RE: Compaq and MPPE
Hi at all, someone know if compaq AP 410 support dynamic key derivation? Thanks Daniele Brevi I believe so. The understanding I have is that the unit is basically a Proxim/Orinoco AP branded by Compaq that is similar to the AP-1000. You will need to make sure you have the latest flash code running though Raymond McKay IT Manager / Network Administrator Funnybone Interactive Vivendi Universal Games - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Urgent
A good point, in the meantime, I have been contacting netscape.net and mail.com to shut down these jokers email addresses. Raymond McKay IT Manager / Network Administrator Funnybone Interactive Vivendi Universal Games -Original Message- From: Jeremy Parr [mailto:[EMAIL PROTECTED]] Sent: Friday, November 29, 2002 10:28 AM To: [EMAIL PROTECTED] Subject: Re: Urgent When will they take a hint and make this a closed list? - Original Message - From: Marcin Groszek [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 29, 2002 9:42 AM Subject: Re: Urgent Das south Africa government know about this? Send me my 25% first and i will run the transaction for you. :) TIMSON PARTHY wrote: Attention: I presume this email will not be a surprise to you. Am an engineer with the ministry of mineral resources and energy in south Africa and also a member of the contract awarding committee of this ministry under the south Africa government. Many year ago, the south Africa government asked this committee to awards contracts to foregn firms, in which myself and two of my partner are leader of the committee, with our good position in this committee, we over involved this contract to the tune of of us$21,500,000:00, to be benefited by me and two other of my partner that are in charge of this contract awarding committee in this ministry. Now, that the contracts value has been paid off to the actual contractor that executed this job, All we want is a trusted foreign partner like you that we shall front to claim this over involved sum. Upon our agreement to carry on this business transaction with you, the said fund will be share as follow, 75% will be for myself and two others of my partner, 20% will be for you for using your bank account, 5% will be set aside for any expenses that might be incurred by us and you in the process of the document and other formalities that will justify you as the rightful owner of this said fund. You should bear in mind that you will be required to put head together with us, and give this business transaction moral and financially support it required to be successful. If you are interested and financially capable in handly this business transaction, Kindly reply us through this email address ([EMAIL PROTECTED]) for more details and to let you know what is required of this business transaction to be successful. Also we request your private and office phone number to open communication with you. Your faithfully, Timson Parthy. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards: Marcin Groszek Http://www.hostplus.net Where we offer: Server Co-location, Web Site Hosting and Internet Access. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius and tls
I use certificate to authorize user! why it become auth: type system? and I have use certificate! why I need password? :( It looks like you may have some configuration information missing in your configuration files. You need to enable EAP-TLS in the radiusd.conf file. See http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm sections 7 and 8 for configuration and testing. Hope this helps. Raymond McKay IT Manager / Network Administrator Funnybone Interactive Vivendi Universal Games - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius server physical location and more....
Apparently Linksys isn't even sure if they support it. I can't get a decent answer out of them. There is no radius Tab anywhere in the config, but that doesn't neccesarily mean that it won't work (I hope). Thanks for the response Alan. -Aaron Linksys APs do not support RADIUS or 802.1x. As far as I know, they have no plans to do so. Raymond McKay IT Manager / Network Administrator Funnybone Interactive Vivendi Universal Games - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: How to get dh_file and random_file?
http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm raymond, did you add it? ciao artur I have put some blurbage in on the random and DH file but before I put any full instruction set in, I would like to hear the general consensus on generating those files. There seems to be numerous methods of generating the files so for the sake of ease of use, it might be a good idea to come up with a universally accepted method. Suggestions anyone? Raymond McKay IT Manager / Network Administrator Funnybone Interactive Vivendi Universal Games - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: New EAP/TLS + MPPE WinXP HOWTO questions with creating Certificate Authority (CA)
Augustine wrote: Where do your find Raymond Mckay's file? http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRADIUS options with Wireless APs?
