subject:"Can\?t bring it to work on Centos 5.2..."

Re: Can?t bring it to work on Centos 5.2...

2009-07-03 Thread Ivan Kalik

> My goal:
> Allowing User authentication for iPhone and Macs with user/password
> My current Setup:
> 
> I?ve followed this as far as possible. Only one difference: I did build
> freeradius 1.1.7 from source in the lag of a rpm-package. I?ve
> configured with "./configure --libdir=/usr/lib64". While it only
> complains about some missing oracle odbc and other sql stuff and I don?t
> want to use sql I don?t think that this will cause any problems.
> Added a user, tested it local on the box, no problems.
> When trying to connect from an iPhone or OS X box with usern...@local
> password I can see in the output radiusd -X that radius finds the user
> but doesn?t accept him for some reason. Here is the complete output:

You are using self-signed CA certificate but haven't exported it onto the
client.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Can?t bring it to work on Centos 5.2...

2009-07-03 Thread Mike


Nicolas Goutte schrieb:


Am 03.07.2009 um 12:24 schrieb Mike:


Dear list,
after 4 days of work and lots of google searches I?m really in the 
need for some help!

My Setup:
A Centos 5.2 x86_64 box, running source installations of postfix 2.5.x 
and Dovecot Imap with domain and users stored in mysql, all with tls 
enabled. Edimax AccessPoint 7206PDg

My goal:
Allowing User authentication for iPhone and Macs with user/password
My current Setup:
 



I?ve followed this as far as possible. Only one difference: I did 
build freeradius 1.1.7 from source in the lag of a rpm-package. I?ve 
configured with "./configure --libdir=/usr/lib64". While it only 
complains about some missing oracle odbc and other sql stuff and I 
don?t want to use sql I don?t think that this will cause any problems.



Ok I think I will ask the question, which otherwise will be asked by 
someone else.


If you have compiled from source, is there a reason why you have not 
used any new version (2.1.6), probably to have less work with the 
configuration?


was my first shot. But I had to quit it after I found out that 2.1.6 
seems to require a newer version of openssl. While this openssl 
installation is also used by postfix and dovecot I didn´t want to take 
the risk of side effects when updating the openssl installation. It only 
took 1,5 days to figure out this... I also had this setup at a point 
where the radtest on the local box works but radiusd wasn´t able to find 
the user when it did come over the access point.



Have  a nice day!

Nicolas Goutte


extragroup GmbH - Karlsruhe
Waldstr. 49
76133 Karlsruhe
Germany

Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle
Registergericht: Amtsgericht Münster / HRB: 5624
Steuer Nr.: 337/5903/0421 / UstID: DE 204607841




-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Can?t bring it to work on Centos 5.2...

2009-07-03 Thread Nicolas Goutte



Am 03.07.2009 um 12:24 schrieb Mike:


Dear list,
after 4 days of work and lots of google searches I?m really in the  
need for some help!

My Setup:
A Centos 5.2 x86_64 box, running source installations of postfix  
2.5.x and Dovecot Imap with domain and users stored in mysql, all  
with tls enabled. Edimax AccessPoint 7206PDg

My goal:
Allowing User authentication for iPhone and Macs with user/password
My current Setup:



I?ve followed this as far as possible. Only one difference: I did  
build freeradius 1.1.7 from source in the lag of a rpm-package. I?ve  
configured with "./configure --libdir=/usr/lib64". While it only  
complains about some missing oracle odbc and other sql stuff and I  
don?t want to use sql I don?t think that this will cause any problems.



Ok I think I will ask the question, which otherwise will be asked by  
someone else.


If you have compiled from source, is there a reason why you have not  
used any new version (2.1.6), probably to have less work with the  
configuration?


Have  a nice day!

Nicolas Goutte


extragroup GmbH - Karlsruhe
Waldstr. 49
76133 Karlsruhe
Germany

Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle
Registergericht: Amtsgericht Münster / HRB: 5624
Steuer Nr.: 337/5903/0421 / UstID: DE 204607841




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Can?t bring it to work on Centos 5.2...

