uk wrote:
> Hi,
>
> > The specific configuration works fine I remove the following line from
> > users file:
> > Tunnel-Type := VLAN, Tunnel-Medium-Type := IEEE-802, Tunnel-Private-
> > Group-ID := 218
>
> Tunnel-Type = VLAN,
>
t;
> >>> I am configuring my freeradius to be integrated in the EDUROAM
> >>> federation. It works when the VLAN (as configured in the accesspoint)
> >>> is statically assigned.
> >>>
> >>> Now I would like to implement a &q
Hi,
> Here you can download the (almost complete) debug log. Near the end I added a
> text to make evident when I disconnected.
>
> http://webshare.icgeb.org//data/public/ce2e2ee9fbd84c362fd49b10805b36c8.php?lang=en
please dont ask me to visit random web sites that require to to click on things
Hi,
> The specific configuration works fine I remove the following line from users
> file:
> Tunnel-Type := VLAN, Tunnel-Medium-Type := IEEE-802, Tunnel-Private-
> Group-ID := 218
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID =
t;>> federation. It works when the VLAN (as configured in the accesspoint) is
>>> statically assigned.
>>>
>>> Now I would like to implement a "dynamic vlan assignment" on a per user
>>> basis; in this case the Macintosh I am using
You are right, I know!
On Friday 19 July 2013 15:52:43 a.l.m.bu...@lboro.ac.uk wrote:
> Hi,
>
> > I am configuring my freeradius to be integrated in the EDUROAM
> > federation. It works when the VLAN (as configured in the accesspoint) is
> > statically assigned.
>
> there are hundreds of sites us
esspoint) is
> > statically assigned.
> >
> > Now I would like to implement a "dynamic vlan assignment" on a per user
> > basis; in this case the Macintosh I am using for test gets authenticated
> > but is not able to get the ip address frm DHCP (it shows as
>
Hi,
> I am configuring my freeradius to be integrated in the EDUROAM federation.
> It works when the VLAN (as configured in the accesspoint) is statically
> assigned.
there are hundreds of sites using this sort of configuration for eduroam - so
its perfectly possible and fine (and standard!) so
On 19 Jul 2013, at 14:37, Dario Palmisano wrote:
> Hello Everybody,
>
> I am configuring my freeradius to be integrated in the EDUROAM federation.
> It works when the VLAN (as configured in the accesspoint) is statically
> assigned.
>
> Now I would like to impl
Hello Everybody,
I am configuring my freeradius to be integrated in the EDUROAM federation.
It works when the VLAN (as configured in the accesspoint) is statically
assigned.
Now I would like to implement a "dynamic vlan assignment" on a per user basis;
in this case the Macintosh I am
Hi guys
I had to also set the "*use_tunneled_reply=yes*" in the eap.conf to get
the Dynamic vlan assignment to work
On 12 July 2013 19:42, val john wrote:
> Hi guys ,
>
> Small question , do i need to import radius ldap schema ( items like
> radiusprofiles
> )
Hi guys ,
Small question , do i need to import radius ldap schema ( items like
radiusprofiles
) to our ldap server to get this VLAN assignment work
Thank You
john
On 12 July 2013 18:39, Arran Cudbard-Bell wrote:
>
> On 12 Jul 2013, at 13:57, val john wrote:
>
> > Hi guys ,
&
On 12 Jul 2013, at 13:57, val john wrote:
> Hi guys ,
>
> i have a freeradius setup that works with ldap group authentication ,i also
> need to configure the dynamic VLAN assignment , so i configured the "users"
> file as fallows ,
>
> DEFAULT Ldap-Group ==
Hi guys ,
i have a freeradius setup that works with ldap group authentication ,i also
need to configure the dynamic VLAN assignment , so i configured the
"users" file as fallows ,
DEFAULT Ldap-Group == "cn=staff,ou=groups,dc=ldap,dc=example,dc=com"
Tunnel-Type =
Am Mittwoch, 9. Januar 2013, 16:51:22 schrieb Matthew Ceroni:
> Hi:
>
> I am using FreeRadius version 2.1.12 on CentOS6.
>
> I am authenticating against Active Directory (that works). And authorizing
> against LDAP (that works as well).
>
> I am trying to return a
Hi:
I am using FreeRadius version 2.1.12 on CentOS6.
I am authenticating against Active Directory (that works). And authorizing
against LDAP (that works as well).
I am trying to return attributes, used for VLAN assignment, based on the
usersDN.
