Gary,
I didn't recognize any services as being a wireless network card manager. Didn't see anything in add/remove, either. Where/how did you find yours? Thanks for clueing me in on the meaning of "ymmv"! I'll keep digging around for more information on my problem. BTW...did you have a chance to look at the output I attached? If so, what's your interpretation? thanks, mack On 21 Jun 2004 at 20:47, Gary McKinney wrote: > Hi Mack, > > As for the "looping" problem - one question - do you have a wireless > network card manager running in the background on the laptop ( I don't > mean the nic driver) along with the supplicant??? > > I have EAP/TTLS running at home and ran into a "looping" problem that > sounds the same (authenticated but kept on re-authenticating)... I am > running the Odyssey Supplicant on a Windows 2000 machine and there was > a Linksys NIC Manager program running at the same time the supplicant > was running. The NIC manager was causing the supplicant to disconnect > from the nic thereby causing the supplicant to re-authenticate > continuously! (duh!). Turning off the NIC manager software "fixed" > the problem.... > > As for YMMV it means "Your Mileage May Vary" .... [grin]... > > gm... > > ----- Original Message ----- > From: "Mack" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, June 21, 2004 8:21 PM > Subject: Re: radius, 802.1x, eap/tls, and edirectory (ldap) > > > > Gary, > > > > No, no, not you. I didn't mean you...sorry. You've been > > helpful...more so, you've shown a willingness to help. Thanks for > > that. > > > > I followed your suggestion about looking deeper into the list > > archives, and have progressed a bit further (i think). I stumbled > > upon PEAP, and > configured > > my client to use mschapv2, thus answering the question of how to > > send LDAP > username & > > password to radius. This is all with EAP-TLS working (as far as I > > can tell). However, there's one catch... > > > > While running radiusd in debug mode, watching the output while the > > client authenticates (sends username & password), it seems to get > > caught in a "loop"...same output over & over again, and the client > > never gets totally authenticated. The output appears to indicate > > that the ldap auth and eap auth were both successful, but this is > > where it keeps looping...over and > over again, > > keeps saying both were successful. Unless I'm just misinterpreting > > the > output > > (that's VERY likely). I've attached some of the output to this > > email > (hope that's > > ok...seemed to big to include in the body of the message). > > > > I am using a gentoo ebuild of freeradius now, but will look into the > > 1.0.0-pre1 version. I did notice that many of the posts assumed the > > users > were on a 1.0.0-pre1 > > build. If nothing else, I can at least read thru the different docs > included in that > > build, as you've suggested. > > > > Ready for a really dumb question? What does "ymmv" mean? I've > > often seen it on lists/boards, but have never seen a translation. > > > > Thanks for the help, > > mack > > > > On 21 Jun 2004 at 6:10, Gary McKinney wrote: > > > > > Mack, > > > > > > I Was not trying to "blow you off" by making the statement of > > > reading the archives... I am still, what I consider, a newbie as > > > well... > > > > > > The statement about a lot of discussion on the subject you are > > > requesting is true so I thought you would be better served > > > checking over those discussions! > > > > > > As for documentation - have you read the rlm-eap and rlm-ldap > > > documentation in the docs directory of the installation package > > > (at least the version 1.0.0-pre1 and later source code) has > > > information on what you are looking for in terms of using eap/tls > > > and ldap together (in the rlm-eap docs). > > > > > > If you can use the pre-release code I would suggest doing so - > > > while 0.9.3 is stable I have found the pre-release code does more > > > [ymmv]... > > > > > > gm.. > > > > > > ----- Original Message ----- > > > From: "Mack" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Sunday, June 20, 2004 10:30 PM > > > Subject: Re: radius, 802.1x, eap/tls, and edirectory (ldap) > > > > > > > > > > Gary, > > > > > > > > I had scanned them prior to posting, but there seem to be no > > > > solutions to > > > all of the > > > > problems people have with this configuration. My impression is > > > > that most > > > of the > > > > "gurus" on the list are assuming WAY too much of some of us > > > > newbies. > > > > They > > > keep > > > > coming back with the same replies, like "read the faqs, readme, > > > > rfc, etc., > > > etc." But, > > > > that begs the question: If that's going to be the reply each > > > > time, then > > > why even > > > > bother with the list in the first place? Oh, well. I am > > > > definitely > > > taking a more indepth > > > > look at the archives, though, as you've suggested. If nothing > > > > else, maybe > > > that will > > > > help me form better questions. Thanks for the help! > > > > > > > > mack > > > > > > > > On 19 Jun 2004 at 6:34, Gary McKinney wrote: > > > > > > > > > Mack, > > > > > > > > > > Check the email archives over the last three months - there is > > > > > a great deal of information on using EAP/TLS and how to use > > > > > LDAP with freeradius (including example snippets). > > > > > > > > > > gm... > > > > > ----- Original Message ----- > > > > > From: "Mack" <[EMAIL PROTECTED]> > > > > > To: <[EMAIL PROTECTED]> > > > > > Sent: