Re: EAP-TTLS & Kerberos
Hello, Using the above script I was able to get a clean install to contact my kerberos server via 'inner-tunnel' and 802.1x. Unfortunately, Kerberos is reporting that it needs the User-Password attribute. I've modified the script to show that the User-Password is empty in 'inner-tunnel'. As usual, the radtest to localhost works as expected. eap.conf only has eap-default-type set to tls, client.conf has the access point loaded, and 'inner-tunnel' is as above, except that if (!User-Password) {...} is added. All other files are clean reinstall on centos 5. Below is the obligatory Debug -X file. joe Apr 20 14:18:25 2011 : Info: Starting - reading configuration files ... Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/radiusd.conf Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/proxy.conf Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/clients.conf Wed Apr 20 14:18:25 2011 : Debug: including files in directory /etc/raddb/modules/ Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/checkval Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/perl Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/radutmp Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/smbpasswd Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/inner-eap Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/always Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/sradutmp Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/krb5 Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/realm Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/sql_log Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/passwd Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/echo Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/mschap Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/expr Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/pam Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/detail.example.com Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/otp Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/logintime Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/attr_rewrite Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/acct_unique Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/exec Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/unix Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/chap Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/policy Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/counter Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/sqlcounter_expire_on_login Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/detail.log Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/digest Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/files Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/attr_filter Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/ippool Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/pap Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/wimax Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/etc_group Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/linelog Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/cui Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/mac2vlan Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/expiration Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/detail Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/ldap Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/smsotp Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/preprocess Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/modules/mac2ip Wed Apr 20 14:18:25 2011 : Debug: including configuration file /etc/raddb/eap.conf Wed Apr 20 14:
Re: Referencing a redundant-load-balance set within users file
On Fri, Nov 14, 2008 at 05:14:02PM +0100, [EMAIL PROTECTED] wrote: > Change use_tunneled_reply to yes in peap section of eap.conf. Thanks Ivan, This worked. Tod Sandman Sr. Systems Administrator Middleware Development & Integration Rice University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Referencing a redundant-load-balance set within users file
Version: freeradius-2.1.1 I cannot get a redundant-load-balance set to work within a variable expansion in the users file. I added this to the bottom of the instantiate section of radiusd.conf: redundant-load-balance redundant_ldap { ldap1 ldap2 ldap3 } and this to the authorize section of sites-enabled/default: redundant_ldap and I defined the 3 ldap instances in modules/ldap, and this part works fine. But I cannot figure out how to reference redundant_ldap from within the users file. I tried Connect-Info = "%{redundant_ldap:ldap:///dc=rice,dc=edu?riceClass?sub?uid=%u}"; but the debug output shows: WARNING: Unknown module "redundant_ldap" in string expansion "%{redundant_ldap:ldap:///dc=rice,dc=edu?riceClass?sub?uid=%u}"; I attached the start of the debug output. The whole output was over the 100k limit. Tod Sandman Sr. Systems Administrator Middleware Development & Integration Rice University Voice: 713.348.5816 FreeRADIUS Version 2.1.1, for host i686-pc-linux-gnu, built on Oct 16 2008 at 13:34:21 Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/opt/freeradius/radiusd.conf including configuration file /etc/opt/freeradius/proxy.conf including configuration file /etc/opt/freeradius/clients.conf including files in directory /etc/opt/freeradius/modules/ including configuration file /etc/opt/freeradius/modules/expr including configuration file /etc/opt/freeradius/modules/smbpasswd including configuration file /etc/opt/freeradius/modules/unix including configuration file /etc/opt/freeradius/modules/mschap including configuration file /etc/opt/freeradius/modules/preprocess including configuration file /etc/opt/freeradius/modules/always including configuration file /etc/opt/freeradius/modules/echo including configuration file /etc/opt/freeradius/modules/krb5 including configuration file /etc/opt/freeradius/modules/checkval including configuration file /etc/opt/freeradius/modules/passwd including configuration file /etc/opt/freeradius/modules/sql_log including configuration file /etc/opt/freeradius/modules/attr_filter including configuration file /etc/opt/freeradius/modules/pap including configuration file /etc/opt/freeradius/modules/logintime including configuration file /etc/opt/freeradius/modules/perl including configuration file /etc/opt/freeradius/modules/mac2vlan including configuration file /etc/opt/freeradius/modules/pam including configuration file /etc/opt/freeradius/modules/counter including configuration file /etc/opt/freeradius/modules/ippool including configuration file /etc/opt/freeradius/modules/detail.example.com including configuration file /etc/opt/freeradius/modules/files including configuration file /etc/opt/freeradius/modules/chap including configuration file /etc/opt/freeradius/modules/inner-eap including configuration file /etc/opt/freeradius/modules/attr_rewrite including configuration file /etc/opt/freeradius/modules/detail including configuration file /etc/opt/freeradius/modules/digest including configuration file /etc/opt/freeradius/modules/radutmp including configuration file /etc/opt/freeradius/modules/realm including configuration file /etc/opt/freeradius/modules/mac2ip including configuration file /etc/opt/freeradius/modules/ldap including configuration file /etc/opt/freeradius/modules/linelog including configuration file /etc/opt/freeradius/modules/exec including configuration file /etc/opt/freeradius/modules/acct_unique including configuration file /etc/opt/freeradius/modules/etc_group including configuration file /etc/opt/freeradius/modules/sradutmp including configuration file /etc/opt/freeradius/modules/expiration including configuration file /etc/opt/freeradius/modules/policy including configuration file /etc/opt/freeradius/modules/wimax including configuration file /etc/opt/freeradius/modules/detail.log including configuration file /etc/opt/freeradius/eap.conf including configuration file /etc/opt/freeradius/policy.conf including files in directory /etc/opt/freeradius/sites-enabled/ including configuration file /etc/opt/freeradius/sites-enabled/inner-tunnel including configuration file /etc/opt/freeradius/sites-enabled/req.txt including configuration file /etc/opt/freeradius/sites-enabled/default group = radius user = radius including dictionary file /etc/opt/freeradius/dictionary main { prefix = "/usr/site/freeradius-2.1.1" localstatedir = "/var/opt/freeradius" logdir = "/var/opt/freeradius" libdir = "/usr/site/freeradius-2.1.1/lib" radacctdir = "/var/opt/
Unsubscribe
[EMAIL PROTECTED]