do you know if i can use NT-PASSWORD using windowsXP client?
do I have only modify the table insert "NT-PASSWORD" instead "PASSWORD"?
how then I can make the sistem work? what I have to put in the radiusd.conf?
thank you.
Best regards
2006/9/12, [EMAIL PROTECTED] <
[EMAIL PROTECTED]>:
Send Freeradius-Users mailing list submissions to
freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Re: STORE PWD using MD5 and EAP-PEAP-MSCHAPv2 for the
comunication----------------------------------- (Rob Shepherd)
2. Re: FreeRadius suport IPv6 ??????????????/ (Alan DeKok)
3. Re: Probs with pppoe-server + radius (Alan DeKok)
4. Re: rautmp not working.. (Alan DeKok)
5. Re: Question about rlm modules (Alan DeKok)
6. Re: STORE PWD using MD5 and EAP-PEAP-MSCHAPv2 for the
comunication----------------------------------- (Alan DeKok)
7. Re: Question about rlm modules (Alan DeKok)
8. Re: Re: Re: IAS e Openser (Artur Hayne)
----------------------------------------------------------------------
Message: 1
Date: Tue, 12 Sep 2006 15:09:46 +0100
From: Rob Shepherd <[EMAIL PROTECTED] >
Subject: Re: STORE PWD using MD5 and EAP-PEAP-MSCHAPv2 for the
comunication-----------------------------------
To: FreeRadius users mailing list
< freeradius-users@lists.freeradius.org>
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
ego seek wrote:
>
>
> Does Anybody know HOW I can make radius WORK with md5-stored password in
> the db?
>
> I use EAP-PEAP-MSCHAPv2, and if the system works great if the pwds are
> in clear in the mysqlDB
>
You can't. See
http://deployingradius.com/documents/protocols/compatibility.html
Store an 'NT-Password' value as a config ':=' attribute in the radcheck
table.
NT password hashes can be generated in most programming languages.
Rob
--
Rob Shepherd | Computer and Network Engineer | Technium CAST | LL57 4HJ
[EMAIL PROTECTED] | 01248 675024 | 077988 72480
------------------------------
Message: 2
Date: Tue, 12 Sep 2006 10:21:38 -0400
From: "Alan DeKok" < [EMAIL PROTECTED]>
Subject: Re: FreeRadius suport IPv6 ??????????????/
To: FreeRadius users mailing list
<freeradius-users@lists.freeradius.org >
Message-ID: <[EMAIL PROTECTED]>
Christian Hahn <[EMAIL PROTECTED]> wrote:
> Do you mean IPv6 transport or support for IPv6 attributes (RFC3162)?
> RFC3162 is supported by freeradius 2.0.0-pre0 (CVS), IPv6 transport as
> far as I know is not supported.
The CVS version also supports IPv6 transport.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
------------------------------
Message: 3
Date: Tue, 12 Sep 2006 10:23:15 -0400
From: "Alan DeKok" <[EMAIL PROTECTED]>
Subject: Re: Probs with pppoe-server + radius
To: FreeRadius users mailing list
<freeradius-users@lists.freeradius.org>
Message-ID: < [EMAIL PROTECTED]>
Ali Jawad <[EMAIL PROTECTED]> wrote:
> The info above is to help you guys in helping me pinpoint my prolem, my
> real problem is that I can dial into my server using pppoe and simple
> chap and/or pap authenication. However once I use radius to authenicate
> the pppoe-dialup requests into the server. I get the following output in
> pppd.log
And in all of this you are carefully avoiding the one tool that
will help you solve the problem: running the server in debugging mode.
See the README, FAQ, INSTALL.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
------------------------------
Message: 4
Date: Tue, 12 Sep 2006 10:25:37 -0400
From: "Alan DeKok" <[EMAIL PROTECTED]>
Subject: Re: rautmp not working..
To: FreeRadius users mailing list
<freeradius-users@lists.freeradius.org>
Message-ID: <[EMAIL PROTECTED] >
Collen Blijenberg <[EMAIL PROTECTED]> wrote:
> but no radutmp file is created, and if created by hand it stay's 0 bytes...
>
> dunno my guesses tells me i forgot something... ???
Send the server accounting packets. radutmp is created when the NAS
agrees that the user has logged in, not when the server tells the NAS
to let the user in.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
------------------------------
Message: 5
Date: Tue, 12 Sep 2006 10:26:24 -0400
From: "Alan DeKok" <[EMAIL PROTECTED]>
Subject: Re: Question about rlm modules
To: FreeRadius users mailing list
<freeradius-users@lists.freeradius.org>
Message-ID: < [EMAIL PROTECTED]>
Shankar Ganesh C <[EMAIL PROTECTED]> wrote:
> Could you let me know how did u capture the vendor specfic attributes in the
> rlm_module ?
Read the source code to rlm_files. VSA's are just normal
attributes. You can refer to them by name.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
------------------------------
Message: 6
Date: Tue, 12 Sep 2006 10:27:33 -0400
From: "Alan DeKok" <[EMAIL PROTECTED]>
Subject: Re: STORE PWD using MD5 and EAP-PEAP-MSCHAPv2 for the
comunication-----------------------------------
To: FreeRadius users mailing list
<freeradius-users@lists.freeradius.org>
Message-ID: < [EMAIL PROTECTED]>
"ego seek" <[EMAIL PROTECTED]> wrote:
> Does Anybody know HOW I can make radius WORK with md5-stored password in the
> db?
