Proxy requests....
Title: Proxy requests Hi all, I have 3 computers. Computer 1 - Realm A Computer 2 - PROXY Computer 3 - Realm B What should I place in the proxy.conf of computer 1 and computer 2 ??? The goal is to kick the request to the proxy whenver it's need. The PROXY is only machine that knows REALM A and REALM B. The computer 1 doesn't know where is REALM B and vice-versa, so all of this requests should be kicked to the COMPUTER 2 (PROXY) and after that kicked to the right REALM/COMPUTER. Thanks all. Regards, Hugo Sousa
dialupAccess attribute - access denied by default
Title: dialupAccess attribute - access denied by default Does anyone know why does this message dialupAccess attribute - access denied by default appears? rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=office,dc=netsystems,dc=PT, with filter (sAMAccountName=hugo.sousa) rlm_ldap: no dialupAccess attribute - access denied by default rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns userlock for request 28 Regards, Hugo Sousa SysAdmin / NetworkAdmin http://www.netsystems.pt Portugal
RE: LDAP (continued...)
Problem solved. I downloaded LDAP browser from SOFTerra and saw all the info that I need. The correct is: CN=Administrator,CN=Users,DC=office,DC=netsystems,DC=pt Regards, Hugo Sousa SysAdmin / NetworkAdmin http://www.netsystems.pt Portugal -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dustin Doris Sent: sexta-feira, 10 de Setembro de 2004 15:59 To: [EMAIL PROTECTED] Subject: RE: LDAP (continued...) Install windows 2000 support tools, if you don't have them installed already. You'll have to check your server CDs or microsoft's website to find them. Once you have Windows 2000 Support Tools installed login to the AD machine as the administrator. Then go to Control Panel, Administrative Tools, Windows 2000 Support Tools, Tools, and finally ADSI Edit. That will give you a view into the LDAP tree of your server. As suggested in a previous post, it looks like the users are stored in cn=users as default, so if you didn't change anything when you set it up, you may want to just give that a shot. Hope that is helpful. Dusty Doris On Fri, 10 Sep 2004, sousa.hugo wrote: I don't have an LDAP browser. It's a simple Windows 2000 Server with AD installed. How can I install the LDAP browser so that my FR works? Please give me an ideia :-) -Original Message- From: [EMAIL PROTECTED] on behalf of Dustin Doris Sent: Fri 9/10/2004 1:27 AM To: [EMAIL PROTECTED] Cc: Subject: RE: LDAP (continued...) On Thu, 9 Sep 2004, sousa.hugo wrote: I'm using the Domain ADMINISTRATOR account, so it should have access to everything. I think the problem is in one of this lines: identity = cn=administrator,dc=office,dc=netsystems,dc=pt password = password basedn = dc=office,dc=netsystems,dc=PT Yes that is where the problem is. Is the syntax incorrect? My domain is called office.netsystems.pt. The syntax is correct. However, are you sure that is the correct info for that user? Do you have access to an ldap browser on that machine that will show the tree for you? -Original Message- From: [EMAIL PROTECTED] on behalf of Dustin Doris Sent: Thu 9/9/2004 7:40 PM To: [EMAIL PROTECTED] Cc: Subject: Re: LDAP (continued...) My Windows 2000 domain is office.netsystems.pt. The user I'm using is administrator. Does this user actually exist in your ldap directory with that password? You will need to find a user that exists in your AD that has read access to the part of the tree your users are in. Is this wrong? ldap { server = 192.168.2.1 identity = cn=administrator,dc=office,dc=netsystems,dc=pt password = password basedn = dc=office,dc=netsystems,dc=PT filter = (uid=%{Stripped-User-Name:-%{User-Name}}) # base_filter = (objectclass=radiusprofile) (.) } Something is wrong because I'm getting: rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf rlm_ldap: (re)connection attempt failed rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns fail for request 0 What should I change to correct this problem? Thanks. Regards, Hugo Sousa - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
Title: rlm_mschap: FAILED: MS-CHAP2-Response is incorrect Continuing my quest to integrate freeradius with Active Directory here goes another problem! Did anyone already had this problem? rlm_ldap: - authorize rlm_ldap: performing user authorization for hugo.sousa radius_xlat: '(sAMAccountName=hugo.sousa)' radius_xlat: 'dc=office,dc=netsystems,dc=PT' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=office,dc=netsystems,dc=PT, with filter (sAMAccountName=hugo.sousa) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user hugo.sousa authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns ok for request 7 modcall: group authorize returns updated for request 7 rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 7 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for hugo.sousa with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module mschap returns reject for request 7 modcall: group Auth-Type returns reject for request 7 rlm_eap: Freeing handler modcall[authenticate]: module eap returns reject for request 7 modcall: group authenticate returns reject for request 7 auth: Failed to validate the user. PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE Regards, Hugo Sousa SysAdmin / NetworkAdmin http://www.netsystems.pt Portugal
