Re: How to handle challenge response using PAM auth in FreeRadius

2010-03-15 Thread Alan DeKok
Perhaps you could explain why you're writing your own PAM module, rather than using the one that comes with FreeRADIUS. Then, explain why PAM conversation questions are for the FreeRADIUS list, and not the PAM list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.or

Re: eapol_test retransmits 10 times

2010-03-15 Thread R C
Thanks for the note. i restored the values of RADIUS_CLIENT_FIRST_WAIT andRADIUS_CLIENT_MAX_ENTRIES to their original values. But, changing RADIUS_CLIENT_MAX_RETRIES from 10 to 0 or any value does not make any difference. It still sends access-request 10 times. I am doing make eapol_test foll

Re: Mac Auth with MySQL

2010-03-15 Thread Teguh Kurniawan
On Tue, Mar 16, 2010 at 2:33 AM, Alan Buxey wrote: > Hi, > >> I'll try to make Mac Authentication with MySQL backend. But I always >> rejected. >> Mac Authentication only works if I add like the following lines into >> the /etc/raddb/users. > > >> 90:4 C: E5: 6C: 7E: B6 Auth-Type: = Accept >> >>

Re: Mac Auth with MySQL

2010-03-15 Thread Alan Buxey
Hi, > I'll try to make Mac Authentication with MySQL backend. But I always rejected. > Mac Authentication only works if I add like the following lines into > the /etc/raddb/users. > 90:4 C: E5: 6C: 7E: B6 Auth-Type: = Accept > > I use OpenBSD 4.6, FreeRadius 2.1.3 and MySQL 5.0.83. > What shoul

RE: How to handle challenge response using PAM auth in FreeRadius

2010-03-15 Thread Rajendra Hegde
pam_conv is good for holding interactive conversation locally for applications such as login, su etc. When used with radius server pam_conv failed to do prompt at remote_client. Please note that we are not interested in local convesation where PAM is located. The remote client I have used is

Mac Auth with MySQL

2010-03-15 Thread Teguh Kurniawan
Hello, I'll try to make Mac Authentication with MySQL backend. But I always rejected. Mac Authentication only works if I add like the following lines into the /etc/raddb/users. 90:4 C: E5: 6C: 7E: B6 Auth-Type: = Accept I use OpenBSD 4.6, FreeRadius 2.1.3 and MySQL 5.0.83. What should I do, to ma

Re: How to handle challenge response using PAM auth in FreeRadius

2010-03-15 Thread John Dennis
On 03/15/2010 01:12 PM, Rajendra Hegde wrote: Hello, The scenario is like this : {remote client } -> {radius} ---> {PAM} > {Extern Athenticator} Now when the external authenticator sends challenge to PAM, I do not see a easy way to pass the "challenge text" back to the radius. Please note

RE: How to handle challenge response using PAM auth in FreeRadius

2010-03-15 Thread Rajendra Hegde
Hello, The scenario is like this : {remote client } -> {radius} ---> {PAM} > {Extern Athenticator} Now when the external authenticator sends challenge to PAM, I do not see a easy way to pass the "challenge text" back to the radius. Please note that pam_sm_authenticate allows eit

Re: accounting on msql

2010-03-15 Thread Alan Buxey
Hi, > just want to manage accounting on mysql > > so i coyed the schema.sql in /etc/freeradius, > did mysql -u root -p accounting < schema.sql > > and i got this. > > ERROR 1064 (42000) at line 17: You have an error in your SQL syntax; check > the manual that corresponds to your MySQL server v

Re: How to handle challenge response using PAM auth in FreeRadius

2010-03-15 Thread John Dennis
On 03/15/2010 12:16 PM, Rajendra Hegde wrote: Hello, I am developing a PAM module for radius server. The radius server is configured to use PAM auth. It reads /etc/pam.d/radiusd and loads it on receiving auth request. The PAM module talks to external Authentication server and sometimes gets back