In my /etc/raddb/sites-enabled/default (and inner
Hi Klaus~
>> DEFAULT Group-Name == "testgroup"
>
>>
>> Tunnel-Type = 13,
>> Tunnel-Medium-Type = 6,
>> Tunnel-Private-Group-Id = "101",
>> Fall-Through = no
>> You do realize that format is incorrect, right? The extra blank line is
>>wrong.
>
> Do to email
Hi Phil~
>>> You are aware how "Group-Name" works, and which groups it is referring to,
>>> right? Specifically, it is not a real attribute, and doesn't exist in a
>>> concrete form. Rather, when you perform a comparison, a real-time search is
>>> done against the relevant database using the va
Am 21.08.2012 11:07, schrieb Theparanoidone Theparanoidone:
DEFAULT Group-Name == "testgroup"
Tunnel-Type = 13,
Tunnel-Medium-Type = 6,
Tunnel-Private-Group-Id = "101",
Fall-Through = no
You do realize that format is incorrect, right? The extra blank lin
Hi Alan~
>> You already said you are now running 2.1.12. Why are you repeating
>> yourself? Do you think we're stupid, and we don't understand your messages?
>> What version WERE you using before this? I asked, and you didn't say that.
>>
Current: radiusd: FreeRADIUS Version 2.1.12, fo
On 08/21/2012 07:08 AM, Theparanoidone Theparanoidone wrote:
Hi Alan~
We have tried to copy all configuration settings from the old server
to the new (so that nothing would change). We have no desire to
change any of our configurations because they previously were
working.
What happened? Wh
Theparanoidone Theparanoidone wrote:
> We have tried to copy all configuration settings from the old server to the
> new (so that nothing would change). We have no desire to change any of our
> configurations because they previously were working.
You've already said it was working previously
Theparanoidone Theparanoidone wrote:
> Previously using radius, we were able to assign VLAN based upon group
> membership using the following syntax in /etc/raddb/users :
That should still work.
> Now with FreeRADIUS Version 2.1.12, we are unable to make the above syntax
> work anymore.
Greetings~
Previously using radius, we were able to assign VLAN based upon group
membership using the following syntax in /etc/raddb/users :
DEFAULT Group-Name == "testgroup"
Tunnel-Type = 13,
Tunnel-Medium-Type = 6,
Tunnel-Private-Group-Id = "100",
Fall-Through
lf Of Scott Armitage
Sent: Tuesday, July 17, 2012 8:29 AM
To: FreeRadius users mailing list
Subject: Re: Load-Balance VLAN assignment via unlang
On 17 Jul 2012, at 12:57, Cotton, Jesse wrote:
> Using FR as a central RADIUS server. One task it performs is dot1x auth. It
> forwards eap requests
Cotton, Jesse wrote:
> What am I
> doing wrong? I have tried several variations. I know the syntax is
> incorrect but google has not been helpful. Thanks in advance.
My guess is that it's due to a long-standing bug related to tagged
attributes. Grab the v2.1.x branch from git, and try that.
On 17 Jul 2012, at 12:57, Cotton, Jesse wrote:
> Using FR as a central RADIUS server. One task it performs is dot1x auth. It
> forwards eap requests to one of several home servers which performs the auth
> and returns several attributes including Tunnel-Private-Group-Id. This
> attribute conta
Using FR as a central RADIUS server. One task it performs is dot1x auth. It
forwards eap requests to one of several home servers which performs the auth
and returns several attributes including Tunnel-Private-Group-Id. This
attribute contains multiple values indicating one of several potential v
[mailto:freeradius-users-bounces+jmcsparin=hillcountrymemorial.org@lists
.freeradius.org] On Behalf Of Alan Buxey
Sent: Wednesday, January 04, 2012 12:46 PM
To: FreeRadius users mailing list
Subject: Re: Using FreeRadius to override VLAN Assignment
Hi,
>Here is my radiusd -X it looks to me like
s-users-bounces+bjulin=clarku@lists.freeradius.org
[mailto:freeradius-users-bounces+bjulin=clarku@lists.freeradius.org] On
Behalf Of McSparin, Joe
Sent: Wednesday, January 04, 2012 1:37 PM
To: FreeRadius users mailing list
Subject: RE: Using FreeRadius to override VLAN Assignment
Here i
Hi,
>Here is my radiusd -X it looks to me like the Access-Accept is not
>returning the vlan with it.
