Hi I have set up Free Radius to allows users to set up certificates on their
notebook and get access to the Internet.
When i set EAP i cant sem to allow monowall captiv portal users to login to
the RADIUS Server.
Is there any settings to be done in users.conf file or radiusd .conf file to
allow
Hi
I've test EAP/TLS authentication with freeradius
wich work well. But it seems to work as well when username (same name as
installed certificate on PC mobile) is removed on users.conf file, ie. EAP
authentication still Ok for this certificate removed on users.conf.
Someone has
Hi
What is the advantage of using EAP authentication ( in which a challenge
reponse is associated ) in a RADIUS client.
Is this mode of authentication more secure than a ordinary PAP
authentication ? If yes, please tell me on how EAP is more secure than
PAP.
Regards,
Barath Kumar.
-
List
radiusd -X. Send the debug of the monowall request.
Ivan Kalik
Kalik Informatika ISP
Dana 3/4/2008, "Devinder Singh" <[EMAIL PROTECTED]> piše:
>Hi I have set up Free Radius to allows users to set up certificates on their
>notebook and get access to the Internet.
>
>When i set EAP i cant sem to
I guesss i need to use VLAN methods and two SSID
On 03/04/2008, Ivan Kalik <[EMAIL PROTECTED]> wrote:
>
> radiusd -X. Send the debug of the monowall request.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 3/4/2008, "Devinder Singh" <[EMAIL PROTECTED]> piše:
>
> >Hi I have set up Free Radius to
Hi Ivan Kalik
When i set EAP turned on using 802.1x authentication i dont sem to get users
authenticated to the RADIUS Raccheck account table.
How do i enable EAP using 802.1x and allow users to get authenticated to the
RADIUS Server radcheck table which has the user name and login details
Thank
Which EAP? TLS, PEAP, something else? Have you uncommented sql in
authorize section? Debug would help.
Ivan Kalik
Kalik Informatika ISP
Dana 4/4/2008, "Devinder Singh" <[EMAIL PROTECTED]> piše:
>Hi Ivan Kalik
>
>When i set EAP turned on using 802.1x authentication i dont sem to get users
>authe
Hi Ivan
Im using EAP-TLS authentication.
Could you tell me the sql configuration to allow EAP-TLS to read radcheck
table instead of users.conf file
Thanks
-Devinder
On 04/04/2008, Ivan Kalik <[EMAIL PROTECTED]> wrote:
>
> Which EAP? TLS, PEAP, something else? Have you uncommented sql in
> au
radcheck? EAP-TLS is certificate based authentication. What is it reading
from users file? Reply attributes? They should be in radreply table.
This would be so much easier if you would provide relevant information:
user file entry that you want to store in sql; sql data for that user;
radiusd -X o
Hi Ivan,
Before i enabled EAP authentication radius reads the users name and password
from radcheck table. When i enabled EAP it only read the users.conf file.
I want it to read the radcheck table which has the usernames and password
for EAP authentication. I have generated the Certs and they
I want to authenticate users through using EAP authentication. I managed to
generate the client and root certs from Free Radius.
I have installed the client sert in my notebook. and managed to get
authenticated via AP to Radius.
But i cant seem to find them in the Free Radius accounting database
Can anyone tell me what I'm doing wrong here?
trying to auth. a wireless user with freeradius. I'm not sure if the
mistake is in the certificates of the radius config.
authebtication process gets stuck in "attempting to authenticate"
EAP-Message = 0x064d5a2d6166740e00
Message
Hi
I am working my university thesis using Freeradius. Its about WLAN Roaming.
We want to reduce the messages that are sent during an EAP authentication
between the foreign and home server( so we use proxy ). No matter how i
have searched i cannt find an rfc describing the sequence of messages
"Jacques VUVANT" <[EMAIL PROTECTED]> wrote:
> I've test EAP/TLS authentication with freeradius wich work well. But it
> seems to work as well when username (same name as installed certificate
> on PC mobile) is removed on users.conf file, ie. EAP authentication
&
Hello everyone, I am installing a RADIUS server on a ubuntu server with
freeradius. All tests are working properly except when I try to connect
through an access point. This is the debug that I get:
rad_recv: Access-Request packet from host 192.168.1.1 port 1084, id=1,
length=206
Message-Authentic
Hi,
I plan to implement simultaneous MAC+EAP authentication for my wireless
users. From my observation, Freeradius can only do either MAC or EAP but not
MAC and EAP authentication. Can somebody gives me some hints on how to do
that?
