Re: generating ssl certs in debian squeeze

Hi... as i see log says , "Error: TLS Alert read:fatal:unknown CA" . and you need to specify the certificate Authority in your client when testing. Certifcate authority is a File called "CA.pem" once you added to the client error should go away. And make sure debian sever hostname should be s

Re: generating ssl certs in debian squeeze

hello, thanks for the tip, although unfortunately im am still getting problems :( have included the out of eapol_test right here http://pastebin.com/8iKsCUfn and also what shows up in the freeradius logs as well (have included the file names that i currently have in in my /etc/freeradius/certs dir

Re: generating ssl certs in debian squeeze

Download the tar.gz file form freeradius , in that file , in folder "freeradius-server-xxx/raddb/certs" provide very easy way generate certs (./bootstrap) , just copy its its content to the freeradius in debian "/etc/freeradius/certs/" Thank you -- Forwarded message -- From: a

Ideas

Hi All, I've been following Thomas Glanzmann's work on sms/email otp with freeradius and can see it could REALLY save our organisation a lot of money (we're using securid tokens exclusively ATM). I'm trying to work out something to suit us and at the same time be helpful to others into making som

Re: Chap Authentication Error

Daniel Niasoff wrote: > This is what I see in the logs > > Fri Sep 14 17:22:37 2012 : Info: [chap] login attempt by > "f3207...@surf4sure.net" with CHAP password Fri Sep 14 17:22:37 2012 : Info: > [chap] Using clear text password "1234" for user f3207...@surf4sure.net > authentication. > Fri Se

Re: NEW PIN MODE

On Fri, Sep 14, 2012 at 8:40 PM, aa ss wrote: > Hello all, > > i have a working freeradius with securID RSA OTP tokens integration > (following RSA docs). > I need to configure radius clients to reply to Access-Challange new pin or > next tokencode proxyed by freeradius. This is a far shot, but T

Commit report for master branch

New activity for FreeRADIUS (the high performance and highly configurable RADIUS server) == - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Commit report for master branch

New activity for FreeRADIUS (the high performance and highly configurable RADIUS server) == - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Commit report for master branch

New activity for FreeRADIUS (the high performance and highly configurable RADIUS server) == - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Commit report for master branch

New activity for FreeRADIUS (the high performance and highly configurable RADIUS server) == - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Commit report for master branch

New activity for FreeRADIUS (the high performance and highly configurable RADIUS server) == - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

AUTO: Joachim Brauer/Germany/IBM is out of the office (returning 10/01/2012)

I am out of the office until 10/01/2012. Nicht im Büro. Post wird >nicht< bearbeitet. Bitte wenden Sie sich in eiligen Fällen an meine LAN Team Kollegen. I am not at my desk. Mail >won't< be checked. In urgent cases please contact my teammates. You are welcome :-) Note: This is an automated r

Chap Authentication Error

Hi I have had freeradius working for a while without issues serving ppp authentication requests. I am now getting a strange chap issue. A customer is unable to login even though the password is correct This is what I see in the logs Fri Sep 14 17:22:37 2012 : Info: [chap] login attempt by

Re: NEW PIN MODE

> Read the documentation for the RADIUS clients. Already did and already made > lots of tests. I'm using citrix netscaler as a client. Citrix does not > support directly securid, but need a radius integrated with RSA. So i > configured FreeRadius with SecurID and all work but "new pin mode". I n

Re: Help with 802.1x Certificate

You have three possible issues. 1). You need to chain all of the certs into one file. 2). MS requires that the cert have a "special purpose". This is documented and needs to be included in the CSR. BS, but that's MS for you. 3). MS might not like wild cards. Not sure about this but it may be

Re: Help with 802.1x Certificate

Tyller D wrote: > Is there a reason for that? Godaddy is in the list of servers to > validate against? Because Windows has certain magical requirements on certificates. If the godaddy cert doesn't have them, authentication will fail. Alan DeKok. - List info/subscribe/unsubscribe? See http://

Re: Help with 802.1x Certificate

On 14/09/12 15:38, Tyller D wrote: On Fri, Sep 14, 2012 at 4:07 PM, Alan DeKok mailto:al...@deployingradius.com>> wrote: Tyller D wrote: > I have everything configured and working when I disabled "validate > server Certificate" on windows. > I have a wildcard certificate pur

Re: Help with 802.1x Certificate

On Fri, Sep 14, 2012 at 4:07 PM, Alan DeKok wrote: > Tyller D wrote: > > I have everything configured and working when I disabled "validate > > server Certificate" on windows. > > I have a wildcard certificate purchased from godaddy.com. > > I'm not sure that will work. > Is there a reason for

Re: Failed login lockout protection in FreeRADIUS

Nice option but please keep in mind that suspended routers can behave like a brute force attacker and you'll lock them too. On 14.9.2012 15:36, Phil Mayers wrote: On 14/09/12 13:57, mr. s wrote: Hello, I was reading an article in computer world comparing a few RADIUS servers. It said that

