802.1x ldap tls

2005-12-01 Thread Paolo Barbato
Hi list, yes I know that this question has been discussed so many times but, still I'm in trouble. I've set up freeradius in order to authenticate+authorize Cisco NAS of Aironet. I've successfully connected PC/MAC wireless clients using TTLS+PAP with in backend and LDAP DB. Problem arise

RE: 802.1x ldap tls

2005-12-01 Thread Seferovic Edvin
Hi, as it says rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for myRfx with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.

RE: 802.1x ldap tls

2005-12-01 Thread Paolo Barbato
Since my LDAP store all passwords in clear-text, how can I force such way, instead of NT/LM-Password check? Regards, Paolo. Hi, as it says rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password.

Re: CPU - FR1.0.5

2005-12-01 Thread Breuer Nicolas
No i checked everything but seems the threads are the cause because with -s, that works ! On 30 Nov 2005 at 23:46, Alan DeKok wrote: From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED], FreeRadius users mailing list

Re: CPU - FR1.0.5

2005-12-01 Thread A . L . M . Buxey
Hi, No i checked everything but seems the threads are the cause because with -s, that works ! 2.6.9 kernel had several thread problems - at least on Fedora until up past the -1.724 build. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius How to integrate Active Directory[ADIntegrationWindowsXP NTLM Tutorial]

2005-12-01 Thread darkblue
I have a question about peap method, do I need to import the client certificate from the freeradius' CA server to the winxp client?or just import the server certificate? 2005/11/27, Alhagie Puye [EMAIL PROTECTED]: Thanks Dusty. That's very helpful. I have one little problem. I was hoping

RE: WLAN 802.1x FreeRadius with LDAP

2005-12-01 Thread Christian Poessinger
Christian Poessinger wrote: Zoltan Ori wrote: That's the problem everything is uncommented. Comment out ntlm_auth and with_ntdomain_hack. If you have plain text passwords, you aren't authenticating to a Windows domain controller, you don't have windbindd and nmbd running, you don't need want

Re: WLAN 802.1x FreeRadius with LDAP

2005-12-01 Thread Zoltan Ori
On Thursday 01 December 2005 09:19, Christian Poessinger wrote: Fixed it myself. After removing checkItem LM-Password userPassword checkItem NT-Password userPassword from the ldap.attrmap file, and adding checkItem userPassword

RE: 802.1x ldap tls

2005-12-01 Thread Paolo Barbato
Still in trouble. I've verified differences from TTLS+PAP+LDAP that works, and PEAP+MSCHAP+LDAP that doesn't work. I've also verified log from LDAP server. It seems that a succesful bind occurs only with TTLS+PAP+LDAP, but not occurs with PEAP so authentication fails. My LDAP store

FreeRadius and Interim Packets

2005-12-01 Thread Matt
Does anyone have experience with FreeRadius and Interim packets? Does it work ok? Any problems? How do you enable it? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

IP address allocation based on Calling-station-id

2005-12-01 Thread Matias E. Fabiano
Hi all, I have an application running on a server which stores data sent from GPRS phones. In order to do it without traversing the internet, the telco created me an APN which my GPRS phones will use to connect to my server. But my server's application also needs to connect back to the phones,

RE: Freeradius How to integrate Active Directory [AD Integration WindowsXP NTLM Tutorial]

2005-12-01 Thread Bohannan, Chad W
Hello, I am attempting to have FR authenticate administrative access for my Cisco gear against AD. The problem I am having is this. When I attempt to join the realm net ads join -U UID the command appears successful and from the AD side, the system has joined (visable in AD), however the

RadZap

2005-12-01 Thread Radius
When I run radwho -r to get all the information of a login. rod,Rodney Rumley,PPP,S406,Tue 17:46,63.215.26.177,4.240.144.66 I need to clean this one out of the list. I get all this below and have tried several commands but it keeps returning me to this with no real reason why it didn't work.

Re: RadZap

2005-12-01 Thread Alan DeKok
Radius [EMAIL PROTECTED] wrote: I get all this below and have tried several commands but it keeps returning me to this with no real reason why it didn't work. You didn't say what you typed in as the command-line for radzap. Try reading the man pages for radzap radwho. Alan DeKok. -

Re: RadZap

2005-12-01 Thread Radius
When radhow -r reads rod,Rodney Rumley,PPP,S406,Tue 17:46,63.215.26.177,4.240.144.66 I would type radzap -N 63.215.26.177 S406 secret I also tried radzap -N 4.240.144.66 S406 secret It keeps telling me it can't locate that IP address. Tried the man page, that's why I sent the request, it

Re: FreeRadius and Interim Packets

2005-12-01 Thread Alan DeKok
Matt [EMAIL PROTECTED] wrote: Does anyone have experience with FreeRadius and Interim packets? Does it work ok? Any problems? How do you enable it? Yes. It works. You enable it by installing the server. Did you *try* it? Alan DeKok. - List info/subscribe/unsubscribe? See

Re: RadZap

2005-12-01 Thread Alan DeKok
Radius [EMAIL PROTECTED] wrote: I would type radzap -N 63.215.26.177 S406 secret Which is wrong. Please READ the help the man page. It keeps telling me it can't locate that IP address. Yes, you're using the command incorrectly. S406 is NOT the IP address of the RADIUS server. Alan

Re: RadZap

2005-12-01 Thread Radius
I know Don't think I'm that stupid about an IP address. That was the port. I also tried radzap -N 63.215.26.177 -P S406 -U rod secret This only gives the help again. The man file does not give an example of the command line. I guess I'l have to google for someones example. - Original

Re: FreeRadius and Interim Packets

2005-12-01 Thread Matt
I have the server installed I haven't yet tried it. Ok that's what I was looking for. On 12/1/05, Alan DeKok [EMAIL PROTECTED] wrote: Matt [EMAIL PROTECTED] wrote: Does anyone have experience with FreeRadius and Interim packets? Does it work ok? Any problems? How do you enable it?

