Read the last two days on the mailing list archives. It's all they've
been talking about.
It seems to work. But i see freeradius 1.1.6 correct a bug about
HUP.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> -Original Message-
> So the piece of confusion is how you get that encrypted hash
> in there in the first place when configuring a new key.
Service password-encryption
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_command_
reference_chapter09186a00801a7fa1.html#wp
One further comment.
The shared secret in FreeRADIUS CANNOT be the "really long number" in
the IOS config file. This is an encrypted hash of the "REAL" secret.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
It sounds like your trying to encrypt the shared secret in the router
config. Or, your trying to copy the encrypted shared secret and paste
it. (The 7 is what tipped me off)
First, you need to verify that you have the password-encryption is
enabled in the IOS. This is the magic that makes that
> -Original Message-
I'm assured that Windows Vista now
> has a proper 'do not cache this' feature ;-)
>
It does.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
What manufacturer makes the NAS (the wireless controller?)
I would look to the Called-Station field. Usually (Based on Cisco AP's) this
is the MAC of the AP, followed by the SSID they connected to.
> -Original Message-
> From:
> [EMAIL PROTECTED]
> g
> [mailto:[EMAIL PROTECTED]
> adi
> -Original Message-
> As for building it from source, it shouldn't be a problem.
>
To further upon this:
http://wiki.freeradius.org/Build#Building_Packages
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Simple question
Is the config file your ediiting the one that Freeradius is using?
(I've done this before)
Us the locate radiusd.conf and see all the instances.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> -Original Message-
>
> When I run radiusd, it says it is running properly, but I
> check with netstat -n and I don't see anything listenning on
> port 1812. The port setting in the configuration file is '0'
> (which is I think 1812 by default).
>
> Is this normal? I don't think my a
adius users mailing list
> Subject: Re: 1.1.4 - TTLS - missing attributes
>
> King, Michael wrote:
> > Could this be related to my Mac issue with the Pre-2.0 Snapshot?
>
> Umm... what MAC issue?
>
> > Granted, I'm only using PEAP.
>
> PEAP still ha
Could this be related to my Mac issue with the Pre-2.0 Snapshot?
Granted, I'm only using PEAP.
> -Original Message-
> From:
> [EMAIL PROTECTED]
> g
> [mailto:[EMAIL PROTECTED]
> adius.org] On Behalf Of Alan DeKok
> Sent: Friday, February 16, 2007 4:32 AM
> To: FreeRadius users mailing
> -Original Message-
> following would work just as well and be much more readable:
>
> Calling-Station-Id =~ "^(00-0D-93-|00-03-93-|00-05-02-)"
>
I was just concerned with a partial match I wasn't expecting.
E.g. XX-XX-00-0D-93-XX
> And as to where it goes, anywhere a check expres
I'd like to proxy user's off to a different RADIUS server based on
they're MAC address.
Currently, my NAS reports MAC address as Calling-Station-Id =
"00-0D-93-EA-89-06"
I'd like any user that has a MAC starting with 00-0D-93 (and about 8
more MAC's) to be proxied off to another Radius server.
If you want to use Debian, that's fine.
If you want to use Debian with EAP (typically used in Wireless
deployments) you will have to create your own package. (License
restrictions prevent the redistribution of OpenSSL)
This is easy enough
http://wiki.freeradius.org/Build#Building_Debian_packag
> -Original Message-
>
> So if 1.1.3 works, and 1.1.4 doesn't, that's the issue.
Anyone got 1.1.4 and Mac authenticating?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> -Original Message-
> On your Mac (as root), create the
> directory /var/log/ eapolclient, then retry your
> authentication. The EAP client is OS X should write out
> debugging information for the EAP session into that directory
> and should give you a better idea of why its haltin
> -Original Message-
>
> When I try a Mac (PowerMac 10.4.8, but have tried also on 10.3.x), it
> seems to not work. The Mac throws an error "802.1x Authentication has
> failed."
After more testing, and staring at the debug's, it seems this is where
the break-down is, the MAC isn't answer
To answer my own question...
It looks like not.
It looks like it's just
/usr/include/freeradius/*
After the last line in the files section.
> -Original Message-
> From:
> [EMAIL PROTECTED]
> g
> [mailto:[EMAIL PROTECTED]
> adius.org] On Behalf Of King,
> -Original Message-
>
> The RPM file in FreeRADIUS needs to be updated with that
> list of files.
