primoz wrote:
> Aah, i like the reverse psyhology approach here, but I'm just trying to
> gather information and knowledge from different sources.
Q: Hi, how does RADIUS work?
A: here's how...
Q: But web works differently...
A: So?
Q: Why are you so mean?
A:
> Sorry for my newbiness, will dive i
Aah, i like the reverse psyhology approach here, but I'm just trying to
gather information and knowledge from different sources.
Sorry for my newbiness, will dive into the documentation and decide whether
to use PAP or store passwords in clear text.
EAP_TTLS would work, but windows XP client does
Hi,
> And PAP is not very safe and smart way to go as i read it.
as an inner auth type for EAP-TTLS it isnt too bad.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
primoz wrote:
> And PAP is not very safe and smart way to go as i read it.
PAP is fine for RADIUS.
> So, crypted passwords are usefull only in web applications?
That's not at all what I said. I specifically mentioned Unix logins.
Crypt'd passwords are useful only for PAP. There are many,
On 10/23/07, Alan DeKok <[EMAIL PROTECTED]> wrote:
>
> preem wrote:
> > So, what is a common practice to do this then?
>
> It's not.
>
> People store MD5 or crypt'd passwords when the ONLY authentication
> they're doing is PAP. i.e. Unix logins, where the user supplies a
> clear-text password
preem wrote:
> So, what is a common practice to do this then?
It's not.
People store MD5 or crypt'd passwords when the ONLY authentication
they're doing is PAP. i.e. Unix logins, where the user supplies a
clear-text password to the authentication system.
For many EAP types, people do NOT
Ah yes, that explains it, thanks Alan.
So, what is a common practice to do this then? I understand its not very
safe nor sane to store passwords in clear text, thats why I wanted to avoid
that, however it seems inevitable.
Let me explain a little better what I'm trying to do:
I am managing a wi
preem wrote:
> I have a simillar problem with EAP-MD5 authenticating against MySQL
> DataBase.
>
> Whatever i do, it won't accept password, which is stored in the MySQL db
> using MD5('') function. However, if i send a password's hash as password it
> accepts it, which indicates something is not h
Hi,
> I do not understand, should the Windows XP's supplicant encrypt password
> prior to sending, or does it send it in cleartext and the radius encrypts
the windows supplicant? err, it doesnt send the password in any sane way.
you need to either set up an MSCHAPv2 challenge response system or
p
Sorry if this has been posted more than once, mailing list rejected message
twice.
Hello,
I have a simillar problem with EAP-MD5 authenticating against MySQL
DataBase.
Whatever i do, it won't accept password, which is stored in the MySQL db
using MD5('') function. However, if i send a password'
Phil Mayers wrote:
Sigh.
Don't set the Auth-Type AT ALL. The only legitimate uses are:
* setting it to Accept for PAP requests
* setting it to Reject
* setting it to the name of a specific instance where there are >1 of
the same type of auth module with different configs (e.g. 2 different
On Sun, 2007-09-16 at 22:08 +0100, Andrew Rowson wrote:
>
> [EMAIL PROTECTED] wrote:
> > Comment it out anyway. You are setting Auth-Type Local in SQL database
> > then. If not in radcheck then in radgroupcheck.
> >
> > Ivan Kalik
> > Kalik Informatika ISP
>
> I feel really stupid now. It was s
Well, AP is not responding. Request is for wireless access and attributes
in the reply are for shell access. It might not like that.
Ivan Kalik
Kalik Informatika ISP
Dana 16/9/2007, "Andrew Rowson" <[EMAIL PROTECTED]> piše:
>
>
>[EMAIL PROTECTED] wrote:
>> Comment it out anyway. You are settin
[EMAIL PROTECTED] wrote:
Comment it out anyway. You are setting Auth-Type Local in SQL database
then. If not in radcheck then in radgroupcheck.
Ivan Kalik
Kalik Informatika ISP
I feel really stupid now. It was sitting there in radgroupcheck setting
the auth-type to local.
ARGH.
Ok, regr
Comment it out anyway. You are setting Auth-Type Local in SQL database
then. If not in radcheck then in radgroupcheck.
Ivan Kalik
Kalik Informatika ISP
Dana 16/9/2007, "Andrew Rowson" <[EMAIL PROTECTED]> piše:
>>> Ok, I've upgraded to 1.1.7, and I get the auth-type local issue again.
