Hola: <BR><BR><B><I>freeradius-users-request@lists.freeradius.org</I></B> wrote: <BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">Send Freeradius-Users mailing list submissions to<BR>freeradius-users@lists.freeradius.org<BR><BR>To subscribe or unsubscribe via the World Wide Web, visit<BR>http://lists.freeradius.org/mailman/listinfo/freeradius-users<BR>or, via email, send a message with subject or body 'help' to<BR>freeradius-users-request@lists.freeradius.org<BR><BR>You can reach the person managing the list at<BR>freeradius-users-owner@lists.freeradius.org<BR><BR>When replying, please edit your Subject line so it is more specific<BR>than "Re: Contents of Freeradius-Users digest..."<BR><BR><BR>Today's Topics:<BR><BR>1. Cisco sslvpn authentication with freeradius (satish patel)<BR>2. freeRADIUS with Active-derectory (Hangjun He)<BR>3. Re: freeRADIUS with Active-derectory (Alan DeKok)<BR>4. Re: SSL certificate problems
(Alan DeKok)<BR>5. Re: Class attribute in accounting record. (Alan DeKok)<BR>6. Re: web based admin (satish patel)<BR><BR><BR>----------------------------------------------------------------------<BR><BR>Message: 1<BR>Date: Tue, 30 Oct 2007 05:41:30 +0000 (GMT)<BR>From: satish patel <LINUXTRAP@YAHOO.CO.IN><BR>Subject: Cisco sslvpn authentication with freeradius<BR>To: freeradius-users <FREERADIUS-USERS@LISTS.FREERADIUS.ORG><BR>Message-ID: <47025.12580.qm@web8405.mail.in.yahoo.com><BR>Content-Type: text/plain; charset="iso-8859-1"<BR><BR>Dear all<BR><BR>I have cisco SSLVPN gateway and i want to authenticate user freeradius authentication server but i need more input from community what type of control i can done with it ?? Is it possible to control some user session or number of time to control is there anybody have done it ??/<BR><BR><BR><BR><BR>$ cat ~/satish/url.txt
<BR><BR>http://www.linuxbug.org<BR>_____________________________________________________________________________________________________<BR><BR><BR>---------------------------------<BR>5, 50, 500, 5000 - Store N number of mails in your inbox. Click here.<BR>-------------- next part --------------<BR>An HTML attachment was scrubbed...<BR>URL: <HTTPS: attachment-0001.html 20071030 attachments freeradius-users pipermail lists.freeradius.org 7ae72ecc><BR><BR>------------------------------<BR><BR>Message: 2<BR>Date: Tue, 30 Oct 2007 14:25:24 +0800 (CST)<BR>From: Hangjun He <ELMERHE@YAHOO.COM.CN><BR>Subject: freeRADIUS with Active-derectory<BR>To: FreeRadius users mailing list<BR><FREERADIUS-USERS@LISTS.FREERADIUS.ORG><BR>Message-ID: <138552.33288.qm@web15101.mail.cnb.yahoo.com><BR>Content-Type: text/plain; charset="gb2312"<BR><BR>Hi,<BR>I have configured ntlm_auth in freeRADIUS talk to AD(user store). And It works well.<BR>Now I want to use ldap to get attribute from AD,
It failed.<BR><BR>It seems ldapsearch will search user's display name. And ntlm_auth will search user's user logon name.<BR><BR>If I set display name same with user logon name, It can work. Is there a way let ldapsearch to search user logon name too??<BR><BR><BR>relate configure in radiusd.conf:<BR>authorize { <BR>mschap suffix eap files ldap <BR>} <BR> <BR>authenticate { <BR>Auth-Type MS-CHAP { <BR>mschap <BR>} <BR>eap <BR>ldap <BR>} <BR><BR><BR>---------------------------------<BR>?????????? <BR>-------------- next part --------------<BR>An HTML attachment was scrubbed...<BR>URL: <HTTPS: attachment-0001.html 20071030 attachments freeradius-users pipermail lists.freeradius.org c97026c2><BR><BR>------------------------------<BR><BR>Message: 3<BR>Date: Tue, 30 Oct 2007 07:38:59 +0100<BR>From: Alan DeKok <ALAND@DEPLOYINGRADIUS.COM><BR>Subject: Re: freeRADIUS with Active-derectory<BR>To: FreeRadius users mailing
