RE: Cisco leap problem with pre3
I'm using it with A MySQL backend which is on the same server I'll give that a try and report back what I find. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Saturday, July 19, 2003 9:51 AM To: [EMAIL PROTECTED] Subject: Re: Cisco leap problem with pre3 "Jeremy Salch" <[EMAIL PROTECTED]> wrote: > I created it again and this time it showed up as follows ... Which is exactly the same set of error messages. > I couldn't seem to make it happen in -X mode. Which makes things > difficult. Try: radiusd -f Debug mode *with* threads. See which modules are being executed, and where the requests stop. That's what the request numbers are for: tracking the behaviour of the server for a particular request. Also, you still haven't explained if you're using databases which could block. Did you read my earlier message about my setup? Try a test setup: 12 names/passwords in the 'users' file, EAP & LEAP, and *nothing* else in authorize or authenticate. Run massive amounts of LEAP requests against the server. I'll be money that there's no problem. The LEAP module has NO race conditions possible by DESIGN. The same goes for the overlying EAP module. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco leap problem with pre3
"Jeremy Salch" <[EMAIL PROTECTED]> wrote: > I created it again and this time it showed up as follows ... Which is exactly the same set of error messages. > I couldn't seem to make it happen in -X mode. Which makes things > difficult. Try: radiusd -f Debug mode *with* threads. See which modules are being executed, and where the requests stop. That's what the request numbers are for: tracking the behaviour of the server for a particular request. Also, you still haven't explained if you're using databases which could block. Did you read my earlier message about my setup? Try a test setup: 12 names/passwords in the 'users' file, EAP & LEAP, and *nothing* else in authorize or authenticate. Run massive amounts of LEAP requests against the server. I'll be money that there's no problem. The LEAP module has NO race conditions possible by DESIGN. The same goes for the overlying EAP module. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Cisco leap problem with pre3
> From: Jeremy Salch > Sent: Saturday, 19 July 2003 7:53 AM > I created it again and this time it showed up as follows > Error: Discarding new request from client GDC-T1-AP1:4370 - ID: 187 due to > live request 78 > Fri Jul 18 16:44:55 2003 : Error: Discarding new request from client > GDC-T1-AP1:4371 - ID: 188 due to live request 79 > Fri Jul 18 16:44:56 2003 : Error: Discarding new request from client > GDC-T1-AP1:4388 - ID: 205 due to live request 96 > Fri Jul 18 16:45:00 2003 : Error: Discarding new request from client > GDC-T1-AP1:4370 - ID: 187 due to live request 78 > Fri Jul 18 16:45:00 2003 : Error: Discarding new request from client > GDC-T1-AP1:4371 - ID: 188 due to live request 79 > Fri Jul 18 16:45:01 2003 : Error: Discarding new request from client > GDC-T1-AP1:4388 - ID: 205 due to live request 96 > Fri Jul 18 16:45:28 2003 : Error: WARNING: Unresponsive child (id 6151) for > request 78 > Fri Jul 18 16:45:28 2003 : Error: WARNING: Unresponsive child (id 7176) for > request 79 > Fri Jul 18 16:45:28 2003 : Error: WARNING: Unresponsive child (id 8201) for > request 96 > Whith 3 unresponsive children > I couldn't seem to make it happen in -X mode. Which makes things difficult. > What does it mean that it happens in normal mode but not in -X mode>? That it's a threading or timing problem. Try -fxxyz -l stdout (IE -X mode without the -s for single threaded) and see if it happens. If two threads deadlock, and a third hits that spot, it'll also wait indefinately. I would expect that the longer it runs, the more child threads would hit that spot and stick... -- = Paul "TBBle" Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul "TBBle" Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Cisco leap problem with pre3
