trying forcing windows pptp client to use mschapv2
Le 26.11.2008 09:15, Douglas Macedo a écrit :
Sorry Alan,
but the webpage tells that its don't work. Its impossible? Correct?
So, how I can fix that the other way?
My pptp-options:
==
epiderme:/etc/ppp# cat pptpd-options
name pptpd
Douglas Macedo wrote:
but the webpage tells that its don't work. Its impossible? Correct?
Since I wrote that web page... I won't disagee with it.
So, how I can fix that the other way?
Do you have questions about the suggestions on the web page?
My pptp-options:
==
epiderme:/etc/ppp#
Alexandre,
if I try mschapv2 in Windons client:
--
rad_recv: Access-Request packet from host 150.162.67.254:32839, id=46,
length=52
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = nobody
NAS-IP-Address = 1.1.1.1
NAS-Port = 0
Processing the authorize section of
Le 26.11.2008 09:32, Douglas Macedo a écrit :
Alexandre,
if I try mschapv2 in Windons client:
--
rad_recv: Access-Request packet from host 150.162.67.254:32839
http://150.162.67.254:32839, id=46, length=52
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = nobody
Douglas Macedo wrote:
Any idea?
Use a recent version of the server.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
if I try mschapv2 in Windons client:
--
rad_recv: Access-Request packet from host 150.162.67.254:32839, id=46,
length=52
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = nobody
NAS-IP-Address = 1.1.1.1
NAS-Port = 0
This is not an mschap request.
Hi
any chance you can provide the actual syntax of whats required?
replyItem Service-Type Administrative-User
replyItem Juniper-Local-User-Name DEV
Sorry, a bit of a novice freeraidus user
thanks
Ivan
2008/8/29 Ivan Kalik [EMAIL PROTECTED]:
Yes. Add
any chance you can provide the actual syntax of whats required?
Syntax is the same as for other entries:
replyItem radiusAttribute ldapAttribute
so something like:
replyItem Service-Type radiusServiceType
replyItem Juniper-Local-User-Name juniperLocalName
replyItem
Yes. Add the reply attributes to ldap.attrmap.
Ivan Kalik
Kalik Informatika ISP
Dana 28/8/2008, Ivan . [EMAIL PROTECTED] piše:
Hi
I have Freeradius configured with a backend of OpenLdap for user management.
I would like to be able to pass attributes for Nortel and Juniper
gear, which when
Hi
I have Freeradius configured with a backend of OpenLdap for user management.
I would like to be able to pass attributes for Nortel and Juniper
gear, which when statically defining users in user file is done via:
user Auth-type:=Local, User-Password := test
Juniper-Local-User-Name
Dear all
I have requirement of sslvpn authentication with freeradius +
ldap server is there anyone have worked on freeradius + ldap or authenticate
with goruping and other features...
$ cat ~/satish/url.txt
http
the dsHeuristics setting as specified in the rlm_ldap docs.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Alan DeKok
Sent: Friday, January 18, 2008 1:05 AM
To: FreeRadius users mailing list
Subject: Re: Freeradius +LDAP + Active Directory + Authenticate Only
William Segura wrote:
I am trying to setup Freeradius to authenticate against an active
directory server.
Only bind as user will work, and even then not always.
Here are the relevant files:
Please do not post configuration files to the list.
Radius Log:
...
rad_recv: Access-Request
Hi all,
I'm trying to configure freeradius to authenticate at LDAP Database. I have a
poor knowledgement about freeradius and need help :) ...
What i need to do to configure correctly my freeradius to authenticate at ldap
database? how do i can test it?
today i have the following structure
I am trying to setup Freeradius to authenticate against an active
directory server. I do not want it to do a ldapsearch to get
authorization. I have looked on the mailing lists but have not found how
to do this in my situation. I did read the rlm_ldap manual and am aware
of the ldap-UserDN
[EMAIL PROTECTED] wrote:
In the radiusd.conf config file, the %{Stripped-User-Name} is correctly
created from %{User-Name}.
