Re: freeradius-1.0.0-pre3 PEAP Issue using windows-XP client

2004-06-24 Thread Szabo David 
I've the same problem with WinXP. I looked in the eapol.log that the  XP
didn't receive EAPOL-key within 5 second, that's why after 5 seconds the
connection drop. In the Radius log everything is fine (Access-Accept). I
tried do PEAP with another AP, and it's working without accounting (just
authentication). I don't understand why.
What sort of your AP?
Please tell me, if you could solve "our" problem.
Anyone can help us?

Thanks,

David

- Original Message -
From: jzhao
To: [EMAIL PROTECTED]
Sent: Wednesday, June 23, 2004 11:14 AM
Subject: freeradius-1.0.0-pre3 PEAP Issue using windows-XP client


Dear all:
I have encountered following issue when using windows XP
client to do PEAP test.
Client side's connection will drop in 5 seconds after passing
authentication. The client side
prompt that no usable wireless device can be found and the connection drop
immediately.
Following is my configuration in "eap.conf" and
"radiusd.conf"

In "eap.conf" file
eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no

# Supported EAP-types
md5 {
}
leap {
}
gtc {
auth_type = PAP
}
tls {
private_key_password = 123456
private_key_file = /test/server.pem
certificate_file = /test/server.pem
CA_file = /test/oot.pem
dh_file = /test/DH
random_file = /test/random
fragment_size = 1024
include_length = yes
#   check_crl = yes
   #   check_cert_cn = %{User-Name}
}
ttls {
default_eap_type = md5
copy_request_to_tunnel = no
use_tunneled_reply = no
}
peap {
default_eap_type = mschapv2
}
mschapv2 {
}
}

In "radiusd.conf" file
authorize {
preprocess
#   auth_log
#   attr_filter
chap
mschap
#   digest
#   IPASS
suffix
#   ntdomain
files
#   sql
#   etc_smbpasswd
#   ldap
#   daily
#   checkval
}
Any one can help me?
Thanks
Joe




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

clients.conf

2004-05-27 Thread Szabo David 



Hi, 
 
How should I configure the clients.conf if I would 
like that each nas, which want to connect to my Radius can do it. 
Beacuse they have dinamic ip address, so I can't 
set this in the clients.conf. 
 
client 0.0.0.0{
secret= mysecret } any other attributes? 

 
Thanks, 
 
David

Re: Access Reject

2004-05-27 Thread Szabo David 



Set the port number 1812...
 
D

  - Original Message - 
  From: 
  Mahesh S Kudva 
  To: [EMAIL PROTECTED] 
  
  Sent: Thursday, May 27, 2004 10:52 
  AM
  Subject: Access Reject
  Hi allI am trying the freeradius server version 0.9.3. 
  Everything from compilingto installation went fine. When I 
  giveradtest localhost testing123 127.0.0.1 10 testing123it 
  give a Access reject error.Regards & 
  ThanksMahesh S Kudva- List 
  info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: eap-tls with XP client and linux client

2004-05-25 Thread Szabo David 
Hi,

I've have the same problem.
Why does the Xp client lose the connection when the RAdius server is
cleaning up requests?

David

- Original Message -
From: Ulf Jakobsson
To: [EMAIL PROTECTED]
Sent: Tuesday, May 25, 2004 2:06 PM
Subject: eap-tls with XP client and linux client


Hi,

I have successfully authenticated a linux client (xsupplicant) with an
ap running hostapd that talks to a radius server ( FreeRADIUS  0.9.3
debian/unstable) with eap-tls.

I have also successfully authenticated an win XP client, but after some
30 seconds the win XP client seems to send a new request and the radius
server accepts, then the radius server starts to clean up requests and
the win XP client drops its connection and I need to "Connect" the
client again.

When I see this message the win XP client drops the connection:

Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 12 ID 98 with timestamp 40b31cc9
Cleaning up request 13 ID 99 with timestamp 40b31cc9
Cleaning up request 14 ID 100 with timestamp 40b31cc9
Cleaning up request 15 ID 101 with timestamp 40b31cc9
Cleaning up request 16 ID 102 with timestamp 40b31cc9
Cleaning up request 17 ID 103 with timestamp 40b31cc9


How can my linux client work perfectly, but the win XP client not? (well
almost not)

/Regards Ulf

The win XP client has the latest WPA-patch from Mircosoft.
I have attached the radius log and the radiusd.conf file.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Peap - domain

2004-05-25 Thread Szabo David 



hi, 
 
Should I write anything in the domain box when I 
want to connect to the wireless network? I'm using PEAP. ( WinXP, Freeradius CVS 
snapshot...)
David

Re: url redirect+user status

2004-05-24 Thread Szabo David 
Thanks you help.