Thanks.
-
List info/subscribe/unsubscribe? See http
and
username are transmitted cleartext...
gm...
- Original Message -
From: "Barath kumar" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, June 15, 2004 6:08 AM
Subject: EAP Authentication
> Hi
>
> What is the advantage of using EAP authen
>I want to authenticate users through using EAP authentication. I managed to
>generate the client and root certs from Free Radius.
>
>I have installed the client sert in my notebook. and managed to get
>authenticated via AP to Radius.
>
>But i cant seem to find them in the F
<[EMAIL PROTECTED]> wrote:
>
> >I want to authenticate users through using EAP authentication. I managed
> to
> >generate the client and root certs from Free Radius.
> >
> >I have installed the client sert in my notebook. and managed to get
> >authenticated v
I have a problem authenticating with Cisco Aironet 1200 access point. I
have valid certificates on my laptop and on Freeradius.
This is the output on AP:
Interface Dot11Radio0, Deauthenticating Station 001e.4c8c.8406 Reason:
Sending station has left the BSS
Interface Dot11Radio0, Station NBD7FB3
Mike Zoeteweij wrote:
> Can anyone tell me what I'm doing wrong here?
Read eap.conf. Look for "Windows". See also the wiki.
> Sending Access-Challenge of id 3 to 192.168.100.5:4855
...
> Waking up in 6 seconds...
> --- Walking the entire request list ---
This *exact* behavior is explained
Hi Freeradius users,
i have FR freeradius-2.2.0-0.fc17.i686 set up on fedora 17 machine. the wimax
clients are supplying EAPttls Mschapv2 for authentication. a few weeks ago, the
configuration was working and authenticating, but it suddenly stopped. the
users are created in the users file and be
"jh vg" <[EMAIL PROTECTED]> wrote:
> I am working my university thesis using Freeradius. Its about WLAN Roaming.
> We want to reduce the messages that are sent during an EAP authentication
> between the foreign and home server( so we use proxy ).
I'm not sure
CTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: Proxied EAP authentication Date: Tue, 16 Nov 2004 17:25:06
-0500
"jh vg" <[EMAIL PROTECTED]> wrote:
> I am working my university thesis using Freeradius. Its about WLAN
Roaming.
> We want to
[mailto:[EMAIL PROTECTED] On
> Behalf Of jh vg
> Sent: 17 November 2004 11:40
> To: [EMAIL PROTECTED]
> Subject: Re: Proxied EAP authentication
>
>
> My thesi is the implementation for a proposed framework of
> "lightweight"
> WLAN Roaming. So we are
"jh vg" <[EMAIL PROTECTED]> wrote:
> My thesi is the implementation for a proposed framework of "lightweight"
> WLAN Roaming. So we are trying to reduce the number of messages so as to
> provide faster roaming. They have given me a diagram with the exchange of
> messages which i must implement.
"Guy Davies" <[EMAIL PROTECTED]> wrote:
> IIUC, FreeRADIUS implements this in the EAP-TLS module that is used by
> EAP-TTLS and PEAP so probably Session Resumption will be supported in
> those EAP types at the minimum.
FreeRADIUS doesn't implement fast reconnect for session resumption.
Alan D
> Hello everyone, I am installing a RADIUS server on a ubuntu server with
> freeradius. All tests are working properly except when I try to connect
> through an access point. This is the debug that I get:
>
> [eap] EAP NAK
> [eap] NAK asked for unsupported type 25
> [eap] No common EAP types found.
When I install the operating system, installed with the LAMP option, which
is supposed to be already installed OpenSSL. Even so, I've re-installed but
it do not work. I have to put something in radiusd.conf to search OpenSSL
libraries?