That's not the issue. The issue is that something is editing the
User-Name attribute. That editing is breaking EAP.
I have made some tests with and without the
Alan DeKok a écrit :
[EMAIL PROTECTED] wrote:
In the radiusd.conf config file, the %{Stripped-User-Name} is correctly
created from %{User-Name}.
That's not the issue. The issue is that something is editing the
User-Name attribute. That editing is breaking EAP.
Okay, I
Alan DeKok a écrit :
Thanks for your answers.
[EMAIL PROTECTED] wrote:
Hello,
The problem is when a computer tries to authenticate, the User-Name sent
is host//computername/, but in ldap we have entrie like
/computername/$. So we have some attr_rewrite that removes host/ and
adds the
Hello,
We have a Samba domain controller (3.0.9) with freeradius on it and
several windows XP SP2 workstations attached to it.
Actually, this wired setup is working correctly.
We are planning to use wifi on those workstations but we encounters many
problems.
Here our wifi setup:
Our APs
[EMAIL PROTECTED] wrote:
Hello,
The problem is when a computer tries to authenticate, the User-Name sent
is host//computername/, but in ldap we have entrie like
/computername/$. So we have some attr_rewrite that removes host/ and
adds the dollar sign.
Why? You can just create a *new*
George Beitis wrote:
I have a problem. I set up freeradius to use a local ldap server to
authenticate a user. When i say authenticate i mean check if the user
is there, check their password, and accept or reject them. When i do
such an authentication i get a message from freeradius saying
users: Matched entry DEFAULT at line 153
..
rad_check_password: Found Auth-Type System
auth: type System
It's picking up Auth-Type System from users file. Comment out that entry.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
George Beitis wrote:
...
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
The LDAP database doesn't contain the known good password for the user.
rlm_ldap: user gb85 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id:
Hi everyone
I have a problem. I set up freeradius to use a local ldap server to
authenticate a user. When i say authenticate i mean check if the user
is there, check their password, and accept or reject them. When i do
such an authentication i get a message from freeradius saying that user
is
Andreas Wetzel wrote:
I remember some document mentioning, that if the RADIUS server sends an
Acct-Session-Id in the Access-Accept reply, the NAS should use this in
accounting, just like it does with a User-Name from the Access-Accept.
Hmm.. maybe in RFC 2866.
So I thought, I'd give it a
Hi,
OK, I try to setup hostapd in freebsd to be my wireless NAS and
configure the accounting server to my radius server. It works. Which
mean the my previous NAS do not do the accounting job. Thank for your
information. By the way, I do notice the accounting request sent by
hostapd is very
[EMAIL PROTECTED] wrote:
... By the way, I do notice the accounting request sent by
hostapd is very basic and what should I do if i need to add more
attribute?
Read the hostapd documentation.
For example, the accounting packet do not include the full
username i.e. [EMAIL PROTECTED] Looking
Hi Alan,
Read the hostapd documentation.
Nothing much the documentation about the attributes.
If the User-Name in the Access-Request was [EMAIL PROTECTED], it looks
like a bug in hostapd. If he User-Name in the Access-Request was
user, then hostapd is functioning correctly.
Hi,
[EMAIL PROTECTED] wrote:
OK, I try to setup hostapd in freebsd to be my wireless NAS and
configure the accounting server to my radius server. It works. Which
mean the my previous NAS do not do the accounting job. Thank for your
information. By the way, I do notice the accounting
Andreas Wetzel wrote:
Did anybody notice, that hostapd *always* sends a NAS-Port with a value of 0
for *any* connected station? This happens for me with the hostapd 0.4.8
included with FreeBSD 6.2, as well as with hostapd 0.5.8. And it is presumably
the reason, why I cannot seem to get radwho
Alan DeKok wrote:
Andreas Wetzel wrote:
Did anybody notice, that hostapd *always* sends a NAS-Port with a value of 0
for *any* connected station? This happens for me with the hostapd 0.4.8
included with FreeBSD 6.2, as well as with hostapd 0.5.8. And it is
presumably
the reason, why I
Andreas Wetzel wrote:
Yes, but in the case of hostapd I believe this is a bug. Internally it assigns
IDs starting at index 1, which should go into the NAS-Port attribute. But for
some reason it always ends up with 0.
