>
> I am trying to get machine authentication working using freeradius and a
> Windows XP SP1 client. I originally tried to make this work with
> freeradius 0.9.3, but then moved to 1.0.0pre3 in hopes of making it work.
>
> Here is what I see when I sniff the traffic between the client and the AP
>
> On Fri, 23 Jul 2004, Troy Davis wrote:
>
>> Just from a very newbie's put of view why do you briefly touch on
>> setting up a UNIX client and not a windows client
>>
>
> Since this is going to be a Linux HOWTO, and since I'm only using
> Linux :^)
>
> If I'll get the time, I might add a Windows-s
> hi all,
>
> i am trying to authenticate users via eap md5 for just testing purposes. i
> use winxp supplicant (i know that after sp1 they dont support md5).
>
> i ran the radius server in the debug mode. here is the output.
>
> rad_recv: Access-Request packet from host 193.140.193.133:1084, id=43
> Hi,
>
> Running freeradius -x, we get the following:
> ...
> Listening on authentication x.x.x.x:1812
> Listening on accounting x.x.x.x:1813
> Ready to process requests.
> rad_recv: Accounting-Request packet from host y.y.y.y:1646, id=84,
> length=461
> ...
> Sending Accounting-Response of id 84
>> Hi,
>>
>> Running freeradius -x, we get the following:
>> ...
>> Listening on authentication x.x.x.x:1812
>> Listening on accounting x.x.x.x:1813
>> Ready to process requests.
>> rad_recv: Accounting-Request packet from host y.y.y.y:1646, id=84,
>> length=461
>> ...
>> Sending Accounting-Respons
> Hello everyone:
>
> Would someone be so kind as to send me exact directions on how to
> configure and use freeradius version 0.9.3? I'm using Linux Red Hat 9. I
> have already downloaded and installed freeradius correctly per the
> installation directions. I'm very new at Linux and freeradius, th
> Artur Hecker <[EMAIL PROTECTED]> wrote:
>> oh.. so theoretically the server needs a "special" server certificate
>> enabling it to sign something, right? (with the right extensions, etc.)
>
> Yes. See the tls{} configuration. It points to a server
> certificate. The client certificates are s
>>
>> usually it's called 'eap.conf' and it is in the raddb dir.
>>
>
> I have already searched in tha dir but I find no eap.conf!! I'm using
> freeradius 0.9.3 does it support PEAP?
Download the last CVS snapshot to have EAP config separately in eap.conf
and no more in radiusd.conf.
Fred
>
> th
>
> My /etc/raddb/eap.conf :
>
> eap {
> default_eap_type = tls
> timer_expire = 60
> ignore_unknown_eap_types = no
> cisco_accounting_username_bug = no
> tls {
> private_key_password = whatever
> private_key_file = ${raddbdir}/certs/sggs.pem
>
> Hello,
>
> I am triying to compile SNAPSHOT-20040113 and SNAPSHOT-2004507 to work
> with EAP-PEAP.
> I have installed openssl with the argument --prefix=/usr/local.
>
> Then, i try to configure freeradius:
> #configure --with-openssl-includes=/usr/local/include/openssl
> --with-openssl-li
> Anyone have any idea why authentication info would not be going into the
> radius.log file?
put ../raddb/radiusd.conf parameters log_auth=yes, log_auth_badpass=yes,
log_auth_goodpass=yes if you need them. This three parameters are "no" by
default.
This logs are in ../var/log/radius/radact/auth-d
> Hi everybody,
> I'm running Freeradius on my RedHat server. Which OUTPUT ports sholud I
> leave open for freeradius?
> For accounting i leave udp 1812-13 open in INPUT and OUTPUT, I receive
> authentication requests but then my auth replies are blocked by firewall.
> Any help on this?
>
> thx
>
>
> Dear All,
>
> Could any one of you explain me about Challenge-Response in Radius
> Server. It would be great, if you could point me to any approproite link
> that explains about Challenge-Response.
>
> I need to implement and process the Challenge-Response in my application.
>
> Regards,
> Barath
Hello all,
In 802.1x configuration, I need to use Vlan assignment on Enterasys switch
from Freeradius server, and Enterasys doesn't accept standarts attributes
like Tunnel-type etc...
