Re: Users-file, PEAP and cleartext passwords
Alan DeKok wrote: > Vidar Stokke <[EMAIL PROTECTED]>wrote: > >>My users file entry looks like this: >> >>myuser NT-Password == "C275AA106060E0D793DD673EC6620090" > > > Try := > > Alan DeKok. > Thanx a lot, Alan. That worked great. regards Vidar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Users-file, PEAP and cleartext passwords
Hi. I've been looking around and I can't seem to find a solution to my problem. My problem is that when I try to connect to a dot1x-network using EAP/PEAP on a win-xp-client, I can't use a users-file with encrypted passwords. I've tried to use the NT-Password attribute and smbencrypt, but the radius-server reports: modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 6 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for stokke with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 6 My users file entry looks like this: myuser NT-Password == "C275AA106060E0D793DD673EC6620090" myuser2 User-Password == "cleartextpw" myuser2 works ok, but not myuser. Surely hope someone can help me out here. regards Vidar Stokke - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ttls/md5 configuration problem
[EMAIL PROTECTED] wrote: Hello, I'm using eap/ttls with md5 to authenticate a Windows XP client (secureW2), but I have a problem with configuration. I've uncommented tls and ttls modules. In eap.conf, in the ttls module i type : default_eap_type := md5 In users : "test" Auth-Type := Local, User-Password == "mypassword" but when I type radiusd -X : auth : No User-Password or CHAP Password in the attribute request auth : failed to validate the user I need some help, thanks I had the same problem and changed my entry in users to: "test" User-Password == "password" As you can see, no Auth-Type. Regards Vidar Stokke - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TTLS
Vidar Stokke wrote: Alan DeKok wrote: Vidar Stokke <[EMAIL PROTECTED]> wrote: I'm having some trouble with freeradius-1.0.0-pre3 and TTLS. ... rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal access_denied TLS Alert read:fatal:access denied That's a problem. Does the server have permissions to read the certificates? Yeah it has. Maybe it's the way my certificates are generated? I did not get the certs.sh to work, but I'll try some more. Hi. FYI: I regenerated my certificates and then things workes fine now. Regards Vidar Stokke - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TTLS
Alan DeKok wrote: Vidar Stokke <[EMAIL PROTECTED]> wrote: I'm having some trouble with freeradius-1.0.0-pre3 and TTLS. ... rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal access_denied TLS Alert read:fatal:access denied That's a problem. Does the server have permissions to read the certificates? Yeah it has. Maybe it's the way my certificates are generated? I did not get the certs.sh to work, but I'll try some more. I've tested this with a Cisco 1200AP and Cisco 2950. Both created the same problem. The AP's aren't the problem. They just pass EAP traffic back & forth. Which wireless supplicant are you using? I'm currently testing with Windows XP SP1. Regards Vidar Stokke - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-TTLS
Hi.
I'm having some trouble with freeradius-1.0.0-pre3 and TTLS.
The problem is this:
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal access_denied
TLS Alert read:fatal:access denied
rlm_eap_peap: No data inside of the tunnel.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 9
modcall: group authenticate returns invalid for request 9
auth: Failed to validate the user.
This is my eap.conf:
eap {
default_eap_type = md5
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
md5 {
}
leap {
}
gtc {
auth_type = PAP
}
tls {
private_key_password = pass
private_key_file = ${raddbdir}/certs/privkey.pem
certificate_file = ${raddbdir}/certs/cacert.pem
CA_file = ${raddbdir}/certs/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
fragment_size = 1024
include_length = yes
}
ttls {
default_eap_type = md5
copy_request_to_tunnel = yes
use_tunneled_reply = yes
}
peap {
default_eap_type = mschapv2
}
mschapv2 {
}
}
I've tested this with a Cisco 1200AP and Cisco 2950. Both created the
same problem.
Anyone able to help me?
Regards
Vidar Stokke
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
