Re: EAP-MD5 Authentication problem

2005-12-28 Thread Marco Spiga
Hello!!! I don't know why the 'radeapclient -s -xx 127.0.0.1 auth testing123 req.txt' command don't authenticate whith radiusd. The req.txt file contains: User-Name = test User-Password = password EAP-MD5-Password = password NAS-IP-Address = 127.0.0.1 NAS-Port = 10 EAP-Code = Response

Hello Radius Server Problem

2005-12-28 Thread Kai Geek
Hello, what your radius server starting problem? dont log /varlog/radius/radius.conf :( Switch IP: 10.0.0.250 - Dlink (26 Port) Radius Server: 10.0.0.6 #ssh 10.0.0.6 #pico clients.conf client 10.0.0.250 { secret = testing shortname = des-deneme } #pico

Selecting one of multiple Ldap server in users file

2005-12-28 Thread Gerald Richter
Hi, I want to use more than one ldap server to authenticate users. I have setup a users file that sets the Autz-Type so one of two ldap server are selected for authorization. Since it is not known which kind of authentication information is provied by the user, chap is also included, like

Re: Selecting one of multiple Ldap server in users file

2005-12-28 Thread xav guerin
Use Autz-Type instead of Auth-Type and set Autz-Type := aldap1 in the users file (in check items) 2005/12/28, Gerald Richter [EMAIL PROTECTED]: Hi, I want to use more than one ldap server to authenticate users. I have setup a users file that sets the Autz-Type so one of two ldap server are

radius error file

2005-12-28 Thread Kai Geek
#tail -f /var/log/radius/radius.log Wed Dec 28 13:31:21 2005 : Info: Using deprecated naslist file. Support for this will go away soon. Wed Dec 28 13:31:21 2005 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Wed Dec 28 13:31:21 2005 : Info: Ready to process

Re: EAP-MD5 Authentication problem

2005-12-28 Thread Anup Parkhi
Try moving your entry fpr user way up in the users file. I had the same problem. Then i moved my user after the first DEFAULT entry and it worked. I think it has to do with some Checked attribute.(Sorry, i don't have access to my machine right now. i am on vacation. I can not give more clear

RE: Selecting one of multiple Ldap server in users file

2005-12-28 Thread Gerald Richter
Hi, Use Autz-Type instead of Auth-Type and set Autz-Type := aldap1 in the users file (in check items) That's what I already do and authorization works correctly and accesses ldap1 or ldap2 as it should, but when it comes to authentication, Auth-Type is set to LDAP by the authorization

AcctStopTime - AccStartTime != AcctSessionTime

2005-12-28 Thread Ezequiel O. Block
Hi to all, +--+-+-+-+ | UserName | AcctStartTime | AcctStopTime| AcctSessionTime | +--+-+-+-+ | pepe | 2005-12-02 16:24:45 | 2005-12-02 16:25:46 |

RE: Selecting one of multiple Ldap server in users file

2005-12-28 Thread Gerald Richter
Hi, You can also set Auth-Type and then add an entry in authentication section like you did in authorize. Yes, I know, but as I wrote in my first message, my problem comes with CHAP, because if you set the Auth-Type := aldap1, then CHAP will not work anymore, because the chap modules see

Re: Selecting one of multiple Ldap server in users file

2005-12-28 Thread xav guerin
Hi, You can also set Auth-Type and then add an entry in authentication section like you did in authorize. it could look like this : in users files: user ...,Autz-Type := aldap1, Auth-Type := aldap1 and in radiusd.conf: Authorize{ ... Autz-Type aldap1 { ... } ... } Authenticate {

Re: radius error file

2005-12-28 Thread Alan DeKok
Kai Geek [EMAIL PROTECTED] wrote: why problem in radius server ? What problem? Do you see an *error* in the logs? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP-MD5 Authentication problem

2005-12-28 Thread Alan DeKok
Marco Spiga [EMAIL PROTECTED] wrote: the users file contain: test Auth-Type := EAP, User-Password == password Use ':=' for the password, not '=='. The debug log would show that it's not matching that entry. Once you make this change, it *will* show it's matching that entry.