Does it track multiple connections from the same host? i.e.
Alan DeKok wrote:
Andreas Wetzel wrote:
Yes, but in the case of hostapd I believe this is a bug. Internally it
assigns
IDs starting at index 1, which should go into the NAS-Port attribute. But for
some reason it always ends up with 0.
Does it track multiple connections from the same
Here is my radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config:
[EMAIL PROTECTED] wrote:
..
rad_check_password: Found Auth-Type LDAP1
Why did you set that? It's breaking EAP.
Read eap.conf. DO NOT SET AUTH-TYPE.
This comes up so often on the list, and it's documented in so many
places, that I'm don't understand why people still run into it.
Hi Alan,
I did try to remove the Auth-Type in users file i.e.
DEFAULT Realm == "ocesb.com.my", Autz-Type := LDAP1
However, it is still not working. Below is the debug message.
modcall[authorize]: module "ldap_1x" returns ok for request 4
modcall: group Autz-Type returns ok for request 4
Hi,
I'm a bit confuse now. Can you explain in more detail about your
finding?
Very thank for your patient.
Arjuna Scagnetto wrote:
I've take
a look at your radius.conf.
I can only say that i have a Radius+LDAP+EAP-ttls (pap)
configuratio working in authorize section
ldap is
Hi Alan,
After try to remove the Auth-Type in users and let radius auto detect
the method, also add in another 3 new attribute in ldif, below is the
different message I get. Can you please have a look? Thanks.
modcall[authorize]: module "ldap_1x" returns ok for request 4
modcall: group
Dear Alan,
Finally, I manage to get TTLS with PAP work by just change the config
in radius.conf:
authorize{
ldap_1x
}
authenticate {
Auth-Type LDAP {
ldap_1x
}
}
However, I do notice radius only insert the login record in radpostauth
but no record in radacct. If I'm using EAP-MD5
Let's try like Yoda:
Auth-Type set you do not
Ivan Kalik
Kalik Informatika ISP
Dana 3/7/2007, [EMAIL PROTECTED] [EMAIL PROTECTED] piše:
Hi Alan,
After try to remove the Auth-Type in users and let radius auto detect
the method, also add in another 3 new attribute in ldif, below
[EMAIL PROTECTED] wrote:
...
However, I do notice radius only insert the login record in radpostauth
but no record in radacct. If I'm using EAP-MD5 with L2 switch as NAS, a
login record will be there. What make this happen?
It's in the FAQ. The NAS isn't sending accounting packets.
Alan
Dear Alan,
I try 2 different type of wireless NASs but still didn't insert the
record into table. Is that mean the wireless NAS by default do not send
accounting info or do not have this kind of function?
Regards
Alan DeKok wrote:
[EMAIL PROTECTED] wrote:
...
However, I do
[EMAIL PROTECTED] wrote:
I try 2 different type of wireless NASs but still didn't insert the
record into table. Is that mean the wireless NAS by default do not send
accounting info or do not have this kind of function?
Does the NAS documentation say it supports accounting?
Alan DeKok.
-
Hi all,
I've try to setup a new freeradius server for my wireless users using
WPA/WPA2 with 802.1x authentication. all the clients are using secureW2
to login. FYI, I've another freeradius which is currently run for EAPOL
(802.1x over L2 switch) with EAP-MD5 and it is working fine for me.
[EMAIL PROTECTED] wrote:
I've try to setup a new freeradius server for my wireless users using
WPA/WPA2 with 802.1x authentication. all the clients are using secureW2
to login. FYI, I've another freeradius which is currently run for EAPOL
(802.1x over L2 switch) with EAP-MD5 and it is working
Hi,
Is somebody configure 3Com switch series 4500 with Freeradius + Ldap auth. ?
