P2-Response is incorrect"
>>Am I missing something required for MSCHAP to work? The NT-Password
>>seems to be retrieved...
>>
>
>A coorect password.
Do you think the has being retrieved from LDAP is wrong then?
If I do put in an incorrect password I do get the same error m
2-Response is incorrect"
>Am I missing something required for MSCHAP to work? The NT-Password
>seems to be retrieved...
>
A coorect password.
>Working CHAP debug from ntradping:
>
>Tue Nov 11 10:10:26 2008 : Info: [ldap] looking for check items in
>directory...
>T
g required for MSCHAP to work? The NT-Password
seems to be retrieved...
Working CHAP debug from ntradping:
Tue Nov 11 10:10:26 2008 : Info: [ldap] looking for check items in
directory...
Tue Nov 11 10:10:26 2008 : Debug: rlm_ldap: acctFlags ->
SMB-Account-CTRL-TEXT == "[UX ]&qu
Enable ldap in inner-tunnel virtual server. Radtest works because this is
enabled in default virtual server.
It looks like auto headers are not enabled in pap module. It defaults to
crypt instead of detecting md5 header.
Yes so it works - also with eap-mschap
Great and many many thanks to
entering group authorize {...}
>++[preprocess] returns ok
> expand:
>/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
>/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
>[auth_log]
>/usr/local/var/log/radius/radacct/%{Client
ius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
expand: %t -> Wed Oct 8 10:33:11 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name =
Am 08.10.2008 um 10:12 schrieb Nicolas Goutte:
Am 08.10.2008 um 09:49 schrieb alois blasbichler:
ablasbichler Cleartext-Password == "ablasbichler"
With no success
Should be := not ==.
Hello
Thank you for the the answers. I changed how you suggested but
without success.
Another thing
Am 08.10.2008 um 09:49 schrieb alois blasbichler:
ablasbichler Cleartext-Password == "ablasbichler"
With no success
Should be := not ==.
Hello
Thank you for the the answers. I changed how you suggested but
without success.
Another thing : we use md5 encrypted passwords in our Ldap-DB f
t the line above in users overwrite
this ?
Here my log (tested with user test password alois)
Why pap use CRYPT encryption not it should be cleartext ?
by
luis
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] re
Am 07.10.2008 um 11:48 schrieb alois blasbichler:
Hello list
I am trying to authenticate a windows xp client via a Cisco
Wireless Router with radius on Linux and behind there a Openldap-DB.
Users have posix and samba-passworts
[...]
Somebody can give a a hint?
I have seen in an old
>i tried to add in users :
>
>ablasbichler Cleartext-Password == "ablasbichler"
>With no success
>
Should be := not ==.
>i have a big debug-file if it can help
>
Change the operator. If it doesn't help, post the debug.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See htt
)
/sites-availabel/default (enabled ldap)
/modules/ldap (addes my ldap-settings)
Is this all i have to do ?
With radtest all works fine - but my windows-client gives me an error :
-
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured
You can use mschap:User-Name in ldap configuration just like in
ntlm_auth. Replace Stripped-User-Name with that and both mschap (VPN)
and pap (admin login) requests should work.
Ivanb Kalik
Kalik Informatika ISP
Dana 5/9/2008, "kesm0724" <[EMAIL PROTECTED]> piše:
>
>H
s}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.2.1.6/auth-detail-20080904
expand: %t -> Thu Sep 4 17:55:54 2008
++[auth_log] returns ok
++[chap] returns noop
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] return
fairly common and working elsewhere, so it should work with some
> combination (if I find one I'll post it up).
>
> Thanks,
>
> James
>
To update this, Alan DeKok was right about the issue being with Samba,
but rather than using an newer version of Samba an older version wa
2008/8/28 <[EMAIL PROTECTED]>:
> hi,
>
> whats wrong with that debug? looked fine here - that should
> end with a happy connection. ntlm_auth got the correct
> response.
