Perhaps you could explain why you're writing your own PAM module,
rather than using the one that comes with FreeRADIUS.
Then, explain why PAM conversation questions are for the FreeRADIUS
list, and not the PAM list.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.or
Thanks for the note. i restored the values of RADIUS_CLIENT_FIRST_WAIT
andRADIUS_CLIENT_MAX_ENTRIES to their original values.
But, changing RADIUS_CLIENT_MAX_RETRIES from 10 to 0 or any value does not
make any difference. It still sends access-request 10 times.
I am doing make eapol_test foll
On Tue, Mar 16, 2010 at 2:33 AM, Alan Buxey wrote:
> Hi,
>
>> I'll try to make Mac Authentication with MySQL backend. But I always
>> rejected.
>> Mac Authentication only works if I add like the following lines into
>> the /etc/raddb/users.
>
>
>> 90:4 C: E5: 6C: 7E: B6 Auth-Type: = Accept
>>
>>
Hi,
> I'll try to make Mac Authentication with MySQL backend. But I always rejected.
> Mac Authentication only works if I add like the following lines into
> the /etc/raddb/users.
> 90:4 C: E5: 6C: 7E: B6 Auth-Type: = Accept
>
> I use OpenBSD 4.6, FreeRadius 2.1.3 and MySQL 5.0.83.
> What shoul
pam_conv is good for holding interactive conversation locally for applications
such as login, su etc.
When used with radius server pam_conv failed to do prompt at remote_client.
Please note that we are not interested in local convesation where PAM is
located.
The remote client I have used is
Hello,
I'll try to make Mac Authentication with MySQL backend. But I always rejected.
Mac Authentication only works if I add like the following lines into
the /etc/raddb/users.
90:4 C: E5: 6C: 7E: B6 Auth-Type: = Accept
I use OpenBSD 4.6, FreeRadius 2.1.3 and MySQL 5.0.83.
What should I do, to ma
On 03/15/2010 01:12 PM, Rajendra Hegde wrote:
Hello,
The scenario is like this :
{remote client } -> {radius} ---> {PAM} > {Extern Athenticator}
Now when the external authenticator sends challenge to PAM, I do not see
a easy way to pass the "challenge text" back to the radius.
Please note
Hello,
The scenario is like this :
{remote client } -> {radius} ---> {PAM} > {Extern Athenticator}
Now when the external authenticator sends challenge to PAM, I do not see a
easy way to pass the "challenge text" back to the radius.
Please note that pam_sm_authenticate allows eit
Hi,
> just want to manage accounting on mysql
>
> so i coyed the schema.sql in /etc/freeradius,
> did mysql -u root -p accounting < schema.sql
>
> and i got this.
>
> ERROR 1064 (42000) at line 17: You have an error in your SQL syntax; check
> the manual that corresponds to your MySQL server v
On 03/15/2010 12:16 PM, Rajendra Hegde wrote:
Hello,
I am developing a PAM module for radius server.
The radius server is configured to use PAM auth.
It reads /etc/pam.d/radiusd and loads it on receiving auth request.
The PAM module talks to external Authentication server and sometimes
gets back
Hello,
I am developing a PAM module for radius server.
The radius server is configured to use PAM auth.
It reads /etc/pam.d/radiusd and loads it on receiving auth request.
The PAM module talks to external Authentication server and sometimes gets back
"Challenge Respose".
How can this be re
hi,
just want to manage accounting on mysql
so i coyed the schema.sql in /etc/freeradius,
did mysql -u root -p accounting < schema.sql
and i got this.
*ERROR 1064 (42000) at line 17: You have an error in your SQL syntax; check
the manual that corresponds to your MySQL server version for the rig
We can't find any info how to do this, but we can't be the first, either.
Anybody got howtos or recipes for converting MySQL db?
Len
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I am using FreeRADIUS Version 1.1.3, for host i686-redhat-linux-gnu
I am trying to take the username of a format 'realm/username' and have
FreeRADIUS take the 'realm' and pass it on in a sql query using %{Realm} and
take the 'username' and pass it on with %{SQL-User-Name}. I have found I
can d
On Monday 15 March 2010 13:42:11 Alan Buxey wrote:
> Hi,
>
> > no i don't have AD.
> >
> > in other word, i cannot use windows xp supplicant EAP-MSCHAPv2 to make
> > the authentication protocol to authenticate users in openldap database
> > using ssha1 password, that's right?
>
> correct: http:/
Hi,
> no i don't have AD.
