Re: Help me with Access-Challenge configuration
Aa Stefan Winter-4, Thanks a lot, now i underspend how to configure my configuration It's what i need to hear! Have a nice day! -- View this message in context: http://freeradius.1045715.n5.nabble.com/Help-me-with-Access-Challenge-configuration-tp4296727p4297576.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help me with Access-Challenge configuration
Hi, > My simple question: > How to configure freeRADIUS server so it replay "access-challenge" message > on "access-request" from a client? Alan's problem with this "simple" question of yours is that it's not just simple, but simplistic. RADIUS can convey *many different* authentication protocols which are all using an Access-Challenge to send challenge data back. The content of the Access-Challenge, and the configuration needed for that specific Access-Challenge, is significantly different. The fact that you ask the question like you did is a strong indication that you don't know about this fact. Please ask a question like How to configure freeRADIUS server so it replies with a CHAP "access-challenge" message on "access-request" from a client? How to configure freeRADIUS server so it replies with a MS-CHAP "access-challenge" message on "access-request" from a client? How to configure freeRADIUS server so it replies with a MS-CHAPv2 "access-challenge" message on "access-request" from a client? How to configure freeRADIUS server so it replies with a EAP-TLS "access-challenge" message on "access-request" from a client? How to configure freeRADIUS server so it replies with a EAP-TTLS "access-challenge" message on "access-request" from a client? How to configure freeRADIUS server so it replies with a PEAP "access-challenge" message on "access-request" from a client? See? You need to be more specific in your question before anyone here can give you an answer. Or better yet, read up on RADIUS, and/or EAP methods, and *then* ask a well-informed question. Greetings, Stefan Winter > -- > View this message in context: > http://freeradius.1045715.n5.nabble.com/Help-me-with-Access-Challenge-configuration-tp4296727p4297493.html > Sent from the FreeRadius - User mailing list archive at Nabble.com. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help me with Access-Challenge configuration
GreenUA wrote: > 1. "If you're debugging a RADIUS client you wrote, then this isn't a > FreeRADIUS question. " > It's freeRADIUS question because i need to configure freeRADIUS server If you know so much more than we do, why are you asking questions on this list? > 2. "> What methods? How i can configure it? > > If you don't know, you don't need Access-Challenges." > > If i don't now how to configure it, i don't need it? In such way why are you > replaying on mails from this forum? Yes. You *don't* configure it. If the authentication method requires Access-Challenge, then the Access-Challenge is automatically generated. If Access-Challenge is not automatically generated, then you don't need it. > Again sorry if my question not correct, and don't worry i'm not writing > RADIUS client. Well, you said you were. > My simple question: > How to configure freeRADIUS server so it replay "access-challenge" message > on "access-request" from a client? My answer (again) is "you don't". If you keep asking the question, then it's clear you don't understand the answer. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help me with Access-Challenge configuration
To Alan DeKok-2 Sorry, for my maybe inconsistent question. I try to explain: 1. "If you're debugging a RADIUS client you wrote, then this isn't a FreeRADIUS question. " It's freeRADIUS question because i need to configure freeRADIUS server 2. "> What methods? How i can configure it? If you don't know, you don't need Access-Challenges." If i don't now how to configure it, i don't need it? In such way why are you replaying on mails from this forum? I want to configure, and i don't know how, that's why i posted my question here. FROM RFC: "If all conditions are met and the RADIUS server wishes to issue a challenge to which the user must respond, the RADIUS server sends an "Access-Challenge" response. It MAY include a text message to be displayed by the client to the user prompting for a response to the challenge, and MAY include a State attribute." But there is noting about: what conditions, "server wishes", etc. 3. "As a hint: people who don't understand the RADIUS protocol shouldn't write RADIUS clients. " Again sorry if my question not correct, and don't worry i'm not writing RADIUS client. My simple question: How to configure freeRADIUS server so it replay "access-challenge" message on "access-request" from a client? -- View this message in context: http://freeradius.1045715.n5.nabble.com/Help-me-with-Access-Challenge-configuration-tp4296727p4297493.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help me with Access-Challenge configuration
