Re: EAP-TTLS PAP Mysql problems
And the problem is? Your request gets accepted and you do return VLAN attributes. Ivan Kalik Kalik Informatika ISP Dana 24/6/2007, emmcosta [EMAIL PROTECTED] piše: [EMAIL PROTECTED] wrote: Hi, See in attach naslist, clients.conf and radius -xx log. you dont have 127.0.0.1 in your clients.conf alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html I already add 127.0.0.1 im my clients.conf but I continue with the problem. -- /emmc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TTLS PAP Mysql problems
[EMAIL PROTECTED] wrote: And the problem is? Your request gets accepted and you do return VLAN attributes. Ivan Kalik Kalik Informatika ISP Dana 24/6/2007, emmcosta [EMAIL PROTECTED] piše: [EMAIL PROTECTED] wrote: Hi, See in attach naslist, clients.conf and radius -xx log. you dont have 127.0.0.1 in your clients.conf alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html I already add 127.0.0.1 im my clients.conf but I continue with the problem. -- /emmc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html I think that I know which is the problem, when I change configuration in my Cisco ap 1100 to this: dot11 ssid FONTELONGA vlan 2 authentication open eap eap_methods authentication key-management wpa accounting acct_methods interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 2 mode ciphers tkip ! encryption mode ciphers tkip ! ssid FONTELONGA The authentication fail, but if I have change to this: dot11 ssid FONTELONGA vlan 2 authentication open eap eap_methods accounting acct_methods .. interface Dot11Radio0 no ip address no ip route-cache ! encryption mode wep optional ! encryption vlan 2 mode wep mandatory ! ssid FONTELONGA the authentication is sucessefull. Can you help-me, my Cisco Ap 1100 IOS version is 12.3(8)JA2. -- /emmc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TTLS PAP Mysql problems
Can you post the radius debug from the failed attempt. Ivan Kalik Kalik Informatika ISP Dana 24/6/2007, emmcosta [EMAIL PROTECTED] piše: [EMAIL PROTECTED] wrote: And the problem is? Your request gets accepted and you do return VLAN attributes. Ivan Kalik Kalik Informatika ISP Dana 24/6/2007, emmcosta [EMAIL PROTECTED] piše: [EMAIL PROTECTED] wrote: Hi, See in attach naslist, clients.conf and radius -xx log. you dont have 127.0.0.1 in your clients.conf alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html I already add 127.0.0.1 im my clients.conf but I continue with the problem. -- /emmc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html I think that I know which is the problem, when I change configuration in my Cisco ap 1100 to this: . dot11 ssid FONTELONGA vlan 2 authentication open eap eap_methods authentication key-management wpa accounting acct_methods interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 2 mode ciphers tkip ! encryption mode ciphers tkip ! ssid FONTELONGA . The authentication fail, but if I have change to this: . dot11 ssid FONTELONGA vlan 2 authentication open eap eap_methods accounting acct_methods ... interface Dot11Radio0 no ip address no ip route-cache ! encryption mode wep optional ! encryption vlan 2 mode wep mandatory ! ssid FONTELONGA . the authentication is sucessefull. Can you help-me, my Cisco Ap 1100 IOS version is 12.3(8)JA2. -- /emmc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TTLS PAP Mysql problems
In what way is this not OK? RADIUS works. Do debug on your NAS to see why is connection not established. Ivan Kalik Kalik Informatika ISP Dana 24/6/2007, emmcosta [EMAIL PROTECTED] piše: [EMAIL PROTECTED] wrote: Can you post the radius debug from the failed attempt. Ivan Kalik Kalik Informatika ISP Dana 24/6/2007, emmcosta [EMAIL PROTECTED] piše: [EMAIL PROTECTED] wrote: And the problem is? Your request gets accepted and you do return VLAN attributes. Ivan Kalik Kalik Informatika ISP Dana 24/6/2007, emmcosta [EMAIL PROTECTED] piše: [EMAIL PROTECTED] wrote: Hi, See in attach naslist, clients.conf and radius -xx log. you dont have 127.0.0.1 in your clients.conf alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html I already add 127.0.0.1 im my clients.conf but I continue with the problem. -- /emmc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html I think that I know which is the problem, when I change configuration in my Cisco ap 1100 to this: . dot11 ssid FONTELONGA vlan 2 authentication open eap eap_methods authentication key-management wpa accounting acct_methods interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 2 mode ciphers tkip ! encryption mode ciphers tkip ! ssid FONTELONGA . The authentication fail, but if I have change to this: . dot11 ssid FONTELONGA vlan 2 authentication open eap eap_methods accounting acct_methods ... interface Dot11Radio0 no ip address no ip route-cache ! encryption mode wep optional ! encryption vlan 2 mode wep mandatory ! ssid FONTELONGA . the authentication is sucessefull. Can you help-me, my Cisco Ap 1100 IOS version is 12.3(8)JA2. -- /emmc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- /emmc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TTLS PAP Mysql problems
Hi, See in attach naslist, clients.conf and radius -xx log. you dont have 127.0.0.1 in your clients.conf alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TTLS PAP Mysql problems
