[OT (possibly)] problem with WinXP SP3 connecting, reconnecting

2009-04-22 Thread Craig White
It's possible that this is my laptop that is causing this and not the Wireless AP or FreeRadius but I thought I would ask because my laptop doesn't do this on WPA-PSK on my home setup. Using Windows supplicant, clearly connects using PEAP and am given an IP address via LAN DHCP server. If I try

eap issues

2009-04-13 Thread Craig White
Trying both TLS and TTLS on Macintosh OS X 10.5.5 certificates seem to be fine on both Windows and Macintosh using the ca.der and caclient.p12 (using Ivan's newer script for generating) for TLS Below is radiusd -X log with one failed attempt and it just seems as if the eap challenges go out but

RE: eap issues

2009-04-13 Thread Craig White
On Mon, 2009-04-13 at 22:20 +0100, Ivan Kalik wrote: using the ca.der and caclient.p12 (using Ivan's newer script for generating) for TLS That was for 2.0.5. 2.1.x has updated Makefile by default. it didn't have the various caclient generation stuff - Below is radiusd -X log with

RE: eap issues

2009-04-13 Thread Craig White
On Mon, 2009-04-13 at 22:20 +0100, Ivan Kalik wrote: using the ca.der and caclient.p12 (using Ivan's newer script for generating) for TLS That was for 2.0.5. 2.1.x has updated Makefile by default. Below is radiusd -X log with one failed attempt and it just seems as if the eap challenges

Re: [ Re: eap-ttls failing]

2009-01-28 Thread Craig White
On Wed, 2009-01-28 at 09:27 +0100, Alan DeKok wrote: Craig White wrote: I was complaining about it a few weeks ago (all my systems have been upgraded to SP3) and I was made to feel that it was just me. The first reporter of an issue often gets told it works for everyone else

Re: [ Re: eap-ttls failing]

2009-01-27 Thread Craig White
On Tue, 2009-01-27 at 21:08 -0500, Josh Hiner wrote: On Tue, 2009-01-27 at 23:05 +0100, t...@kalik.net wrote: Yes the cert is there, does report the correct oid etc.. etc.. Attached is the client certificate I am using. I even went into the configuration and made it so XP asks me to select

Re: Radius server log not response

2009-01-20 Thread Craig White
On Wed, 2009-01-21 at 13:58 +0900, saman saman wrote: radiusd: Opening IP addresses and Ports listen { type = auth ipaddr = 192.168.0.10 port = 1812 } Listening on authentication address 192.168.0.10 port 1812 Listening on proxy address 192.168.0.10 port

Re: eap/tls freeradius openssl

2009-01-13 Thread Craig White
On Tue, 2009-01-13 at 11:46 -0500, John Dennis wrote: Brian Ertel wrote: John, You are right, but the dir where the old radius was make installed is gone. That is the original folder that was created after unzipping and installing the old ver. Of radius is gone. Is there anything else

Re: eap/tls freeradius openssl

2009-01-13 Thread Craig White
On Tue, 2009-01-13 at 13:33 -0500, John Dennis wrote: Craig White wrote: On Tue, 2009-01-13 at 11:46 -0500, John Dennis wrote: Brian Ertel wrote: John, You are right, but the dir where the old radius was make installed is gone. That is the original folder

RE: eap/tls freeradius openssl

2009-01-13 Thread Craig White
On Tue, 2009-01-13 at 16:38 -0500, Brian Ertel wrote: Oh, and should I include the /i386 dir and the i386.rpm suffix like: rpm -Uhv /usr/src/redhat/RPMS/i386/freeradius-2.1.3-1.i386.rpm /usr/src/redhat/RPMS/i386/freeradius-libs-2.1.3-1.i386.rpm suggestion...make life easy on yourself

RE: eap/tls freeradius openssl

2009-01-09 Thread Craig White
http://wiki.freeradius.org/Red_Hat_FAQ nice wiki On Fri, 2009-01-09 at 14:21 -0500, Brian Ertel wrote: Alan, I am running CentOS 5. Thanks, Brian -Original Message- From: freeradius-users-bounces+bsertel=amherst@lists.freeradius.org on behalf of Alan DeKok Sent:

RE: eap/tls freeradius openssl

2009-01-09 Thread Craig White
and freeradius-openssl-dev rpm? Thanks, Brian -Original Message- From: freeradius-users-bounces+bsertel=amherst@lists.freeradius.org on behalf of Craig White Sent: Fri 1/9/2009 2:41 PM To: freeradius-users@lists.freeradius.org Subject: RE: eap/tls freeradius openssl

ldap question

2008-12-10 Thread Craig White
still a few issues so I upgraded to 2.1.1 and in debug mode (and I have enabled ldap), I see this... [ldap] checking if remote access for $SOME_USER is allowed by uid [ldap] looking for check items in directory... rlm_ldap: sambaNtPassword - NT-Password == 0x... rlm_ldap: sambaLmPassword -

client certs

2008-12-10 Thread Craig White
freeradius-2.1.1-2 (rebuild SRPM from Fedora on CentOS 5) followed instructions in certs/README perfectly - so I believe. server certs seem fine but generated client cert in Windows shows Windows does not have enough information to verify and yes, I have loaded the 'ca.der' file generated by the

Re: client certs

2008-12-10 Thread Craig White
On Thu, 2008-12-11 at 01:13 +0100, [EMAIL PROTECTED] wrote: freeradius-2.1.1-2 (rebuild SRPM from Fedora on CentOS 5) followed instructions in certs/README perfectly - so I believe. server certs seem fine but generated client cert in Windows shows Windows does not have enough information

