Mitchell, Mark wrote:
I'm trying to get 802.1x authentication going using PEAP/MS-CHAPv2 but
cant quite get it going (I think I'm pretty cloise though) so I'm hoping
someone here can take a look at my debug output below and perhaps offer
some helpful advice. Here's the specifics: Ubuntu 7.10,
Tuc at T-B-O-H.NET wrote:
If I choose DNS name, and I don't fully qualify it,
does it follow the standard BIND rules of using the domain
setting, or going down the search path?
It follows the normal process to look up domain names.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Thanks for the reply. However, these are Internet customers coming from
DSL or Dial up. I assume the Cisco and portmasters are sending unique
session IDs.
Don't assume. Use debug to see what's happening with accounting packets.
Ivan Kalik
Kalik Informatika ISP
-
List
Hello Alan,
Thanks for answering.
- How do i check if the clients are using PEAP?
- Dont know if this is the answer to you password question, i have a
password in the USERS file and on the client i have entered in the
WPA_Supplicant.conf, clear text word.
- Then what type of password how do i
Not sure what max access-period would be? If it relates to single
session then use Session-Timeout to fix max length. If it relates to
total time allowed then use sqlcounter (which will set Session-Timeout
dinamically). If you are setting a Session-Timeout that will be the same
for lagre number of
divisionmd wrote:
- How do i check if the clients are using PEAP?
Read the debug log as suggested in the FAQ, README, INSTALL, and daily
on this list.
- Dont know if this is the answer to you password question, i have a
password in the USERS file and on the client i have entered in the
nasname on your AP goes into NAS-Identifier filed in access request.
It's not the same as nasname in nas table which takes NAS IP or FQDN.
You can put it in shortname filed. Secret per NAS = Secret per NAS
IP address.
Ivan Kalik
Kalik Informatika ISP
Dana 11/4/2008, Tuc at T-B-O-H.NET [EMAIL
Hello Alan,
- I'm going to copy back the default eap.conf radiusd.conf and users
files, so I can start over again with clean files.
- Some tutorials I have followed are old, compared to the new version that I
have 2.0.3.
- Can you give me an example on how I should configure these three files
Ultimately for the same reasons that rlm_detail exists. I'd like to give my
ops guys the ability to see all attributes in requests and replies when
they're debugging or monitoring. We want to maintain all records in a single
SQL database with access via our existing web frontends...so I'd like the
Dear Friends,
Right now I have setup working of freeradius with mysql authentication. I have
static dynamic group created in mysql and all seems working. Currently static
IPs are provided by radius with mysql backend. But dynamic IP is provided by
Cisco Router. Cisco router is configured as
Just make entries for the users in users file. Instructions are in the
file.
There is nothing to configure in radiusd.conf or eap.conf. You might want
to read through eap.conf if you are thinking of replacing default
certificates or perhaps to copy request to tunnel and reply out.
Only other
Thanks Ivan!
- Some tutorials I have been following required some settings to be changed
in all those files.
- But probably for older version of FreeRadius then.
- I will re-try again!
Thanks for help,
Best regards,
Johan Nyman
-Original Message-
From:
[EMAIL PROTECTED]
Dear Friends,
Right now I have setup working of freeradius with mysql authentication. I have
static dynamic group created in mysql and all seems working. Currently
static IPs are provided by radius with mysql backend. But dynamic IP is
provided by Cisco Router. Cisco router is configured as
Dean Smith wrote:
Ultimately for the same reasons that rlm_detail exists. I'd like to give my
ops guys the ability to see all attributes in requests and replies when
they're debugging or monitoring. We want to maintain all records in a single
SQL database with access via our existing web
Johan Nyman wrote:
- I'm going to copy back the default eap.conf radiusd.conf and users
files, so I can start over again with clean files.
Good idea.
- Some tutorials I have followed are old, compared to the new version that I
have 2.0.3.
I wish all old tutorial disappeared off of the
Hello all,
There should be a place on the net that hosts official tutorials for
FreeRadius that are up-to date.
Then many problems would disappear.
I was about to follow this post to get EAP/TTLS to work:
http://www.felipe-alfaro.org/blog/2005/11/01/wpa-enterprise/
Can anyone help me sort
Hi,
Charlie B wrote:
Has no one else experienced this issue where reset password confuses
WinXP? I really don't want to use IAS. Anyone ideas?
Let me get this straight: You have machines in the domain, users doing
domain logins, and wired 802.1x using the domain credentials. When you
Hi,
Hello all,
There should be a place on the net that hosts official tutorials for
FreeRadius that are up-to date.
Then many problems would disappear.
there are several. the best place is wiki.freeradius.org
I was about to follow this post to get EAP/TTLS to work:
Johan Nyman wrote:
There should be a place on the net that hosts official tutorials for
FreeRadius that are up-to date.
Then many problems would disappear.
There *is* a place. It's on the main web page. It's up to date. Yet
many people *still* use third-party howto's that are years out
Hello again,
Thanks for that information,
Read the README in the /raddb/certs directory and found some very clear
instruction on how to compile/make the certificates.
Could you help me clarify this, so I have understand correctly:
1. To make a successful EAP/TLS connection I need the
-Address}/detail-%Y%m%d -
/var/log/radius/radacct/192.168.3.84/detail-20080412
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.3.84/detail-20080412
expand: %t - Sat Apr 12 19:07:58 2008
++[detail] returns ok
+- entering group pre
Hi Ivan,
Thanks for the reply. I think its starting to sink in. :)
I have to test out how we'll do a bit of it, but I think I get the
jist of it. I don't see how any of the netmask, require_message_authenticator
or virtual_server fit into it... But since I wasn't using it anyway, I
won't
Hello,
- Anyone can point me in the right direction if I am getting this error,
from the client:
CTRL-EVENT-EAP-FAILURE EAP authentication failed
- And on the freeradius console I have this:
Called-Station-Id = 00-20-a6-64-c3-b1:MVG-Personal
Calling-Station-Id =
Alan DeKok wrote:
Arran Cudbard-Bell wrote:
Ok take eduroam for example. A change in user authorisation at their
home site may result in the generation of a CoA request for the user to
be disconnected at the remote site, this would be proxied by the remote
sites RADIUS server. That same server
Hi,
recommend that you get eg OReilly book on OpenSSL. with a basic
undertsanding of OpenSSL all of these files and processes
become much more transparent.
1. To make a successful EAP/TLS connection I need the following
certificates:
correct
2. And those files are:
with SSL you get various
Yes, you can specify a network, not just single IP address.
Ivan Kalik
Kalik Informatika ISP
Dana 12/4/2008, Tuc at T-B-O-H.NET [EMAIL PROTECTED] piše:
Hi Ivan,
Thanks for the reply. I think its starting to sink in. :)
I have to test out how we'll do a bit of it, but I think I get the
Hello,
- I will look into that book you recommended Alan - OReilly book
on OpenSSLL thanks!
- But for right now do you have any clues on what I could/do test,
look at to fix this:
- I have a Linux client trying to connect to the Free Radius, and
on the
27 matches
Mail list logo