Thanks. Spent far too long looking at my certificates :) Just needed
to give samba/winbind a restart.
J
On Thu, Nov 8, 2012 at 2:05 PM, Phil Mayers wrote:
> On 11/08/2012 06:45 PM, Jordan Dohms wrote:
>
>> EAP-MSCHAPV2: Invalid authenticator response in success request
>
>
> This suggests the
On 11/08/2012 06:45 PM, Jordan Dohms wrote:
EAP-MSCHAPV2: Invalid authenticator response in success request
This suggests the problem isn't certs, since you're inside the PEAP
tunnel at this point.
Check that samba/winbind are working ok, patched to the same level, etc.
- it looks like the
Hey,
I need a bit of assistance. Brief summary: I have two RADIUS servers
connected to different Active Directory domains. I got through the
basic setup, EAP-PEAP / MSCHAP were working successfully
authenticating against both domains.
Then:
- I upgraded freeradius on both from 2.1.10 to 2.2.0.
bmano wrote:
> Hello,
>
> I am trying to Implement EAP-ttls and MSCHAP(V2).
> I tried all the forums to solutions.
>
> I am getting the following error.
>
> [mschapv2] +- entering group MS-CHAP {...}
> [mschap] No Cleartext-Password configured. Cannot create LM-Password.
> [mschap] No Cleartex
This:
WARNING: Found User-Password == "...".
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See "man rlm_pap" for more information.
[files] users: Matched entry DEFAULT at line 2
++[files] returns ok
Causes this:
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Clear
+jake.sallee=umhb@lists.freeradius.o
rg] On Behalf Of bmano
Sent: Monday, October 04, 2010 11:57 PM
To: freeradius-users@lists.freeradius.org
Subject: EAP-MSCHAP-V2 - [mschap] FAILED: No NT/LM-Password. Cannot
performauthentication.
Hello,
I am trying to Implement EAP-ttls and MSCHAP(V2).
I tried all
p] Told to do MS-CHAPv2 for john with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
} # server
[ttls] Got tunnele
On 06/02/2010 12:03 PM, Maciej Drobniuch wrote:
I'm not using ldap(and i've never used before) so try to find some
where the variable User-Password and replace it with
ClearText-Password.
This has been answered multiple times on this list (including recently).
Try searching the archives.
2
I'm not using ldap(and i've never used before) so try to find some
where the variable User-Password and replace it with
ClearText-Password.
2010/6/2 Andras Dosztal :
> I'm using LDAP with an eDirectory backend.
>
> On Wed, 02 Jun 2010 16:26:19 +0200, Maciej Drobniuch
> wrote:
>
>> If you are usin
I'm using LDAP with an eDirectory backend.
On Wed, 02 Jun 2010 16:26:19 +0200, Maciej Drobniuch
wrote:
If you are using users file, you have it located there.
exp:
"testuser" Cleartext-Password := "test123"
2010/6/2 Andras Dosztal :
Sorry for the dumb question, but where can I configu
If you are using users file, you have it located there.
exp:
"testuser" Cleartext-Password := "test123"
2010/6/2 Andras Dosztal :
> Sorry for the dumb question, but where can I configure that?
>
>
> On Wed, 02 Jun 2010 13:34:29 +0200, Maciej Drobniuch
> wrote:
>
>> In freeradius 2.x use Clear
Sorry for the dumb question, but where can I configure that?
On Wed, 02 Jun 2010 13:34:29 +0200, Maciej Drobniuch
wrote:
In freeradius 2.x use ClearText-Password instead of User-Password!
2010/6/2 Andras Dosztal :
I've upgraded to 2.1.8, but now I can't even authenticate with the
pop-up
In freeradius 2.x use ClearText-Password instead of User-Password!
2010/6/2 Andras Dosztal :
> I've upgraded to 2.1.8, but now I can't even authenticate with the pop-up
> box.
> Debug output: http://pastebin.ca/1875922
>
> Regards,
> Andras
>
>
> On Wed, 02 Jun 2010 12:35:11 +0200, Maciej Drobniuc
I've upgraded to 2.1.8, but now I can't even authenticate with the pop-up
box.
Debug output: http://pastebin.ca/1875922
Regards,
Andras
On Wed, 02 Jun 2010 12:35:11 +0200, Maciej Drobniuch
wrote:
Switch to the newsiest freeradius version. Maybe it will help.
2010/6/2 Andras Dosztal :
Switch to the newsiest freeradius version. Maybe it will help.
2010/6/2 Andras Dosztal :
> Hi,
>
> I've configured FreeRADIUS (version 1.1.7, supplied with SLES10) to
> authenticate from Novell eDirectory with LDAP. The problem is that I can't
> connect to the network when I check the "Automatical
Hi,
I've configured FreeRADIUS (version 1.1.7, supplied with SLES10) to
authenticate from Novell eDirectory with LDAP. The problem is that I can't
connect to the network when I check the "Automatically use my Windows
logon name and password" on a WinXP client's PEAP properties. This is the
This incorrect password issue was solved once the proper server
certificate was used by FreeRADIUS' EAP.conf file.
Thanks for all you help!
Marc
Solution to get correct cert to work with Windows XP SP2 supplicant:
1) From Linux box:
>openssl genrsa -des3 -out server1.key 2048
You will be promp
Hi, it looks like I used a certificate with the wrong OID. I used a
cert minted with their "SubCA" template which doesn't have the (OID
1.3.6.1.5.5.7.3.1).
In "playing" with the Microsoft CA on Windows 2003 server, I've found
that the Certificate made using the "Web Server" template is the one
r
Hi.