Thanks
-
List info/subscribe/unsubscribe? See http://www.freera
On 12/02/2009 07:18 AM, Diego Chovares Moreno wrote:
When I install the operating system, installed with the LAMP option,
which is supposed to be already installed OpenSSL. Even so, I've
re-installed but it do not work. I have to put something in radiusd.conf
to search OpenSSL libraries?
Thanks
Hi,
> When I install the operating system, installed with the LAMP option, which is
> supposed to be already installed OpenSSL. Even so, I've re-installed but it
> do not work. I have to put something in radiusd.conf to search OpenSSL
> libraries?
> Thanks
you need not just the SSL toolset (eg
Hi,
I have 2 freeradius server: 1 as proxy server, 1 as authentication server.
Everything is working fine (Auth. for WPA2, MSCHAPv2 ) until I implement the
postproxy function:
Then the authentication process did not finished.
Putting the vlanid etc into radreply on the authentication radius, e
On Mon, Jun 13, 2005, Jefri bin Dahari wrote:
> Hi,
>
> I plan to implement simultaneous MAC+EAP authentication for my wireless
> users. From my observation, Freeradius can only do either MAC or EAP but
> not MAC and EAP authentication. Can somebody gives me some hints on how to
"Jefri bin Dahari" <[EMAIL PROTECTED]> wrote:
> I plan to implement simultaneous MAC+EAP authentication for my wireless
> users. From my observation, Freeradius can only do either MAC or EAP but not
> MAC and EAP authentication. Can somebody gives me some hints on how to
i personally think that it's completely useless.
implementing EAP or MAC authentication, meaning that one of both would
work, is a huge security hole and requiring both is useless since EAP
authentication implicitly filters away everything unauthenticated...
(even if i understand that mig
I use Cisco AP 1230 and I set on the authentication for "MAC and EAP
authentication". On client side (Centrino/Windows XP), I set as mentioned in
the HOW-TO for EAP-TLS. On Freeradius, I only see EAP authentication but no
MAC authentication. Am I missing something? Please help
Artur Hecker <[EMAIL PROTECTED]> wrote:
> implementing EAP or MAC authentication, meaning that one of both would
> work, is a huge security hole and requiring both is useless since EAP
> authentication implicitly filters away everything unauthenticated...
Doing *both* ensures t
"Jefri bin Dahari" <[EMAIL PROTECTED]> wrote:
> authentication". On client side (Centrino/Windows XP), I set as mentioned in
> the HOW-TO for EAP-TLS. On Freeradius, I only see EAP authentication but no
> MAC authentication. Am I missing something? Please help.
CTED]> wrote:
> > implementing EAP or MAC authentication, meaning that one of both would
> > work, is a huge security hole and requiring both is useless since EAP
> > authentication implicitly filters away everything unauthenticated...
>
> Doing *both* ensures that
Tomislav Goluza wrote:
> I have a problem authenticating with Cisco Aironet 1200 access point. I
> have valid certificates on my laptop and on Freeradius.
Are you sure?
> This is the output on AP:
Which is irrelevant.
> This is what I get on freeradius:
...
> Sending Access-Challenge of id
Hi All,
I have been trying, unsuccessfully, to get a windows supplicant (as
shipped with Vista) to authenticate via freeradius/ldap. The
freeradius/ldap combo works well with the existing VPN authen/auth that
we have here on campus but not with EAP. I'm not sure what or where to
go from here ...
Simple authentication with login/password can be handled in large
numbers with a recent cpu and freeradius.
.
EAP authentication on the other hand requires a great amount of cpu
processing.
Therefore I have a simple(?) question:
Did someone already calcute the theoretically maximum number of
Hi,
I have some problems with Freeradius and EAP
I use freeradius version 2.1.11 on debian 5
When I start the radius server in debug mode (radiusd -xX), there are no error
(file debug1.txt)
When eduroam server enable connexion on your freeradius server, I have some
errors (file debug2.txt)
C
Why does auth_log return fail?
