ldap authorization and vlans

Carlos Bordon cgermanb at live.com.ar
Tue Dec 5 18:25:53 CET 2017


hi i need help,

i configure ntlm_auth for works with ad, but i need some guide for do authorization with ldap for check groups and give vlans.


Sorry for my english.
regards,

________________________________
De: Freeradius-Users <freeradius-users-bounces+cgermanb=live.com.ar at lists.freeradius.org> en nombre de Carlos Bordon <cgermanb at live.com.ar>
Enviado: martes, 05 de diciembre de 2017 01:55 p.m.
Para: FreeRadius users mailing list
Asunto: Re: eap-sim configuration

hi i need help,

i configure ntlm_auth for works with ad, but i need some guide for do authorization with ldap for check groups and give vlans.

I try to sent mails to the list, but always refuse.

Thanks!




________________________________
De: Freeradius-Users <freeradius-users-bounces+cgermanb=live.com.ar at lists.freeradius.org> en nombre de Alan DeKok <aland at deployingradius.com>
Enviado: martes, 05 de diciembre de 2017 10:12 a.m.
Para: FreeRadius users mailing list
Asunto: Re: eap-sim configuration

On Nov 30, 2017, at 1:12 PM, Josh toal <joshtoal17 at gmail.com> wrote:
> Installed freeradius 3.X and did basic configuration with the access point
> and it works.
>
> Now I am trying to do configuration for eap-sim authentication. I have the
> SIM credentials.
>
> Can somebody help me in understanding configuration required to implement
> eap-sim based authentication .

  That's not a simple thing... EAP-SIM is weird and bizarre.  Historically it hasn't been well tested in FreeRADIUS.

  The good news is that I've fixed things up in the v3.0.x branch, which will soon by 3.0.16.  So you should really use that branch from github.

  You can then add this in raddb/mods-config/files/authorize:

bob     EAP-SIM-Ki := 0xabcdef...

  Replace the hex digits with the actual value of the Ki key.

  And you can run radeapclient with the following input file as "sim.txt"

User-Name := "bob"
EAP-Code = Response
EAP-Type-Identity = "bob"
EAP-SIM-Ki = 0xabcdef...

  With the same Ki, of course.

  Then do:

$ radeapclient -f sim.txt localhost  auth testing123

  and it should work.

  Older versions of radeapclient required the SIM triplets, which meant you could only test it once.  That's annoying.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Support & Services<http://www.freeradius.org/list/users.html>
www.freeradius.org
The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS.



Support & Services<http://www.freeradius.org/list/users.html>
Support & Services<http://www.freeradius.org/list/users.html>
www.freeradius.org
The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS.



www.freeradius.org<http://www.freeradius.org>
FreeRADIUS<http://www.freeradius.org/>
www.freeradius.org
The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS.



The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Support & Services<http://www.freeradius.org/list/users.html>
www.freeradius.org
The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS.




More information about the Freeradius-Users mailing list