=westfield.ma@lists.freeradius.org
[mailto:freeradius-users-bounces+tomc=westfield.ma@lists.freeradius.org] On
Behalf Of Alan DeKok
Sent: Sunday, September 02, 2012 2:52 AM
To: FreeRadius users mailing list
Subject: Re: Apple clients suddenly can't authenticate to EAP-MSCHAPV2
Casartello
@lists.freeradius.org
[mailto:freeradius-users-bounces+tomc=westfield.ma@lists.freeradius.org] On
Behalf Of Casartello, Thomas
Sent: Sunday, September 02, 2012 10:15 AM
To: FreeRadius users mailing list
Subject: RE: Apple clients suddenly can't authenticate to EAP-MSCHAPV2
Thanks for the response
@lists.freeradius.org
[mailto:freeradius-users-bounces+tomc=westfield.ma@lists.freeradius.org] On
Behalf Of Alan DeKok
Sent: Sunday, September 02, 2012 2:52 AM
To: FreeRadius users mailing list
Subject: Re: Apple clients suddenly can't authenticate to EAP-MSCHAPV2
Casartello, Thomas wrote:
Having a bizarre
Having a bizarre problem that started due to someone in my department deleting
the samba computer account for my freeradius machine. I recreated it and for a
time everything went back to normal, but later that afternoon all of my apple
clients can simply not connect to our 802.1x enabled
Information Technology
Wilson 105A
Westfield State University
-Original Message-
From: freeradius-users-bounces+tcasartello=wsc.ma@lists.freeradius.org
[mailto:freeradius-users-bounces+tcasartello=wsc.ma@lists.freeradius.org]
On Behalf Of Casartello, Thomas
Sent: Saturday, April 16, 2011
=wsc.ma@lists.freeradius.org]
On Behalf Of Phil Mayers
Sent: Saturday, April 16, 2011 5:36 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: WildCard/Subject Alternative Names Cert Question
On 04/16/2011 02:42 AM, Casartello, Thomas wrote:
When you say client EAP tracing do you mean
Hello.
I have a FreeRADIUS setup using PEAP/MSCHAPv2 to authenticate wireless clients
against an Active Directory environment. We've recently purchased a new
wildcard certificate from DigiCert for our organization. The RADIUS server is
not covered by the wildcard common name on the
, Casartello, Thomas wrote:
whatnot.) Should this kind of a cert work, or does 802.1x/PEAP/mschapv2
not support validating by subject alternative names.
This isn't really a FreeRADIUS question; it's down to the supplicant to
permit or deny the cert.
Anyway... Section 3.2.7.1 of MS-WSH says
=wsc.ma@lists.freeradius.org]
On Behalf Of Alan DeKok
Sent: Thursday, January 13, 2011 3:24 AM
To: FreeRadius users mailing list
Subject: Re: samba 3.0.33
Casartello, Thomas wrote:
I've got it working somewhat. It works for a while and then stops working.
When I restart smb and winbind
@lists.freeradius.org]
On Behalf Of Phil Mayers
Sent: Wednesday, January 12, 2011 5:12 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: samba 3.0.33
On 01/11/2011 10:13 PM, Casartello, Thomas wrote:
Does the samba 3x RHEL RPM already have that patch installed? That's
exactly what I was running
Of Casartello, Thomas
Sent: Wednesday, January 12, 2011 4:10 PM
To: freeradius-users@lists.freeradius.org
Subject: RE: samba 3.0.33
In your config file what are you using for an ntlm_auth command? This is what
I'm using
ntlm_auth = /usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name
:11 AM, Casartello, Thomas wrote:
Has anyone gotten freeradius EAP-MSCHAPV2 authentication to work
properly in samba versions beyond 3.0.30? On samba 3.3.8 I still get the
Yes. We run the samba3x RHEL RPM, which is a version of 3.3.8 with patches.
The specific fix you need is:
https
Has anyone gotten freeradius EAP-MSCHAPV2 authentication to work properly in
samba versions beyond 3.0.30? On samba 3.3.8 I still get the same type of error
I'd get as if I didn't have the xpextensions on my cert (Even though I do.) No
response to access-challenge. If I go back to 3.0.30 it
3.5.2. It's something to do with
winbind, but I have not nailed it down on my installation yet.
