Hi list,
yes I know that this question has been discussed so many times but,
still I'm in trouble.
I've set up freeradius in order to authenticate+authorize Cisco NAS of Aironet.
I've successfully connected PC/MAC wireless clients using TTLS+PAP
with in backend and LDAP DB.
Problem arise
Hi,
as it says
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for myRfx with NT-Password
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
Since my LDAP store all passwords in clear-text, how can I force such
way, instead of NT/LM-Password check?
Regards,
Paolo.
Hi,
as it says
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
No i checked everything but seems the threads are the cause
because with -s, that works !
On 30 Nov 2005 at 23:46, Alan DeKok wrote:
From: Alan DeKok [EMAIL PROTECTED]
To: [EMAIL PROTECTED],
FreeRadius users mailing list
Hi,
No i checked everything but seems the threads are the cause
because with -s, that works !
2.6.9 kernel had several thread problems - at least on Fedora
until up past the -1.724 build.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I have a question about peap method, do I need to import the client
certificate from the freeradius' CA server to the winxp client?or just
import the server certificate?
2005/11/27, Alhagie Puye [EMAIL PROTECTED]:
Thanks Dusty. That's very helpful.
I have one little problem. I was hoping
Christian Poessinger wrote:
Zoltan Ori wrote:
That's the problem everything is uncommented. Comment out ntlm_auth
and with_ntdomain_hack. If you have plain text passwords, you aren't
authenticating to a Windows domain controller, you don't have
windbindd and nmbd running, you don't need want
On Thursday 01 December 2005 09:19, Christian Poessinger wrote:
Fixed it myself. After removing
checkItem LM-Password userPassword
checkItem NT-Password userPassword
from the ldap.attrmap file, and adding
checkItem userPassword
Still in trouble.
I've verified differences from TTLS+PAP+LDAP that works, and
PEAP+MSCHAP+LDAP that doesn't work. I've also verified log from LDAP
server.
It seems that a succesful bind occurs only with TTLS+PAP+LDAP, but
not occurs with PEAP so authentication fails.
My LDAP store
Does anyone have experience with FreeRadius and Interim packets?
Does it work ok? Any problems? How do you enable it?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi all,
I have an application running on a server which stores data sent from
GPRS phones. In order to do it without traversing the internet, the
telco created me an APN which my GPRS phones will use to connect to my
server. But my server's application also needs to connect back to the
phones,
Hello,
I am attempting to have FR authenticate administrative access
for my Cisco gear against AD. The problem I am having is this. When I
attempt to join the realm net ads join -U UID the command appears
successful and from the AD side, the system has joined (visable in AD),
however the
When I run radwho -r to get all the information of a login.
rod,Rodney Rumley,PPP,S406,Tue 17:46,63.215.26.177,4.240.144.66
I need to clean this one out of the list.
I get all this below and have tried several commands but it keeps returning
me to this
with no real reason why it didn't work.
Radius [EMAIL PROTECTED] wrote:
I get all this below and have tried several commands but it keeps returning
me to this
with no real reason why it didn't work.
You didn't say what you typed in as the command-line for radzap.
Try reading the man pages for radzap radwho.
Alan DeKok.
-
When radhow -r reads
rod,Rodney Rumley,PPP,S406,Tue 17:46,63.215.26.177,4.240.144.66
I would type
radzap -N 63.215.26.177 S406 secret
I also tried
radzap -N 4.240.144.66 S406 secret
It keeps telling me it can't locate that IP address.
Tried the man page, that's why I sent the request, it
Matt [EMAIL PROTECTED] wrote:
Does anyone have experience with FreeRadius and Interim packets?
Does it work ok? Any problems? How do you enable it?
Yes. It works. You enable it by installing the server.
Did you *try* it?
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Radius [EMAIL PROTECTED] wrote:
I would type
radzap -N 63.215.26.177 S406 secret
Which is wrong. Please READ the help the man page.
It keeps telling me it can't locate that IP address.
Yes, you're using the command incorrectly. S406 is NOT the IP
address of the RADIUS server.
Alan
I know
Don't think I'm that stupid about an IP address. That was the port.
I also tried
radzap -N 63.215.26.177 -P S406 -U rod secret
This only gives the help again.
