RE: FreeRadius, Cisco WLC, configuration
Jalil, Refer to this page as it will be extremely helpful! http://www.cisco.com/en/US/products/ps6307/products_tech_note09186a0080870334.shtml James Taylor From: freeradius-users-bounces+jtaylor=fcip@lists.freeradius.org [mailto:freeradius-users-bounces+jtaylor=fcip@lists.freeradius.org] On Behalf Of Aziz, Jalil Sent: Tuesday, October 13, 2009 2:12 PM To: FreeRadius users mailing list Subject: FreeRadius, Cisco WLC, configuration Hello all, I need help with FreeRadius and Cisco's WLC. Anyone ever did this deployment before? Please help. Regards, Jalil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRadius, MySQL, MAC Authentication w/ Dynamic VLAN
Found the error and resolved the issues. Thanks. Turns out that I had a typo and the follow WAS required: Cleartext-Password was changed to User-Password Auth-Type (Had to be included) Once these items were changed back to match my Users file from my other system (this test box is NOT using a users file) everything worked perfectly. James Taylor FCIP Networks LLC Tel: 415.385.4692 Fax: 415.358.9612 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Taylor Sent: Monday, August 18, 2008 10:19 AM To: FreeRadius users mailing list Subject: RE: FreeRadius, MySQL, MAC Authentication w/ Dynamic VLAN Attached is a debug from a recent authorization request for mySQL DB to replace a working users.conf file. I've been playing with this for sometime now and as everything is starting to blur wanted to see if anyone had an idea on what I could try to resolve this issue of my users not gaining access to the network via RADIUS/MySQL. Thank you all! rad_recv: Access-Request packet from host 10.0.0.100:32768, id=71, length=158 User-Name = "00904b727f03" Called-Station-Id = "00-22-90-5e-38-10:NCIS-WiFi" Calling-Station-Id = "00-90-4b-72-7f-03" NAS-Port = 1 NAS-IP-Address = 10.0.0.100 NAS-Identifier = "NCIS-WLAN-4402" Airespace-Wlan-Id = 1 User-Password = "00904b727f03" Service-Type = Call-Check Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 radius_xlat: '00904b727f03' rlm_sql (sql): sql_set_user escaped user --> '00904b727f03' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '00904b727f03' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql: Failed to create the pair: Unknown attribute "Cleartext-Password" rlm_sql (sql): Error getting data from database rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns fail for request 0 modcall: leaving group authorize (returns fail) for request 0 Finished request 0 Going to the next request As you can see there are the rlm_sql: Failed to create the pair: Unknown attribute "Cleartext-Password" - is this correct? Rlm_sql (sql): Error getting data from database I will continue debugs and I look forward to a possible solution or guiding answer! thanks! James Taylor FCIP Networks LLC Tel: 415.385.4692 Fax: 415.358.9612 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Thursday, August 14, 2008 1:35 AM To: FreeRadius users mailing list Subject: Re: FreeRadius, MySQL, MAC Authentication w/ Dynamic VLAN James Taylor wrote: > I am currently tasked with a new project where I have been asked to move > our currently working ‘users’ file into a manageable MySQL DB (we have > over 500 user entries so it’s understandable). Below you will find a > currently working entry from the ‘users’ file. > > /Mac-addresss/ Auth-Type := local, User-Password == "/password/" Don't set Auth-Type. Use: Mac-address Cleartext-Password := "password" > Calling-Station-ID == "/mac-address/", You should use '=', not '==' here. > As you can tell this is a wireless user and of course I have the > dictionary attributes added (like I said it is currently a working users > file) but my question is how to take this information and add it to the > MySQL radius.radcheck database? From what I am seeing the ID is a > primary key and must be unique and there is only one attribute field. I > may be asking this incorrectly but, does the DB read the rows starting > with the ID 1 being the first user and continue down until the next user > entry and return all the rows into Radius for authentication? It looks for matching entries. See doc/rlm_sql. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRadius, MySQL, MAC Authentication w/ Dynamic VLAN
