Re: configure options
On Sun 22 Oct 2006 04:43, Seferovic Edvin wrote: Hello, wouldn't it be useful to publish all configure options ( like modules options ) in WIKI ? Yes. Thats a great idea. At present there is several hundred pages in the wiki, and most of them were put there by either myself or Keven (Hi Kevin :-) We would appreciate your help :-) Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpFkD0ecJaim.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
how can I contribute ( configure options )
Sure. How can I help? English is not my native language, but I don't see that as a problem. The only problem I see ( at the moment ) is that I am not familiar with all modules of freeradius and their configure options ( Alan notices that some of them don't even have configure options etc ). I have a few successfull freeradius installations behind myself and I wrote a similar patch Jonathan de Grave published at the mailing list recently ( mine has a hardcoded attribute ;) ). I would appreciate some feedback on the topic how can I contribute to freeradius project. Regards, E:S -Original Message- From: Peter Nixon [mailto:[EMAIL PROTECTED] Sent: Montag, 23. Oktober 2006 09:52 To: [EMAIL PROTECTED]; FreeRadius users mailing list Subject: Re: configure options On Sun 22 Oct 2006 04:43, Seferovic Edvin wrote: Hello, wouldn't it be useful to publish all configure options ( like modules options ) in WIKI ? Yes. Thats a great idea. At present there is several hundred pages in the wiki, and most of them were put there by either myself or Keven (Hi Kevin :-) We would appreciate your help :-) Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to use != == =~ and !~ on multiple keys?
Mike wrote: On 10/22/06, Joe Maimon [EMAIL PROTECTED] wrote: I have the following keys in a radius request: Cisco-AVPair = src-codec=g729 g711A64k g711U64k g7231 gsmFR NS:iLBC-15k2 Cisco-AVPair = dst-codec=g729 When using the != == =~ and !~ conditionals with Cisco-AVPair key, which one(s) are checked? In the order provided by the order they were written on the check line until there is either a match or none. Ah, you meant which AVpair is checked? All until match. (at least its supposed to) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_krb5
All,I am implementing 802.1x on our network. The easiest solution to do this is by using "reversible passwords" in active directory(and using ntlm_auth), but our windows guys don't want to allow this. Only other way is by using kerberos. I found a link on the internet http://archives.free.net.ph/message/20060104.153134.68c5be76.en.html , but i can't get it to work. The rlm_krb5 module doesn't seem to pick up my request(although i see that the module is loaded).Does anyone know how to configure this correctly?I already googled and searched the archives for this without luck.StievenStruyfM.I.S.Division-SystemOperationsKomatsuEuropeInternationalNVMechelsesteenweg586B-1800VilvoordeTel.+32(0)22552551- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Two querys for accounting_stop_query (sql.conf)
Hello, Im running freeradius with mysql module. How could I add a second query to the statement accounting_stop_query in sql.conf? I found this: http://lists.cistron.nl/pipermail/freeradius-users/2005-November/048711.html So I add a section to sql.conf (myTEST {}) and copy all from section sql to the new one. Than I modifiy my accouting section in radiusd.conf and add myTEST I launch freeradius again and I get the error: Failed to link module rlm_myTEST Is there anyway I could have a second query executed after the default one in accounting_stop_query? Thanks, Cheers, mico The only way to get rid of a temptation is to yield to it. (Oscar Wilde) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hints, Attr_rewrite - Add session timeout with Framed IP?