What it is that I need put in mysql and my configuration, for before I obtain good authentication return: Tunnel-Type, Tunnel-Medium-Type and Tunnel-Private-Group-ID for the client make a dhclient in vlan I return? Put the appropriate attributes for VLAN assignment into the radreply table for the user in question. Chances are that you also need to set the option use_tunneled_reply = yes in eap.conf. Greetings, Stefan Winter -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 pgpUoOZOVIMvP.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TTLS PAP Mysql problems
Stefan Winter wrote: What it is that I need put in mysql and my configuration, for before I obtain good authentication return: Tunnel-Type, Tunnel-Medium-Type and Tunnel-Private-Group-ID for the client make a dhclient in vlan I return? Put the appropriate attributes for VLAN assignment into the radreply table for the user in question. Chances are that you also need to set the option use_tunneled_reply = yes in eap.conf. Greetings, Stefan Winter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html I already put appropriate attributes for VLAN assignment into the radreply table, but I think I have a problem with authentication because log this lines: Wed Jun 20 19:46:47 2007 : Error: Trying to look up name of unknown client 127.0.0.1. Wed Jun 20 19:46:47 2007 : Auth: Login OK: [teste/secret] (from client UNKNOWN-CLIENT port 327 cli 0040.96a2.24f3) Wed Jun 20 19:46:47 2007 : Auth: Login OK: [teste/no User-Password attribute] (from client ap2 port 327 cli 0040.96a2.24f3) but if I use cli with command radtest authentication is sucessefull and receive reply attributes. I'm to use a Cisco ap1100 configurated with wpa-tkip and for client use a pc with windows XP with supplicant securew2 configured with eap-ttls pap. Can help-me? -- /emmc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TTLS PAP Mysql problems
Hi, Wed Jun 20 19:46:47 2007 : Error: Trying to look up name of unknown client 127.0.0.1. Wed Jun 20 19:46:47 2007 : Auth: Login OK: [teste/secret] (from client UNKNOWN-CLIENT port 327 cli 0040.96a2.24f3) Wed Jun 20 19:46:47 2007 : Auth: Login OK: [teste/no User-Password attribute] (from client ap2 port 327 cli 0040.96a2.24f3) but if I use cli with command radtest authentication is sucessefull and receive reply attributes. I'm to use a Cisco ap1100 configurated with wpa-tkip and for client use a pc with windows XP with supplicant securew2 configured with eap-ttls pap. send us you naslist table and clients.conf alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: EAP-TTLS PAP Mysql problems
You need to post the debug (radiusd -X) output. Whole thing. Ivan Kalik Kalik Informatika ISP -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of emmcosta Sent: 21 June 2007 20:22 To: FreeRadius users mailing list Subject: Re: EAP-TTLS PAP Mysql problems Stefan Winter wrote: What it is that I need put in mysql and my configuration, for before I obtain good authentication return: Tunnel-Type, Tunnel-Medium-Type and Tunnel-Private-Group-ID for the client make a dhclient in vlan I return? Put the appropriate attributes for VLAN assignment into the radreply table for the user in question. Chances are that you also need to set the option use_tunneled_reply = yes in eap.conf. Greetings, Stefan Winter _ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html I already put appropriate attributes for VLAN assignment into the radreply table, but I think I have a problem with authentication because log this lines: Wed Jun 20 19:46:47 2007 : Error: Trying to look up name of unknown client 127.0.0.1. Wed Jun 20 19:46:47 2007 : Auth: Login OK: [teste/secret] (from client UNKNOWN-CLIENT port 327 cli 0040.96a2.24f3) Wed Jun 20 19:46:47 2007 : Auth: Login OK: [teste/no User-Password attribute] (from client ap2 port 327 cli 0040.96a2.24f3) but if I use cli with command radtest authentication is sucessefull and receive reply attributes. I'm to use a Cisco ap1100 configurated with wpa-tkip and for client use a pc with windows XP with supplicant securew2 configured with eap-ttls pap. Can help-me? -- /emmc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-TTLS PAP Mysql problems
Hi everyone,
I already configured my freeradius with eap-ttls pap with
authentication on mysql. I obtain authentication, but logs some lines:
Wed Jun 20 19:46:47 2007 : Error: Trying to look up name of unknown
client 127.0.0.1.
Wed Jun 20 19:46:47 2007 : Auth: Login OK: [teste/secret] (from client
UNKNOWN-CLIENT port 327 cli 0040.96a2.24f3)
Wed Jun 20 19:46:47 2007 : Auth: Login OK: [teste/no User-Password
attribute] (from client ap2 port 327 cli 0040.96a2.24f3)
My radiusd.conf:
authorize {
preprocess
sql
pap
}
authenticate{
Auth-Type PAP {
pap
}
eap
}
..
My eap.conf:
eap{
default_eap_type = ttls
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = yes
gtc {
auth_type = PAP
}
tls {
private_key_password = whatever
private_key_file = ${raddbdir}/certs/cert-srv.pem
certificate_file = ${raddbdir}/certs/cert-srv.pem
CA_file = ${raddbdir}/certs/demoCA/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
}
ttls {
default_eap_type = gtc
copy_request_to_tunnel = yes
use_tunneled_reply = yes
}
}
What it is that I need put in mysql and my configuration, for before I
obtain good authentication return: Tunnel-Type, Tunnel-Medium-Type and
Tunnel-Private-Group-ID for the client make a dhclient in vlan I return?
Best Regards
--
/emmc
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