Attached is a debug from a recent authorization request for mySQL DB to replace a working users.conf file. I've been playing with this for sometime now and as everything is starting to blur wanted to see if anyone had an idea on what I could try to resolve this issue of my users not gaining access to the network via RADIUS/MySQL. Thank you all! rad_recv: Access-Request packet from host 10.0.0.100:32768, id=71, length=158 User-Name = "00904b727f03" Called-Station-Id = "00-22-90-5e-38-10:NCIS-WiFi" Calling-Station-Id = "00-90-4b-72-7f-03" NAS-Port = 1 NAS-IP-Address = 10.0.0.100 NAS-Identifier = "NCIS-WLAN-4402" Airespace-Wlan-Id = 1 User-Password = "00904b727f03" Service-Type = Call-Check Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 radius_xlat: '00904b727f03' rlm_sql (sql): sql_set_user escaped user --> '00904b727f03' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '00904b727f03' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql: Failed to create the pair: Unknown attribute "Cleartext-Password" rlm_sql (sql): Error getting data from database rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns fail for request 0 modcall: leaving group authorize (returns fail) for request 0 Finished request 0 Going to the next request As you can see there are the rlm_sql: Failed to create the pair: Unknown attribute "Cleartext-Password" - is this correct? Rlm_sql (sql): Error getting data from database I will continue debugs and I look forward to a possible solution or guiding answer! thanks! James Taylor FCIP Networks LLC Tel: 415.385.4692 Fax: 415.358.9612 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Thursday, August 14, 2008 1:35 AM To: FreeRadius users mailing list Subject: Re: FreeRadius, MySQL, MAC Authentication w/ Dynamic VLAN James Taylor wrote: > I am currently tasked with a new project where I have been asked to move > our currently working ‘users’ file into a manageable MySQL DB (we have > over 500 user entries so it’s understandable). Below you will find a > currently working entry from the ‘users’ file. > > /Mac-addresss/ Auth-Type := local, User-Password == "/password/" Don't set Auth-Type. Use: Mac-address Cleartext-Password := "password" > Calling-Station-ID == "/mac-address/", You should use '=', not '==' here. > As you can tell this is a wireless user and of course I have the > dictionary attributes added (like I said it is currently a working users > file) but my question is how to take this information and add it to the > MySQL radius.radcheck database? From what I am seeing the ID is a > primary key and must be unique and there is only one attribute field. I > may be asking this incorrectly but, does the DB read the rows starting > with the ID 1 being the first user and continue down until the next user > entry and return all the rows into Radius for authentication? It looks for matching entries. See doc/rlm_sql. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRadius, MySQL, MAC Authentication w/ Dynamic VLAN
Yes, I think I figured it out I just wanted to know if anyone else has run into any crazy issues doing this and if there were any snags I may be aware of. I attached an example of my theoretical database that I will be implementing in the morning. We'll see! Thank you for the quick reply... if anyone else has a comment please feel free to let me know! ### ##Wired Connections## ### #RADIUS Table: radcheck IDUserName GroupName 1 macaddr VLAN10 #RADIUS Table: radcheck IDUserName: Attribute:Value: Op: 1 macaddr User-Password macaddr == #RADIUS Table: radreply IDUserName: Attribute:Value: Op: 1 macaddr Calling-Station-ID macaddr-from-sw == ###RADIUS Table: radgroupreply# IDGroupName: Attribute: Value: Op: 1 VLAN10Tunnel-Type VLAN = 2 VLAN10Tunnel-Medium-Type IEEE-802 = 3 VLAN10Tunnel-Private-Group-ID 10 = ### ##Wireless Connections ### #RADIUS Table: radcheck IDUserName GroupName 1 macaddr VLAN11 #RADIUS Table: radcheck IDUserName: Attribute:Value: Op: 1 macaddr User-Password nas-password == #RADIUS Table: radreply IDUserName: Attribute:Value: Op: 1 macaddr Calling-Station-ID macaddr-from-sw == ###RADIUS Table: radgroupreply# IDGroupName: Attribute: Value: Op: 1 VLAN11Airespace-Wlan-Id wlan-id-on-controller = 2 VLAN11Airespace-Interace-name wlan-interface-name = 3 VLAN11Tunnel-Type VLAN = 4 VLAN11Tunnel-Medium-Type