CHAP Authentication Problem

respected sir, I am working on freeradius-0.9.3 version in linux. I have used PAP authentication successfully with both the radtest and radclient commands available. It return me Login Successful. But the problem is in using CHAP. 1. If I use the freeradius server and client for C

Re: Freeradius Segmentation Fault on LDAP Bind

I bugged this: . - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

User Authentication: 1st by Username then, if not matched, by Framed-IP-Address

Hello List, I have a question - I need to Authenticate users with different options. It looks as below: 1) Receive User-name & Password, 2) If not exist or not matched - check Framed-IP-Address 3) If both not matched - Access-Reject What I need to do? Manipulations with username will choice a one

Re: LDAP

On Tue, 2004-05-25 at 17:05, Barry Stewart wrote: > It's not even trying to connect to the LDAP server. Is this something I > have to configure in the users file? I stopped telling the server to > authenticate via LDAP and now ethereal confirms it doesn't query the > server for anything. The

Re: LDAP

It's not even trying to connect to the LDAP server. Is this something I have to configure in the users file? I stopped telling the server to authenticate via LDAP and now ethereal confirms it doesn't query the server for anything. The LDAP info is in the radiusd.conf file. What is supposed

RE: Need Assistance please

Alan, I'd first would like to extend my gratitude for answering my email. I'd also like to apoligize for my confusion. > Is radius supposed to only return back a single attribute? > > That's what you told it to do. An attribute with one value (even >with commas) is very different than attributes

Re: LDAP

Barry Stewart <[EMAIL PROTECTED]> wrote: >I guess I'm missing something then? I thought it would use the LDAP > password. If it retrieves the password from LDAP, yes. > Shouldn't this be using the password sent by the client, grabbing > the plaintext password from LDAP, encypting the LDA

Re: LDAP

Hmn, I guess I'm missing something then? I thought it would use the LDAP password. I did set password_attribute = userPassword in radiusd.conf. Shouldn't this be using the password sent by the client, grabbing the plaintext password from LDAP, encypting the LDAP password, and comparing

Re: Digest using MySQL

thks Alan DeKok more question i need chage sql.conf too to use MySQL schema because i use SER( Sip Express Router) with freeradius and Logs is write in files ou write in MySQL ? thks a lot Welesley Sibelson Dias > "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > > How to use MySQL for stor

Digest using MySQL

Hi all How to use MySQL for store users using Digest: this is put in users file: [EMAIL PROTECTED] Auth-Type := Digest, User-Password == "mera" Reply-Message = "Authenticated", Sip-Rpid = "16010" I'am sorry my poor english :( thks a lot Welesley Sibelson dias - List info/subscribe/unsub

Active Directory/radiusServiceType

I currently have FreeRADIUS setup to authenticate users against Active Directory and the local users file. Now I want to use it as the RADIUS server for my Extreme network switches. My hope is to be able to use the Active Directory accounts to authenticate the users to the switch via FreeRADI

Re: LDAP

Barry Stewart <[EMAIL PROTECTED]> wrote: > modcall: entering group Auth-Type for request 7 > rlm_mschap: No User-Password configured. Cannot create LM-Password. > rlm_mschap: No User-Password configured. Cannot create NT-Password. > rlm_mschap: doing MS-CHAPv2 for bstewart with NT-Password

Re: LDAP

Sorry, I thought it was failing on that one line and didn't want to send you all that output to look through. Here's the entire output: Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including

Re: LDAP

Barry Stewart <[EMAIL PROTECTED]> wrote: > I now get the following output: > > rlm_eap_peap: EAPTLS_OK > rlm_eap_peap: Session established. Decoding tunneled attributes. > rlm_eap_peap: Received EAP-TLV response. > rlm_eap_peap: Tunneled data is valid. > rlm_eap_peap: Had sent TLV failur

Re: Login-Time attribute

Keith Yoder <[EMAIL PROTECTED]> wrote: > Okay, I went digging through the code and found the solution. There are > two operators, "," and "|", that can separate Day definitions. If I use > a comma, Freeradius ignores the second day definition. Using a | > everything works as expected. As a r

Re: LDAP

Thanks, I guess I'm making things more complicated than they really are. I started with fresh conf files. I uncommented the tls and peap sections of eap.conf. I now get the following output: rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_

Re: eap-tls with windows2000???

