Re: FreeRadius EAP-TLS quesiton

2005-08-10 Thread Kris Benson 
FreeRadius users mailing list freeradius-users@lists.freeradius.org on
August 9, 2005 at 19:03 -0800 wrote:
Kris,
Thanks for your help. 

Do you think that (1) and (2) in my previous message could be the 
reason that freeradius will not authenticate the client?

No, not now.  Judging from the message you send OOB, it's an issue with
the OpenSSL libraries.  In fact, if gcc and openssl can't find them,
support for TLS (and any other public-key based method) is likely not even
compiled into your freeradius binary.

Fix the library problem, then generate your dh and random files.  If those
work, try radius... if it still doesn't work, make sure the rlm_eap_tls
module is compiled and installed.  If not, recompile freeradius and check
again.

-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius EAP-TLS quesiton

2005-08-09 Thread Hamid Salim 
Kris,
Thanks for your help. 

Do you think that (1) and (2) in my previous message could be the 
reason that freeradius will not authenticate the client?

thanks again.


[EMAIL PROTECTED] wrote:


Send Freeradius-Users mailing list submissions to
   freeradius-users@lists.freeradius.org

To subscribe or unsubscribe via the World Wide Web, visit
   http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
   [EMAIL PROTECTED]

You can reach the person managing the list at
   [EMAIL PROTECTED]

When replying, please edit your Subject line so it is more specific
than Re: Contents of Freeradius-Users digest...


Today's Topics:

   1. FreeRadius EAP-TLS quesitons (Hamid Salim)
   2. Re: problem with using rlm_sql for accounting only (John Donagher)
   3. Re: problem with using rlm_sql for accounting only (John Donagher)
   4. Re: FreeRadius EAP-TLS quesitons (Kris Benson)
   5. sql.conf (update query) (Michel B?langer)
   6. Re: problem with using rlm_sql for accounting only  (Alan DeKok)
   7. Hi. Windows RADIUS server died. (Derrick MacPherson)
   8. Re: Hi. Windows RADIUS server died.  (Alan DeKok)
   9. Re: Hi. Windows RADIUS server died. (Derrick MacPherson)
  10. Re: how to return multiple attributes from ldap? (kevin)


--

Message: 1
Date: Tue, 9 Aug 2005 13:54:52 -0400 (EDT)
From: Hamid Salim [EMAIL PROTECTED]
Subject: FreeRadius EAP-TLS quesitons
To: freeradius-users@lists.freeradius.org
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=UTF-8

Hello,
Two part question:
1. Is it critical to have certificates, dh and random files in 
etc/raddb/certs directory for eap-tls to work.
2. Is it ok to generate random file as date  random

thanks a lot.
Hamid.


--

Message: 2
Date: Tue, 09 Aug 2005 13:55:45 -0400
From: John Donagher [EMAIL PROTECTED]
Subject: Re: problem with using rlm_sql for accounting only
To: FreeRadius users mailing list
   freeradius-users@lists.freeradius.org
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain

On Tue, 2005-08-09 at 00:01 +0200, Nicolas Baradakis wrote:
 John Donagher wrote:
 
  If the SQL server is inaccessible (i.e. down, or locked), freeradius
  rejects all radius requests. In my case, since the SQL database is 
being
  used only for accounting, this is not desired behavior.
 
 The link below explains how to control the flow of modules in 
FreeRADIUS.
 http://www.freeradius.org/radiusd/doc/configurable_failover
 
 There is an example which looks like what you want to do for 
accounting.
 

Thanks, that was exactly what I was looking for!

John




--

Message: 3
Date: Tue, 09 Aug 2005 14:01:11 -0400
From: John Donagher [EMAIL PROTECTED]
Subject: Re: problem with using rlm_sql for accounting only
To: FreeRadius users mailing list
   freeradius-users@lists.freeradius.org
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain

On Mon, 2005-08-08 at 18:09 -0400, Alan DeKok wrote:
 John Donagher [EMAIL PROTECTED] wrote:
  If the SQL server is inaccessible (i.e. down, or locked), freeradius
  rejects all radius requests. In my case, since the SQL database is 
being
  used only for accounting, this is not desired behavior.
 
   See the log messages.
 
   What's probably happening is that all of the threads are blocked,
 waiting for SQl to respond.  Therefore, there are no threads ready to
 service authentication requests, and they get discarded.
 
   The solution is to fix the SQL server so it doesn't go down.  If
 it's a critical part of your infrastructure, I'm a little unsure as to
 why it would go down, or lock FreeRADIUS out for many seconds at a
 time.

Indeed.. under normal circumstances it wouldn't go down. My issue is
that the SQL server is not a critical part of our infrastructure and I
don't want it to be (at this point anyway). I'm using it for accounting
trend reporting only.. in any event, Nicolas' suggestion was right on
and works like a charm. 

Thanks
John




--

Message: 4
Date: Tue, 09 Aug 2005 11:18:10 -0700
From: Kris Benson [EMAIL PROTECTED]
Subject: Re: FreeRadius EAP-TLS quesitons
To: FreeRadius users mailing list
   freeradius-users@lists.freeradius.org
Cc: freeradius-users@lists.freeradius.org
Message-ID:
   [EMAIL PROTECTED]
Content-Type: text/plain; charset=ISO-8859-1

FreeRadius users mailing list freeradius-users@lists.freeradius.org on
August 9, 2005 at 10:54 -0800 wrote:
Hello,
Two part question:
1. Is it critical to have certificates, dh and random files in 
etc/raddb/certs directory for eap-tls to work.
2. Is it ok to generate random file as date  random

1. Yes, sort of.  You can put it in a different directory if you change
the eap.conf entries.

2. No. This is the correct way:

To generate the dh file you can use a function that comes with openssl

openssl dhparam -check