I have some problem:
In debug mode i see:
---CUT---
Sending Access-Accept of id 18 to 192.168.2.201 port 5001
MS-MPPE-Recv-Key =
0x3c9698b69511f27c53657389c3994d28fa0c2db70bd6c671dc211ba697f92a09
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
peppeska ha scritto:
ma script to start pppoe-server is
debian:~# cat start-pppoe2.sh
#!/bin/bash
MAX=250
BASE=10.67.7.1
NAT=10.67.7.0/24
MYIP=193.205.94.13
iptables -A INPUT -i eth0 -s $NAT -j DROP
iptables -t nat -A POSTROUTING -s
peppeska wrote:
...
rad_recv: Access-Request packet from host 127.0.0.1:1027, id=118, length=54
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = peppeska
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
rad_check_password: Found Auth-Type
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alan DeKok ha scritto:
peppeska wrote:
...
rad_recv: Access-Request packet from host 127.0.0.1:1027, id=118, length=54
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = peppeska
NAS-IP-Address =
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alan DeKok ha scritto:
peppeska wrote:
...
rad_recv: Access-Request packet from host 127.0.0.1:1027, id=118, length=54
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = peppeska
NAS-IP-Address =
peppeska wrote:
Now my configuration in user file is:
DEFAULT Auth-Type = LDAP
Fall-Through = 1
Can you explain why you're setting Auth-Type? All of the docs say to
NOT DO THAT.
But the output now is:
rad_recv: Access-Request packet from host 127.0.0.1:1030, id=65, length=54
But the output now is:
rad_recv: Access-Request packet from host 127.0.0.1:1030,
id=65, length=54
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = peppeska
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alan DeKok ha scritto:
peppeska wrote:
Now my configuration in user file is:
DEFAULT Auth-Type = LDAP
Fall-Through = 1
Can you explain why you're setting Auth-Type? All of the docs say to
NOT DO THAT.
ook
I comment that
but
peppeska wrote:
rad_recv: Access-Request packet from host 127.0.0.1:1030, id=65, length=54
^^
-Where is User-Password attribute?
Ask the NAS.
what?
In this case I have a suspicion the NAS could be radclient...
How are you sending
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Mitchell ha scritto:
peppeska wrote:
rad_recv: Access-Request packet from host 127.0.0.1:1030, id=65, length=54
^^
-Where is User-Password attribute?
Ask the NAS.
what?
In this
-Message d'origine-
De :
[EMAIL PROTECTED]
radius.org
[mailto:[EMAIL PROTECTED]
sts.freeradius.org] De la part de peppeska
Envoyé : mercredi 21 mars 2007 13:44
À : FreeRadius users mailing list
Objet : Re: freeradius, ldap error - HELP ME!
-BEGIN PGP SIGNED MESSAGE
: Re: freeradius, ldap error - HELP ME!
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Mitchell ha scritto:
peppeska wrote:
rad_recv: Access-Request packet from host 127.0.0.1:1030, id=65,
length=54
^^
-Where is User-Password
Hi,
Very strange I didn't get this email ?
See my comments below:
Thibault Le Meur ha scritto:
But the output now is:
rad_recv: Access-Request packet from host
127.0.0.1:1030, id=65,
length=54
Service-Type = Framed-User
Framed-Protocol = PPP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thibault Le Meur ha scritto:
Have you setup ppp to use mschap (require-mschap-v2 option) ? Are
you using the radiusclient library ?
refuse-pap
refuse-chap
require-mschap
require-mschap-v2
require-mppe
Ok so that your NAS don't
and in the dictonary file:
$INCLUDE /etc/radiusclient/dictionary.microsoft
$INCLUDE /etc/radiusclient/dictionary.ascend
$INCLUDE /etc/radiusclient/dictionary.compat
$INCLUDE /etc/radiusclient/dictionary.merit
$INCLUDE /usr/share/freeradius/dictionary
Don't write $INCLUDE but
MMM damn! why freeradius don't want work with me?