(Resend, helps if I format the line correctly, forgot a leading /)
Would
%attr(0700,radiusd,radiusd) %dir /usr/include/freeradius
Be sufficient?
Mike
-
List info/subscribe/unsubs
> -Original Message-
>
> The RPM file in FreeRADIUS needs to be updated with that
> list of files.
Would
%attr(0700,radiusd,radiusd) %dir usr/include/freeradius
Be sufficient?
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I'm trying to create a Redhat RPM from the nightly CVS snapshots.
(Following the Wiki instructions)
I've tried a few different snapshot dates, and they all die with the
attached error.
I'm not too familiar with RedHat packaging. Any idea what I've done
wrong?
Checking for unpackaged file(s): /u
> -Original Message-
> > Does FreeRADIUS support PEAP Fast Reconnect?
>
> No.
>
> As always, patches are welcome. :)
>
Thanks. It was a "does this check box actually do anything for me"
question.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Does FreeRADIUS support PEAP Fast Reconnect?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> -Original Message-
> What would, in your opinion,
> be better? TTLS or PEAP?
They're not Mutually exclusive. You can have both. I'd suggest doing
both.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> -Original Message-
>
> The database is not a problem, since we have a huge one in
> place, one stored in Active Directory (for which I can use
> the FreeRADIUS LDAP module) or MySQL one.
If you use ActiveDirectory, I believe you would have an easier time
using ntlm_auth. Using LDA
[mailto:[EMAIL PROTECTED]
> adius.org] On Behalf Of Alan DeKok
> Sent: Tuesday, January 09, 2007 8:56 PM
> To: FreeRadius users mailing list
> Subject: Re: SSL locking code
>
> King, Michael wrote:
> >> -Original Message-
> >> OK. I don't have good net
Without being too subtle, You've mis-understood much of the research
you've read. Don't worry about it, there is quite a bit of
contradictory information out there.
There's quite a bit of background information, so it'll be a little bit
before I mention FreeRADIUS.
First. It's WPA, not WAP. (
> -Original Message-
> apt-get install g++
>
Thank you. Apparently, this would be my first Debian box that didn't
have g++ out of the box. (I've built more than 10 following the same
cookbook that our office wrote)
I guess gcc and gpp weren't enough.
It built... Well it's building
I wanted to try the Pre2.0 release in the CVS to see if the TLS locking
code fixed the problem I had with the SSL errors in PEAP.
I downloaded the snapshot from ftp.freeradius.org
freeradius-server-snapshot-20070116.tar.bz2
I'm building on Debian, so I wanted to package it (Especially since it
n
> -Original Message-
> OK. I don't have good net connectivity right now, or
> access to a machine to do real development, so this fix
> didn't make it into 1.1.4.
Would this change be in the CVS head?
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/user
> -Original Message-
>
> Did anyone run the server in non-threaded mode to see if
> the SSL errors go away?
>
> I can do it, but I don't see SSL errors, so I can't
> reproduce the problem.
>
>
I did run the server in single threaded mode, and it appeared to go
away.
-
List
Back on October 18th, we had a conversation about threading issues.
In the message it was said:
> The issues is "bad record mac", not "failed in system call". The
>second error message is a result of the first.
>
> I suspect threading issues. Try running the server in non-threaded
>mode. I
Alan,
Your deploying radius blog site is showing:
MySQL error!
Error establishing a database connection!
(Can't connect to local MySQL server through socket
'/var/run/mysqld/mysqld.sock' (2))
1. Are you sure you have typed the correct user/password?
2. Are you sure that you have typed th
First question. Did you install from source, did you create your own
binaries, or did you use debian provided binaries.
Debian provided Binaries do not include SSL support. (Violation of SSL
license terms I believe)
Creating your own binaries are easily done
http://wiki.freeradius.org/Build#B
> -Original Message-
>
>
> Vista supports only PEAPv2 client (but I think only one TLV
> type- TLV-Result),
Can you provide some documentation on that? We've been collectively
trying to figure out what Microsoft did to break Vista working with
FreeRADIUS. I'm wondering if this is i
> -Original Message-
>
> machine authentication was the keyword I've searched ... thanks a lot
>
> somebody knows a good howto for this?
>
> thanks mIke
>
To be honest, if you enable use computer account when available in the
Windows Zero Config Client, it should just work.
