test
My Apologize for this email. I made confirmation days ago but not sure if I can send email to this group Sincerely -bino- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Question : EAP-SIM without RANDs, SRESs, KCs ?
Dear All
I found same problem of old topic posted back in Feb-2012
For ref :
http://lists.freeradius.org/pipermail/freeradius-users/2012-February/058868.html
I think the faulty lines (from debug) is :
-START-
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type sim
can not initiate sim, no RAND1 attribute
[eap] Default EAP type sim failed in initiate
[eap] Failed in EAP select
-STOP--
Look like The device didn\'t send :
RAND1, RAND2, RAND3
SRES1, SRES2, SRES3
KC1, KC2, KC3
Expected by FreeRadius EAP-SIM
Am I right ?
If so, How to fix it ?
Sincerely
-bino-
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: output attributes in free-radius
2013/1/29 Lakshmi Narayana Baliah lb0074...@techmahindra.com: Hi All, How can i define output attributes in free-radius? Any help would be appreciated. I'm no expert on this, but maybe adding a custom dictionary? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question : EAP-SIM without RANDs, SRESs, KCs ?
b...@indoakses-online.com wrote: I found same problem of old topic posted back in Feb-2012 For ref : http://lists.freeradius.org/pipermail/freeradius-users/2012-February/058868.html ... Look like The device didn\'t send : ... If so, How to fix it ? Fix the device. You can't fix it by poking FreeRADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Best way to apply default profile
This is the scenario that I have freeradius with LDAP for authentication and authorization and SQL for accounting. I want to try and force every user to have a default profile that will allow them to only use our local SMTP server. I also have some businesses that I will need to exclude from this profile and allow to them send SMTP traffic anywhere. What is the best way to go about this? Should I put the options in the users file and then create an entry for the select users in SQL and have it pull the separate profile from there? These are the options and profiles that I would like to apply; ### Allow local SMTP only ### acl_permit_local_smtp Cisco-AVPair += ip:inacl#100=permit tcp any 24.222.0.16 0.0.0.15 eq 25 acl_permit_local_smtp Cisco-AVPair += ip:inacl#200=deny tcp any any eq 25 acl_permit_lcoal_smtp Cisco-AVPair += ip:inacl#300=permit ip any any acl_permit_lcoal_smtp Fall-Through = Yes ### Allow any SMTP ### acl_permit_all_smtp Cisco-AVPair += ip:inacl#90=permit tcp any any eq 25 acl_permit_all_smtp Fall-Through = Yes I am just looking for the best way to do this. Thanks, Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question : EAP-SIM without RANDs, SRESs, KCs ?
... Look like The device didn\\\'t send : ... If so, How to fix it ? Fix the device. You can\'t fix it by poking FreeRADIUS. Alan DeKok. Dear Alan What I want to know is it common for device telling AAA that it use EAP-SIM but it don\'t send RAND,SRES, and KC ? I Asking this because Gnubie (Back in 2012) and me (Now) found the same case. If it common, I think it\'ll be great if FreeRadius can adjut to this. but if it un-common, I think I\'ll need to find new device. Sincerely -bino- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question : EAP-SIM without RANDs, SRESs, KCs ?
b...@indoakses-online.com wrote: What I want to know is it common for device telling AAA that it use EAP-SIM but it don\'t send RAND,SRES, and KC ? Read RFC 4186. Those fields are required for EAP-SIM to work. If it common, I think it\'ll be great if FreeRadius can adjut to this. but if it un-common, I think I\'ll need to find new device. Some device manufacturers don't bother reading the specifications. You should ask for your money back. Or, throw the devices in the garbage. If they don't bother to test their device against existing implementations, they might as well be writing code and shipping it as soon as it compiles. They're incompetent, and uncaring. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Best way to apply default profile
Chris Taylor wrote: This is the scenario that I have freeradius with LDAP for authentication and authorization and SQL for accounting. I want to try and force every user to have a default profile that will allow them to only use our local SMTP server. I also have some businesses that I will need to exclude from this profile and allow to them send SMTP traffic anywhere. What is the best way to go about this? Should I put the options in the users file and then create an entry for the select users in SQL and have it pull the separate profile from there? You can put profiles in LDAP. See the rlm_ldap documentation. You can put users into groups, and apply profiles to each group. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question : EAP-SIM without RANDs, SRESs, KCs ?
