Re: Need help: login incorrect with FR 2.2.1

On Fri, May 17, 2013 at 2:09 AM, Wang, Yu wrote: > > Hello, > > > > I upgraded FR from 2.1.10 to 2.2.1. Everything went well except about 25% of > our wireless users cannot authenticate after the upgrade. The backend > authentication server is Active Directory and we use ntlm_auth from winbind

Re: Any One-Time password system.

On Thu, May 16, 2013 at 11:18 AM, Phil Mayers wrote: > On 16/05/13 15:45, Sergii Bieliaievskyi wrote: > >> >> >> >> 2013/5/16 Phil Mayers > > >> >> >> No. >> >> MPPE requires encryption keys. These can be generated by whatever >> auth method. >> >>

Re: Any One-Time password system.

On 16/05/13 15:45, Sergii Bieliaievskyi wrote: 2013/5/16 Phil Mayers mailto:p.may...@imperial.ac.uk>> No. MPPE requires encryption keys. These can be generated by whatever auth method. If you use plain MSCHAP, MSCHAP generates them. Can you provide more information how can

Re: Any One-Time password system.

PPTP is broken [1]. OpenVPN (for which there are clients for Android, iPhone, MacOS, Linux, Windows) is not. OpenVPN will use TLS certificates as well as other centrally managed authentication based systems (e.g. Radius, MOTP, maybe Google Authenticator?) to authenticate and authorize. There are lo

Re: Any One-Time password system.

2013/5/16 Phil Mayers > No. > > MPPE requires encryption keys. These can be generated by whatever auth > method. > > If you use plain MSCHAP, MSCHAP generates them. > Can you provide more information how can i do that? Or where can i read about that? Thnx. -- -- P

Re: Problem with PAP autentification on freeradius-3.0.0

BALSIANOK, Peter wrote: > I have problem with PAP autentification on freeradius-3.0.0, but on > freeradius-2.2.1 everythink works correct. Could you please help me, thx. Test cases are wonderful, thanks. Do a "git pull". It's fixed. See changes to src/lib/base64.c. Alan DeKok. - List inf

Re: Any One-Time password system.

2013/5/16 Arran Cudbard-Bell > What are you actually trying to use this with? > > 802.1X/WPA2-Enterprise or for VPN authentication. > VPN authentication. And it should be multiplatform VPN. PPTP is supported by almost every vendors. I can establish PPTP connection from iPhone, Android,Linux, Mac

Re: Any One-Time password system.

2013/5/16 Alan DeKok > Sergii Bieliaievskyi wrote: > > But only ms-chap supports data encryption. I want to use OTP and MPPE > > simulteniosly. But MPPE without ms-chap cann`t exist. Am I right? > > Yes. > > So OTP is useless I donn`t need system with strong password and unencrypted data tr

Re: Basic question to authenticate switches and Linux boxes

Roberto Carna wrote: > Dear, sorry for my confusion...I need to do te following: > > 1) Autehnticate and authorize users accesing switches through TELNET > and/or HTTP > 2) Authenticate and authorize users accesing Linux servers through SSH You're about 2 steps removed from RADIUS. First, fi

Re: Any One-Time password system.

Sergii Bieliaievskyi wrote: > I want to change my security strategy. I think you're taking the wrong approach. You don't get security by using a bunch of "security" software. You get security by understanding the risks, and working to minimize them. > It would be better to user two step veri

Re: Any One-Time password system.

On 16 May 2013, at 09:27, Sergii Bieliaievskyi wrote: > > 2013/5/16 Alan DeKok > Sergii Bieliaievskyi wrote: > > This is so frustrating :( > > How it can be possible to do strong security using reliable passwords > > and to have no encryption in the same time. > > I think you misunderstand

Re: Any One-Time password system.

On 16/05/13 14:27, Sergii Bieliaievskyi wrote: 2013/5/16 Alan DeKok mailto:al...@deployingradius.com>> Sergii Bieliaievskyi wrote: > This is so frustrating :( > How it can be possible to do strong security using reliable passwords > and to have no encryption in the same time.

Re: Any One-Time password system.

Sergii Bieliaievskyi wrote: > But only ms-chap supports data encryption. I want to use OTP and MPPE > simulteniosly. But MPPE without ms-chap cann`t exist. Am I right? Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Any One-Time password system.

I want to change my security strategy. It would be better to user two step verification by google. There is google-authenticator (http://code.google.com/p/google-authenticator/) but it checks users in local database /etc/passwd and so on. How should I synchronize my unix box with corporate google a

Problem with PAP autentification on freeradius-3.0.0

Hi, I have problem with PAP autentification on freeradius-3.0.0, but on freeradius-2.2.1 everythink works correct. Could you please help me, thx. Debug output for freeradius-3.0.0: radiusd@tdrad1test:/storage/app/radius/raddb/auth-new$ /storage/app/radius/freeradius-3.0.0/sbin/radiusd -X -d /s

Re: Any One-Time password system.

2013/5/16 Alan DeKok > Sergii Bieliaievskyi wrote: > > This is so frustrating :( > > How it can be possible to do strong security using reliable passwords > > and to have no encryption in the same time. > > I think you misunderstand the issues. > > OTP passwords were created so that it doesn'

Re: Any One-Time password system.

On 16/05/13 13:44, Sergii Bieliaievskyi wrote: This is so frustrating :( How it can be possible to do strong security using reliable passwords and to have no encryption in the same time. Because the protocols are old, and badly designed, but are widely deployed because the vendor (Microsoft) h

Re: Any One-Time password system.

Sergii Bieliaievskyi wrote: > This is so frustrating :( > How it can be possible to do strong security using reliable passwords > and to have no encryption in the same time. I think you misunderstand the issues. OTP passwords were created so that it doesn't *require* that the password be hid

Re: Any One-Time password system.

This is so frustrating :( How it can be possible to do strong security using reliable passwords and to have no encryption in the same time. 2013/5/16 Thomas Glanzmann > Hello Sergii, > > > Is it possible to use OTP with ms-chap authorization? > > no, it is _not_. > > Cheers, > Thomas >

Re: Any One-Time password system.

Hello Sergii, > Is it possible to use OTP with ms-chap authorization? no, it is _not_. Cheers, Thomas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html