Sure - get a supplicant (client) software package (such as Odyssey from Funk Software - I think and comes bundled with some of the WiFi capable cards such as the Linksys wireless-G card WPC54G - at least here in the US). I use this very setup for a Win2000 laptop Gary N. McKinney Network

Re: eap-tls with windows2000???

Service Pack 4 includes an 802.1x client, but it's disabled by default. Peruse through the Services MMC, and you should find it. --Mike On Tue, 2004-05-25 at 12:25, Kevin wrote: > Hi > > Most of you use eap-tls with XP. > Is there a way to use Windows2000 for eap-tls? > > Kevin > > > > -

eap-tls with windows2000???

Hi Most of you use eap-tls with XP. Is there a way to use Windows2000 for eap-tls? Kevin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Logging to syslog

Felipe Neuwald <[EMAIL PROTECTED]> wrote: > I'm running 'radiusd -l syslog' and it still logging to > /var/log/radius.log. Hmm... I suggest filing a bug on bugs.freeradius.org, then. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: LDAP

Barry Stewart <[EMAIL PROTECTED]> wrote: > I know you need to bind to LDAP with a clear text password. Apparently > this isn't possible with eap/peap. Exactly. > According to the docs you need to extract the password from LDAP > first and then do the comparison from instead of authenticating

Re: MySQL and EAP-TLS

James <[EMAIL PROTECTED]> wrote: > I know that it is possible to use EAP-TLS for authentication > purposes together with My-SQL for authorization. However I cannot > figure out what to put in radiuscheck in lieu of the password > attribute Nothing. Alan DeKok. - List info/subscribe/unsubsc

Re: eap-tls with XP client and linux client

"Szabo David" <[EMAIL PROTECTED]> wrote: > Why does the Xp client lose the connection when the RAdius server is > cleaning up requests? It doesn't. The two events are completely independent. What's probably happening is that there's a Session-Timeout sent in the reply, which tells the AP to

Re: eap-tls with XP client and linux client

Hi, I've have the same problem. Why does the Xp client lose the connection when the RAdius server is cleaning up requests? David - Original Message - From: Ulf Jakobsson To: [EMAIL PROTECTED] Sent: Tuesday, May 25, 2004 2:06 PM Subject: eap-tls with XP client and linux client Hi, I ha

LDAP

Hi, I would like to set freeradius up to authenticate from an LDAP directory. I can successfully authenticate a user this way from the radtest client. What I am trying to do is authenticate wireless clients (Windows XP). There is a ldap_howto.txt file but it's pretty complicated. I just wi

MySQL and EAP-TLS

Hi to all FreeRADIUS users, I know that it is possible to use EAP-TLS for authentication purposes together with My-SQL for authorization. However I cannot figure out what to put in radiuscheck in lieu of the password attribute (using eap-tls users don't have passwords but certificates). Thank y

Re: Dynamic VLAN assignment

Why not use public secure password forwarding? " Public Secure Packet Forwarding (PSPF) prevents client devices associated to an access point from inadvertently sharing files or communicating with other client devices associated to the access point. It provides Internet access to client devic

RE: Dynamic VLAN assignment

I've done trunking of more than 3 vlans with the 1200 series. I configured one as my native network management vlan, and two others bound to different SSIDs. I think it's possible to have even more than that, but only one Guest mode VLAN. -Original Message- From: Artur Hecker [mailto:[EMA

