ch that has been committed in the 2.1.x branch (I
think) post release regarding EAP-SIM. Without it, it will not work.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 06/11/12 10:55, Yann R. Moupinda wrote:
Hi guys,
for my thesis i need to realize a EAP-SIM Authentication testbed. I'm
using a Nokia E52 with EAP-SIM, a MIKROTIK router as access point and
FreeRADIUS 2.1.10 as Radius server. I have added the necessary commands
Upgrade. Some fixes fo
Hi guys,
for my thesis i need to realize a EAP-SIM Authentication testbed. I'm using a
Nokia E52 with EAP-SIM, a MIKROTIK router as access point and FreeRADIUS 2.1.10
as Radius server. I have added the necessary commands in the clients.conf,
radiusd.conf, eap.conf and default files in
uests.
Thank you,
Darren
ECPI Western Broadband
-Original Message-
Date: Wed, 31 Oct 2012 21:32:00 +
From: Matthew Newton
To: FreeRadius users mailing list
Subject: Re: rlm_eap_ttls: Cannot tunnel EAP-Type/ttls inside of TTLS
Message-ID: <20121031213200.gd6...@rootmail.cc.
) from
EAP-MSCHAPv2” error mesages
Ok.
At the old version freeradius atexactly same configuration clients had
not any problem
The mschap code has had some changes over the years. This might be one
of them.
You can find debug log export at below
This is an incomplete debug. It doesn't
On Wed, Oct 31, 2012 at 03:55:29PM -0500, Darren Shea wrote:
> rlm_eap: Loaded and initialized type tls
> ttls: default_eap_type = "ttls"
> ttls: copy_request_to_tunnel = yes
> ttls: use_tunneled_reply = yes
> rlm_eap_ttls: Cannot tunnel EAP-Type/ttls inside of
looks
like the working system has no problem with tunneling EAP/TTLS through the
TTLS tunnel, but this new system is balking. I've read the documentation and
examined the FAQ, but no luck. Google is shedding no light on this problem
either.
Any suggestions?
Full radiusd -X output on non
Thanks!
On Fri, Oct 26, 2012 at 6:39 PM, Alan DeKok wrote:
> Nandkumar Palkar wrote:
> > What is the attribute used in eap-peap gtc "login attempt with password
> > attribute" (i.e. Challenge = "Password: ")?
>
> Reply-Message
>
> Alan De
Nandkumar Palkar wrote:
> What is the attribute used in eap-peap gtc "login attempt with password
> attribute" (i.e. Challenge = "Password: ")?
Reply-Message
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
What is the attribute used in eap-peap gtc "login attempt with password
attribute" (i.e. Challenge = "Password: ")?
Thanks,
Nand.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 10/22/2012 10:32 AM, Prateek Kumar wrote:
rlm_eap: SSL error error:06074079:digital envelope
routines:EVP_PBE_CipherInit:unknown pbe algorithm
rlm_eap_tls: Error reading private key file /etc/raddb/certs/private.pem
Just in case it helps to understand what the error message is attempting
t
So I have to compile freeradius with new openssl version else use old
openssl for creating certificates. Also will I have to change random & dh
file every time I change the server.pem & ca.pem. Thanks for your inputs.
Regards,
Prateek
-
List info/subscribe/unsubscribe? See http://www.freeradius.o
Hi,
> I have freeradius server ( ver. 2.1.10 ) compiled
>with openssl-0.9.8l. Now by method given in raddb/certs I created the
>certificates on a machine having OpenSSL 1.0.0e.
new OpenSSL and old OpenSSL may have issues with things like this - depending
on the settings of that
.pem & private.pem ( which is copy of server.pem
> ) certificates under raddb/certs and then starting the radius server I got
> this error just after eap module. Is this due to different openssl versions?
Most likely so.
--
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
and then starting the radius server I got
this error just after eap module. Is this due to different openssl versions?