Could anyone provide hints for using v.0.71 with wireless access points? I'm using it with a AP-500 and it works but can't get either a Cisco AP350 nor a Symbol AP4131 to work. I'm kinda stumbling around here I'm afraid... All suggestions and/or links welcome. Adam Sulmicki has written a HOWTO that shows the Cisco Setup http://www.freeradius.org/doc/EAPTLS.pdf I have also written a HOWTO that documents the server side for EAP-TLS at http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm Artur Hecker has the server side config for EAP/MD5 at http://www.freeradius.org/doc/EAP-MD5.html Hope this helps Raymond McKay IT Manager Funnybone Interactive Vivendi Universal Games - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
New EAP/TLS + MPPE WinXP HOWTO
Greetings all, For the good of all mankind, I have written an updated EAP/TLS HOWTO that answers a lot of the questions and fills in the holes in the existing HOWTOS. It is available at http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm. I don't claim to be an overall expert on that matter so if you find any errors or have any additions, please let me know and I will put them in. Thanks Raymond McKay IT Manager / Network Administrator Funnybone Interactive Vivendi Universal Games - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: New EAP/TLS + MPPE WinXP HOWTO
Thank you for your update Artur. I have made a few updates based on your recommendations it's not an MPPE module, it's the ability to add correclty formatted MPPE-* attributes to the Access Accept within the rlm_eap_tls module. Otherwise the people will begin to look for rlm_mppe and that's not a good advice... Perhaps you shouldn't talk about the CVS snapshot since otherwise you will have to revise your document soon. Try to filter out any requirements and versions in your chapter 4, in that way you (we) could maintain the document actuality. I have updated the MPPE info so that it clarifies the MPPE keying extension within rlm_eap. For now I am going to leave the info on the CVS snapshot as the keying ability is not within the release version. If someone could give me a heads up when it exists in the release version, I will update my doc. actually, for EAP/TLS AND FreeRadius (and XP) to work you only need ONE (the currently beta) version of OpenSSL, you don't need both. you *should* have both if you don't want to trust the beta versions when using security, but it's a bit out of the scope. You could say that the two versions could be installed in parallel... the issues of the current snapshot are not necessary to mention, it will change in a week, it makes too much work. Updated XP without SP1 works perfectly. In SP1 there is no EAP/MD5 for wireless anymore... I should update my EAP/MD5 document. I have this working also. I came across an article a short while ago about a memory leak in the original implementation. It was partially the reason why it was updated in the service pack. When I find a reference to that article, I will include it. make a reference to Chapter 7 when talking about freeradius. Done didn't read in details (no orinoco here, and since your radius runs it should be correct). you could mention that any number of CA certificates can be just concatenated in the root.pem file and how the random file can be produced and where to find the dh* files, that usually provides troubles. If anyone wants to write up some config info on other access points, I will be happy to include it in the doc. Artur, I have added the info about the certificates in basic terms. More info on the random files included. I have been under the impression that the DH file is just another file of random characters. Is this not the case and, if not, please share a method for generating one. Thanks again for your recomendations Raymond McKay IT Manager / Network Administrator Funnybone Interactive Vivendi Universal Games - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: New EAP/TLS + MPPE WinXP HOWTO