Re: RadZap

2005-12-01 Thread Alan DeKok
Radius [EMAIL PROTECTED] wrote: Don't think I'm that stupid about an IP address. That was the port. So... where did you type in the IP address of the RADIUS server? The answer is nowhere, which is your mistake. I guess I'l have to google for someones example. Uh... right. Alan

Re: RadZap

2005-12-01 Thread Radius
It was in the command line I sent. 63.215.26.177 is an IP address. I would type radzap -N 63.215.26.177 S406 secret - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Thursday, December 01, 2005 2:19

Re: RadZap

2005-12-01 Thread Radius
Your man says this. radzap [-d raddb_directory] [-N nas_ip_address] [-P nas_port] [-u user] [-U user] server[:port] secret radzap -d /usr/local/etc/raddb -N 63.215.26.177 -P S406 -u rod 1645 secret Still brings me back to the help screen. - Original Message - From: Alan DeKok

Re: RadZap

2005-12-01 Thread Walter Goulet
You're not typing in the IP address of the server; 1645 is not the IP address of the server! -N 63.215.26.177 is the IP address of the NAS. On 12/1/05, Radius [EMAIL PROTECTED] wrote: Your man says this. radzap [-d raddb_directory] [-N nas_ip_address] [-P nas_port] [-u user] [-U user]

RE: RadZap

2005-12-01 Thread Scott O'Connell
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Radius Sent: Thursday, December 01, 2005 1:44 PM To: FreeRadius users mailing list Subject: Re: RadZap Your man says this. radzap [-d raddb_directory] [-N nas_ip_address] [-P nas_port] [-u

Re: RadZap

2005-12-01 Thread Radius
User-Name = rod Acct-Session-Id = 04036884 NAS-IP-Address = 63.215.26.177 NAS-Port = 406 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 4.240.144.66 Acct-Session-Time = 766846 radzap -N 63.215.26.177 -P S406 -u rod (server:port) 1646 secret - Original Message -

Re: RadZap

2005-12-01 Thread Radius
S406 is an S and not a 5 -N is for the Nas IP (according to the man.) - Original Message - From: Scott O'Connell [EMAIL PROTECTED] To: 'FreeRadius users mailing list' freeradius-users@lists.freeradius.org Sent: Thursday, December 01, 2005 2:56 PM Subject: RE: RadZap -Original

Re: RadZap

2005-12-01 Thread Laker Netman
Yikes :) Lookee here... radzap -N 63.215.26.177 -P S406 -u rod XXX.XXX.XXX.XXX:1646 secret XXX.XXX.XXX.XXX should be your *RADIUS* server IP. Not NAS, not client and, FWIW, secret should be the secret configured in your clients.conf. And I definitely think that -P S406 should just be -P 406

Re: RadZap

2005-12-01 Thread Radius
But his man said [-N nas_ip_address], so the man is wrong? I have the secret right. I just put it that way so I didn't broadcast it. User-Name = rod Acct-Session-Id = 04036884 NAS-IP-Address = 63.215.26.177 NAS-Port = 406 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address =

Re: RadZap

2005-12-01 Thread Radius
OK, thank you. That worked. - Original Message - From: Laker Netman [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Thursday, December 01, 2005 4:00 PM Subject: Re: RadZap Yikes :) Lookee here... radzap -N 63.215.26.177 -P S406 -u

PEAP without MAC is OK but with MAC...

2005-12-01 Thread Rudi Verago \[vlain\]
I use the last version of freeradius on a Ubuntu box, my supplicant is a XP machine. I set PEAP and all works ok, this is the simple configuration for the file user rudi User-Password == x All is perfect also with MySQL...so FreeRADIUS is great ;-) My problem is using MAC address also,

Re: PEAP without MAC is OK but with MAC...

2005-12-01 Thread Alan DeKok
Rudi Verago [vlain] [EMAIL PROTECTED] wrote: My problem is using MAC address also, simply adding the parameter Calling-Station-Id doesn't work: rudiUser-Password == x Calling-Station-Id == 00-e3-44-5E-1A-B2 ... rad_recv: Access-Request packet from host 192.168.0.100:1143,

Re: PEAP without MAC is OK but with MAC...

2005-12-01 Thread Rudi Verago \[vlain\]
Thanks!!! Calling-Station-ID was ok but in the email I put another MAC... The solution was the copy_request_to_tunnel...thanks again. Your email with the solution of the problem was the faster I had never received in every mailing list. Bye, Rudi - My problem is using MAC address also,