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /etc/raddb/eap.conf
eap {
default_eap_type = "md5"
2012/06/04 15:52:41:686525 :rlm_eap_tls: <<< TLS 1.0
Alert [length 0002], fatal unknown_ca
This means WiMAX supplicant sends TLS Alert message. This is because
supplicant do not trust CA that have issued AAA server certificate.
CA certificate of the CA that have issued AAA server certific
Hi...
just check the mail with subject: *"generating ssl certs in debian squeeze"*
, it may help
Thank You
On 20 October 2012 18:42, Alan DeKok wrote:
> Rathod Subhashchandra wrote:
> > This issue is coming consistently for multiple clients during Network
> Entry.
>
> So read the debug log.
Rathod Subhashchandra wrote:
> This issue is coming consistently for multiple clients during Network Entry.
So read the debug log. It isn't hard.
> 2012/06/04 15:52:41:686559 : TLS_accept:failed in
> SSLv3 read client certificate A
> 2012/06/04 15:52:41:686579 : rlm_eap: SSL error
> err
Dear All,
I am using EAP-TTLS authentication mechanism for between WiMAX client and AAA
on Linux environment
During EAP negotiation phase following steps are successfully completed.
1. Identity exchange
2. Server/Client EAP-TTLS start
3. Client
Phil Mayers schrieb:
Is it possible your wireless networking equipment is mangling the
hostnames? Which vendor are you using?
Mhh, I can check that again, it's an old Linksys-AP. I'll see if that
happens also with the other more professional hardware we have.
Have you verified that you really
On 12/10/12 13:59, Alexandros Gougousoudis wrote:
Hi David,
David Mitton schrieb:
If the OP is observing such behavior, he needs to figure out why (what
turned it on, is it consistent or the same for all users) and work
with that.
It is consistent for all machines in the network. To figure ou
On 12/10/12 13:48, David Mitton wrote:
The behavior _is_ configurable, but as you have observed for your
particular network, the default is not to attempt machine auth. It is
configurable on a per-network connection basis, I'm getting fuzzy on if
it's adapter or SSID based.
No, you've misunde
Hi David,
David Mitton schrieb:
If the OP is observing such behavior, he needs to figure out why (what
turned it on, is it consistent or the same for all users) and work
with that.
It is consistent for all machines in the network. To figure out why this
happend, is exactly what I want to do.
The behavior _is_ configurable, but as you have observed for your
particular network, the default is not to attempt machine auth. It
is configurable on a per-network connection basis, I'm getting fuzzy
on if it's adapter or SSID based.
If the OP is observing such behavior, he needs to fig
e. Maybe because we're running
on a NT4-Sambadomain and are not using a AD? Since XP SP3 we establish a
machine-auth via exporting, textediting and importing the profile-xml of
the specific LAN-interface, we're authenticating using EAP-TLS, CN of
the cert is the . Machine-auth via WLAN
On 10/12/2012 09:59 AM, Alexandros Gougousoudis wrote:
Hi Phil,
Phil Mayers schrieb:
I don't understand - you're saying that, for windows clients:
1. On wi-fi they send host/name.domain.com
2. On LAN, then send... something else?
Are you sure? We don't see that.
Exactly. On wifi they send
Hi,
> Phil Mayers schrieb:
> >I don't understand - you're saying that, for windows clients:
> >
> > 1. On wi-fi they send host/name.domain.com
> > 2. On LAN, then send... something else?
> >
> >Are you sure? We don't see that.
i agree
> Exactly. On wifi they send
>
>
>
> on LAN they send:
>
On 10/12/2012 09:55 AM, Alexandros Gougousoudis wrote:
Hi Alan,
Alan DeKok schrieb:
Freeradius. Using Linux I can send whatever I want as the loginname.
If you know you can change the client, than change the client.
