search for: ttls

Hi, I have a freeradius server that is working well in university. We use EAP-TTLS and PAP protocols. Users from Windows can use Securew2. Users from Linux and Mac OS X luckily have native support for EAP-TTLS and PAP. (if you think is Off Topic, keep reading on). On Ubuntu I can use the nm-applet for setting the connection up. But I'd want to find a way to automatize it, tha...

...it after staring at it so long :-) Oh yes ;-) > I can't use rlm_krb5, because I plan to use PEAP+MSCHAP for wifi > authentication. The krb5 module requires a cleartext password, but > MSCHAP does not pass a cleartext password. (It is possible to use > krb5 authentication with TTLS+PAP or TTLS+GTC, both of which send a > cleartext password) You might want to read this: https://www.samba.org/samba/history/samba-4.5.0.html Rowland

I finally ran across the following post: http://lists.samba.org/archive/samba/2006-May/120798.html Turns out my earlier post to this list for help stems from the NSCD problem like this person had. I changed the negative TTLs in nscd.conf to 3s and changed the -t argument to 15 in my add machine script. This solved my join domain problem. Before all this, NSCD was not running. When NSCD is not running I have the following situation: 1. getent passwd always works, I get /etc/passwd and LDAP entries 2. id everyone a...

I finally found it, thanks to a clue from https://wiki.archlinux.org/index.php/Active_Directory_Integration This works: kinit -k -t /etc/krb5.keytab 'WRN-RADTEST$' These don't work: kinit -k -t /etc/krb5.keytab kinit -k -t /etc/krb5.keytab host/wrn-radtest.ad.example.net kinit -k -t /etc/krb5.keytab host/wrn-radtest That is: the keytab contains three different principals: root

...not resolve host: > mirrors.fedoraproject.org" > > Everything else works for me. > > Regards > Tim This works fine for me, and the DNS for mirrors.fedoraproject.org looks fine too -- points to the cname wildcard.fedoraproject.org., which resolves to 8 A-records, with 60sec TTLs (for my US/east coast location). Did you check to see what your DNS is showing? - Richard

Hi I am new to this mailing list.we encounter a problem in our network,we have a samba 4 as an domain controller . for deploying dot1.x(IEE802.1x) in our network our firewall team run a windows CA Server 2012 R2 to work with EAP-ttls protocol. It generate a CA for domain controllers that should be imported in trusted certification authorities that i imported with rsat console in this directory . After that the dc (that here is samba 4) should send e request for CA server and the server issues a personal Ca with the name of dc...

.../12/2016 14:10, Rowland Penny wrote: >> I can't use rlm_krb5, because I plan to use PEAP+MSCHAP for wifi >> authentication. The krb5 module requires a cleartext password, but >> MSCHAP does not pass a cleartext password. (It is possible to use >> krb5 authentication with TTLS+PAP or TTLS+GTC, both of which send a >> cleartext password) > You might want to read this: > > https://www.samba.org/samba/history/samba-4.5.0.html I'm not sure which section you mean is relevant. Maybe this: "When doing a PKINIT based Kerberos logon the KDC adds the requ...

Hi folks, i've a question about the ttl, which my wins hook script gets from smbd4wins: I record many entries with extrem high ttls like refresh $SERVER 20 1181977528 $IPADDRS... the ttl of 1181977528 means ~13.000 days which is very long. if i look into the ldb itself, there's an expiry time of ~ 24days (16.06.2007). ---- dn: name=$SERVER,type=0x20 [...] expireTime: 20070616070528.0Z [...] address: $IP;winsOwner:$IP;ex...

...b > service_principal = radius/radius.example.com > } I can't use rlm_krb5, because I plan to use PEAP+MSCHAP for wifi authentication. The krb5 module requires a cleartext password, but MSCHAP does not pass a cleartext password. (It is possible to use krb5 authentication with TTLS+PAP or TTLS+GTC, both of which send a cleartext password) However, I'm not actually at that point yet. First I'm configuring freeradius to do the LDAP query. To do this I'm setting environment variables: KRB5_CLIENT_KTNAME=/etc/krb5.keytab KRB5CCNAME=MEMORY: Using KRB5_CLIENT_KTNA...

...n battery GSM Specification Frequency bands: 900/1800/1900 MHz GPRS Class 10 SMS, MMS, WAP applications FTA/CTA certification FCC/CE certification WLAN Specification IEEE 802.11b RF channels: US: 11, ETSI: 13, Japan: 14 High-gain internal antenna WEP 64/128 bits, WPA, 802.1x EAP PSK/LEAP/PEAP/TTLS/SIM Power saving modes Fast roaming between access points VoIP Specification SIP: IETF RFC 3261 Codec: G.711, G.729a/b, G.723 Acoustic echo cancellation Dynamic jitter buffer Voice activity detection Stun-based NAT traversal Input Methods Handwriting Recognition > English > Chinese >...