>
> I use EAP-PEAP-MSCHAPv2, and if the system works great if the pwds are in
> clear in the mysqlDB
http://deployingradius.com/documents/protocols/compatibility.html
What you want to do is impossible.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
------------------------------
Message: 7
Date: Tue, 12 Sep 2006 10:28:08 -0400
From: "Alan DeKok" < [EMAIL PROTECTED]>
Subject: Re: Question about rlm modules
To: FreeRadius users mailing list
<freeradius-users@lists.freeradius.org >
Message-ID: <[EMAIL PROTECTED]>
"Ali Majdzadeh" <[EMAIL PROTECTED] > wrote:
> What is(are) the coresponding function pointer(s) for start and stop packets
> in an rlm module? (Something like xxx_authenticate)
The "accounting" sections handle accounting packets.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
------------------------------
Message: 8
Date: Tue, 12 Sep 2006 11:41:22 -0300 (ART)
From: Artur Hayne <[EMAIL PROTECTED]>
Subject: Re: Re: Re: IAS e Openser
To: freeradius-users@lists.freeradius.org
Message-ID: <[EMAIL PROTECTED] >
Content-Type: text/plain; charset="iso-8859-1"
Olá a todos,
Como faço para transformar o Freeradius num cliente do IAS? Existe algum tutorial, ou artigo?
Se for sem passar pelo servidor freeradius eu já configurei o radiusclient para ir direto ao IAS, mas não deu certo, nada acontece, e o pior de tudo que não tenho nem como debugar o problema e o arquivo de log do IAS é muito fraco.
|Openser| -> |Radiusclient| -> |Freeradius| -> |IAS| -> |AD|
Da pra fazer isso? Como faço isso?
Alguma idéia?
Obrigado.
-----------------------------
Marcos escreveu:
Pessoal, facam o seguinte:
- instale o IAS no windows - esse software atua como
um radius server
- configure o freeradius para atuar como um radius
client, usando o IAS como radius server.
pronto, assim fica mais facil.
infelizmente o windows nao eh 100% LDAP.
o AD do windows 2003 eh mais LDAP que o AD do windows
2000, mas mesmo assim nao sao 100% compativeis com o
padrao LDAP.
[]s
Marcos
--- Marcelo Costa escreveu:
> Arthur,
>
> qual ? a pesquisa que o freeradius est? fazendo no
> ldap?
> o que tem no users.conf?
>
> eu f? utilizei freeradius+ldap sem problemas.
>
> []s
> Marcelo Costa
>
> Em 20/8/2006, "Artur Hayne"
> escreveu:
>
> >Ol? a todos,
> >
> > Eu tenho um problema que parece n?o haver
> solu??o. Tenho um servidor openser que deve
> autenticar os usu?rios no servidor ldap Active
> Directory atrav?s do FreeRadius. Consigo estabelecer
> uma se??o do Freeradius com o AD, porem quando o
> usu?rio tenta se autenticar atraves de um
> softphone, passando pelo FreeRadius, aparece um
> erro.
> >
> > Vejam aqui o debug do Radius:
> >
> > radius_xlat: 'ou=bli,dc=blo,dc=blu,dc=br'
> > rlm_ldap: ldap_get_conn: Checking Id: 0
> > rlm_ldap: ldap_get_conn: Got Id: 0
> > rlm_ldap: performing search in
> ou=bli,dc=blo,dc=blu,dc=br, with filter (uid=jab)
> > rlm_ldap: object not found or got ambiguous
> search result <---------- essa linha!!!
> > rlm_ldap: search failed <---------- essa linha!!!
> > rlm_ldap: ldap_release_conn: Release Id: 0
> > modcall[authorize]: module "ldap" returns
> notfound for request 47 <---------- essa linha!!!
> > modcall: leaving group authorize (returns ok) for
> request 47
> > rad_check_password: Found Auth-Type DIGEST
> > auth: type "digest"
> > Processing the authenticate section of
> radiusd.conf
> > modcall: entering group authenticate for request
> 47
> > rlm_digest: Configuration item "User-Password" or
> MD5-Password is required for authentication.
> <---------- essa linha!!!
> > modcall[authenticate]: module "digest" returns
> invalid for request 47 <---------- essa linha!!!
> > modcall: leaving group authenticate (returns
> invalid) for request 47
> > auth: Failed to validate the user. <----------
> essa linha!!!
> >
> > Eu vi alguns tutoriais mostrando como autenticar
> no dominio utilizando a ferramneta ntlm_auth, mas
> ela parece que so funciona com o protocolo mschap,
> sendo que o Openser utiliza o digest para
> autenticar.
> > No radiusd.conf o digest e o ldap est?o
> descomentados tanto para autentica??o como para
> autoriza??o.
> > ? necess?rio fazer alguma configura??o nos
> aquivos users ou em outro?
> > Eu ainda estou tentando entender um pouco mais do
> Freeradius.
> >
> > Obrigado.
> >
> >
> >
> >---------------------------------
> > O Yahoo! est? de cara nova. Venha conferir!
> >__
> >masoch-l list
> >https://eng.registro.br/mailman/listinfo/masoch-l
> __
> masoch-l list
> https://eng.registro.br/mailman/listinfo/masoch-l
>
---------------------------------
Novidade no Yahoo! Mail: receba alertas de novas mensagens no seu celular. Registre seu aparelho agora!
---------------------------------
Novidade no Yahoo! Mail: receba alertas de novas mensagens no seu celular. Registre seu aparelho agora!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060912/524c80c1/attachment.html
------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 17, Issue 47
************************************************
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