This is exactly what I want to do! Change the loginname, the clients
send
Hi Phil,
Phil Mayers schrieb:
I don't understand - you're saying that, for windows clients:
1. On wi-fi they send host/name.domain.com
2. On LAN, then send... something else?
Are you sure? We don't see that.
Exactly. On wifi they send
on LAN they send:
host/
is the Windowshostname fr
Hi Alan,
Alan DeKok schrieb:
Freeradius. Using Linux I can send whatever I want as the loginname.
If you know you can change the client, than change the client.
This is exactly what I want to do! Change the loginname, the clients
sends to the Authenticater. It's a Windows 802.1x q
authorize {...}
++[preprocess] returns ok
[eap] No EAP-Message, not doing EA
++[eap] returns noop
[sql_auth] expand: %{User-Name} -> alan@test.fr
[sql_auth] sql_set_user escaped user --> 'alan@test.fr'
rlm_sql (sql_auth): Reserving sql socket id: 4
[sql_auth] expand: SELECT u
Alexandros Gougousoudis wrote:
> That's not clear. Why would that break EAP if the workstations are
> sending a different Login?
You said you wanted to add a string to hostname. Don't do that.
Editing it in FreeRADIUS will break things.
> It already does, depending on LAN
On 11/10/12 12:43, Alexandros Gougousoudis wrote:
Hi,
we're using FR 2.0 for our machine authentication for XP to Win7 with
EAP-TLS. Everything is working so far, but I noticed a difference
between authenticating via WLAN and LAN, which starts to be a problem
for us now. If I make a aut
e user login.
On an hardwired ethernet connection that happens in the background at boot.
On a dynamic connection like Wi-Fi that is an option, if the EAP
supplicant module supports it. (Most did not in the past) The control
for this has mutated between XP and later.
In Vista and Win7 this got
Hi Alan,
thanks for your reply!
Alan DeKok schrieb:
"host/" as a realm for our Radsecproxy, I'd like to change the
behauviour for the authentication via LAN and add a string to the
Don't. You will break EAP.
That's not clear. Why would that break EA
Alexandros Gougousoudis wrote:
> we're using FR 2.0 for our machine authentication for XP to Win7 with
> EAP-TLS. Everything is working so far, but I noticed a difference
> between authenticating via WLAN and LAN, which starts to be a problem
> for us now. If I make a auth via
Hi,
we're using FR 2.0 for our machine authentication for XP to Win7 with
EAP-TLS. Everything is working so far, but I noticed a difference
between authenticating via WLAN and LAN, which starts to be a problem
for us now. If I make a auth via LAN the provided username ist
, if I do i
ICT from the RFCs.
>
> Second, because the retransmits aren't eaten by the duplicate detection,
> they arrive as real packets in the server core, but are rejected because
> the "State" attribute is no longer valid - this is because FR mutates
> "State" on every round-
reason I suspect this is that, if it were genuine packet loss, you'd
expect to see retransmits at all stages of the EAP session. But we
almost exclusive see retransmits in response to a reject (very common)
or an accept (rarely).
In particular, there seem to be some sites where retransmits come
uthenticator are all different, even though all other
> attributes are identical. This is correct behaviour AFAICT from the
> RFCs.
correct.and the EAP session gets really broken
> We're also generating a lot of logging and noise, though that's an
> internal problem.
that
no longer valid - this is because FR mutates
"State" on every round-trip, mixing in the EAP type/id/exchange number.
This latter (being reprocessed) is a problem two ways. The first is that
these retransmits always generate a "reject" due to invalid "State". If
Matthias Nagel wrote:
>> Anyway, first things - check your "eap {}" module config, specifically
>> ensure that max_sessions is high enough to support your load, that
>> timer_expire isn't too low, and if applicable, that your TLS session
>> caching is
On Thu, Oct 04, 2012 at 05:45:30PM +0200, Matthias Nagel wrote:
> WARNING: !! EAP session for state 0xABCDEFGHIJKLMNOP did not finish!