copy_request_to_tunnel = yes
in your eap.conf
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
t;1001"
okay - thats a CHECK item - if the Auth-Type = ntlm_auth, followed
by a load of reply items. which look like standard VLAN override
values (eg that Cisco use)
> I have told my access point to Allow RADIUS Override on the VLAN
>Assignment however the VLAN is not getti
f Brian Julin
Sent: Wednesday, January 04, 2012 10:49 AM
To: FreeRadius users mailing list
Subject: RE: Using FreeRadius to override VLAN Assignment
The first order of business would be to freeradius in debug mode, or
launch an eapol_test client against it, and look to see whether the
attrib
t;1001"
okay - thats a CHECK item - if the Auth-Type = ntlm_auth, followed
by a load of reply items. which look like standard VLAN override
values (eg that Cisco use)
> I have told my access point to Allow RADIUS Override on the VLAN
>Assignment however the VLAN is not getti
: Using FreeRadius to override VLAN Assignment
I have put the following into my users files
DEFAULT Auth-Type = "ntlm_auth"
Tunnel-Type = "VLAN",
Tunnel-Medium-Type = "IEEE-802",
Tunnel-Private-Group-id = "10
I have put the following into my users files
DEFAULT Auth-Type = "ntlm_auth"
Tunnel-Type = "VLAN",
Tunnel-Medium-Type = "IEEE-802",
Tunnel-Private-Group-id = "1001"
I have told my access point to Allo
> if you take the standard initial 2.1.10 config and then edit the bits you
> need, then you'll see that for this setup, the most
important file
> for you to deal with is the inner-tunnel virtual serverthats what handles
> the EAP. so long as you've edited eap.conf correctly
so that
> the cer
Hi,
> So I'm moving from an old 1.1.3 (running on rhel5) to 2.1.10 (rhel6). We use
> EAP-TTLS > PAP which authenticates against openldap and
> dynamically assigns vlans based on ldap group properties. I seem to have
> gotten the authentication working, but the vlan assignment
stich86 wrote:
>
> there is a possibility to get "Tunnel-Private-Group-ID and others" from the
> LDAP groups and not users file?
>
> i've read many times docs/rlm_ldap but cant get out of this problem :(
>
Next time, try the freeradius-users@ archive too (true of *any* mailing
list)?
> Is it
Group-ID and others" from the
LDAP groups and not users file?
i've read many times docs/rlm_ldap but cant get out of this problem :(
Is it possible to do this configuration in conjunction with redundant ldap
configuration??
thanks!
--
View this message in context:
http://freeradius.
I believe I resolved this. I used eapol_test to get all wanted
result, and will try on real NAS later on.
The following is what I did. Basically I followed Alexander's example,
Modified peap section in eap.conf to use another virtual server "auth"
instead of inner-tunnel virtual server. I almost
schilling wrote:
>
> Thanks a lot.
>
> More questions.
>
> If you want to lower the load (and authentication latency) on your AD
> servers then you might want to look at the following too:
>
> http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg65781.html
>
First things first,
Thanks a lot.
More questions.
If you want to lower the load (and authentication latency) on your AD
servers then you might want to look at the following too:
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg65781.html
I am trying to follow your comment on this. I now realiz
schilling wrote:
>
> I am trying to play with your configuration, basically I have a
> virtual server call auth as your example, and modified my eap.conf for
> peap to use auth.
>
> what's the config:local.MY.realm? My debug showed
>
Phil pretty much covered it (and in a neater manner I was not
On 01/24/2011 08:35 PM, schilling wrote:
Hi Alexander,
I am trying to play with your configuration, basically I have a
virtual server call auth as your example, and modified my eap.conf for
peap to use auth.
what's the config:local.MY.realm? My debug showed
FreeRadius lets you write *any* con
Hi Alexander,
I am trying to play with your configuration, basically I have a
virtual server call auth as your example, and modified my eap.conf for
peap to use auth.
what's the config:local.MY.realm? My debug showed
[suffix] Looking up realm "foo.edu" for User-Name = "sd...@foo.edu"^M
[suffix]
I have the following questions for using perl though. Since I already
use LDAP or ntlm_auth for inner-tunnel mschapv0 authentication. Will
there any flag set so I can know whether LDAP or ntlm_auth is using
for mschapv0 authentication in perl script? Also if if I need to check
ldap/AD for certain a
schilling wrote:
>
> Where should I put the perl script? I already have a perl module for
> another virtual server to use radscript.
>
> I also tried unlang in post-auth, like
> if ( %{User-Name} =~ /\@/ && fooEmployeeStatus =~ /active/i ) {
>update outer.reply {
>
Hi,
> Where should I put the perl script? I already have a perl module for
> another virtual server to use radscript.
>
> I also tried unlang in post-auth, like
> if ( %{User-Name} =~ /\@/ && fooEmployeeStatus =~ /active/i ) {
> update outer.reply {
>
Where should I put the perl script? I already have a perl module for
another virtual server to use radscript.