The man file does not give an example of the command line.
I guess I'l have to google for someones example.
- Original
I have the server installed I haven't yet tried it. Ok that's
what I was looking for.
On 12/1/05, Alan DeKok [EMAIL PROTECTED] wrote:
Matt [EMAIL PROTECTED] wrote:
Does anyone have experience with FreeRadius and Interim packets?
Does it work ok? Any problems? How do you enable it?
Radius [EMAIL PROTECTED] wrote:
Don't think I'm that stupid about an IP address. That was the port.
So... where did you type in the IP address of the RADIUS server?
The answer is nowhere, which is your mistake.
I guess I'l have to google for someones example.
Uh... right.
Alan
It was in the command line I sent.
63.215.26.177 is an IP address.
I would type
radzap -N 63.215.26.177 S406 secret
- Original Message -
From: Alan DeKok [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Thursday, December 01, 2005 2:19
Your man says this.
radzap [-d raddb_directory] [-N nas_ip_address] [-P nas_port] [-u user] [-U
user] server[:port] secret
radzap -d /usr/local/etc/raddb -N 63.215.26.177 -P S406 -u rod 1645 secret
Still brings me back to the help screen.
- Original Message -
From: Alan DeKok
You're not typing in the IP address of the server; 1645 is not the IP
address of the server!
-N 63.215.26.177 is the IP address of the NAS.
On 12/1/05, Radius [EMAIL PROTECTED] wrote:
Your man says this.
radzap [-d raddb_directory] [-N nas_ip_address] [-P nas_port] [-u user] [-U
user]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Radius
Sent: Thursday, December 01, 2005 1:44 PM
To: FreeRadius users mailing list
Subject: Re: RadZap
Your man says this.
radzap [-d raddb_directory] [-N nas_ip_address] [-P
nas_port] [-u
User-Name = rod
Acct-Session-Id = 04036884
NAS-IP-Address = 63.215.26.177
NAS-Port = 406
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 4.240.144.66
Acct-Session-Time = 766846
radzap -N 63.215.26.177 -P S406 -u rod (server:port) 1646 secret
- Original Message -
S406 is an S and not a 5
-N is for the Nas IP (according to the man.)
- Original Message -
From: Scott O'Connell [EMAIL PROTECTED]
To: 'FreeRadius users mailing list'
freeradius-users@lists.freeradius.org
Sent: Thursday, December 01, 2005 2:56 PM
Subject: RE: RadZap
-Original
Yikes :)
Lookee here...
radzap -N 63.215.26.177 -P S406 -u rod
XXX.XXX.XXX.XXX:1646 secret
XXX.XXX.XXX.XXX should be your *RADIUS* server IP. Not
NAS, not client and, FWIW, secret should be the
secret configured in your clients.conf.
And I definitely think that -P S406 should just be -P
406
But his man said [-N nas_ip_address], so the man is wrong?
I have the secret right. I just put it that way so I didn't broadcast it.
User-Name = rod
Acct-Session-Id = 04036884
NAS-IP-Address = 63.215.26.177
NAS-Port = 406
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address =
OK, thank you. That worked.
- Original Message -
From: Laker Netman [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Thursday, December 01, 2005 4:00 PM
Subject: Re: RadZap
Yikes :)
Lookee here...
radzap -N 63.215.26.177 -P S406 -u
I use the last version of freeradius on a Ubuntu box, my supplicant is a XP
machine. I set PEAP and all works ok, this is the simple configuration for the
file user
rudi User-Password == x
All is perfect also with MySQL...so FreeRADIUS is great ;-)
My problem is using MAC address also,
Rudi Verago [vlain] [EMAIL PROTECTED] wrote:
My problem is using MAC address also, simply adding the parameter
Calling-Station-Id doesn't work:
rudiUser-Password == x Calling-Station-Id ==
00-e3-44-5E-1A-B2
...
rad_recv: Access-Request packet from host 192.168.0.100:1143,
Thanks!!!
Calling-Station-ID was ok but in the email I put another MAC...
The solution was the copy_request_to_tunnel...thanks again.
Your email with the solution of the problem was the faster I had never
received in every mailing list.
Bye,
Rudi
- My problem is using MAC address also,
32 matches
Mail list logo