Hello I'm looking for a solution to add in the accept packets a session timeout value when framed ip address is assigned in the users file. I tried to add hints rules but doesn't seems to work. I also tried to rewrite the packet : not works. Can you help me to do this ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Weird behaviour of the windows client
Hi there, I've configured freeradius to do ms-chap and using wireless. When I type in my credentials, freeradius lets me in and everybody is happy, but when I check the checkbox Automatically use my Windows logon name and password (and domain if any), ntlm_auth responds with a logon failure. Has anybody of you run into the same problem? Did you find a solution? Please help Thanks. _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how can I contribute ( configure options )
Seferovic Edvin wrote: Sure. How can I help? English is not my native language, but I don't see that as a problem. The only problem I see ( at the moment ) is that I am not familiar with all modules of freeradius and their configure options ( Alan notices that some of them don't even have configure options etc ). I have a few successfull freeradius installations behind myself and I wrote a similar patch Jonathan de Grave published at the mailing list recently ( mine has a hardcoded attribute ;) ). I would appreciate some feedback on the topic how can I contribute to freeradius project. Regards, E:S I would say the best place to start would be with what you know. You don't have to cover every single option in the first version of the wiki page, as long as you note that the list is not complete. Build the page up as your knowledge builds up. People will make corrections where they need to be made, if you're not sure of something, check it to the best of your ability, ask the list, etc. Other people will contribute their knowledge, too. -- James Wakefield, Unix Administrator, Information Technology Services Division Deakin University, Geelong, Victoria 3217 Australia. Phone: 03 5227 8690 International: +61 3 5227 8690 Fax: 03 5227 8866 International: +61 3 5227 8866 E-mail: [EMAIL PROTECTED] Website: http://www.deakin.edu.au - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: SQLcounter patch - Addition of reply-attribute
Jonathan De Graeve [EMAIL PROTECTED] wrote: I just made a patch against 1.1.3 for the SQLcounter module. Please submit patches on bugs.freeradius.org. It's easier to manage them that way. As requested: http://bugs.freeradius.org/showattachment.cgi?attach_id=187 -- Jonathan De Graeve IMELDA vzw Informatica Dienst Network System Engineer [EMAIL PROTECTED] +32(0)15/50.52.98 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius+hpidm+cisco
All, We have an hp infrastructure and use identity driven management to enforce some additional rights to users(as forcing vlan assignment). We have a mixed wireless environment with hp procurve and cisco(1200) For hp access points we don't have any problem, but when trying with cisco devices freeradius crasches with a segmentation fault. The segmentation fault happens when accessing the module hpidm.post-auth.conf which is loaded through radius.conf. (if i comment out this module i don't get the error, but then vlan assignment does't work for the hp's). Anyone else using this tool in a mixed environment? Stieven Struyf M.I.S. Division - System Operations Komatsu Europe International NV Mechelsesteenweg 586 B-1800 Vilvoorde Tel. +32 (0)2 2552551- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius+hpidm+cisco
All, We have an hp infrastructure and use identity driven management to enforce some additional rights to users(as forcing vlan assignment). We have a mixed wireless environment with hp procurve and cisco(1200) For hp access points we don't have any problem, but when trying with cisco devices freeradius crasches with a segmentation fault. The segmentation fault happens when accessing the module hpidm.post- auth.conf which is loaded through radius.conf. (if i comment out this module i don't get the error, but then vlan assignment does't work for the hp's). It would be usefull to debug and to post whats in the hpidm.post-auth.conf J. -- Jonathan De Graeve IMELDA vzw Informatica Dienst Network System Engineer [EMAIL PROTECTED] +32(0)15/50.52.98 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problem with SQL Redundant
Hi list, I'm using Freeradius with 2 mysql redundant for accounting. redundant { sql-instance1 sql-instance2 } The problem: when from NAS arrive an 'Stop packet with zero session length', freeradius returns noop for request 1 in sql-instance1.This way, freeradiustry to update in sql-instance2, which is not correct, becausein sql-instance2 there is no anystart reccords. How can I set up freeradiusfor update ONLY sql-instance1in casethat arrive'Stop packet with zero session length'? Thanks in advanced Guido - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to use != == =~ and !~ on multiple keys?