[EMAIL PROTECTED] wrote:
> either use your current tool but include the XP extensions as required,
Just to be precise. The named extensions are PKIX extensions for serverAuth
(OID 1.3.6.1.5.5.7.3.1) (at the RADIUS server) and clientAuth (OID
1.3.6.1.5.5.7.3.2) (for EAP-TLS on the supplicant).
CONF was
> modified accordingly and RADIUSD is happy. I am still able to
> authenticate with no problems with 802.1x PEAP (EAP-MSCHAP V2) when
> using Cisco's ADU configuration tool. Still have problems when using
> the Windows XP supplicant.
>
> In trying to authenticate with
Hi,
> If someone could give me the quickest and easiest way to creating a
> root certificate that's works with Windows XP, that would be great.
either use your current tool but include the XP extensions as required,
or use the 1.1.6 FreeRADIUS source code - to simply use the script in
that to gen
Ok, that's what I thought (about the root Certificate not being pleasing
to XP).
FYI: I'm using a version of Linux by Novell called SLES (SUSE Linux
Enterprise Server) version 9 Service Pack 3 and the FreeRADIUS is from
Novell's Web site (freeradius-1.0.2-0.i586.rpm,
freeradius-devel-1.0.2-0.i5
hi,
rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal access_denied
TLS Alert read:fatal:access denied
rlm_eap_peap: No data inside of the tunnel.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
okay. so thats the main issue. were your certificates generated with
the XP exten
PoWah Wong <[EMAIL PROTECTED]> wrote:
> rlm_eap: EAP-NAK asked for EAP-Type/peap
> rlm_eap: No such EAP type peap
Did you try reading eap.conf, and configuring PEAP?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"users" file is changed to:
testAuth-Type = Local, User-Password := "testing"
However, still has problem.
Debug output is:
rad_recv: Access-Request packet from host
127.0.0.1:52001, id=42, length=149
Framed-MTU = 1380
NAS-IP-Address = 0.0.0.0
NAS-Identifier = "wifictrl
PoWah Wong <[EMAIL PROTECTED]> wrote:
> I configure /etc/raddb/users as follows:
> testAuth-Type := Local, User-Password == "testing"
That should be
testAuth-Type = Local, User-Password := "testing"
See the "man" page for the "users" file, and other posts to this list.
Alan DeKok.
quest list ---
Cleaning up request 0 ID 40 with timestamp 43d4f7e2
Nothing to do. Sleeping until we see a request.
--- [EMAIL PROTECTED] wrote:
> Hi,
>
> > My freeradius client is a windows XP SP2 computer
> > running 802.11 WPA, TKIP, PEAP, EAP-MSCHAP v2 and
> > trying to conn
Hi,
> My freeradius client is a windows XP SP2 computer
> running 802.11 WPA, TKIP, PEAP, EAP-MSCHAP v2 and
> trying to connect to the linux Fedora Core 2 wireless
> server.
>
> I run the freeradius server in debugging mode
> # radiusd -sfxxyz -l stdou
My freeradius client is a windows XP SP2 computer
running 802.11 WPA, TKIP, PEAP, EAP-MSCHAP v2 and
trying to connect to the linux Fedora Core 2 wireless
server.
I run the freeradius server in debugging mode
# radiusd -sfxxyz -l stdout
This is the output.
How to fix this problem?
rad_recv
On Mon, Jan 17, 2005 at 07:01:22PM +0100, [EMAIL PROTECTED] wrote:
> Ok, summary:
> 1. EAP on Solaris fails, EAP on Linux works.
> 2. Version problems with freeradius can be excluded, can we ?
Try the current 1.0.2 snapshot from the CVS release_1_0 tree.
This could be a bigendian/64 bit issue wit
Sorry for the long subject :-)
Have spent a few days on this setup and learned a lot from your mailinglist
(thank you, Alan and everybody else) but I think there is a problem not
covered, yet, between Solaris and Linux compiled code (?). Long story:
We set up the following:
WLAN and/or Cable Cli
Hi Again,
Sorry it was my mistake and i changed the the eap.conf
file back (the brackets were messed up actually) and
now it is working fine.
Thanks for your help. I found this mailing list to be
very useful.
Regards
//khurram
--- Alan DeKok <[EMAIL PROTECTED]> wrote:
> Khurram Jahangir <[EMA
Khurram Jahangir <[EMAIL PROTECTED]> wrote:
> I still did not change the eap.conf file as I am not
> sure where exactly to add "default_eap_type = peap".
Uh, no. I told you what was wrong, and how to fix it.
> As you suggested in your last message, I should do
> "peap" and "mschapv2" inside of
Hi Alan,
Thanks alot for your reply. I really appreciate that
and it was a great help for me. I took off the
Auth-Type := MS-CHAP from the user bob and also
changed the configuration in the HP switch (aaa
authentication port-access eap-radius).
I think I have moved now one step further as I am n
Khurram Jahangir <[EMAIL PROTECTED]> wrote:
> I am a new user on this mailing list and I am facing
> some problems while trying to use PEAP and freeradius.
Ok...
> modcall: entering group Auth-Type for request 8
> rlm_mschap: No MS-CHAP-Challenge in the request
You set "Auth-Type := MS-CHA
)
as the EAP type and I also have enabled the root
certificate authority. I have chosen Secured password
(EAP-MSCHAP v2) as the authentication method.
My setup worked fine for EAP-TLS and the certificates
and for MD5 Challange (CHAP).
Below is the debug output of the freeradius with
"default_ea
Hi I hope you can help me.
I got a software which uses EAP-MSCHAPv2 to authenticate against freeradius
and
I wonder what to do in a special situation: The Radius sends a success
packet with the authenticator response to the peer and the peer thinks that
the response is invalid, should the peer send
37 matches
Mail list logo
