<div class="gmail_quote">Hi, <div>Thanks for your reply :)</div><div><br></div><div>I have a better news that: By using OpenLDAP for FR Authen & Authorization </div><div>=> I can configure multiple passwords for each user (Uid)</div>
<div>and use 1 of those passwords for successfully Authentication! </div>
<div><br></div><div>Although it is done manually now, but somehow it solves the matter !</div><div><br></div><div>If anyone have experienced this, please give some advices !</div><div>Example: How to do it automatically or</div>
<div>How to create a pool of passwords then use the pool for multiple users :) </div><div><br></div><div>Regards! </div><div><br><span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">Message: 3</span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">Date: Tue, 15 Nov 2011 16:09:29 +0700</span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">From: "Fajar A. Nugraha" <</span><a href="mailto:list@fajar.net" style="color:rgb(0,0,204);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)" target="_blank">list@fajar.net</a><span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">></span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">Subject: Re: Help: FreeRadius Users with multiple passwords</span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">To: FreeRadius users mailing list</span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"> <</span><a href="mailto:freeradius-users@lists.freeradius.org" style="color:rgb(0,0,204);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)" target="_blank">freeradius-users@lists.freeradius.org</a><span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">></span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">Message-ID:</span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"> <CAG1y0sffWuNVw08KH5XT8_</span><span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">Ny3NLCe=NFWB4U+=</span><a href="mailto:WEXFcmiQ0FoA@mail.gmail.com" style="color:rgb(0,0,204);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)" target="_blank">WEXFcmiQ0FoA@mail.gmail.com</a><span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">></span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">Content-Type: text/plain; charset=ISO-8859-1</span><div class="im"><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"><span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">On Tue, Nov 15, 2011 at 4:00 PM, Duong Manh Truong</span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"><</span><a href="mailto:ngoahotanglongbk@gmail.com" style="color:rgb(0,0,204);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)" target="_blank">ngoahotanglongbk@gmail.com</a><span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">> wrote:</span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">> Hi all,</span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">> I have encounter with an issue and can not find the solution after several</span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">> days of thinking :(</span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">> I set up FreeRadius & Mysql successfully, testing with some account ok,</span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
</div><span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">> but my real case: Lot of my users?have more than 1 passwords,</span><div class="im"><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">> Example: User: "truongdm" comes with the password "abc123" or the password</span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">> "123abc" is both ok</span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"></div><span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">Short version: you can't.</span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"><span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">Long version:</span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">it's doable, but ONLY if:</span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">- your user sends clear-text password (read: not using MSCHAP or</span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">PEAP-MS-CHAP v2, which is the one most often used by windows clients)</span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">- you create additional logic to handle authentication, either using</span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">unlang or external script (perl, php, whatever). Hint: see</span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<a href="http://wiki.freeradius.org/Auth%20Type" style="color:rgb(0,0,204);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)" target="_blank">http://wiki.freeradius.org/Auth%20Type</a><span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"> . Your additional logic would</span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">have to set Auth-Type := Accept when conditions (e.g. password) match.</span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"><span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">--</span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">Fajar</span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">------------------------------</span><br style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<div class="gmail_quote">Vào 18:00 Ngày 15 tháng 11 năm 2011, <span dir="ltr"><<a href="mailto:freeradius-users-request@lists.freeradius.org" target="_blank">freeradius-users-request@lists.freeradius.org</a>></span> đã viết:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Send Freeradius-Users mailing list submissions to<br>