On 10/23/06, Joe Maimon [EMAIL PROTECTED] wrote: On 10/22/06, Joe Maimon [EMAIL PROTECTED] wrote: I have the following keys in a radius request: Cisco-AVPair = src-codec=g729 g711A64k g711U64k g7231 gsmFR NS:iLBC-15k2 Cisco-AVPair = dst-codec=g729 When using the != == =~ and !~ conditionals with Cisco-AVPair key, which one(s) are checked? In the order provided by the order they were written on the check line until there is either a match or none. Ah, you meant which AVpair is checked? All until match. (at least its supposed to) So that means that != and == become set operations (!= for not present and == for present)? And =~ is any contains and !~ is none contains? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius+hpidm+cisco
Jonathan, I removed the hp module to check if the problem went away(which it did). Afterwards i reenabled it to take traces, but it doesn't segfaults anymore. Now i use radius to assigns vlan for cisco and use hp idm for vlan assigment for hp. Problem seems solved, but i don't want to install the idm on our primary radius server if it gives instable behaviour to the stable freeradius server. We are using freeradius for some years for our wifi production environment(barcode scanners), don't want to cause troubles just to let some users work wireless. Stieven Struyf M.I.S. Division - System Operations Komatsu Europe International NV Mechelsesteenweg 586 B-1800 Vilvoorde Tel. +32 (0)2 2552551 Jonathan De Graeve [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 10/23/2006 02:58 PM Please respond to FreeRadius users mailing list freeradius-users@lists.freeradius.org To FreeRadius users mailing list freeradius-users@lists.freeradius.org cc Subject RE: freeradius+hpidm+cisco All, We have an hp infrastructure and use identity driven management to enforce some additional rights to users(as forcing vlan assignment). We have a mixed wireless environment with hp procurve and cisco(1200) For hp access points we don't have any problem, but when trying with cisco devices freeradius crasches with a segmentation fault. The segmentation fault happens when accessing the module hpidm.post- auth.conf which is loaded through radius.conf. (if i comment out this module i don't get the error, but then vlan assignment does't work for the hp's). It would be usefull to debug and to post whats in the hpidm.post-auth.conf J. -- Jonathan De Graeve IMELDA vzw Informatica Dienst Network System Engineer [EMAIL PROTECTED] +32(0)15/50.52.98 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius+hpidm+cisco
[EMAIL PROTECTED] wrote on 10/23/2006 02:46:51 PM: All, We have an hp infrastructure and use identity driven management to enforce some additional rights to users(as forcing vlan assignment). We have a mixed wireless environment with hp procurve and cisco(1200) For hp access points we don't have any problem, but when trying with cisco devices freeradius crasches with a segmentation fault. The segmentation fault happens when accessing the module hpidm.post- auth.conf which is loaded through radius.conf. (if i comment out this module i don't get the error, but then vlan assignment does't work for the hp's). It would be usefull to debug and to post whats in the hpidm.post-auth.conf Just for your info the contents of both hpidm config files: [EMAIL PROTECTED] raddb]# cat hpidm.post-auth.conf Post-Auth-Type REJECT{ hpidm } hpidm [EMAIL PROTECTED] raddb]# [EMAIL PROTECTED] raddb]# cat hpidm.modules.conf hpidm{ version = 1.0 } [EMAIL PROTECTED] raddb]# Stieven Struyf M.I.S. Division - System Operations Komatsu Europe International NV Mechelsesteenweg 586 B-1800 Vilvoorde [EMAIL PROTECTED] Tel. +32 (0)2 2552551 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_krb5
[EMAIL PROTECTED] wrote: ... Please don't send HTML to the list. I am implementing 802.1x on our network. The easiest solution to do this is by using reversible passwords in active directory That isn't necessary. Only other way is by using kerberos. That's impossible. Kerberos doesn't do MS-CHAP, which is the authentication protocol used by Windows clients for 802.1x Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with SQL Redundant
