It's possible that this is my laptop that is causing this and not the
Wireless AP or FreeRadius but I thought I would ask because my laptop
doesn't do this on WPA-PSK on my home setup.
Using Windows supplicant, clearly connects using PEAP and am given an IP
address via LAN DHCP server.
If I try
Trying both TLS and TTLS on Macintosh OS X 10.5.5
certificates seem to be fine on both Windows and Macintosh using the
ca.der and caclient.p12 (using Ivan's newer script for generating) for
TLS
Below is radiusd -X log with one failed attempt and it just seems as if
the eap challenges go out but
On Mon, 2009-04-13 at 22:20 +0100, Ivan Kalik wrote:
using the ca.der and caclient.p12 (using Ivan's newer script for
generating) for TLS
That was for 2.0.5. 2.1.x has updated Makefile by default.
it didn't have the various caclient generation stuff
-
Below is radiusd -X log with
On Mon, 2009-04-13 at 22:20 +0100, Ivan Kalik wrote:
using the ca.der and caclient.p12 (using Ivan's newer script for
generating) for TLS
That was for 2.0.5. 2.1.x has updated Makefile by default.
Below is radiusd -X log with one failed attempt and it just seems as if the
eap challenges
On Wed, 2009-01-28 at 09:27 +0100, Alan DeKok wrote:
Craig White wrote:
I was complaining about it a few weeks ago (all my systems have been
upgraded to SP3) and I was made to feel that it was just me.
The first reporter of an issue often gets told it works for everyone
else
On Tue, 2009-01-27 at 21:08 -0500, Josh Hiner wrote:
On Tue, 2009-01-27 at 23:05 +0100, t...@kalik.net wrote:
Yes the cert is there, does report the correct oid etc.. etc.. Attached
is the client certificate I am using. I even went into the configuration
and made it so XP asks me to select
On Wed, 2009-01-21 at 13:58 +0900, saman saman wrote:
radiusd: Opening IP addresses and Ports
listen {
type = auth
ipaddr = 192.168.0.10
port = 1812
}
Listening on authentication address 192.168.0.10 port 1812
Listening on proxy address 192.168.0.10 port
On Tue, 2009-01-13 at 11:46 -0500, John Dennis wrote:
Brian Ertel wrote:
John,
You are right, but the dir where the old radius was make installed is
gone. That is the original folder that was created after unzipping and
installing the old ver. Of radius is gone. Is there anything else
On Tue, 2009-01-13 at 13:33 -0500, John Dennis wrote:
Craig White wrote:
On Tue, 2009-01-13 at 11:46 -0500, John Dennis wrote:
Brian Ertel wrote:
John,
You are right, but the dir where the old radius was make installed is
gone. That is the original folder
On Tue, 2009-01-13 at 16:38 -0500, Brian Ertel wrote:
Oh, and should I include the /i386 dir and the i386.rpm suffix like:
rpm -Uhv /usr/src/redhat/RPMS/i386/freeradius-2.1.3-1.i386.rpm
/usr/src/redhat/RPMS/i386/freeradius-libs-2.1.3-1.i386.rpm
suggestion...make life easy on yourself
http://wiki.freeradius.org/Red_Hat_FAQ
nice wiki
On Fri, 2009-01-09 at 14:21 -0500, Brian Ertel wrote:
Alan,
I am running CentOS 5.
Thanks,
Brian
-Original Message-
From: freeradius-users-bounces+bsertel=amherst@lists.freeradius.org on
behalf of Alan DeKok
Sent:
and
freeradius-openssl-dev rpm?
Thanks,
Brian
-Original Message-
From: freeradius-users-bounces+bsertel=amherst@lists.freeradius.org on
behalf of Craig White
Sent: Fri 1/9/2009 2:41 PM
To: freeradius-users@lists.freeradius.org
Subject: RE: eap/tls freeradius openssl
still a few issues so I upgraded to 2.1.1 and in debug mode (and I have
enabled ldap), I see this...
[ldap] checking if remote access for $SOME_USER is allowed by uid
[ldap] looking for check items in directory...
rlm_ldap: sambaNtPassword - NT-Password == 0x...
rlm_ldap: sambaLmPassword -
freeradius-2.1.1-2 (rebuild SRPM from Fedora on CentOS 5)
followed instructions in certs/README perfectly - so I believe.
server certs seem fine but generated client cert in Windows shows
Windows does not have enough information to verify and yes, I have
loaded the 'ca.der' file generated by the
On Thu, 2008-12-11 at 01:13 +0100, [EMAIL PROTECTED] wrote:
freeradius-2.1.1-2 (rebuild SRPM from Fedora on CentOS 5)
followed instructions in certs/README perfectly - so I believe.
server certs seem fine but generated client cert in Windows shows
Windows does not have enough information
On Wed, 2008-12-10 at 19:32 -0500, Jason Wittlin-Cohen wrote:
server certs seem fine but generated client cert in Windows shows
Windows does not have enough information to verify and yes, I have
loaded the 'ca.der' file generated by the instructions on the Windows
client and that installs in
On Thu, 2008-12-11 at 01:49 +0100, [EMAIL PROTECTED] wrote:
I only re-generated the 'client' certificate but in doing a diff, it
appears that every level of cert generation has changed...do I have to
start over?