It's not a Freeradius issue, but a ppp/radiusclient issue ;-)
P.S.
without the Deafult Auth-Type in the users file...it's the
same... If I put $INCLUDE instead INCLUDE... work like before...
Very strange I've got several
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ok!!!
Now I have this configuration
INCLUDE /etc/radiusclient/dictionary.microsoft
INCLUDE /etc/radiusclient/dictionary.ascend
INCLUDE /etc/radiusclient/dictionary.compat
INCLUDE /etc/radiusclient/dictionary.merit
$INCLUDE
peppeska wrote:
Ok!!!
Now I have this configuration
INCLUDE /etc/radiusclient/dictionary.microsoft
INCLUDE /etc/radiusclient/dictionary.ascend
INCLUDE /etc/radiusclient/dictionary.compat
INCLUDE /etc/radiusclient/dictionary.merit
$INCLUDE /usr/share/freeradius/dictionary
No.
-Message d'origine-
De :
[EMAIL PROTECTED]
radius.org
[mailto:[EMAIL PROTECTED]
sts.freeradius.org] De la part de peppeska
Envoyé : mercredi 21 mars 2007 18:36
À : FreeRadius users mailing list
Objet : Re: RE : RE : RE : freeradius, ldap error - HELP ME!
-BEGIN PGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alan DeKok ha scritto:
peppeska wrote:
Ok!!!
Now I have this configuration
INCLUDE /etc/radiusclient/dictionary.microsoft
INCLUDE /etc/radiusclient/dictionary.ascend
INCLUDE /etc/radiusclient/dictionary.compat
INCLUDE
peppeska wrote:
...
Sending Access-Accept of id 50 to 127.0.0.1 port 1028
...
Mar 21 19:21:41 applejack pppd[18529]: MS-CHAP authentication failed:
PPPD is broken.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
but plog:
[EMAIL PROTECTED]:/home/peppeska# plog
Mar 21 19:21:18 applejack pppd[18527]: Plugin rp-pppoe.so loaded.
Mar 21 19:21:18 applejack pppd[18529]: pppd 2.4.4 started by root, uid 0
Mar 21 19:21:19 applejack pppd[18529]: PPP session is 6
Mar 21 19:21:19 applejack pppd[18529]: Using
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alan DeKok ha scritto:
peppeska wrote:
...
Sending Access-Accept of id 50 to 127.0.0.1 port 1028
...
Mar 21 19:21:41 applejack pppd[18529]: MS-CHAP authentication failed:
PPPD is broken.
And wath I most do now?
@Thibault Le Meur
I use
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Please freeradius User... HELP ME!
So, I use a pppoe-freeradius-ldap system for access and autenticate
user.. but some go wrong.. and when I try to connect me appare this
error... what's wrong in my configuration?
look this! this is the freeradius
-Message d'origine-
De :
[EMAIL PROTECTED]
radius.org
[mailto:[EMAIL PROTECTED]
sts.freeradius.org] De la part de peppeska
Envoyé : mardi 20 mars 2007 10:34
À : FreeRadius users mailing list
Objet : freeradius, ldap error - HELP ME!
-BEGIN PGP SIGNED MESSAGE
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as cn=admin,dc=example/root to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thibault Le Meur ha scritto:
Comment this line in your ldap section of radiusd.conf:
# access_attr = dialupAccess
And comment this one too, like this :
# access_attr_used_for_allow = yes
I do it! and now there is the following error:
= forbidden.
Waking up in 4 seconds...
Message du 06/03/07 à 11h58
De : Michael Mitchell
A : FreeRadius users mailing list
Copie à :
Objet : Re: freeradius ldap connector
[EMAIL PROTECTED] wrote:
I notice that Freeradius tries 6 times to find a user in my LDAP
directory when this user
[EMAIL PROTECTED] wrote:
you can see the debug. there are 7 searches for an uid that doesn't
exist in the ldap directory:
Because you told the server to do that. Please read the debug log to
see why.
