Are you sure the RADIUS secret is the right one?
On Wed, Oct 2, 2013 at 12:14 PM, JB list.freerad...@me.com wrote:
Hi!
We're proxying auth requests to another RADIUS service and encounter the
following problem:
The password seems to get changed somewhere along the way.
In our case, a 9
Didn't you make another fix afterward regarding AT_IDENTITY (commit
cfd61d24b99022eb613054bbf7e0da4fa3af1bde)? Not the patch from Microsoft.
I know I have to patch the 2.2.0 source in our RPMs with this commit otherwise
it fails ;)
On 2012-11-06, at 10:15 AM, Alan DeKok wrote:
Phil Mayers
Hi,
-what should I configure to get more than 2 Access-Request
You don't. The client is stopping because it thinks something is wrong.
Upgrade to 2.2.0 and try again - if the same thing happens, you need to debug
on the client.
You need to also add a patch that has been committed in the
On 2012-10-12 1:22 PM, Mike Diggins wrote:
Unable to read consumer identity
Because your RHN stuff appears to be broken.
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
very much!!
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to know what the supplicant is here, too?
I tested with an iPhone 3GS device running 5.0.1. I still need some
bytes to make it work and test with our Android (get the SRES/Kc from
the Micro-SIM).
I don't know if others on the list made it work with that patch on.
--
Francois Gaudreault, ing. jr
right, but when providers will start pushing 3G/4G
offload for real (if they ever do), there are not many ways of doing
it... I think :P The reason of those tests on our side is to support
WISPr and/or NewGen hotspots with our product.
Thanks!
--
Francois Gaudreault, ing. jr
fgaudrea
comes from the HLR/AuC, and SRES/Kc is sent back
to the HLR to perform the authorization check :)
The only way to test it without having that kind of infra is to
pre-compute stuff to simulate the HLR calculations (offlist message).
Thanks!
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca
Hi,
That's not nice. The module should return some kind of message.
If you say so :P
This looks like an issue for digging into the code.
Ok. Let me know if you need me to test anything, I will be glad to do so :)
Thanks!
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca
1601 - client error junk
Hmmm interesting. But how can it be working on 2.1.12 with the exact
same client and config? Maybe I can retry with 2.2.0 and see if I still
get this error on multiple retries. I'll get back to you.
Thanks for looking into it.
--
Francois Gaudreault, ing. jr
fgaudrea
!
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
is, do I need more than 3 triplets line with 2.2.0?
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
List info/subscribe/unsubscribe? See http
db33121f3c7923c35b8ad3d0c0a7cd3e7eb01a19 M src
Hope it helps :)
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
List info/subscribe/unsubscribe? See http
-auth {...}
++[exec] returns noop
++[reply] returns noop
} # server packetfence
Sending Access-Accept of id 34 to 10.0.0.24 port 1051
Thanks!
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu
Hi,
On 2012-09-11 4:05 PM, Phil Mayers wrote:
On 09/11/2012 07:49 PM, Francois Gaudreault wrote:
Hi,
I am playing with EAP-SIM on 2.2.0, but I am facing an issue I cannot
even understand :S Not because I don't want to, but the error messages
are not talking much.
I did compute SRES/Kc
Thanks Alan. We will rework our use case then :)
On 2012-08-22 1:46 AM, Alan DeKok wrote:
Francois Gaudreault wrote:
On each requests, we want to proxy it to a primary server, if it's
succeeding, move on, but if the authentication fails, we need to proxy
to a secondary server. It's not fail
to proxy
to a secondary server. It's not fail-over we are looking for.
Thanks!
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
List info/subscribe
the Samba configuration?
In a quick test, with the server in domain1, I ran ntlm_auth and specified
domain2, which failed to authenticate the user.
Thanks,
Dave A.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Francois Gaudreault, ing. jr
fgaudrea
now, the Ldap-Group will only contain the first group of the list.
Thanks!
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
List info/subscribe
from one strings worth of data.
This problem requires a real programming language. Use Perl.
Will do. I was just trying to avoid external scripting for that.
Thanks.
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders
to include the patch you find in the above fedora build.
Instructions on how to build an RPM from an SRPM can be found here:
http://wiki.freeradius.org/Red_Hat_FAQ
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind
/libpthread.so.0
#16 0x00b7645e in clone () from /lib/libc.so.6
(gdb) quit
I am not aware of the issue for other CentOS 5 version, or CentOS 6.
Thanks.
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu
term project).
Thanks!
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
for a bit of syslog into
a nice syslogNG server with DB backend would do just as well (and be more
usuable
by other systems - IMHO) )
I see. Well I will try to do something on my side then. I believe it
is not that complicated using their perl framework.
Thanks!
--
Francois Gaudreault, ing. jr
records and databases are updated to
reflect this change.* Further information can be found on the website
here. http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Francois Gaudreault, ing. jr
fgaudrea
{
use_mppe = yes
require_encryption = yes
require_strong = yes
with_ntdomain_hack = yes
}
Any thoughts?
Thanks!