IEEE-802 = 5 VLAN11Tunnel-Private-Group-ID 11 = James Taylor FCIP Networks From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marinko Tarlac Sent: Thursday, August 14, 2008 12:48 AM To: FreeRadius users mailing list Subject: Re: FreeRadius, MySQL, MAC Authentication w/ Dynamic VLAN http://wiki.freeradius.org/SQL_HOWTO On Thu, Aug 14, 2008 at 9:42 AM, James Taylor <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>> wrote: Hello everyone! I am currently tasked with a new project where I have been asked to move our currently working 'users' file into a manageable MySQL DB (we have over 500 user entries so it's understandable). Below you will find a currently working entry from the 'users' file. Mac-addresss Auth-Type := local, User-Password == "password" Calling-Station-ID == "mac-address", Airespace-Wlan-Id = 5, Airespace-Interface-Name = Wireless WLAN Name, Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE:802, Tunnel-Private-Group-ID = VLAN-ID As you can tell this is a wireless user and of course I have the dictionary attributes added (like I said it is currently a working users file) but my question is how to take this information and add it to the MySQL radius.radcheck database? From what I am seeing the ID is a primary key and
FreeRadius, MySQL, MAC Authentication w/ Dynamic VLAN
Hello everyone! I am currently tasked with a new project where I have been asked to move our currently working 'users' file into a manageable MySQL DB (we have over 500 user entries so it's understandable). Below you will find a currently working entry from the 'users' file. Mac-addresss Auth-Type := local, User-Password == "password" Calling-Station-ID == "mac-address", Airespace-Wlan-Id = 5, Airespace-Interface-Name = Wireless WLAN Name, Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE:802, Tunnel-Private-Group-ID = VLAN-ID As you can tell this is a wireless user and of course I have the dictionary attributes added (like I said it is currently a working users file) but my question is how to take this information and add it to the MySQL radius.radcheck database? From what I am seeing the ID is a primary key and must be unique and there is only one attribute field. I may be asking this incorrectly but, does the DB read the rows starting with the ID 1 being the first user and continue down until the next user entry and return all the rows into Radius for authentication? If you have any possible pointers it would be greatly appreciated! Thank you everyone! James Taylor FCIP Networks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SQL / replacement of users file
Hello list! I think I have an easy one here. I currently am administering several Radius sites for Dynamic VLAN access based on the user id's (HW Address) of workstations. I am wanting to make this process easier to handle and import this data into a SQL database so that I can manage my clients more effectively than using a text based file for the network access control. Is this possible? Can SQL store the appropriate RADIUS information (VLAN ID tags, MAC Address, and Identifiers) so that I don't need to use the USERS file any longer? Any pointers would be greatly appreciated! Thank you all! James - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRadius & Cisco Pix Auth
Never mind... I found it after I attached and sent the config... Thanks Alan for the heads up. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] org] On Behalf Of Alan DeKok Sent: Wednesday, January 11, 2006 2:00 PM To: FreeRadius users mailing list Subject: Re: FreeRadius & Cisco Pix Auth "James Taylor" <[EMAIL PROTECTED]> wrote: > The following shows a debug of what I am seeing on the Radius Server > during the Auth process. Nope. There's a LOT more information printed if you run as "radiusd -X", as suggested in the FAQ, README, and INSTALL. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRadius & Cisco Pix Auth