...
rlm_ldap: object not found or got ambiguous search result
rlm_ldap::ldap_groupcmp:
OK thanks
Message du 09/03/07 à 09h52
De : Alan DeKok
A : [EMAIL PROTECTED], FreeRadius users mailing list
Copie à :
Objet : Re: freeradius ldap connector
[EMAIL PROTECTED] wrote:
you can see the debug. there are 7 searches for an uid that doesn't
exist in the ldap directory
Hello,
I use freeradius 1.0.1 LDAP connector to request a LDAP directory.
I notice that Freeradius tries 6 times to find a user in my LDAP directory when
this user doesn't existe.
Is there a mean to make freeradius tries only one time ?
Thanks
Thomas-
List info/subscribe/unsubscribe? See
[EMAIL PROTECTED] wrote:
I notice that Freeradius tries 6 times to find a user in my LDAP
directory when this user doesn't existe.
err, really? During authorisation (where a search is performed by a priviledged
user) or during authentication (where an attempt may be made to bind to LDAP as
...
Message du 06/03/07 à 11h58
De : Michael Mitchell
A : FreeRadius users mailing list
Copie à :
Objet : Re: freeradius ldap connector
[EMAIL PROTECTED] wrote:
I notice that Freeradius tries 6 times to find a user in my LDAP
directory when this user doesn't existe.
err
Hello,
I change my set and now i have that problem:
rad_recv: Access-Request packet from host 192.168.1.245:3072, id=0,
length=135
User-Name = rka
NAS-IP-Address = 192.168.1.245
Called-Station-Id = 001217694588
Calling-Station-Id = 0014a41e7112
Sic :(
I set eap with tls, because when i connect from PC i saw in debug TLS.
Then i set tls in eap, but when i started freeraius (freeradius -XXX -A)
i saw:
Error: rlm_eap: Failed to link EAP-Type/tls: rlm_eap_tls.so: cannot open
shared object file: No such file or directory
Error:
Rafa? Kamin'ski wrote:
Tue Jan 16 09:45:50 2007 : Debug: rlm_eap: EAP-NAK asked for EAP-Type/peap
Tue Jan 16 09:45:50 2007 : Debug: rlm_eap: No such EAP type peap
...
Where is the problem ?
The client is requesting to do PEAP, and you didn't configure peap in
eap.conf. See the Wiki
Could you post this file ?
I have only:
eap {
default_eap_type = tls
tls {
tls_cacertfile = /etc/freeradius/cert/ca.pem
tls_certfile = /etc/freeradius/cert/radius.crt
tls_keyfile = /etc/freeradius/cert/radius.key
}
}
BR,
Rafal
Could you post this file ?
I have only:
eap {
default_eap_type = tls
tls {
tls_cacertfile = /etc/freeradius/cert/ca.pem
tls_certfile = /etc/freeradius/cert/radius.crt
tls_keyfile = /etc/freeradius/cert/radius.key
Oki, i compile freeradius with tls eap, but now i have that problem when
i want start freeradius:
Tue Jan 16 13:49:16 2007 : Debug: Module: Loaded eap
Tue Jan 16 13:49:16 2007 : Debug: eap: default_eap_type = tls
Tue Jan 16 13:49:16 2007 : Debug: eap: timer_expire = 60
Tue Jan 16 13:49:16 2007
Sorry for my all post :(
I set peap/eap/tls and i start freeradius but when user on laptop with
wifi want to auth. to radius over linksys, in log is:
rad_recv: Access-Request packet from host 192.168.1.245:3072, id=0,
length=167
User-Name = lpa
NAS-IP-Address = 192.168.1.245
Rafa? Kamin'ski wrote:
Sorry for my all post :(
PEAP tunnel data in : 02 08 00 0b 21 80 03 00 02 00 02
Tue Jan 16 14:35:56 2007 : Debug: rlm_eap_peap: Received EAP-TLV response.
Tue Jan 16 14:35:56 2007 : Debug: rlm_eap_peap: Tunneled data is valid.