No, they only removed EAP/MD5 support or at least hid it really well. Support for EAP/TLS and support for PEAP are included now in SP1 Raymond McKay IT Manager / Network Administrator Funnybone Interactive Vivendi Universal Games -Original Message- From: Antonios Lazaridis [mailto:alaz;ywt.tdk.co.jp] Sent: Wednesday, October 30, 2002 7:56 PM To: [EMAIL PROTECTED] Subject: RE: New EAP/TLS + MPPE WinXP HOWTO Hello. XP without SP1 works perfectly. In SP1 there is no EAP/MD5 for wireless anymore... I should update my EAP/MD5 document. You mean that Microsoft removed EAP support for wireless completely? You now need extra software to have 802.1x with windows XP and SP1? If so, any idea why this happened? antonis. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-TLS + ORINOCO AP-2000 + Dynamic WEP (Windows XP Supplicant)
Greetings, I am setting up a wireless network using FreeRadius and ORINOCO AP-2000 access points. I am trying to setup EAP/TLS for auth and encryption. At this point, I have the supplicant successfully connecting to the AP. FreeRadius then authenticates the user and reports an Access Accept. A few seconds later the XP supplicant disconnects from the AP and requests that I select my wireless network to logon again. Throughout this process, no packets are sent to the network behind the APs besides the auth info to the FreeRadius server. My understanding is that at the point of auth, the FreeRadius server, AP, and supplicant negotiate a WEP key based on the session key data. It seems that this isn't happing which is causing the client to disconnect. As I am not getting any errors on the Radius server, AP, or client that indicates the source of the problem, I'm not sure where to start looking. The question is, is this a problem with FreeRadius not negotiating properly, the AP not transmitting the data, or the supplicant not processing the auth properly? Has anyone seen this problem yet or am I just the lucky first? I am using FreeRadius 0.7.1 Orinoco AP-2000 SW Version 2.0.2 Windows XP SP1 (also tried original WinXP) Raymond McKay IT Manager / Network Administrator Funnybone Interactive Vivendi Universal Games
RE: EAP-TLS + ORINOCO AP-2000 + Dynamic WEP (Windows XP Supplicant)
My apologies for the HTML, Outlook as apparently decided to ignore my preference settings... Raymond McKay IT Manager / Network Administrator Funnybone Interactive Vivendi Universal Games -Original Message- From: McKay, Raymond [mailto:RMcKay;vugames.com] Sent: Monday, October 28, 2002 10:28 AM To: '[EMAIL PROTECTED]' Subject: EAP-TLS + ORINOCO AP-2000 + Dynamic WEP (Windows XP Supplicant) Greetings, I am setting up a wireless network using FreeRadius and ORINOCO AP-2000 access points. I am trying to setup EAP/TLS for auth and encryption. At this point, I have the supplicant successfully connecting to the AP. FreeRadius then authenticates the user and reports an Access Accept. A few seconds later the XP supplicant disconnects from the AP and requests that I select my wireless network to logon again. Throughout this process, no packets are sent to the network behind the APs besides the auth info to the FreeRadius server. My understanding is that at the point of auth, the FreeRadius server, AP, and supplicant negotiate a WEP key based on the session key data. It seems that this isn't happing which is causing the client to disconnect. As I am not getting any errors on the Radius server, AP, or client that indicates the source of the problem, I'm not sure where to start looking. The question is, is this a problem with FreeRadius not negotiating properly, the AP not transmitting the data, or the supplicant not processing the auth properly? Has anyone seen this problem yet or am I just the lucky first? I am using FreeRadius 0.7.1 Orinoco AP-2000 SW Version 2.0.2 Windows XP SP1 (also tried original WinXP) Raymond McKay IT Manager / Network Administrator Funnybone Interactive Vivendi Universal Games - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: EAP-TLS + ORINOCO AP-2000 + Dynamic WEP (Windows XP Supplicant)
