Re: The story of PAP, CHAP and the blank password
Thanks Nick, will have a look . Ken if you crack it please share the doc. Cheers, Neo On Thu, Mar 17, 2011 at 12:45 AM, Nick Owen wrote: > In Wed, Mar 16, 2011 at 10:21 AM, Kenneth Marshall wrote: >> On Wed, Mar 16, 2011 at 06:19:08PM +0530, pradyumna dash wrote: >>> Hi, >>> >>> Need a doc/pointer on FreeRadius+OpenLDAP+Mobile-OTP configuration, I >>> would be implementing this in a SuSE server. >>> >>> Can any one help me how to do it? >>> >>> Regards, >>> Neo >> >> I thought there was a link to a how-to for this on the mobile-otp >> website. I am getting ready to do it here as well with Redhat. > > Here's one that I did for WiKID one-time password system. I bet that > the first half on openldap and freeradius would be exactly the same: > > http://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-add-two-factor-authentication-to-openldap-and-freeradius/?searchterm=freeradius > > HTH, > > Nick > >> >> Cheers, >> Ken >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > > > -- > -- > Nick Owen > WiKID Systems, Inc. > 404.962.8983 > http://www.wikidsystems.com > Commercial/Open Source Two-Factor Authentication > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The story of PAP, CHAP and the blank password
In Wed, Mar 16, 2011 at 10:21 AM, Kenneth Marshall wrote: > On Wed, Mar 16, 2011 at 06:19:08PM +0530, pradyumna dash wrote: >> Hi, >> >> Need a doc/pointer on FreeRadius+OpenLDAP+Mobile-OTP configuration, I >> would be implementing this in a SuSE server. >> >> Can any one help me how to do it? >> >> Regards, >> Neo > > I thought there was a link to a how-to for this on the mobile-otp > website. I am getting ready to do it here as well with Redhat. Here's one that I did for WiKID one-time password system. I bet that the first half on openldap and freeradius would be exactly the same: http://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-add-two-factor-authentication-to-openldap-and-freeradius/?searchterm=freeradius HTH, Nick > > Cheers, > Ken > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- -- Nick Owen WiKID Systems, Inc. 404.962.8983 http://www.wikidsystems.com Commercial/Open Source Two-Factor Authentication - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The story of PAP, CHAP and the blank password
On Wed, Mar 16, 2011 at 06:19:08PM +0530, pradyumna dash wrote: > Hi, > > Need a doc/pointer on FreeRadius+OpenLDAP+Mobile-OTP configuration, I > would be implementing this in a SuSE server. > > Can any one help me how to do it? > > Regards, > Neo I thought there was a link to a how-to for this on the mobile-otp website. I am getting ready to do it here as well with Redhat. Cheers, Ken - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The story of PAP, CHAP and the blank password
Hi, Need a doc/pointer on FreeRadius+OpenLDAP+Mobile-OTP configuration, I would be implementing this in a SuSE server. Can any one help me how to do it? Regards, Neo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The story of PAP, CHAP and the blank password
Thanks for the feedback, We have made contact with the NAS 'provider' and requested they resolve the issue by replacing the string "void" with nothing. As the passed string is the 'cause' of the problem we would rather them fix it than we try and hack around it. If these errors keep persisting we will look into a solution as you suggested like 00121231234:00121231234 or 00121231234: Thanks Wynand On 16/03/2011 13:12, Alan Buxey wrote: Hi, WARNING: Please update your configuration, and remove 'Auth-Type = Local' WARNING: Use the PAP or CHAP modules instead. i'd follow that advice. FR knows what to do when it sees suitable things. anyway, the 'void' is being sent by the NAS - and its being sent CHAP'd too can your kit not do the usual naff thing of sending the CSI as the password so you just have a simple pair 00121231234:00121231234 ? thats whats usually done in these sorts of 'just let them on' environments alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The story of PAP, CHAP and the blank password
Hi, > WARNING: Please update your configuration, and remove 'Auth-Type = Local' > WARNING: Use the PAP or CHAP modules instead. i'd follow that advice. FR knows what to do when it sees suitable things. anyway, the 'void' is being sent by the NAS - and its being sent CHAP'd too can your kit not do the usual naff thing of sending the CSI as the password so you just have a simple pair 00121231234:00121231234 ? thats whats usually done in these sorts of 'just let them on' environments alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
