> its a bit like saying "my client is set to a static IP address, how do you
> configure the DHCP server to fix that?" ;-)
Hehe :D
Yes ok Thank you.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> ignore_unknown_eap_types = no
>but as the docs clearly state, if its not handled in another module
>then the request will still get rejected
Thanks,
Ok. I need to configure the Mac client or install a 802.1x tool.
No other way ... hmm ... ok.
lionne
-
List info/subscribe/unsub
Hi,
thanks for the fast answer.
> certainly if you dont allow FreeRADIUS to handle unknown EAP types.
Can you configure FR to handle unknown EAP types?
lionne
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
We use FreeRadius 2.1.9.
It works fine, but Macbook user can't connect.
I have to activate only TTLS and PEAP in WLAN settings (802.1x) on the
macbook, then it works.
Do exist any other possibility for MAC user?
PLZ help :)
Lionne Sta
> It's a Samba bug. https://bugzilla.samba.org/show_bug.cgi?id=6563
Thank you.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
[peap] Client rejected our response. The password is probably incorrect.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
Lionne Stangier
Debug
> When i do a ldapsearch -h 10.219.176.30 -b
> ou=USERS,ou=ELS-FRERE,ou=AMATOLA,ou=HLT,o=EC -x "uid=53986067"
> I get no results.
> If i use -x "cn=53986067" the user is found.
Open the ldap modul config set:
Filter = "(cn=%{Stripped-User-Name:-%{User-Na
> Sadly, many people take a hatchet to the configs then seem surprised
> when things don't work! Best to make small changes one at a time and
> test them, and put your configs into version control so you can roll
> them back.
I test freeradius. I can roll back every time ;)
> "Won't work" rea
> You have edited the default configuration files and broken them.
> You deleted "eap" from the "authorize" section, and then sent the
> server and EAP request. Don't do that.
It was only a try ;)
> And if the passwords are stored as MD5, go read:
> http://deployingradius.com/documents
I need help with the pap module.
I set modules/pap auto_header = yes, but if I start a test connect pap say:
[pap] No clear-text password in the request. Not performing PAP.
The password is MD5.
Lionne Stangier
Radius -X
Its looks like the pap module can't
> This is well known. It is in the FAQ, and in the comments in
> raddb/eap.conf.
> In short, you did *not* get a certificate that Windows will accept.
> Read the documentation for details. Look for "Windows".
I know these problems, but the certificate support extensions. It's a cert that
shoul
> I will look for a commercial certificate.
We bought a certificate. I write the new cert name in the eap.conf and comment
ca.pem out. But windows don’t get it.
Radiusd -X do handshake, and all successful. The Server send access challenge
but Windows don’t connect.
-
List info/subscribe/unsu
> It's a damn shame. The XP supplicant has held back 802.1x by a decade.
> HOWEVER - you can fix this by getting a wireless cert from a commercial
> provider which is in XPs CA store by default (e.g. verisign). You then
> need to write tedious instructions telling which 20 boxes to tick in
> Wi
> That disagrees with what you said earlier:
> 1) it doesn't need certs
> 2) the cert is on the phone
I mean you must not manually install the certificate.
> And you can't change the way some things work. EAP-TLS methods
> require certificates. Don't blame me, or FreeRADIUS for that. All
> ot
my Iphone, I don’t need the certificate.
> It's either doing WEP, or it's ignoring the server certificate.
No. It doesn’t use WEP and it doesn’t ignoring the certificate. The certificate
is on the phone. You only connect to the WLAN and the background settings
filled automatic.
Li
I need some help again.
Is it possible to use Freeradius without certificate on the XP client?
If I connect to the WLAN with my Iphone, I don’t need the certificate.
Lionne Stangier
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
It´s work.
I write into the ldap.attrmap:
checkItem Cleartext-Password userPassword
In the sites-available/default, I comment out everything except ldap, eap
And I activate LDAP in the sites-available/inner-tunnel authorize.
Thank you for help.
-
List info/subscribe/unsubscribe? See http://
> Is there a double colon (::) after the userPassword attribute name in
> the ldapsearch result? (e.g. userPassword:: x). If so
> that means the attribute value was binary (had some non-ascii printing
> character in it) so it was base64 encoded. This is a bit obscure, I
> got tr
> as... what?
> Is it a secret?
Sorry I don't know as what. On the LDAP Server it's clear text. Before it was
md5, maybe it's still md5. I can´t change any settings on the LDAP Server a
other admin in our company changed something for me.
I will set up a own test LDAP now.
-
List info/s
> Here are a couple of things to check which often trip folks up:
> 1) is the userPassword attribute defined in $RADDB/ldap.attrmap ?
> By default it isn't (I've never understood why it isn't) You should have
> a line in that file which looks like this:
> checkItem Cleartext-Password user
Alan DeKok wrote:
> .. it is impossible to use PEAP with SHA passwords.
> http://deployingradius.com/documents/protocols/compatibility.html
I saved the LDAP password clear-text now. It don’t work either. Same radiusd -X
log as before.
-
List info/subscribe/unsubscribe? See http://www.freeradiu
I need help.
Freeradius can't read the LDAP user passwords. Our LDAP passwords encoded in
sha.
I access with a Windows XP Client. Without LDAP it's work without problem.
2nd question. Can I access with Windows XP without using certificates?
Thank you
radiusd -X
22 matches
Mail list logo