If it
Does CENTOS have a built-in firewall? (IPTABLES) Does it have holes
(Rules, exceptions) poked in it so that the RADIUS packets get thru?
Ports 1812 and 1813. I'm not sure if it's TCP or UDP, I always see them
referenced together, so I opened both.
> -Original Message-
> From:
> [EMAI
I'm Interpreting your question a little
Please correct the question if I've got it wrong.
You want to user's to be able to have network connectivity at the logon
prompt, so they're username/password is sent to the domain?
You need to use Machine Authentication. (AKA computer account
authenti
Some things I've noticed from your attached
files
Module: Loaded MS-CHAP mschap: use_mppe =
yes mschap: require_encryption = yes mschap: require_strong =
yes
I've never enabled these before, I'm unaware what
affect they will have
tls: pem_file_type = yes tls: private_key_file
= "/e
> -Original Message-
> "Karthik R" <[EMAIL PROTECTED]> wrote:
> > When i try to connect to access
> > point, it takes the local machine name default instead of
> asking for
> > username and password.
>
> You have to configure the local machine to NOT authenticate
> as the machine.
Ok.
Look in the News! Section on the front most page.
It has this link
ftp://ftp.freeradius.org/pub/radius/freeradius-1.1.3.tar.gz
> -Original Message-
> From:
> [EMAIL PROTECTED]
> g
> [mailto:[EMAIL PROTECTED]
> adius.org] On Behalf Of kbajwa
> Sent: Tuesday, October 31, 2006 5:14
BTW, Seems today is the day for website problems
http://deployingradius.com/blog/
MySQL error!
Error establishing a database connection!
(Can't connect to local MySQL server through socket
'/var/run/mysqld/mysqld.sock' (2))
1. Are you sure you have typed the correct user/password?
2.
> -Original Message-
>
> I'm not sure 1.0.4 had that fix in the rlm_mschap module. If
> you need to use 1.0.4 for some reason, you may have to
> backport the patch from a later version of the module.
>
> --Mike
>
Awww Man...
I went back to 1.0.4 because 1.1.2 and 1.1.3 kept cras
I had this working
before, and I can't figure out what I'm missing to get it working on this
server.
Samba Version
3.0.23b
FreeRADIUS version
1.0.4
Users successfully
authenticate with the domain, Machine accounts do not
however.
My ntlm_auth line
is:
ntlm_auth =
"/usr/bin/ntlm_aut
Anyone else having
trouble getting to the Wiki right now?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Let's see if we can get this solved...
> -Original Message-
> Here's the full log:
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 10.104.254.73:1645,
This is NOT the full log. The full log would have started with the line
/path/to/radiusd -X
Some important s
> -Original Message-
> But while using radtest tool with the same logon credentials
> as above it rejects the user and here is the log message.
Please paste the entire debug log. It looks like you missed a few bits
in the cut and paste.
-
List info/subscribe/unsubscribe? See http:/
EMAIL PROTECTED]
> adius.org] On Behalf Of Alan DeKok
> Sent: Wednesday, October 25, 2006 11:24 AM
> To: FreeRadius users mailing list
> Subject: Re: Version Question
>
> "King, Michael" <[EMAIL PROTECTED]> wrote:
> > I thought the errors (SSL error
> > error:00
> -Original Message-
>
> I think a few SSL errors may have been printed out earlier,
> but check that the 1.1.3 rlm_* libraries aren't still on your system.
>
The Libraries were still there. Eradicating them helped. :-)
-
List info/subscribe/unsubscribe? See http://www.freeradi
I'm still struggling
with my server throwing
Error: TLS Alert
write:fatal:bad record macError: TLS_accept:error in
SSLv3 read certificate verify AError: rlm_eap: SSL error error:1408F455:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record macError:
rlm_eap_tls: SSL_read failed
Sounds very similar to my thread titled SSL_read failed in a system call
from last week.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Ben Beuchler
Sent: Monday, October 23, 2006 2:06 PM
To: FreeRadius users mailing list
Subject: Server stopped respondi
Use this one if the one on the website doesn't work for you
Index: src/modules/rlm_eap/rlm_eap.c
===
RCS file: /source/radiusd/src/modules/rlm_eap/rlm_eap.c,v
retrieving revision 1.26.2.1.2.1
diff -u -r1.26.2.1.2.1 rlm_eap.c
--- src/m
Yes. It's possible.