<a href="mailto:freeradius-users@lists.freeradius.org" target="_blank">freeradius-users@lists.freeradius.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="http://lists.freeradius.org/mailman/listinfo/freeradius-users" target="_blank">http://lists.freeradius.org/mailman/listinfo/freeradius-users</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:freeradius-users-request@lists.freeradius.org" target="_blank">freeradius-users-request@lists.freeradius.org</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:freeradius-users-owner@lists.freeradius.org" target="_blank">freeradius-users-owner@lists.freeradius.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of Freeradius-Users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: EAP-TLS CRL checking when multiple CAs used (Martin ?mel?k)<br>
2. Help: FreeRadius Users with multiple passwords (Duong Manh Truong)<br>
3. Re: Help: FreeRadius Users with multiple passwords<br>
(Fajar A. Nugraha)<br>
4. Re: mysql module help (Alan DeKok)<br>
5. Re: Issues with EAP-TLS and OpenSSL (Alan DeKok)<br>
6. Re: PEAP/mschapv2 - opendirectory (Alan DeKok)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Tue, 15 Nov 2011 09:23:23 +0100<br>
From: Martin ?mel?k <<a href="mailto:martin.cmelik@gmail.com" target="_blank">martin.cmelik@gmail.com</a>><br>
Subject: Re: EAP-TLS CRL checking when multiple CAs used<br>
To: FreeRadius users mailing list<br>
<<a href="mailto:freeradius-users@lists.freeradius.org" target="_blank">freeradius-users@lists.freeradius.org</a>><br>
Message-ID:<br>
<<a href="mailto:CAGfF%2B_KCtw6Bet1JMxXJEijmF1dJTK2CekaiXoztVTifpuYOfA@mail.gmail.com" target="_blank">CAGfF+_KCtw6Bet1JMxXJEijmF1dJTK2CekaiXoztVTifpuYOfA@mail.gmail.com</a>><br>
Content-Type: text/plain; charset=UTF-8<br>
<br>
Hi all,<br>
<br>
problem has been on my side. I miss to add another one CRL into certs directory.<br>
<br>
Thank you for all your help!<br>
<br>
Best regards,<br>
<br>
?<br>
Martin ?mel?k<br>
<br>
<br>
<br>
2011/11/14 Martin ?mel?k <<a href="mailto:martin.cmelik@gmail.com" target="_blank">martin.cmelik@gmail.com</a>>:<br>
> Hi Alan,<br>
><br>
> I did, there is nothing about it.<br>
><br>
> Only this:<br>
><br>
> # ?Check the Certificate Revocation List<br>
> #<br>
> # ?1) Copy CA certificates and CRLs to same directory.<br>
> # ?2) Execute 'c_rehash <CA certs&CRLs Directory>'.<br>
> # ? ?'c_rehash' is OpenSSL's command.<br>
> # ?3) uncomment the line below.<br>
> # ?5) Restart radiusd<br>
> # ? ? ? check_crl = yes<br>
><br>
> We have all CAs in ca.pem and CRL lists in separate file<br>
> crl1.pem+.der, crl2.pem+.der, ect...<br>
><br>
> Stefan,<br>
><br>
> that's what I did.<br>
> OK I will try to do same thing with previous configuration. Maybe that<br>
> I miss something.<br>
><br>
> Thank you<br>
><br>
><br>
> ?<br>
> Martin ?mel?k<br>
><br>
><br>
><br>
><br>
> 2011/11/14 Alan DeKok <<a href="mailto:aland@deployingradius.com" target="_blank">aland@deployingradius.com</a>>:<br>
>> Martin ?mel?k wrote:<br>
>>> Question is: When Freeradius receive user certificate how daemon find<br>
>>> correct CRL list in certs directory?<br>
>><br>
>> ?Read raddb/eap.conf. ?This is documented.<br>
>><br>
>> ?Alan DeKok.<br>
>> -<br>
>> List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
>><br>
><br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Tue, 15 Nov 2011 16:00:27 +0700<br>
From: Duong Manh Truong <<a href="mailto:ngoahotanglongbk@gmail.com" target="_blank">ngoahotanglongbk@gmail.com</a>><br>
Subject: Help: FreeRadius Users with multiple passwords<br>
To: <a href="mailto:freeradius-users@lists.freeradius.org" target="_blank">freeradius-users@lists.freeradius.org</a><br>
Message-ID:<br>
<CAPY3iihX7xHE_kH5+yDB6Fv9=+<a href="mailto:FSwxVEoOM1R5FtmC8YnZo41A@mail.gmail.com" target="_blank">FSwxVEoOM1R5FtmC8YnZo41A@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="iso-8859-1"<div class="im"><br>
<br>
Hi all,<br>
<br>
I have encounter with an issue and can not find the solution after several<br>
days of thinking :(<br>
<br>
I set up FreeRadius & Mysql successfully, testing with some account ok,<br>
<br></div>
but my real case: Lot of my users *have more than 1 passwords*,<div class="im"><br>
<br>
Example: User: "truongdm" comes with the password "abc123" or the password<br>
"123abc" is both ok<br>
<br>
<br>
Please help me: How can i set it up?<br>
<br>
- I try to insert serveral records with the same "username" and difference<br>
"value" - password- in the "radcheck" table<br>
but at one time, the server accept 1 pair of "username/value" only :(<br>
<br>
- I try to edit the file "users" manually but no help .....<br>
<br>
Anyone has had this matter, please help me find the direction!<br>
<br>
Thanks & Best Regards!<br></div>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="https://lists.freeradius.org/pipermail/freeradius-users/attachments/20111115/0c35664f/attachment.html" target="_blank">https://lists.freeradius.org/pipermail/freeradius-users/attachments/20111115/0c35664f/attachment.html</a>><br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Tue, 15 Nov 2011 16:09:29 +0700<br>
