Dear all,
I try to put my Windows-XP-Clients in different VLANs on my Cisco Catalyst 3750
Switch, depending on their Account.
And i use two differnt authentication methods: MD5-Challange and MS-CHAP.
User hugo should be mapped in VLAN 50 and authenticated via MD5-Challange
User roka at Domain
Iain Sims <[EMAIL PROTECTED]> wrote:
> I've a FR and LDAP server configured that seems to be performing nicely
> except for one small issue where an 'Auth-Type := Reject' in my users
> file seems to have little affect. In brief, I want users not caught by
> the following users file:
...
> user
133,
length=178
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 105
NAS-Port-Type = Virtual
User-Name = "someuser"
Calling-Station-Id = "192.168.9.168"
Called-Station-Id = "192.168.9.129"
Jon <[EMAIL PROTECTED]> wrote:
>rlm_eap: EAP/mschapv2
>rlm_eap: processing type mschapv2
>ERROR: Unknown value specified for Auth-Type. Cannot perform
> requested action.
You deleted the "mschap" entry from the "authenticate" section.
Don't do that. The default configuration wo
here is [most] of the -X -A output
rlm_eap: EAP packet type response id 4 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
modcall: group authorize returns updated for request 4
rad_check_password:
"Charles Blake" <[EMAIL PROTECTED]> wrote:
> Please do not get mad at me.
I'm getting frustrated because it's clear you don't believe me. You
keep asking how to do it, and I keep telling you it's impossible.
> I have understood that Radius itsel
Alan:
Thank you very much for your reply.
Please do not get mad at me. I have understood that Radius itself can not
authenticate MS-CHAP passwords; my question then is what can I do with those
passwords. I have seen examples of authenticating these passwords against a
Windows server. Is
"Charles Blake" <[EMAIL PROTECTED]> wrote:
> I just want to know what happens when Radius receives a request with a
> MS-CHAP password, how it authenticates the user?
It doesn't.
How many times do I have to say it's impossible before you will
believe me?
I am sorry.
I just want to know what happens when Radius receives a request with a
MS-CHAP password, how it authenticates the user?
Thank you,
Charles
- Original Message -
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: "FreeRadius users mailing list"
Sent:
"Charles Blake" <[EMAIL PROTECTED]> wrote:
> I just want to authenticate MS-CHAPv2 passwords. My question is:
>
> Where do I have those passwords in my Linux server?
I've been trying to say you don't.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.ht
King, Michael wrote:
Does this also apply to MS-CHAPv2?
Yes
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Charles Blake wrote:
I am not trying to do that.
I just want to authenticate MS-CHAPv2 passwords. My question is:
Where do I have those passwords in my Linux server?
You don't by default have them (at least on any distribution I'm aware of).
-
List info/subscribe/unsubscribe? See http://www
list"
Sent: Thursday, February 23, 2006 6:34 PM
Subject: Re: Help needed with MS-CHAP
"Charles Blake" <[EMAIL PROTECTED]> wrote:
I need now to authenticate MS-CHAPv2 passwords. I have been looking
everywhere, FAQ, googled and I have not found where to against to
authenticate. Us
"Charles Blake" <[EMAIL PROTECTED]> wrote:
> I need now to authenticate MS-CHAPv2 passwords. I have been looking
> everywhere, FAQ, googled and I have not found where to against to
> authenticate. User file? MySQL?
Anywhere that will give you the clear-text passwords.
And no, you can't conv
Just to further my own knowledge.
> -Original Message-
>
> Charles Blake wrote:
>
> > I am trying to set up a freeradius-1.1.0 server for authenticating
> > users using MS-CHAP passwords.
> >
> > I pretend to authenticate users against shadow.
list"
Sent: Thursday, February 23, 2006 4:40 PM
Subject: Re: Help needed with MS-CHAP
"Charles Blake" <[EMAIL PROTECTED]> wrote:
I am trying to set up a freeradius-1.1.0 server for authenticating users
using MS-CHAP passwords.