Look in eap.conf In each EAP section (TTLS and PEAP) this code snippet exists
# The reply attributes sent to the NAS are
# usually based on the name of the user
# 'outside' of the tunnel (usually
-Original Message-
>>Again, I have no idea why it's core dumping. It shouldn't be.
>>I don't have Vista, and I can't debug this issue myself. It's up to
you.
Should this line be like this?
DEBUG2("VISTA[%s:%s]: here", __FUNCTION__, __LINE__);
I have not coded in C (or C++) for 5 y
dows Vista and
our FR. It isn't working for us either.
Brian
> -Original Message-
> From: freeradius-users-
> [EMAIL PROTECTED] [mailto:freeradius-
> [EMAIL PROTECTED] On Behalf Of
> King, Michael
> Sent: Thursday, October 19, 2006 2:52 PM
> To: FreeRadius users
-Original Message-
Sorry - I've come late to this thread. Do we have a general problem with
Vista failing to authenticate against FR, or is this just one instance
failing, and we know of other instances where it is working?
It's most likely I'm the first to try it, and I've had.
It seg faults when I do -X (or -sxx. But not with -x)
Here is the gdb log
rad2:/home/mking/freeradius-1.1.3/doc# more gdb-radiusd.log
Starting program: /usr/sbin/freeradius -X
[Thread debugging using libthread_db enabled]
[New Thread 1077729984 (LWP 2603)]
Program received signal SIGSEGV, Segm
I thought it looked a bit funny
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Alan DeKok
Sent: Wednesday, October 18, 2006 7:39 PM
To: FreeRadius users mailing list
Subject: Re: Windows Vista doing PEAP
"King, Michael" <[EMAIL PROT
Here we are: I did it twice.
Funny it sent an access reject the second time.
rad2:/home/mking# /usr/sbin/freeradius -x
Starting - reading configuration files ...
Using deprecated naslist file. Support for this will go away soon.
Module: Loaded exec
rlm_exec: Wait=yes but no output defined. Did
handle the load of
around 500 clients?
I also complied 1.0.4 on one of the newer servers, it appeared to run
without any difficulties as well.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of King, Michael
Sent: Wednesday, October 18, 2006 5:47 PM
To
PM
To: FreeRadius users mailing list
Subject: Re: SSL_read failed in a system call
"King, Michael" <[EMAIL PROTECTED]> wrote:
> I've still got the server locked up in a state where it throws this
> error message at will.
The issues is "bad record mac", not "faile
Since I've been
having great amounts of troubles with 1.1.2 / 1.1.3, (See SSL_read failed in a
system call message) We're going to try building another server with 1.0.4 (The
latest version that we have in production that works for us)
Anyone know of a
stress test utility that can simulate
I got the same results as below with RC2.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of King, Michael
Sent: Wednesday, October 11, 2006 1:56 PM
To: FreeRadius users mailing list
Subject: RE: Windows Vista doing PEAP
Alan, here is your requested
Just following up, anyone got a suggestion.
I've still got the server locked up in a state where it throws this
error message at will.
Mike
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of King, Michael
Sent: Friday, October 13, 2006 9:34
I posted this to the list back in September, but was unable to chase it
then.
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg294
52.html
But it has returned with a vengeance. It only seems to affect the 1.1.3
server. I have not tried any other versions, other than the 1.0.4
Weird..
I just got this email this morning...
SecureW2 is no longer at www.securew2.org
Please visit
http://securew2.alfa-ariss.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Alessandro Agostini
Sent: Thursday, October 12, 2006 9:53 AM
To: fre
-Original Message-
Are you sure you're using the new code? It looks to me like it's NOT
installing the server with symbols, and it's NOT printing the new
debugging messages.
I was, I just wasn't building the server right. I figured it out a few
hours later (See my later emails)
I posted this to the list back in September, but was unable to chase it
then.
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg294
52.html
I think it's load related.
I found this on the net:
http://www.mail-archive.com/modssl-users@modssl.org/msg16180.html
> There is definat
Alan, here is your requested capture.
This was with RC1
I will be reattempting with RC2 in a little bit.
rad2:~# gdb /usr/sbin/freeradius
GNU gdb 6.4.90-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome
ailing list
Subject: Re: Windows Vista doing PEAP
Hi
On 10/10/06, King, Michael <[EMAIL PROTECTED]> wrote:
> I'm assuming it built it that way.