...
> Has anybody an idea what the reason might be?
We see it a lot less since we tweaked the EAP timers on our Cisco
Wireless Controller. You don't s
Hi,
> I found the entry
> # fragment_size = 1024
> to be commented out. Does anybody has experiences with HP E-MSM 430 APs?
> Probably, this is a dummy question: I always believed that the smallest MTU
> that must be supported by an ethernet devices is 1500. Are there really APs
> that support
ou run into timing issues...et voila, plenty of errors and
did not finish errors etc.
ensure your main EAP method is first in the list. use the caching feature so
the clients
dont have to go through the whole 12 trips etc
..and , as Phil says, with wireless you are dealing with the whole PHY issue -
gs of your wireless kit for radio-layer events.
To be honest, the rest of my suggestions are unlikely to help - it's
probably just wifi packet loss. We see this a lot. EAP seems to be
particularly susceptible to being interrupted, because it runs in
lockstep and upper-layer retransmits a
could be normal
> - maybe everyone sees failure rates of that order?
That would be nice, indeed. But if the reason is signal strengh of a WiFi, then
the numbers heavily depend on your WiFi coverage. So it is difficult to compare.
> Anyway, first things - check your "eap {}" module
Matthias Nagel wrote:
> I cannot find any pattern, so I do not believe it to be a client side issue.
It's always an issue with the client, WiFi, or AP. It's not an issue
with FreeRADIUS.
Why? All of the EAP is driven by the client.
> Of course, one can argue to ignore t
know, it could be normal
- maybe everyone sees failure rates of that order?
Anyway, first things - check your "eap {}" module config, specifically
ensure that max_sessions is high enough to support your load, that
timer_expire isn't too low, and if applicable, that your TL
Hello,
sometimes I get the error
WARNING: !! EAP session for state 0xABCDEFGHIJKLMNOP did not finish!
in my log files / debug output. Before anybody says have a look at
http://deployingradius.com/documents/configuration/eap-problems.html
that will help, please read on, because I already have
e this error
> message
> "EAP-PSK : 16 bytes Pre shared key not configured" (refer to
> openpana_client_output file attached to this mail)
That's a client configuration issue..
> I would like to know how to configure the pre-shared key in my server?
You may find it e
On 27/09/12 09:37, alan buxey wrote:
Hi,
I've been hassling people who use it as to which EAP method they
need that's missing. A couple of them have been eap-psk (anyone know
why the sudden interest in that?). I've got a 5000 word assignment
some student project?
Yeah,
Hi,
> I've been hassling people who use it as to which EAP method they
> need that's missing. A couple of them have been eap-psk (anyone know
> why the sudden interest in that?). I've got a 5000 word assignment
some student project?
the current thing that holds int
one of the
people who so desparately needs it can maintain it ;o)
I've been hassling people who use it as to which EAP method they need
that's missing. A couple of them have been eap-psk (anyone know why the
sudden interest in that?). I've got a 5000 word assignment to finish at
the mo
Tatiana DIBANDA wrote:
> Hi,
>
> I implemented the module eap2 to make freeradius with the eap_psk .
> After started the freeradius server (radius_output file attached to this
> mail), i launched my client openpana, the authentication failed and i
> have this error message
>
Hi,
I implemented the module eap2 to make freeradius with the eap_psk . After
started the freeradius server (radius_output file attached to this mail), i
launched my client openpana, the authentication failed and i have this error
message
"EAP-PSK : 16 bytes Preshared key not confi
> Yes, in post-auth.
>
> post-auth {
>update reply {
> ...
>}
> }
Thank you, that's an easy way to set it globally for all users - or I can do
a database dip there if required.