I pretend to authenticate users against shadow.
Charles Blake wrote:
I am trying to set up a freeradius-1.1.0 server for authenticating users
using MS-CHAP passwords.
I pretend to authenticate users against shadow.
You can't do that.
MS-CHAP requires the NT hash, the plaintext password from which it can
derive the NT hash, or
"Charles Blake" <[EMAIL PROTECTED]> wrote:
> I am trying to set up a freeradius-1.1.0 server for authenticating users
> using MS-CHAP passwords.
>
> I pretend to authenticate users against shadow.
It's impossible to use /etc/shadow and MS-CHAP. See the
Dear friends:
I am trying to set up a freeradius-1.1.0 server for authenticating users
using MS-CHAP passwords.
I pretend to authenticate users against shadow.
I am using the default radius.conf and users files. I have included the
microsoft dictionary in radiusclient.conf file
Dear friends:
I am trying to set up a freeradius-1.1.0 server for authenticating users
using MS-CHAP passwords.
I pretend to authenticate users against shadow.
I am using the default radius.conf and users files. I have included the
microsoft dictionary in radiusclient.conf file
"Elizabeth Palomino" <[EMAIL PROTECTED]> wrote:
> I have poked about on google and read several how to's. Is it
> possible using any authentication module ( rlm_pam,rlm_ldap...) To
> authenticate a connection from a client using CHAP or MS-CHAP to an
> Active Dir
Greetings,
I have poked about on google and read several how to's. Is it possible using
any authentication module ( rlm_pam,rlm_ldap...) To authenticate a connection
from a client using CHAP or MS-CHAP to an Active Directory Server (TM) *cough*.
I can authenticate just fine with clearte
John Metcalfe <[EMAIL PROTECTED]> wrote:
> /usr/lib/freeradius/rlm_eap_tls-1.0.2.so: undefined symbol:
> SSL_set_msg_callback
You have two versions of OpenSSL installed on your system. One that
you used to build FreeRADIUS, and another that your dynamic linker
finds at run-time. The versions
We are using FreeRADIUS version 1.0.2 with OpenSSL version 0.96. The
client supplicant is WinXP SP2 with WPA TKIP, PEAP and EAP MS-CHAP v2
configured. The NAS is a Symbol WS5100 WLAN switch configured to use
RADIUS, TKIP and PEAP.
We configured RADIUS and it starts (in debug mode) and we are
"DilipSimha.N.M" <[EMAIL PROTECTED]> wrote:
> as u have specified in src/tests/README , that lines with #U shud go
> into users file.
> but in src/tests/mschapv1 u have given User-Password in clear text???
Yes, so?
> mschap has the advantage over chap, that it doesn't store passwords in
> cle
comments INLINE
Alan DeKok wrote:
"DilipSimha.N.M" <[EMAIL PROTECTED]> wrote:
is there any simple tool(other than jradius) which can be used as radius
client and which can be used to test
mschap authentication??
radclient should really be updat
Patrick Bartkus wrote:
You could try using the windows program NTRadPing from
http://www.dialways.com/download/.
It has a "CHAP" checkbox.
CHAP and MS-CHAP are quite different.
josh.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"DilipSimha.N.M" <[EMAIL PROTECTED]> wrote:
> is there any simple tool(other than jradius) which can be used as radius
> client and which can be used to test
> mschap authentication??
radclient should really be updated to support MS-CHAP. It's not
hard. And it w
radius> client and which can be used to test> mschap authentication??> if so, please give the packet contents for radius client and the users
> file check-items. 1. run FreeRadius in debugging mode 2. perform a successful MS-CHAP authentication with a "real" client 3. copy t
. perform a successful MS-CHAP authentication with a "real" client
3. copy the following info from the FreeRadius debugging output:
User-Name = "user"
MS-CHAP-Challenge = 0xBYTES
MS-CHAP2-Response = 0xBYTES
4. with that info, create a file containing a radius request:
Servic
hi,
is there any simple tool(other than jradius) which can be used as radius
client and which can be used to test
mschap authentication??
if so, please give the packet contents for radius client and the users
file check-items.
