Hi !
I'm trying to set up a freeradius (1.1.0) server to proxy ms-chap-v2 to a ms
ias server.
If I send ms-chap, then the proxy works. But if I send ms-chap-v2 then
i get this error message (from debug) :
Sending Access-Request of id 1 to 192.168.1.1 port 1812
NAS-Identifier = "vpn.dom
Hi !
> If I send ms-chap, then the proxy works. But if I send ms-chap-v2 then
> i get this error message (from debug) :
That's nice. What does the debug log on the other RADIUS server say?
Sorry no debug information, but here is some from the ms w2k3 ias log file :
vent Type: Warnin
Hi !
> Is this possible ? Should it work ? Is it possible to proxy ms-chap-v2 ?
Yes. My guess is that the other RADIUS server doesn't understand
MS-CHAPv2.
The solution was to add a "nostrip" in proxy.conf file.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users
Hi !
I'm trying to set up Freeradius (1.1.0) to proxy ms-chap-v2 and when
I get the "accept" from ms-win2k3-ias server, then i want to assign
a static ip address.
Reading the doc/proxy file, i read that the user file is processed as usual
after accept is received ms radius server.
users :
DEF
Hi !
I'm trying to set up Freeradius (1.1.0) to proxy ms-chap-v2 and when
I get the "accept" from ms-win2k3-ias server, then i want to assign
a static ip address.
Found a odd solution :
radius.conf :
ippool pool-ip {
range-start = 192.168.1.100
range-stop =
Hi !
I'm trying to set up Freeradius (1.1.0) to proxy ms-chap-v2 and when
I get the "accept" from ms-win2k3-ias server, then i want to assign
a static ip address.
Reading the doc/proxy file, i read that the user file is processed as usual
after accept is received ms radius server.
users :
DE
Hi !
See post_proxy_authorize in proxy.conf.
Yes, "post_proxy_authorize = yes" was the solution and some hacking in the
user file.
See also "postproxy_users", which is I think what you want.
This file/function "postproxy_users" wasn't documented, maybe someone can do
that for the 1.
Hi !
Upgrading from 1.1.1 to 1.1.2 and now I get this error message :
Thu Jun 1 12:26:22 2006 : Info: rlm_eap_tls: Loading the certificate file
as a chain
Thu Jun 1 12:26:22 2006 : Error: rlm_eap: SSL error error:02001002:system
library:fopen:No such file or directory
Thu Jun 1 12:26:22 20
Hi !
Can anybody give me a hint on how to configure the eap.conf file when
I have a certificate signed by thawte.com (21-Day Free SSL Trial
Certificate) ?
Read somewhere that I have to convert the certificate from DER to PEM, but
trying to use this cammand fails :
openssl x509 -in somecertif
Hi !
You also need to specify "-outform PEM".
# openssl x509 -in somecertificate.cer -inform DER -out somecertificate.pem
-outform PEM
unable to load certificate
88876:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypt
Hi !
Are you sure your certificate isn't already in PEM format?
How can I verify which format the certificate is in ?
# openssl x509 -in somecertificate.cer -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
69:4c:8a:74:b7:45:cd:7f:cd:47:71:b8:c0:f2:60:6a
Hello !
By default, OpenSSL uses PEM format, so if you didn't specify a
certificate format of DER, then its a PEM encoded cert. If you look at
the cert in a text viewer/editor, you'll see lines that have "--- BEGIN
CERTIFICATE---" and "---END CERTIFICATE---" if its PEM encoded.
The certif
12 matches
Mail list logo