Sent via Verizon Wireless
-Original Message-
From: Casartello, Thomas tcasarte...@wsc.ma.edu
Date: Wed, 2 Jun 2010 08:28:23
To: 'FreeRadius users mailing list'freeradius-users
I've been having the same problem lately. Restarting the smbd, winbind, and
radius services does not solve the problem, only rebooting.
Thomas E. Casartello, Jr.
Staff Assistant - Wireless/Linux Administrator
Information Technology
Wilson 105A
Westfield State College
-Original Message-
I've noticed recently that my PEAP/mschapv2 for my wireless network will
randomly stop working and I have to reboot the server freeradius is running
on. Don't ask me why this is working, but restarting the daemons won't fix
it. Once I reboot everything works fine for a few days and then happens
Just had this same problem myself. Oddly enough with Fedora, the
samba-common package is all that will be installed as a dependency and it
does not include the regular samba services. I could start winbind and even
do ntlm_auth requests, but I was essentially having this same issue where it
would
You're absolutely right. My apologies. It is the :- I read the errors wrong.
It is the module that's causing it. Sorry to disturb everyone with this,
that explains why the unlang man page was confusing me.
Thomas E. Casartello, Jr.
Staff Assistant - Wireless/Linux Administrator
Information
Message-
From: freeradius-users-bounces+tcasartello=wsc.ma@lists.freeradius.org
[mailto:freeradius-users-bounces+tcasartello=wsc.ma@lists.freeradius.org
] On Behalf Of Casartello, Thomas
Sent: Sunday, November 29, 2009 7:03 PM
To: FreeRadius users mailing list
Subject: RE: := Condition
I've been getting the message about the := condition being deprecated soon.
I was wondering if there's going to be another alternative way to accomplish
the following:
In my users file I have this:
DEFAULT Airespace-Wlan-Id == 3, Auth-Type := ldap
DEFAULT
Essentially what this
Did anyone ever find out if the samba guys fixed the problem with ntlm_auth
returning the NT_KEY that was causing XP's 802.1x client to barf?
Thomas E. Casartello, Jr.
Staff Assistant - Wireless Technician/Linux Administrator
Information Technology
Wilson 105A
Westfield State College
Yeah that's got to be it. Fedora 8 uses 3.0.34 while fedora 10 uses 3.2.8.
I'll have to try it with the old version of samba. I'll post back if it
works.
Thomas E. Casartello, Jr.
Staff Assistant - Wireless Technician/Linux Administrator
Information Technology
Wilson 105A
Westfield State College
Ok I can confirm it now. I went back to samba 3.0.34 on my Fedora 10 machine
and it now works. It's definitely a samba 3.2 issue.
Thomas E. Casartello, Jr.
Staff Assistant - Wireless Technician/Linux Administrator
Information Technology
Wilson 105A
Westfield State College
Red Hat Certified
Both Fedora 9 and 10. Fedora jumped up to the samba 3.2 line with version 9.
If you want it to work in 9 or 10 you have to use an older version of samba.
Thomas E. Casartello, Jr.
Staff Assistant - Wireless Technician/Linux Administrator
Information Technology
Wilson 105A
Westfield State College
I have exactly the same problem with Fedora 9 and 10 only. It works
perfectly fine in Fedora 8 with the exact same configuration. I have spent
hours trying to fix this, and could not figure it out.
Thomas E. Casartello, Jr.
Staff Assistant - Wireless Technician/Linux Administrator
Information
I've tried to find something on the past posts on this list about this. I think
I found what the problem is but was unable to find a solution. I'm trying to
make it so I can authenticate machines using the computer name. I know I need
to set the ntlm_auth command correctly but I couldn't find
just above the ntlm_auth
line?
Ivan Kalik
Kalik Informatika ISP
Dana 17/10/2008, Casartello, Thomas [EMAIL PROTECTED] piše:
I've tried to find something on the past posts on this list about this. I
think I found what the problem is but was unable to find a solution. I'm
trying to make it so I
Figured it out by looking at an old radius.confhad to change user-name to
mschap-user-name
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Casartello,
Thomas
Sent: Friday, October 17, 2008 9:42 AM
To: 'FreeRadius users mailing list'
Subject: RE
Vos
Sent: Wednesday, October 15, 2008 3:36 PM
To: FreeRadius users mailing list
Subject: Re: GCC
On Wed, Oct 15, 2008 at 09:22:34PM +0200, Alan DeKok wrote:
Casartello, Thomas wrote:
I’ve never
been able to get freeradius working quite right in Fedora 9 and I was
wondering if it’s because
Are there any known issues with Free RADIUS and GCC 4.3.0+? I've never been
able to get freeradius working quite right in Fedora 9 and I was wondering if
it's because of the new GCC version.
