Re: freeradius-1.0.0-pre3 PEAP Issue using windows-XP client
I've the same problem with WinXP. I looked in the eapol.log that the XP didn't receive EAPOL-key within 5 second, that's why after 5 seconds the connection drop. In the Radius log everything is fine (Access-Accept). I tried do PEAP with another AP, and it's working without accounting (just authentication). I don't understand why. What sort of your AP? Please tell me, if you could solve "our" problem. Anyone can help us? Thanks, David - Original Message - From: jzhao To: [EMAIL PROTECTED] Sent: Wednesday, June 23, 2004 11:14 AM Subject: freeradius-1.0.0-pre3 PEAP Issue using windows-XP client Dear all: I have encountered following issue when using windows XP client to do PEAP test. Client side's connection will drop in 5 seconds after passing authentication. The client side prompt that no usable wireless device can be found and the connection drop immediately. Following is my configuration in "eap.conf" and "radiusd.conf" In "eap.conf" file eap { default_eap_type = peap timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no # Supported EAP-types md5 { } leap { } gtc { auth_type = PAP } tls { private_key_password = 123456 private_key_file = /test/server.pem certificate_file = /test/server.pem CA_file = /test/oot.pem dh_file = /test/DH random_file = /test/random fragment_size = 1024 include_length = yes # check_crl = yes # check_cert_cn = %{User-Name} } ttls { default_eap_type = md5 copy_request_to_tunnel = no use_tunneled_reply = no } peap { default_eap_type = mschapv2 } mschapv2 { } } In "radiusd.conf" file authorize { preprocess # auth_log # attr_filter chap mschap # digest # IPASS suffix # ntdomain files # sql # etc_smbpasswd # ldap # daily # checkval } Any one can help me? Thanks Joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
clients.conf
Hi, How should I configure the clients.conf if I would like that each nas, which want to connect to my Radius can do it. Beacuse they have dinamic ip address, so I can't set this in the clients.conf. client 0.0.0.0{ secret= mysecret } any other attributes? Thanks, David
Re: Access Reject
Set the port number 1812... D - Original Message - From: Mahesh S Kudva To: [EMAIL PROTECTED] Sent: Thursday, May 27, 2004 10:52 AM Subject: Access Reject Hi allI am trying the freeradius server version 0.9.3. Everything from compilingto installation went fine. When I giveradtest localhost testing123 127.0.0.1 10 testing123it give a Access reject error.Regards & ThanksMahesh S Kudva- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: eap-tls with XP client and linux client
Hi, I've have the same problem. Why does the Xp client lose the connection when the RAdius server is cleaning up requests? David - Original Message - From: Ulf Jakobsson To: [EMAIL PROTECTED] Sent: Tuesday, May 25, 2004 2:06 PM Subject: eap-tls with XP client and linux client Hi, I have successfully authenticated a linux client (xsupplicant) with an ap running hostapd that talks to a radius server ( FreeRADIUS 0.9.3 debian/unstable) with eap-tls. I have also successfully authenticated an win XP client, but after some 30 seconds the win XP client seems to send a new request and the radius server accepts, then the radius server starts to clean up requests and the win XP client drops its connection and I need to "Connect" the client again. When I see this message the win XP client drops the connection: Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 12 ID 98 with timestamp 40b31cc9 Cleaning up request 13 ID 99 with timestamp 40b31cc9 Cleaning up request 14 ID 100 with timestamp 40b31cc9 Cleaning up request 15 ID 101 with timestamp 40b31cc9 Cleaning up request 16 ID 102 with timestamp 40b31cc9 Cleaning up request 17 ID 103 with timestamp 40b31cc9 How can my linux client work perfectly, but the win XP client not? (well almost not) /Regards Ulf The win XP client has the latest WPA-patch from Mircosoft. I have attached the radius log and the radiusd.conf file. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Peap - domain
hi, Should I write anything in the domain box when I want to connect to the wireless network? I'm using PEAP. ( WinXP, Freeradius CVS snapshot...) David
Re: url redirect+user status
Thanks you help. David - Original Message - From: Michael Markstaller To: [EMAIL PROTECTED] Sent: Tuesday, May 25, 2004 1:38 AM Subject: RE: url redirect+user status > Behalf Of Szabo David > Sent: Sunday, May 23, 2004 5:44 PM > I would like to set a web page that the users who are > authenticated by the Radius server see at first when they > open their web browser. I don't have any idea to do this. Can > anyone help me? this has to be done by your AP/NAS/whatever not freeradius. Although you could supply an attribute telling your AP to where the user should be redirected.. > I have another question. How can I check that the users are > still using the wireless network? I see the login-time. But > I'd like to know the logoff-time if it's possible. again, job of your AP. depends on what your using it should send a stop record or at least Alives' Michael - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem using "Calling-Station-Id...