2009-07-03 Thread Mike


Dear list,
after 4 days of work and lots of google searches I?m really in the need 
for some help!

My Setup:
A Centos 5.2 x86_64 box, running source installations of postfix 2.5.x 
and Dovecot Imap with domain and users stored in mysql, all with tls 
enabled. Edimax AccessPoint 7206PDg

My goal:
Allowing User authentication for iPhone and Macs with user/password
My current Setup:

I?ve followed this as far as possible. Only one difference: I did build 
freeradius 1.1.7 from source in the lag of a rpm-package. I?ve 
configured with "./configure --libdir=/usr/lib64". While it only 
complains about some missing oracle odbc and other sql stuff and I don?t 
want to use sql I don?t think that this will cause any problems.

Added a user, tested it local on the box, no problems.
When trying to connect from an iPhone or OS X box with usern...@local 
password I can see in the output radiusd -X that radius finds the user 
but doesn?t accept him for some reason. Here is the complete output:


rad_recv: Access-Request packet from host 200.0.0.35:3072, id=111, 
length=183

User-Name = "hein...@local"
NAS-IP-Address = 200.0.0.35
NAS-Port = 0
Called-Station-Id = "001f1f0b642d"
Calling-Station-Id = "001cb35cbaf8"
NAS-Identifier = "Realtek Access Point. 8181"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0212016865696e61747a404c4f43414c
Message-Authenticator = 0xdcc5aaa0f32561169a2a05d747304337
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
  modcall[authorize]: module "preprocess" returns ok for request 5
  modcall[authorize]: module "chap" returns noop for request 5
  modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: Looking up realm "LOCAL" for User-Name = "hein...@local"
rlm_realm: Found realm "LOCAL"
rlm_realm: Adding Stripped-User-Name = "heinatz"
rlm_realm: Proxying request from user heinatz to realm LOCAL
rlm_realm: Adding Realm = "LOCAL"
rlm_realm: Authentication realm is LOCAL.
  modcall[authorize]: module "suffix" returns noop for request 5
  rlm_eap: EAP packet type response id 0 length 18
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry heinatz at line 1
  modcall[authorize]: module "files" returns ok for request 5
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 5
modcall: leaving group authorize (returns updated) for request 5
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 111 to 200.0.0.35 port 3072
EAP-Message = 0x010100061520
Message-Authenticator = 0x
State = 0x3007b9dfcccdaed8744c14b1f8483417
Finished request 5
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 200.0.0.35:3072, id=112, 
length=183

User-Name = "hein...@local"
NAS-IP-Address = 200.0.0.35
NAS-Port = 0
Called-Station-Id = "001f1f0b642d"
Calling-Station-Id = "001cb35cbaf8"
NAS-Identifier = "Realtek Access Point. 8181"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x02010012016865696e61747a404c4f43414c
Message-Authenticator = 0x4ff89acc02de903bb99910a0da6f0be9
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
  modcall[authorize]: module "preprocess" returns ok for request 6
  modcall[authorize]: module "chap" returns noop for request 6
  modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: Looking up realm "LOCAL" for User-Name = "hein...@local"
rlm_realm: Found realm "LOCAL"
rlm_realm: Adding Stripped-User-Name = "heinatz"
rlm_realm: Proxying request from user heinatz to realm LOCAL
rlm_realm: Adding Realm = "LOCAL"
rlm_realm: Authentication realm is LOCAL.
  modcall[authorize]: module "suffix" returns noop for request 6
  rlm_eap: EAP packet type response id 1 length 18
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 6
users

Re: Can?t bring it to work on Centos 5.2...

Re: Can?t bring it to work on Centos 5.2...

Re: Can?t bring it to work on Centos 5.2...

Can?t bring it to work on Centos 5.2...

4 matches

Site Navigation

Mail list logo

Footer information