list<BR><FREERADIUS-USERS@LISTS.FREERADIUS.ORG><BR>Message-ID: <4726D183.4080104@deployingradius.com><BR>Content-Type: text/plain; charset=ISO-8859-1<BR><BR>Hangjun He wrote:<BR>> I have configured ntlm_auth in freeRADIUS talk to AD(user store). And<BR>> It works well.<BR>> Now I want to use ldap to get attribute from AD, It failed.<BR>> <BR>> It seems ldapsearch will search user's *display name*. And ntlm_auth<BR>> will search user's *user logon name.*<BR>> <BR>> If I set display name same with user logon name, It can work. Is<BR>> there a way let ldapsearch to search user logon name too??<BR><BR>The LDAP search strings are editable in radiusd.conf.<BR><BR>Alan DeKok.<BR><BR><BR>------------------------------<BR><BR>Message: 4<BR>Date: Tue, 30 Oct 2007 07:40:24 +0100<BR>From: Alan DeKok <ALAND@DEPLOYINGRADIUS.COM><BR>Subject: Re: SSL certificate problems<BR>To: FreeRadius users mailing
list<BR><FREERADIUS-USERS@LISTS.FREERADIUS.ORG><BR>Message-ID: <4726D1D8.5020702@deployingradius.com><BR>Content-Type: text/plain; charset=ISO-8859-1<BR><BR>Walter Gould wrote:<BR>> Sorry to bother you guys again - I created new SSL certificates per<BR>> your above instructions... After the certs were created, I then:<BR>> <BR>> 1. copied them to the /etc/raddb/certs directory<BR>> 2. updated /etc/raddb/eap.conf with the certificate names & private key<BR>> password<BR>> 3. copied and installed the new certificate (server.pem) onto my XP<BR>> laptop and<BR>> 4. started radiusd in debug mode, below is the output<BR>> <BR>> It is acting as you describe in the FAQ -<BR><BR>You didn't add the root certificate to the XP machine. See the<BR>EAP-TLS "howto's" on the web site.<BR><BR>> So, I am wondering will I need to install the hotfix as listed in the<BR>> FAQ - and, will this have to be done on ALL Windows machines? I am<BR>>
thinking that I still do not have something configured right on my<BR>> side. If I uncheck the "validate server certs" box on the XP client, I<BR>> can connect and authenticate successfully.<BR><BR>Yup. "Ignore that we have no idea where this certificate came from,<BR>and do PEAP anyways".<BR><BR>Alan DeKok.<BR><BR><BR>------------------------------<BR><BR>Message: 5<BR>Date: Tue, 30 Oct 2007 07:41:38 +0100<BR>From: Alan DeKok <ALAND@DEPLOYINGRADIUS.COM><BR>Subject: Re: Class attribute in accounting record.<BR>To: mje@posix.co.za, FreeRadius users mailing list<BR><FREERADIUS-USERS@LISTS.FREERADIUS.ORG><BR>Message-ID: <4726D222.4010003@deployingradius.com><BR>Content-Type: text/plain; charset=ISO-8859-1<BR><BR>Mark Elkins wrote:<BR>> .. which keeps personal changes to one place (sql.conf and files<BR>> in /etc/raddb) and saves me from upsetting Alan DeKok's karma* - a bad<BR>> thing to do.<BR><BR><BR><SHRUG>The files are editable for a reason. If all