I also tried unlang in post-auth, like
if ( %{User-Name} =~ /\@/ && fooEmployeeStatus =~ /active/i ) {
update outer.reply {
Service-Type = "
schilling wrote:
>Basically, I want to achieve
> If (ldap authorization) {
> if (ldap.employeeStatus = facstaff) {
> REPLY{'Service-Type'}= "Framed-User";
> REPLY{'Tunnel-Type'} = "VLAN";
> REPLY{'Tunnel-Medium-Type'} = "IEEE-802";
>
Hi All,
The group helped me configure the freeradius server to do mschapv2
against ldap w/ ntPassword if user sign on with usern...@foo.edu, and
to do mschapv2 against AD w/ ntlm if user just sign on with username.
Now I want to go one more step further - passing on some attributes
back to NAS. Ba
Attou eric wrote:
>The access point just put user1 on VLAN 30. My NAS ignore the VLAN ID
> 60 (Tunnel-Private-Group-Id:0 = "60")
Then the NAS is broken.
> contained in the Access-Accept. I try with two different models of
> Access point (zcomax and cisco)
>
>My question: Is there a par
Hi the list
I'm sure this is NAS question, not Freeradius' question. But perhaps
somebody on the list had experienced this issue. Here is my problem.
I setup :
- A Freeradius configuration EAP/PEAP with user credentials stored in LDAP
directory.
- A NAS zcomax ag3621 wireless access p
. There are new attributes which contain
information from the certificate. Use those as part of a policy to
determine VLAN assignment.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello!
Some time ago Alan mentioned that the new 2.1.10 version will support such a
thing. However, I can't seem to find it in the docs. Can anyone shed some light
on how that can be done with the new functionality?
-
Вижте последн
Hello, I have working setups of mac authentication where I use mysql and use
radgroupreply to hand out the appropriate vlans to my hp procurve switches
based on what mac address is authenticating.
I also have working setups for eap/peap where I use the mschapv2 module to
auth off a samba server vi
Le 16/09/2010 15:34, Phil Mayers a écrit :
On 16/09/10 10:16, Eric Doutreleau wrote:
thanks for your replay
here what i did
in the ldap.attrmap i put
checkItem User-Category eduPersonPrimaryAffiliation
checkItem means "put the attribute into the check/config items list".
Looking at the so
On 16/09/10 10:16, Eric Doutreleau wrote:
thanks for your replay
here what i did
in the ldap.attrmap i put
checkItem User-Category eduPersonPrimaryAffiliation
checkItem means "put the attribute into the check/config items list".
Looking at the source code, I see that rlm_ldap can't upd
well i though i have found the answer
i m not sure if it s the right way to do
in the section of peap of the eap file i had
use_tunneled_reply = yes
Le 16/09/2010 13:22, Eric Doutreleau a écrit :
Hi alexander
Le 16/09/2010 00:31, Alexander Clouter a écrit :
Remember that the 'inner-auth' v
Hi alexander
Le 16/09/2010 00:31, Alexander Clouter a écrit :
Remember that the 'inner-auth' virtual server is a *unique* instance
to your outer layer so 'User-Category' might be defined but only on the
outside whilst it looks like you are calling 'files' *inside*.
Cheers
Well I understand
thanks for your replay
here what i did
in the ldap.attrmap i put
checkItem User-Category eduPersonPrimaryAffiliation
in the user file i did
DEFAULT
Tunnel-Type := VLAN,
Tunnel-Medium-Type := IEEE-802,
Tunnel-Private-Group-Id = 901,
Fall-Through = Yes
DEFAU
[ldap] expand: dc=int-evry,dc=fr -> dc=int-evry,dc=fr
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] attempting LDAP reconnection
[ldap] (re)connect to ldapdev.int-evry.fr:389, authentication 0
[ldap] bind as cn=admin,dc=int-evry,dc=fr/admldap t
Eric Doutreleau wrote:
>
> i m using freeradius 2.1.9 and i have some problems with making dynamic
> vlan assignment based on vlan.
>
> here what i have in my users file
>
> DEFAULT User-Category == "student"
>Reply-Message = "Your a member of t
Hi,
> vlan assignment based on vlan.
>
>
> here what i have in my users file
>
> DEFAULT User-Category == "student"
> Reply-Message = "Your a member of the student Group",
> Tunnel-Type = VLAN,
> Tunnel-Medium-Type = IE
On 15/09/10 16:49, Fabien COMBERNOUS wrote:
On 15/09/2010 17:29, Phil Mayers wrote:
Please post the full debugging output.