I created it again and this time it showed up as follows Error: Discarding new request from client GDC-T1-AP1:4370 - ID: 187 due to live request 78 Fri Jul 18 16:44:55 2003 : Error: Discarding new request from client GDC-T1-AP1:4371 - ID: 188 due to live request 79 Fri Jul 18 16:44:56 2003 : Error: Discarding new request from client GDC-T1-AP1:4388 - ID: 205 due to live request 96 Fri Jul 18 16:45:00 2003 : Error: Discarding new request from client GDC-T1-AP1:4370 - ID: 187 due to live request 78 Fri Jul 18 16:45:00 2003 : Error: Discarding new request from client GDC-T1-AP1:4371 - ID: 188 due to live request 79 Fri Jul 18 16:45:01 2003 : Error: Discarding new request from client GDC-T1-AP1:4388 - ID: 205 due to live request 96 Fri Jul 18 16:45:28 2003 : Error: WARNING: Unresponsive child (id 6151) for request 78 Fri Jul 18 16:45:28 2003 : Error: WARNING: Unresponsive child (id 7176) for request 79 Fri Jul 18 16:45:28 2003 : Error: WARNING: Unresponsive child (id 8201) for request 96 Whith 3 unresponsive children I couldn't seem to make it happen in -X mode. Which makes things difficult. What does it mean that it happens in normal mode but not in -X mode>? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Hampson Sent: Friday, July 18, 2003 4:42 PM To: [EMAIL PROTECTED] Subject: RE: Cisco leap problem with pre3 > From: Jeremy Salch > Sent: Saturday, 19 July 2003 7:28 AM > Well.. Actually. I spoke too soon. I tried running all of the > clients through re-authentication again.. And after > Having all 12 clients re-authenticate a couple of times in a relatively > short time I get the following > Fri Jul 18 16:25:21 2003 : Auth: Login OK: [dwilson] (from client > GDC-T1-AP1 port 37 cli 000b4625d5de) Fri Jul 18 16:25:21 2003 : Auth: > Login OK: [chyne] (from client GDC-T1-AP1 port 12 cli 000943e586ae) > Fri Jul 18 16:25:21 2003 : Auth: Login OK: [jblack] (from client GDC-T1-AP1 > port 21 cli 000af4e22599) > Fri Jul 18 16:25:22 2003 : Auth: Login OK: [coldwell] (from client > GDC-T1-AP1 port 20 cli 000af4e2249b) > Fri Jul 18 16:25:25 2003 : Error: Discarding new request from client > GDC-T1-AP1:4251 - ID: 68 due to live request 160 > Fri Jul 18 16:25:26 2003 : Error: Discarding new request from client > GDC-T1-AP1:4274 - ID: 91 due to live request 183 > Fri Jul 18 16:25:30 2003 : Error: Discarding new request from client > GDC-T1-AP1:4251 - ID: 68 due to live request 160 > Fri Jul 18 16:25:31 2003 : Error: Discarding new request from client > GDC-T1-AP1:4274 - ID: 91 due to live request 183 > Fri Jul 18 16:26:40 2003 : Error: WARNING: Unresponsive child (id 8201) for > request 160 > Fri Jul 18 16:26:40 2003 : Error: WARNING: Unresponsive child (id 9226) for > request 183 Yup, there's your processes locking, as Alan said Does it happen in -X mode? The fact that it's always two children locking suggests a deadlock somewhere, either one inside FreeRADIUS (urgh) or something else... If it is a deadlock, -X won't trigger it. In that case, you'll need to use the finer-grained debugging options, and not disable threading in the process. -- = Paul "TBBle" Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul "TBBle" Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Cisco leap problem with pre3
> From: Jeremy Salch > Sent: Saturday, 19 July 2003 7:28 AM > Well.. Actually. I spoke too soon. I tried running all of the clients > through re-authentication again.. And after > Having all 12 clients re-authenticate a couple of times in a relatively > short time I get the following > Fri Jul 18 16:25:21 2003 : Auth: Login OK: [dwilson] (from client GDC-T1-AP1 > port 37 cli 000b4625d5de) > Fri Jul 18 16:25:21 2003 : Auth: Login OK: [chyne] (from client GDC-T1-AP1 > port 12 cli 000943e586ae) > Fri Jul 18 16:25:21 2003 : Auth: Login OK: [jblack] (from client GDC-T1-AP1 > port 21 cli 000af4e22599) > Fri Jul 18 16:25:22 2003 : Auth: Login OK: [coldwell] (from client > GDC-T1-AP1 port 20 cli 000af4e2249b) > Fri Jul 18 16:25:25 2003 : Error: Discarding new request from client > GDC-T1-AP1:4251 - ID: 68 