From: "Fajar A. Nugraha" <<a href="mailto:list@fajar.net" target="_blank">list@fajar.net</a>><br>
Subject: Re: Help: FreeRadius Users with multiple passwords<br>
To: FreeRadius users mailing list<br>
<<a href="mailto:freeradius-users@lists.freeradius.org" target="_blank">freeradius-users@lists.freeradius.org</a>><br>
Message-ID:<br>
<CAG1y0sffWuNVw08KH5XT8_Ny3NLCe=NFWB4U+=<a href="mailto:WEXFcmiQ0FoA@mail.gmail.com" target="_blank">WEXFcmiQ0FoA@mail.gmail.com</a>><br>
Content-Type: text/plain; charset=ISO-8859-1<div class="im"><br>
<br>
On Tue, Nov 15, 2011 at 4:00 PM, Duong Manh Truong<br>
<<a href="mailto:ngoahotanglongbk@gmail.com" target="_blank">ngoahotanglongbk@gmail.com</a>> wrote:<br>
> Hi all,<br>
> I have encounter with an issue and can not find the solution after several<br>
> days of thinking :(<br>
> I set up FreeRadius & Mysql successfully, testing with some account ok,<br></div>
> but my real case: Lot of my users?have more than 1 passwords,<div class="im"><br>
> Example: User: "truongdm" comes with the password "abc123" or the password<br>
> "123abc" is both ok<br>
<br></div>
Short version: you can't.<br>
<br>
Long version:<br>
it's doable, but ONLY if:<br>
- your user sends clear-text password (read: not using MSCHAP or<br>
PEAP-MS-CHAP v2, which is the one most often used by windows clients)<br>
- you create additional logic to handle authentication, either using<br>
unlang or external script (perl, php, whatever). Hint: see<br>
<a href="http://wiki.freeradius.org/Auth%20Type" target="_blank">http://wiki.freeradius.org/Auth%20Type</a> . Your additional logic would<br>
have to set Auth-Type := Accept when conditions (e.g. password) match.<br>
<br>
--<br>
Fajar<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 4<br>
Date: Tue, 15 Nov 2011 10:10:16 +0100<br>
From: Alan DeKok <<a href="mailto:aland@deployingradius.com" target="_blank">aland@deployingradius.com</a>><br>
Subject: Re: mysql module help<br>
To: Ski Mountain <<a href="mailto:ski_the_mountain@yahoo.com" target="_blank">ski_the_mountain@yahoo.com</a>>, FreeRadius users<br>
mailing list <<a href="mailto:freeradius-users@lists.freeradius.org" target="_blank">freeradius-users@lists.freeradius.org</a>><br>
Message-ID: <<a href="mailto:4EC22C78.50505@deployingradius.com" target="_blank">4EC22C78.50505@deployingradius.com</a>><br>
Content-Type: text/plain; charset=ISO-8859-1<br>
<br>
Ski Mountain wrote:<br>
> I am trying to get freeradius working with mysql on a new system. I<br>
> even copied the configuration files from a working system, but I am<br>
> still having trouble getting the mysql module to load. Yes I have<br>
> $INCLUDE sql.conf<br>
> uncommitted from radius.conf<br>
<br>
Read raddb/sites-available/default. Look for "sql"<br>
<br>
Then, read the SQL documentation on the wiki.<br>
<br>
Alan DeKok.<br>
<br>
<br>
------------------------------<br>
<br>
Message: 5<br>
Date: Tue, 15 Nov 2011 10:24:31 +0100<br>
From: Alan DeKok <<a href="mailto:aland@deployingradius.com" target="_blank">aland@deployingradius.com</a>><br>
Subject: Re: Issues with EAP-TLS and OpenSSL<br>
To: FreeRadius users mailing list<br>
<<a href="mailto:freeradius-users@lists.freeradius.org" target="_blank">freeradius-users@lists.freeradius.org</a>><br>
Message-ID: <<a href="mailto:4EC22FCF.2000400@deployingradius.com" target="_blank">4EC22FCF.2000400@deployingradius.com</a>><br>
Content-Type: text/plain; charset=UTF-8<br>
<br>
Houston-III, Lester L wrote:<br>
> I?m trying to configure my FreeRADIUS server to support EAP-TLS but it<br>
> keeps reporting that there is no OpenSSL support.<br>
<br>
You need to install the openssl-dev package. It includes the OpenSSL<br>
header files.<br>
<br>
This is probably on the Wiki, under "building it yourself".<br>
<br>
Alan DeKok.<br>
<br>
<br>
------------------------------<br>
<br>
Message: 6<br>
Date: Tue, 15 Nov 2011 10:27:38 +0100<br>
From: Alan DeKok <<a href="mailto:aland@deployingradius.com" target="_blank">aland@deployingradius.com</a>><br>
Subject: Re: PEAP/mschapv2 - opendirectory<br>
To: FreeRadius users mailing list<br>
<<a href="mailto:freeradius-users@lists.freeradius.org" target="_blank">freeradius-users@lists.freeradius.org</a>><br>
Message-ID: <<a href="mailto:4EC2308A.1070307@deployingradius.com" target="_blank">4EC2308A.1070307@deployingradius.com</a>><br>
Content-Type: text/plain; charset=ISO-8859-1<br>
<br>
Kemal YILDIRIM wrote:<br>
> Hello all,<br>
> I've just able to implemented Wired 802.1x system with PEAP/mschapv2<br>
> authentication against opendirectory which is running on MacOSX server<br>
> 10.6.8 Leopard.<br>
> At the end I have a "working" setup, but I like to learn more to fix my<br>
> faults.<br>
<br>
What is going wrong?<br>
<br>
You've posted a long message showing authentication succeeded, but no<br>
errors.<br>
<br>
Alan DeKok.<br>
<br>
<br>
------------------------------<br>
<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
<br>
<br>
End of Freeradius-Users Digest, Vol 79, Issue 49<br>
************************************************<br>
</blockquote></div><br></div>
</div><br>