How to handle challenge response using PAM auth in FreeRadius

2010-03-15 Thread Rajendra Hegde
Hello, I am developing a PAM module for radius server. The radius server is configured to use PAM auth. It reads /etc/pam.d/radiusd and loads it on receiving auth request. The PAM module talks to external Authentication server and sometimes gets back "Challenge Respose". How can this be re

accounting on msql

2010-03-15 Thread omega bk
hi, just want to manage accounting on mysql so i coyed the schema.sql in /etc/freeradius, did mysql -u root -p accounting < schema.sql and i got this. *ERROR 1064 (42000) at line 17: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the rig

convert mysql from ICRadius to Free

2010-03-15 Thread Len Conrad
We can't find any info how to do this, but we can't be the first, either. Anybody got howtos or recipes for converting MySQL db? Len - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Dynamically assign realm name when using DEFAULT realm

2010-03-15 Thread Jer Peterson
I am using FreeRADIUS Version 1.1.3, for host i686-redhat-linux-gnu I am trying to take the username of a format 'realm/username' and have FreeRADIUS take the 'realm' and pass it on in a sql query using %{Realm} and take the 'username' and pass it on with %{SQL-User-Name}. I have found I can d

Re: ldap auto header MS-CHAPv2

2010-03-15 Thread nf-vale
On Monday 15 March 2010 13:42:11 Alan Buxey wrote: > Hi, > > > no i don't have AD. > > > > in other word, i cannot use windows xp supplicant EAP-MSCHAPv2 to make > > the authentication protocol to authenticate users in openldap database > > using ssha1 password, that's right? > > correct: http:/

Re: ldap auto header MS-CHAPv2

2010-03-15 Thread Alan Buxey
Hi, > no i don't have AD. > > in other word, i cannot use windows xp supplicant EAP-MSCHAPv2 to make the > authentication protocol to authenticate users in openldap database using > ssha1 password, that's right? correct: http://deployingradius.com/documents/protocols/oracles.html PEAPv0/MS

vrf-aware vpdn / l2tp termination / cisco-avpair

2010-03-15 Thread Alexander
Hello all, I am using FreeRadius 2.1.8 with MySQL to authenticate BBA users. I get L2TP sessions from my ISP (=LAC) arriving in VRF l2tp_vrf which I want to terminate in a different VRF (e.g. inet_vrf). Basic authentication works as long as I do not intruduce cisco-avpair attributes. Which one

Re: ldap auto header MS-CHAPv2

2010-03-15 Thread omega bk
no i don't have AD. in other word, i cannot use windows xp supplicant *EAP-MSCHAPv2 *to make the authentication protocol to authenticate users in openldap database using ssha1 password, that's right?* * 2010/3/15 Alan Buxey > Hi, > > > how can i handle encrypted users's ldap password ? > > >

Re: ldap auto header MS-CHAPv2

2010-03-15 Thread Alan Buxey
Hi, > how can i handle encrypted users's ldap password ? depends what you want to do read the docs and you will see what youc an do with what back-end eg http://deployingradius.com/documents/protocols/compatibility.html this shows that LDAP is just a basic store of info...you cannot do eg ch

Re: MS-CHAP2-Response is incorrect + invalid NT-Password

2010-03-15 Thread Alan Buxey
Hi, > another question? why not. > how freeradius deal with simultaneous mutiple access? read the mailing list archives? read the documents that come with the product? doc/Simultaneous-Use alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

ldap auto header MS-CHAPv2

2010-03-15 Thread omega bk
hi, how can i handle encrypted users's ldap password ? pap reckognize my ssha1 from base64 encoding => because of the auto_header to yes but it looks like MS-CHAP does not kwow how to deal with... [ldap] Added User-Password = {SSHA}2FJYOM+C3mqL2g6wOhcLfjMY2XdoQ4bi in check items [ldap] No defau