Then I have to use Filter-Id attribute in users file:
Filter-ID = Enterasys:Version=1:policy=nameofpolicy
Have I
> I'm using this HOWTO
>
> http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm
>
> to configure eap/tls over freeradius. I'm trying to install openssl as
> it's explained there but when I have to verify the sym link between some
> files I'm not very sure about how to do this. Should the linked
>
>> I'm newbie too and I use Mdk9.2 and freeradius snapshot 22-004-
>> 2004, then
>> I use "slocate" command to find files I need . I install all soft
>> neededfrom /usr/local/ and I add /usr/local/bin and
>> /usr/local/sbin to my $PATH
>> then it works...maybe it can help you
>
> Sorry Fred but i
Hello all,
I'm working on 802.1x with EAP-MD5 to start, it works very fine.
Now I need to use EAP-TLS. Then I let default config to test and I just
change default_eap_type = MD5 to default_eap_type = tls, I uncomment tls
attributes in eap.conf file.
When I start radiusd -X I've no radius error but
> Hello,
>
> i want to create a new dictionary to handle new attributes.
> First of all i create a new file called dictionary.mine containing the
> following lines:
>
> VENDOR Mine 4113
>
> ATTRIBUTE VLANid 22 string Mine
Why do you need this new attribute, there's ever standard
Thanks Htin and Giulio for your answers, with your advices, I look in
configure.log, and I see an error with openssl, I don't have
openssl-devel. After install it and compil freeradius again, "segmentation
fault" error disappear.
Thx again.
Fred
>> Hello all,
>>
>> I'm working on 802.1x with EAP
> Hi,
> I run supplicant against freeradius with
> authentication type MD5. After that I wanted to run
> supplicant against freeradius for authentication type
> TLS. but for TLS I am getting the following error:
>
>
> I used the following command:
>
> # radiusd -X
>
> rlm_eap: Failed to link EAP-Ty
> Hi,
>
> How can I enable EAP-MD5 authentication in the free radius server.
You have to configure .../raddb/users file with Auth-Type = EAP.
Try to be more precise.
Fred
>
> Regards,
> Barath Kumar.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
> One doubt, basically the operation between server and AP is the same in
> EAP/TLS and PEAP but for the fact that in the former the user has a cert
> and in the latter a screen should be prompted for the user to introduce
> its login and passw so the RADIUS must check them in the users file?
I do
> Hi
>
> I'm a student in computer sciences. In our network security class we are
> trying to get the 802.1x (dot1x) features of an Enterasys E1 Switch
> running with a freeradius server.
Hi, I'm using 802.1x on Enterasys switch, it works, then look :
http://www.enterasys.com/support/manuals/hardw
Hi all,
I'm using 802.1x/EAP-TLS on FreeRADIUS, it works fine with linux
Xsupplicant but not with Win2000 supplicant, when supplicant receives EAP
request Identity packet, it doesn't answer anything and nothing
happens...There's no logs or I don't know to find them. I've read several
HOWTO but not
0 and EAP-TLS.
Thx again.
Fred
>
> use the external 802.11 client of your wireless network adapter and
> activate WEP (whichever form of it). that will permit the WinéK built-in
> 802.1X client to communicate.
>
>
> ciao
> artur
>
>
>
> Frédéric EVRARD wrote:
>
> I'm having problems to change the user in windows xp. I tried peap the
> first time with a correct user and everything was fine but now I want to
> do a prove with another user but I'm not prompted anymore to intro a new
> one and it uses the previous one all the time(and I have reconfigured th
> Hi,
>
> I was sorry but i really do not know what u trying to say.
>
> Can expain in more detail.
>
> apprrciate you can do that.
Use a usual unix login/password to authenticate on Radius, and this
password is in /etc/passwd.
Fred
>
> Alexander
>
> Alan DeKok <[EMAIL PROTECTED]> wrote:
> Alex
> Hi,
>
> How should I configure the clients.conf if I would like that each nas,
> which want to connect to my Radius can do it.
> Beacuse they have dinamic ip address, so I can't set this in the
> clients.conf.
Maybe you can use hostname and dns resover..
>
> client 0.0.0.0{
> secret= mysecret }
Hi,
Sorry, I can't help you, but maybe you can help me, what answer your
windows 2k send to the A.P EAP request Identity packet ?
Thx
Fred
> hi all,
>
> i'm using freeradius with EAP-TLS and windows clients ( xp/2000). with the
> user certificates i have no problem but with the machine certifica
> Hi group
>
> Im new to linux and RADIUS and have a few questions regarding configuring
> my
> radius server
>
> I have installed Cistron Radius 1.6.6 on my redhat 9.0 machine. My goal is
> to authenticate all users on a wireless 802.1x network, and here are the
> specs.
>
> Router: 10.10.0.1
> Ga
> Hi group
>
> Is there a guide somewhere on how to add users on FreeRADIUS ??