Sorry about that... here is the extended Debugs. rad_recv: Access-Request packet from host 192.168.42.1:1025, id=66, length=94 User-Name = "jtaylor" NAS-IP-Address = 192.168.42.1 User-Password = "***" NAS-Port = 53 Cisco-AVPair = "ip:source-ip=192.168.43.250" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "jtaylor", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry DEFAULT at line 214 users: Matched entry DEFAULT at line 217 users: Matched entry DEFAULT at line 220 modcall[authorize]: module "files" returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for jtaylor radius_xlat: '(uid=jtaylor)' radius_xlat: 'ou=People,dc=laszlosystems,dc=com' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to intranet.corp.laszlosystems.com:389, authentication 0 rlm_ldap: bind as cn=Manager,dc=laszlosystems,dc=com/Laszl0 to intranet.corp.laszlosystems.com:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=People,dc=laszlosystems,dc=com, with filter (uid=jtaylor) rlm_ldap: Added password *** in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user jtaylor authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type System auth: type "System" ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 66 to 192.168.42.1:1025 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] org] On Behalf Of Alan DeKok Sent: Wednesday, January 11, 2006 2:00 PM To: FreeRadius users mailing list Subject: Re: FreeRadius & Cisco Pix Auth "James Taylor" <[EMAIL PROTECTED]> wrote: > The following shows a debug of what I am seeing on the Radius Server > during the Auth process. Nope. There's a LOT more information printed if you run as "radiusd -X", as suggested in the FAQ, README, and INSTALL. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius & Cisco Pix Auth
Hello everyone… I am trying to use AAA for remote VPN access on a Pix 515E firewall. The following shows a debug of what I am seeing on the Radius Server during the Auth process. Not sure as to why the Radius server is sending an access-reject after it verifies that my user is valid and should be authenticated for remote access. Any pointers would be greatly appreciated. Thank you. James Taylor rad_recv: Access-Request packet from host 192.168.42.1:1025, id=62, length=94 User-Name = "jtaylor" NAS-IP-Address = 192.168.42.1 User-Password = "*" NAS-Port = 49 Cisco-AVPair = "ip:source-ip=192.168.43.250" rlm_ldap: - authorize rlm_ldap: performing user authorization for jtaylor rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: (re)connect to intranet.corp.laszlosystems.com:389, authentication 0 rlm_ldap: bind as cn=Manager,dc=laszlosystems,dc=com/Laszl0 to intranet.corp.laszlosystems.com:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: Added password ** in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user jtaylor authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 rad_recv: Access-Request packet from host 192.168.42.1:1025, id=63, length=94 Sending Access-Reject of id 62 to 192.168.42.1:1025 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: LDAP Authentication
That is what is confusing to me I am not using TLS for LDAP. Currently I am just trying to get basic auth working before I add that complexity. I am able to auth ldap directly on the localhost and via my ldap admin tools without problems. JT -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Seferovic Edvin Sent: Wednesday, October 26, 2005 5:09 PM To: 'FreeRadius users mailing list' Subject: RE: LDAP Authentication Hi, I think that your problem has nothing to do with LDAP.. because .. --- snip --- rlm_ldap: user jtaylor authorized to use remote access --- snip --- Your certificates are not okay.. TLS says that the CA is unknown – TLS Alert read:fatal:unknown CA TLS_accept:failed in SSLv3 read client certificate A Check them... Regards, Edvin From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Taylor Sent: Donnerstag, 27. Oktober 2005 01:26 To: 'FreeRadius users mailing list' Subject: LDAP Authentication I am currently trying to get LDAP authentication to work properly. As I am still learning the ins-and-outs on how all this comes together I am having an issue validating a user with Radius-LDAP. Attached is an example of the debug. Maybe it is just something stupid that I am doing. Thank you for your help! James Taylor EAP-Message = 0x573bea1ceb16030100040e00 Message-Authenticator = 0x State = 0xf666044c26dce30b13ecbacd04693e18 rad_recv: Access-Request packet from host 192.168.43.106:1645, id=126, length=151 User-Name = "jtaylor" Framed-MTU = 1400 Called-Station-Id = "0014.6ae0.3180" Calling-Station-Id = "0040.96a6.d46c" Service-Type = Login-User Message-Authenticator = 