>
> alan
The problem is that when that log ends the WPA supplicant gets:
-- EAP-MSCHAPV2: Invalid authenticator response in su
hi,
whats wrong with that debug? looked fine here - that should
end with a happy connection. ntlm_auth got the correct
response.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
James Yale wrote:
> I've upgraded to the testing version of samba for FC9, 3.2.1 which
> unfortunately didn't resolve the issue - still getting the 'Invalid
> authenticator response in success request' problem.
If it works when you put a Cleartext-Password in the "users" file,
then there isn't m
;
> No. eapol_test is saying that the MSCHAP response is invalid.
>
>> Has anyone seen this problem before, or am I looking in the wrong place?
>
> Others have seen exactly the same thing in the past weeks. Upgrading
> Samba fixed it.
>
> Alan DeKok.
> -
I
James Yale wrote:
> With a default configuration EAP works with a user specified in the
> users file with a cleartext password
> (http://jim.geezas.com/stuff/radius-debugging/ *-success.log files).
> This works via eapol and a Mac test client.
Ah.
> As soon as I enable th
configuration EAP works with a user specified in the
users file with a cleartext password
(http://jim.geezas.com/stuff/radius-debugging/ *-success.log files).
This works via eapol and a Mac test client.
As soon as I enable the MSCHAP module (uncommenting the ntlm auth
line) all authentication quer
Hi,
> I'm using a MacOS as a test client, which connects to the wireless
> network, prompts about an invalid certificate chain for the SSL cert
well, unless you've installed the CA etc that you signed the RADIUS
server with, this will always be the case. until you trust the cert
(by trusting the
James Yale wrote:
> Perhaps someone can help, I'm trying to setup FreeRADIUS as a
> cheaper/more flexible alternative to buying a Win2k3 Enterprise
> licence to do PEAP/MSCHAP for wireless clients but seem to be having a
> problem after the MSCHAP module is run.
See http://de
(Hopefully I haven't double posted)
Hi,
Perhaps someone can help, I'm trying to setup FreeRADIUS as a
cheaper/more flexible alternative to buying a Win2k3 Enterprise
licence to do PEAP/MSCHAP for wireless clients but seem to be having a
problem after the MSCHAP module is run.
I'
07 Jul 2008 15:29:24 +0100
>> Von: "Ivan Kalik" <[EMAIL PROTECTED]>
>> An: "FreeRadius users mailing list"
>> Betreff: Re: EAP/peap: MSCHAP Success
>
>> That's because it's doing EAP mschapv2 not plain mschap. It's normal
>> to get
ling list ,
> freeradius-users@lists.freeradius.org
> Betreff: Re: EAP/peap: MSCHAP Success
> Hmm, it is in fact doing many access-challenges, but the one I have sent
> it the last one... There is no access-accept (and no reject).
>
>
> Dietmar
>
>
> Origina
"FreeRadius users mailing list"
> Betreff: Re: EAP/peap: MSCHAP Success
> That's because it's doing EAP mschapv2 not plain mschap. It's normal
> to get a couple more Challenge-Requests before process is over.
>
> Ivan Kalik
> Kalik Informatika ISP
That's because it's doing EAP mschapv2 not plain mschap. It's normal
to get a couple more Challenge-Requests before process is over.
Ivan Kalik
Kalik Informatika ISP
Dana 7/7/2008, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> piše:
>Hello,
>
>I have some prob
9b7e3361ddd3f9666230
Message-Authenticator = 0xc43073f681146021f4c82a9d2d1ce165
+- entering group authorize
++[preprocess] returns ok
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "", looking up realm NULL
rlm_realm: No such realm "NULL"
++[su
Am 02.06.2008 um 10:57 schrieb vijayakumar:
Dear Ivan,
Thanks for your prompt response.
