Re: EAP-TTLS & Kerberos
Hello,
Using the above script I was able to get a clean install to contact my
kerberos server via 'inner-tunnel' and 802.1x. Unfortunately, Kerberos is
reporting that it needs the User-Password attribute. I've modified the
script to show that the User-Password is empty in 'inner-tunnel'. As usual,
the radtest to localhost works as expected. eap.conf only has
eap-default-type set to tls, client.conf has the access point loaded, and
'inner-tunnel' is as above, except that if (!User-Password) {...} is added.
All other files are clean reinstall on centos 5.
Below is the obligatory Debug -X file.
joe Apr 20 14:18:25 2011 : Info: Starting - reading configuration files ...
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/radiusd.conf
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/proxy.conf
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/clients.conf
Wed Apr 20 14:18:25 2011 : Debug: including files in directory
/etc/raddb/modules/
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/checkval
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/perl
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/radutmp
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/smbpasswd
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/inner-eap
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/always
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/sradutmp
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/krb5
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/realm
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/sql_log
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/passwd
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/echo
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/mschap
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/expr
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/pam
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/detail.example.com
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/otp
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/logintime
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/attr_rewrite
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/acct_unique
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/exec
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/unix
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/chap
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/policy
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/counter
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/sqlcounter_expire_on_login
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/detail.log
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/digest
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/files
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/attr_filter
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/ippool
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/pap
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/wimax
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/etc_group
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/linelog
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/cui
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/mac2vlan
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/expiration
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/detail
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/ldap
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/smsotp
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/preprocess
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/modules/mac2ip
Wed Apr 20 14:18:25 2011 : Debug: including configuration file
/etc/raddb/eap.conf
Wed Apr 20 14:
Re: Referencing a redundant-load-balance set within users file
On Fri, Nov 14, 2008 at 05:14:02PM +0100, [EMAIL PROTECTED] wrote: > Change use_tunneled_reply to yes in peap section of eap.conf. Thanks Ivan, This worked. Tod Sandman Sr. Systems Administrator Middleware Development & Integration Rice University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Referencing a redundant-load-balance set within users file
Version: freeradius-2.1.1
I cannot get a redundant-load-balance set to work within a variable
expansion in the users file.
I added this to the bottom of the instantiate section of radiusd.conf:
redundant-load-balance redundant_ldap {
ldap1
ldap2
ldap3
}
and this to the authorize section of sites-enabled/default:
redundant_ldap
and I defined the 3 ldap instances in modules/ldap, and this part
works fine.
But I cannot figure out how to reference redundant_ldap from within
the users file.
I tried
Connect-Info = "%{redundant_ldap:ldap:///dc=rice,dc=edu?riceClass?sub?uid=%u}";
but the debug output shows:
WARNING: Unknown module "redundant_ldap" in string expansion
"%{redundant_ldap:ldap:///dc=rice,dc=edu?riceClass?sub?uid=%u}";
I attached the start of the debug output. The whole output was over
the 100k limit.
Tod Sandman
Sr. Systems Administrator
Middleware Development & Integration
Rice University
Voice: 713.348.5816
FreeRADIUS Version 2.1.1, for host i686-pc-linux-gnu, built on Oct 16 2008 at
13:34:21
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/opt/freeradius/radiusd.conf
including configuration file /etc/opt/freeradius/proxy.conf
including configuration file /etc/opt/freeradius/clients.conf
including files in directory /etc/opt/freeradius/modules/
including configuration file /etc/opt/freeradius/modules/expr
including configuration file /etc/opt/freeradius/modules/smbpasswd
including configuration file /etc/opt/freeradius/modules/unix
including configuration file /etc/opt/freeradius/modules/mschap
including configuration file /etc/opt/freeradius/modules/preprocess
including configuration file /etc/opt/freeradius/modules/always
including configuration file /etc/opt/freeradius/modules/echo
including configuration file /etc/opt/freeradius/modules/krb5
including configuration file /etc/opt/freeradius/modules/checkval
including configuration file /etc/opt/freeradius/modules/passwd
including configuration file /etc/opt/freeradius/modules/sql_log
including configuration file /etc/opt/freeradius/modules/attr_filter
including configuration file /etc/opt/freeradius/modules/pap
including configuration file /etc/opt/freeradius/modules/logintime
including configuration file /etc/opt/freeradius/modules/perl
including configuration file /etc/opt/freeradius/modules/mac2vlan
including configuration file /etc/opt/freeradius/modules/pam
including configuration file /etc/opt/freeradius/modules/counter
including configuration file /etc/opt/freeradius/modules/ippool
including configuration file /etc/opt/freeradius/modules/detail.example.com
including configuration file /etc/opt/freeradius/modules/files
including configuration file /etc/opt/freeradius/modules/chap
including configuration file /etc/opt/freeradius/modules/inner-eap
including configuration file /etc/opt/freeradius/modules/attr_rewrite
including configuration file /etc/opt/freeradius/modules/detail
including configuration file /etc/opt/freeradius/modules/digest
including configuration file /etc/opt/freeradius/modules/radutmp
including configuration file /etc/opt/freeradius/modules/realm
including configuration file /etc/opt/freeradius/modules/mac2ip
including configuration file /etc/opt/freeradius/modules/ldap
including configuration file /etc/opt/freeradius/modules/linelog
including configuration file /etc/opt/freeradius/modules/exec
including configuration file /etc/opt/freeradius/modules/acct_unique
including configuration file /etc/opt/freeradius/modules/etc_group
including configuration file /etc/opt/freeradius/modules/sradutmp
including configuration file /etc/opt/freeradius/modules/expiration
including configuration file /etc/opt/freeradius/modules/policy
including configuration file /etc/opt/freeradius/modules/wimax
including configuration file /etc/opt/freeradius/modules/detail.log
including configuration file /etc/opt/freeradius/eap.conf
including configuration file /etc/opt/freeradius/policy.conf
including files in directory /etc/opt/freeradius/sites-enabled/
including configuration file /etc/opt/freeradius/sites-enabled/inner-tunnel
including configuration file /etc/opt/freeradius/sites-enabled/req.txt
including configuration file /etc/opt/freeradius/sites-enabled/default
group = radius
user = radius
including dictionary file /etc/opt/freeradius/dictionary
main {
prefix = "/usr/site/freeradius-2.1.1"
localstatedir = "/var/opt/freeradius"
logdir = "/var/opt/freeradius"
libdir = "/usr/site/freeradius-2.1.1/lib"
radacctdir = "/var/opt/
Unsubscribe
[EMAIL PROTECTED]
