Re: Authenticating Wifi and users

2004-09-25 Thread Alan DeKok 
"Stefan B. Jonsson" <[EMAIL PROTECTED]> wrote:
> I'm trying to configure the following scenario for a school network, this has
> taken too long and lots of reading with out resault.

  You're probably focussing on a solution, rather than the problem.

> Macaddress is verified through Freeradius looking up in LDAP server to give
> WiFi access

  That can be done.  Are you planning on using *only* MAC address to
grant users access to the network?  I would not recommend doing that.

> Then user is authenticated on PPTP VPN again towards the LDAP using
> Freeradius

  If the VPN client supports RADIUS authentication, yes.

  But why use a VPN?  Why not just use EAP-TTLS, or EAP-PEAP?

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Authenticating Wifi and users

2004-09-25 Thread Stefan B. Jonsson 
Here are really novice questions:
I'm trying to configure the following scenario for a school network, this has
taken too long and lots of reading with out resault.

Macaddress is verified through Freeradius looking up in LDAP server to give
WiFi access

Then user is authenticated on PPTP VPN again towards the LDAP using
Freeradius

This should be possible ?

Regards
Stefan B. Jonsson
RADIUS novice

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: with Digest

2004-09-25 Thread Alan DeKok 
Darren Bentley <[EMAIL PROTECTED]> wrote:
> I'm not sure why it's saying Login OK ?

  Because the user was authenticated?

> It just keeps repeating this over and over again.

  So find out why the client is re-authenticating.

> Any ideas why I get the  message?

  Because for debugging, it tries to print out the password the user
used, if it's available.  If the password not available, it says so.

  Alan DeKok.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Secret as variable

2004-09-25 Thread Alan DeKok 
Zdenek Svarc <[EMAIL PROTECTED]> wrote:
> has Secret its variable? Alan DeKok wrotes that every available
> variable is showed by "freeradius -x", but User-Password (as well as
> Secret?) is not showed in debug.

  I think you misunderstood me.  When you type:

$ radiusd -X

  all of the information it reads from the configuration files is
printed out.  (Except for the old-style clients & naslist).

  When it receives a RADIUS packet, all of the attributes in the
RADIUS packet are printed out.


  I'm not sure what you think is going wrong, but the server has
behaved that way for 3-4 years now.

  Alan DeKok.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: eap-smartcard

2004-09-25 Thread Mohammed Petiwala 
Hi Nelson:
check the rlm_eap_tls.h/.c and the eap_tls.c/.h files
in the your radius 1.0.0-pre3 1.0.0 release
./src/modules/rlm_eap/types/rlm_eap_tls/ folder in the
distro.
the rlm_eap_tls.c file has a function to initialize
the  ssl/tls context params (certs, keys, trusts,
etc.) that are used globally by openssl for the
sessions.
Thanks.

Regards,
Mohammed.


Mohammed H. Petiwala
Senior Staff Engineer,
iDEN-WLAN, Motorola Inc.


--- Nelson Murilo <[EMAIL PROTECTED]> wrote:

> On Fri, Sep 24, 2004 at 11:11:02AM -0400, Alan DeKok
> wrote:
> > Nelson Murilo <[EMAIL PROTECTED]> wrote:
> > > Somebody known if freeradius have (plans for)
> support it:
> > >
>
http://ietfreport.isoc.org/ids/draft-urien-eap-smartcard-06.txt
> > 
> >   Sure, submit a patch.
> > 
> 
> Thanks Alan,
> 
> I´ m looking openssh smartcard code, may this is not
> hard,  
> scard-opensc.c have all functions needed, and ssh.c
> file 
> call funcs for access smardcard  and load
> certificates and keys. 
> 
> I  don´t see where eap_tls code load this objects,
> if someone help me
> with this information, I could try write the patch.
> 
> Thanks for your time and patience,
> 
> ./nelson -murilo
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 




___
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

FreeRadius and MySQL Errors

2004-09-25 Thread sonny souvannavong 
We have a Cisco VOIP network and we use FreeRadius
with MySQL on Redhat to collect our RADIUS records. 
For some reason we are getting these errors.  Please
assist.  I really appreciate everyone's input on what
is the cause of these problems.