due to live request 160 > Fri Jul 18 16:25:26 2003 : Error: Discarding new request from client > GDC-T1-AP1:4274 - ID: 91 due to live request 183 > Fri Jul 18 16:25:30 2003 : Error: Discarding new request from client > GDC-T1-AP1:4251 - ID: 68 due to live request 160 > Fri Jul 18 16:25:31 2003 : Error: Discarding new request from client > GDC-T1-AP1:4274 - ID: 91 due to live request 183 > Fri Jul 18 16:26:40 2003 : Error: WARNING: Unresponsive child (id 8201) for > request 160 > Fri Jul 18 16:26:40 2003 : Error: WARNING: Unresponsive child (id 9226) for > request 183 Yup, there's your processes locking, as Alan said Does it happen in -X mode? The fact that it's always two children locking suggests a deadlock somewhere, either one inside FreeRADIUS (urgh) or something else... If it is a deadlock, -X won't trigger it. In that case, you'll need to use the finer-grained debugging options, and not disable threading in the process. -- = Paul "TBBle" Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul "TBBle" Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Cisco leap problem with pre3
Well.. Actually. I spoke too soon. I tried running all of the clients through re-authentication again.. And after Having all 12 clients re-authenticate a couple of times in a relatively short time I get the following Fri Jul 18 16:25:21 2003 : Auth: Login OK: [dwilson] (from client GDC-T1-AP1 port 37 cli 000b4625d5de) Fri Jul 18 16:25:21 2003 : Auth: Login OK: [chyne] (from client GDC-T1-AP1 port 12 cli 000943e586ae) Fri Jul 18 16:25:21 2003 : Auth: Login OK: [jblack] (from client GDC-T1-AP1 port 21 cli 000af4e22599) Fri Jul 18 16:25:22 2003 : Auth: Login OK: [coldwell] (from client GDC-T1-AP1 port 20 cli 000af4e2249b) Fri Jul 18 16:25:25 2003 : Error: Discarding new request from client GDC-T1-AP1:4251 - ID: 68 due to live request 160 Fri Jul 18 16:25:26 2003 : Error: Discarding new request from client GDC-T1-AP1:4274 - ID: 91 due to live request 183 Fri Jul 18 16:25:30 2003 : Error: Discarding new request from client GDC-T1-AP1:4251 - ID: 68 due to live request 160 Fri Jul 18 16:25:31 2003 : Error: Discarding new request from client GDC-T1-AP1:4274 - ID: 91 due to live request 183 Fri Jul 18 16:26:40 2003 : Error: WARNING: Unresponsive child (id 8201) for request 160 Fri Jul 18 16:26:40 2003 : Error: WARNING: Unresponsive child (id 9226) for request 183 And one station wasn't able to login. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Friday, July 18, 2003 4:20 PM To: [EMAIL PROTECTED] Subject: Re: Cisco leap problem with pre3 "Jeremy Salch" <[EMAIL PROTECTED]> wrote: > Fri Jul 18 14:33:10 2003 : Error: Discarding new request from client > GDC-T1-AP2:4849 - ID: 136 due to live request 88 This has nothing to do with LEAP. Something is causing the server to block, and stop processing the request. The client re-tries, and the server refuses to RE-process the same request, because the first one isn't done... Find out wherewhy the server is stopping, and fix that. LEAP will start working again. I've been using LEAP regularly, and have had zero problems. However, I don't run fancy DB's, files over NFS, or *anything* which could cause the server to stop processing requests. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Cisco leap problem with pre3
I think I found the problem. A while back I posted a message about getting a error in threads.c and I was directed to Set max_requests_per_server to 0 to bypass the error. I still had that setting in use. Upon removing that setting it seems to have started working properly -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Friday, July 18, 2003 4:20 PM To: [EMAIL PROTECTED] Subject: Re: Cisco leap problem with pre3 "Jeremy Salch" <[EMAIL PROTECTED]> wrote: > Fri Jul 18 14:33:10 2003 : Error: Discarding new request from client > GDC-T1-AP2:4849 - ID: 136 due to live request 88 This has nothing to do with LEAP. Something is causing the server to block, and stop processing the request. The client re-tries, and the server refuses to RE-process the same request, because the first one isn't done... Find out wherewhy the server is stopping, and fix that. LEAP will start working again. I've been using LEAP regularly, and have had zero problems. However, I don't run fancy DB's, files over NFS, or *anything* which could cause the server to stop processing requests. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco leap problem with pre3