--DilipSimha
-
List info/subscribe/unsubscribe? See http://www.f
with:
"user3" Auth-Type := Reject, Framed-Protocol == PPP
seems to work :-)
André Lemos wrote:
Hi there
How can I NOT authorize a user to use mschap?
"user3" Framed-Protocol == PPP, Auth-Type := Reject
doesn't seem to work
Thanks
--
_
Hi there
How can I NOT authorize a user to use mschap?
"user3" Framed-Protocol == PPP, Auth-Type := Reject
doesn't seem to work
Thanks
--
_
André Ventura Lemos
Software Engineer
Critical
Software, S
Great, it's working now.
Thanks
Antonio
-Original Message-
From:
[EMAIL PROTECTED]
org
[mailto:[EMAIL PROTECTED]
eradius.org] On Behalf Of Phil Mayers
Sent: segunda-feira, 23 de Janeiro de 2006 12:27
To: FreeRadius users mailing list
Subject: Re: MS-CHAP and Local Authentic
ALMEIDA Antonio Jose wrote:
Hello,
Can someone tell me how can I configure the users file (with the default
configuration - I'm just starting to use freeradius) to permit the same
user to be authenticated by MS-CHAP and Local? Now I have something link
this:
User1 Auth-Type := Local, Pas
Hello,
Can someone tell me how can I configure the users file (with the default
configuration - I'm just starting to use freeradius) to permit the same
user to be authenticated by MS-CHAP and Local? Now I have something link
this:
User1 Auth-Type := Local, Password == "password"
7;s authenticated. Find out
> why.
I finally solved all my problems with RADIUS. It seems that my client
required MPPE encryption from the server, and this options was turned
off in RADIUS. So client got Access-Accept packet without MS-CHAP-MPPE
keys. Solved this by turning use_mppe to yes.
Thank
Vilius =?utf-8?b?xaB1bXNrYXM=?= <[EMAIL PROTECTED]> wrote:
> When I connect to VPN, user and password are verified and radius says
> their are ok. After that VPN client registers me on the network (gets
> IP address and so on). But in the middle of registration something
> happens and I get disc
Alan DeKok <[EMAIL PROTECTED]> rašė:
Use LDAP as a database, not as an authentication server.
See many, many, posts on this topic to this list.
Is there a way to do this authentification and NOT turning MS-CHAP
protocol in VPN box? Are there some kind of preauth hooks in Radius?
On Thu, 2005-09-01 at 12:32 +0300, Vilius Šumskas wrote:
> Hello,
>
> I'm having trouble authenticating from VPN box through Radius server to LDAP.
> My VPN uses MS-CHAP challenge/response system for authentification.
> Packet that comes from VPN to Radius server looks like
authentication server.
See many, many, posts on this topic to this list.
> Is there a way to do this authentification and NOT turning MS-CHAP
> protocol in VPN box? Are there some kind of preauth hooks in Radius?
Have FreeRADIUS get the password from LDAP, and let FreeRADIUS do
the au
Hello,
I'm having trouble authenticating from VPN box through Radius server to LDAP.
My VPN uses MS-CHAP challenge/response system for authentification.
Packet that comes from VPN to Radius server looks like this:
User-Name = "admin"
MS-CHAP-Challenge = 0x45bc0700dd22f6795f77
Hi,
I'm trying to have a local user in my users file called "guest" password
"guest". If the user is not "guest" forward on the user to domain
authentication. I'm having trouble when authenticating "guest" when it comes
to the mchap authenti
Alexander Orlov <[EMAIL PROTECTED]> wrote:
> I have this message, when I try to use ms-chap auth:
>
> Processing the authenticate section of radiusd.conf
> modcall: entering group Auth-Type for request 0
> ../../sbin/radiusd: error while loading shared li
Hello!