you see is ASCII<BR>"Class" attributes, add the following to the bottom of raddb/dictionary:<BR><BR>ATTRIBUTE Class 25 string<BR><BR>Alan DeKok.<BR><BR><BR>------------------------------<BR><BR>Message: 6<BR>Date: Tue, 30 Oct 2007 09:01:19 +0000 (GMT)<BR>From: satish patel <LINUXTRAP@YAHOO.CO.IN><BR>Subject: Re: web based admin<BR>To: FreeRadius users mailing list<BR><FREERADIUS-USERS@LISTS.FREERADIUS.ORG><BR>Message-ID: <653821.58006.qm@web8403.mail.in.yahoo.com><BR>Content-Type: text/plain; charset="iso-8859-1"<BR><BR>Dear <BR><BR>i need also this kind of setup i want to replace AAA ACS with freeradius but i dont know how accouning work in this case and authorization of cisco LEVEL base can u provide me doucment of URL for this setup <BR><BR>"Hawkins, Michael" <MHAWKINS@TULLETTPREBON.COM>wrote: Hi all,<BR><BR>I am very familiar with Cisco Secure ACS for AAA of Cisco devices. I am<BR>considering using FreeRadius at another customer site instead of Cisco<BR>Secure
ACS.<BR><BR>Will I still be able to control command execution (authorization) etc<BR>via FreeRadius? Or would I be restricted to authentication only?<BR><BR>What do people recommend I use as a web front end for FreeRadius when<BR>managing AAA on a Cisco network via FreeRadius?<BR><BR>I've seen daloradius but that is geared to wireless hotspots. I've taken<BR>a quick look at phpRADmin and also ASN but I'm not sure which one is<BR>more mature and would like to know other peoples thoughts. Or is<BR>dailupadmin itself good enough?<BR><BR>Any advice given is very much appreciated.<BR><BR>Mike Hawkins<BR>---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<BR>The information contained in this email is confidential and may also contain privileged information. Sender does not waive confidentiality or legal privilege. If you are not the intended recipient
please notify the sender immediately; you should not retain this message or disclose its content to anyone.<BR>Internet communications are not secure or error free and the sender does not accept any liability for the content of the email. Although emails are routinely screened for viruses, the sender does not accept responsibility for any damage caused. Replies to this email may be monitored.<BR>---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<BR><BR>______________________________________________________________________<BR>This email has been scanned by the MessageLabs Email Security System.<BR>For more information please visit http://www.messagelabs.com/email <BR>______________________________________________________________________<BR><BR>-<BR>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<BR><BR><BR><BR>$ cat
~/satish/url.txt <BR><BR>http://www.linuxbug.org<BR>_____________________________________________________________________________________________________<BR><BR><BR>---------------------------------<BR>Unlimited freedom, unlimited storage. Get it now<BR>-------------- next part --------------<BR>An HTML attachment was scrubbed...<BR>URL: <HTTPS: 20071030 attachments freeradius-users pipermail lists.freeradius.org attachment.html 5303e8c7><BR><BR>------------------------------<BR><BR>-<BR>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<BR><BR><BR>End of Freeradius-Users Digest, Vol 30, Issue 107<BR>*************************************************<BR></BLOCKQUOTE><BR><BR><BR><DIV><STRONG><EM><FONT face="times new roman"> CON CARIÑO</FONT></EM></STRONG></DIV>
<DIV><FONT face="times new roman"><EM><STRONG><U>MARIBEL HERNÁNDEZ LÓPEZ</U></STRONG></EM></FONT></DIV>
<DIV><FONT face="Times New Roman"><STRONG><EM> <IMG src="http://us.i1.yimg.com/us.yimg.com/i/mesg/tsmileys2/40.gif"></EM></STRONG></FONT></DIV><p> __________________________________________________<br>Do You Yahoo!?<br>Tired of spam? Yahoo! Mail has the best spam protection around <br>http://mail.yahoo.com