>
> Anways, here's what I got following those direcitons (Which is what
> leads me to think the symbols go stripped)
If you
[mailto:[EMAIL PROTECTED]
On Behalf Of K. Hoercher
Sent: Wednesday, October 11, 2006 2:06 AM
To: FreeRadius users mailing list
Subject: Re: Windows Vista doing PEAP
Hi
On 10/10/06, King, Michael <[EMAIL PROTECTED]> wrote:
> I'm assuming it built it that way.
>
> Anways, here'
: Windows Vista doing PEAP
"King, Michael" <[EMAIL PROTECTED]> wrote:
> Not to rude, have you had a chance to poke that Patch again?
Reload it from the same URL as last time.
If it still crashes, see doc/bugs. I don't see how it can crash at
all, so the crash looks l
-Original Message-
I would say 1.1.3 is fine to use. 2.0 will be out in a few months, so
you're free to upgrade then, too.
I think question he was trying to get across, is 2.0 going to be
significantly different from 1.1.3 from a config standpoint.
-
List info/subscribe/unsubscrib
Not to rude, have you had a chance to poke that Patch again?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Alan DeKok
Sent: Wednesday, October 04, 2006 6:54 PM
To: FreeRadius users mailing list
Subject: Re: Windows Vista doing PEAP
"King, Mi
Still a 404
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Alan DeKok
Sent: Thursday, October 05, 2006 3:59 PM
To: FreeRadius users mailing list
Subject: Re: FreeRADIUS user Survey
"Guilherme Franco" <[EMAIL PROTECTED]> wrote:
> Survey Not Found
Who
Just reading thru the deployingradius.com pages
On page:
http://deployingradius.com/documents/configuration/active_directory.html
You reference the krb5.conf file like this:
[realms]
...
realm.company.com = {
kdc = nt-server-hostname.company.com
}
...
However, someone on the list onc
Just to double check that I didn't cut paste wrong,
I wget'd the file from your server, repatched, recompiled, and
reinstalled.
Same seg fault, at same place.
rlm_eap_tls: Start returned 1
VISTA[eap_compose:475]: reply->id 6
VISTA[eap_compose:476]: reply->code 1
VISTA[eap_compose:514]: eap->re
Things didn't work so hot. :-( Seg Fault
I created the vista.patch file by pasting the file you referenced into a
vi session.
I moved it into freeradius-1.1.3
I used the command:
patch -p0 id 6
VISTA[eap_compose:476]: reply->code 1
VISTA[eap_compose:514]: eap->request->code 1
VISTA[eap_compose:5
-Original Message-
Try: http://www.striker.ottawa.on.ca/~aland/vista.patch
You'll have to re-build & re-install the EAP module (you don't need to
touch the rest of the server). It won't help, but it will print out a
little more information. We'll probably have to do a few cycles b
Alan,
What domain were you testing against? 2000 or 2003? (I ask, because I
was under the impression that KRB5 had to be setup as well)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Alan DeKok
Sent: Friday, September 22, 2006 3:26 PM
To: FreeRadius
-Original Message-
No, actually you cant. I disabled new user creation as a all the spam
bots appeared to be smart enough to create new users then use them for
spamming.
Peter,
MediaWiki has a captcha extension to prevent this problem.
http://meta.wikimedia.org/wiki/ConfirmEdit_extensi
Paul,
I think what Alan was getting at is that Your client asked for EAP-TTLS,
not EAP-MSChapV2. This might be the root of your problem.
If you Intend to do MSChapV2 inside of TTLS Tunnels, you MUST setup a
certificate. This is make quite clear in the eap.conf file, that TTLS
is dependant on TL
> -Original Message-
> See "thread pool" in radiusd.conf.
>
> It looks like your DB is slow...
>
Entirely possible. It is Active Directory (Via the ntlm_auth program)
so I have no control over it. :-(
> > So, I've rolled back to my freeRADIUS 1.0.4 server, cause it hasn't
> >
So, I've rolled back to my freeRADIUS 1.0.4 server, cause it hasn't
crashed like my 1.1.3 has been doing.
I got this today in it's debug logs. Is there a config option to
increase the number of threads? Is there a better way to fix that?