0x421ab8418995a7c7b6b94367b0d154d9 EAP-Message = 0x02040011198715030100020230 NAS-Port-Type = Wireless-802.11 NAS-Port = 4082 State = 0xf666044c26dce30b13ecbacd04693e18 NAS-IP-Address = 192.168.43.106 NAS-Identifier = "SAP" rlm_ldap: - authorize rlm_ldap: performing user authorization for jtaylor rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user jtaylor authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 rlm_eap_tls: Length Included TLS Alert read:fatal:unknown CA TLS_accept:failed in SSLv3 read client certificate A 9963:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1052:SSL alert number 48 9963:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:837: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. rlm_eap_tls: BIO_read failed in a system call (-1), TLS session fails. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP Authentication
I am currently trying to get LDAP authentication to work properly. As I am still learning the ins-and-outs on how all this comes together I am having an issue validating a user with Radius-LDAP. Attached is an example of the debug. Maybe it is just something stupid that I am doing. Thank you for your help! James Taylor EAP-Message = 0x573bea1ceb16030100040e00 Message-Authenticator = 0x State = 0xf666044c26dce30b13ecbacd04693e18 rad_recv: Access-Request packet from host 192.168.43.106:1645, id=126, length=151 User-Name = "jtaylor" Framed-MTU = 1400 Called-Station-Id = "0014.6ae0.3180" Calling-Station-Id = "0040.96a6.d46c" Service-Type = Login-User Message-Authenticator = 0x421ab8418995a7c7b6b94367b0d154d9 EAP-Message = 0x02040011198715030100020230 NAS-Port-Type = Wireless-802.11 NAS-Port = 4082 State = 0xf666044c26dce30b13ecbacd04693e18 NAS-IP-Address = 192.168.43.106 NAS-Identifier = "SAP" rlm_ldap: - authorize rlm_ldap: performing user authorization for jtaylor rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user jtaylor authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 rlm_eap_tls: Length Included TLS Alert read:fatal:unknown CA TLS_accept:failed in SSLv3 read client certificate A 9963:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1052:SSL alert number 48 9963:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:837: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. rlm_eap_tls: BIO_read failed in a system call (-1), TLS session fails. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRadius/PEAP
Am I able to use PEAP to auth to UNIX or PAM instead of mscahpv2? Do I do this in the EAP.CONF file? What we are basically trying to do is use FreeRadius to authenticate against our current user database on our linux server while still maintaining the PEAP-TLS security with wireless. Is that even possible? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Josh Howlett Sent: Thursday, October 13, 2005 2:25 PM To: FreeRadius users mailing list Subject: Re: FreeRadius/PEAP James, MSChapv2 needs plaintext or NTLM credentials. You won't be able to do what you're trying. It works with users file because you specify the plaintext. josh. James Taylor wrote: > Hi, > > > > I am trying to secure my wireless connections using PEAP-TLS MSChapv2 to > authenticate users against my Linux /etc/shadow; /etc/password/; and > /etc/group files. I would like to use PAM but UNIX will work too. I do > not want to use the USERS file as it stores passwords in clear text and > that is what we are trying to avoid. > > > > All my tests conclude that this functionality will not work. I am able > to Auth just fine using the USERS file with a username and password. > > > > Any info or direction would be greatly appreciated. > > > > Thank you > > > > James > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius/PEAP
Hi, I am trying to secure my wireless connections using PEAP-TLS MSChapv2 to authenticate users against my Linux /etc/shadow; /etc/password/; and /etc/group files. I would like to use PAM but UNIX will work too. I do not want to use the USERS file as it stores passwords in clear text and that is what we are trying to avoid. All my tests conclude that this functionality will not work. I am able to Auth just fine using the USERS file with a username and password. Any info or direction would be greatly appreciated. Thank you James - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html