>>> The l
Andrew Rowson wrote:
> I had the following on line 155, which when commented out, seems to make
> no difference.
>
> DEFAULTAuth-Type = System
>Fall-Through = 1
(1) Start off with the default radiusd.conf in 1.1.7.
(2) Change just enough to enable tls and peap
(3) run the te
Andrew Rowson wrote:
> Ok, I've upgraded to 1.1.7, and I get the auth-type local issue again.
> The log is up at the same place as before,
> http://public.growse.com/radiusd.log
The output is a LOT shorter than your tests with the previous version.
> I'm at a bit of a loss. I can't be the only
Ok, I've upgraded to 1.1.7, and I get the auth-type local issue again.
The log is up at the same place as before,
http://public.growse.com/radiusd.log
I'm at a bit of a loss. I can't be the only person who wants to put user
credentials for a PEAP setup into a mysql db?
modcall[authorize]:
> Ok, I've upgraded to 1.1.7, and I get the auth-type local issue again.
> The log is up at the same place as before,
> http://public.growse.com/radiusd.log
>
> I'm at a bit of a loss. I can't be the only person who wants to put user
> credentials for a PEAP setup into a mysql db?
>
modcall[
Alan DeKok wrote:
Andrew Rowson wrote:
The database contains Cleartext-Password == password. I've tried it with
:=, but if I remember correctly that fails as well,
Use := for Cleartext-Password.
My radcheck table is now looking like this:
+++++-
Andrew Rowson wrote:
> The database contains Cleartext-Password == password. I've tried it with
> :=, but if I remember correctly that fails as well,
Use := for Cleartext-Password.
> with the Auth-type
> being set to local again. I'll see if I can get a log of that failure as
> well, if it'd be
On Mon, 10 Sep 2007 07:31:04 +0200, Alan DeKok <[EMAIL PROTECTED]>
wrote:
> Andrew Rowson wrote:
>> Looking over it, it seems that a problem comes up with the MSCHAP bit:
>>
>> rlm_mschap: No User-Password configured. Cannot create LM-Password.
>> rlm_mschap: No User-Password configured. Ca
Andrew Rowson wrote:
> Looking over it, it seems that a problem comes up with the MSCHAP bit:
>
> rlm_mschap: No User-Password configured. Cannot create LM-Password.
> rlm_mschap: No User-Password configured. Cannot create NT-Password.
> rlm_mschap: Told to do MS-CHAPv2 for growse with NT-
Alan DeKok wrote:
Andrew Rowson wrote:
Ok, I updated the radcheck table in mysql so that the atttibute read
"Cleartext-Password". I now get a different result when trying to log in
from the wlan:
...
rlm_eap_peap: Had sent TLV failure. User was rejected
earlier in this session.
Pleas
Andrew Rowson wrote:
> Ok, I updated the radcheck table in mysql so that the atttibute read
> "Cleartext-Password". I now get a different result when trying to log in
> from the wlan:
...
> rlm_eap_peap: Had sent TLV failure. User was rejected
> earlier in this session.
Please post the *prev
[EMAIL PROTECTED] wrote:
Read the documentation (wiki, users file). For 1.1.6. you should be using
Cleartext-Password attribute.
Ok, I updated the radcheck table in mysql so that the atttibute read
"Cleartext-Password". I now get a different result when trying to log in
from the wlan:
rl
Read the documentation (wiki, users file). For 1.1.6. you should be using
Cleartext-Password attribute.
Ivan Kalik
Kalik Informatika ISP
Dana 8/9/2007, "Andrew Rowson" <[EMAIL PROTECTED]> piše:
>[EMAIL PROTECTED] wrote:
users: Matched entry DEFAULT at line 155
modcall[authorize]
[EMAIL PROTECTED] wrote:
users: Matched entry DEFAULT at line 155
modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type Local
What is that DEFAULT entry? Is Auth-Type Local coming
> > users: Matched entry DEFAULT at line 155
> > modcall[authorize]: module "files" returns ok for request 0
> > modcall: leaving group authorize (returns updated) for request 0
> > rad_check_password: Found Auth-Type Local
What is that DEFAULT entry? Is Auth-Type Local coming from there?
Hi,
I'm trying to use my existing freeradius server and mysql database to
add 802.1X PEAP functionality to my wireless network. Currently, it
works great authenticating my cisco device logins. However, after
setting the peap stuff up, when I try to log in with a user on the
wireless, it -seem
30 matches
Mail list logo