> Generally people will do this kind of thing in the inner-tunnel virtual
> server and set "use_tunneled_
fault config:
# The example below uses module failover to avoid querying all
# of the following modules if the EAP module returns "ok".
# Therefore, your LDAP and/or SQL servers will not be queried
# for the many packets that go back and forth
Hi,
> When a user logs into a wireless AP, I would to include some per-user
> response attributes, in particular Acct-Interim-Interval = 600
yep - so just return that in the post-auth - done by either using an entry
in users file, unlang, perl code etc
alan
-
List info/subscribe/unsubscribe? See
below uses module failover to avoid querying all
# of the following modules if the EAP module returns "ok".
# Therefore, your LDAP and/or SQL servers will not be queried
# for the many packets that go back and forth to set up TTLS
# or PEAP. The load on tho
Hi Iliya/Alan,
I have looked into rlm_eap_sim source and found that is incorrectly
decode AT_IDENTITY attribute. This leads to incorrect AT_MAC attribute
calculation. MAC mismatch detected by supplicant and it refuses to
continue EAP-SIM authentication.
Please try to apply patch I've att
Iliya Peregoudov wrote:
> Hello Francois
>
> I have looked into rlm_eap_sim source and found that is incorrectly
> decode AT_IDENTITY attribute. This leads to incorrect AT_MAC attribute
> calculation. MAC mismatch detected by supplicant and it refuses to
> continue EAP-
Hello Francois
I have looked into rlm_eap_sim source and found that is incorrectly
decode AT_IDENTITY attribute. This leads to incorrect AT_MAC attribute
calculation. MAC mismatch detected by supplicant and it refuses to
continue EAP-SIM authentication.
Please try to apply patch I&#x
I have manually parse EAP messages. EAP Identity and AT_IDENTITY are the
same.
EAP-Message from first Access-Request:
02 Code = 2 (EAP-Response)
00 Identifier = 0
00 38
Well you are probably right, but when providers will start pushing 3G/4G
offload for real (if they ever do), there are not many ways of doing
it... I think :P The reason of those tests on our side is to support
WISPr and/or NewGen hotspots with our product.
That's a big "if"
product.
That's a big "if", IMO.
EAP-SIM would in theory be quite nice for a number of reasons right now,
even without offload. It's a built-in, secure credential.
Unfortunately, as our off-list emails suggests, you can't get easy
access to SIM secrets in the
I am not too familiar with that, so it's hard to comment. I can ask the
MS EAP team if they want to share more. I guess they tested it working
with their own stuff, but never re-tested with other device type. I
believe it's another 3GPP/RFC understanding kind of thing.
Probably.
Francois Gaudreault wrote:
> I am not too familiar with that, so it's hard to comment. I can ask the
> MS EAP team if they want to share more. I guess they tested it working
> with their own stuff, but never re-tested with other device type. I
> believe it's another 3GPP/
, not EAP-Identity
Well, the SIM identity doesn't agree with the EAP-Identity.
The patch went in because Microsoft ran into inter-operability issues.
The SIM identity can change during the protocol exchange. The old way
of always using the EAP-Identity was wrong.
I am not too fam
:57:49 2012 +0100
Try to use identity from SIM protocol, not EAP-Identity
Well, the SIM identity doesn't agree with the EAP-Identity.
The patch went in because Microsoft ran into inter-operability issues.
The SIM identity can change during the protocol exchange. The old way
of a
+0100
>
> Try to use identity from SIM protocol, not EAP-Identity
Well, the SIM identity doesn't agree with the EAP-Identity.
The patch went in because Microsoft ran into inter-operability issues.
The SIM identity can change during the protocol exchange. The old way
of alwa
Hi,
There's only one change to the EAP-SIM code between 2.1.12 and 2.2.0.
I'm a bit surprised that it would do anything.
At this point, a "git bisect" would seem to be the best option.
Ok so I did bisect, and this commit appears to be
Hi,
Don't know then. The client is sending the reject - it doesn't like
something the server is sending it. Clock sync - is the 2.2.0 machine a
different server?
Nope. Simple yum remove / install.