RE: rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
Are you talking about this: #ntlm_auth = /path/to/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00} There is no other way to perform authentication on the Domain Controller ? Regards, Hugo Sousa SysAdmin / NetworkAdmin http://www.netsystems.pt Portugal -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Griego Sent: sexta-feira, 10 de Setembro de 2004 17:30 To: [EMAIL PROTECTED] Subject: Re: rlm_mschap: FAILED: MS-CHAP2-Response is incorrect For the type of configuration you're trying to use (PEAP/EAP-MSCHAPv2 with Active Directory), you'll need to use the ntlm_auth hooks in the mschap module. --Mike On Fri, 2004-09-10 at 11:12, Hugo Sousa wrote: Continuing my quest to integrate freeradius with Active Directory. here goes another problem! Did anyone already had this problem? rlm_ldap: - authorize rlm_ldap: performing user authorization for hugo.sousa radius_xlat: '(sAMAccountName=hugo.sousa)' radius_xlat: 'dc=office,dc=netsystems,dc=PT' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=office,dc=netsystems,dc=PT, with filter (sAMAccountName=hugo.sousa) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user hugo.sousa authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns ok for request 7 modcall: group authorize returns updated for request 7 rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 7 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for hugo.sousa with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module mschap returns reject for request 7 modcall: group Auth-Type returns reject for request 7 rlm_eap: Freeing handler modcall[authenticate]: module eap returns reject for request 7 modcall: group authenticate returns reject for request 7 auth: Failed to validate the user. PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE Regards, Hugo Sousa SysAdmin / NetworkAdmin http://www.netsystems.pt Portugal -- --Mike --- Michael Griego Wireless LAN Project Manager The University of Texas at Dallas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
But if the domain controller uses LDAP, why do we have to use LDAP and after that ntlm_auth ??? I just want to understand why. Btw.. (I'm already compiling Samba to have nmbd, etc) Regards, Hugo Sousa SysAdmin / NetworkAdmin http://www.netsystems.pt Portugal -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: sexta-feira, 10 de Setembro de 2004 19:10 To: [EMAIL PROTECTED] Subject: Re: rlm_mschap: FAILED: MS-CHAP2-Response is incorrect Hugo Sousa [EMAIL PROTECTED] wrote: Are you talking about this: #ntlm_auth = /path/to/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00} Yes. There is no other way to perform authentication on the Domain Controller ? No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
Does that mean that I don't need to use the LDAP modules on FreeRadius and use only the ntlm_auth? Is is enough? Regards, Hugo Sousa SysAdmin / NetworkAdmin http://www.netsystems.pt Portugal -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: sexta-feira, 10 de Setembro de 2004 19:21 To: [EMAIL PROTECTED] Subject: Re: rlm_mschap: FAILED: MS-CHAP2-Response is incorrect Hugo Sousa [EMAIL PROTECTED] wrote: But if the domain controller uses LDAP, why do we have to use LDAP and after that ntlm_auth ??? Because Active Directory isn't LDAP in the same way that other LDAP servers are LDAP. You can't get NT-Passwords from AD, you can get it from other LDAP servers. Therefore, you can't get FreeRADIUS to compare a known good password to the password in the Access-Request, you've got to use something else. In this case, NT domain authentication does MS-CHAP, so FreeRADIUS can use ntlm_auth to do MS-CHAP to the NT domain, and thus authenticate the user. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
I'm storing user information on the Windowze Active Directory, ONLY. So, LDAP doesn't apply, right ??? Regards, Hugo Sousa SysAdmin / NetworkAdmin http://www.netsystems.pt Portugal -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: sexta-feira, 10 de Setembro de 2004 19:51 To: [EMAIL PROTECTED] Subject: Re: rlm_mschap: FAILED: MS-CHAP2-Response is incorrect Hugo Sousa [EMAIL PROTECTED] wrote: Does that mean that I don't need to use the LDAP modules on FreeRadius and use only the ntlm_auth? Is is enough? That depends on what you're trying to do. If you're not storing user information in LDAP, you don't need to run LDAP. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Handler failed in EAP/peap