Re: Selecting one of multiple Ldap server in users file

2005-12-28 Thread Alan DeKok
Gerald Richter [EMAIL PROTECTED] wrote: That's what I already do and authorization works correctly and accesses ldap1 or ldap2 as it should, but when it comes to authentication, Auth-Type is set to LDAP by the authorization phase and it didn't know about different ldap servers anymore OK,

Re: EAP-MD5 Authentication problem

2005-12-28 Thread Marco Spiga
On Wed, Dec 28, 2005 at 12:37:00PM +, Anup Parkhi wrote: From: Anup Parkhi [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Date: Wed, 28 Dec 2005 12:37:00 + Subject: Re: EAP-MD5 Authentication problem Try moving your entry fpr user way up in the users file. I had the

Problem with freeRadius +openssle +EAP/TLs

2005-12-28 Thread Adam Rogalski
Hi folks I'm new here and I'm trying to configure Radius for my home wireless network. I use RADIUS on fedora core 4, my AP is WRT54G and clients are on WindowsXp sp2. I made everythig with "how to" on page http://www.linuxjournal.com/article/8095. But I still don't have authentication

Re: EAP-MD5 Authentication problem

2005-12-28 Thread Marco Spiga
A row like this? test Auth-Type := EAP, User-Password := password Reply-Message = Hello, %u Still it does not work :-(( And I also have tried to write test Auth-Type == EAP, User-Password := password Reply-Message = Hello, %u only to make an

Freeradius vs NT Domain Authentication

2005-12-28 Thread Richard Bortolucci
Hi,I know that's possible to configure Freeradius to authenticate Windows NT Domain users, but I just can't find a good/complete documentation about it... Is it possible for anyone on this forum to provide such documentation (files/links/instructions) to me? Thanks,-- Richard Bortolucci - List

Re: EAP-MD5 Authentication problem

2005-12-28 Thread Alan DeKok
Marco Spiga [EMAIL PROTECTED] wrote: Still it does not work :-(( Go read the FAQ. See 5.10. It's directed specifically at your remark. Alan DEKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius vs NT Domain Authentication

2005-12-28 Thread Alan DeKok
Richard Bortolucci [EMAIL PROTECTED] wrote: I know that's possible to configure Freeradius to authenticate Windows NT Domain users, but I just can't find a good/complete documentation about it... Is it possible for anyone on this forum to provide such documentation (files/links/instructions)

Re: AcctStopTime - AccStartTime != AcctSessionTime

2005-12-28 Thread Alan DeKok
Ezequiel O. Block [EMAIL PROTECTED] wrote: In some rows there are even bigger differences, shouldn´t be AcctSessionTime the difference of AcctStopTime - AcctStartTime ? Sure. But FreeRADIUS logs what the NAS sends it. See the queries in sql.conf. Alan DeKok. - List

using freradius 1.0.5 to secure an WLAN AP

2005-12-28 Thread Frank Buttner
of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 radius_xlat: '/var/log/radius/radacct/192.168.1.2/auth-detail-20051228' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius

Adapting Reply-Msg to Reject cause

2005-12-28 Thread Yannick Deltroo
Hello, I'm using Freeradius with rlm_sql sqlcounter to authorize access to hotspots. I would like to set a specific Reply-Message (which is displayed in the user browser) depending the Reject cause, for instance: - Reply-Msg=Account has expired (if reject because of Expiration == ) -

