I'd love to know that myself. It was my understanding also that
radeapclient could only do EAP-MD5. I'd desperately love to find a
command line peap or EAP-TTLS client.
On Tue, 25 Jan 2005 15:06:33 +0100 (CET), [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Ron Wahler schrieb:
There is a test
I've got freeradius setup to authenticate wireless clients with
PEAP/MSCHAP (to an Active Directory backend) and now I'm looking for a
way to test/monitor the radius server. Ideally, I'd like to do
something like radtest, but test either PEAP or at least the MSCHAP
authentication portion. Does
If you search the back archives for this list, I've posted configs for
a Cisco Access Point. Email me if you can't find them and I'll send
them to you.
On Jun 7, 2004, at 10:51 AM, Epp, Ladd J wrote:
If I set up my access point as a Wireless Domain Service, it can
communicate with the
I can verify that the latest CVS releases do indeed support PEAP and
Active directory. I'm using it now to authenticate users to our
Active Directory. All our users use PEAP using the supplicant built
into WinXP service Pack1 and Windows 2000 service pack 4.
For authenticating to Active
If you're gonna be using winbind then obviously you'll need Samba. :-)
You'll need to make sure you've got gcc and related toolchains. For
that, I recommend not doing a minimal install, but instead during the
installation select samba and select the group of packages for getting
gcc (I
the last one used?)?
Thanx for all your help.
Chris.
From: Bob McCormick [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: EAP-TLS and WEP key generation
Date: Mon, 24 May 2004 14:25:31 -0600
I honestly don't know, but I'd love to find out.
Three things I can think
Why not use public secure password forwarding?
Public Secure Packet Forwarding (PSPF) prevents client devices
associated to an access point from inadvertently sharing files or
communicating with other client devices associated to the access point.
It provides Internet access to client
Sounds like a client side problem. What supplicant are you using?
Are you using the one built into Win2k or WinXP? Both of those have
checkboxes to automatically use your machine name or your windows login
name. Make sure those aren't checked.
On May 24, 2004, at 10:33 AM, BLANCA FERRERO
idea?
bfr
- Mensaje original -
De: Bob McCormick [EMAIL PROTECTED]
Fecha: Lunes, Mayo 24, 2004 6:42 pm
Asunto: Re: peap user
Sounds like a client side problem. What supplicant are you
using?
Are you using the one built into Win2k or WinXP? Both of those
have
checkboxes to automatically use
I honestly don't know, but I'd love to find out.
Three things I can think of to try...
1) You should be able to specify a vlan for your cypher suite,
something like this encryption vlan mode 90 mode ciphers wep128 You
might see if that makes any difference
2) You could try using encryption
Errr.. That's because Freeradius doesn't have to. WPA is a combination
of 802.1x authentication, TKIP and MIC. TKIP and MIC need to be
supported by your AP and your client (supplicant), but the radius
server doesn't need to know anything about it. I've tested WPA with a
Cisco 1100 AP,
an MS-Word doc with screenshots for how to configure XP
for PEAP. I could post it to the list of you'd like?
On May 21, 2004, at 10:02 AM, Alan DeKok wrote:
Bob McCormick [EMAIL PROTECTED] wrote:
Errr.. That's because Freeradius doesn't have to. WPA is a
combination
of 802.1x authentication, TKIP
generation
Hi all
Thanx for all the info. I would certainly like to see your Word doc on
the
subject.
Yet another question.is there any advantage to using 802.1x + TKIP
+ MIC
instead of the config you helped me get working?
TIA
Chris.
From: Bob McCormick [EMAIL PROTECTED]
Reply
What kind of cipher suite did you configure on your AP? For a Cisco
AP, you should have something like this:
interface Dot11Radio0
no ip address
no ip route-cache
! # Require wep128 encryption
encryption mode ciphers wep128
! # rotate broadcast wep key every 10 minutes
around anyway.
It's a great way to look for rogue AP's, even if they have hidden
SSID's. The config snippets I sent you are from my Cisco 1100 AP, and
Kismac shows it's SSID as WEP encrypted.
Thanx again in advance
Chris Bradshaw
From: Bob McCormick [EMAIL PROTECTED]
Reply-To: [EMAIL
? Or is it the w2k supplicant which handles this? (in
case you missed it below I am using a NetGear WG511 card).