Re: MS-CHAP2-Response is incorrect + invalid NT-Password

2010-03-15 Thread omega bk
another question? how freeradius deal with simultaneous mutiple access? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MS-CHAP2-Response is incorrect + invalid NT-Password

2010-03-15 Thread omega bk
forgot what i said. i commented the line: #checkItem NT-password userPassword in ldap.attrmap and it works!! THANK U ALAN you saved me 2010/3/15 omega bk > Hi, > > you mean by commenting mschap in autorize and authenticate section? > > thanks > > 2010/3

Re: MS-CHAP2-Response is incorrect + invalid NT-Password

2010-03-15 Thread omega bk
Hi, you mean by commenting mschap in autorize and authenticate section? thanks 2010/3/15 Alan Buxey > Hi, > > > [mschap] Told to do MS-CHAPv2 for bernard with NT-Password > > [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. > > [mschap] FAILED: MS-CHAP2-Response is incorrect

Re: MS-CHAP2-Response is incorrect + invalid NT-Password

2010-03-15 Thread Alan Buxey
Hi, > [mschap] Told to do MS-CHAPv2 for bernard with NT-Password > [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. > [mschap] FAILED: MS-CHAP2-Response is incorrect get rid of the NT-Password LDAP hook if you're not using it. alan - List info/subscribe/unsubscribe? See http:/

Re: MS-CHAP2-Response is incorrect + invalid NT-Password

2010-03-15 Thread omega bk
thank u for your quick reply i fixed bernard's password in ldap so: [ldap] userPassword -> Cleartext-Password == "test" [ldap] userPassword -> NT-Password == 0x74657374 i added the password_radius_attribute = "NT-Password" but still the same: [mschap] Told to do MS-CHAPv2 for bernard wi

Re: MS-CHAP2-Response is incorrect + invalid NT-Password

2010-03-15 Thread Nicolas Goutte
Am 15.03.2010 um 11:35 schrieb omega bk: sorry for spamming, i just want to understand OpenLDAP knows the clear text password: [ldap] userPassword -> Cleartext-Password == "test " [ldap] userPassword -> NT-Password == 0x7465737420 => supposed to be the hash password I doub very much

Re: MS-CHAP2-Response is incorrect + invalid NT-Password

2010-03-15 Thread Alan Buxey
Hi, > [ldap] userPassword -> Cleartext-Password == "test " note the space at the end. your password is 'test ' not just 'test' is this deliberate? check your LDAP! alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MS-CHAP2-Response is incorrect + invalid NT-Password

2010-03-15 Thread omega bk
sorry for spamming, i just want to understand *OpenLDAP knows the clear text password:* [ldap] userPassword -> Cleartext-Password == "test " [ldap] userPassword -> NT-Password == 0x7465737420 *=> supposed to be the hash password* [ldap] looking for reply items in directory... [ldap] user be

Re: Hi,

2010-03-15 Thread EasyHorpak.com
Axel Grimm wrote: Hi i have little question. I use Freeradius with mysql an a dd-wrt Linksys Router as NAS. How can i setup a MAC Adress auth that user do not need login and Passwort ? THX Axel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/u

Re: MS-CHAP2-Response is incorrect + invalid NT-Password

2010-03-15 Thread omega bk
can i post all the debug output? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Hi,

2010-03-15 Thread Axel Grimm
Hi i have little question. I use Freeradius with mysql an a dd-wrt Linksys Router as NAS. How can i setup a MAC Adress auth that user do not need login and Passwort ? THX Axel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MS-CHAP2-Response is incorrect + invalid NT-Password

2010-03-15 Thread omega bk
hello, i'm still stuck and don't know how to make it work i added in ldap.attrmap: checkItem Cleartext-Password userPassword checkItem NT-passworduserPassword but i stil have: [ldap] expand: %{User-Name} -> bernard [ldap] expand: (cn=%{St