Beyond that I'm only passing familiar with EAP-SIM, so would be guessing
I&#x
On 12/09/12 16:00, Francois Gaudreault wrote:
Hi,
No idea; I'm not familiar with EAP-SIM. But the EAP-Message seemed
obviously too short for that stage of a challenge/response auth, so I
glanced at the RFC for the encoding.
Maybe you've got a permissions problem on whatever datasto
Francois Gaudreault wrote:
> Here is the trace with the same client as 2.1.12, but on 2.2.0. The last
> trace we had was indeed with another SIM.
There's only one change to the EAP-SIM code between 2.1.12 and 2.2.0.
I'm a bit surprised that it would do anything.
At this poin
Hi,
No idea; I'm not familiar with EAP-SIM. But the EAP-Message seemed
obviously too short for that stage of a challenge/response auth, so I
glanced at the RFC for the encoding.
Maybe you've got a permissions problem on whatever datastore the SIM
secrets are in?
Nope, I even trie
On 12/09/12 14:32, Francois Gaudreault wrote:
Hi again,
This is your problem. This is an EAP-AKA/SIM "Client error" packet.
02 - eap response
f7 - ID
000c - length
12 - EAP-SIM
0e - subtype 14 - client error
1601 - client error junk
Hmmm interesting. But how can it be
On 12/09/12 14:14, Francois Gaudreault wrote:
Hmmm interesting. But how can it be working on 2.1.12 with the exact
same client and config? Maybe I can retry with 2.2.0 and see if I still
get this error on multiple retries. I'll get back to you.
No idea; I'm not familiar with EA
Hi again,
This is your problem. This is an EAP-AKA/SIM "Client error" packet.
02 - eap response
f7 - ID
000c - length
12 - EAP-SIM
0e - subtype 14 - client error
1601 - client error junk
Hmmm interesting. But how can it be working on 2.1.12 with the exact
same client
ramed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "50-A7-33-31-CF-B8"
Connect-Info = "CONNECT 802.11g"
EAP-Message = 0x02f7000c120e00001601
This is your problem. This is an EAP-AKA/SIM "Client error" packet.
02 - eap response
ot;
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "50-A7-33-31-CF-B8"
Connect-Info = "CONNECT 802.11g"
EAP-Message = 0x02f7000c120e00001601
This is your problem. This is an EAP-AKA/SIM "Client
On 12 Sep 2012, at 13:12, Francois Gaudreault wrote:
> Hi,
>
>>
>> That's not nice. The module should return some kind of message.
> If you say so :P
>
>>
>> This looks like an issue for digging into the code.
> Ok. Let me know if you need me to test anything, I will be glad to do so :
Hi,
That's not nice. The module should return some kind of message.
If you say so :P
This looks like an issue for digging into the code.
Ok. Let me know if you need me to test anything, I will be glad to do so :)
Thanks!
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca ::
Le 12/09/2012 13:03, Arran Cudbard-Bell a écrit :
On 12 Sep 2012, at 11:43, BILLOT wrote:
Like any other module in the server, you instantiate multiple instances and
reference them in the different virtual servers.
eap {
}
Ok i did it but when trying to use instances, i get
Found Auth
On 12/09/12 11:43, BILLOT wrote:
Like any other module in the server, you instantiate multiple
instances and reference them in the different virtual servers.
eap {
}
Ok i did it but when trying to use instances, i get
Found Auth-Type = EAP
WARNING: Unknown value specified for Auth-Type
On 12 Sep 2012, at 11:43, BILLOT wrote:
>
>> Like any other module in the server, you instantiate multiple instances and
>> reference them in the different virtual servers.
>>
>> eap {
>>
>> }
> Ok i did it but when trying to use instances, i
Like any other module in the server, you instantiate multiple instances and
reference them in the different virtual servers.
eap {
}
Ok i did it but when trying to use instances, i get
Found Auth-Type = EAP
WARNING: Unknown value specified for Auth-Type. Cannot perform
requested
On 12 Sep 2012, at 10:59, BILLOT wrote:
> Hi,
>
> We have a config with 3 virtual servers, running on a different port.
