klaus@atos.net wrote:
FreeRadius is configured as a Radius Proxy, Proxy-ing works, accept
Pakets are send to the NAS 192.168.4.36, but not Framed-IP !?
any idea?
Read the debug output. The home server isn't sending the
Framed-IP-Address attribute.
In proxying, the response from the
I ma trying to set up freeRADIUS server implementing (wireless) user
authentication (running wpa_supplicant) via AP (running hostapd).
After reading various howto's and documentation as well as looking at
numerous sources on the Internet, I can't see a way in which the AP is
authenticated to
Am 26.11.2011 22:04, schrieb Mr Dash Four:
I ma trying to set up freeRADIUS server implementing (wireless) user
authentication (running wpa_supplicant) via AP (running hostapd).
After reading various howto's and documentation as well as looking at
numerous sources on the Internet, I can't see
After reading various howto's and documentation as well as looking at
numerous sources on the Internet, I can't see a way in which the AP is
authenticated to the RADIUS server by using only its certificate
attributes (CN, Subject, Issuer etc) - it seems that freeRADIUS always
needs some sort of
Mr Dash Four mr.dash.f...@googlemail.com wrote:
After reading various howto's and documentation as well as looking
at numerous sources on the Internet, I can't see a way in which the
AP is authenticated to the RADIUS server by using only its
certificate attributes (CN, Subject, Issuer etc) -
Sven Hartge s...@svenhartge.de wrote:
Yes, this is kind of weak. And because of this weakness a protocol like
RADsec has been developed, which is essentially
RADIUS-with-SSL-over-TCP, thus providing strong encryption of the whole
RADIUS session.
Addition: The first FreeRADIUS version to
On 11/26/2011 04:32 PM, Andreas Rudat wrote:
so it is, you can only protect your AP client with the shared secret key.
Not necessarily. If the switch to which the WAP is connected supports
802.1x, it could act as a NAS and authenticate the WAP with EAP/TLS.
--
In other words, EAP-TTLS/EAP-TLS isn't actually supported in
freeRADIUS?
It is. I believe you misunderstood how RADIUS works.
Maybe, considering I've been reading about RADIUS for just over 2 days...
The connection between the AP (called NAS in RADIUS) and the
RADIUS-Server is only
Addition: The first FreeRADIUS version to include native RADsec support
will be 3.0. To use it with a version below that, you usually proxy your
normal RADIUS request through a software like radsecproxy.
Very interesting indeed. How about tunnelling (via ssh for example) - is
that a similar
so it is, you can only protect your AP client with the shared secret key.
Not necessarily. If the switch to which the WAP is connected supports
802.1x, it could act as a NAS and authenticate the WAP with EAP/TLS.
By WAP I take it you mean the wireless client, right? If so, this is
Mr Dash Four mr.dash.f...@googlemail.com wrote:
In other words, EAP-TTLS/EAP-TLS isn't actually supported in
freeRADIUS?
It is. I believe you misunderstood how RADIUS works.
Maybe, considering I've been reading about RADIUS for just over 2 days...
The connection between the AP (called
Mr Dash Four mr.dash.f...@googlemail.com wrote:
Addition: The first FreeRADIUS version to include native RADsec
support will be 3.0. To use it with a version below that, you usually
proxy your normal RADIUS request through a software like radsecproxy.
Very interesting indeed. How about
No, the shared secret is not transmitted over the wire.
For additinal information see RFC2865, §2:
When a password is present, it is hidden using a method based on the
RSA Message Digest Algorithm MD5. (see RFC131).
MD5 is broken.
My question still remains though - since this is a
Well, if you cannot trust your own internal network, then you have other
problems than securing your RADIUS authentication.
Networks, no matter how secure, can be compromised. As I pointed out
previously - one can never be too careful.
-
List info/subscribe/unsubscribe? See
Hi
I’m using freeradius 2.1.12 with external program calling for auth,
pre-auth and acct
A while after radius up, it reports:
Sat Nov 26 13:02:03 2011 : Error: Couldn't fork /etc/netbill/acct.pl:
Cannot allocate memory
The machine is:
12 G ram, CentOS 5.4, Kernel 2.6.18-164.el5PAE
15 matches
Mail list logo