"Jeremy Salch" <[EMAIL PROTECTED]> wrote: > Fri Jul 18 14:33:10 2003 : Error: Discarding new request from client > GDC-T1-AP2:4849 - ID: 136 due to live request 88 This has nothing to do with LEAP. Something is causing the server to block, and stop processing the request. The client re-tries, and the server refuses to RE-process the same request, because the first one isn't done... Find out wherewhy the server is stopping, and fix that. LEAP will start working again. I've been using LEAP regularly, and have had zero problems. However, I don't run fancy DB's, files over NFS, or *anything* which could cause the server to stop processing requests. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco LEAP and FreeRadius
On Thu, May 29, 2003 at 09:41:56PM +1000, Luke Walshe wrote: > > > test Auth-Type := Local, User-Password == "pass", > > Service-Type = Framed-User > > Try > > test Auth-Type := eap, User-Password == "pass" > Service-Type = Login-User > It works. Thank you. -- /* Miroslav Petricek [EMAIL PROTECTED] UNIS COMPUTERS, spol. s r.o. Systemovy inzenyr - UNIX -- http://www.petricek.cz/ -- ICQ: 56183467 -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Cisco LEAP and FreeRadius
> test Auth-Type := Local, User-Password == "pass",
> Service-Type = Framed-User
Try
testAuth-Type := eap, User-Password == "pass"
Service-Type = Login-User
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Miroslav Petricek
> Sent: Thursday, 29 May 2003 8:49 PM
> To: [EMAIL PROTECTED]
> Subject: Cisco LEAP and FreeRadius
>
>
> Hi, all
>
> I would like to configure FreeRadius to allow LEAP based
> authentication between Cisco client, Cisco AP350 ans FreeRadius
> server.
>
> My configuration:
>
> freeradius-snapshot-20030528, compiled on Red Hat Linux 7.3
>
> raddb/users file:
>
> test Auth-Type := Local, User-Password == "pass",
> Service-Type = Framed-User
>
>
> raddb/clients.conf file:
>
> client 127.0.0.1 {
> secret = pass
> shortname = localhost
> nastype = other
> }
>
> client 192.168.1.254 {
> secret = pass
> shortname = ap350
> nastype = cisco
> }
>
> I have "default_eap_type = leap" in the "eap" section of the
> radiusd.conf.
>
> When I try to connect to the radius server, everything seems
> to be working fine:
>
> # radtest test pass localhost 1813 pass
> Sending Access-Request of id 100 to 127.0.0.1:1812
> User-Name = "test"
> User-Password = "pass"
> NAS-IP-Address = rambo.uniscomp.cz
> NAS-Port = 1813
> rad_recv: Access-Accept packet from host 127.0.0.1:1812,
> id=100, length=32
> Service-Type = Framed-User
> Framed-IP-Netmask = 255.255.255.0
>
> But when I try to connect from Cisco 350 NAS, i'm getting following:
>
> Auth: Login OK: [test/] (from
> client ap350 port 37 cli 000c304c1aa0)
> Info: rlm_eap_leap: No User-Password or NT-Password
> configured for this user
>
> How should I correctly specify User-Password?
>
> --
> /* Miroslav Petricek [EMAIL PROTECTED]
>UNIS COMPUTERS, spol. s r.o. Systemovy inzenyr - UNIX
> -- http://www.petricek.cz/ -- ICQ: 56183467 --
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
This email has been scanned
and protected by Inflex & Sophos
--
**
Privileged or confidential information is contained in this electronic
message.
If this message is not addressed to you, or if you are not responsible
for the delivery of this message to the addressee, you may not
download, copy or forward this message to any other person. If you do
not immediately delete this message you may be liable for a breach of
confidentiality. We would be grateful if you would notify us of your
receipt and deletion of this message.
