search for: eduroam

On Wed, 2019-11-13 at 22:21 +0000, Steve Bluck via samba wrote: > FreeRAIDUS is checking for a username in the format of > [user]@[internet domain] for Eduroam (World wide WiFi network, mostly > used by Education), if it is not a locally defined Internet domain it > then refers the RADIUS request to a higher level RADIUS server. > However if it's our defined domain e.g. EXAMPLE.COM it will check > with our AD server. > Normally the sAMA...

...g <samba at lists.samba.org> Subject: Re: [Samba] FreeRADIUS & SAMBA when Active Directory domain is not a FQDN On 12/11/2019 21:17, Steve Bluck via samba wrote: > OS is Centos 7; FreeRADIUS Version 3.0.13; Samba version 4.9.1; > > > > I'm building a FreeRADIUS box for Eduroam authentication for both SP & IDP, and have hit a stumbling block I can?t figure or Google my way out of. > > > > The issue is the local AD domain is along the lines of ?example.campus?, but users have a UPN of ?user at example.com? which was added for Skype for Business as prior the...

...gt; wireless network we would set up for them with their cell phones.? Are cell >> phones even capable of this kind of authentication? > > Yes, entirely capable.? WPA2-Enterprise isn't some freakish and unusual > solution. Ok, so it would at least be possible. > https://www.eduroam.org/ > > I configure wireless once on my device (phone/tablet/laptop) and then can > travel to institutions all round the world and use their networks seamlessly. > How useless and infeasible indeed. Well, this country is almost the worst of all countries around the world when it come...

OS is Centos 7; FreeRADIUS Version 3.0.13; Samba version 4.9.1; I'm building a FreeRADIUS box for Eduroam authentication for both SP & IDP, and have hit a stumbling block I can?t figure or Google my way out of. The issue is the local AD domain is along the lines of ?example.campus?, but users have a UPN of ?user at example.com? which was added for Skype for Business as prior the UPN was ?user at...

> > > https://www.eduroam.org/ > > > > I configure wireless once on my device (phone/tablet/laptop) and then can > > travel to institutions all round the world and use their networks seamlessly. > > How useless and infeasible indeed. > > Well, this country "this country"? > is...

...aware that MSCHAPv2 is still NTLMv1 under the hood. > Better than plaintext if you have the certificate checking done > properly, but if you can do real certificates, do that! Thanks Andrew, I run my own CA and verify all certificates, that part is taken care of :-) This link to MIT's Eduroam? knowledgebase confirms your statement: http://kb.mit.edu/confluence/pages/viewpage.action?pageId=152599592&focusedCommentId=154190347#comment-154190347 One more question: Would it be possible to trigger a script when winbind changes the machine password? That would help to update the wifi...

...r the hood. >> Better than plaintext if you have the certificate checking done >> properly, but if you can do real certificates, do that! > > Thanks Andrew, > > I run my own CA and verify all certificates, that part is taken care > of :-) > > This link to MIT's Eduroam? knowledgebase confirms your statement: > http://kb.mit.edu/confluence/pages/viewpage.action?pageId=152599592&focusedCommentId=154190347#comment-154190347 > > > One more question: Would it be possible to trigger a script when > winbind changes the machine password? > Hi Ke...

...plaintext if you have the certificate checking done >>> properly, but if you can do real certificates, do that! >> >> Thanks Andrew, >> >> I run my own CA and verify all certificates, that part is taken care >> of :-) >> >> This link to MIT's Eduroam? knowledgebase confirms your statement: >> http://kb.mit.edu/confluence/pages/viewpage.action?pageId=152599592&focusedCommentId=154190347#comment-154190347 >> >> >> One more question: Would it be possible to trigger a script when >> winbind changes the machine p...

Pete Biggs wrote: > >> >>> https://www.eduroam.org/ >>> >>> I configure wireless once on my device (phone/tablet/laptop) and then can >>> travel to institutions all round the world and use their networks seamlessly. >>> How useless and infeasible indeed. >> >> Well, this country > > "t...

Gordon Messmer wrote: > On 02/14/2018 08:37 AM, hw wrote: >> Then what?? How do I make it so that the users are actually able to authenticate? > > > Look for documentation on 802.11x authentication for the specific client you want to authenticate. Thanks, I figured it is what I might need to look into. How about a client that uses PXE boot? > WiFi is pretty

...neither useful, nor feasible for customers wanting to use the > wireless network we would set up for them with their cell phones. Are cell > phones even capable of this kind of authentication? Yes, entirely capable. WPA2-Enterprise isn't some freakish and unusual solution. https://www.eduroam.org/ I configure wireless once on my device (phone/tablet/laptop) and then can travel to institutions all round the world and use their networks seamlessly. How useless and infeasible indeed. > Anyway, there are some clients that can probably authenticate, which leaves > the ones that use P...

On 12/11/2019 21:17, Steve Bluck via samba wrote: > OS is Centos 7; FreeRADIUS Version 3.0.13; Samba version 4.9.1; > > > > I'm building a FreeRADIUS box for Eduroam authentication for both SP & IDP, and have hit a stumbling block I can?t figure or Google my way out of. > > > > The issue is the local AD domain is along the lines of ?example.campus?, but users have a UPN of ?user at example.com? which was added for Skype for Business as prior the...

FreeRAIDUS is checking for a username in the format of [user]@[internet domain] for Eduroam (World wide WiFi network, mostly used by Education), if it is not a locally defined Internet domain it then refers the RADIUS request to a higher level RADIUS server. However if it's our defined domain e.g. EXAMPLE.COM it will check with our AD server. Normally the sAMAccountName & AD domai...