Sigh. This is not the full debugging output. You're making it hard to
help you.
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-T
On 15/09/2010 17:29, Phil Mayers wrote:
Please post the full debugging output.
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
[suffix] N
On 15/09/10 16:13, Fabien COMBERNOUS wrote:
We use a sql backend. Just after my sql module (in the authorise
section) i added the following bloc.
if (notfound) {
update reply {
Tunnel-Type := 13
Tunnel-Medium-Type := 6
Tunnel-Private-Group-ID := 42
}
}
When a user is unknown, the sql module
We use a sql backend. Just after my sql module (in the authorise
section) i added the following bloc.
if (notfound) {
update reply {
Tunnel-Type := 13
Tunnel-Medium-Type := 6
My sql module (we use an sql backend return notfound.
I tried to add the following at the end of the authorize section.
On 15/09/2010 16:30, Phil Mayers wrote:
if (notfound) {
update reply {
Tunnel-Private-Group-Id = 1
On 15/09/10 12:30, Fabien COMBERNOUS wrote:
Thank you Phil for your answer.
On 15/09/2010 11:09, Phil Mayers wrote:
Are you using 802.1x or macauth?
If you are sending an access-reject, you can't assign a vlan. Reject
means "give no service". You either need to send an accept with a
vlan, o
Thank you Phil for your answer.
On 15/09/2010 11:09, Phil Mayers wrote:
Are you using 802.1x or macauth?
If you are sending an access-reject, you can't assign a vlan.
Reject means "give no service". You either need to send an accept
wi
On 15/09/10 10:02, Fabien COMBERNOUS wrote:
Hi,
We use the freeradius to assigne users in the vlan. The default settings
rejects users in case of a request from an unidentified user. Instead of
this we would like assign him to a specific vlan. I don't find
information about how to do this. Any
Hi,
We use the freeradius to assigne users in the vlan. The default
settings rejects users in case of a request from an unidentified
user. Instead of this we would like assign him to a specific vlan.
I don't find information about how to do this. Any pointer or
So the program (freeradius?!) that is calling rad2vmps is a perl script?
Best, Jan
Alan DeKok hat am 8. September 2010 um 14:19
geschrieben:
> Jan Zacharias wrote:
> > is the vmps functionality in freerad really a substitute for freenac?
>
> For some of it.
>
> > Is there a Gui th
Jan Zacharias wrote:
> is the vmps functionality in freerad really a substitute for freenac?
For some of it.
> Is there a Gui that I missed?
FreeRADIUS doesn't include a GUI for VMPS.
> After reading the sample configuration in
> sites-available/vmps I get the impression that freerad
Ple
Hey,
is the vmps functionality in freerad really a substitute for freenac?
Is there a Gui that I missed? After reading the sample configuration in
sites-available/vmps I get the impression that freerad can just handle
vmps requests as well. For me, vmps is not required at all, the clients
Jan Zacharias wrote:
> Version is "radiusd: FreeRADIUS Version 2.1.9, for host
> i386-portbld-freebsd8.1, built on Aug 5 2010 at 14:17:48"
Maybe the Perl installation on your system isn't thread-safe. This is
possible...
> rad2vmps is part of freenac. Can freerad and freenac work w/a this thi
#x27;s mixing up CONCURRENT requests resulting in a wrong vlan assignment.
>
> That sounds bad.
>
> > Now let's check what Vlans got assigned (this is the vmps log, vmps gets
> > only this MAC via rad2vmps and looks up the vlan in a mysql db):
>
> Hmm... r
Jan Zacharias wrote:
> I'm running into some very bad issue: when running freeradius in
> threaded mode (default)
> it's mixing up CONCURRENT requests resulting in a wrong vlan assignment.
That sounds bad.
> Now let's check what Vlans got assigned (this is the vmps
Hi Folks,
I'm running into some very bad issue: when running freeradius in threaded mode
(default)
it's mixing up CONCURRENT requests resulting in a wrong vlan assignment.
Here are the logs of two clients (OSX and Ubuntu). The Ubuntu supplicant
(wpa-suppl.)
always fails the first
On Aug 31, 2010, at 8:48 AM, Marten Pape wrote:
> Alan DeKok schrieb:
>> Marten Pape wrote:
>>
>>> Now my goal is to tell the NAS to assign every wifi-packet to a certain
>>> VLAN. I don't need to have a dynamic assignment of VLAN based on
>>> usernames or something else. One VLAN would be suffi
1 - 100 of 227 matches
Mail list logo