Re: XP client can not authenticate in Radius Server - HELP ME PLEASE!!!!!!!!!!!!!

2009-08-25 Thread Hilton Guaraldi 
Hi Buxey,

After generating the certificates the file server.der was not created!
Ca.der ok!!!

What can I do???

Best regards


2009/8/18 Alan Buxey a.l.m.bu...@lboro.ac.uk:
 Hi,

 Hi ALL!!!

 Hi!

 ignore the tutorials.  install latest version from source...ensure
 /usr/local/etc/raddb or /etc/raddb doesnt exist before 'make install'

 thenm run the radiusd server...the first time it will make test
 certs. copy the CA.der server.der to the windows system and install as
 trusted certificates

 I defined users file like:
 guaraldi       Auth-Type := EAP, Cleartext-Password == mudar123

 wrong!

 change to

 guaraldi       Cleartext-Password := mudar123

 now, using the SSID of whatever you chose, and the SSL cert you just trusted
 ...it will.work!


 alan
 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: XP client can not authenticate in Radius Server - HELP ME PLEASE!!!!!!!!!!!!!

2009-08-25 Thread Ivan Kalik 
 Hi Buxey,

 After generating the certificates the file server.der was not created!
 Ca.der ok!!!

 What can I do???

It's server.crt.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: XP client can not authenticate in Radius Server - HELP ME PLEASE!!!!!!!!!!!!!

2009-08-25 Thread Hilton Guaraldi 
OK Kalik,

Thanks!

2009/8/25 Ivan Kalik t...@kalik.net:
 Hi Buxey,

 After generating the certificates the file server.der was not created!
 Ca.der ok!!!

 What can I do???

 It's server.crt.

 Ivan Kalik
 Kalik Informatika ISP

 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: XP client can not authenticate in Radius Server - HELP ME PLEASE!!!!!!!!!!!!!

2009-08-19 Thread Hilton Guaraldi 
Ok!!!

I will do all the changes

As soon as possible my new post.
Guaraldi

2009/8/18 Alan Buxey a.l.m.bu...@lboro.ac.uk:
 Hi,

 Hi ALL!!!

 Hi!

 ignore the tutorials.  install latest version from source...ensure
 /usr/local/etc/raddb or /etc/raddb doesnt exist before 'make install'

 thenm run the radiusd server...the first time it will make test
 certs. copy the CA.der server.der to the windows system and install as
 trusted certificates

 I defined users file like:
 guaraldi       Auth-Type := EAP, Cleartext-Password == mudar123

 wrong!

 change to

 guaraldi       Cleartext-Password := mudar123

 now, using the SSID of whatever you chose, and the SSL cert you just trusted
 ...it will.work!


 alan
 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

XP client can not authenticate in Radius Server - HELP ME PLEASE!!!!!!!!!!!!!

2009-08-18 Thread Hilton Guaraldi 
Hi ALL!!!

I did more then 20 openssl commands in order to issue a CA for tests...
Howto in http://www.linuxjournal.com/node/8095/print and
http://www.linuxjournal.com/node/8151/print. I DID ALL THE COMMANDS!!!

XP client do not authenticate :-(
Do I need users file???
What the correct sintaxe for login guaraldi and password mudar123?

I defined users file like:
guaraldi   Auth-Type := EAP, Cleartext-Password == mudar123


CA defined in OPENSSL!!! Radius server stop displaying can not get
issuer certificate and unknow CA
Server certificate signed!!!
Client certificate defined!!!

XP with cacert.pem and client_cert.p12 I did not use ca.der 

XP Config with EAP to Smartcard or other certificates TLS and so on...

AP with WPA/TKIP with 802.1x to 192.168.0.254 port 1812. OK!!! It works...


Why XP do not authenticate with radius???

