Hi!
I have a problem with chap authorization. PAP works fine but chap gives out
this output:
http://paste-it.net/public/id5f751/
Thanks!
--
Maciej Drobniuch
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ok,
does someone find normal that EAP-TLS authentication works and not EAP-PEAP?
- it is sure, it is not a question of certificate. Alan said someday that that
NAS is broken. He might be true, but maybe i missed something in the
configuration, but where?
- it reminds me a question and i don't
Alan:
I'll do my best to explain.
Currently our NAS is returning the NAS-Port and FreeRADIUS is logging it
like this:
Fri Jul 18 13:09:52 2008 : Auth: Login OK: [khj] (from client dslam
port 1073873726)
Fri Jul 18 13:09:55 2008 : Auth: Login OK: [dfsands6] (from client
dslam port
Reveal MAP wrote:
> does someone find normal that EAP-TLS authentication works and not EAP-PEAP?
It depends on how you configure the system.
> I called a SSID "TLS" where security is "WPA Enterprise". it expet users
> to be authenticated via FREERADIUS to be allowed on the network.
> so i use a
Re hello:
Now i am trying to authenticate via PEAP a user existing onmy sql database:
the output is too long, mailing list parameters won't accept it. i post part of
the output that seem to give the point of misconfiguration. if it is not
sufficient, please let me know, and i will find a way to
Reveal MAP wrote:
> Now i am trying to authenticate via PEAP a user existing onmy sql database:
The debug log doesn't show that.
> the output is too long, mailing list parameters won't accept it. i post
> part of the output that seem to give the point of misconfiguration. if
> it is not suffici
Don't CC me on posts to the list. I *do* read the list, if you hadn'
already noticed. And DON'T set "return receipt requested". It's
annoying. I generally delete all email which has that set.
Frank Bulk - iNAME wrote:
...
> According to my NAS' documentation, that longish number is a
> bit-r
preacct
++[preprocess] returns ok
rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address =
10.10.44.246,NAS-IP-Address = 10.10.44.246,Acct-Session-Id =
"-0007",User-Name = "testuser01"'
rlm_acct_unique: Acct-Unique-Session-ID = "73713cdd1b906342".
thank you Alan
(i am on the FAQ)
user=maman
passwd= maman
is a sql based user.
trying peap with sql based user give error message, but trying it with Ad_based
user give no error message, just don't connect...
with radtest:
radtest maman maman localhost 1812 testing123
Sending Access-Request of
Reveal MAP wrote:
> user=maman
> passwd= maman
> is a sql based user.
>
> trying peap with sql based user give error message,
Which... is what? Is it a secret?
> but trying it with
> Ad_based user give no error message, just don't connect...
FreeRADIUS gives no error message? Or the clie
Alan..
Much thanks for the reply and very helpful advice..
>> the rlm_sql_oracle does configure.
> So that works, at least.
Actually the Makefile was incorrect..
I took your advice and edited the Makefile and it was a simple edit.
My system is a 64 bit Sparc box, and FR-2.05 only compiles 32 bit
ah okay! lol
> "f you want to authenticate PEAP users via SQL (which you seem
> to be saying), then don't configure the mschap module to use ntlm_auth."
my mistake: i didn't know...
back to Users based on AD.
username=glouglou
passwd=glouglou
domain=PLUTON
--
Reveal MAP wrote:
>> "f you want to authenticate PEAP users via SQL (which you seem
>> to be saying), then don't configure the mschap module to use ntlm_auth."
>
> my mistake: i didn't know...
Huh? You are aware that AD is not the same as SQL?
> back to Users based on AD.
>...
> in etc/raddb/
thekat wrote:
> I took your advice and edited the Makefile and it was a simple edit.
> My system is a 64 bit Sparc box, and FR-2.05 only compiles 32 bit.
The server is 64-bit clean, and does run on 64-bit systems. Are you
sure that you have 64-bit Oracle libraries installed? If so, why can't
y
I'll do my best to ignore the abrasive comments.
I'm not in the position that I can edit the source code. Is there is a
feature request form that you can point me to? This is something that I
would benefit many others, too.
Yes, ISC's DHCP is different, but it's a core networking service just l
Frank Bulk - iNAME wrote:
> I'll do my best to ignore the abrasive comments.
Since you make a point of talking about them, I can explain. Very few
people CC me on posts to the list, and every time they get told that I
still read the list. Almost no one sets "return receipt requested",
because
16 matches
Mail list logo
