Hi All-
We're doing some work with integrating FreeRADIUS using EAP-TLS into a network
with HItachi ASN-GW and Cisco HA that only uses Mobile-IP. We successfully
pass phase-1 authentication, and generate the appropriate keying material for
the HA, but at phase-2 authentication we fail, since th
On Dec 9, 2010, at 3:21 PM, Alan Buxey wrote:
> Hi,
>
>> There isnt an option to disable eap on the printer.� The protocols I have
>> the option for on the printer are leap, peap and eap-tls.� peap and
>> eap-tls give me the above error.� leap just kinda stops (i should probably
>> disab
I change the options copy_request_to_tunnel and use_tunneled_reply to yes in
eap.conf (peap section) and it work.
Sending Access-Accept of id 180 to 10.0.0.3 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "200"
User-Name
Hi,
> Freeradius Access-Accept:
>
> Sending Access-Accept of id 29 to 10.0.0.3 port 1645
> MS-MPPE-Recv-Key =
> 0x88a007eda1d4841ea348c3a0d49fd963e3f188a3f77509c3d3eb045d3a23fa7c
> MS-MPPE-Send-Key =
> 0xbe8168ed341e6a4f0332a9d0c8b1893f574e98fa4af7af74dbebf944f687eaf7
>
Hi,
>There isnt an option to disable eap on the printer.� The protocols I have
>the option for on the printer are leap, peap and eap-tls.� peap and
>eap-tls give me the above error.� leap just kinda stops (i should probably
>disable leap anyways).� Is there any workaround/update/en
It's important that FreeRadius was built with the --with-edir switch for
Universal Password to properly work.
On Fri, Dec 10, 2010 at 11:48 AM, Peter Lambrechtsen <
plambrecht...@gmail.com> wrote:
> You may need to comment out the logintime and pap sections, since this
> isn't a pap authenticatio
You may need to comment out the logintime and pap sections, since this isn't
a pap authentication.
It seems like the password is being correctly extracted out of eDirectory
using Universal Password, but are you sure that's properly configured in the
build version of FreeRadius?
On Fri, Dec 10, 20
Good to see Novell fans still exist!
No time to dig into this, but I've seen on the list several times that copying
configs from one version of FR to another is not always supported /
recommended. Probably doesn't help much, but maybe point you in the right
direction. Can you reinstall the ori
Can anyone help? We are trying to do a ldap authentication from novell's
edirectory to an Aruba controller for wireless access. These are the error's we
are getting.
It used to work perfectly but the original radius server blew up. We installed
a new one with the same configuration and it doesn'
I haven't read this thread line by line, but I'd say start with the most simple
config first - the users file. Forget everything else until 802.1x VLAN
assignments work correctly from there.
I started down this path a year'ish ago and only got to the testing phase
before the project (ie: me) l
Freeradius Access-Accept:
Sending Access-Accept of id 29 to 10.0.0.3 port 1645
MS-MPPE-Recv-Key =
0x88a007eda1d4841ea348c3a0d49fd963e3f188a3f77509c3d3eb045d3a23fa7c
MS-MPPE-Send-Key =
0xbe8168ed341e6a4f0332a9d0c8b1893f574e98fa4af7af74dbebf944f687eaf7
EAP-Message = 0x030c0
Dears,
Below Access-Accept from ACS captured by Wireshark:
AVP: l=6 t=Tunnel-Type(64) Tag=0x00: VLAN(13)
Tag: 0x00
Tunnel-Type: VLAN (13)
AVP: l=6 t=Tunnel-Medium-Type(65) Tag=0x00: IEEE-802(6)
Tag: 0x00
Tunne
> It pretends to implement EAP, but it does not. Disable EAP for the
> printer.
