Paul Dugas wrote:
On Mon, Aug 16, 2010 at 5:02 PM, Alan DeKok al...@deployingradius.com wrote:
Use PEAP. Ensure passwords are in a form compatible with PEAP:
My LDAP directory contains NT, LM, and SSHA passwords but not
clear-text so, if I'm following correctly, I need to look into using
Javier Richard Quinto Ancieta wrote:
Hello, I have problems with my FreeRADIUS (Installed )Version 1.1.3.
Upgrade.
The
problem is when I use EAP-PEAP, msCHAPv2 for clients Windows and a
Server LDAP in Debian.
I have Installed freeradius using EAP-PEAP and in the radius.conf is of
the
Raymond Norton wrote:
I have a working set up using wpa2 with freeradius and ldap. I need to
set up host authentication instead of user authentication. I am using
LAM to manage ldap and have added a couple host accounts, but I keep
getting a login page from the hotspot. The problem could be a
Jan Zacharias wrote:
Sun Aug 15 10:01:39 2010 : Error: Discarding duplicate request from
client swba1-00-test port 1645 - ID: 157 due to unfinished request 125603
As always, something is blocking the server.
The entry Sun Aug 15 10:01:39 2010 is interesting as no client was
connected to
On Wednesday 11 August 2010 01:38:22 Alan DeKok wrote:
Antony King wrote:
The 'live' server is a centos5.5 box. I've tried with the standard
freeradius2 package (version 2.1.7) and a version compiled from SRPMS in
case there was a problem with ttls in that version. The configuration
was
Antony King wrote:
I did 'make destroycerts', then 'make' in the certs directory. It should all
be new in there.
OK.
I guess so; it's just very frustrating that it all works perfectly if you are
localhost, but not if you are a remote host.
Or maybe it works from localhost with
Aqdas Muneer wrote:
thank you for the quick response. the reason i created the admin account
was for use during ldap outages and you are correct that this account
does not exist in ldap. what would be a better way to go about
accomplishing this. i want the admin account to be only available
*edit*
After writing most of the below, I used iperf to check that UDP packets were
getting through, and discovered that after about 4 packets the stream was
getting dropped. This turned out to be caused by vmware sitting on the
interface I was connecting to and doing 'something' - not sure
On 08/17/2010 05:17 AM, Antony King wrote:
I'm tempted to compile it up from scratch on this box too (not using
the SRPM) - I spotted that it was looking in the wrong place for some
libraries in radiusd.conf (not that fixing it made
If there is a problem with the SRPM we want to know about it.
On Tuesday 17 August 2010 13:50:34 John Dennis wrote:
On 08/17/2010 05:17 AM, Antony King wrote:
I'm tempted to compile it up from scratch on this box too (not using
the SRPM) - I spotted that it was looking in the wrong place for some
libraries in radiusd.conf (not that fixing it made
Like it is always:
Tue Aug 17 17:42:48 2010 : Auth: rlm_opendirectory: User ahu is authorized.
Tue Aug 17 17:42:57 2010 : Error: rlm_eap: No EAP session matching the State
variable.
Tue Aug 17 17:44:21 2010 : Auth: rlm_opendirectory: User ahu is authorized.
Tue Aug 17 17:44:30 2010 : Error:
I dont know if updating is such a good idea. Mac OS X comes with 2.1.3 and
another mailinglist reader told me that everything in his environment with Snow
Leopard Server works
So I guess this thing should work somehow with Mac OS X Servers freeradius
2.1.3 implementation together with
Andreas Hubert wrote:
Like it is always:
Tue Aug 17 17:42:48 2010 : Auth: rlm_opendirectory: User ahu is authorized.
Tue Aug 17 17:42:57 2010 : Error: rlm_eap: No EAP session matching the State
variable.
Tue Aug 17 17:44:21 2010 : Auth: rlm_opendirectory: User ahu is authorized.
Tue Aug
I attached the log with debug mode.
And I read the instructions and did this:
System Preferences -
Network -
Select The Airport adapter in the left column --
Click Advanced (bottom right corner next to the help ?)
Select the 802.1x tab
Click the + to add a profile
Add a User Profile
Name it test
After a bit more investigating, I think I come closer to the problem and can
locate it on somewhere with Mac OS X Server Access Control List for services.