On May 4, 2013 8:04 PM, "larry tembu" wrote:
> Hi Freeradius users,
> i have FR freeradius-2.2.0-0.fc17.i686 set up on fedora 17 machine. the
> wimax clients are supplying EAPttls Mschapv2 for authentication. a few
> weeks ago, the configuration was working and auth
On Sat, May 4, 2013 at 3:24 PM, Peter Lambrechtsen wrote:
> Why does auth_log return fail?
> On May 4, 2013 8:04 PM, "larry tembu" wrote:
>
>> a few weeks ago, the configuration was working and authenticating, but it
>> suddenly stopped.
>>
>
> [auth_log] expand:
>> /var/log/radius/radacct
Hi,
>My GUESS is that it's something as simple as disk full. Try "df -h" and
>"df -i".
yep. thats the most common error. check in your change log for any changes
made to
your system , check revision control for any changes, check your 'gold
reference' 'radiusd -X'
output against what i
the client MAC address from
the radius server right after the EAP authentication fase? If not, how could
I achieve this level of control?
Thanks for you attention,
Tacio
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 17/11/10 12:31, hans.bornem...@tu-dortmund.de wrote:
Hi,
I have 2 freeradius server: 1 as proxy server, 1 as authentication
server. Everything is working fine (Auth. for WPA2, MSCHAPv2 ) until I
implement the postproxy function:
Post the debugging output, as advised frequently on this list:
It's possible configure Freeradius to request two eap authentication?
For example, the supplicant starts the eap-tls and the authentication is
ok. But the server radius don't send Access Accept but it requests a new
authentication (for example eap-md5). If also eap-md5 is ok, the
sup
Hi all
I'm using Freeradius to authenticate wifi customer with EAP and DHCP and it work well. But on accounting log, the is No IP address used by the customer. How can configure have also IP address on accounting log ?
Thanks for any help.
Jacques
-
List info/subscribe/unsubscri
Problem Description:
Unable to correctly authenticate a WinXP supplicant using PEAP/ MS-CHAP v2.
i don't know if i have FreeRADIUS misconfigured, if I'm missing an entry
in the database ... or what
I've tried using eap_tls and eap_md5 ...
snippets of radius -xxyz -l stdout
-- part one --
Peter Param wrote:
> I have been trying, unsuccessfully, to get a windows supplicant (as
> shipped with Vista) to authenticate via freeradius/ldap. The
> freeradius/ldap combo works well with the existing VPN authen/auth that
> we have here on campus but not with EAP. I'm not sure what or where t
Norbert Wegener wrote:
> Simple authentication with login/password can be handled in large
> numbers with a recent cpu and freeradius.
> .
> EAP authentication on the other hand requires a great amount of cpu
> processing.
It's all in the SSL rsa keying setup.
> The
Alan DeKok wrote:
..
$ openssl speed
Or
$ openssl speed rsa
http://www.madboa.com/geek/openssl/#benchmark-speed
For 2048 bit rsa keys, the web page gives 77 signs/s for a 2GHz Intel
Core 2. My 1GHz laptop gives around 20/s.
That number becomes the limiting factor for any TLS-based EAP
Norbert Wegener wrote:
> Do you also have experience in how many percent of that theoretic value
> can be reached in practise with a database backend on the same machine
> where beside freeradius and the database nothing else is running?
I don't have hard numbers, unfortunately. It also depends
Original-Nachricht
> Datum: Wed, 13 Feb 2008 19:04:25 +0100
> Von: Norbert Wegener <[EMAIL PROTECTED]>
> An: FreeRadius users mailing list
> Betreff: Re: eap authentication and cpu utilization
> Alan DeKok wrote:
> > ..
> > $ openssl speed
>
Sebastian Heil wrote:
> with my configuration, the freeradius-server can handle about 300 to 400
> eap-tls-authentication-request per minute. the cpu load is about 30 - 35 %.
That's less than 10/s. I think that the virtual server is running at
a clock rate of about 800MHz, maybe less.
