Re: segmentation fault
Hi! Hi there, I downloaded freeradius-snapshot-20040317.tar.gz and compiled against openssl-0.9.7d. It produces segmentation fault when I run for TLS authentication. I get also some segmentation fault before. Make sure the radiusd is using the apropriate shared libraries. ldd radiusd Make sure the version of libraries are used that you have compiled it with. For example, my problem was, that radiusd was using openssl0.9.6 however I have compiled it with 0.9.7 and also the so files where loaded... maybe this will help.. P.Zibrita - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco 1200 + OSX + FreeRADIUS
Hi! Okay, I know that PEAP is supported with XP/OSX. What are the options in radiusd.conf I need to configure for PEAP? I have the users file with entries like: kevan Auth-Type := EAP, User-Password == mypassword. Do I still need to install certificates on the client? What are the options on the Cisco 1231 that I need to make sure this works correctly? Remove the Auth-Type := EAP You don't need certificate on client, but don't check the checkbox for validating the certificate on the client. Or the root.der certificate can be installed for verification. radius.conf - enable and configure module eap. tls within eap, peap and also the mschapv2 (all are in the config after installing the radius. change the default_eap_type to peap in eap section. eap should be in authorization and accounting sections. I think.. It should work. I dont' know what cisco ios needs, i have working with not-ios ciscos yet (aironert 350). P.Z. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TLS problem: Received unexpected tunneled data after successful handshake
Hi! rlm_eap_tls: Received unexpected tunneled data after successful handshake. The conf file is default for the build apart from the location of the certs, and tls is uncommented to enable. I have attempted to run the server as root as ssl can be difficult with permissions. Below is debug output. Any advice or recommendations would be gratefully accepted. Well. I don't really now. Maybe try the demo certificates that are shipped with radius. P.Zibrita - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WinXP and Framed-IP-Address (OT?)
Hi! We need to know who had which ip when connected to AP to backtrack activities on net. Try Arpwatch: http://www.securityfocus.com/tools/142 In some case if the user doesn't use dhcp, arpwatch is a useful tool to map ip address to mac address so it is easier to backtrack activities on the net. Ralf Paffrath Well. Yes. Thanx for info. We are running the arpwatch all the time, but actualy arpwatch only collects changes, new machines and so on. We also collect the arp tables from switches and routers. But still I need to match the data, that if there is some 'intrussion' I need to now that from time x to time y who was logged at ap and with witch IP. But thanx a lot. We can handle this. I was only currious if there is some other option to have the IP's controlled that are assigned to the clients. For example the radius can send an information to dhcp server, that a client with mac should have some ip and so on... P.Zibrita - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Windows XP PEAP and FreeRadius Authorization
Hello! - Original Message - From: Alan DeKok [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I'm trying to get working Windows XP - PEAP - MS-CHAPv2 with freeRadius, but I don't know how to configure it correctly. I have followed the instructions in the radiusd.conf, it's also seems 'working' to me but I don't know now where is the problem (something like mschapv2 - messing with tls?). The wireless client is sending EAP-MS-CHAPv2 *outside* of the TLS tunnel, and then ignoring the servers response. Is there any other windows client to use? Or can you imagine what I have done bad when configuring the xp client? I have turned of any certificate validation, can this be a problem? I don't think there's much you can do on the server to fix a broken client. Also, when I was changing the default_eap_type of eap, and peap, the server was behaving differently. What should be setted here when I want to use eap - peap and mschapv2 ? (this supports the win xp.). Alan DeKok. P.Zibrita - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html