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu
[mschap] Told to do MS-CHAPv2 for host/dti-dahport with NT-Password
[mschap] FAILED: MS-CHAP2-Response is incorrect
Is it possible that the issue is somewhere else? The nt/lmPassword are
properly handled when we do user auth, and the printout in debug is also
in a 0xsomething format.
--
Francois
are
using LDAP populating the NT-Password field, we don't need this
ntlm_auth line in the mschap module do we? Like I said, it's working
well with user authentication.
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders
-dahport$) from EAP-MSCHAPv2
On 12-02-09 12:32 PM, Francois Gaudreault wrote:
Interesting. Let me give it a shot and see how it goes.
Thanks!
On 12-02-09 12:19 PM, Phil Mayers wrote:
On 09/02/12 16:42, Alan DeKok wrote:
The issue could be somewhere else. From what I recall, host
authentication
by reply email and destroy all copies of
the original message and any attachments.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Francois Gaudreault, ing. jr
/list/users.html
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
in advance
Hitesh Vinzoda
Network Administrator
+91-9924117399
www.vinzoda.in
There are 10 types of people in this world.
One who can understand binary and other's can't.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Francois Gaudreault, ing. jr
fgaudrea
that it
doesn't support EAP, and the way it agglomerate the request results (ie.
10s, 1s, etc), you can't tell the real response time.
--
Francois Gaudreault, ing. jr
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
List info/subscribe/unsubscribe? See http
MAISON
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info
.el6.x86_64
regards,
Fred MAISON
Le lundi 07 novembre 2011 à 13:23 -0500, Francois Gaudreault a écrit :
Hi,
It works for me on CentOS 6, I am using the same .spec (with only the
module name changed from freeradius2 to freeradius).
I am not an expert, but I guess the issue is with libtool, what
Best regards,
Fred MAISON
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
List info/subscribe
it works at *all*.
You bet. It was two controller from the same manufacturer, just
different model/firmware :S
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org
can (unicast, if you want) show the netsh lan show profile
output from a command prompt please?
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Francois Gaudreault, ing. jr
.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
List info
need to establish a different (basic for now) lease policy by
interface (ie. different network range). How can I know from which
interface the request came?
PS. By the way, if I don't set ipaddr = * , broadcast are not handled.
Normal?
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca
section, which sub should I redefine in the perl script?
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
List info/subscribe/unsubscribe? See http
Hi Phil,
It's been a while since we did not receive feedbacks about that SoH and
DHCP enforcement. I am just wandering if you had some news about it.
Thanks!
On 11-07-20 2:36 PM, Phil Mayers wrote:
On 07/20/2011 06:07 PM, Francois Gaudreault wrote:
Hi,
I am trying to make the SoH
-Login-SourceSSH32
VALUESymbol-Login-SourceTelnet64
VALUESymbol-Login-SourceConsole128
VALUESymbol-Login-SourceAll240
--
Francois Gaudreault, ing. jr
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
That's fine, I understand that.
On 11-09-20 1:56 PM, Phil Mayers wrote:
On 09/20/2011 06:15 PM, Francois Gaudreault wrote:
Hi Phil,
It's been a while since we did not receive feedbacks about that SoH and
DHCP enforcement. I am just wandering if you had some news about it.
Sorry; I've
Hey Phil,
Any chance you have some developments about that DHCP SoH thing?
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
List info/subscribe
= 10.0.0.1
DHCP-Domain-Name-Server = 4.2.2.2
DHCP-IP-Address-Lease-Time = 86400
DHCP-DHCP-Server-Identifier = 10.0.0.243
Finished request 1768.
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind
:
if eap.stripped-user-name == mschap.username:
ok
reject
else:
reject
I will try to investigate this tomorrow when I get back to the office.
Aight. Keep us posted.
Did you have a chance to look at it?
Thanks!
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130
, the OS is brilliant enough not to send the
machine name. However, mainly 80% of his machines are Windows XP.
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
Hi,
On 11-05-30 9:55 AM, Phil Mayers wrote:
On Mon, May 30, 2011 at 07:54:01AM -0400, Francois Gaudreault wrote:
There's no guarantee that STAFF\john and STUDENT\john at the same
person; you can't just ignore the fact that the client has changed
their username.
True. But I don't think
as a domain user, then use send username automatically
We tried it, and the machine appears to be sending the machine name
anyway. It will work only if we don't send the credentials automatically.
Thanks!
--
Francois Gaudreault, ing. jr
Inverse inc. :: Leaders behind SOGo (www.sogo.nu
, it is appreciated. I will get you the
debug information and the sites configuration as soon as I can.
Have a nice weekend.
--
Francois Gaudreault, ing. jr
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
-28 10:32 AM, Francois Gaudreault wrote:
Hi Phil, and Alan,
I will get you the debug output for Windows XP SP3 boxes (likely Monday).
I will summarise what we have. Basically, this is a setup where the
client is using eDirectory to authorize the users using the rlm_ldap
module. On the windows
and in the ntlm_auth line.
Again, we are *NOT* rewriting the User-Name.
We need other ideas here.
--
Francois Gaudreault, ing. jr
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
54 matches
Mail list logo