Guaraldi
Ready to process requests.
Threads: total/active/spare threads = 5/0/5
Waking up in 0.9 seconds.
Thread 1 got semaphore
Thread 1 handling request 0, (1 handled so far)
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] 	expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d - /var/log/radius/radacct/192.168.0.1/auth-detail-20090818
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.1/auth-detail-20090818
[auth_log] 	expand: %t - Tue Aug 18 14:06:40 2009
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = guaraldi, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] EAP packet type response id 0 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry guaraldi at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No known good password found for the user.  Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Finished request 0.
Going to the next request
Thread 1 waiting to be assigned a request
Waking up in 0.9 seconds.
Thread 2 got semaphore
Thread 2 handling request 1, (1 handled so far)
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] 	expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d - /var/log/radius/radacct/192.168.0.1/auth-detail-20090818
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.1/auth-detail-20090818
[auth_log] 	expand: %t - Tue Aug 18 14:06:40 2009
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = guaraldi, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] EAP packet type response id 1 length 80
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry guaraldi at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
  TLS Length 70
[tls] Length Included
[tls] eaptls_verify returned 11 
[tls] (other): before/accept initialization 
[tls] TLS_accept: before/accept initialization 
[tls]  TLS 1.0 Handshake [length 0041], ClientHello  
[tls] TLS_accept: SSLv3 read client hello A 
[tls]  TLS 1.0 Handshake [length 002a], ServerHello  
[tls] TLS_accept: SSLv3 write server hello A 
[tls]  TLS 1.0 Handshake [length 0697], Certificate  
[tls] TLS_accept: SSLv3 write certificate A 
[tls]  TLS 1.0 Handshake [length 00d0], CertificateRequest  
[tls] TLS_accept: SSLv3 write certificate request A 
[tls] TLS_accept: SSLv3 flush data 
[tls] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase 
In SSL Accept mode  
[tls] eaptls_process returned 13 
++[eap] returns handled
Finished request 1.
Going to the next request
Thread 2 waiting to be assigned a request
Waking up in 0.9 seconds.
Thread 3 got semaphore
Thread 3 handling request 2, (1 handled so far)
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] 	expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d - /var/log/radius/radacct/192.168.0.1/auth-detail-20090818
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.1/auth-detail-20090818
[auth_log] 	expand: %t - Tue Aug 18 14:06:41 2009
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in

Re: XP client can not authenticate in Radius Server - HELP ME PLEASE!!!!!!!!!!!!!

2009-08-18 Thread Alan DeKok 
Hilton Guaraldi wrote:
 Hi ALL!!!
 
 I did more then 20 openssl commands in order to issue a CA for tests...
 Howto in http://www.linuxjournal.com/node/8095/print and
 http://www.linuxjournal.com/node/8151/print. I DID ALL THE COMMANDS!!!

  And you didn't use the examples that came with the server.

  In version 2:

1) install the server
2) run radiusd -X'
3) EAP will work.

  See raddb/certs/README

 XP client do not authenticate :-(
 Do I need users file???
 What the correct sintaxe for login guaraldi and password mudar123?

  See the FAQ for an example.

 I defined users file like:
 guaraldi   Auth-Type := EAP, Cleartext-Password == mudar123

  That's wrong.  See man users or man 5 users for documentation.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: XP client can not authenticate in Radius Server - HELP ME PLEASE!!!!!!!!!!!!!

2009-08-18 Thread Alan Buxey 
Hi,

 Hi ALL!!!

Hi!

ignore the tutorials.  install latest version from source...ensure
/usr/local/etc/raddb or /etc/raddb doesnt exist before 'make install'

thenm run the radiusd server...the first time it will make test
certs. copy the CA.der server.der to the windows system and install as
trusted certificates

 I defined users file like:
 guaraldi   Auth-Type := EAP, Cleartext-Password == mudar123

wrong!

change to 

guaraldi   Cleartext-Password := mudar123

now, using the SSID of whatever you chose, and the SSL cert you just trusted
...it will.work!


alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html