Sorry for the delayed reply. I didn't understand where the problem is. Anyone could be kind to help me??! Regards, Hugo Sousa SysAdmin / NetworkAdmin http://www.netsystems.pt Portugal -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Willey Kurt D Sent: segunda-feira, 16 de Agosto de 2004 14:44 To: [EMAIL PROTECTED] Subject: RE: Handler failed in EAP/peap The error is higher up the debug output -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hugo Sousa Sent: Sunday, August 15, 2004 2:06 PM To: [EMAIL PROTECTED] Subject: Handler failed in EAP/peap Hi all, I'm having a problem in the EAP/PEAP part, I think. I'm trying to authorize a Windows XP SP2 on my RADIUS, and the following problem ocurs: What could be the problem? (auth type = TLS). rad_recv: Access-Request packet from host 192.168.2.4:2048, id=0, length=168 User-Name = root NAS-IP-Address = 192.168.2.4 Called-Station-Id = 000f66574649 Calling-Station-Id = 0020ed792d18 NAS-Identifier = 000f66574649 NAS-Port = 12 Framed-MTU = 1400 State = 0x05b373c1c76de7ad819b9f5d89fd2526 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020800261900170301001b7ef3a5621ca382d03693d3be7d598f1c06d06d45d122b26e2300 e2 Message-Authenticator = 0x582cee4856acc3a537c315ea71327ea9 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module preprocess returns ok for request 8 modcall[authorize]: module chap returns noop for request 8 modcall[authorize]: module mschap returns noop for request 8 rlm_realm: No '@' in User-Name = root, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 8 rlm_eap: EAP packet type response id 8 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 8 users: Matched DEFAULT at 152 modcall[authorize]: module files returns ok for request 8 modcall: group authorize returns updated for request 8 rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module eap returns invalid for request 8 modcall: group authenticate returns invalid for request 8 auth: Failed to validate the user. Delaying request 8 for 1 seconds Finished request 8 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Sending Access-Reject of id 0 to 192.168.2.4:2048 EAP-Message = 0x04080004 Message-Authenticator = 0x Cleaning up request 8 ID 0 with timestamp 411f48d0 Nothing to do. Sleeping until we see a request. Regards, Hugo Sousa SysAdmin / NetworkAdmin http://www.netsystems.pt Portugal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_eap: Handler failed in EAP/peap
Title: rlm_eap: Handler failed in EAP/peap Hello, I'm trying to authenticate a XP SP2. I'm using, for testing only, the root username and password. And the result is on the bottom. What could be the problem? Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.2.14:2050, id=0, length=168 User-Name = root NAS-IP-Address = 192.168.2.14 Called-Station-Id = 000f6645db2a Calling-Station-Id = 0020ed792d18 NAS-Identifier = 000f6645db2a NAS-Port = 12 Framed-MTU = 1400 State = 0x9ffc28e6266e915f48a2c65201988172 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020800261900170301001bdc0d980a2faf3b259a1c839845feaee7fa20acda7735f5da62fb21 Message-Authenticator = 0xc1149f0adc27f8d6973700ddb42b51ab Processing the authorize section of radiusd.conf modcall: entering group authorize for request 78 modcall[authorize]: module preprocess returns ok for request 78 modcall[authorize]: module chap returns noop for request 78 modcall[authorize]: module mschap returns noop for request 78 rlm_realm: No '@' in User-Name = root, looking up realm NULL rlm_realm: Found realm NULL rlm_realm: Adding Stripped-User-Name = root rlm_realm: Proxying request from user root to realm NULL rlm_realm: Adding Realm = NULL rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module suffix returns noop for request 78 rlm_eap: EAP packet type response id 8 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 78 users: Matched DEFAULT at 152 modcall[authorize]: module files returns ok for request 78 modcall: group authorize returns updated for request 78 rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 78 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module eap returns invalid for request 78 modcall: group authenticate returns invalid for request 78 auth: Failed to validate the user. Delaying request 78 for 1 seconds Finished request 78 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 0 to 192.168.2.14:2050 EAP-Message = 0x04080004 Message-Authenticator = 0x Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 78 ID 0 with timestamp 413fce87 Nothing to do. Sleeping until we see a request. Regards, Hugo Sousa SysAdmin / NetworkAdmin http://www.netsystems.pt Portugal
RE: rlm_eap: Handler failed in EAP/peap