>
> in other word, i cannot use windows xp supplicant EAP-MSCHAPv2 to make the
> authentication protocol to authenticate users in openldap database using
> ssha1 password, that's right?
correct: http://deployingradius.com/documents/protocols/oracles.html
PEAPv0/MS
Hello all,
I am using FreeRadius 2.1.8 with MySQL to authenticate BBA users. I get L2TP
sessions from my ISP (=LAC) arriving in VRF l2tp_vrf which I want to terminate
in a different VRF (e.g. inet_vrf). Basic authentication works as long as I do
not intruduce cisco-avpair attributes.
Which one
no i don't have AD.
in other word, i cannot use windows xp supplicant *EAP-MSCHAPv2 *to make
the authentication protocol to authenticate users in openldap database using
ssha1 password, that's right?* *
2010/3/15 Alan Buxey
> Hi,
>
> > how can i handle encrypted users's ldap password ?
>
>
>
Hi,
> how can i handle encrypted users's ldap password ?
depends what you want to do
read the docs and you will see what youc an do with what back-end eg
http://deployingradius.com/documents/protocols/compatibility.html
this shows that LDAP is just a basic store of info...you cannot do eg
ch
Hi,
> another question?
why not.
> how freeradius deal with simultaneous mutiple access?
read the mailing list archives?
read the documents that come with the product?
doc/Simultaneous-Use
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi,
how can i handle encrypted users's ldap password ?
pap reckognize my ssha1 from base64 encoding => because of the auto_header
to yes
but it looks like MS-CHAP does not kwow how to deal with...
[ldap] Added User-Password = {SSHA}2FJYOM+C3mqL2g6wOhcLfjMY2XdoQ4bi in check
items
[ldap] No defau
another question?
how freeradius deal with simultaneous mutiple access?
thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
forgot what i said.
i commented the line:
#checkItem NT-password userPassword
in ldap.attrmap and it works!!
THANK U ALAN
you saved me
2010/3/15 omega bk
> Hi,
>
> you mean by commenting mschap in autorize and authenticate section?
>
> thanks
>
> 2010/3
Hi,
you mean by commenting mschap in autorize and authenticate section?
thanks
2010/3/15 Alan Buxey
> Hi,
>
> > [mschap] Told to do MS-CHAPv2 for bernard with NT-Password
> > [mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
> > [mschap] FAILED: MS-CHAP2-Response is incorrect
Hi,
> [mschap] Told to do MS-CHAPv2 for bernard with NT-Password
> [mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
> [mschap] FAILED: MS-CHAP2-Response is incorrect
get rid of the NT-Password LDAP hook if you're not using it.
alan
-
List info/subscribe/unsubscribe? See http:/
thank u for your quick reply
i fixed bernard's password in ldap
so:
[ldap] userPassword -> Cleartext-Password == "test"
[ldap] userPassword -> NT-Password == 0x74657374
i added the
password_radius_attribute = "NT-Password"
but still the same:
[mschap] Told to do MS-CHAPv2 for bernard wi
Am 15.03.2010 um 11:35 schrieb omega bk:
sorry for spamming, i just want to understand
OpenLDAP knows the clear text password:
[ldap] userPassword -> Cleartext-Password == "test "
[ldap] userPassword -> NT-Password == 0x7465737420 => supposed to
be the hash password
I doub very much
Hi,
> [ldap] userPassword -> Cleartext-Password == "test "
note the space at the end. your password is 'test ' not just 'test'
is this deliberate? check your LDAP!
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sorry for spamming, i just want to understand
*OpenLDAP knows the clear text password:*
[ldap] userPassword -> Cleartext-Password == "test "
[ldap] userPassword -> NT-Password == 0x7465737420 *=> supposed to be the
hash password*
[ldap] looking for reply items in directory...
[ldap] user be
Axel Grimm wrote:
Hi i have
little question.
I use Freeradius with mysql an a dd-wrt Linksys Router as NAS.
How can i setup a MAC Adress auth that user do not need login and
Passwort ?
THX
Axel
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/u
can i post all the debug output?
thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi i have little question.
I use Freeradius with mysql an a dd-wrt Linksys Router as NAS.
How can i setup a MAC Adress auth that user do not need login and
Passwort ?
THX
Axel
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hello,
i'm still stuck and don't know how to make it work
i added in ldap.attrmap:
checkItem Cleartext-Password userPassword
checkItem NT-passworduserPassword
but i stil have:
[ldap] expand: %{User-Name} -> bernard
[ldap] expand: (cn=%{St
33 matches
Mail list logo