I have this message, when I try to use ms-chap auth:
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
../../sbin/radiusd: error while loading shared libraries:
/usr/local/radius/lib/rlm_mschap-1.0.2.so: undefined symbol
On Tue, 24 May 2005, Seferovic Edvin wrote:
Hi,
take a look at www.poptop.org it is a *nix implementation of MS PPTP VPN
Server that uses MS-CHAP. There is also a very good how-to about CHAP auth,
and freeRadius.
US users should be aware that to run PPTP with Windows clients and have
any
vicky <[EMAIL PROTECTED]> wrote:
> Is it possible to configure a freeRADIUS server running on a UNIX
> machine to also accept MS-CHAP? If so, is it complicated? is there
> documentation for it? how can I do that (in a fairly simple way)?
Install the server. It will work.
Hi,
take a look at www.poptop.org it is a *nix implementation of MS PPTP VPN
Server that uses MS-CHAP. There is also a very good how-to about CHAP auth,
and freeRadius.
Regards,
Edvin Seferovic
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jonathan
Hello,
I've found a pretty good howto at
http://www.tldp.org/HOWTO/8021X-HOWTO/intro.html
Take a look
Jonathan
vicky wrote:
Hello freeRADIUS mailing list readers,
Is it possible to configure a freeRADIUS server running on a UNIX
machine to also accept MS-CHAP? If so, is it compli
Hello freeRADIUS mailing list readers,
Is it possible to configure a freeRADIUS server running on a UNIX
machine to also accept MS-CHAP? If so, is it complicated? is there
documentation for it? how can I do that (in a fairly simple way)?
/the girl that wonders why Microsoft had to complicate
I would like to know if anyone has a work around to support PEAP (ms
chap v2) client access authenticate against a LDAP server with bind
operation. Currently, retrieving clear text password from LDAP is
not an option.
This is how I got it going
http://vuksan.com/linux/dot1x/802-1x
I did
Le Jeudi 12 Mai 2005 16:44, CHui a écrit :
> I would like to know if anyone has a work around to support PEAP (ms chap
> v2) client access authenticate against a LDAP server with bind operation.
> Currently, retrieving clear text password from LDAP is not an option.
>
CHui wrote:
I would like to know if anyone has a work around to support PEAP (ms
chap v2) client access authenticate against a LDAP server with bind
operation. Currently, retrieving clear text password from LDAP is
not an option.
No this is not possible. Only way you can authenticate via
I would like to know if anyone has a work around to support PEAP
(ms chap v2) client access authenticate against a LDAP server with bind operation.
Currently, retrieving clear text password from LDAP is not an option.
Thanks
Cedric
RADIUS server doesn´t respond correctly, at least I assume so, to
MS-CHAP requests. I was trying to authenticate a user within the MySQL database
with a Windows XP client.
Didn´t work.
I was playing around on the Windows client and made it use CHAP instead of
MS-CHAP and now it works like a
Andreas Haumer schrieb:
> FreeRADIUS is an additional piece and fits fine in the
> whole system
> to allow those networks to provide encrypted VPN access
> with easy to
> use clients and still maintain a central database of
> accounts in the
> network.
Note however, that MPPE with it's keys deriv
ls
4) add ntpassword for TEST user in ldap, and delete clear-text password
test PAP && MS-CHAP. CHAP won't work.
5) test it with a real user.
The problem most people have is that they try to configure
everything all at once. It's a nightmare, and they can't get it t
gt;clear-text password which FreeRADIUS can retrieve, MS-CHAP will never
>>>work.
>>>
>>
>>Hm...
>>Are you sure? ;-))
>
>
> You can also use NT-Password, but that level of complexity is too
> much to explain in a simple answer.