RE: client certs

2008-12-10 Thread Craig White
On Wed, 2008-12-10 at 19:32 -0500, Jason Wittlin-Cohen wrote: server certs seem fine but generated client cert in Windows shows Windows does not have enough information to verify and yes, I have loaded the 'ca.der' file generated by the instructions on the Windows client and that installs in

Re: client certs

2008-12-10 Thread Craig White
On Thu, 2008-12-11 at 01:49 +0100, [EMAIL PROTECTED] wrote: I only re-generated the 'client' certificate but in doing a diff, it appears that every level of cert generation has changed...do I have to start over? You should. Original Makefile was creating ca certificate that was valid only

RE: client certs

2008-12-10 Thread Craig White
On Wed, 2008-12-10 at 19:51 -0500, Jason Wittlin-Cohen wrote: Craig, Apparently Windows automatically sends non-CA certificates in DER or PEM format to the Other People' certificate store. More importantly, the wireless supplicant in Windows XP \will not work with PEM or DER formatted

Re: client certs

2008-12-10 Thread Craig White
On Wed, 2008-12-10 at 21:36 -0500, Jason Wittlin-Cohen wrote: Craig, Have you tried authenticating with the same certificate from a different computer, or using a different supplicant? The XP supplicant is pretty awful. If you have an Intel card, you can download the Intel PROset software

realms and Windows domain

2008-12-06 Thread Craig White
freeradius-1.1.3-1.2.el5 LDAP authentication (OpenLDAP) I am mostly working now but I do get failures if a user has the Windows Domain set to any value at all which of course means that the authentication is passed as DOMAIN\user and I want it to strip out the DOMAIN\ part and just keep the user

Re: realms and Windows domain

2008-12-06 Thread Craig White
Not sure that it's the right place but I was able to hack 'hints' file to handle this Craig On Sat, 2008-12-06 at 12:07 -0700, Craig White wrote: freeradius-1.1.3-1.2.el5 LDAP authentication (OpenLDAP) I am mostly working now but I do get failures if a user has the Windows Domain set

windows supplicant

2008-12-04 Thread Craig White
I've been working on this on/off for 2 weeks now and I'm confused. I found on this Windows laptop I've been playing with that I can't connect via the built-in Windows XP SP3 supplicant but one connection I can make is using the Intel ProSet (it's a 2100) but the only way that I've been able to

OT - Question about Switches

2008-12-02 Thread Craig White
Sorry for the noise but this is actually related to my struggles with FreeRadius I am using FreeRadius and authenticating Windows RAS users (PPTP) Macintosh users via the same Windows RAS server using PPTP or L2TP, Macintosh WAP clients and iPhone clients without a problem. I am struggling with

Re: last hurdle...windows clients

2008-11-25 Thread Craig White
On Tue, 2008-11-25 at 10:06 +0100, Alan DeKok wrote: Craig White wrote: I realize that freeradius has little control over the supplicant but I'm wondering if it's something in my setup of tls that the authentication should/shouldn't be part of the tunnel because it just assumes a login

certificates confusion

2008-11-24 Thread Craig White
please excuse me if this isn't entirely related to freeradius but it's all about getting WindowsXP laptops to my wireless network with freeradius and 8021.x I see that there is certificate failures and am thinking that I need to clean this up up until now, server2 is my ca and I have used that

Re: last hurdle...windows clients

2008-11-24 Thread Craig White
On Sun, 2008-11-23 at 02:59 -0600, Alan DeKok wrote: Craig White wrote: OK - that quiets the notification but I still can't figure out the issue where I can authenticate RRAS, Macintosh and iPod clients against radius via LDAP using mschapv2 but even with the certificates on Windows XP

Re: last hurdle...windows clients

2008-11-22 Thread Craig White
On Sun, 2008-11-23 at 00:24 +0100, [EMAIL PROTECTED] wrote: I don't understand the message about unknown_ca in the log below either because I am acting as my own CA and this same cacert.pem seems to be happy on the Windows system I imported it on and I've been using it for a bunch of other

last hurdle...windows clients

2008-11-21 Thread Craig White
freeradius-1.1.3-1.2.el5 I am authenticating Windows RRAS connections, Macintosh wifi, iPhone wifi all with LDAP and mschapv2 (using sambaNTPassword hashes in OpenLDAP) My users basically consists of... DEFAULT Auth-Type = LDAP eap.conf default_eap_type = mschapv2 and of course my

Re: Unknown module eap

2008-11-16 Thread Craig White
On Sun, 2008-11-16 at 07:55 +0100, Alan DeKok wrote: Craig White wrote: freeradius newbie here...not sure where I went wrong and someone probably can figure this out in a second. You edited the default configuration files and broke it. CentOS 5 (freeradius-1.1.3-1.2.el5) still using

ldap and unix return different results

2008-11-16 Thread Craig White
craigwhite craigwhite:x:1013:1000:Craig White:/home/users/craigwhite:/bin/sh # radtest craigwhite MY_PASSWORD MY_RADIUS_SERVER 0 whatever and on the radius server running 'radiusd -X -f' Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready

Re: ldap and unix return different results

2008-11-16 Thread Craig White
On Sun, 2008-11-16 at 09:45 -0700, Craig White wrote: I am trying to use mschap and the following is logged suggesting that ldap authorize succeeds but unix authorize fails but the passwords are the same (aside from the fact that samba hashes the password). I can ssh into the radius server

Unknown module eap

2008-11-15 Thread Craig White
freeradius newbie here...not sure where I went wrong and someone probably can figure this out in a second. New installation, following guide @ tldp and another ldap guide but I don't think the ldap is the problem here. Not knowing what is significant, I'll just give the whole output. CentOS 5