I want to integrate /etc/passwd file of fedora 8 to my Freeradius
to use MSCHAP V2 . Will it be possible ??? If so what
configuration changes to be made in configuration file ?? . how can
I make
You can't. Those passwords are already encrypted.
Ivan Kalik
Kalik Informatika ISP
Dana 2/6/2008, "vijayakumar" <[EMAIL PROTECTED]> piše:
>
>
>
>
>
>
>Dear Ivan,
>
>Thanks for your prompt response.
>
>I want to integrate /etc/passwd
Dear Ivan,
Thanks for your prompt response.
I want to integrate /etc/passwd file of fedora 8 to my Freeradius to
use MSCHAP V2 . Will it be possible ??? If so what configuration
changes to be made in configuration file ?? . how can I make NT hash of
/etc/passwd
Regards.
VIJAY
Ivan
>1) Does MSCHAP V2 supports clear text password only ?
No. You can store NT hash as NT-Password as well.
>2) Can I integrate MSCHAP V2 with LDAP .If so what changes tobe made in
>configuration file.
>
Yes. None apart from configuring ldap {} section and uncommenting ldap
entry
Dear All ,
1) Does MSCHAP V2 supports clear text password only ?
2) Can I integrate MSCHAP V2 with LDAP .If so what changes tobe made in
configuration file.
Thanks &Regards.
VIJAY
PUNE
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Will look into that ...
but I could auth with the radtest local on the machine, and then I
asumed it was using mysql to lookup the user.
But as you say, it seem logical :-) I will try and see if I can figure
out where the error might be .. or else I will return to the list :-)
// ouT
On Thu, Ma
> rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.
> rlm_mschap: Told to do MS-CHAPv2 for 44 with NT-Password
> rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
> rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
>++[mschap] ret
Mikael Syska wrote:
> Thanks, that seemed to get me a bit further to the end now I got this:
> ++--+++---+
> | id | username | attribute | op | value |
> ++--+++---+
> | 2 | 44 | Cleartext-Password
M-Password.
rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for 44 with NT-Password
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
hi,
trying to authenticate Vista against a plain password? PEAP doesnt
work like this. you could put an NThash into the database instead..
or try using SecureW2 or other asupplicant that does EAP-TTLS/PAP
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mikael Syska wrote:
> I'm using default setup, only uncomment the sql in the default "sites-enabled"
>
> Running version: 2.0.3
I think you have to copy "sites-available/inner-tunnel" from the tar
file to /etc/raddb. It isn't installed by default in 2.0.3, but it *is*
referenced. Sorry...
re so far
radtest 44 localhost 1 testing123
>From the "radiusd -X"
User-Name = "44"
User-Password = ""
NAS-IP-Address = 172.17.4.1
NAS-Port = 1
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
+
David Hláčik wrote:
> as i mentioned i have plain text stored passwords (atrib UserPassword)
> in ldap, and i want to change it to crypt, or mda5.
Don't.
> Mschap need
> NT-Password , which is the best way to solve it?
Store passwords in clear-text. Anything else is a bad
http://deployingradius.com/documents/protocols/compatibility.html
Have a look at the mschap row and you will see what can and what can't
work.
Ivan Kalik
Kalik Informatika ISP
Dana 25/3/2008, "David Hláčik" <[EMAIL PROTECTED]> piše:
>Hi, i've got back to problem :
Hi, i've got back to problem :
as i mentioned i have plain text stored passwords (atrib UserPassword) in
ldap, and i want to change it to crypt, or mda5. Mschap need NT-Password ,
which is the best way to solve it? I do not want to store NT-Password value
in LDAP, or there is no other choice?
David Hláčik wrote:
> Hi, I have working configuration of PPTPD (Windows VPN) trought Radius
> to LDAP stored users. The think is ,that it accepts only plain text
> stored passwords in ldap becouse of very well known NT-Password for MSCHAPv2
...