>
Well... ;-)
>
&
Andreas Haumer <[EMAIL PROTECTED]> wrote:
> > Please configure a clear-text password for the user in the LDAP
> > entry for that user. See doc/ldap_howto.txt. Until you configure a
> > clear-text password which FreeRADIUS can retrieve, MS-CHAP will never
> > wo
t that there's no data which FreeRADIUS can use coming back.
>
> Please configure a clear-text password for the user in the LDAP
> entry for that user. See doc/ldap_howto.txt. Until you configure a
> clear-text password which FreeRADIUS can retrieve, MS-CHAP will never
> work.
Luis Daniel Lucio Quiroz schrieb:
> I rather preffer pap, you just only put on risk one
> account not everibody
Well, then you just shouldn't use (MS-)CHAP.
Note however that PAP is incompatible with
MS point-to-point-encryption.
Also note that getting access to the radius server
and
I rather preffer pap, you just only put on risk one account not everibody
Le lundi 4 Octobre 2004 10:59, [EMAIL PROTECTED] a écrit :
> Luis Daniel Lucio Quiroz schrieb:
> > Isn't it a seccurity problem clear tex password to permit
> > CHAP?
>
> Depending on your configuration, it may be one.
> Ess
Luis Daniel Lucio Quiroz schrieb:
> Isn't it a seccurity problem clear tex password to permit
> CHAP?
Depending on your configuration, it may be one.
Essentially, there are two possible points of attack:
- the network: Try to intercept "the password" during
transfer.
- the configuration files: T
Isn't it a seccurity problem clear tex password to permit CHAP?
Le lundi 4 Octobre 2004 09:18, Alan DeKok a écrit :
> "Mahesh S Kudva" <[EMAIL PROTECTED]> wrote:
> > I did the same:
> >
> > username Auth-Type:= CHAP, CHAP-Password == "test"
> > Service-Type = Framed-Us
"Mahesh S Kudva" <[EMAIL PROTECTED]> wrote:
> I did the same:
>
> username Auth-Type:= CHAP, CHAP-Password == "test"
> Service-Type = Framed-User,
> Framed-Protocol = PPP
>
> But still the server rejects the user.
Configure a CLEAR-TEXT
Hi
I did the same:
username Auth-Type:= CHAP, CHAP-Password == "test"
Service-Type = Framed-User,
Framed-Protocol = PPP
But still the server rejects the user.
Regards & Thanks
Mahesh S Kudva
-
List info/subscribe/unsub
"Mahesh S Kudva" <[EMAIL PROTECTED]> wrote:
> How can I setup freeradius to use CHAP and MS-CHAP authentication?
Tell the server what the clear-text password is for the user.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi all
How can I setup freeradius to use CHAP and MS-CHAP authentication?
Thanks in advance
Regards & Thanks
Mahesh S Kudva
Robosoft Technologies
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
r the user in the LDAP
entry for that user. See doc/ldap_howto.txt. Until you configure a
clear-text password which FreeRADIUS can retrieve, MS-CHAP will never
work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
NULL
== full capture ==
rad_recv: Access-Request packet from host 1.155.6.61:32787, id=133, length=136 Service-Type = Framed-User Framed-Protocol = PPP User-Name = "bluetest" MS-CHAP-Challenge = 0xeb3dac1ea527bc4a70547902df46929a MS-CHAP
"Andrew Werbowy" <[EMAIL PROTECTED]> wrote:
> here it is. Top part is startup in debug mode and below actual MS-CHAP
> login attempt:
...
> rlm_ldap: performing user authorization for tor_sysop_2
> radius_xlat: '(uid=tor_sysop_2)'
> radius_xlat: 'o=
here it is. Top part is startup in debug mode and below actual MS-CHAP login attempt:
[EMAIL PROTECTED] raddb]# /usr/local/sbin/radiusd -X -AStarting - reading configuration files ...reread_config: reading radiusd.confConfig: including file: /usr/local/etc/raddb/proxy.confConfig
"Andrew Werbowy" <[EMAIL PROTECTED]> wrote:
> I did setup what you send me earlier and it does work.