You should. Original Makefile was creating ca certificate that was valid
only
On Wed, 2008-12-10 at 19:51 -0500, Jason Wittlin-Cohen wrote:
Craig,
Apparently Windows automatically sends non-CA certificates in DER or
PEM format to the Other People' certificate store. More importantly,
the wireless supplicant in Windows XP \will not work with PEM or DER
formatted
On Wed, 2008-12-10 at 21:36 -0500, Jason Wittlin-Cohen wrote:
Craig,
Have you tried authenticating with the same certificate from a
different computer, or using a different supplicant? The XP supplicant
is pretty awful. If you have an Intel card, you can download the Intel
PROset software
freeradius-1.1.3-1.2.el5
LDAP authentication (OpenLDAP)
I am mostly working now but I do get failures if a user has the Windows
Domain set to any value at all which of course means that the
authentication is passed as DOMAIN\user and I want it to strip out the
DOMAIN\ part and just keep the user
Not sure that it's the right place but I was able to hack 'hints' file
to handle this
Craig
On Sat, 2008-12-06 at 12:07 -0700, Craig White wrote:
freeradius-1.1.3-1.2.el5
LDAP authentication (OpenLDAP)
I am mostly working now but I do get failures if a user has the Windows
Domain set
I've been working on this on/off for 2 weeks now and I'm confused.
I found on this Windows laptop I've been playing with that I can't
connect via the built-in Windows XP SP3 supplicant but one connection I
can make is using the Intel ProSet (it's a 2100) but the only way that
I've been able to
Sorry for the noise but this is actually related to my struggles with
FreeRadius
I am using FreeRadius and authenticating Windows RAS users (PPTP)
Macintosh users via the same Windows RAS server using PPTP or L2TP,
Macintosh WAP clients and iPhone clients without a problem.
I am struggling with
On Tue, 2008-11-25 at 10:06 +0100, Alan DeKok wrote:
Craig White wrote:
I realize that freeradius has little control over the supplicant but I'm
wondering if it's something in my setup of tls that the authentication
should/shouldn't be part of the tunnel because it just assumes a login
please excuse me if this isn't entirely related to freeradius but it's
all about getting WindowsXP laptops to my wireless network with
freeradius and 8021.x
I see that there is certificate failures and am thinking that I need to
clean this up
up until now, server2 is my ca and I have used that
On Sun, 2008-11-23 at 02:59 -0600, Alan DeKok wrote:
Craig White wrote:
OK - that quiets the notification but I still can't figure out the issue
where I can authenticate RRAS, Macintosh and iPod clients against radius
via LDAP using mschapv2 but even with the certificates on Windows XP
On Sun, 2008-11-23 at 00:24 +0100, [EMAIL PROTECTED] wrote:
I don't understand the message about unknown_ca in the log below either
because I am acting as my own CA and this same cacert.pem seems to be
happy on the Windows system I imported it on and I've been using it for
a bunch of other
freeradius-1.1.3-1.2.el5
I am authenticating Windows RRAS connections, Macintosh wifi, iPhone
wifi all with LDAP and mschapv2 (using sambaNTPassword hashes in
OpenLDAP)
My users basically consists of...
DEFAULT Auth-Type = LDAP
eap.conf
default_eap_type = mschapv2
and of course my
On Sun, 2008-11-16 at 07:55 +0100, Alan DeKok wrote:
Craig White wrote:
freeradius newbie here...not sure where I went wrong and someone
probably can figure this out in a second.
You edited the default configuration files and broke it.
CentOS 5 (freeradius-1.1.3-1.2.el5) still using
craigwhite
craigwhite:x:1013:1000:Craig White:/home/users/craigwhite:/bin/sh
# radtest craigwhite MY_PASSWORD MY_RADIUS_SERVER 0 whatever
and on the radius server running 'radiusd -X -f'
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812 Listening on accounting *:1813
Ready
On Sun, 2008-11-16 at 09:45 -0700, Craig White wrote:
I am trying to use mschap and the following is logged suggesting that
ldap authorize succeeds but unix authorize fails but the passwords are
the same (aside from the fact that samba hashes the password). I can ssh
into the radius server
freeradius newbie here...not sure where I went wrong and someone
probably can figure this out in a second.
New installation, following guide @ tldp and another ldap guide but I
don't think the ldap is the problem here. Not knowing what is
significant, I'll just give the whole output.
CentOS 5
32 matches
Mail list logo