> Exec-Program: /usr/bin/ntlm_auth --request-nt-key -
Hi, I have working configuration of PPTPD (Windows VPN) trought Radius to
LDAP stored users. The think is ,that it accepts only plain text stored
passwords in ldap becouse of very well known NT-Password for MSCHAPv2
I figure out there is an option to make it work with ntlm_auth in mschap
Grooz, Marc (regio iT) wrote:
> but in case 3 without automatich login and username in in lowercase it
> work's.
Go ask Active Directory why.
The debug log you posted shows FreeRADIUS running ntlm_auth with the
correct arguments, and ntlm_auth returning an error. So FreeRADIUS has
no contr
Hello Alan,
but in case 3 without automatich login and username in in lowercase it
work's.
>Grooz, Marc (regio iT) wrote:
>> 1. If we auth a ActiveDirectory User with automatic sending of
>> username and password to our wlan everthing is OK. No lan-cabel is
>> connected. In my case the Username
Grooz, Marc (regio iT) wrote:
> 1. If we auth a ActiveDirectory User with automatic sending of username
> and password to our wlan everthing is OK. No lan-cabel is connected. In
> my case the Username is DOMAIN\\GroozMarc.
>
> 2. If we auth the same user with a lan-cabel connected. the auth fails.
Hello,
can some please help.
Hello,
we have a strange problem with the PEAP MSCHAP authentication truh WLAN.
We use freeradius 1.1.7 on debian etch.
1. If we auth a ActiveDirectory User with automatic sending of username
and password to our wlan everthing is OK. No lan-cabel is connected. In
Hello,
we have a strange problem with the PEAP MSCHAP authentication truh WLAN.
We use freeradius 1.1.7 on debian etch.
1. If we auth a ActiveDirectory User with automatic sending of username
and password to our wlan everthing is OK. No lan-cabel is connected. In
my case the Username is DOMAIN
Nyle wrote:
> Thank you, thank you, thank you - You know after you've looked at a
> problem from 6 different directions for too long. Often the simplest
> solution doesn't come to mind. You last statement - "Tell the server what
> the users correct password is." - took me to the simplest fix. R
sd. It's like it doesn't even receive the request at all.
As I said, I understand if I don't get a reply but has anyone seen this?
-Nyle
--
View this message in context:
http://www.nabble.com/Please-help-with-my-EAP-config---PEAP-MSCHAP-tf4677183.html#a13369086
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Nyle wrote:
> I'm trying to set up Freeradius on SuSe 9 to authenticate against LDAP on
> the same box. I can use radtest locally and ntradping from a remote
> workstation and receive an accept. So it looks like it's configured well
> enough for the direct LDAP with clients.conf. However, when I tr
d exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: req
: Told to do MS-CHAPv2 for C12660 with NT-Password
> rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
> rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
> modcall[authenticate]: module "mschap" returns reject for request 8
> modcall: leaving group
Terry Pelley wrote:
> FreeRADIUS Version 1.1.3-r0.1.2
Hmm... it would be best to upgrade to 1.1.7, but that's a separate issue.
> I am fairly new to FreeRADIUS, so I expect what I am doing wrong is
> going to be obvious to most but any advice would be welcomed. From what
> I can see it appears
e choice !
>
> I have built a linux server (fedora core 5), with freeradius, a kerberos
> client, samba and winbind to reach my domain. No problems so far.
>
> I'd like to authenticate my supplicants with PEAP-MSCHAP v2 and so i
> must set up a PKI for the TLS tunnel.
wel
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
julien blanc wrote:
> i don't know how to import .p12 files. In the mmc i have to give a pass
> for the private key and i don't know where i can find it ! (and if it's
> possible).
The password is the one you should've given when creating the .p12 fil
Thanks Martin
i've just tried to make the changes that you have suggested and i have the
following problem
i don't know how to import .p12 files. In the mmc i have to give a pass for
the private key and i don't know where i can find it ! (and if it's
possible).
do you think i can try with .der
Ryan Kramer said:
> JRadius simulator will do MSCHAPv2 very well...