Re: Failed login lockout protection in FreeRADIUS

On 14/09/12 15:05, Arran Cudbard-Bell wrote: Cool :) can you use the hierachy when creating new pages? Oops! Sure, will do so in future. moved to http://wiki.freeradius.org/guide/lockout - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Help with 802.1x Certificate

Tyller D wrote: > I have everything configured and working when I disabled "validate > server Certificate" on windows. > I have a wildcard certificate purchased from godaddy.com. I'm not sure that will work. > I had a problem when using it with apache as I had to add the > intermediate chain in

Re: NEW PIN MODE

aa ss wrote: > I need to configure radius clients Read the documentation for the RADIUS clients. Many clients will automatically work with PAP and challenges. But not all. Consult the client documentation. And *which* client are you using? Where did you get it from? I don't really car

Re: Failed login lockout protection in FreeRADIUS

On 14 Sep 2012, at 14:47, Phil Mayers wrote: > On 14/09/12 14:24, Arran Cudbard-Bell wrote: >> >> On 14 Sep 2012, at 13:57, mr. s wrote: >> >>> Hello, >>> >>> I was reading an article in computer world comparing a few RADIUS servers. >>> >>> It said that FreeRADIUS had "failed login lockout

Re: Help with 802.1x Certificate

On 14/09/12 14:46, Tyller D wrote: Hi all, I would like to use FreeRadius to do 802.1x EAP-PEAP for wireless users. I have everything configured and working when I disabled "validate server Certificate" on windows. I have a wildcard certificate purchased from godaddy.com .

Re: Failed login lockout protection in FreeRADIUS

On 14/09/12 14:24, Arran Cudbard-Bell wrote: On 14 Sep 2012, at 13:57, mr. s wrote: Hello, I was reading an article in computer world comparing a few RADIUS servers. It said that FreeRADIUS had "failed login lockout protection", however I can't find that particular verbiage in the FreeRADI

Help with 802.1x Certificate

Hi all, I would like to use FreeRadius to do 802.1x EAP-PEAP for wireless users. I have everything configured and working when I disabled "validate server Certificate" on windows. I have a wildcard certificate purchased from godaddy.com. I had a problem when using it with apache as I had to add

NEW PIN MODE

Hello all, i have a working freeradius with securID RSA OTP tokens integration (following RSA docs). I need to configure radius clients to reply to Access-Challange new pin or next tokencode proxyed by freeradius. Is there anyone that can help me finding some documentation about ore some peo

Re: Failed login lockout protection in FreeRADIUS

On 14/09/12 13:57, mr. s wrote: Hello, I was reading an article in computer world comparing a few RADIUS servers. It said that FreeRADIUS had "failed login lockout protection", however I can't find that particular verbiage in the FreeRADIUS documentation, FAQ or HowTos. What are you asking he

Re: Failed login lockout protection in FreeRADIUS

On 14 Sep 2012, at 13:57, mr. s wrote: > Hello, > > I was reading an article in computer world comparing a few RADIUS servers. > > It said that FreeRADIUS had "failed login lockout protection", however I > can't find that particular verbiage in the FreeRADIUS documentation, FAQ or > HowTos.

Re: Failed login lockout protection in FreeRADIUS

On Fri, Sep 14, 2012 at 7:57 PM, mr. s wrote: > Hello, > > I was reading an article in computer world comparing a few RADIUS servers. > > It said that FreeRADIUS had "failed login lockout protection", however I > can't find that particular verbiage in the FreeRADIUS documentation, FAQ or > HowTos.

Failed login lockout protection in FreeRADIUS

Hello, I was reading an article in computer world comparing a few RADIUS servers. It said that FreeRADIUS had "failed login lockout protection", however I can't find that particular verbiage in the FreeRADIUS documentation, FAQ or HowTos. Can anyone point me to what this may be referring to or c

Re: EAP-SIM on 2.2.0

Hi Iliya/Alan, I have looked into rlm_eap_sim source and found that is incorrectly decode AT_IDENTITY attribute. This leads to incorrect AT_MAC attribute calculation. MAC mismatch detected by supplicant and it refuses to continue EAP-SIM authentication. Please try to apply patch I've attached.

Re: EAP-SIM on 2.2.0

Iliya Peregoudov wrote: > Hello Francois > > I have looked into rlm_eap_sim source and found that is incorrectly > decode AT_IDENTITY attribute. This leads to incorrect AT_MAC attribute > calculation. MAC mismatch detected by supplicant and it refuses to > continue EAP-SIM authentication. > > Ple

Re: EAP-SIM on 2.2.0

Hello Francois I have looked into rlm_eap_sim source and found that is incorrectly decode AT_IDENTITY attribute. This leads to incorrect AT_MAC attribute calculation. MAC mismatch detected by supplicant and it refuses to continue EAP-SIM authentication. Please try to apply patch I've attache