Thomas E. Casartello, Jr.
Wireless Network Technician
Linux Specialist
Information Technology
Westfield
Department of Information Technology
Westfield State College
Wilson 105-A
(413) 572-8245
E-Mail: [EMAIL PROTECTED]
Red Hat Certified Technician (RHCT)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Casartello,
Thomas
Sent: Monday, September 15, 2008 2:00 PM
Technology
Westfield State College
Wilson 105-A
(413) 572-8245
E-Mail: [EMAIL PROTECTED]
Red Hat Certified Technician (RHCT)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Casartello,
Thomas
Sent: Wednesday, September 17, 2008 9:53 AM
To: 'FreeRadius users
of Information Technology
Westfield State College
Wilson 105-A
(413) 572-8245
E-Mail: [EMAIL PROTECTED]
Red Hat Certified Technician (RHCT)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Casartello,
Thomas
Sent: Wednesday, September 17, 2008 12:52 PM
SELinux is disabled.
Thomas E. Casartello, Jr.
Infrastructure Technician
Linux Specialist
Department of Information Technology
Westfield State College
Wilson 105-A
(413) 572-8245
E-Mail: [EMAIL PROTECTED]
Red Hat Certified Technician (RHCT)
-Original Message-
From: [EMAIL PROTECTED]
stream?
On Wed, Sep 17, 2008 at 2:04 PM, Casartello, Thomas [EMAIL
PROTECTED]mailto:[EMAIL PROTECTED] wrote:
Ok this is very bizarre. It appears what's really happening is that when I
change the IP address and then reset the interface, I can authenticate
successfully, then shortly after if I try
DeKok
Sent: Friday, May 30, 2008 1:41 AM
To: FreeRadius users mailing list
Subject: Re: XP Extensions for PEAP/MSCHAPv2
Casartello, Thomas wrote:
I have everything working, but I believe I’ve hit the problem with the
OIDs windows needs for the SSL cert. I generated a key with openssl and
a req
of Information Technology
Westfield State College
Wilson 105-A
(413) 572-8245
E-Mail: [EMAIL PROTECTED]
Red Hat Certified Technician (RHCT)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Casartello,
Thomas
Sent: Friday, May 30, 2008 10:15 AM
To: FreeRadius users
Westfield State College
Wilson 105-A
(413) 572-8245
E-Mail: [EMAIL PROTECTED]
Red Hat Certified Technician (RHCT)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Casartello,
Thomas
Sent: Friday, May 30, 2008 10:24 AM
To: FreeRadius users mailing list
are not the problem. There is MSCHAP Success there which
means that this is inner-tunnel stuff.
Do ordinary mschap requests work?
Ivan Kalik
Kalik Informatika ISP
Dana 30/5/2008, Casartello, Thomas [EMAIL PROTECTED] piše:
Here's a snippet of the debug..
radius_xlat: '--username=tcasartello
that this is inner-tunnel stuff.
Do ordinary mschap requests work?
Ivan Kalik
Kalik Informatika ISP
Dana 30/5/2008, Casartello, Thomas [EMAIL PROTECTED] piše:
Here's a snippet of the debug..
radius_xlat: '--username=tcasartello'
radius_xlat: Running registered xlat function of module mschap
: RE: XP Extensions for PEAP/MSCHAPv2
Certificates are not the problem. There is MSCHAP Success there which
means that this is inner-tunnel stuff.
Do ordinary mschap requests work?
Ivan Kalik
Kalik Informatika ISP
Dana 30/5/2008, Casartello, Thomas [EMAIL PROTECTED] piše:
Here's a snippet
It did it in both. I compiled without compiler optimization so I didn't
have the port listening issue.
Thomas E. Casartello, Jr.
Infrastructure Technician
Linux Specialist
Department of Information Technology
Westfield State College
Wilson 105-A
(413) 572-8245
E-Mail: [EMAIL PROTECTED]
Red Hat
I have everything working, but I believe I've hit the problem with the
OIDs windows needs for the SSL cert. I generated a key with openssl and
a req and I actually have a real cert assigned for the server. How do I
go about modifying my key and cert so that XP users will be able to
connect? I can
.