>
> http://jradius.org/wiki/index.php/JRadiusSimulator
Oooh!! I want to have JRadiusSimulators babies! I've seen it recommended
several times on this list, but I hadn't gotten round to trying it till now.
Very useful. Doesn't d
st client which supports
> > MSCHAP?
>
> If you mean plain MS-CHAP, you can do it with radclient. Since, with
> plain MS-CHAP, the NAS generates the challenge and sends it to the
> radius server with the response. Since the response for any given
> challenge is the same, you ca
Phil Mayers said:
> On Thu, 2007-07-12 at 11:46 -0500, Hugh Messenger wrote:
> > Has anyone ever come across a RADIUS test client which supports
> > MSCHAP?
>
> If you mean plain MS-CHAP, you can do it with radclient. Since, with
> plain MS-CHAP, the NAS generates the c
On Thu, 2007-07-12 at 11:46 -0500, Hugh Messenger wrote:
> Has anyone ever come across a RADIUS test client which supports
> MSCHAP?
If you mean plain MS-CHAP, you can do it with radclient. Since, with
plain MS-CHAP, the NAS generates the challenge and sends it to the
radius server wi
Has anyone ever come across a RADIUS test client which supports MSCHAP?
Remote working is a wonderful thing, but it does mean I'm several hundred
miles from my nearest NAS and wireless client. This obviously makes certain
aspects of RADIUS testing a bit tricky.
-- hugh
-
List
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
julien blanc wrote:
> My problem is here. I don't know how to use certificates in the
> freeradius directory:
> root.pem, root.p12, root.der
> cert-clt.pem, cert-clt.p12, cert-clt.der
> cert-srv.pem, cert-srv.p12, cert-srv.der
>
> any advice ... sugge
with freeradius, a kerberos
client, samba and winbind to reach my domain. No problems so far.
I'd like to authenticate my supplicants with PEAP-MSCHAP v2 and so i must
set up a PKI for the TLS tunnel.
My problem is here. I don't know how to use certificates in the freeradius
dire
Hi,
> Ah yes, I can see that being a problem, damn this means we can't offer
> any JRS authenticated services other than wireless and wired network
> access. We were planning on a few kiosks dotted around campus... though in
> theory if those Kiosks supported EAP Based login, the tunnel would be
>
Hi,
> Ah yes, I can see that being a problem, damn this means we can't offer
> any JRS authenticated services other than wireless and wired network access.
> We were planning on a few kiosks dotted around campus... though in
> theory if those Kiosks supported EAP Based login, the tunnel would be
> credentials in it. Authenticates
> user and relays the outcome as PAP reply. This solves the en-route problem,
> but cannot overcome the problem that still the visited inst *has* your
> password.
>
Ah yes, I can see that being a problem, damn this means we can't offer
any JRS authenticat
Hi,
> What exactly was the issue with doing PAP over Eduroam ? Was it people
> being afraid of passing weakly encrypted passphrases around the
> interweb, or home sites just not bothering to implement PAP on their
> Radius servers ?
No, the issue is a different one: you will have to enter your cr
Phil Mayers wrote:
> On Mon, 2007-07-09 at 22:44 +0100, Arran Cudbard-Bell wrote:
>
>> Alan DeKok wrote:
>>
>>> Johan wrote:
>>>
>>>
>>>> I'm wondering if it's possible to authenticate a user who is using
>&
On Mon, 2007-07-09 at 22:44 +0100, Arran Cudbard-Bell wrote:
> Alan DeKok wrote:
> > Johan wrote:
> >
> >> I'm wondering if it's possible to authenticate a user who is using
> >> mschap authentication with perl.
> >>
> >
> >
Arran Cudbard-Bell wrote:
> And the advantage of supporting MSChap is that you don't have to store
> your passwords in cleartext... Just NT4 or LMHash which while not much
> more secure than cleartext , looks far more impressive in a password
> database.