Friday, June 18, 2004 11:52 PM > > > > > Subject: radius, 802.1x, eap/tls, and edirectory (ldap) > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > I'm a newbie to all of this, so please bear with me. This > > > > > > list is all > > > > > I've got! > > > > > > > > > > > > We are introducing a wireless infrastructure on our campus > > > > > > (a little late > > > > > in the game). > > > > > > Right now we're in testing phase. In this testing phase, We > > > > > > are using > > > > > several 3com > > > > > > 7250 AP's, some 3com cards capable of 802.1x, and Novell > > > > > > eDirectory > > > > > (LDAP). My > > > > > > requirement is to enable 802.1x authentication to the AP's > > > > > > using EAP/TLS. Additionally, I need to be able to > > > > > > authenticate the users to Novell via > > > > > LDAP. All via > > > > > > the FreeRADIUS server. > > > > > > > > > > > > I have configured freeradius version 0.9.3 to work > > > > > > successfully with only > > > > > ldap > > > > > > authentication against Novell eDirectory. I have also > > > > > > verified that > > > > > 802.1x > > > > > > authentication is working with the AP. However, if I attempt > > > > > > to somehow > > > > > enable both > > > > > > authentication mechanisms, I fail. The logs keep passing > > > > > > the EAP username (common name from cert) to ldap and of > > > > > > course ldap spits it out because > > > > > the object > > > > > > does not exist. > > > > > > > > > > > > Again, I'm new to this, and maybe I have made incorrect > > > > > > assumptions of > > > > > what the > > > > > > end result should be. Maybe this isn't even possible, but > > > > > > here's what I > > > > > had hoped to > > > > > > come away with: the wireless user boots their laptop, then > > > > > > gets > > > > > authenticated via > > > > > > eap/tls. They then open a browser, and are asked for > > > > > > username and > > > > > password (via > > > > > > dialog box?), or either redirected to a login page. The > > > > > > username and > > > > > password are > > > > > > then passed to ldap for authentication. Successful > > > > > > authentication results > > > > > in the client > > > > > > being given internet access. Is this possible? Or, am I > > > > > > totally > > > > > misunderstanding how > > > > > > this is all supposed to work (very likely)? > > > > > > > > > > > > I must admit, I'm not very comfortable when working with the > > > > > > config files. > > > > > Not too > > > > > > sure what I'm doing in there. I tackled this whole project > > > > > > somewhat > > > > > blindly, with the > > > > > > help of various bits of info I gathered from google > > > > > > searches. I do need > > > > > to obtain a > > > > > > good book on this stuff...that's obvious...but I am hoping > > > > > > that someone on > > > > > this list > > > > > > has experience with getting freeradius to work with eap/tls > > > > > > and novell > > > > > ldap > > > > > > authentication and is willing to share that experience and > > > > > > wisdom. > > > > > > > > > > > > (Embarrassed) Sorry again for the newbie-ness of this post, > > > > > > and thanks in > > > > > advance > > > > > > for any help! > > > > > > > > > > > > mack > > > > > > > > > > > > -- > > > > > > This message has been scanned for viruses and > > > > > > dangerous content by the CSU Email Gateway, and is > > > > > > believed to be clean. > > > > > > > > > > > > > > > > > > - > > > > > > List info/subscribe/unsubscribe? See > > > > > http://www.freeradius.org/list/users.html > > > > > > > > > > > > > > > > --- > > > > > [This E-mail scanned for viruses by Declude Ant-Virus Scanner] > > > > > > > > > > > > > > > - > > > > > List info/subscribe/unsubscribe? See > > > > > http://www.freeradius.org/list/users.html > > > > > > > > > > -- > > > > > This message has been scanned for viruses and > > > > > dangerous content by the CSU Email Gateway, and is > > > > > believed to be clean. > > > > > > > > > > > > > > > > > > > > > -- > > > > This message has been scanned for viruses and > > > > dangerous content by the CSU Email Gateway, and is > > > > believed to be clean. > > > > > > > > > > > > - > > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > > > --- > > > [This E-mail scanned for viruses by Declude Ant-Virus Scanner] > > > > > > > > > - > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content by the CSU Email Gateway, and is > > > believed to be clean. > > > > > > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by the CSU Email Gateway, and is > > believed to be clean. > > > > > > > ---------------------------------------------------------------------- > ------ ---- > > > > The following section of this message contains a file attachment > > prepared for transmission using the Internet MIME message format. If > > you are using Pegasus Mail, or any other MIME-compliant system, you > > should be able to save it or view it from within your mailer. If you > > cannot, please ask your system administrator for assistance. > > > > ---- File information ----------- > > File: output.log > > Date: 21 Jun 2004, 20:03 > > Size: 27663 bytes. > > Type: Unknown > > > > --- > [This E-mail scanned for viruses by Declude Ant-Virus Scanner] > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- > This message has been scanned for viruses and > dangerous content by the CSU Email Gateway, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by the CSU Email Gateway, and is believed to be clean. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
