Hello!
I'm trying to get working Windows XP - PEAP - MS-CHAPv2 with
freeRadius, but I don't know how to configure it correctly. I have
followed the instructions in the radiusd.conf, it's also seems 'working'
to me but I don't know now where is the problem (something like mschapv2
- messing with
Arthur understood exactly what i would like to say in
my previous mail.
My question is if the session-timeout value in the
users file or in the Mysql table gets automagically
decreased in order to represent the remaining session
time .
I had an access point that expect to have
Session_Timeout i
Send Freeradius-Users mailing list submissions to
[EMAIL PROTECTED]
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You
On Fri, 27 Feb 2004, Alan DeKok wrote:
> > the sql module wants me to have a Password == attribute
> > in the SQL table `radcheck', which I'd like to avoid.
>
> I don't see why. There's nothing in the module which requires a
> User-Password attribute in the database.
>
> Would you be willing
Hi Ed,
Yes I've done this. Make sure you get a recent snapshot
of freeradius. Using the MS enrollment tool to get certs
onto the PDA is a pain. Instead, I had success with the
crtimprt utility:
http://www.jacco2.dds.nl/networking/crtimprt.html
I followed the instructions on the
I want to be able to us 802.1X (PEAP) on my PDA running Pocket PC 2003 (free client
that comes with the OS) to authenticate to my wireless network. My wireless group
tried using Funk's SBR and found out it wouldn't work. Now they want to use my
FreeRadius server to accomplish this task. Has
Hi:
Is it possible to somehow do dual verification of a customers UID & PW. Here
is my scenario:
Presently I am using a dial-in hardware from ARINC (I think this is correct
name) & UID/PW verification with Shadow Password. Soon I will be switching
over to a 3Com HiPer & freeRADIUS (with MySQL).
Alan DeKok wrote:
Arne Brutschy <[EMAIL PROTECTED]> wrote:
>
Did you see that DEFAULT entry in the "users" file match for the
tunneled session? If not, it never set Autz-Type.
It did not, and it never matched my huntgroup. It turned out that I had
to switch copy_request_to_tunnel in the ttls se
Alan, :-) i think the question is if the session-timeout value in the
users file gets automagically decreased in order to represent the
remaining session time :-)
Aime, session-timeout is something sent to the NAS. the NAS is
responsible for counting the session minutes of the current session a
> That is not at all what I suggested. Please go back and read the
> message again.
Thanks, I did. For what ever reason in my mail client
the 2 lines have the same starting point so I did not pick
up on the second line being indented but thanks for
pointing it out to me. That did the trick!
"[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
> > DEFAULT Realm = "icradius"
> > NAS-IP-Address := 1.2.3.4
> >
> As per your earlier suggestion I added:
>
> DEFAULT Realm = "abc.com"
> NAS-IP-Address := 1.2.3.4<- replaced with real IP
That is not at all what I suggested. Please go back a
>
> Sure. See "preproxy_users"
>
> DEFAULT Realm = "icradius"
> NAS-IP-Address := 1.2.3.4
>
As per your earlier suggestion I added:
DEFAULT Realm = "abc.com"
NAS-IP-Address := 1.2.3.4<- replaced with real IP
to the preproxy_users file and when I restart FreeRADIUS
I get:
Error: Errors
"Nedialko Dimitrov" <[EMAIL PROTECTED]> wrote:
> I'm trying to run WindowsXP client with PEAP - MSCHAP-V2 auth and the
> authentication fails
Yes...
> I got two possible points of error, but I cannot guess where is my problem:
>
> (1)
> rlm_eap_peap: Had sent TLV failure, rejecting
> (2)
> mod
Aime <[EMAIL PROTECTED]> wrote:
> Does the Session-Atrribute get decreased automatically
> in the users file ?
Huh?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Tariq Rashid <[EMAIL PROTECTED]> wrote:
> i've had a search through the archives and google and can't find examples of
> anyone using freeradius with its list of allowed NAS clients (ip or dns
> names) held in a database
It isn't implemented. There are many posts in the archives asking
this, an
Jan-Piet Mens <[EMAIL PROTECTED]> wrote:
> the sql module wants me to have a Password == attribute
> in the SQL table `radcheck', which I'd like to avoid.
I don't see why. There's nothing in the module which requires a
User-Password attribute in the database.
Would you be willing to post the
"Christoph Galuschka" <[EMAIL PROTECTED]> wrote:
> Configuration seems to work well as I do get a challange when
> logging in to my cisco box (IOS 12.2). But I get an error
> message after entering my response:
>
> rlm_x99_token: auth: bad state for [tigalch]: length
The NAS is mangling the S
Anton Voronin <[EMAIL PROTECTED]> wrote:
> Is it possible to somehow make rlm_pap, rlm_chap or rlm_mschap to authenticate
> against a password (or NT/LM hash) taken from an external source (for
> example, using rlm_exec or rlm_perl)?
MS-CHAP does this already. If you would have tried it, you
hi
(1)
rlm_eap_peap: Had sent TLV failure, rejecting
(2)
modcall[authenticate]: module "eap" returns reject for request 7
the error is (2) and more precisely (out of your log):
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" r
Tim Bates <[EMAIL PROTECTED]> wrote:
> Ah, this could work. The /etc/group file on the RADIUS server is
> generated out of the same database which FreeRADIUS is configuring, so I
> can use that as a (hopefully) temporary solution. Just to confirm, did
> you mean using the etc_group example of th
--
Mark Hennessy
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: Thursday, February 26, 2004 9:58 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco 7200 Series and PPPoE
"Mark Hennessy" <[EMAIL PROTECTED]> wrote:
> But there is a password con
Hi,
I'm trying to run WindowsXP client with PEAP - MSCHAP-V2 auth and the
authentication fails
I got two possible points of error, but I cannot guess where is my problem:
(1)
rlm_eap_peap: Had sent TLV failure, rejecting
(2)
modcall[authenticate]: module "eap" returns reject for request 7
modca
Does the Session-Atrribute get decreased automatically
in the users file ?
--- Alan DeKok <[EMAIL PROTECTED]> wrote:
> "Daniel Baughman" <[EMAIL PROTECTED]> wrote:
> > How can I tell the NAS AP's to time out a user's
> connection after he has
> > used his allotted minutes?
>
> See the Session-
i've had a search through the archives and google and can't find examples of
anyone using freeradius with its list of allowed NAS clients (ip or dns
names) held in a database - which is imported at startup, or periodically,
not necessarily at every request (perhaps a refesh after a max counter).
> Can you please do a "cvs update", and then "cvs diff -w -u"?
>
> Your patch includes things like reverting the CVS Id to a lower
> revision number, and a lot of whitespace changes. That makes it
> difficult to see what is changed. It also means that the patch is
> about 4x the size it shou
Hello,
I'm using freeradius-0.9.3 and I'd like to perform authorization
of my users against our LDAP directory, but the reply items
should be retrieved from an SQL database (MySQL).
I've now got
authorize {
preprocess
chap
realmslash
26 matches
Mail list logo