Wed Sep 6 13:08:22 2006 : Auth: Login OK: [BSC\\j2kelley
adius.org] On Behalf Of Alan DeKok
> Sent: Tuesday, September 05, 2006 3:52 PM
> To: FreeRadius users mailing list
> Subject: Re: Failed Logins
>
> "King, Michael" <[EMAIL PROTECTED]> wrote:
> > 24 hrs later, Different radius server. (on a different box,
> -Original Message-
> 3. debian source package builds on unstable without problem
> here. And it provides a minimal intrusive way of enabling ssl
> and postgres related stuff.
Just to follow up.
It appears that in FreeRadius 1.1.3, if you follow the directions in the
WIKI
http://wi
24 hrs later, Different radius server. (on a different box, this one is
RedHat) FreeRadius 1.1.3
Same problem, throwing the same Error.
Tue Sep 5 13:24:33 2006 : Error: rlm_eap: SSL error
error::lib(0):func(0):reason(0)
Tue Sep 5 13:24:33 2006 : Error: TLS Alert write:fatal:bad record
> -Original Message-
> It looks like a memory corruption issue. Either there's a
> bug in the server, or there's bad RAM in the system.
Any suggestions on how to test memory on a Debian box remotely?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
So we've had many thousands of succcessful AD/PEAP authentications.
Today, the thing just died. I shut the server off so that all the AP's
started using my backup server.
This is the logs that I have from when it happened. Unfortuanly,
everything seemed fine after I rebooted the server (my emer
Did you generate the certificates that are mentioned
there? The one's that ship with the server are expired, you have to
generate your own certificate.
What version of FreeRADIUS. Version 1.1.1 fixed alot
of little PEAP things.
Version 1.1.3 of course is what you should be
running.
Most
> Sent: Wednesday, August 30, 2006 6:14 AM
> To: FreeRadius users mailing list
> Subject: Re: Building Freeradius RPM on Redhat ES 4.0
>
> On Wed, Aug 30, 2006 at 08:47:13AM +0100, B Thompson wrote:
> > On Tue, Aug 29, 2006 at 07:32:23PM -0400, King, Michael wrote:
> &g
> -Original Message-
> I saw this last week building 1.1.3 on RHEL 4.0 ES (Update 3) too.
> Was fixed
> by just applying the latest patches from Redhat. Appears to
> be due to a mismatch between various software levels. With
> the latest fixes, it is all OK.
>
Which patches? Just r
We're trying to build FreeRADIUS 1.1.3 into a RPM to install on our
RedHat ES 4.0 servers.
Following the directions in the Wiki
http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ#How_do_I_build_
a_RPM_package_from_sources.3F
I get the following error(s) and I've attached the referenced fil
Well Scott.
You've seemed to make everyone chime in on the lack of documentation on
the Internet for Linux as a whole (That's a summary of the 5 proceeding
messages)
But nobody answered your question. :-)
Scott, your looking at the wrong software product for what you do.
Well, FreeRADIUS wil
> -Original Message-
> > --nt-response=%{mschap:NT-Response)"
> ^^^ You seem to have
> the wrong variety of bracket here!?? This may be the reason
> --nt-response is being set to nul, and hence the above error.
Score one for the eagle eyed gentl
Ok, I now have 1.1.3 working great.
However, my log files now have an extra (and repeated) error message
Thu Aug 24 16:50:33 2006 : Error: TLS_accept:error in SSLv3 read
client certificate A
Thu Aug 24 16:50:33 2006 : Error: rlm_eap: SSL error
error::lib(0):func(0):reason(0)
Thu Aug 2
I'm building a new radius server. I'm copying an existing one.
I'm getting the following error from freeRADIUS when I run it -x
(FreeRADIUS 1.1.3)
Exec-Program: /usr/bin/ntlm_auth --request-nt-key --username=mking
--challenge=46b51a98d607a3a9 --nt-response=
hex decode of failed! (only got 0 byt
> -Original Message-
> Why? 1.1.3 just came out.
>
Indeed. Did I miss the announcement yesterday?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> -Original Message-
> "King, Michael" <[EMAIL PROTECTED]> wrote:
> > Just checking to see if the list is up. The homepage was
> down for a
> > bit (~10 minutes) but the wiki is still not responding.
>
> The list is hosted in the Netherla
Just checking to see if the list is up. The homepage was down for a
bit (~10 minutes) but the wiki is still not responding.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
1 - 100 of 159 matches
Mail list logo