Hello,
I'm trying to do a TLS auth, and I get an error after user sending his
cert;
Could someone please take a look at the log error, maybe it tels you
more than I understand from it.
Thank you!
ps: the cert that is doing problems is a wimax device certificate.
EAP-Message = 0x01070
My authentication worked fine, thanks for your help Alan,
and I apologize for having bothered you.
BR,
Cristian Novac.
Alan DeKok wrote:
Cristian Novac wrote:
I would like to ask client to provide certificate during TTLS.
I saw in eap.conf that I have to set EAP-TLS-Require-Client-Cert
little sample of how to be
used this setting?
Thank you!
Cristian Novac.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok wrote:
Cristian Novac wrote:
My device authentication worked, but user+device authentication doesn't.
May you tell me whether it's possible the server to ask for device
certificate during TTLS, as I set client to ask for TTLS method and by
default the server doesn&
authenticate by username and password and the
device by certificate.
Thank you!
Alan DeKok wrote:
Cristian Novac wrote:
Could someone tell me what has to be configured to be able to do Device
authentication and User+Device authentication.
It all depends how you plan on authenticating
Thank you!
Alan DeKok wrote:
Cristian Novac wrote:
May you tell me if there is a more detailed log than what I get while
running freeradius with -X argument ?
No.
I would like to see more about what caused this error:
...
rlm_eap: SSL error error:1409441B:SSL
er
++[eap] returns reject
auth: Failed to validate the user.
Login incorrect: [EMAIL PROTECTED]/] (from
client localhost port 0 cli 00-17-C4-27-4F-2C)
Delaying reject of request 4 for 1 seconds
Thank you!
BR,
Cristian Novac.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cristian Novac wrote:
CURRENT CONDITIONS:
I'm currently using FreeRadius server in a system where the server is
authenticating to the client using a server certificate.
For now, the client is authenticating through username and password.
The method used is EAP
o?
I attached my current eap.conf file
Thank you!
Cristian NOVAC.
Alan DeKok wrote:
Cristian Novac wrote:
Could someone tell me what has to be configured to be able to do Device
authentication and User+Device authentication.
It all depends how you plan on authenticating the devices and
Hi all,
Could someone tell me what has to be configured to be able to do Device
authentication and User+Device authentication.
Thank you!
Cristian NOVAC
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thank you!!!
Cristian Novac.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thank you !
Cristian NOVAC
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--- Begin Message ---
Hello,
I attached two log files obtained from freeradius.
For both were used the same configuration files in server;in fact the
server wasn't stopped at all.
But, if client choose to do chap, in Acces-Accept received from server I
will get all the attributes I set up in
Hello,
I attached two log files obtained from freeradius.
For both were used the same configuration files in server;in fact the
server wasn't stopped at all.
But, if client choose to do chap, in Acces-Accept received from server I
will get all the attributes I set up in users file(see chap.logc
could someone tell me what effect has the following line from the users
file if matched:
DEFAULT Auth-Type = Local
and what's the difference between this line and this one:
DEFAULT Auth-Type := Local
Thank you!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks for your advices! It works fine now.
I was using an older version(1.0.1) of radius before and ttls with
mschapV2 authentication seemed to go fine, even if I was using "=="
operator instead of ":="
Anyway, it is ok now. Thanks again
Phil Mayers wrote:
Cristia
Could someone please take a look at the attached log file and give me a
hint about how to solve the problem.
Please ignore the lines beggining with ***;I used them to debug
something else previously.
Thank you.
Cristian
Starting FreeRADIUS:FreeRADIUS Version 2.0.0, for host i686-pc-linu
ictionaries that I
manually added to the share/freeradius directory.
Thank you in advance !
Cristian NOVAC.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello all,
Given the log I attached, may someone tell me what's the problem
authenticating my client(using ttls with mschapv2)?
Towards the end of the log I get this:
eaptls_verify returned 11
rlm_eap_tls: >>> Unknown TLS version [length 0002]
TLS Alert write:fatal:protocol version
TLS_a
Hi all,
I would like to know what happens with attributes whitch are greater
than 253 B. Whether they are still sent or truncated, or...
Thank you!
Cristian NOVAC
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
It's me againI solved the problem.
I apologize for bothering.
Thank you for your advices.
Cristian Novac wrote:
Alan DeKok wrote:
Cristian Novac wrote:
Hi all,
I know there already was this problem posted on the list, but I still
have problems adding a new dictionary file to freer
Alan DeKok wrote:
Cristian Novac wrote:
Hi all,
I know there already was this problem posted on the list, but I still
have problems adding a new dictionary file to freeradius;
Can you explain what the problems are?
Could anyone please state the steps I have to follow to
Hi all,
I know there already was this problem posted on the list, but I still
have problems adding a new dictionary file to freeradius;
Could anyone please state the steps I have to follow to manually attach
a new dictionary to my installed freeradius.
Thank you !
-
List info/subscribe/unsubsc
I fail to authenticate my user, and it seems to me that it's a problem
with the certificates
Could you please check the attached radius log to see if that is the
real problem
I am interested in the user having the mac:00-1D-E1-00-EA-02
Thank you in advance
Cristian NOVAC
Starting - re
Is it possible to approximate on when the wimax vsa support will be
included in FreeRadius???
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thank you Allan for all the explanations; the problem was solved and the
next thing I'll do will be to upgrade to FreeRadius 1.1.7
Cristian NOVAC
Alan DeKok wrote:
Cristian Novac wrote:
The authentication is still not working
I attached the log I got when running in debug
Hello all,
I am trying to authenticate to freeradius using ttls with mschapv2 and i
don't succeed;
Attached is my eap.conf file; If you think something is wrong there or
something should be added please tell me; also if you think other files
should be configured as well.
Thank you in advance!
Hello all,
Do you know whether freeradius has some support for subattributes?
Thank you!
BR, Cristian NOVAC.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello all,
I am using Freeradius-1.0.2 in some tests I have to do, and I get the
following error "unable to get certificate CRL".
I attached the radius log for this problem(trace_unable_CRL).
If I set check_crl = no in the tls section of eap.conf file I get
another error: "fatal decrypt_error
wrong file as users file then the ACCESS ACCEPT
message doesn't contain any Service-Flow-Descriptor and QoS-Descriptor.
Maybe you could help me somehow.
Thanks.
Alan DeKok wrote:
Cristian Novac wrote:
For now I have successfully run tests only if I've written these
attributes into
Hello all,
I am Cristian NOVAC and I work to a Wimax project.
I have to perform some tests where I need multiple users to
authenticate, each of them having different service flows.
I mention that I use Service-Flow-Descriptor and QoS-Descriptor VS
ATTRIBUTES (defined in a WiMAX FreeRadius
31 matches
Mail list logo
