Re: cisco WAP/FreeRadius/OpenLDAP
something else i just found radtest only seems to work from localhost.. [root@ops2 raddb]# radtest marguin2 r0adkill localhost 0 i6Lw7uNsG7pZDUGgxirg Sending Access-Request of id 235 to 127.0.0.1 port 1812 User-Name = "marguin2" User-Password = "r0adkill" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=235, length=30 Filter-Id = "wireless" [root@ops2 raddb]# radtest marguin2 r0adkill 192.168.10.31 0 i6Lw7uNsG7pZDUGgxirg Sending Access-Request of id 96 to 192.168.10.31 port 1812 User-Name = "marguin2" User-Password = "r0adkill" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Message-Authenticator = 0x00000000000000000000000000000000 Sending Access-Request of id 96 to 192.168.10.31 port 1812 User-Name = "marguin2" User-Password = "r0adkill" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Message-Authenticator = 0x00000000000000000000000000000000 Sending Access-Request of id 96 to 192.168.10.31 port 1812 User-Name = "marguin2" User-Password = "r0adkill" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Message-Authenticator = 0x00000000000000000000000000000000 radclient: no response from server for ID 96 socket 3 On 11/2/2011 10:53 AM, freeradius-users-request@lists.freeradius.org wrote:
Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to freeradius-users-request@lists.freeradius.org
You can reach the person managing the list at freeradius-users-owner@lists.freeradius.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Re: Huntgroup Checking (simonm123) 2. Re: Need help with Freeradius and 802.1X (johnboy68) 3. Re: Huntgroup Checking (Ben West) 4. Re: cisco WAP/FreeRadius/OpenLDAP (Matthew Arguin) 5. Re: Need help with Freeradius and 802.1X (Alan Buxey) 6. Re: Need help with Freeradius and 802.1X (Alan DeKok)
----------------------------------------------------------------------
Message: 1 Date: Wed, 2 Nov 2011 07:07:34 -0700 (PDT) From: simonm123<simon.morley@me.com> Subject: Re: Huntgroup Checking To: freeradius-users@lists.freeradius.org Message-ID:<1320242854156-4958155.post@n5.nabble.com> Content-Type: text/plain; charset=us-ascii
Can anyone tell me if hungroup checking can be made to work on the group level, not just the user level?
Thanks
-- View this message in context: http://freeradius.1045715.n5.nabble.com/Huntgroup-Checking-tp4950385p4958155... Sent from the FreeRadius - User mailing list archive at Nabble.com.
------------------------------
Message: 2 Date: Wed, 2 Nov 2011 07:08:58 -0700 (PDT) From: johnboy68<tripleadad68@yahoo.com> Subject: Re: Need help with Freeradius and 802.1X To: freeradius-users@lists.freeradius.org Message-ID:<1320242938352-4958157.post@n5.nabble.com> Content-Type: text/plain; charset=us-ascii
I have ntlm_auth working. I can auth my AD users with this command:
radtest -t mschap aduser aspassword localhost 0 testing123
And it works.
My problem is when I configure one of my Cisco switches to do 802.1x and authenticate with Freeradius my Windows (Windows 7 and Vista) machines fail to get authorized with the Windows supplicant. I am running Freeradius in debug mode and have tried to trace down where it is failing on my own but since I have no experience in this area I am just chasing my tail. Is it a problem with PEAP, EAP, TLS? Do I need a certificate? I just don't know and if I did I wouldn't know how to configure it. I have not been able to find any conclusive documentation in this area.
I could put the output here of what Freeradius outputs during a connection attempt but I since I am testing this in our production environment, I don't want to put that kind of information out in a public forum.
Any thoughts?
-- View this message in context: http://freeradius.1045715.n5.nabble.com/Need-help-with-Freeradius-and-802-1X... Sent from the FreeRadius - User mailing list archive at Nabble.com.
------------------------------
Message: 3 Date: Wed, 2 Nov 2011 09:22:25 -0500 From: Ben West<westbywest@gmail.com> Subject: Re: Huntgroup Checking To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Message-ID: <CADSh-SNFZJ1dOx3S1D_sVKPHxxP7GfDq-4+=2rSRLtUwbS+nTw@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1
You may need to inspect whether the groupcheck query in mysql/dailup.conf (if you are using MySQL) looks in the huntgroup table.
For example, this is the default query in my copy of freeRADIUS provided by Debian:
authorize_group_check_query = "SELECT id, groupname, attribute, \ Value, op \ FROM ${groupcheck_table} \ WHERE groupname = '%{Sql-Group}' \ ORDER BY id"
Try modifying it as such:
authorize_group_check_query = "SELECT id, groupname, attribute, \ value, op \ FROM ${groupcheck_table} \ WHERE ( groupname = '%{Sql-Group}' \ OR groupname = '%{Huntgroup-Name}' ) \ ORDER BY id"
On Wed, Nov 2, 2011 at 9:07 AM, simonm123<simon.morley@me.com> wrote:
Can anyone tell me if hungroup checking can be made to work on the group level, not just the user level?
Thanks
-- View this message in context: http://freeradius.1045715.n5.nabble.com/Huntgroup-Checking-tp4950385p4958155... Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Matthew Arguin Currensee, Inc. 54 Canal St, 4th Floor Boston, MA 02114 (617) 986-4758 (Office) _________________________________________________________________________ This email and any files transmitted with it are confidential and intended solely for the addressee. If you received this email in error, please do not disclose the contents to anyone; kindly notify the sender by return email and delete this email and any attachments from your system. © 2011 Currensee Inc. is a member of the National Futures Association (NFA) Member ID 0403251 | Over the counter retail foreign currency (Forex) trading may involve significant risk of loss. It is not suitable for all investors and you should make sure you understand the risks involved before trading and seek independent advice if necessary. Performance, strategies and charts shown are not necessarily predictive of any particular result and past performance is no indication of future results. Investor returns may vary from Trade Leader returns based on slippage, fees, broker spreads, volatility or other market conditions. Currensee Inc | 54 Canal St 4th Floor | Boston, MA 02114 | +1.617.624.3824
Hi,
something else i just found radtest only seems to work from localhost..
the option in radtest is the TARGET you are talking to. so, you can talk to 127.0.0.1 but you cant talk to 192.168.10.31....what does 'radiusd -X' show? do you have any firewalling? alan
participants (2)
-
Alan Buxey -
Matthew Arguin