Thank you for your quick response. As far as I can tell, I have followed the XP EAP/TLS howto as well as Adam's HOWTO on the server side setup to the letter (minus the config file typos etc) Everything at this point says it should be working. The radius log seems to match what was outputted in the file. The client sees the below making it seem that everything as far as I can tell is fine, yet it doesn't work. Any other suggestions would be appreciated. No. TimeSourceDestination Protocol Info 1 0.00Agere_34:cf:c2Agere_74:57:ebEAPOL Start 2 0.002427Agere_48:49:b2Agere_34:cf:c2EAP Request, Identity [RFC2284] 3 2.6430740.0.0.0 255.255.255.255 DHCP DHCP Discover - Transaction ID 0xc416a248 4 6.6464120.0.0.0 255.255.255.255 DHCP DHCP Discover - Transaction ID 0xc416a248 5 14.647938 0.0.0.0 255.255.255.255 DHCP DHCP Discover - Transaction ID 0xc416a248 6 29.990711 Agere_48:49:b2Agere_34:cf:c2EAP Request, Identity [RFC2284] 7 30.603547 Agere_34:cf:c2Agere_74:57:ebEAP Response, Identity [RFC2284] 8 30.608732 Agere_48:49:b2Agere_34:cf:c2EAP Request, EAP-TLS [RFC2716] [Aboba] 9 30.615198 Agere_34:cf:c2Agere_74:57:ebTLS Client Hello 10 30.625105 Agere_48:49:b2Agere_34:cf:c2TLS Server Hello, Certificate, Certificate Request, Server Hello Done 11 30.626259 Agere_34:cf:c2Agere_74:57:ebEAP Response, EAP-TLS [RFC2716] [Aboba] 12 30.634344 Agere_48:49:b2Agere_34:cf:c2TLS Server Hello, Certificate, Certificate Request, Server Hello Done 13 30.635476 Agere_34:cf:c2Agere_74:57:ebEAP Response, EAP-TLS [RFC2716] [Aboba] 14 30.641055 Agere_48:49:b2Agere_34:cf:c2TLS Server Hello, Certificate, Certificate Request, Server Hello Done 15 30.650396 Agere_34:cf:c2Agere_74:57:ebTLS Certificate, Client Key Exchange, Certificate Verify, Change Cipher Spec, Encrypted Handshake Message 16 30.651885 0.0.0.0 255.255.255.255 DHCP DHCP Discover - Transaction ID 0xc416a248 17 30.669418 Agere_48:49:b2Agere_34:cf:c2TLS Change Cipher Spec, Encrypted Handshake Message 18 30.672113 Agere_34:cf:c2Agere_74:57:ebEAP Response, EAP-TLS [RFC2716] [Aboba] 19 30.677400 Agere_48:49:b2Agere_34:cf:c2EAP Success 20 30.691234 0.0.0.0 255.255.255.255 DHCP DHCP Discover - Transaction ID 0xd70f271d 21 34.696754 0.0.0.0 255.255.255.255 DHCP DHCP Discover - Transaction ID 0xd70f271d Raymond McKay IT Manager / Network Administrator Funnybone Interactive Vivendi Universal Games -Original Message- From: Alan DeKok [mailto:aland;ox.org] Sent: Monday, October 28, 2002 10:49 AM To: [EMAIL PROTECTED] Subject: Re: EAP-TLS + ORINOCO AP-2000 + Dynamic WEP (Windows XP Supplicant) McKay, Raymond [EMAIL PROTECTED] wrote: I am setting up a wireless network using FreeRadius and ORINOCO AP-2000 access points. I am trying to setup EAP/TLS for auth and encryption. See the EAPTLS document in: http://www.freeradius.org/doc/ Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: EAP-TLS + ORINOCO AP-2000 + Dynamic WEP (Windows XP Supplican t)
Lars, one more quick question for you. Adam's EAP/TLS howto specified a requirement to build two versions of openssl one stable, the other a development snapshot for the rlm_eap module. Is that still the case. If so or if not, what version of openSSL should I use to compile? Thanks Raymond McKay IT Manager / Network Administrator Funnybone Interactive Vivendi Universal Games -Original Message- From: Lars Viklund [mailto:lars.viklund;axis.com] Sent: Monday, October 28, 2002 12:13 PM To: '[EMAIL PROTECTED]' Subject: RE: EAP-TLS + ORINOCO AP-2000 + Dynamic WEP (Windows XP Supplican t) From: McKay, Raymond [mailto:RMcKay;vugames.com] Sent: den 28 oktober 2002 16:32 To: '[EMAIL PROTECTED]' Subject: RE: EAP-TLS + ORINOCO AP-2000 + Dynamic WEP (Windows XP Supplican t) I am using FreeRadius 0.7.1 For this to work you need our addition to the EAP-TLS module for generating and distributing keys. It is included in CVS but not in the 0.7.1 release. -- Lars Viklund Expert Software Engineer Embedded Platforms Axis Communications AB - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: EAP-TLS + ORINOCO AP-2000 + Dynamic WEP (Windows XP Supplican t)