==

Sat Sep 25 16:47:49 2004 : Error: rlm_sql: Stop packet
with zero session length.  (user '63.218.9.180', nas
'202.47.251.169')
Sat Sep 25 16:47:49 2004 : Error: rlm_radutmp: Logout
for NAS bkk-voice-03 port 0, but no Login record
Sat Sep 25 16:47:53 2004 : Error: rlm_radutmp: Logout
for NAS bkk-voice-03 port 0, but no Login record
Sat Sep 25 16:47:54 2004 : Error: rlm_radutmp: Logout
entry for NAS bkk-voice-03 port 0 has wrong ID
Sat Sep 25 16:47:54 2004 : Error: rlm_sql: Stop packet
with zero session length.  (user '6562018', nas
'202.47.251.163')
Sat Sep 25 16:47:54 2004 : Error: rlm_sql: Stop packet
with zero session length.  (user '203.166.124.66', nas
'202.47.251.163')
Sat Sep 25 16:47:54 2004 : Error: rlm_sql: Stop packet
with zero session length.  (user '46704249301', nas
'202.47.251.170')
Sat Sep 25 16:47:54 2004 : Error: rlm_sql: Stop packet
with zero session length.  (user '46704249301', nas
'202.47.251.170')
Sat Sep 25 16:47:57 2004 : Error: rlm_sql: Stop packet
with zero session length.  (user '202600754', nas
'202.47.251.170')
Sat Sep 25 16:47:57 2004 : Error: rlm_sql: Stop packet
with zero session length.  (user '202600754', nas
'202.47.251.170')
Sat Sep 25 16:47:59 2004 : Error: rlm_radutmp: Logout
entry for NAS bkk-voice-03 port 0 has wrong ID
Sat Sep 25 16:48:04 2004 : Error: rlm_radutmp: Logout
entry for NAS bkk-voice-03 port 0 has wrong ID
Sat Sep 25 16:48:04 2004 : Error: rlm_radutmp: Logout
for NAS bkk-voice-03 port 0, but no Login record
Sat Sep 25 16:48:04 2004 : Error: rlm_sql: Stop packet
with zero session length.  (user '496926029030', nas
'202.47.251.165')
Sat Sep 25 16:48:04 2004 : Error: rlm_sql: Stop packet
with zero session length.  (user '209.227.165.248',
nas '202.47.251.165')
Sat Sep 25 16:48:06 2004 : Error: rlm_sql: Stop packet
with zero session length.  (user '63.218.9.180', nas
'202.47.251.165')
Sat Sep 25 16:48:06 2004 : Error: rlm_radutmp: Logout
for NAS bkk-voice-03 port 0, but no Login record
Sat Sep 25 16:48:06 2004 : Error: rlm_sql: Stop packet
with zero session length.  (user '63.218.9.180', nas
'202.47.251.165')
Sat Sep 25 16:48:09 2004 : Error: rlm_radutmp: Logout
for NAS bkk-voice-03 port 0, but no Login record
Sat Sep 25 16:48:10 2004 : Error: rlm_radutmp: Logout
for NAS bkk-voice-03 port 0, but no Login record
Sat Sep 25 16:48:10 2004 : Error: rlm_radutmp: Logout
for NAS bkk-voice-03 port 0, but no Login record
Sat Sep 25 16:48:10 2004 : Error: rlm_sql: Stop packet
with zero session length.  (user
'[EMAIL PROTECTED]', nas '202.47.251.169
')
Sat Sep 25 16:48:10 2004 : Error: rlm_sql: Stop packet
with zero session length.  (user
'[EMAIL PROTECTED]', nas '202.47.251.169
')
Sat Sep 25 16:48:12 2004 : Error: rlm_radutmp: Logout
for NAS bkk-voice-03 port 0, but no Login record
Sat Sep 25 16:48:16 2004 : Error: rlm_sql: Stop packet
with zero session length.  (user '64.86.192.19', nas
'202.47.251.169')
Sat Sep 25 16:48:16 2004 : Error: rlm_radutmp: Logout
for NAS bkk-voice-03 port 0, but no Login record
Sat Sep 25 16:48:16 2004 : Error: rlm_sql: Stop packet
with zero session length.  (user '64.86.192.19', nas
'202.47.251.169')
Sat Sep 25 16:48:17 2004 : Error: rlm_radutmp: Logout
entry for NAS bkk-voice-03 port 0 has wrong ID
Sat Sep 25 16:48:19 2004 : Error: rlm_radutmp: Logout
for NAS bkk-voice-03 port 0, but no Login record
Sat Sep 25 16:48:19 2004 : Error: rlm_sql: Stop packet
with zero session length.  (user '212999', nas
'202.47.251.165')
Sat Sep 25 16:48:21 2004 : Error: rlm_radutmp: Logout
entry for NAS bkk-voice-03 port 0 has wrong ID
Sat Sep 25 16:48:26 2004 : Error: rlm_radutmp: Logout
for NAS bkk-voice-03 port 0, but no Login record
Sat Sep 25 16:48:26 2004 : Error: rlm_sql: Stop packet
with zero session length.  (user '63.218.9.180', nas
'202.47.251.165')
Sat Sep 25 16:48:26 2004 : Error: rlm_sql: Stop packet
with zero session length.  (user '63.218.9.180', nas
'202.47.251.165')
Sat Sep 25 16:48:26 2004 : Error: rlm_radutmp: Logout
entry for NAS bkk-voice-03 port 0 has wrong ID
Sat Sep 25 16:48:26 2004 : Error: rlm_sql: Stop packet
with zero session length.  (user '6562018', nas
'202.47.251.163')
Sat Sep 25 16:48:26 2004 : Error: rlm_sql: Stop packet
with zero session length.  (user '203.166.124.66', nas
'202.47.251.163')
Sat Sep 25 16:48:27 2004 : Error: rlm_sql: Stop packet
with zero session length.  (user '203.166.124.66', nas
'202.47.251.165')
Sat Sep 25 16:48:27 2004 : Error: rlm_radutmp: Logout
for NAS bkk-voice-03 port 0, but no Login record
Sat Sep 25 16:48:27 2004 : Error: rlm_sql: Stop packet
with zero session length.  (user '203.166.124.66', nas
'202.47.251.165')
Sat Sep 25 16:48:28 2004 : Error: rlm_radutmp: Logout
for NAS bkk-voice-03 port 0, but no Login record
Sat Sep 25