And the server alrea
Alan DeKok wrote:
> Johan wrote:
>
>> I'm wondering if it's possible to authenticate a user who is using
>> mschap authentication with perl.
>>
>
> Sure. Just re-write all of the MS-CHAP authentication protocol in
> rlm_mschap in Perl.
>
Johan wrote:
> I'm wondering if it's possible to authenticate a user who is using
> mschap authentication with perl.
Sure. Just re-write all of the MS-CHAP authentication protocol in
rlm_mschap in Perl.
But why the heck would you want to do that?
> I already made a perl
Hi community
I have a question for you guys.
I'm wondering if it's possible to authenticate a user who is using mschap
authentication with perl.
I already made a perl script, which I use with rlm_perl to authenticate
users to an ftp backend. I use that script to authenticate user
This incorrect password issue was solved once the proper server
certificate was used by FreeRADIUS' EAP.conf file.
Thanks for all you help!
Marc
Solution to get correct cert to work with Windows XP SP2 supplicant:
1) From Linux box:
>openssl genrsa -des3 -out server1.key 2048
You will be promp
Hi, it looks like I used a certificate with the wrong OID. I used a
cert minted with their "SubCA" template which doesn't have the (OID
1.3.6.1.5.5.7.3.1).
In "playing" with the Microsoft CA on Windows 2003 server, I've found
that the Certificate made using the "Web Server" template is the one
r
Hi.
[EMAIL PROTECTED] wrote:
> either use your current tool but include the XP extensions as required,
Just to be precise. The named extensions are PKIX extensions for serverAuth
(OID 1.3.6.1.5.5.7.3.1) (at the RADIUS server) and clientAuth (OID
1.3.6.1.5.5.7.3.2) (for EAP-TLS on the supplicant).
CONF was
> modified accordingly and RADIUSD is happy. I am still able to
> authenticate with no problems with 802.1x PEAP (EAP-MSCHAP V2) when
> using Cisco's ADU configuration tool. Still have problems when using
> the Windows XP supplicant.
>
> In trying to authenticate with
Hi,
> If someone could give me the quickest and easiest way to creating a
> root certificate that's works with Windows XP, that would be great.
either use your current tool but include the XP extensions as required,
or use the 1.1.6 FreeRADIUS source code - to simply use the script in
that to gen
Ok, that's what I thought (about the root Certificate not being pleasing
to XP).
FYI: I'm using a version of Linux by Novell called SLES (SUSE Linux
Enterprise Server) version 9 Service Pack 3 and the FreeRADIUS is from
Novell's Web site (freeradius-1.0.2-0.i586.rpm,
freeradius-devel-1.0.2-0.i5
hi,
rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal access_denied
TLS Alert read:fatal:access denied
rlm_eap_peap: No data inside of the tunnel.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
okay. so thats the main issue. were your certificates generated with
the XP exten
Lukasz Lacinski wrote:
> Alan DeKok wrote:
>> I've committed a fix to CVS head. Please re-test.
>>
> OK. I'm going to test it as soon as possible.
> It means when SIGSEGV will not be so fast ;-)
Some of the data structures in the server have changed, which means
you need to be sure that th
Alan DeKok wrote:
> I've committed a fix to CVS head. Please re-test.
>
OK. I'm going to test it as soon as possible.
It means when SIGSEGV will not be so fast ;-)
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1
Lukasz Lacinski wrote:
> Below is my previous e-mail, but with output from freeradius in format easier
> to read.