Read RFC 4186. Those fields are required for EAP-SIM to work. If it common, I think it\\\'ll be great if FreeRadius can adjut to this. but if it un-common, I think I\\\'ll need to find new device. Some device manufacturers don\'t bother reading the specifications. You should ask for your money back. Or, throw the devices in the garbage. Dear Alan and All My Apologize. I think all the needed data is there. I Just need to use some kind of SIM-Reader and software like AGSM to find all the data and put it in my user db Just for ref : ++ Page/slide #23 of http://agsm.sourceforge.net/talk/EAP-SIM.ppt And the screenshoot at http://agsm.sourceforge.net/screenshots/agsm-3gpp-aka.png I Really appreciate your help Sincerely -bino- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question : EAP-SIM without RANDs, SRESs, KCs ?
b...@indoakses-online.com wrote: My Apologize. I think all the needed data is there. The EAP-SIM code disagrees with you. And since you haven't bothered read the specifications, or the code, or running the server in debugging mode as suggested in the FAQ, web pages, man page, and daily on this list... you're not thinking correctly. I Really appreciate your help No, you don't. I've explained, and you've told me I'm wrong. This isn't being appreciative. This is being argumentative. You're so smart that you know more about EAP-SIM than the code, the specifications, and the people on this list. You don't need any help to solve this problem, as you already know all of the answers. You're wasting everyones time by being rude. Stop it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: can't seem to authenticate only from windows 7 laptops
The problem was a windows 7 default configuration which it uses system credential instead of user providing information. Thanks! From: freeradius-users-bounces+dwkim0213=kglory.co...@lists.freeradius.org [mailto:freeradius-users- bounces+dwkim0213=kglory.co...@lists.freeradius.org] On Behalf Of 김동욱 Sent: Thursday, January 31, 2013 10:53 AM To: freeradius-users@lists.freeradius.org Subject: can't seem to authenticate only from windows 7 laptops Hi, I’m new to the list and freeRADIUS. I’ve encountered a problem while I’m trying to build a wireless network environment using freeRADIUS. I’ve setup a custom wireless router using Openwrt and freeRADIUS with Mysql. I have a couple of wireless clients - smartphones, laptops (win7, win8, mac) From windows 8 station, mac and smartphones I can access to wireless router successfully authenticating through freeradius, while I can’t seem to authenticate from windows 7 clients. I’ve checked the error logs from radius server and windows 7 client is sending their computer-name as an username instead of the one I entered. I don’t have any domain controller nor am I using certificate right now. Any suggestion? Thanks, D Kim attachment: 김동욱.vcf- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question : EAP-SIM without RANDs, SRESs, KCs ?
Dear Alan and All I Really sorry b...@indoakses-online.com wrote: My Apologize. I think all the needed data is there. The EAP-SIM code disagrees with you. And since you haven\'t bothered read the specifications, or the code, or running the server in debugging mode as suggested in the FAQ, web pages, \man\ page, and daily on this list... you\'re not thinking correctly. May be I have to replace \'I Think\' with \'I Guest\' Yes I read that RFC before I post the question, I Also run the server in debug mode as Sugested. I just didn\'t post my debug to the list since it\'s (more or less) the same as the one posted by gnubie I Really appreciate your help No, you don\'t. I\'ve explained, and you\'ve told me I\'m wrong. This isn\'t being appreciative. This is being argumentative. You\'re so smart that you know more about EAP-SIM than the code, the specifications, and the people on this list. You don\'t need any help to solve this problem, as you already know all of the answers. You\'re wasting everyones time by being rude. Stop it. I don\'t know what and How to say. I Read the specification but I don\'t understand it, thats why I came to this list .. wish to got more knowledge. While waiting response from the list, I keep reading and hunt for more docs. And Sir, Could you please help me to evaluate my manner by point me my rudeness? I really need it. It\'s ok for me if you do it in public, but if you think it\'ll ruin the list I\'ll more then happy if you send me private email. Sincerely -bino- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question : EAP-SIM without RANDs, SRESs, KCs ?
You see to have a problem understanding me. I will try one last time to explain. If you keep arguing, you will be be unsubscribed, and banned from the list. FreeRADIUS says that data is missing from EAP-SIM. It needs that data to do EAP-SIM. If you don't understand that, then you don't understand anything. If you think the data is really there, you're wrong. You're being rude by asking a question, and then arguing with the answer. You're not a RADIUS expert. You're not an EAP-SIM expert. Yet you refuse to believe the messages from FreeRADIUS, and you refuse to believe the answers I've given you. You're obsessed with believing messages from shitty software that doesn't work. You're refusing to believe messages from the worlds best RADIUS server. You're refusing to believe answers from one of the world experts in RADIUS. You're respecting the author of crappy software more that you're respecting me. That's rude, annoying, and ignorant. Stop it. And don't email me privately. I've already given you my answers, and they won't change in private email. And stop arguing. It will only get you banned. I've had it with people who ask questions and argue about the answers. If you're so damned smart, go fix the problem yourself. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