>
There isnt an option to disable eap on the printer. The protocols I have
the option for on the printer are leap, peap and eap-tls. peap and eap-tls
give me the above error. leap just kinda stops (i shoul
Rob Yamry wrote:
> I have a HP JetDirect 690n print server that Im trying to authenticate
> via FreeRadius 2.1.8 for wireless clients to use. If I tell the 690 to
> use peap then I get the error "ERROR! Our request for peap was NAK'd
> with a request for peap". If I tell it to use eap-tls I get t
On 12/09/2010 06:25 PM, Rob Yamry wrote:
I have a HP JetDirect 690n print server that Im trying to authenticate
via FreeRadius 2.1.8 for wireless clients to use. If I tell the 690 to
use peap then I get the error "ERROR! Our request for peap was NAK'd
with a request for peap". If I tell it to u
hi,
there are numerous issues with 802.1X and HP printers.they dont seem
to follow the RFC properly - for example, inner bits of tunnel put
into outer part.
if Aaran Cubard-Bell is still on this list he might give a little
more information and perhaps an update???#
alan
-
List info/subscribe
I have a HP JetDirect 690n print server that Im trying to authenticate via
FreeRadius 2.1.8 for wireless clients to use. If I tell the 690 to use peap
then I get the error "ERROR! Our request for peap was NAK'd with a request
for peap". If I tell it to use eap-tls I get the error "ERROR! Our requ
Alan,
I´m using a catalyst 2960 for EAPOL authentication.
I will go change the order in my users file for test.
Regards,
Luciano Rangel
-Original Message-
From: freeradius-users-bounces+luciano.rangel=logica@lists.freeradius.org
[mailto:freeradius-users-boun
Alan Buxey wrote:
> who knows..possibly the ORDER of the attributes?
Any NAS that care about the order of attributes is violating the
specifications.
> is your switch one of those wierd ones that wants the NAME of the VLAN
> rather than its ID?
Quite possibly. If he had bothered looking at
We use perl
$RAD_REPLY{'Service-Type'}= "Framed-User";
$RAD_REPLY{'Tunnel-Type'} = "VLAN";
$RAD_REPLY{'Tunnel-Medium-Type'} = "IEEE-802";
$RAD_REPLY{'Tunnel-Private-Group-Id'} = "resnet";
Schilling
On Thu, Dec 9, 2010 at 10:17 AM, Alan
Hi,
> VLAN ID assignment should be done in Access-Accept, not in
> Access-Challenge. Try to compare Access-Accept sent by Cisco ACS and
> Access-Accept sent by FreeRADIUS.
yes - ours is in post-auth session (run via PERL)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/lis
Hi,
> DEFAULT Auth-Type = ntlm_auth
> Tunnel-Type = 13,
> Tunnel-Medium-Type = 6,
> Tunnel-Private-Group-ID = 200
who knows..possibly the ORDER of the attributes? we use
Tunnel-Medium-Type = "IEEE-802",
Tunnel-Type = "VLAN",
Rangel, Luciano wrote:
> I'm not trying debug logs in switch.
Then why are you looking at the debug log of the switch?
Why are you not looking at the debug log of the server?
> I simply answered the question of how I knew that my switch received
> vlan 0 instead 200.
Did the
>
> Auth-Type is not a reply attribute, it's a check attribute.
>
Yup, true. Works, thanks. Sorry for the useless message.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan,
I'm not trying debug logs in switch.
I simply answered the question of how I knew that my switch received
vlan 0 instead 200.
The help I'm asking is:
I send attribute Tunnel-Private-Group-Id = "200" with Freeradius and
send same attribute with ACS. Why swit
S Adrian wrote:
> SO far I got it working alright. The only thing is that I might want to
> reject a username ( even if the password is ok ) ( for example that
> username hasn't paid ). I tried inserting into radreply Auth-Type :=
> Reject but it still gets access-accept :/ Any ideas ?
See the F
Hey,
SO far I got it working alright. The only thing is that I might want to
reject a username ( even if the password is ok ) ( for example that username
hasn't paid ). I tried inserting into radreply Auth-Type := Reject but it
still gets access-accept :/ Any ideas ?
Thanks in advance,
Adrian
-
On Thu, Dec 9, 2010 at 3:51 PM, Miha Zoubek wrote:
> When I try with same configuration from NAS I get:
> I guss that is something wrong with my NAS?
> [pap] login attempt with password "áø{k?"
> [pap] Using clear text password "12345"
> [pap] Passwords don't match
> ++[pap] returns reject
> Fail
Hello,
I have tried with radtest from other server with the same configuration:I get
this (this is ok) :
pap] returns noopFound Auth-Type = PAP# Executing group from file
/etc/raddb/sites-enabled/default+- entering group PAP {...}[pap] login attempt
with password "12345"[pap] Using clear text p
29 matches
Mail list logo