rlm_realm: Found realm NULL rlm_realm: Adding Stripped-User-Name = root rlm_realm: Proxying request from user root to realm NULL rlm_realm: Adding Realm = NULL rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module suffix returns noop for request 8 rlm_eap: EAP packet type response id 8 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 8 users: Matched DEFAULT at 152 modcall[authorize]: module files returns ok for request 8 modcall: group authorize returns updated for request 8 rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module eap returns invalid for request 8 modcall: group authenticate returns invalid for request 8 auth: Failed to validate the user. Delaying request 8 for 1 seconds Finished request 8 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Sending Access-Reject of id 0 to 192.168.2.14:2050 EAP-Message = 0x04080004 Message-Authenticator = 0x Cleaning up request 8 ID 0 with timestamp 413ff760 Nothing to do. Sleeping until we see a request. Regards, Hugo Sousa SysAdmin / NetworkAdmin http://www.netsystems.pt Portugal -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Griego Sent: quinta-feira, 9 de Setembro de 2004 14:31 To: [EMAIL PROTECTED] Subject: Re: rlm_eap: Handler failed in EAP/peap Try sending the *entire* debug output. You're only sending the part that occurs *after* the *real* error. The true error is happening earlier in the authentication sequence. --Mike On Thu, 2004-09-09 at 08:21, Hugo Sousa wrote: Hello, I'm trying to authenticate a XP SP2. I'm using, for testing only, the root username and password. And the result is on the bottom. What could be the problem? Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.2.14:2050, id=0, length=168 User-Name = root NAS-IP-Address = 192.168.2.14 Called-Station-Id = 000f6645db2a Calling-Station-Id = 0020ed792d18 NAS-Identifier = 000f6645db2a NAS-Port = 12 Framed-MTU = 1400 State = 0x9ffc28e6266e915f48a2c65201988172 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020800261900170301001bdc0d980a2faf3b259a1c839845feaee7fa20acda7735f5da62fb 21 Message-Authenticator = 0xc1149f0adc27f8d6973700ddb42b51ab Processing the authorize section of radiusd.conf modcall: entering group authorize for request 78 modcall[authorize]: module preprocess returns ok for request 78 modcall[authorize]: module chap returns noop for request 78 modcall[authorize]: module mschap returns noop for request 78 rlm_realm: No '@' in User-Name = root, looking up realm NULL rlm_realm: Found realm NULL rlm_realm: Adding Stripped-User-Name = root rlm_realm: Proxying request from user root to realm NULL rlm_realm: Adding Realm = NULL rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module suffix returns noop for request 78 rlm_eap: EAP packet type response id 8 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 78 users: Matched DEFAULT at 152 modcall[authorize]: module files returns ok for request 78 modcall: group authorize returns updated for request 78 rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 78 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module eap returns invalid for request 78
RE: rlm_eap: Handler failed in EAP/peap
How can I do that in the users file? The root user is a Linux user. Btw... How can I redirect the users from a REALM to an LDAP server? Regards Hugo Sousa SysAdmin / NetworkAdmin http://www.netsystems.pt Portugal -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Griego Sent: quinta-feira, 9 de Setembro de 2004 16:03 To: [EMAIL PROTECTED] Subject: RE: rlm_eap: Handler failed in EAP/peap rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for root with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect Your problem lies in the error messages above. You need to specify either a plain-text User-Password or an NT-Password for the user in the users file. -- --Mike --- Michael Griego Wireless LAN Project Manager The University of Texas at Dallas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP
Title: LDAP Hi, I have an Active Directory (LDAP) domain called office.systems.pt . How can I configure FR to validate users against this Windows 2000 AD Server? Can you show me all the configs that I have to make on the .conf files? I'm trying to do this from scratch but it's very difficult for a first time user of FR ... Regards, Hugo Sousa SysAdmin / NetworkAdmin http://www.netsystems.pt Portugal
LDAP (continued...)
Title: LDAP (continued...) My Windows 2000 domain is office.netsystems.pt. The user I'm using is administrator. Is this wrong? ldap { server = 192.168.2.1 identity = cn=administrator,dc=office,dc=netsystems,dc=pt password = password basedn = dc=office,dc=netsystems,dc=PT filter = (uid=%{Stripped-User-Name:-%{User-Name}}) # base_filter = (objectclass=radiusprofile) () } Something is wrong because I'm getting: rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf rlm_ldap: (re)connection attempt failed rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns fail for request 0 What should I change to correct this problem? Thanks. Regards, Hugo Sousa