Infrastructure Technician
Linux Specialist
Department of Information Technology
Westfield State College
Wilson 105-A
(413) 572-8245
E-Mail: [EMAIL PROTECTED]
Red Hat Certified Technician (RHCT)
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
.org] On Behalf Of Casartello, Thomas
Sent: Thursday
I'm getting one more error in converting from freeradius 1.1.7.
It's griping about this line in my users file:
DEFAULT NAS-IP-Address == 207.159.169.61, Autz-Type := WSC-DIALUP
/usr/local/etc/raddb/users[134]: Parse error (check) for entry DEFAULT:
Unknown value WSC-DIALUP for attribute
Yeah I just compiled without optimization and its working fine now.
Thomas E. Casartello, Jr.
Infrastructure Technician
Linux Specialist
Department of Information Technology
Westfield State College
Wilson 105-A
(413) 572-8245
E-Mail: [EMAIL PROTECTED]
Red Hat Certified Technician (RHCT)
, Casartello, Thomas [EMAIL PROTECTED] piše:
I'm getting one more error in converting from freeradius 1.1.7.
It's griping about this line in my users file:
DEFAULT NAS-IP-Address == 207.159.169.61, Autz-Type := WSC-DIALUP
/usr/local/etc/raddb/users[134]: Parse error (check) for entry DEFAULT:
Unknown
I just upgraded by FreeRADIUS server from the version 1 to version 2
family. I have the listen {} statements configured as follows:
radiusd: Opening IP addresses and Ports
listen {
type = auth
ipaddr = *
port = 1812
}
listen {
type = acct
:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
.org] On Behalf Of Casartello, Thomas
Sent: Thursday, May 15, 2008 1:16 PM
To: freeradius-users@lists.freeradius.org
Subject: FreeRADIUS 2 not listening on right port
I just upgraded by FreeRADIUS server from the version 1 to version 2
family. I have
: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Casartello,
Thomas
Sent: Thursday, May 15, 2008 12:31 PM
To: FreeRadius users mailing list
Subject: RE: FreeRADIUS 2 not listening on right port
Compiling from source did NOT solve the problem.
Thomas E. Casartello, Jr.
Infrastructure
*?
-Original Message-
From: freeradius-users-
[EMAIL PROTECTED] [mailto:freeradius-
[EMAIL PROTECTED] On Behalf Of
Casartello, Thomas
Sent: Thursday, May 15, 2008 12:44 PM
To: FreeRadius users mailing list
Subject: RE: FreeRADIUS 2 not listening on right port
No I am not doing any
Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
.org] On Behalf Of Alan DeKok
Sent: Thursday, May 15, 2008 2:16 PM
To: FreeRadius users mailing list
Subject: Re: FreeRADIUS 2 not listening on right port
Casartello, Thomas wrote:
Compiling from source did NOT solve the problem
Technician (RHCT)
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
.org] On Behalf Of Alan DeKok
Sent: Thursday, May 15, 2008 2:16 PM
To: FreeRadius users mailing list
Subject: Re: FreeRADIUS 2 not listening on right port
Casartello, Thomas wrote:
Compiling from
Technician (RHCT)
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
.org] On Behalf Of Alan DeKok
Sent: Thursday, May 15, 2008 3:32 PM
To: FreeRadius users mailing list
Subject: Re: FreeRADIUS 2 not listening on right port
Casartello, Thomas wrote:
I tried hardcoding them
Install the freeradius rpm or install from source. It basically binds to
a random port no matter what you do in the config files. Freeradius
1.1.7 works fine in Fedora 9. I'm going to try using 2.0.4 on Fedora 8
box.
Thomas E. Casartello, Jr.
Infrastructure Technician
Linux Specialist
Department
Fedora 9 did do a pretty big gcc version jump. Fedora 8 used 4.1.2,
while 9 uses 4.3.0. BTW I tested it in Fedora 8 and it worked fine, so
it's definitely a 9 issue.
Thomas E. Casartello, Jr.
Infrastructure Technician
Linux Specialist
Department of Information Technology
Westfield State College
of the specific FC9 freeradius package be aware
of this critical issue ?
I guess a newer release is for very soon.
Casartello, Thomas a écrit :
Fedora 9 did do a pretty big gcc version jump. Fedora 8 used 4.1.2,
while 9 uses 4.3.0. BTW I tested it in Fedora 8 and it worked fine, so
it's definitely a 9
57 matches
Mail list logo