Re: Dynamic VLAN assignment

:-) ok, though i don't know what these magic private VLANs would be technically... with VLANs either you mark ports or you mark packets. what can they do in an AP? they can mark the port where it's plugged in as VLANx or they can make the AP send packets marked as appertaining to VLANx... well

Re: Dynamic VLAN assignment

well, i thought Dan was speaking about a new VLAN per user not per AP. this is possible with Cisco APs. as far as i know, 1200 and 1100 can do trunking. ciao artur Willey Kurt D wrote: I was under the impression that 1 AP = 1 VLAN. Has trunking been added? -Original Message- From: Artu

Re: Dynamic VLAN assignment

IIRC, the Aironets can only take either 8 or 16 VLANs. You may be better off using the filtering functions in the Aironet to restrict the forwarding of frames between wireless stations, instead of using VLANs like this. josh. On Tue, 2004-05-25 at 15:27, Dan Armstrong wrote: > (this is now kind

Re: Dynamic VLAN assignment

(this is now kind of off the topic of radius but... ) Yes, it is a bit heavy What this is really doing is kind of sort of mimicking "private VLANs" in the Catalyst sense. Where each user in a VLAN cannot see each other, but they can all send traffic towards one assigned port... I am playi

Re: Dynamic VLAN assignment

Oh yes  You can use the eth port as a trunk, and the radio can either tie different SSIDs to VLANs, or different users can be put into different VLANs if you are using some sort of authentication. Willey Kurt D wrote: I was under the impression that 1 AP = 1 VLAN. Has trunking been a

Possible to have different Session-Timeout for each NAS?

Hello all, I am using Freeradius 0.9.3 on an X86 machine running Gentoo Linux. I compiled Freeradius myself from source. We are authenticating users from authentication data in a MySql database. I am also using the PHP interface called "DialupAdmin", and we have 3 Ascend Max's as NAS gear. One NAS

Re: EAP-TLS and WEP key generation

I don't know. That does have me concerned about my test AP... On May 25, 2004, at 6:56 AM, Chris Bshaw wrote: Hi Bob. I **think** I might have it working now. I just added to the original config the following lines: encryption vlan 90 key 1 size 128bit 7 CE78330C1A841439656A9323F25A transmit-

RE: Dynamic VLAN assignment

I was under the impression that 1 AP = 1 VLAN. Has trunking been added? -Original Message- From: Artur Hecker [mailto:[EMAIL PROTECTED] Sent: Monday, May 24, 2004 5:40 PM To: [EMAIL PROTECTED] Subject: Re: Dynamic VLAN assignment i don't know, but i would say execute an external prog

Re: radclient -- testbed RFC compliance

<[EMAIL PROTECTED]> wrote: > Test if the RADIUS server fully complies to RFC (or subset) by sending > different test RADIUS packets and comparing the received packets with > per-defined packets. "radclient" can do that. But there isn't an existing testbed set up. You'll have to write wrappers

Re: Peap - domain

"Szabo David" <[EMAIL PROTECTED]> wrote: > Should I write anything in the domain box when I want to connect to the > wireless network? I'm using PEAP. ( WinXP, Freeradius CVS snapshot...) Whatever you want. But if FreeRADIUS doesn't know about the domain, then it probably won't work. Hmm...

Re: peap user

BLANCA FERRERO RODRIGUEZ <[EMAIL PROTECTED]> wrote: > I think that message comes because the user sent by my AP to the > radius is not in my users file, and it matches a default user I > added with Auth-Type = reject... but it makes sense doesn't it? Yes. It's why the authentication is failing.

Re: howto: radius and ldap group attributes

On Tue, 25 May 2004, Michael Schwartzkopff wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > (...) > > Run radiusd in debug mode to see exactly what's happening. Are you sure you > > have the files module before the ldap module? If it's the other way around > > that would explain the VA

Re: Alan is the King!