I think Adam's guide is a bit unclear about OpenSSL requirements. An openssl from the 0.9.7 series (currently in beta) or the development series is needed for the EAP/TLS support in freeradius. As far as I know the same openssl version can be used for the rest of your system too (including freeradius). Note that we haven't verified this, there are some API changes between 0.9.6 and 0.9.7 that could possibly be an issue but IMHO they are unlikely to be a problem for freeradius. Ok at risk of sounding dense here, I should be able to keep my install of openssl0.9.6g installed normally, install openssl0.9.7-beta in /usr/local/openssl, and configure freeradius by 1) ./configure --with-raddb=/etc (for my config) 2) editing ./src/modules/rlm_eap/types/rlm_eap_tls/Makefile to include path to openssl0.9.7-beta libs and includes (as in Adam's HOWTO) 3) make 4) make install It seems I must be missing something in my configuration of the build as I am dumping on the make at the rlm_eap segment of build. For Reference, my edited rlm_eap_tls makefile looks like this # Generated automatically from Makefile.in by configure. TARGET = rlm_eap_tls SRCS= rlm_eap_tls.c eap_tls.c cb.c tls.c mppe_keys.c RLM_CFLAGS = $(INCLTDL) -I../.. -I/usr/local/openssl/include HEADERS = eap_tls.h RLM_INSTALL = RLM-LDFLAGS += -L/usr/local/openssl/lib RLM_LIBS+= -lcrypto -lssl $(STATIC_OBJS): $(HEADERS) $(DYNAMIC_OBJS): $(HEADERS) RLM_DIR=../../ include ${RLM_DIR}../rules.mak Raymond McKay IT Manager / Network Administrator Funnybone Interactive Vivendi Universal Games - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: EAP-TLS + ORINOCO AP-2000 + Dynamic WEP (Windows XP Supplican t)
You sir are a saint! That finally worked like a charm. I think I am going to write up some quick, easy and clear documentation on this that covers all these little undocumented installation requirements. Thanks again for your help Raymond McKay IT Manager / Network Administrator Funnybone Interactive Vivendi Universal Games -Original Message- From: Artur Hecker [mailto:hecker;enst.fr] Sent: Monday, October 28, 2002 2:48 PM To: [EMAIL PROTECTED] Subject: Re: EAP-TLS + ORINOCO AP-2000 + Dynamic WEP (Windows XP Supplican t) hi Ok at risk of sounding dense here, I should be able to keep my install of openssl0.9.6g installed normally, install openssl0.9.7-beta in /usr/local/openssl, and configure freeradius by 1) ./configure --with-raddb=/etc (for my config) 2) editing ./src/modules/rlm_eap/types/rlm_eap_tls/Makefile to include path to openssl0.9.7-beta libs and includes (as in Adam's HOWTO) exactly, that's what i do. 3) make 4) make install It seems I must be missing something in my configuration of the build as I am dumping on the make at the rlm_eap segment of build. For Reference, my edited rlm_eap_tls makefile looks like this # Generated automatically from Makefile.in by configure. TARGET = rlm_eap_tls SRCS= rlm_eap_tls.c eap_tls.c cb.c tls.c mppe_keys.c RLM_CFLAGS = $(INCLTDL) -I../.. -I/usr/local/openssl/include HEADERS = eap_tls.h RLM_INSTALL = RLM-LDFLAGS += -L/usr/local/openssl/lib RLM_LIBS+= -lcrypto -lssl change this line to RLM_LIBS += -lssl -lcrypto or add another instance of -lcrypto after -lssl. $(STATIC_OBJS): $(HEADERS) $(DYNAMIC_OBJS): $(HEADERS) RLM_DIR=../../ include ${RLM_DIR}../rules.mak ciao artur -- Artur Hecker Groupe Accès et Mobilité hecker[at]enst[dot]fr Département Informatique et Réseaux +33 1 45 81 750746, rue Barrault 75634 Paris cedex 13 http://www.infres.enst.fr ENST Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html