Tue Jan 16 14:35:56 2007 :
Hello,
I have that configuration:
-server with Freeradius + connect with internal system and Ldap server
-Linksys WPA54G
-laptop with wifi
-PC with freebsd
when i testing connections from PC use radtest i was auth. by radius and
ldap server.
But when i want to use laptop and wifi i see some
authorize (returns ok) for request 2 Mon Jan 15 13:39:00 2007
: Debug: auth: No authenticate method
(Auth-Type) configuration found for the request: Rejecting
Is 'eap' listed in our authorize section. It should be since this is an EAP
request and Freeradius needs a way to set Auth-Type to
Hi,
we are using FreeRadius 1.1.3 on Fedora Core 6 and the RLM_LDAP module,
we're needing control simultaneous logins, eg. the ldap user John can
authenticate only one time.
When are monitoring the ldap users logins, they can log successfully in
ldap, but we can't see or
[EMAIL PROTECTED] wrote:
Please do not CC the -devel list. That list is for developers, not
for general user questions.
When are monitoring the ldap users logins, they can log successfully in
ldap, but we can't see or monitoring the users login in radutmp log file
is empty with 0kb,
Thanks Alan,
my configuration works now. Like always (in radius) just a very few lines
of changes in the default config made it:
Dirk Enrique Seiffert wrote:
I set ldap in authorize {} and authenticate {}. In users I added
DEFAULT Auth-Type := LDAP
Fall-Through = 1
Hello,
I am trying to get Poptop, Freeradius and Openldap to work together.
Basically our VPN users should login with their credentials, to be checked
against ldap. I don't want to store radius attributes in LDAP, just assign
objectclass=pptpServerAccount for VPN useres in LDAP.
I set ldap in
Dirk Enrique Seiffert wrote:
I set ldap in authorize {} and authenticate {}. In users I added
DEFAULT Auth-Type := LDAP
Fall-Through = 1
Why? That's not necessary.
When i try to connect from an pptp client my logs show:
Tue Dec 12 19:07:31 2006 : Debug:
Hello Everyone,
I am trying to configure our system to authenticate through LDAP. I
have hard time to figure out what cause my system not working. Please
view the log and let me know what I can fix. Thanks very much for your
help in advance.
Starting - reading configuration files ...
Tho Nguyen wrote:
I am trying to configure our system to authenticate through LDAP. I
have hard time to figure out what cause my system not working. Please
view the log and let me know what I can fix. Thanks very much for your
help in advance.
..
Sending Access-Challenge of id 24 to
Hello
I install freeradius on Debian Sarge machine. I have my user in ldap
and I use that directory to auth. them. It's works. But when I want
to use TLS in connections between radius and ldap, I have that error
in radius log.
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap:
-Message d'origine-
De :
[EMAIL PROTECTED]
radius.org
[mailto:[EMAIL PROTECTED]
sts.freeradius.org] De la part de Rafa³ Kamiñski
Envoyé : lundi 4 décembre 2006 13:28
À : freeradius-users@lists.freeradius.org
Objet : FreeRadius + Ldap + TLS/SSL
When i saw that error, i
:[EMAIL PROTECTED]
sts.freeradius.org] De la part de Rafa³ Kamiñski
Envoyé : lundi 4 décembre 2006 13:28
À : freeradius-users@lists.freeradius.org
Objet : FreeRadius + Ldap + TLS/SSL
When i saw that error, i check ldap logs. My ldap is configure with
SSL not a TLS. Now i have a problem
Rafał Kamiński wrote:
-In freeradius log (freeradius -XXX -A) i see my password from ldap
server, how i can crypt that password ?
You don't. Debugging mode is SUPPOSED to tell you what the passwords
are, otherwise debugging mode is useless.
if you don't want the passwords, don't run in
I have install freeradius and linux , but not yet also succeed. user of in windows 2000 ( LDAP )
as which/such ?
helping my sending mail is settinganya?
thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
201 - 300 of 411 matches
Mail list logo