>
> I use ntlm_auth in mschapv2 (freeradius 20070409) by the following line in
> radiusd.conf:
> ntlm_auth = "/usr/local/eduroam/progs/ntlm/ntlm_auth.pl --request-nt-key
> --usernam
red xlat function of module mschap for string
'Challenge:-00'
rlm_mschap: Unknown expansion string "Challenge:-00"
radius_xlat: '--challenge='
radius_xlat: Running registered xlat function of module mschap for string
'NT-Response:-00'
rlm_mschap: Un
e:-00}"
A corresponding part of debug from radiusd -X is:
rlm_mschap: Told to do MS-CHAPv2 for [EMAIL PROTECTED] with
NT-Password
radius_xlat: '--username=uzyszkodnik'
radius_xlat: Running registered xlat function of module mschap for string
'Challenge:-00'
rlm_ms
Avril 2007, 23h16mn 24s
Objet : Re: Re : EAP/TTLS PEAP MSCHAP
Ian Truelsen wrote:
> On Wed, 2007-04-04 at 20:58 +0100, Arran Cudbard-Bell wrote:
>
>> According to the microsoft support article
>> (http://support.microsoft.com/kb/814394/en-us)
>>
>> "The
>> Pretty much. As long as you have the proper IP address for the AP in
>> your clients.conf, which was my particular stupidity :) Still, it seems
>> to work for me.
>>
Hehe, yeah same for me first time round ! Now it's all done via sql with
a modified version of 1.1.5 to allow user NAS quer
; In properties
> Validate server certificate
> Authentication method EAP-MSCHAP v2
> Checking the Root CA the certificate was signed with .
>
> In Configure
> Automatically use my windows logo name and password unchecked.
>
I am using both client and server certificates, so th
extensions, installing the proper rootCA on the windows
machines , and configuring the windows supplicant correctly ?
Which would be
In authentication tab
Enable IEEE 802.1x authentication for this network
Setting EAP Type to PEAP
In properties
Validate server certificate
Authentication method EAP-M
On Wed, 2007-04-04 at 20:58 +0100, Arran Cudbard-Bell wrote:
> According to the microsoft support article
> (http://support.microsoft.com/kb/814394/en-us)
>
> "The IAS or the VPN server computer certificate is configured with the
> Server Authentication purpose. The object identifier for Server
8 2007 : Debug: Going to the next request
> Wed Apr 4 21:21:48 2007 : Debug: rl_next: returning NULL
> Wed Apr 4 21:21:48 2007 : Debug: Waking up in 6 seconds...
> Wed Apr 4 21:21:54 2007 : Debug: --- Walking the entire request list ---
> Sending Access-Reject of id 0 to 10.1.5.26 p
ed
> from preprocess (rlm_preprocess) for request 74
> Wed Apr 4 14:32:48 2007 : Debug: modcall[authorize]: module
> "preprocess" returns ok for request 74
> Wed Apr 4 14:32:48 2007 : Debug: modsingle[authorize]: calling
> mschap (rlm_mschap) for request 74
> Wed Apr
returns ok for request 74
Wed Apr 4 14:32:48 2007 : Debug: modsingle[authorize]: calling mschap
(rlm_mschap) for request 74
Wed Apr 4 14:32:48 2007 : Debug: modsingle[authorize]: returned from mschap
(rlm_mschap) for request 74
Wed Apr 4 14:32:48 2007 : Debug: modcall[authorize]: module &
Jean Frontin wrote:
> Hello,
>
> I'm usinq freeradius + mysql. I should want that users use mschap protocol
> and I should want that freeradius uses unix shadow to authenticate them.
http://deployingradius.com/documents/protocols/compatibility.html
It's impossible.
Hello,
I'm usinq freeradius + mysql. I should want that users use mschap protocol
and I should want that freeradius uses unix shadow to authenticate them.
tests return in "radius.log" : "no user password configured"
Any ideas please
Regards
Jean Frontin
-
List i
little bit more. We are using freeradius for VPN access,
which can be done using PPTP or IPSEC
PPTP is done using mschap
IPSEC is done using a shared group secret, then a classic ldap user
bind to check the identity.
The ippool we use shall be common, so we can't split between to radius
401 - 500 of 674 matches
Mail list logo