It is your responsibility to maintain an up to date virus detection
system and to scan this message and any attachment to it for computer
viruses or other defects. If you download a file attached to this
message, you do so at your own risk.
In no circumstances does Radio Terminal Systems Pty Ltd accept
liability for any loss or damage (including any indirect or
consequential losses) which may result, directly or indirectly, from
your receipt of this message or any attachment to it.
**
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco LEAP username and password in FreeRadius
[EMAIL PROTECTED] wrote: > > LEAP uses MS-CHAP for authentication. As a result, it's impossible > >to combine System authentication with LEAP. ... > I`d like to know is this a "limitation" of freeradius or of the leap > protocol ? It's a limitation of MS-CHAP, as I tried to point out. See the FAQ for more comments on CHAP. FreeRADIUS didn't define MS-CHAP, so it is NOT responsible for this problem. > I think with Cisco Secure ACS you can utilize backend databases like Active > Directory or LDAP , so is this only limited in freeradius and why ? Because LDAP and Active directory are not Unix system password files. Hint: The names are different! LEAP *can* do authentication with NT-Password hashes, because they're part of the MS-CHAP protocol. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco LEAP username and password in FreeRadius
>From: "Alan DeKok" <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Re: Cisco LEAP username and password in FreeRadius >Date: Sat, 29 Mar 2003 14:32:01 -0500 >Reply-To: [EMAIL PROTECTED] > >david tran <[EMAIL PROTECTED]> wrote: >> User "dtran" also has a Unix account,"dtran", on the >> FreeRadius Server and I would like to use that account >> and password for Cisco LEAP instead of having to >> specify a different password in the users file. > > LEAP uses MS-CHAP for authentication. As a result, it's impossible >to combine System authentication with LEAP. > > Alan DeKok. Hi Alan, Hi Group I`d like to know is this a "limitation" of freeradius or of the leap protocol ? I think with Cisco Secure ACS you can utilize backend databases like Active Directory or LDAP , so is this only limited in freeradius and why ? Michael -- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco LEAP username and password in FreeRadius
david tran <[EMAIL PROTECTED]> wrote: > User "dtran" also has a Unix account,"dtran", on the > FreeRadius Server and I would like to use that account > and password for Cisco LEAP instead of having to > specify a different password in the users file. LEAP uses MS-CHAP for authentication. As a result, it's impossible to combine System authentication with LEAP. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco LEAP
On Monday 24 March 2003 08:11 am, Alan DeKok wrote: > David Tran II <[EMAIL PROTECTED]> wrote: > > I am wondering if anyone get FreeRadius to work with Cisco LEAP. > > I understand that LEAP is a Cisco Proprietary; however, I think I > > saw a post in recent weeks that someone get it to work with Cisco > > LEAP. If you don't mind, can you share the configuration file and > > what needed to be done? I am currently using Freeradius 0.8.1 > > (stable version) running on RedHat linux version 7.3. > > Read the main web page. Cisco LEAP is only implemented in the > current CVS head. > > Once you download the CVS snapshot, read 'radiusd.conf', and look > for 'leap'. It will tell you what to do to configure it. > > Alan DeKok. > And yes it does seem to work great. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco LEAP
David Tran II <[EMAIL PROTECTED]> wrote: > I am wondering if anyone get FreeRadius to work with Cisco LEAP. > I understand that LEAP is a Cisco Proprietary; however, I think I > saw a post in recent weeks that someone get it to work with Cisco > LEAP. If you don't mind, can you share the configuration file and > what needed to be done? I am currently using Freeradius 0.8.1 > (stable version) running on RedHat linux version 7.3. Read the main web page. Cisco LEAP is only implemented in the current CVS head. Once you download the CVS snapshot, read 'radiusd.conf', and look for 'leap'. It will tell you what to do to configure it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cisco leap
Lionel Gavage <[EMAIL PROTECTED]> wrote: > Can we use leap EAP type with md5 EAP type fixed as default_eap_type ? Not right now. The EAP request doesn't specify which method it's trying to use for authentication. So the server has to pick ONE eap method for ALL eap requests. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cisco leap