"Rivera, Denis" <[EMAIL PROTECTED]> wrote: > I tried getting info from the site... I've tried calling and I got an > operator error says "this number is no longer in service Whoops. I didn't update all of the web pages with my contact information. > all email addresses are bouncing back. :(

Re: Need Assistance please

"Rivera, Denis" <[EMAIL PROTECTED]> wrote: > -Attribute Dump- > Login-LAT-Groups=Users > > I was expecting the value "Change Password" and "Users" and "Luisa > Administrator". > ---Attribute Dump- > Login-LAT-Groups=Users, Change Password, Administrator > > The string

Re: howto: radius and ldap group attributes

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 (...) > Run radiusd in debug mode to see exactly what's happening. Are you sure you > have the files module before the ldap module? If it's the other way around > that would explain the VALN id not being read. Thanks. The location of the files module

Re: EAP-TLS and WEP key generation

Hi Bob. I **think** I might have it working now. I just added to the original config the following lines: encryption vlan 90 key 1 size 128bit 7 CE78330C1A841439656A9323F25A transmit-key encryption vlan 90 mode ciphers wep128 I read thru some examples on the cisco website (mostly for LEAP rat

Re: howto: radius and ldap group attributes

On Tue, 25 May 2004, Michael Schwartzkopff wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi, > > I tried to combine users into groups and use group attributes from LDAP to > pass on the NAS. But somehow it does not work. First I tried: > > DEFAULT Ldap-Group == vlan_20, \ > User-Pro

eap-tls with XP client and linux client

Hi, I have successfully authenticated a linux client (xsupplicant) with an ap running hostapd that talks to a radius server ( FreeRADIUS 0.9.3 debian/unstable) with eap-tls. I have also successfully authenticated an win XP client, but after some 30 seconds the win XP client seems to send a new req

howto: radius and ldap group attributes

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I tried to combine users into groups and use group attributes from LDAP to pass on the NAS. But somehow it does not work. First I tried: DEFAULT Ldap-Group == vlan_20, \ User-Profile:="uid=vlan_20,ou=profiles,ou=radius,dc=multinet,dc=de"

rlm_exec error

I'm getting this error when using rlm_exec: Exec-Program-Wait: plaintext: No input file specified. I've search through the source, but can't find any reference to this error message. Anyone got any ideas? Thanks, josh. -- --- Josh Howlett

radclient -- testbed RFC compliance

Hi there, I'm looking for a testbed to test compliance of a RADIUS server against the RFC or our internal standard interface. Objective: Test if the RADIUS server fully complies to RFC (or subset) by sending different test RADIUS packets and comparing the received packets with per-defined pac

Re: problems with radwho,

Still having problems with radwho and utmp type logging, can someone give me a clue? Maqbool Hashim wrote: Hi, I'm having problems getting utmp accounting to work properly on FreeRadius (latest version). When the NAS sends an account-request packet to radius, everything seems ok except for the

Re: rlm_ippool not deallocating ip's

On Mon, 24 May 2004, Alexander Lunyov wrote: > Hello freeradius-users, > > I have a problem with rlm_ippool - it's not deallocating ip's from > pool, and i think i'm somewhat close to its solution, but i want to > do all things right, that's why i'm here again. > > FreeBSD 4.8R-p14, freera

Peap - domain

hi,   Should I write anything in the domain box when I want to connect to the wireless network? I'm using PEAP. ( WinXP, Freeradius CVS snapshot...) David

Re: FreeRADIUS with IP Pooling

Can IP Pool works in a VLAN core switch? Regards, ro0ot ro0ot wrote: Hi, How can I configure FreeRADIUS to assign IP address when there is a successful authentication with FreeRADIUS? Regards, ro0ot - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info

Re: peap user

> > I'm configuring PEAP. I think the freeradius config is Ok. > ... > > modcall: group authorize returns updated for request 0 > > rad_check_password: Found Auth-Type Reject > > rad_check_password: Auth-Type = Reject, rejecting user > > Nope, it's not. > > Alan DeKok. > I think that me