> Each virtual server must have a particular config (different LDAP server,
> different SQL server). However, each one uses EAP auth and so the
> inn
Hi,
We have a config with 3 virtual servers, running on a different port.
Each virtual server must have a particular config (different LDAP
server, different SQL server). However, each one uses EAP auth and so
the inner-tunnel which is unique.
Thus in the inner-tunnel config, default modules
Francois Gaudreault wrote:
> [eap] processing type sim
> [eap] Handler failed in EAP/sim
> [eap] Failed in EAP select
That's not nice. The module should return some kind of message.
This looks like an issue for digging into the code.
Alan DeKok.
-
List info/subscribe/un
Hi,
On 2012-09-11 4:05 PM, Phil Mayers wrote:
On 09/11/2012 07:49 PM, Francois Gaudreault wrote:
Hi,
I am playing with EAP-SIM on 2.2.0, but I am facing an issue I cannot
even understand :S Not because I don't want to, but the error messages
are not talking much.
I did compute SRES/K
On 09/11/2012 07:49 PM, Francois Gaudreault wrote:
Hi,
I am playing with EAP-SIM on 2.2.0, but I am facing an issue I cannot
even understand :S Not because I don't want to, but the error messages
are not talking much.
I did compute SRES/Kc for my SIM, but after the third triplet, I just
Hi,
I am playing with EAP-SIM on 2.2.0, but I am facing an issue I cannot
even understand :S Not because I don't want to, but the error messages
are not talking much.
I did compute SRES/Kc for my SIM, but after the third triplet, I just have:
rlm_perl: Added pair EAP-Sim-
c
than "Re: Contents of Freeradius-Devel digest..."
Today's Topics:
1. Re: Freeradius 2.1.12 with EAP-FAST compilation issues (Swaraj)
--
Message: 1
Date: Thu, 06 Sep 2012 15:53:26 +0530
From
Hi All,
I was using freeradius-server 2.1.12 without any issues till now, but
now i wanted to use EAP-FAST in freeradius server. So i started
compiling rlm_eap2 module, but i got lot of errors releated to
libeap.so. Some how i fixed all issues related to liaeap.so with
hostapd. Currently
ld.ma@lists.freeradius.org
[mailto:freeradius-users-bounces+tomc=westfield.ma@lists.freeradius.org] On
Behalf Of Alan DeKok
Sent: Sunday, September 02, 2012 2:52 AM
To: FreeRadius users mailing list
Subject: Re: Apple clients suddenly can't authenticate to EAP-MSCHAPV2
Casartello, Thomas wrote:
> Hav
I don’t understand it, if the request comes from the working controller, it
configures the EAP session and sends the normal Access Challenges back, but it
comes from the others it sends back the empty one.
-Original Message-
From: freeradius-users-bounces+tomc=westfield.ma
From: freeradius-users-bounces+tomc=westfield.ma@lists.freeradius.org
[mailto:freeradius-users-bounces+tomc=westfield.ma@lists.freeradius.org] On
Behalf Of Alan DeKok
Sent: Sunday, September 02, 2012 2:52 AM
To: FreeRadius users mailing list
Subject: Re: Apple clients suddenly can't
en this is going on and why its only affecting Apple IOS
> devices and iMacs so far. Here’s an example output. This simply loops
> over and over again:
Well..
> rad_recv: Access-Request packet from host 172.20.9.253 port 32769,
> id=63, length=228
...
> EAP-Message = 0x02
0085042b3cc"
NAS-IP-Address = 172.20.9.253
NAS-Identifier = "diller-wism-b"
Airespace-Wlan-Id = 4
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-
401 - 500 of 6137 matches
Mail list logo