Re: using freradius 1.0.5 to secure an WLAN AP

2005-12-28 Thread Alan DeKok
=?us-ascii?Q?Frank_Buttner?= [EMAIL PROTECTED] wrote: Hello, I try to use freeradius to secure my WLAN. But it will not work. The clients talk to the ap and the ap to my radius Server. But the answer of the radius server is not ok:( What's going wrong? Your message doesn't include anything

openssl fails

2005-12-28 Thread pelusa vali
hi everybody, well finally get install openssl v0.9.8a, now when i try to generate certificates to be used with freeradius (eap-tls or eap-peap) i use these command to CERTIFICATE AUTHORITY GENERATION: #openssl req -new -x509 -keyout newreq.pem -out newreq.pem -passin pass:clue1 -passout

FreeRadius 1.1.0-pre0 on OpenBSD

2005-12-28 Thread Vincent Bernat
Hi ! I succeed in compiling cleanly Freeradius 1.1.0-pre0 on OpenBSD 3.8 with the following configure : ./configure --with-rlm_ldap --without-rlm_krb5 \ --without-rlm_acct_unique --without-rlm_otp \ --without-rlm_perl --enable-shared=no --enable-debug Freeradius

Re:no response from server on other machine

2005-12-28 Thread yao guoxian
If the server doesn't respond on localhost, then either it isn'trunning, or you edited the configuration files to break it.Alan DeKok. Thank you for your suggestion. Thefact is Radius works correctly on the localmachine (the same machine on which FreeRadius 1.0.5 was installed).However, when a

Re: FreeRadius 1.1.0-pre0 on OpenBSD

2005-12-28 Thread Alan DeKok
Vincent Bernat [EMAIL PROTECTED] wrote: I have the original configuration files with EAP defaulting to PEAP and TLS enabled. Here is the backtrace from gdb : (gdb) bt #0 0x06fdcbb6 in memset () from /usr/lib/libc.so.38.2 #1 0x80601740 in ?? () #2 0x1c03c33f in make_tunnel_passwd (

Re: no response from server on other machine

2005-12-28 Thread LeRoy DeVries
On Wednesday 28 December 2005 19:51, yao guoxian wrote: Thank you for your suggestion. The fact is Radius works correctly on the localmachine (the same machine on which FreeRadius 1.0.5 was installed).However, when a authentication request was sent to Radius Server from the other

Re: no response from server on other machine

2005-12-28 Thread Bill Brunton
Watch out for a software firewall. Is it blocking any ports? On Wed, 28 Dec 2005, LeRoy DeVries wrote: Date: Wed, 28 Dec 2005 20:10:23 -0700 From: LeRoy DeVries [EMAIL PROTECTED] Reply-To: FreeRadius users mailing list freeradius-users@lists.freeradius.org To: FreeRadius users

RE: Selecting one of multiple Ldap server in users file

2005-12-28 Thread Gerald Richter
Hi, OK, enough is enough. This auto-set Auth-Type in LDAP is just broken. I'll fix it before 1.1.0 to do the following: - add a config option saying set_auth_type = yes/no - the default will be yes for backwareds compatibility - the yes case will also be smarter about multiple

Re: EAP-MD5 Authentication problem

2005-12-28 Thread Marco Spiga
Marco Spiga [EMAIL PROTECTED] wrote: Still it does not work :-(( Go read the FAQ. See 5.10. It's directed specifically at your remark. Alan DEKok. Endured made!! I don't have include the output of radtest because I want to only qualify radiusd to use authentication EAP MD5.

Re: EAP-MD5 Authentication problem

2005-12-28 Thread Alan DeKok
Marco Spiga [EMAIL PROTECTED] wrote: However as soon as installed freeradius I have tried radtest and it worked well, also whith users inserted in radcheck table of postgresql and authentication EAP MD5 has not never worked. The entry in the users file isn't being matched because you edited

Re: no response from server on other machine

2005-12-28 Thread Alan DeKok
LeRoy DeVries [EMAIL PROTECTED] wrote: In order to resolve the problem one must know what the problem is. May I suggest that you start Radius with radiusd -sfxxyz -l stdout and observe what happens and then maybe that will give you a clue. It's even simpler than that. He should edit the