Ther
Just for information:
I made some tests on different machines. Around 60% of the theoretical
maximum was the best value I got.
The behaviour was heavy influenced by the parameters in the "thread
pool" section and num_sql_socks, as I have a database backend.
Norbert Wegener
Alan DeKok wrote:
Norbert Wegener wrote:
> Just for information:
> I made some tests on different machines. Around 60% of the theoretical
> maximum was the best value I got.
> The behaviour was heavy influenced by the parameters in the "thread
> pool" section and num_sql_socks, as I have a database backend.
Yes.
Alan DeKok schrieb:
Norbert Wegener wrote:
Just for information:
I made some tests on different machines. Around 60% of the theoretical
maximum was the best value I got.
The behaviour was heavy influenced by the parameters in the "thread
pool" section and num_sql_socks, as I have a database
On 07/20/2011 09:22 AM, DENJEAN Didier wrote:
Hi,
I have some problems with Freeradius and EAP
I use freeradius version 2.1.11 on debian 5
When I start the radius server in debug mode (radiusd -xX), there are no error
(file debug1.txt)
When eduroam server enable connexion on your freeradius
daa6d01b3d5d2c0786b07ca440
MS-MPPE-Send-Key =
0xa77aaf208423b318ff7f482401d4468af3f9248cbdb611857a5f356bea7725ca
EAP-Message = 0x03060004
Message-Authenticator = 0x
User-Name = "test155"
Finished request 69.
--
View this message in context:
w I need to be
> able to do enforcement rules on my firewall per user basis (not only for
> authorization, but also for measurement). Is there a way to get the client
> MAC address from the radius server right after the EAP authentication fase?
> If not, how could I achieve this
hans.bornem...@tu-dortmund.de wrote:
> the debug output:
>
> the differences begin at line 82.
You can try to figure out exactly what is misconfigured, or
you can go back to using the default configuration.
The default configuration works for proxying EAP packets. If your
configuration do
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
>
> The default config is working, I wrote that in the first mail. IF I make this
> additional config, then eap is broken:
> /etc/freeradius/attrs:
>
> tu-dortmund.de
> Tunnel-Private-Group-ID :=8,
> Fall-Through = Yes
>
> DEFAULT
>
Matteo Paoli <[EMAIL PROTECTED]> wrote:
> For example, the supplicant starts the eap-tls and the authentication is
> ok. But the server radius don't send Access Accept but it requests a new
> authentication (for example eap-md5). If also eap-md5 is ok, the
> supplicant is authenticated.
No. EAP
JVUVANT Yahoo wrote:
Hi all
I'm using Freeradius to authenticate wifi customer with EAP and DHCP and it
work well. But on accounting log, the is No IP address used by the customer.
How can configure have also IP address on accounting log ?
EAP is done before DHCP, so no IP address is assigne
Brian Clarkson <[EMAIL PROTECTED]> wrote:
> Unable to correctly authenticate a WinXP supplicant using PEAP/ MS-CHAP v2.
>
> i don't know if i have FreeRADIUS misconfigured, if I'm missing an entry
> in the database ... or what
You're using an older version of FreeRADIUS, probably. PEAP i
Alan DeKok wrote:
Brian Clarkson <[EMAIL PROTECTED]> wrote:
Unable to correctly authenticate a WinXP supplicant using PEAP/ MS-CHAP v2.
i don't know if i have FreeRADIUS misconfigured, if I'm missing an entry
in the database ... or what
You're using an older version of FreeRADIUS, prob
Brian Clarkson wrote:
Alan DeKok wrote:
You're using an older version of FreeRADIUS, probably. PEAP is
supported only in the latest CVS snapshots.
and it seems the latest snapshot crashes ...
rad_recv: Access-Request packet from host 67.65.12.193:33075, id=148,
length=138
--- Walking the e
Brian Clarkson <[EMAIL PROTECTED]> wrote:
> modcall: entering group authorize for request 0
> Bus error
doc/bugs
> all i changed in ./configure was the prefix ( so that i didn't overwrite
> the existing install )
Ah. Are you sure you updated it to point to the *new* module
libraries?