Ok...
> As soon as we try to do connect via wireless windows laptop
> (uses MS-CHAP) it does not work.
Can you post the *complete* debug log? So far, you've
I did setup what you send me earlier and it does work.
As soon as we try to do connect via wireless windows laptop
(uses MS-CHAP) it does not work.
Looks like LDAP password is in clear text and MS-CHAP encrypted
and Radius cannot compare the two.>>> [EMAIL PROTECTED] 9/30/2004 11
n"Andrew Werbowy" <[EMAIL PROTECTED]> wrote:
> Are there any MS-CHAP howtos out there?
No. If you configure a user && clear-text password for that user,
then MS-CHAP will work.
> This is what I get and cannot pass this issue:
> Any ideas?
Try the "
On Thu, 30 Sep 2004, Andrew Werbowy wrote:
> Hi,
>
> Are there any MS-CHAP howtos out there?
No, but the same question is posted each day in the users list. Check
doc/rlm_ldap on how to configure rlm_ldap to extract user passwords.
> This is what I get and cannot pass this issue:
Hi,
Are there any MS-CHAP howtos out there?
This is what I get and cannot pass this issue:
Any ideas?
Nothing to do. Sleeping until we see a request.rad_recv: Access-Request packet from host 1.155.6.61:32781, id=124, length=139 Service-Type = Framed-User Framed-Protocol = PPP
"Gil Shai" <[EMAIL PROTECTED]> wrote:
> Is there any chance that FreeRADIUS will support it in the near future?
Sure, supply a patch.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi
Thanks for the reply.
I've read about the security related problems of changing a password
over MS-CHAP and MS-CHAP v2 and saw that there are servers which are not
supporting the "change password" packet. However, some access servers
(Cisco) and RADIUS servers(IAS) do suppor
"Gil Shai" <[EMAIL PROTECTED]> wrote:
> I've noticed that freeradius 1.0 supports MS-CHAP but when I looked at
> the code, I didn't find any trace of an option to periodically change
> the password using MS-CHAP.
FreeRADIUS doesn't implement RADIUS &q
Title: Support of MS-CHAP
Hi
I've noticed that freeradius 1.0 supports MS-CHAP but when I looked at the code, I didn't find any trace of an option to periodically change the password using MS-CHAP.
What I'm referring to, to be more specific, is what is written in RFC 2433
> interface Virtual-Template2
> ip unnumbered FastEthernet0/0
> peer default ip address pool pptp-pool
> ppp max-bad-auth 4
> ppp encrypt mppe auto
> ppp authentication ms-chap-v2
> ppp ms-chap refuse
>
aaa authentication login eap_methods group rad_eap
aaa authentication l
=?big5?B?QmFpIKXVqXalTg==?= <[EMAIL PROTECTED]> wrote:
> Is your mean the cisco don't send the authenticate method
> to freeradius?
No. I mean that the user gives their password to the Cisco box,
which gives it to the RADIUS server. The RADIUS server cannot
authenticate the user un
Title: RE: MS-CHAP can't work
Dear Alan:
Thanks for your reply.
Is your mean the cisco don't send the authenticate method to freeradius?
Is it wrong radius config on cisco?
Thank you for your
=?big5?B?QmFpIKXVqXalTg==?= <[EMAIL PROTECTED]> wrote:
> If I try to authenticate to FreeRadius with MS-CHAP,
> it still hard to work after trying long time.
>
> rlm_mschap: No LM/NT password configured. Check authorization.
> modcall[authenticate]: module &qu
Can any one help me?
I
try to create the PPTP connection to CISCO router,
and it seems be working fine if
I use local authentication on cisco.
If I try to authenticate to FreeRadius with MS-CHAP,
it still hard to work after trying long time.
rlm_mschap: No LM
the RADIUS server. Since "Auth-Type := Local"
> works for either, I expected it to work the same way for MS-CHAP. That's
> the way it works on the other RADIUS server we have.