Thanx again in advance
Chris Bradshaw
From: Bob McCormick [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: EAP-TLS and WEP key generation
Date: Thu, 20 May
Here's a config template I use for Cisco 1120 AP's.Try this and see
if it works for you.
!#
! Basic config template for Cisco IOS Access Points
! 4/20/2004 - BDM - I've tested it with 1120's but should work with
1200's
.
http://www.esnet.com
813.301.2620 (o)
813.545.7373 (c)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bob
McCormick
Sent: Friday, April 23, 2004 2:26 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco 1100 AP and XP Client using tls (PEAP)
Here's a config
setting the
password
on my laptop thinking it may pull it from the windows account, but no
dice.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bob
McCormick
Sent: Friday, April 23, 2004 3:13 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco 1100 AP and XP
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bob
McCormick
Sent: Friday, April 23, 2004 3:25 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco 1100 AP and XP Client using tls (PEAP)
WinXP doesn't pop up a dialog box asking for your username and
password?
On Apr 23, 2004, at 2:22 PM, Clayton
If your not getting an IP it's still not working... The only times
I've had that problem it was because I wasn't actually getting
authenticated. For some reason stupid XP and 2k will sometimes still
say your connected. I don't know why.
On Apr 23, 2004, at 3:59 PM, Clayton Dukes wrote:
...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bob
McCormick
Sent: Friday, April 23, 2004 5:10 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco 1100 AP and XP Client using tls (PEAP)
If your not getting an IP it's still not working... The only times
I've had
If it's working you should get something like this at the end of the
debugs:
modcall: group authenticate returns ok for request 8
Sending Access-Accept of id 47 to 10.140.24.12:21666
Session-Timeout := 300
MS-MPPE-Recv-Key =
client certificate A
Did I screw up the certificates?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bob
McCormick
Sent: Friday, April 23, 2004 5:40 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco 1100 AP and XP Client using tls (PEAP)
If it's working you
Thanks man! That helps me out a lot!
On Apr 15, 2004, at 5:54 PM, Steve OBrien wrote:
Is it easy convert? I did a google search to find out about
converting IIS certificates to Apache and all the results I got back
made it sound like rocket science.
The documentation on it is not very good,
Will isdn disconnect line work?
On Apr 16, 2004, at 9:01 AM, Lisa Casey wrote:
Hi Folks,
I know this is off topic, and hope I don't get flamed for it but I have
looked for an answer to this to no avail and I know there must be some
Cisco
AS5200 users on this list.
How does one disconnect an
Has anyone on this list purchased an SSL certificate from a Certificate
Authority (like Thawte or Verisign) for doing PEAP or EAP-TTLS?
The scripts that come with Freeradius for generating a self-signed
certificate include a special ExtendedKeyUsage attribute. I'm
wondering how hard it'll be
. The
scripts in the Freeradius source distribution that generate a self
signed cert include the attribute during the signing phase.
On Apr 15, 2004, at 3:23 PM, Michael Griego wrote:
On Thu, 2004-04-15 at 15:27, Bob McCormick wrote:
Verisign has a special form for getting WLAN
Certificates
authentication either to my other freeradius
test server, or to my Microsoft IAS server (which was the real point).
Now I'm gonna try and add LEAP and TTLS.
Thanks for all your help man! You rock!
On Apr 14, 2004, at 9:46 AM, Alan DeKok wrote:
Bob McCormick [EMAIL PROTECTED] wrote:
If I include
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 1 with timestamp 407c0d31
Nothing to do. Sleeping until we see a request.
On Apr 12, 2004, at 2:38 PM, Alan DeKok wrote:
Bob McCormick [EMAIL PROTECTED] wrote:
I read
to follow your advice
actually and keep the config as simple as I can).
On Apr 13, 2004, at 1:32 PM, Alan DeKok wrote:
Bob McCormick [EMAIL PROTECTED] wrote:
Hmmm.. I must be doing something wrong. With this config in the
users file:
DEFAULT Proxy-To-Realm := adt.com
Fall-Through = Yes
I read the post quoted below, and it seemed to indicate that it should
be possible to get freeradius to handle PEAP or TTLS, and proxy the
inner MSCHAP request to another radius server. Has anyone ever got
this to work? I've tried, but I keep getting the following error
message:
WARNING:
32 matches
Mail list logo