Hello, Le 20/03/03 13:00, « Alan DeKok » <[EMAIL PROTECTED]> a écrit : > FreeRadius <[EMAIL PROTECTED]> wrote: >> Could I See your configuration files? I can't seem to get it to work > > You've got to set 'default_eap_type = leap' Can we use leap EAP type with md5 EAP type fixed as default_eap_type ? Or do we have to use one of them separately ? Thanks. Lionel. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Lionel Gavage Network Engineer (SeGI/ULg) Email: [EMAIL PROTECTED]Tél: +32-4-3664845 Fax: +32-4-3662920 Bat. B26 SeGI - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cisco leap
FreeRadius <[EMAIL PROTECTED]> wrote: > Could I See your configuration files? I can't seem to get it to work You've got to set 'default_eap_type = leap' Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cisco leap
Could I See your configuration files? I can't seem to get it to work On Thursday 20 March 2003 07:06 am, Dmitri Belimov wrote: > Hi > > > has anyone used cisco leap from CVS yet ? > > Yes, It is work fine! > > With my best regards, Dmitri. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cisco leap
Awesome! On Thursday 20 March 2003 07:06 am, Dmitri Belimov wrote: > Hi > > > has anyone used cisco leap from CVS yet ? > > Yes, It is work fine! > > With my best regards, Dmitri. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cisco leap
Hi > has anyone used cisco leap from CVS yet ? Yes, It is work fine! With my best regards, Dmitri. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CISCO LEAP
On Thursday 14 November 2002 01:04 am, Lars Viklund wrote: > On Wed, 2002-11-13 at 16:06, Jeremy Salch wrote: > > On Wednesday 13 November 2002 06:52 pm, Mike Paneth wrote: > > > We are about to setup a wireless network based on CISCO 1200 APs and > > > need to control access. > > > > > > Does anyone know how to get Freeradius working with CISCO LEAP? > > > > It can't. > > Not yet anyway. > > > LEAP is a Cisco Proprietary EAP type to cisco.. > > Yes. > > > you'll have to shell out the cash for this one. > > I don't think that's necessarily true. Someone just have to write a > FreeRADIUS module for it. There are public descriptions of the protocol > (http://www.missl.cs.umd.edu/wireless/ethereal/leap.txt) and it doesn't > seem hard to implement. > At the moment it is, but I would love to see it in FreeRadius :-) > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html -- http://tblx.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CISCO LEAP
Jeremy Salch <[EMAIL PROTECTED]> wrote: > > Does anyone know how to get Freeradius working with CISCO LEAP? > > It can't. . LEAP is a Cisco Proprietary EAP type to cisco.. you'll have to >shell > out the cash for this one. Either to buy Cisco's RADIUS server, or to pay someone to implement LEAP in FreeRADIUS. Do a search on Google for LEAP and FreeRADIUS. There's a web page somewhere where LEAP is documented... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CISCO LEAP
On Wed, 2002-11-13 at 16:06, Jeremy Salch wrote: > On Wednesday 13 November 2002 06:52 pm, Mike Paneth wrote: > > We are about to setup a wireless network based on CISCO 1200 APs and need > > to control access. > > > > Does anyone know how to get Freeradius working with CISCO LEAP? > > It can't. Not yet anyway. > LEAP is a Cisco Proprietary EAP type to cisco.. Yes. > you'll have to shell out the cash for this one. I don't think that's necessarily true. Someone just have to write a FreeRADIUS module for it. There are public descriptions of the protocol (http://www.missl.cs.umd.edu/wireless/ethereal/leap.txt) and it doesn't seem hard to implement. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CISCO LEAP
On Wednesday 13 November 2002 06:52 pm, Mike Paneth wrote: > We are about to setup a wireless network based on CISCO 1200 APs and need > to control access. > > Does anyone know how to get Freeradius working with CISCO LEAP? It can't. . LEAP is a Cisco Proprietary EAP type to cisco.. you'll have to shell out the cash for this one. > > Mike Paneth > Melbourne Australia -- http://tblx.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco LEAP/EAP authentication
Jerry Kemp <[EMAIL PROTECTED]> wrote: > What is the current status of FreeRadius and > Cisco Leap authentication?? It's not implemented, and no one is working on it. As always, patches are welcome. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