Mi
Alan DeKok wrote:
Brian Clarkson <[EMAIL PROTECTED]> wrote:
modcall: entering group authorize for request 0
Bus error
doc/bugs
all i changed in ./configure was the prefix ( so that i didn't overwrite
the existing install )
Ah. Are you sure you updated it to point to the *new* module
li
Brian Clarkson <[EMAIL PROTECTED]> wrote:
> > Ah. Are you sure you updated it to point to the *new* module
> > libraries?
>
> AFAIK, yes. i created a new start script that launched the newly-built
> version.
doc/bugs
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.free
Alan DeKok wrote:
Brian Clarkson <[EMAIL PROTECTED]> wrote:
Ah. Are you sure you updated it to point to the *new* module
libraries?
AFAIK, yes. i created a new start script that launched the newly-built
version.
doc/bugs
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_
> why FR authenticate even with nonexistent username?
I don't know... Why don't you send the full debug log (you know, the bit where
the certificates are actually being checked) instead of the last round, where
EAP is just inserting the cached response.
-Arran
Arran Cudbard-Bell
a.cudba...@fr
http://freeradius.1045715.n5.nabble.com/file/n4841780/putty4.log putty4.log
In the attached file the complete log, didn't noticed before that the
process was so long..
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/EAP-authentication-accept-user-not-
On 26 Sep 2011, at 17:27, andreapepa wrote:
> http://freeradius.1045715.n5.nabble.com/file/n4841780/putty4.log putty4.log
>
> In the attached file the complete log, didn't noticed before that the
> process was so long..
A notfound return code in the authorize section means continue with a prio
Hi Arran,
Thank you that works great!
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/EAP-authentication-accept-user-not-found-tp4841666p4842017.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http
en heavily modified by
other consultants, including default tables and query.
Is it possible to do the same thing in this version? where i've to modify?
Thanks
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/EAP-authentication-accept-user-not-found-tp4841666p4845036
andreapepa wrote:
> I can't upgrade this freeradius , also because has been heavily modified by
> other consultants, including default tables and query.
Yes, you can upgrade. It just takes time.
If you understand the system, upgrading isn't hard. If you don't
understand it, why are you runn
Hi there list,
After getting (p)eap an mschap working I'm faced with the following
problem: The client gets authenticated through mschap and receives an
Access-Accept but the rlm_perl added pair which where added in request 0
are not send to the client. Resulting in a client ending up in the wrong
On 17/11/10 14:27, hans.bornem...@tu-dortmund.de wrote:
The default config is working, I wrote that in the first mail. IF I make this
additional config, then eap is broken:
/etc/freeradius/sites-enabled/default:
post-proxy {
post_proxy_log
#attr_rewrite
attr_fil
Peter Kaagman wrote:
> After getting (p)eap an mschap working I'm faced with the following
> problem: The client gets authenticated through mschap and receives an
> Access-Accept but the rlm_perl added pair which where added in request 0
> are not send to the client.
That's how the server works.
> If it doesn't, you did something wrong. Show *what* you did, what
> happened, and what you expected to see.
>
> Alan DeKok.
Thanks for the reply Alan. Haven't got a lab available at the moment
will give it a shot tomorrow and get back to you.
Off course I did something wrong no discu
Peter Kaagman wrote:
> Funny thing is though... the attributes you tell me not to set in
> rlm_perl are set automagicly (at least to me it looks like magic at the
> moment)... I did not make them up ;)
They're not set in the default configuration.
Someone changed them. And it's local to you.
On Thu, May 31, 2012 at 01:51:43PM +0200, Peter Kaagman wrote:
> I've tried several things to resolve this but with no result. One of
> which was running the perl code in a post-auth event. This resulted in
> something like 250 requests and the client not connecting.,
On the understanding (from ab
t; Aan: freeradius-users@lists.freeradius.org
> Onderwerp: rlm_perl added pairs disapear after eap authentication
>
> Hi there list,
>
> After getting (p)eap an mschap working I'm faced with the following
> problem: The client gets authenticated through mschap and receives an
&g
On 06/01/2012 09:08 AM, Peter Kaagman wrote:
But it seems to be a bumpy road and ran into yet another problem:
rlm_perl will not let me load modules.