David
- Original Message -
From: Michael Markstaller
To: [EMAIL PROTECTED]
Sent: Tuesday, May 25, 2004 1:38 AM
Subject: RE: url redirect+user status


> Behalf Of Szabo David
> Sent: Sunday, May 23, 2004 5:44 PM

> I would like to set a web page that the users who are
> authenticated by the Radius server see at first when they
> open their web browser. I don't have any idea to do this. Can
> anyone help me?
this has to be done by your AP/NAS/whatever not freeradius. Although you
could supply an attribute telling your AP to where the user should be
redirected..

> I have another question. How can I check that the users are
> still using the wireless network? I see the login-time. But
> I'd like to know the logoff-time if it's possible.
again, job of your AP. depends on what your using it should send a stop
record or at least Alives'


Michael

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem using "Calling-Station-Id...

2004-05-24 Thread Szabo David 
Dear Stefan,

You wrote that Freeradius&MySQL&PEAP works fine at you.
In my system after 5 seconds that the authentication was successfull I lost
the connection. I've no idea.
In the SQL I'm still connected but I'm not really.
When the radius is cleaning up the requests I get disconnected. Why? Can you
help me?

Did I make a mistake in setting up Win? Or Freeradius?

Thanks,
David



Sending Access-Accept of id 128 to 193.226.239.181:3072
Service-Type := Framed-User
Framed-Protocol := PPP
Framed-Compression := Van-Jacobson-TCP-IP
Framed-MTU := 1500
MS-MPPE-Recv-Key =
0x2c4b7b6574809b402070d7c2266dedbfe723d9f714fe81dfd8daf448ec
aba7d0
MS-MPPE-Send-Key =
0x906896cee2d24bdaac256ef521e9be499a7defca161b9e5528ef210a7
476fea9
EAP-Message = 0x03080004
Message-Authenticator =
0x
User-Name = "fredf"
Finished request 8
Going to the next request
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 120 with timestamp 40b216e1
Cleaning up request 1 ID 121 with timestamp 40b216e1
Cleaning up request 2 ID 122 with timestamp 40b216e1
Cleaning up request 3 ID 123 with timestamp 40b216e1
Cleaning up request 4 ID 124 with timestamp 40b216e1
Cleaning up request 5 ID 125 with timestamp 40b216e1
Cleaning up request 6 ID 126 with timestamp 40b216e1
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 7 ID 127 with timestamp 40b216e2
Cleaning up request 8 ID 128 with timestamp 40b216e2
Nothing to do.  Sleeping until we see a request.


- Original Message -
From: Stefan Grünbaum
To: [EMAIL PROTECTED]
Sent: Monday, May 24, 2004 11:20 PM
Subject: Problem using "Calling-Station-Id"-Attribute in radcheck


Hello,

I´m using Freeradius (May,24,2004) with Mysql and PEAP for
Authentication of a Wireless-Lan Client.
If I only check Username & Password, everything works fine.

Now, I want also to check the MAC-Address of this Wireless-Lan Client.
Therefore I added the "Calling-Station-Id"-Attribute to the radcheck
table.


mysql> select * from radcheck;
++--+++--+
| id | UserName | Attribute  | op | Value|
++--+++--+
|  1 | canram   | User-Password  | == | 123123   |
|  2 | canram   | Calling-Station-Id | == | 000d88522f1f |
++--+++--+
2 rows in set (0.00 sec)


Unfortunatelly, freeradius cannot validate this user anymore. Are there
any config-files I have to change? Please see the freeradiusdebug output
below.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

url redirect+user status

2004-05-23 Thread Szabo David 
Helo,

I would like to set a web page that the users who are authenticated by the
Radius server see at first when they open their web browser. I don't have
any idea to do this. Can anyone help me?

I have another question. How can I check that the users are still using the
wireless network? I see the login-time. But I'd like to know the logoff-time
if it's possible.

Sorry for my poor English.
Thanks,

David


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius with EAP/TLS and MAC OS

2004-05-21 Thread Szabo David 
Hi,

Can you describe how did you do that (EAP/TLS+WinXP), because I wasn't able
to. What should I set up in WinXP? Do you use certificates?
Thanks,

David

--- Original Message -
I had successfully install and configure FreeRadius with EAP/TLS to
working with Windows XP client (wireless 802.1x authentication)




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

without certificate?

2004-05-20 Thread Szabo David 

Helo,

I'd like to ask something.

Am I able to be authenticated by Radius server without certificates using
WinXP. How can I log into the wlan network, if my username and password are
in a SQL database wich is working with the Radius server.
I can't write my username and password to nowhere.

Thanks your help!

David


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html