>
> Im new to linux, and radius, and need a complete HOWTO on how to add
> users.
Here's many howto for 802.1x/EAP-TLS with WinXP & FreeRADIUS, maybe you
will want to use an other EAP method, but I hope that can help yo
> Hi,
>
> I am using EAP authentication protocol. When I send an access request
> from the NAS to the Radius Server, the server rejects the request.
> Please let me know how to resolve this problem. The log messages of the
> radius server are as follows:
>
> Log Messages:
>
> rad_recv: Access-Reque
Hi Artur,
> hi
>
>
>> Thx for your help Artur, but I forgot to say my authenticator is a Cisco
>> switch 3550, then not a wireless access-point. There's something I don't
>> understand, with PEAP or EAP-MD5, the windows 2000 supplicant answer to
>> identity request send by the switch but with EAP-
> Frédéric EVRARD wrote:
>
>>>Hi group
>>>
>>>Is there a guide somewhere on how to add users on FreeRADIUS ??
>>>
>>>Im new to linux, and radius, and need a complete HOWTO on how to add
>>>users.
>>>
>>>
>>
>
hi Artur,
>
> hi Frederic
>
>> What do you want to say is that win2K is going to take EAP-Identity
>> value
>> in client certificate, before EAP-TLS challenge start ??
>> I don't think so, it doesn't work like that with Xsupplicant/FreeRADIUS
>> and it's not describe like this in RFC.
>
> no. wha
Hi,
Ok, it was a problem of windows checkbox, when I have imported the client
certificate on win2K, in the wizard, I have checked the option :
" Enable strong private key protection. You will be prompted every time
the private key is used by an application if you enable this option."
Then I foun
> I have Cisco switch 2790 configured for 802.1x port authentication.
>
> What I do not understand is what settings are needed on my Linux computer
> for connecting to switch. I mean do I need some software to install.
You need a supplicant !!!
802.1x : supplicant(Xsupplicant from
open1X.org)->aut
> How to restrict that to one version.
> Seems to be I have old OPENSSL on my Linux.
> But I have installed latest openssl.
> Everything went well in configure, make, install and running too. It is
> working fine for EAP/MD5 too.
> But for EAP/TLS core dump is happening.
I had the same pb and Alan
Hi,
> Hi
>
> We played with the Enterasys E1 Switch and Freeradius to get 802.1x to
> work.
>
> Now, whenever someone wants to login on a Switchport, the Switch sends a
> Request to the Freeradius-Server.
>
> We tried diffrent Auth-Types (Local, EAP, CHAP) but none of them worked.
> When a user h
> On Wednesday 09 June 2004 07:18, Zoltan A. Ori wrote:
>
>> The Auth-Type is dependent on the supplicant not the switch.
>>
>
> I take that back. The switch is using EAP except for management.
>
> Management access can be set in the users file.
Hi,
If you don't want to use radius auth for manage
Thx a lot, maybe I'm going to upgrade to the last firmware too.
Fred
>
>>
>> If you don't want to use radius auth for management access, how are you
>> doing ??
>> Thx
>
> On the Cabletron/Enterasys 2nd gen. (6E2xxx / 2E2xxx) products it is a
> matter
> of using the LM menu to step through Securi
> Hello !
>
> I've been trying to make freeradius working with EAP-TLS but I have a
> segmentation fault.
> I'm using :
> - freeradius 1.0.0 pre1
> - openssl-SNAP20040613
>
> when I radiusd is launched with the script radiusd.sh, here is what I
> get :
>
> Module: Loaded eap
> eap: default_eap_type
> Before I go jumping off the deep end, what OS would be the best and
> easiest to
> use for Free Radius?
>
> Fedora Core 2
> FreeBSD
> Debian
> Mandrake
> Or ???
I'm a linux and Freeradius newbie and I'm using Freeradius for two month
on a mandrake 9.2, it's not to hard to congigure and it works
Hi,
don't forget on 3550 switch:
aaa authorization network default group radius
(to let radius change network conf)
Attributes are good.
Fred.EVRARD
> Hi, Im testing the Freeradius servers dotx support for EAP-TLS. So far I
> have got the PC authenticated
> using certificates but I cant get th
> Hi, I have (with some help) got the freeradius server to authenticate and
> sending the VLAN name
> to the switch. But what I want to do is to use the freeradius server to
> authenticate and set a VLAN
> based on the certificate without the need of any other external database
> lookup (ldap or sq
45 matches
Mail list logo