Guido [EMAIL PROTECTED] wrote: How can I set up freeradius for update ONLY sql-instance1 in case that arrive 'Stop packet with zero session length'?=20 Read doc/configurable_failover. It explains this. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius+hpidm+cisco
[EMAIL PROTECTED] wrote: Just for your info the contents of both hpidm config files: [EMAIL PROTECTED] raddb]# cat hpidm.post-auth.conf Post-Auth-Type REJECT{ hpidm } hpidm [EMAIL PROTECTED] raddb]# cat hpidm.modules.conf hpidm{ version = 1.0 } This module is not included with the server. Therefore, it's something written locally, and you should asthe person who wrote it about any bugs it may have. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Server stopped responding, throwing multiple SSL-related errors
I'm running FreeRADIUS 1.1.2 on Ubuntu. This morning one of the two servers stopped answering requests. The radius log contained thousands of lines like these: Mon Oct 23 12:32:56 2006 : Error: TLS Alert write:fatal:illegal parameter Mon Oct 23 12:32:56 2006 : Error: TLS_accept:error in SSLv3 read certificate verify A Mon Oct 23 12:32:56 2006 : Error: rlm_eap: SSL error error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message size Mon Oct 23 12:32:56 2006 : Error: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. Mon Oct 23 12:33:02 2006 : Error: TLS_accept:error in SSLv3 read client certificate A Mon Oct 23 12:33:02 2006 : Error: rlm_eap: SSL error error::lib(0):func(0):reason(0) Mon Oct 23 12:33:02 2006 : Error: TLS Alert write:fatal:bad record mac Mon Oct 23 12:33:02 2006 : Error: TLS_accept:error in SSLv3 read certificate verify A Mon Oct 23 12:33:02 2006 : Error: rlm_eap: SSL error error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac Mon Oct 23 12:33:02 2006 : Error: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. Mon Oct 23 12:33:02 2006 : Error: TLS Alert write:fatal:illegal parameter Mon Oct 23 12:33:02 2006 : Error: TLS_accept:error in SSLv3 read certificate verify A Mon Oct 23 12:33:02 2006 : Error: rlm_eap: SSL error error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message size Mon Oct 23 12:33:02 2006 : Error: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. Mon Oct 23 12:33:16 2006 : Error: TLS_accept:error in SSLv3 read client certificate A Restarting radiusd fixed it. My build of FreeRADIUS was built from source, the SSL library is the Ubuntu system openssl (v. 0.9.7). Any idea what might have gone wrong? -Ben - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Server stopped responding, throwing multiple SSL-related errors
Sounds very similar to my thread titled SSL_read failed in a system call from last week. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Beuchler Sent: Monday, October 23, 2006 2:06 PM To: FreeRadius users mailing list Subject: Server stopped responding, throwing multiple SSL-related errors I'm running FreeRADIUS 1.1.2 on Ubuntu. This morning one of the two servers stopped answering requests. The radius log contained thousands of lines like these: Mon Oct 23 12:32:56 2006 : Error: TLS Alert write:fatal:illegal parameter Mon Oct 23 12:32:56 2006 : Error: TLS_accept:error in SSLv3 read certificate verify A Mon Oct 23 12:32:56 2006 : Error: rlm_eap: SSL error error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message size Mon Oct 23 12:32:56 2006 : Error: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. Mon Oct 23 12:33:02 2006 : Error: TLS_accept:error in SSLv3 read client certificate A Mon Oct 23 12:33:02 2006 : Error: rlm_eap: SSL error error::lib(0):func(0):reason(0) Mon Oct 23 12:33:02 2006 : Error: TLS Alert write:fatal:bad record mac Mon Oct 23 12:33:02 2006 : Error: TLS_accept:error in SSLv3 read certificate verify A Mon Oct 23 12:33:02 2006 : Error: rlm_eap: SSL error error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac Mon Oct 23 12:33:02 2006 : Error: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. Mon Oct 23 12:33:02 2006 : Error: TLS Alert