We have a second server here, which is Open Directory Replica and the RADIUS
connection with this server works!
I attach logfile from
Okay sorry again, I tried it completely fresh, with empty logs and debug mode.
This time I don't get the error with missing com.apple.access_radius group on
booth servers.
Can anyone see, why who what's the problem and difference between these servers?
They are boot configured the same, Airport
On my juniper gear I have 3 tiered profiles (tier1,2 and 3) each with
varying permissions (tier3=SuperUser and tier1=readonly). Using LDAP I map
specific users to these profiles so when bob.smith logs in I pass the the
VSA Juniper-Local-User-Name = tier3 from the radius server and bob.smith
logs
On Tue, Aug 17, 2010 at 2:44 AM, Alan DeKok al...@deployingradius.com wrote:
Paul Dugas wrote:
On Mon, Aug 16, 2010 at 5:02 PM, Alan DeKok al...@deployingradius.com
wrote:
Use PEAP. Ensure passwords are in a form compatible with PEAP:
My LDAP directory contains NT, LM, and SSHA
Andreas Hubert wrote:
I dont know if updating is such a good idea. Mac OS X comes with 2.1.3 and
another mailinglist reader told me that everything in his environment with
Snow Leopard Server works
So I guess this thing should work somehow with Mac OS X Servers freeradius
2.1.3
Andreas Hubert wrote:
Okay sorry again, I tried it completely fresh, with empty logs and
debug mode.
Stop CC'ing me on messages to the list. In case you hadn't noticed, I
*do* read the list.
This time I don't get the error with missing com.apple.access_radius
group on booth servers.
Paul Dugas wrote:
The settings in NetworkManager on my Fedora Linux laptop, when I
choose WPAWPA2-Enterprise and PEAP, allow MSCHAPv2 (default), MD5,
and GTC for the inner authentication. I see on the protocol
compatibility table you referenced that only clear-text and ntlm_auth
are
Natr Brazell wrote:
Here's the wierd part. If bob goes home in the evening and doesn't log
out of a router, the accounting log shows bob.smith (STOP) after a
certain amount of time however the accounting log show 'tier3' still
logged in.
Any ideas?
Blame the NAS.
Alan DeKok.
-
List
On Tue, Aug 17, 2010 at 4:02 PM, Alan DeKok al...@deployingradius.com wrote:
If you do not have clear-text or NT hashed passwords in your LDAP
database, then *no* tool will magically make MS-CHAP work. The problem
is the method used to store the password. The problem is *not* the tool
used
Paul Dugas wrote:
On Tue, Aug 17, 2010 at 4:02 PM, Alan DeKok al...@deployingradius.com wrote:
If you do not have clear-text or NT hashed passwords in your LDAP
database, then *no* tool will magically make MS-CHAP work. The problem
is the method used to store the password. The problem is
On Tue, Aug 17, 2010 at 4:29 PM, Alan DeKok al...@deployingradius.com wrote:
I suggest reading my messages again. It's clear you don't understand
what ntlm_auth does.
Sorry if I've offended you.
Are you saying that I should be able to enable ldap in inner-tunnel
and it should be able to
Roger! Blaming ensuing!
N
On Tue, Aug 17, 2010 at 4:02 PM, Alan DeKok al...@deployingradius.comwrote:
Natr Brazell wrote:
Here's the wierd part. If bob goes home in the evening and doesn't log
out of a router, the accounting log shows bob.smith (STOP) after a
certain amount of time
On 08/17/2010 05:31 PM, Paul Dugas wrote:
On Tue, Aug 17, 2010 at 4:29 PM, Alan DeKokal...@deployingradius.com wrote:
I suggest reading my messages again. It's clear you don't understand
what ntlm_auth does.
Sorry if I've offended you.
Are you saying that I should be able to enable ldap
I am trying to have the ability to log all logins with very specific
information so that we can track customer and asset access.
I would like this information to be added to the radius mysql in a separate
table. This information would include MAC address, last IP, and if possible
the last NAS IP.
I have set up a FreeRadius 2 Server that authenticates on a Lotus Notes LDAP
Service and it successfully maps. But I'm having a hard time figuring out
what is the encryption method used by the Lotus Notes with their passwords.
Here is the debug:
[ldap] performing user authorization for
29 matches
Mail list logo