GreenUA wrote: > What methods? How i can configure it? If you don't know, you don't need Access-Challenges. > I need to see how my client process challenge response. And i can't generate > that message. If you're debugging a RADIUS client you wrote, then this isn't a FreeRADIUS question. As a hint: people who don't understand the RADIUS protocol shouldn't write RADIUS clients. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help me with Access-Challenge configuration
"Specific authentication methods allow for Access-Challenges. If you're not using one of those methods, you won't get Access-Challenges." What methods? How i can configure it? Maybe my post was not clear enough. "You're trying to solve one problem, but not saying what it is. You've somehow convinced yourself that Access-Challenges are the solution to that problem. So you're asking questions about that instead. What, exactly, is the problem, and why do you think Access-Challenges are the solution? " I'm not trying to configure correct authorization via RADIUS server it's not my main goal. I just want to configure and send back "Access-challenge" message to the client side. I need to see how my client process challenge response. And i can't generate that message. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Help-me-with-Access-Challenge-configuration-tp4296727p4297457.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help me with Access-Challenge configuration
GreenUA wrote: > In my configuration RADIUS checks login and password, so it returns > "Access-accept" or "Access-reject". That's what a RADIUS server does. Specific authentication methods allow for Access-Challenges. If you're not using one of those methods, you won't get Access-Challenges. You're trying to solve one problem, but not saying what it is. You've somehow convinced yourself that Access-Challenges are the solution to that problem. So you're asking questions about that instead. What, exactly, is the problem, and why do you think Access-Challenges are the solution? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help me with Access-Challenge configuration
OK guys ) Ha Ha i know about "windows must die..." but i can't do nothing with that. Give me examples for Linux... what files i need to configure, maybe i should use another "Auth-Type" or something else... Thanks to Alexander Clouter for FAQ links, but this is debugging and it will be useful if configuration exist and you don't know why it doesn't work. My question was how to "say" RADIUS server send "Access-Challenge" for client "Access-request" In my configuration RADIUS checks login and password, so it returns "Access-accept" or "Access-reject". -- View this message in context: http://freeradius.1045715.n5.nabble.com/Help-me-with-Access-Challenge-configuration-tp4296727p4297438.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help me with Access-Challenge configuration
Arran Cudbard-Bell wrote: > > On Apr 11, 2011, at 1:40 PM, Alexander Clouter wrote: > >> GreenUA wrote: >>> >>> I reviewed RFC and FAQ, but i can't fined sane info about >>> configuration of freeRADIUS server (on Windows) to send >>> access-challenge message on access-request. >>> >> ...because running FreeRADIUS is not a sane thing to do. > > Shouldn't that be running Windows is not a sane thing to do? :P > Bah, and it would have looked so awesome if I didn't screw it up. *ahem* ...because running FreeRADIUS on Windows is not a sane thing to do. Cheers -- Alexander Clouter .sigmonster says: Some restrictions may apply. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help me with Access-Challenge configuration
On Apr 11, 2011, at 1:40 PM, Alexander Clouter wrote: > GreenUA wrote: >> >> I reviewed RFC and FAQ, but i can't fined sane info about >> configuration of freeRADIUS server (on Windows) to send >> access-challenge message on access-request. >> > ...because running FreeRADIUS is not a sane thing to do. Shouldn't that be running Windows is not a sane thing to do? :P - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help me with Access-Challenge configuration
GreenUA wrote: > > I reviewed RFC and FAQ, but i can't fined sane info about > configuration of freeRADIUS server (on Windows) to send > access-challenge message on access-request. > ...because running FreeRADIUS is not a sane thing to do. > My configuration is (users.conf): > > [snipped AWOL radiusd.conf file] > > Guys pls help me with the answer or if it's possible give me some link > or manual in which i can fined the answer. > The best links on FreeRADIUS can be found at: http://wiki.freeradius.org/index.php/FAQ#Debugging_it_yourself http://wiki.freeradius.org/index.php/FAQ#It_still_doesn.27t_work.21 Cheers -- Alexander Clouter .sigmonster says: Check your local listings. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