Dear Stefan, You wrote that Freeradius&MySQL&PEAP works fine at you. In my system after 5 seconds that the authentication was successfull I lost the connection. I've no idea. In the SQL I'm still connected but I'm not really. When the radius is cleaning up the requests I get disconnected. Why? Can you help me? Did I make a mistake in setting up Win? Or Freeradius? Thanks, David Sending Access-Accept of id 128 to 193.226.239.181:3072 Service-Type := Framed-User Framed-Protocol := PPP Framed-Compression := Van-Jacobson-TCP-IP Framed-MTU := 1500 MS-MPPE-Recv-Key = 0x2c4b7b6574809b402070d7c2266dedbfe723d9f714fe81dfd8daf448ec aba7d0 MS-MPPE-Send-Key = 0x906896cee2d24bdaac256ef521e9be499a7defca161b9e5528ef210a7 476fea9 EAP-Message = 0x03080004 Message-Authenticator = 0x User-Name = "fredf" Finished request 8 Going to the next request Waking up in 5 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 120 with timestamp 40b216e1 Cleaning up request 1 ID 121 with timestamp 40b216e1 Cleaning up request 2 ID 122 with timestamp 40b216e1 Cleaning up request 3 ID 123 with timestamp 40b216e1 Cleaning up request 4 ID 124 with timestamp 40b216e1 Cleaning up request 5 ID 125 with timestamp 40b216e1 Cleaning up request 6 ID 126 with timestamp 40b216e1 Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 7 ID 127 with timestamp 40b216e2 Cleaning up request 8 ID 128 with timestamp 40b216e2 Nothing to do. Sleeping until we see a request. - Original Message - From: Stefan Grünbaum To: [EMAIL PROTECTED] Sent: Monday, May 24, 2004 11:20 PM Subject: Problem using "Calling-Station-Id"-Attribute in radcheck Hello, I´m using Freeradius (May,24,2004) with Mysql and PEAP for Authentication of a Wireless-Lan Client. If I only check Username & Password, everything works fine. Now, I want also to check the MAC-Address of this Wireless-Lan Client. Therefore I added the "Calling-Station-Id"-Attribute to the radcheck table. mysql> select * from radcheck; ++--+++--+ | id | UserName | Attribute | op | Value| ++--+++--+ | 1 | canram | User-Password | == | 123123 | | 2 | canram | Calling-Station-Id | == | 000d88522f1f | ++--+++--+ 2 rows in set (0.00 sec) Unfortunatelly, freeradius cannot validate this user anymore. Are there any config-files I have to change? Please see the freeradiusdebug output below. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
url redirect+user status
Helo, I would like to set a web page that the users who are authenticated by the Radius server see at first when they open their web browser. I don't have any idea to do this. Can anyone help me? I have another question. How can I check that the users are still using the wireless network? I see the login-time. But I'd like to know the logoff-time if it's possible. Sorry for my poor English. Thanks, David - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius with EAP/TLS and MAC OS
Hi, Can you describe how did you do that (EAP/TLS+WinXP), because I wasn't able to. What should I set up in WinXP? Do you use certificates? Thanks, David --- Original Message - I had successfully install and configure FreeRadius with EAP/TLS to working with Windows XP client (wireless 802.1x authentication) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
without certificate?
Helo, I'd like to ask something. Am I able to be authenticated by Radius server without certificates using WinXP. How can I log into the wlan network, if my username and password are in a SQL database wich is working with the Radius server. I can't write my username and password to nowhere. Thanks your help! David - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html