The idea behind the default configuration in FreeRADIUS is that you
*don't* have to specify
Title: RE: MS-CHAP Support
Hi Alan,
Thanks for your reply. I think you guys have a great piece of software and apparently so do some of our customers.
Right now I can use PAP or CHAP to authenticate a RADIUS user without changing the configuration on the RADIUS server. Since "Auth
Phillip Soltan <[EMAIL PROTECTED]> wrote:
> I was wondering if you were planning to support MS-CHAP v1 and MS-CHAP v2
> for users who are set to "Auth-Type := Local".
No. Set "Auth-Type := MSCHAP", which is what the server does
automatically when it sees a requ
Hi,
I was wondering if you were planning to support MS-CHAP v1
and MS-CHAP v2 for users who are set to "Auth-Type := Local".
I'm using the latest version of Freeradius (1.0.0-pre3) and I get the
following debug output when I try to use MS-CHAP v2 between the RA
"Scott" <[EMAIL PROTECTED]> wrote:
> Hello - I have a question that I can't seem to find an answer to. How can I
> implement MS-CHAP _with_ a failed login counter like pam_tally?
An external program.
Alan DeKok.
-
List info/subscribe/unsubscribe? See htt
Hello - I have a question that I can't seem to find an answer to. How can I
implement MS-CHAP _with_ a failed login counter like pam_tally?
I know it has to be simple, but I can't figure out how to do it. Right now,
I have PAM/pam_tally working on "default" logins,
Hi Alan,
>
> No. You're trying to get pppd to send radius requests which contain
> certain attributes. There is NOTHING you can do to FreeRADIUS which
> will make pppd send those attributes. Therefore, this list is NOT the
> right place to ask how to configure pppd.
>
Understood, thanks.
"keith" <[EMAIL PROTECTED]> wrote:
> So I believe my current hurdle is getting the information from pppd to
> freeradius and I believe this is the best list for that.
No. You're trying to get pppd to send radius requests which contain
certain attributes. There is NOTHING you can do to FreeRADI
Hi Alan,
Your advise is both followed and appreciated.
>
> Of course. I *did* say don't set Auth-Type, did I not?
I have done this on both servers, my internal test machine and the
production machine
I can no longer log onto my test machine but the issue I believe is
unrelated.
>
> > radtest
"keith" <[EMAIL PROTECTED]> wrote:
> Using
> +chap
> -mschap
> -mschap-v2 in the pptpd options file causes a failure with CHAP
Then you've done something to break the server.
> and changing the Auth-Type to Local.
> causes a failure with CHAP.
Of course. I *did* say don't set Auth-Type, did
Hi Alan,
> > What Auth Type would I use for the following?
>
> Generally, you *don't* set Auth-Type. The server will figure it
> out.
OK.
>
> > rad_recv: Access-Request packet from host 127.0.0.1:32771, id=210,
length=54
> > Service-Type = Framed-User
> > Framed-Protocol = PPP
> > Read the *rest* of the debug log, including the part where it prints
> > out the attributes in the Access-Request, and none of them are MS-CHAP.
> >
> What Auth Type would I use for the following?
>
> rad_recv: Access-Request packet from host 127.0.0
"keith" <[EMAIL PROTECTED]> wrote:
> What Auth Type would I use for the following?
Generally, you *don't* set Auth-Type. The server will figure it
out.
> rad_recv: Access-Request packet from host 127.0.0.1:32771, id=210, length=54
> Service-Type = Framed-User
> Framed-Protocol
Hi Alan
>
> You set Auth-Type = MS-CHAP. Don't.
OK.
>
> > Any pointers appreciated.
>
> Read the *rest* of the debug log, including the part where it prints
> out the attributes in the Access-Request, and none of them are MS-CHAP.
>
What Auth Type would I
301 - 400 of 429 matches
Mail list logo