...z-dc-sem.ad.tao.at. hostmaster.ad.tao.at. 29 900 600 86400 0 > > ;; Query time: 3 msec > ;; SERVER: 192.168.17.65#53(192.168.17.65) > ;; WHEN: Fre Sep 08 13:20:28 CEST 2017 > ;; MSG SIZE rcvd: 228 First response is dnsmasq, second response is querying a DC directly. No difference. TTLs are honoured as well. -- Mit freundlichen Grüßen, / Best Regards, Sven Schwedas, Systemadministrator Mail/XMPP sven.schwedas at tao.at | Skype sven.schwedas TAO Digital | Lendplatz 45 | A8020 Graz https://www.tao-digital.at | Tel +43 680 301 7167

Can a worker kill themselves when they''re ''done''? Or do I have to do that either from the controller or the worker manager? Thanks, Bill -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/backgroundrb-devel/attachments/20061023/11dd429c/attachment.html

Can anyone shed some light on realtime caching? My desired behavior is that MWI works with realtime voicemail/sip/extensions AND updates to the database take place on the next call to the extensions. Right now I have rtcachefriends=yes, and MWI works, but updates to the database for a cached user seem to still require a reload. It is my understating that removing rtcachefriends will

...lient NTLMv2 auth=yes and with this I can use "ntlm_auth --username=xxxx --domain=adir.hull.ac.uk --password=fred", or "ntlm_auth --username=xxx --password=fred At an 802.1X supplicant I can now authenticate via Radiator/Samba/AD by specifying a userid, password (I'm using eap-ttls and an inner auth type of MSCHAPV2) However, what I'd like to do is have the user authenticate using a domain of hull.ac.uk. At this point things do not work. If I use the above example "ntlm_auth --username=xxxx --domain= hull.ac.uk --password=fred" what I get is an NT_STATUS_NO_SU...

Hi Everyone, We are setting up some READ-ONLY Samba servers, mounted from the same volume on a SAN. The files are media files to be played out by Windows Media Servers mounted on Win2003. Here are my thoughts about possible configurations, would someone mind letting me know what would the best option be? A) DNS Round Robin Have foo.domain resolve to 10.0.0.1, 10.0.0.2, 10.0.0.3. 10.0.0.1

We have to replace one mail store (foo.example.org) with another (bar.example.org). I rsync'd the maildirs from foo to bar today and the plan is to hold all delivery (in the SMTP server) on foo over the weekend, rsync again (this time it should be much faster since the large xfer already occurred today), then flush the SMTP queue on foo towards bar, direct all new deliveries to

Hi Asterisk users/e164 developers, I have had an idea on how to improve the functionality of the E164 service. The idea is that when I'm no longer at my house I actually want to receive calls at another number So I have a small software client on my windows desktop and I tell it I'm no longer here I'm going to be on my mobile (similar to the no-ip.com dns updater I use) The client

.... 29 900 600 86400 0 > > > > ;; Query time: 3 msec > > ;; SERVER: 192.168.17.65#53(192.168.17.65) > > ;; WHEN: Fre Sep 08 13:20:28 CEST 2017 > > ;; MSG SIZE rcvd: 228 > > First response is dnsmasq, second response is querying a DC directly. > No difference. TTLs are honoured as well. > > OK, you have convinced me ;-) Seeing how you seem to know the required 'magic', do you feel up to sharing it, if you do I will add a page to the Samba wiki. You can send it off list if you like. Rowland

Hi, I have a fedora15 x86_64 host with one fedora15 guest running amavis+spamassassin+postfix and performance is horrible. The host is a quad-core E13240 with 16GB and 3 1TB Seagate ST31000524NS and all partitions are ext4. I've allocated 4 processors and 8GB of RAM to this guest. I really hoped someone could help me identify areas in which performance can be improved at both the guest and

...down. > > It seemed to have to do with the TTL for the local names being too > short and DNS being designed to generally query root servers rather > than sticking to their local information. It has nothing to do with the ttl. The TTL does cause expiration in an authoritative server.? TTLs only affect? caching servers.? The primary master gets changed when you edit the local zone database.? The secondary slave gets updated when the serial number in the SOA record on the primary master gets bumped.?? You must either do that manually or use a zone database management tool that does it...