I found reference to this problem on the list in December 2009 in
which Alan replied:
Looking at het examples on the Wiki it seems other people
Hello!
we are using freeradius2 version 2.1.10 on a centos/rhel 5 Server. We
authenticate several ubnt clients on ubnt AP's via EAP-PEAP/MSCHAPV2.
This works very well, but sometimes the clients got an Access-Reject and i
don't know why ;(
I set the radius Server to debug mode and get those outpu
On Wed, Aug 8, 2012 at 2:44 PM, stefan novak wrote:
> Hello!
>
> we are using freeradius2 version 2.1.10 on a centos/rhel 5 Server. We
> authenticate several ubnt clients on ubnt AP's via EAP-PEAP/MSCHAPV2.
> This works very well, but sometimes the clients got an Access-Reject and i
> don't know w
>
> If it's "sometimes", then it would be wise to compare the debug log of
> when the client succeeds and when it does not. Also, IIRC RHEL5 has
> 2.1.12 already, so you should upgrade just in case this is a fixed
> bug.
>
>
just updated my testserver to 2.1.12.
I test now with rad_eap_test utility
Hi,
>just updated my testserver to 2.1.12.
>I test now with rad_eap_test utility to eliminate a client failure. the
>behaviour gets more stranger. the test utility also fails sometimes, but
>the radius server seams to be ok now?
>[root@wlan-radius rad_eap_test-0.23]# ./rad_eap
stefan novak wrote:
> just updated my testserver to 2.1.12.
> I test now with rad_eap_test utility to eliminate a client failure. the
> behaviour gets more stranger. the test utility also fails sometimes, but
> the radius server seams to be ok now?
Your method is wrong.
You ran the client 5 t
On Wed, Aug 8, 2012 at 3:43 PM, stefan novak wrote:
>> If it's "sometimes", then it would be wise to compare the debug log of
>> when the client succeeds and when it does not. Also, IIRC RHEL5 has
>> 2.1.12 already, so you should upgrade just in case this is a fixed
>> bug.
>>
>
> just updated my
On Wed, Aug 8, 2012 at 3:49 PM, alan buxey wrote:
> byt he way rad_eap_test isnt the best tool to use - use 'eapol_test' instead
http://wiki.freeradius.org/EAP-Clients#rad_eap_test says rad_eap_test
also uses eapol_test from wpa_supplicant. Shouldn't it produce the
same behavior?
--
Fajar
-
Lis
>
> http://wiki.freeradius.org/EAP-Clients#rad_eap_test says rad_eap_test
> also uses eapol_test from wpa_supplicant. Shouldn't it produce the
> same behavior?
>
> rad_eap_test is only a wrapper script around eapol_test because it
produces much output.
Those are all access-accept, aren't they? Th
Hi,
>rad_eap_test is only a wrapper script around eapol_test because it
>produces much output.
yes..and i believe it has a bug or 2
>yes, sorry. understand that false
>ok, then it seams that radius server is ok, but the clients are generating
>false eap packets.
>i w
>
> when you say clients, you just mean these rad_eap_test requests? I assume
> you are using
> NAGIOS...and that occasionally you are getting a WARNING for the RADIUS
> server? yes?
> its a bug in rap_eap_test as far as I can see - I moved to a native
> eapol_test with my NAGIOS
> because of thi
Output from the ubnt client:
Aug 7 07:15:18 wpa-supplicant: CTRL-EVENT-EAP-STARTED EAP authentication
started
Aug 7 07:15:21 wpa-supplicant: CTRL-EVENT-EAP-METHOD EAP vendor 0 method
25 (PEAP) selected
Aug 7 07:15:57 pppd[1714]: No response to 5 echo-requests
Aug 7 07:15:57 pppd[1714]: Serial
1 - 100 of 109 matches
Mail list logo