John Dennis wrote:
>
> [snip]
> Did you edit your eap.conf file to point to radius2.pem? Did you set
> your private_key_password in eap.conf to match $PASSWORD_CA used above?
> BTW, don't use the same password as in the example ;-)
>
> Did you verify the certs as suggested above?
>
> Saying
sphaero wrote:
>
> Hi all,
>
> Thanks for these clarifications. So to clear this up I know have one
> machine to generate the certificates. This machine had it's CA setup
> according to instructions found in the certs/README distributed with FR 2.
>
> Certificat
> Plus it'll allow you to revoke certificates later if need be
>
>
> Regards,
> Matt Harlum
>
> On 24/03/2010, at 11:30 PM, John Dennis wrote:
>
>> On 03/24/2010 06:21 AM, sphaero wrote:
>>>
>>> Hi All,
>>>
>>> I've been
Matt Harlum wrote:
>
> Hi,
>
> is it possible that make server generated a new CA etc?
>
> I'd recommend making a copy of the current CA cert on each machine and
> doing a diff
>
> Regards,
> Matt Harlum
>
> [snip]
>
>
You're absolutely right. I did a md5sum on the CA.pem on the productio
Hi All,
I've been searching the archives for a while on some guidance into setting
up multiple radius servers using the same CA for use with EAP/TTLS.
I've generated a CA which is distributed to all the clients (i.e. SecureW2).
I've got 2 radius servers for redundancy. All NAS devices have two r
Am I overlooking something? How do you edit the wiki. I can't find a way to
register an account to edit wiki pages.
I was about to add some comments about the rlm_sql_iodb driver since
everybody need to know the driver looks for the DSN in radius_db config
option and not in the server configurat
A workaround for the Makefile would be to add:
CA_DEF_DAYS = `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'
to the Makefile and change line 55:
ca.key ca.pem: ca.cnf
openssl req -new -x509 -keyout ca.key -out ca.pem -days
$(CA_DEF_DAYS) -config ./ca.cnf
This has worked for me. I've
Alan DeKok-2 wrote:
>
> sphaero wrote:
>> I was just wondering why the Makefile in freeradius 2.0 for creating
>> certificates only produces a CA which is valid for 1 month. I don't
>> reckon
>> that's handy for production use.
>
> They are &qu
Hi,
I was just wondering why the Makefile in freeradius 2.0 for creating
certificates only produces a CA which is valid for 1 month. I don't reckon
that's handy for production use.
Is there any particular reason? Changing the ca.cnf file doesn't change it?
Adding "-days 3650" to the Makefile he
Alan DeKok-2 wrote:
>
>
> List "pap" *inside* of the Autz-Type blocks, *after* your SQL modules.
>
>> This is all done on freeradius 1.1.6 (OSS 10.3)
>
> Ugh. 2.0 is much better.
>
> Alan DeKok.
>
Thanks for that Alan, that does work as well. However I still don'y know why
freeradi
In a previous post "PAP what password encryption is used?" I managed to get
authentication working with a msssql backend however I need to force
Auth-Type := PAP. I read it's bad practice to force the Auth-Type so I was
wondering what I could do to let freeradius figure the authentication
itself.
Oh forgot to tell to add the custom configs to radiusd.conf. So these custom
file should be
- near the ldap section
- in the authorize {} section
- in the authenticate {} section
respectively
:/etc/raddb # grep -n custom- radiusd.conf
720:$INCLUDE ${confdir}/custom-mods.conf
1856:$INCLUDE ${confd
Ok,
To finalise for the archive:
In the freeradius config directory I create the following 3 files:
custom-mods.conf, custom-autz.conf, custom-auth.conf
custommods.conf:
ldap bla1 {
server = "10.48.65.1"
port = 636
basedn = "o=bla1"
filter = "(cn=%{Stripped-User-N
Stefan Winter-4 wrote:
>
>
> Well, if you have LOCAL for *every* realm, my suggestion would be not
> not call any realm module at all. Then the proxy.conf file is ignored
> and you can leave it untouched.
>
> Then, obviously using Realm == test.com in the users file should be
> replaced. Y
I'm setting up a new freeradius setup using many different authorization
modules. Mostly ldap and sql modules. For authentication I'm hoping to use
the default and as few custom as possible but I have to use some of the ldap
backends for authentication as well. (simple bind)
I wonder what are the
Nicolas Goutte-2 wrote:
>
> PAP needs cleartext passwords
>
> See: http://en.wikipedia.org/wiki/Password_authentication_protocol
>
>
Yes, I know. But in order to match the cleartext password to the encrypted
password in the database it needs to know what encryption is used.
Rg,
Arnaud Lo
It seems it is SHA. I found in the output that freeradius couldn't determine
the Auth-Type so rejected the user:
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
I've forced PAP by setting it in the users file for the realm:
DEFAULT Realm == "bla.
Hello,
I've been asked to setup freeradius to talk to a SQL Server database which
contains users and passwords. This was not so much of a pain but I can't
figure what password encryption is used. So I had hoped somebody with some
more password encryption experience could shine a light here :)
In
18 matches
Mail list logo