write:fatal:illegal parameter Mon Oct 23 12:33:02 2006 : Error: TLS_accept:error in SSLv3 read certificate verify A Mon Oct 23 12:33:02 2006 : Error: rlm_eap: SSL error error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message size Mon Oct 23 12:33:02 2006 : Error: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. Mon Oct 23 12:33:16 2006 : Error: TLS_accept:error in SSLv3 read client certificate A Restarting radiusd fixed it. My build of FreeRADIUS was built from source, the SSL library is the Ubuntu system openssl (v. 0.9.7). Any idea what might have gone wrong? -Ben - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Server stopped responding, throwing multiple SSL-related errors
Ben Beuchler [EMAIL PROTECTED] wrote: I'm running FreeRADIUS 1.1.2 on Ubuntu. This morning one of the two servers stopped answering requests. The radius log contained thousands of lines like these: Mon Oct 23 12:32:56 2006 : Error: TLS Alert write:fatal:illegal parameter Mon Oct 23 12:32:56 2006 : Error: TLS_accept:error in SSLv3 read certificate verify A Mon Oct 23 12:32:56 2006 : Error: rlm_eap: SSL error error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message size Hmm... looking at google: http://stunnel.mirt.net/pipermail/stunnel-users/2004-September/37.html See also https://mail.internet2.edu/wws/arc/shibboleth-users/2004-01/msg00124.html Unfortunately, OpenSSL doesn't really give useful error messages. Restarting radiusd fixed it. That says to me there's a memory corruption issue.. maybe back-porting the thread locks from CVS head to 1.1.x would help. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Server stopped responding, throwing multiple SSL-related errors
On 10/23/06, King, Michael [EMAIL PROTECTED] wrote: Sounds very similar to my thread titled SSL_read failed in a system call from last week. Yeah... The reason I opened a new thread rather then just appending to yours was the new error that I didn't see in your log snippets: SSL3_GET_MESSAGE:excessive message size -Ben - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Windows Vista doing PEAP
Got this patch to work with 1.1.3 without seg faulting... I've sent Alan the debug output. Can download it here: http://bengal.missouri.edu/~dourtyb/freeradius/vista.patch Index: src/modules/rlm_eap/rlm_eap.c === RCS file: /source/radiusd/src/modules/rlm_eap/rlm_eap.c,v retrieving revision 1.26.2.1.2.1 diff -u -r1.26.2.1.2.1 rlm_eap.c --- src/modules/rlm_eap/rlm_eap.c 6 Feb 2006 16:23:52 - 1.26.2.1.2.1 +++ src/modules/rlm_eap/rlm_eap.c 18 Oct 2006 21:15:45 - @@ -338,6 +338,7 @@ * We are done, wrap the EAP-request in RADIUS to send * with all other required radius attributes */ + DEBUG2(VISTA[%s:%d]: here, __func__, __LINE__); rcode = eap_compose(handler); /* @@ -515,6 +516,7 @@ * We are done, wrap the EAP-request in RADIUS to send * with all other required radius attributes */ + DEBUG2(VISTA[%s:%d]: here, __func__, __LINE__); rcode = eap_compose(handler); /* Index: src/modules/rlm_eap/eap.c === RCS file: /source/radiusd/src/modules/rlm_eap/eap.c,v retrieving revision 1.52.4.1 diff -u -r1.52.4.1 eap.c --- src/modules/rlm_eap/eap.c 6 Feb 2006 16:23:49 - 1.52.4.1 +++ src/modules/rlm_eap/eap.c 18 Oct 2006 21:15:45 - @@ -1,4 +1,4 @@ -/* + /* * eap.crfc2284 rfc2869 implementation * * Version: $Id: eap.c,v 1.52.4.1 2006/02/06 16:23:49 nbk Exp $ @@ -382,7 +382,10 @@ eap_packet_t*hdr; uint16_t total_length = 0; - if (reply == NULL) return EAP_INVALID; + if (reply == NULL) { + DEBUG2(VISTA[%s:%d]: eap_wireformat invalid, __func__, __LINE__); + return EAP_INVALID; + } total_length = EAP_HEADER_LEN; if (reply-code 3) { @@ -469,6 +472,8 @@ * mentioned restriction. */ reply-id = handler-eap_ds-response-id; + DEBUG2(VISTA[%s:%d]: reply-id %d, __func__, __LINE__, reply-id); + DEBUG2(VISTA[%s:%d]: reply-code %d, __func__, __LINE__,reply-code); switch (reply-code) { /* @@ -506,16 +511,20 @@ * that the TTLS and PEAP modules can call it to do most * of their dirty work. */ + DEBUG2(VISTA[%s:%d]: eap-request-code %d, __func__, __LINE__, eap_ds-request-code); + DEBUG2(VISTA[%s:%d]: eap-request-type.type %d, __func__, __LINE__, eap_ds-request-type.type); + DEBUG2(VISTA[%s:%d]: handler-eap_type %d, __func__, __LINE__, handler-eap_type); + if (((eap_ds-request-code == PW_EAP_REQUEST) || (eap_ds-request-code == PW_EAP_RESPONSE)) (eap_ds-request-type.type == 0)) { rad_assert(handler-eap_type = PW_EAP_MD5); rad_assert(handler-eap_type = PW_EAP_MAX_TYPES); + DEBUG2(VISTA[%s:%d]: Setting EAP type, __func__, __LINE__); eap_ds-request-type.type = handler-eap_type; } - if (eap_wireformat(reply) == EAP_INVALID) { return RLM_MODULE_INVALID; } @@ -598,6 +607,8 @@ break; } + DEBUG2(VISTA[%s:%d]: rcode %d, __func__, __LINE__, rcode); + return rcode; } -Original Message- From: freeradius-users- [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Phil Mayers Sent: Friday, October 20, 2006 6:42 PM To: FreeRadius users mailing list Subject: Re: Windows Vista doing PEAP Josh Howlett wrote: Again, I have no idea why it's core dumping. It shouldn't be. I don't have Vista, and I can't debug this issue myself. It's up to you. Sorry - I've come late to this thread. Do we have a general problem with Vista failing to authenticate against FR, or is this just one instance failing, and we know of other instances where it is working? It's a general problem. Sadly the netsh ras set tracing * enable thing seems not to be present or work under the vista RCs we've looked at and there was little of value in the event logs so the cause is somewhat hard to pin down. It's definitely PEAP (as opposed to EAP-TLS) related. Knowing MS they've made a TLV that was previously optional, mandatory, or similar. Given the problems seems to be windows-centred, someone with more windows experience may need to get info from the client as to why *it* thinks things are going awry - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ssl header file skips from test
When i try to configure freeradius, the ssl header file skips from the test. As it skips, the rlm_eap_tls fails which i need it for implementation. -bash-3.00# ./configure --enable-slapd=no -enable-slurpd=no --with-threads=no configure: warning: snmpget not found - Simultaneous-Use and checkrad.pl may not work configure: warning: snmpwalk not found - Simultaneous-Use and checkrad.pl may not work configure: warning: skipping test for openssl/ssl.h configure: warning: silently not building rlm_eap_ttls. configure: warning: FAILURE: rlm_eap_ttls requires: OpenSSL. configure: warning: silently not building rlm_eap_tls. configure: warning: FAILURE: rlm_eap_tls requires: OpenSSL. configure: warning: silently not building rlm_eap_peap. configure: warning: FAILURE: rlm_eap_peap requires: OpenSSL. When i ran rpm -qa | grep openssl, i could see openssl installed by default linux installation: openssl-devel-0.9.7a-43.8 xmlsec1-openssl-1.2.6-3 openssl-0.9.7a-43.8 But i couldnt find the header files or other stuff other than openssl executable file. Thanks, Kartthik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[RE]Freeradius-Users Digest, Vol 18, Issue 98
While configuring freeradius on RHEL 4, got the below error message: ./configure --enable-slapd=no -enable-slurpd=no --with-threads=no > conffr.log configure: warning: snmpget not found - Simultaneous-Use and checkrad.pl may not work configure: warning: snmpwalk not found - Simultaneous-Use and checkrad.pl may not work configure: warning: skipping test for openssl/ssl.h configure: warning: silently not building rlm_eap_ttls. configure: warning: FAILURE: rlm_eap_ttls requires: OpenSSL. configure: warning: silently not building rlm_eap_tls. configure: warning: FAILURE: rlm_eap_tls requires: OpenSSL. configure: warning: silently not building rlm_eap_peap. configure: warning: FAILURE: rlm_eap_peap requires: OpenSSL i knew that openssl is necessary as i need to use rlm_eap_tls module. The openssl rpm is installed under default linux installation: rpm -qa | grep openssl openssl-devel-0.9.7a-43.8 xmlsec1-openssl-1.2.6-3 openssl-0.9.7a-43.8 Can someone guide me here to resolve this issue. thanks in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html